Reputation: 11347
Keycloak: mapping username on subject claim
I need to configure Keycloak so that it creates a JWT with claim "sub" populated with the username, instead of the default userId in sub.
It means that instead of this token:
{
"jti": "b1384883-9b59-4788-b09f-98b40b7e3c3b",
...
"sub": "fbdb4e4a-6e93-4b08-a1e7-0b7bd08520a6",
"preferred_username": "m123456"
}
I need to receive:
{
"jti": "b1384883-9b59-4788-b09f-98b40b7e3c3b",
...
"sub": "m123456",
"preferred_username": "m123456"
}
Could you please suggest how to do that?
I tried username mapper, but it adds a second "sub" claim and with the jwt is not valid.
Upvotes: 10
Views: 23785
Answers (2)
Reputation: 161
or this way: with User Property Mapper type.
{
"id": "5d45fe41-83c6-4457-807b-5240ff7c09b9",
"name": "UsernameInSubject",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "sub",
"jsonType.label": "String"
}
Upvotes: 16
Reputation: 11347
I solved in this way.
1) In "Clients" configure section choose your client
2) Go to "Mappers" tab and Create a new "Script Mapper"
3) An editable section called "Script" will open and inside it you can edit the following line: token.setSubject(user.getUsername());
4) Now my token contains "sub": "user123456"
5) Take a look to this image
Upvotes: 7
Related Questions
- specify user id when creating user in keycloak
- how to map claim coming from Identity Provider to a role Group in Keycloak?
- Keycloak impersonation only for certain users
- Keycloak user management
- Keycloak harcoded claim for each user
- Custom username in Keycloak
- How to push claims to keycloak?
- Keycloak: Add common attributes to user account information
- Email claim overrides username in keycloak
- Keycloak: Create User in a certain real which name is ExpRealm