Keycloak CLI: Creating an Identity Provider Mapper

Question

I'm trying to create a IDP provider mapper using the keycloak CLI similar to this

The examples in the docs are all for storage mappers.

I've tried

kcadm.sh create components -r my-realm -s name=my-mapper-name -s providerId=oidc-hardcoded-role-idp-mapper -s providerType=org.keycloak.broker.provider.IdentityProviderMapper -s parentId=<parent id> -s 'config.role=["ROLE_MY_ROLE"]'

But that fails with the error

14:45:26,325 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-7) Uncaught server error: java.lang.ClassCastException: class org.keycloak.broker.provider.HardcodedRoleMapper cannot be cast to class org.keycloak.component.ComponentFactory (org.keycloak.broker.provider.HardcodedRoleMapper is in unnamed module of loader 'org.keycloak.keycloak-services@9.0.0' @1dd6d570; org.keycloak.component.ComponentFactory is in unnamed module of loader 'org.keycloak.keycloak-server-spi@9.0.0' @8467851)

Since unlike HardcodedLDAPRoleStorageMapperFactory it doesn't extend ComponentFactory.

Is it possible to do this with the keycloak CLI?

Thank you!

Answer 1

You have to called as follows:

./kcadm.sh create identity-provider/instances/<IDP_name>/mappers \ 
          -r <REALM_NAME> \
          -s name=<MAPPER_NAME> \
          -s identityProviderAlias=<IDP_ALIAS> \ 
          -s identityProviderMapper=oidc-hardcoded-role-idp-mapper \
          -s config.role=<ROLE_NAME>

For easy copy & paste:

./kcadm.sh create identity-provider/instances/<IDP_name>/mappers  -r <REALM_NAME> -s name=<MAPPER_NAME> -s identityProviderAlias=<IDP_ALIAS> -s identityProviderMapper=oidc-hardcoded-role-idp-mapper -s config.role=<ROLE_NAME>

The field identityProviderMapper is the Mapper Type, which in your case will be oidc-hardcoded-role-idp-mapper.