Docs Home
Keycloak v5.3.5 published on Wednesday, Oct 16, 2024 by Pulumi
keycloak.openid.UserAttributeProtocolMapper
Explore with Pulumi AI
# keycloak.openid.UserAttributeProtocolMapper
Allows for creating and managing user attribute protocol mappers within Keycloak.
User attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to a claim in a token. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.
Example Usage (Client)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const openidClient = new keycloak.openid.Client("openid_client", {
realmId: realm.id,
clientId: "test-client",
name: "test client",
enabled: true,
accessType: "CONFIDENTIAL",
validRedirectUris: ["http://localhost:8080/openid-callback"],
});
const userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper("user_attribute_mapper", {
realmId: realm.id,
clientId: openidClient.id,
name: "test-mapper",
userAttribute: "foo",
claimName: "bar",
});
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
openid_client = keycloak.openid.Client("openid_client",
realm_id=realm.id,
client_id="test-client",
name="test client",
enabled=True,
access_type="CONFIDENTIAL",
valid_redirect_uris=["http://localhost:8080/openid-callback"])
user_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper("user_attribute_mapper",
realm_id=realm.id,
client_id=openid_client.id,
name="test-mapper",
user_attribute="foo",
claim_name="bar")
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{
RealmId: realm.ID(),
ClientId: pulumi.String("test-client"),
Name: pulumi.String("test client"),
Enabled: pulumi.Bool(true),
AccessType: pulumi.String("CONFIDENTIAL"),
ValidRedirectUris: pulumi.StringArray{
pulumi.String("http://localhost:8080/openid-callback"),
},
})
if err != nil {
return err
}
_, err = openid.NewUserAttributeProtocolMapper(ctx, "user_attribute_mapper", &openid.UserAttributeProtocolMapperArgs{
RealmId: realm.ID(),
ClientId: openidClient.ID(),
Name: pulumi.String("test-mapper"),
UserAttribute: pulumi.String("foo"),
ClaimName: pulumi.String("bar"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var openidClient = new Keycloak.OpenId.Client("openid_client", new()
{
RealmId = realm.Id,
ClientId = "test-client",
Name = "test client",
Enabled = true,
AccessType = "CONFIDENTIAL",
ValidRedirectUris = new[]
{
"http://localhost:8080/openid-callback",
},
});
var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper("user_attribute_mapper", new()
{
RealmId = realm.Id,
ClientId = openidClient.Id,
Name = "test-mapper",
UserAttribute = "foo",
ClaimName = "bar",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.openid.Client;
import com.pulumi.keycloak.openid.ClientArgs;
import com.pulumi.keycloak.openid.UserAttributeProtocolMapper;
import com.pulumi.keycloak.openid.UserAttributeProtocolMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var openidClient = new Client("openidClient", ClientArgs.builder()
.realmId(realm.id())
.clientId("test-client")
.name("test client")
.enabled(true)
.accessType("CONFIDENTIAL")
.validRedirectUris("http://localhost:8080/openid-callback")
.build());
var userAttributeMapper = new UserAttributeProtocolMapper("userAttributeMapper", UserAttributeProtocolMapperArgs.builder()
.realmId(realm.id())
.clientId(openidClient.id())
.name("test-mapper")
.userAttribute("foo")
.claimName("bar")
.build());
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
openidClient:
type: keycloak:openid:Client
name: openid_client
properties:
realmId: ${realm.id}
clientId: test-client
name: test client
enabled: true
accessType: CONFIDENTIAL
validRedirectUris:
- http://localhost:8080/openid-callback
userAttributeMapper:
type: keycloak:openid:UserAttributeProtocolMapper
name: user_attribute_mapper
properties:
realmId: ${realm.id}
clientId: ${openidClient.id}
name: test-mapper
userAttribute: foo
claimName: bar
Example Usage (Client Scope)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const clientScope = new keycloak.openid.ClientScope("client_scope", {
realmId: realm.id,
name: "test-client-scope",
});
const userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper("user_attribute_mapper", {
realmId: realm.id,
clientScopeId: clientScope.id,
name: "test-mapper",
userAttribute: "foo",
claimName: "bar",
});
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
client_scope = keycloak.openid.ClientScope("client_scope",
realm_id=realm.id,
name="test-client-scope")
user_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper("user_attribute_mapper",
realm_id=realm.id,
client_scope_id=client_scope.id,
name="test-mapper",
user_attribute="foo",
claim_name="bar")
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{
