我正在尝试使用与此类似的 keycloak CLI 创建 IDP 提供程序映射器
docs 中的示例全部用于存储映射器。
我已经尝试过
kcadm.sh create components -r my-realm -s name=my-mapper-name -s providerId=oidc-hardcoded-role-idp-mapper -s providerType=org.keycloak.broker.provider.IdentityProviderMapper -s parentId=<parent id> -s 'config.role=["ROLE_MY_ROLE"]'
但是失败并出现错误
14:45:26,325 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-7) Uncaught server error: java.lang.ClassCastException: class org.keycloak.broker.provider.HardcodedRoleMapper cannot be cast to class org.keycloak.component.ComponentFactory (org.keycloak.broker.provider.HardcodedRoleMapper is in unnamed module of loader '<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="f6998491d89d938f959a99979dd89d938f959a99979ddb859384809f959385b6cfd8c6d8c6" rel="noreferrer noopener nofollow">[email protected]</a>' @1dd6d570; org.keycloak.component.ComponentFactory is in unnamed module of loader '<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="dfb0adb8f1b4baa6bcb3b0beb4f1b4baa6bcb3b0beb4f2acbaada9baadf2acafb69fe6f1eff1ef" rel="noreferrer noopener nofollow">[email protected]</a>' @8467851)
与 HardcodedLDAPRoleStorageMapperFactory 不同,它不会扩展 ComponentFactory。
是否可以使用 keycloak CLI 来执行此操作?
谢谢!
最佳答案
您必须按如下方式调用:
./kcadm.sh create identity-provider/instances/<IDP_name>/mappers \
-r <REALM_NAME> \
-s name=<MAPPER_NAME> \
-s identityProviderAlias=<IDP_ALIAS> \
-s identityProviderMapper=oidc-hardcoded-role-idp-mapper \
-s config.role=<ROLE_NAME>
为了方便复制和粘贴:
./kcadm.sh create identity-provider/instances/<IDP_name>/mappers -r <REALM_NAME> -s name=<MAPPER_NAME> -s identityProviderAlias=<IDP_ALIAS> -s identityProviderMapper=oidc-hardcoded-role-idp-mapper -s config.role=<ROLE_NAME>
字段identityProviderMapper是Mapper Type ,在您的情况下将是 oidc-hardcoded-role-idp-mapper .
关于Keycloak CLI : Creating an Identity Provider Mapper,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/66065755/