terraform-provider-keycloak icon indicating copy to clipboard operation
terraform-provider-keycloak copied to clipboard

Published 20 hours ago verified publisher icon mrparkers

Advanced claim to role mapper for IDPs

Open CalamarBicefalo opened this issue 4 years ago • 1 comments

If I try to provision an advanced claim to role mapper, there's some funny business going on with the claims and I cannot set the appropriate values/regex.

After successfully importing and planning I get this from a valid Advanced Claim to role Mapper from the server:

resource "keycloak_attribute_importer_identity_provider_mapper" "view-portal-by-email-role-importer" {
  realm                   = keycloak_realm.connectivity.id
  name                    = "view-portal-by-email-role-importer"
  identity_provider_alias = keycloak_oidc_identity_provider.realm_identity_provider.alias
  user_attribute          = "email"

  # extra_config with syncMode is required in Keycloak 10+
  extra_config            = {
    "are.claim.values.regex" = "true"
    "claims"                 = jsonencode([some json here])
    "syncMode"               = "INHERIT"
  }
}

If I try to apply what terraform is reporting from the server I get this error: "claim_name": should be set for oidc identity provider However that does not apply to the Advanced Claim to Role Mapper

Are advanced claims/role mappers supported at all? If so what's the syntax?

CalamarBicefalo avatar Nov 04 '20 16:11 CalamarBicefalo

@CalamarBicefalo I was curious if you ever found a solution to this? Running into some similar issues

rdelander avatar Apr 06 '21 20:04 rdelander