RealmId: realm.ID(),
Name: pulumi.String("test-client-scope"),
})
if err != nil {
return err
}
_, err = openid.NewUserAttributeProtocolMapper(ctx, "user_attribute_mapper", &openid.UserAttributeProtocolMapperArgs{
RealmId: realm.ID(),
ClientScopeId: clientScope.ID(),
Name: pulumi.String("test-mapper"),
UserAttribute: pulumi.String("foo"),
ClaimName: pulumi.String("bar"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new()
{
RealmId = realm.Id,
Name = "test-client-scope",
});
var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper("user_attribute_mapper", new()
{
RealmId = realm.Id,
ClientScopeId = clientScope.Id,
Name = "test-mapper",
UserAttribute = "foo",
ClaimName = "bar",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.openid.ClientScope;
import com.pulumi.keycloak.openid.ClientScopeArgs;
import com.pulumi.keycloak.openid.UserAttributeProtocolMapper;
import com.pulumi.keycloak.openid.UserAttributeProtocolMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder()
.realmId(realm.id())
.name("test-client-scope")
.build());
var userAttributeMapper = new UserAttributeProtocolMapper("userAttributeMapper", UserAttributeProtocolMapperArgs.builder()
.realmId(realm.id())
.clientScopeId(clientScope.id())
.name("test-mapper")
.userAttribute("foo")
.claimName("bar")
.build());
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
clientScope:
type: keycloak:openid:ClientScope
name: client_scope
properties:
realmId: ${realm.id}
name: test-client-scope
userAttributeMapper:
type: keycloak:openid:UserAttributeProtocolMapper
name: user_attribute_mapper
properties:
realmId: ${realm.id}
clientScopeId: ${clientScope.id}
name: test-mapper
userAttribute: foo
claimName: bar
Argument Reference
The following arguments are supported:
realm_id- (Required) The realm this protocol mapper exists within.client_id- (Required ifclient_scope_idis not specified) The client this protocol mapper is attached to.client_scope_id- (Required ifclient_idis not specified) The client scope this protocol mapper is attached to.name- (Required) The display name of this protocol mapper in the GUI.user_attribute- (Required) The custom user attribute to map a claim for.claim_name- (Required) The name of the claim to insert into a token.claim_value_type- (Optional) The claim type used when serializing JSON tokens. Can be one ofString,long,int, orboolean. Defaults toString.multivalued- (Optional) Indicates whether this attribute is a single value or an array of values. Defaults tofalse.add_to_id_token- (Optional) Indicates if the attribute should be added as a claim to the id token. Defaults totrue.add_to_access_token- (Optional) Indicates if the attribute should be added as a claim to the access token. Defaults totrue.add_to_userinfo- (Optional) Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults totrue.
Import
Protocol mappers can be imported using one of the following formats:
- Client:
{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}} - Client Scope:
{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}
Example:
$ terraform import keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4
$ terraform import keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4
Create UserAttributeProtocolMapper Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new UserAttributeProtocolMapper(name: string, args: UserAttributeProtocolMapperArgs, opts?: CustomResourceOptions);@overload
def UserAttributeProtocolMapper(resource_name: str,
args: UserAttributeProtocolMapperArgs,
opts: Optional[ResourceOptions] = None)
@overload
def UserAttributeProtocolMapper(resource_name: str,
opts: Optional[ResourceOptions] = None,
claim_name: Optional[str] = None,
realm_id: Optional[str] = None,
user_attribute: Optional[str] = None,
add_to_access_token: Optional[bool] = None,
add_to_id_token: Optional[bool] = None,
add_to_userinfo: Optional[bool] = None,
aggregate_attributes: Optional[bool] = None,
claim_value_type: Optional[str] = None,
client_id: Optional[str] = None,
client_scope_id: Optional[str] = None,
multivalued: Optional[bool] = None,
name: Optional[str] = None)func NewUserAttributeProtocolMapper(ctx *Context, name string, args UserAttributeProtocolMapperArgs, opts ...ResourceOption) (*UserAttributeProtocolMapper, error)public UserAttributeProtocolMapper(string name, UserAttributeProtocolMapperArgs args, CustomResourceOptions? opts = null)
public UserAttributeProtocolMapper(String name, UserAttributeProtocolMapperArgs args)
public UserAttributeProtocolMapper(String name, UserAttributeProtocolMapperArgs args, CustomResourceOptions options)
type: keycloak:openid:UserAttributeProtocolMapper
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args UserAttributeProtocolMapperArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args UserAttributeProtocolMapperArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args UserAttributeProtocolMapperArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args UserAttributeProtocolMapperArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args UserAttributeProtocolMapperArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var userAttributeProtocolMapperResource = new Keycloak.OpenId.UserAttributeProtocolMapper("userAttributeProtocolMapperResource", new()
{
ClaimName = "string",
RealmId = "string",
UserAttribute = "string",
AddToAccessToken = false,
AddToIdToken = false,
AddToUserinfo = false,
AggregateAttributes = false,
ClaimValueType = "string",
ClientId = "string",
ClientScopeId = "string",
Multivalued = false,
Name = "string",
});
example, err := openid.NewUserAttributeProtocolMapper(ctx, "userAttributeProtocolMapperResource", &openid.UserAttributeProtocolMapperArgs{
ClaimName: pulumi.String("string"),
RealmId: pulumi.String("string"),
UserAttribute: pulumi.String("string"),
AddToAccessToken: pulumi.Bool(false),
AddToIdToken: pulumi.Bool(false),
AddToUserinfo: pulumi.Bool(false),
AggregateAttributes: pulumi.Bool(false),
ClaimValueType: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientScopeId: pulumi.String("string"),
Multivalued: pulumi.Bool(false),
Name: pulumi.String("string"),
})
var userAttributeProtocolMapperResource = new UserAttributeProtocolMapper("userAttributeProtocolMapperResource", UserAttributeProtocolMapperArgs.builder()
.claimName("string")
.realmId("string")
.userAttribute("string")
.addToAccessToken(false)
.addToIdToken(false)
.addToUserinfo(false)
.aggregateAttributes(false)
.claimValueType("string")
.clientId("string")
.clientScopeId("string")
.multivalued(false)
.name("string")
.build());
user_attribute_protocol_mapper_resource = keycloak.openid.UserAttributeProtocolMapper("userAttributeProtocolMapperResource",
claim_name="string",
realm_id="string",
user_attribute="string",
add_to_access_token=False,
add_to_id_token=False,
add_to_userinfo=False,
aggregate_attributes=False,
claim_value_type="string",
client_id="string",
client_scope_id="string",
multivalued=False,
name="string")
const userAttributeProtocolMapperResource = new keycloak.openid.UserAttributeProtocolMapper("userAttributeProtocolMapperResource", {
claimName: "string",
realmId: "string",
userAttribute: "string",
addToAccessToken: false,
addToIdToken: false,
addToUserinfo: false,
aggregateAttributes: false,
claimValueType: "string",
clientId: "string",
clientScopeId: "string",
multivalued: false,
name: "string",
});
type: keycloak:openid:UserAttributeProtocolMapper
properties:
addToAccessToken: false
addToIdToken: false
addToUserinfo: false
aggregateAttributes: false
claimName: string
claimValueType: string
clientId: string
clientScopeId: string
multivalued: false
name: string
realmId: string
userAttribute: string
UserAttributeProtocolMapper Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The UserAttributeProtocolMapper resource accepts the following input properties:
- Claim
Name string - Realm
Id string - The realm id where the associated client or client scope exists.
- User
Attribute string - Add
To boolAccess Token - Indicates if the attribute should be a claim in the access token.
- Add
To boolId Token - Indicates if the attribute should be a claim in the id token.
- Add
To boolUserinfo - Indicates if the attribute should appear in the userinfo response body.
- Aggregate
Attributes bool - Indicates if attribute values should be aggregated within the group attributes
- Claim
Value stringType - Claim type used when serializing tokens.
- Client
Id string - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- Client
Scope stringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- Multivalued bool
- Indicates whether this attribute is a single value or an array of values.
- Name string
- A human-friendly name that will appear in the Keycloak console.
- Claim
Name string - Realm
Id string - The realm id where the associated client or client scope exists.
- User
Attribute string - Add
To boolAccess Token - Indicates if the attribute should be a claim in the access token.
- Add
To boolId Token - Indicates if the attribute should be a claim in the id token.
- Add
To boolUserinfo - Indicates if the attribute should appear in the userinfo response body.
- Aggregate
Attributes bool - Indicates if attribute values should be aggregated within the group attributes
- Claim
Value stringType - Claim type used when serializing tokens.
- Client
Id string - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- Client
Scope stringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- Multivalued bool
- Indicates whether this attribute is a single value or an array of values.
- Name string
- A human-friendly name that will appear in the Keycloak console.
- claim
Name String - realm
Id String - The realm id where the associated client or client scope exists.
- user
Attribute String - add
To BooleanAccess Token - Indicates if the attribute should be a claim in the access token.
- add
To BooleanId Token - Indicates if the attribute should be a claim in the id token.
- add
To BooleanUserinfo - Indicates if the attribute should appear in the userinfo response body.
- aggregate
Attributes Boolean - Indicates if attribute values should be aggregated within the group attributes
- claim
Value StringType - Claim type used when serializing tokens.
- client
Id String - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- client
Scope StringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- multivalued Boolean
- Indicates whether this attribute is a single value or an array of values.
- name String
- A human-friendly name that will appear in the Keycloak console.
- claim
Name string - realm
Id string - The realm id where the associated client or client scope exists.
- user
Attribute string - add
To booleanAccess Token - Indicates if the attribute should be a claim in the access token.
- add
To booleanId Token - Indicates if the attribute should be a claim in the id token.
- add
To booleanUserinfo - Indicates if the attribute should appear in the userinfo response body.
- aggregate
Attributes boolean - Indicates if attribute values should be aggregated within the group attributes
- claim
Value stringType - Claim type used when serializing tokens.
- client
Id string - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- client
Scope stringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- multivalued boolean
- Indicates whether this attribute is a single value or an array of values.
- name string
- A human-friendly name that will appear in the Keycloak console.
- claim_
name str - realm_
id str - The realm id where the associated client or client scope exists.
- user_
attribute str - add_
to_ boolaccess_ token - Indicates if the attribute should be a claim in the access token.
- add_
to_ boolid_ token - Indicates if the attribute should be a claim in the id token.
- add_
to_ booluserinfo - Indicates if the attribute should appear in the userinfo response body.
- aggregate_
attributes bool - Indicates if attribute values should be aggregated within the group attributes
- claim_
value_ strtype - Claim type used when serializing tokens.
- client_
id str - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- client_
scope_ strid - The mapper's associated client scope. Cannot be used at the same time as client_id.
- multivalued bool
- Indicates whether this attribute is a single value or an array of values.
- name str
- A human-friendly name that will appear in the Keycloak console.
- claim
Name String - realm
Id String - The realm id where the associated client or client scope exists.
- user
Attribute String - add
To BooleanAccess Token - Indicates if the attribute should be a claim in the access token.
- add
To BooleanId Token - Indicates if the attribute should be a claim in the id token.
- add
To BooleanUserinfo - Indicates if the attribute should appear in the userinfo response body.
- aggregate
Attributes Boolean - Indicates if attribute values should be aggregated within the group attributes
- claim
Value StringType - Claim type used when serializing tokens.
- client
Id String - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- client
Scope StringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- multivalued Boolean
- Indicates whether this attribute is a single value or an array of values.
- name String
- A human-friendly name that will appear in the Keycloak console.
Outputs
All input properties are implicitly available as output properties. Additionally, the UserAttributeProtocolMapper resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing UserAttributeProtocolMapper Resource
Get an existing UserAttributeProtocolMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: UserAttributeProtocolMapperState, opts?: CustomResourceOptions): UserAttributeProtocolMapper@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
add_to_access_token: Optional[bool] = None,
add_to_id_token: Optional[bool] = None,
add_to_userinfo: Optional[bool] = None,
aggregate_attributes: Optional[bool] = None,
claim_name: Optional[str] = None,
claim_value_type: Optional[str] = None,
client_id: Optional[str] = None,
client_scope_id: Optional[str] = None,
multivalued: Optional[bool] = None,
name: Optional[str] = None,
realm_id: Optional[str] = None,
user_attribute: Optional[str] = None) -> UserAttributeProtocolMapperfunc GetUserAttributeProtocolMapper(ctx *Context, name string, id IDInput, state *UserAttributeProtocolMapperState, opts ...ResourceOption) (*UserAttributeProtocolMapper, error)public static UserAttributeProtocolMapper Get(string name, Input<string> id, UserAttributeProtocolMapperState? state, CustomResourceOptions? opts = null)public static UserAttributeProtocolMapper get(String name, Output<String> id, UserAttributeProtocolMapperState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Add
To boolAccess Token - Indicates if the attribute should be a claim in the access token.
- Add
To boolId Token - Indicates if the attribute should be a claim in the id token.
- Add
To boolUserinfo - Indicates if the attribute should appear in the userinfo response body.
- Aggregate
Attributes bool - Indicates if attribute values should be aggregated within the group attributes
- Claim
Name string - Claim
Value stringType - Claim type used when serializing tokens.
- Client
Id string - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- Client
Scope stringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- Multivalued bool
- Indicates whether this attribute is a single value or an array of values.
- Name string
- A human-friendly name that will appear in the Keycloak console.
- Realm
Id string - The realm id where the associated client or client scope exists.
- User
Attribute string
- Add
To boolAccess Token - Indicates if the attribute should be a claim in the access token.
- Add
To boolId Token - Indicates if the attribute should be a claim in the id token.
- Add
To boolUserinfo - Indicates if the attribute should appear in the userinfo response body.
- Aggregate
Attributes bool - Indicates if attribute values should be aggregated within the group attributes
- Claim
Name string - Claim
Value stringType - Claim type used when serializing tokens.
- Client
Id string - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- Client
Scope stringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- Multivalued bool
- Indicates whether this attribute is a single value or an array of values.
- Name string
- A human-friendly name that will appear in the Keycloak console.
- Realm
Id string - The realm id where the associated client or client scope exists.
- User
Attribute string
- add
To BooleanAccess Token - Indicates if the attribute should be a claim in the access token.
- add
To BooleanId Token - Indicates if the attribute should be a claim in the id token.
- add
To BooleanUserinfo - Indicates if the attribute should appear in the userinfo response body.
- aggregate
Attributes Boolean - Indicates if attribute values should be aggregated within the group attributes
- claim
Name String - claim
Value StringType - Claim type used when serializing tokens.
- client
Id String - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- client
Scope StringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- multivalued Boolean
- Indicates whether this attribute is a single value or an array of values.
- name String
- A human-friendly name that will appear in the Keycloak console.
- realm
Id String - The realm id where the associated client or client scope exists.
- user
Attribute String
- add
To booleanAccess Token - Indicates if the attribute should be a claim in the access token.
- add
To booleanId Token - Indicates if the attribute should be a claim in the id token.
- add
To booleanUserinfo - Indicates if the attribute should appear in the userinfo response body.
- aggregate
Attributes boolean - Indicates if attribute values should be aggregated within the group attributes
- claim
Name string - claim
Value stringType - Claim type used when serializing tokens.
- client
Id string - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- client
Scope stringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- multivalued boolean
- Indicates whether this attribute is a single value or an array of values.
- name string
- A human-friendly name that will appear in the Keycloak console.
- realm
Id string - The realm id where the associated client or client scope exists.
- user
Attribute string
- add_
to_ boolaccess_ token - Indicates if the attribute should be a claim in the access token.
- add_
to_ boolid_ token - Indicates if the attribute should be a claim in the id token.
- add_
to_ booluserinfo - Indicates if the attribute should appear in the userinfo response body.
- aggregate_
attributes bool - Indicates if attribute values should be aggregated within the group attributes
- claim_
name str - claim_
value_ strtype - Claim type used when serializing tokens.
- client_
id str - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- client_
scope_ strid - The mapper's associated client scope. Cannot be used at the same time as client_id.
- multivalued bool
- Indicates whether this attribute is a single value or an array of values.
- name str
- A human-friendly name that will appear in the Keycloak console.
- realm_
id str - The realm id where the associated client or client scope exists.
- user_
attribute str
- add
To BooleanAccess Token - Indicates if the attribute should be a claim in the access token.
- add
To BooleanId Token - Indicates if the attribute should be a claim in the id token.
- add
To BooleanUserinfo - Indicates if the attribute should appear in the userinfo response body.
- aggregate
Attributes Boolean - Indicates if attribute values should be aggregated within the group attributes
- claim
Name String - claim
Value StringType - Claim type used when serializing tokens.
- client
Id String - The mapper's associated client. Cannot be used at the same time as client_scope_id.
- client
Scope StringId - The mapper's associated client scope. Cannot be used at the same time as client_id.
- multivalued Boolean
- Indicates whether this attribute is a single value or an array of values.
- name String
- A human-friendly name that will appear in the Keycloak console.
- realm
Id String - The realm id where the associated client or client scope exists.
- user
Attribute String
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloakTerraform Provider.