Resource Type: keycloak_protocol_mapper

Defined in:
lib/puppet/type/keycloak_protocol_mapper.rb
Providers:
kcadm

Overview

Manage Keycloak client scope protocol mappers

Examples:

Add email protocol mapper to oidc-client client scope in realm test

keycloak_protocol_mapper { "email for oidc-clients on test":
  claim_name     => 'email',
  user_attribute => 'email',
}

Properties

  • access_token_claim

    access.token.claim. Default to ‘true` for `protocol` `openid-connect`.

    Supported values:
    • true
    • false
  • attribute_name

    attribute.name Default to ‘resource_name` for `type` `saml-user-property-mapper`.

  • attribute_nameformat

    attribute.nameformat

  • claim_name

    claim.name

  • ensure (defaults to: present)

    The basic property that the resource should be in.

    Supported values:
    • present
    • absent
  • friendly_name

    friendly.name. Default to ‘resource_name` for `type` `saml-user-property-mapper`.

  • full_path

    full.path. Default to ‘false` for `type` `oidc-group-membership-mapper`.

    Supported values:
    • true
    • false
  • id_token_claim

    id.token.claim. Default to ‘true` for `protocol` `openid-connect`.

    Supported values:
    • true
    • false
  • included_client_audience

    included.client.audience Required for ‘type` of `oidc-audience-mapper`

  • json_type_label

    json.type.label. Default to ‘String` for `type` `oidc-usermodel-property-mapper` and `oidc-group-membership-mapper`.

  • protocol (defaults to: openid-connect)

    protocol

    Supported values:
    • openid-connect
    • saml
  • single

    single. Default to ‘false` for `type` `saml-role-list-mapper`.

    Supported values:
    • true
    • false
  • user_attribute

    user.attribute. Default to ‘resource_name` for `type` `oidc-usermodel-property-mapper` or `saml-user-property-mapper`

  • userinfo_token_claim

    userinfo.token.claim. Default to ‘true` for `protocol` `openid-connect` except `type` of `oidc-audience-mapper`.

    Supported values:
    • true
    • false

Parameters

  • client_scope

    client scope

  • id

    Id.

  • name (namevar)

    The protocol mapper name

  • provider

    The specific backend to use for this ‘keycloak_protocol_mapper` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

  • realm

    realm

  • resource_name

    The protocol mapper name. Defaults to ‘name`.

  • type

    protocolMapper.

    Default is ‘oidc-usermodel-property-mapper` for `protocol` `openid-connect` and `saml-user-property-mapper` for `protocol` `saml`.

    Supported values:
    • oidc-usermodel-property-mapper
    • oidc-usermodel-attribute-mapper
    • oidc-full-name-mapper
    • oidc-group-membership-mapper
    • oidc-audience-mapper
    • saml-group-membership-mapper
    • saml-user-property-mapper
    • saml-user-attribute-mapper
    • saml-role-list-mapper