Keycloak Attributes

This page describes the required attribute mappers that need to be configured on identity providers in Keycloak. These mappers are responsible for mapping token claims from external identity providers to user attributes in SDL.

Configuring Attribute Mappers

To configure these mappers for an identity provider:

  1. Navigate to the identity provider’s configuration in Keycloak

  2. Select the "Mappers" tab

  3. Click "Add mapper"

  4. On the mapper configuration page:

    • Set the mapper type to "Attribute Importer"

    • Give the mapper a meaningful name

    • Specify the name of the claim in the token

    • Specify the name of the user attribute the claim should be mapped to

Example 1: Mapping a "classification" claim

Mapper name

classification_attribute_mapper

Mapper type

Attribute Importer

Claim

classification

User attribute name

classification

Example 2: Mapping a "fineAccessControls" claim

Mapper name

fine_access_controls_attribute_mapper

Mapper type

Attribute Importer

Claim

fineAccessControls

User attribute name

fineAccessControls

Example 3: Mapping a "country" claim

Mapper name

country_attribute_mapper

Mapper type

Attribute Importer

Claim

country

User attribute name

country

Example 4: Mapping a "citizenship" claim to "us_citizen"

Mapper name

us_citizen_attribute_mapper

Mapper type

Attribute Importer

Claim

citizenship

User attribute name

us_citizen