Keycloak retrieve custom attributes to KeycloakPrincipal
Select Users > Lookup > click on ID > go to attributes tab > Add attribute > e.g.: phone > Save
Select Clients > click on Client ID > go to Mappers Tab > create mapper
Get custom attributes
UPDATE
Add 'phone' attribute on Group level, assign user to that group, and you get 'phone' attribute from group level for all users
Go back to mapper and update 'phone' with 'Aggregate attribute values = true' and 'Multivalued=true', and you get 'phone' as list with both attributes from group and user level. If you keep 'Aggregate attribute values = false' or 'Multivalued=false', you get just one value, where 'phone' attribute from user will override 'phone' attribute from group (which make sense)
To add custom attributes you need to do three things:
- Add attributes to admin console
- Add claim mapping
- Access claims
The first one is explained pretty good here: https://www.keycloak.org/docs/latest/server_admin/index.html#user-attributes
Add claim mapping:
- Open the admin console of your realm.
- Go to Clients and open your client
- This only works for Settings > Access Type confidential or public (not bearer-only)
- Go to Mappers
- Create a mapping from your attribute to json
- Check "Add to ID token"
Access claims:
final Principal userPrincipal = httpRequest.getUserPrincipal();
if (userPrincipal instanceof KeycloakPrincipal) {
KeycloakPrincipal<KeycloakSecurityContext> kp = (KeycloakPrincipal<KeycloakSecurityContext>) userPrincipal;
IDToken token = kp.getKeycloakSecurityContext().getIdToken();
Map<String, Object> otherClaims = token.getOtherClaims();
if (otherClaims.containsKey("YOUR_CLAIM_KEY")) {
yourClaim = String.valueOf(otherClaims.get("YOUR_CLAIM_KEY"));
}
} else {
throw new RuntimeException(...);
}
Hope this helps and fits your use case. I used this for a custom attribute I added with a custom theme.
For Keycloak > 18 the configuration of the mappers has moved in the UI:
Inside Clients > Your selected client
under the tab Client Scopes
, one has to select account-dedicated
:
There custom mappers can be added: