I have seen many related issues with multivalued mappers, but not this exact case, so I will try to explain the problem which I think it is a bug.
Scenario: Keycloak 16.1.1. We have an identity provider configured, mapping some attributes. One of those attributes is a multivalued User Attribute, and we use a Hardcoded Attribute Identity Provider Mapper, this way
Users are properly created, and the User Attribute is created as expected. There is also a UserInfo mapper for client web, configured this way:
With this configuration we expect UserInfo with_claims to be an array, but surprisingly we receive this:
But! If we modify any user atribute using the UI console, after clicking save, we start receiving UserInfo's with_claims as an array.
Hypothesis: It seems like when creating the attribute from de Identity Provider mapper, it is not correctly saved or formatted internaly, but when doing so from the console, everything works as expected. This is preventing us from being able to correclty register users using external identity provider.
I have seen many related issues with multivalued mappers, but not this exact case, so I will try to explain the problem which I think it is a bug.
Scenario: Keycloak 16.1.1. We have an identity provider configured, mapping some attributes. One of those attributes is a multivalued User Attribute, and we use a Hardcoded Attribute Identity Provider Mapper, this way
Users are properly created, and the User Attribute is created as expected. There is also a UserInfo mapper for client web, configured this way:
With this configuration we expect UserInfo
with_claimsto be an array, but surprisingly we receive this:But! If we modify any user atribute using the UI console, after clicking save, we start receiving UserInfo's
with_claimsas an array.Hypothesis: It seems like when creating the attribute from de Identity Provider mapper, it is not correctly saved or formatted internaly, but when doing so from the console, everything works as expected. This is preventing us from being able to correclty register users using external identity provider.