Resource Type: keycloak_protocol_mapper

Defined in:
lib/puppet/type/keycloak_protocol_mapper.rb
Providers:
kcadm

Overview

Manage Keycloak client scope protocol mappers

Examples:

Add email protocol mapper to oidc-client client scope in realm test

keycloak_protocol_mapper { "email for oidc-clients on test":
  claim_name     => 'email',
  user_attribute => 'email',
}

Properties

  • access_token_claim

    access.token.claim. Default to true for protocol openid-connect.

    Supported values:
    • true
    • false
  • attribute_name

    attribute.name Default to resource_name for type saml-user-property-mapper.

  • attribute_nameformat

    attribute.nameformat

  • claim_name

    claim.name

  • ensure (defaults to: present)

    The basic property that the resource should be in.

    Supported values:
    • present
    • absent
  • friendly_name

    friendly.name. Default to resource_name for type saml-user-property-mapper.

  • full_path

    full.path. Default to false for type oidc-group-membership-mapper.

    Supported values:
    • true
    • false
  • id_token_claim

    id.token.claim. Default to true for protocol openid-connect.

    Supported values:
    • true
    • false
  • included_client_audience

    included.client.audience Required for type of oidc-audience-mapper

  • json_type_label

    json.type.label. Default to String for type oidc-usermodel-property-mapper and oidc-group-membership-mapper.

  • protocol (defaults to: openid-connect)

    protocol

    Supported values:
    • openid-connect
    • saml
  • single

    single. Default to false for type saml-role-list-mapper.

    Supported values:
    • true
    • false
  • user_attribute

    user.attribute. Default to resource_name for type oidc-usermodel-property-mapper or saml-user-property-mapper

  • userinfo_token_claim

    userinfo.token.claim. Default to true for protocol openid-connect except type of oidc-audience-mapper.

    Supported values:
    • true
    • false

Parameters

  • client_scope

    client scope

  • id

    Id.

  • name (namevar)

    The protocol mapper name

  • provider

    The specific backend to use for this keycloak_protocol_mapper resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

  • realm

    realm

  • resource_name

    The protocol mapper name. Defaults to name.

  • type

    protocolMapper.

    Default is oidc-usermodel-property-mapper for protocol openid-connect and saml-user-property-mapper for protocol saml.

    Supported values:
    • oidc-usermodel-property-mapper
    • oidc-usermodel-attribute-mapper
    • oidc-full-name-mapper
    • oidc-group-membership-mapper
    • oidc-audience-mapper
    • saml-group-membership-mapper
    • saml-user-property-mapper
    • saml-user-attribute-mapper
    • saml-role-list-mapper