User
Allows for creating and managing user session note protocol mappers within Keycloak. User session note protocol mappers map a custom user session note to a token claim. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.
Example Usage
Client)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const openidClient = new keycloak.openid.Client("openid_client", {
realmId: realm.id,
clientId: "client",
name: "client",
enabled: true,
accessType: "CONFIDENTIAL",
validRedirectUris: ["http://localhost:8080/openid-callback"],
});
const userSessionNoteMapper = new keycloak.openid.UserSessionNoteProtocolMapper("user_session_note_mapper", {
realmId: realm.id,
clientId: openidClient.id,
name: "user-session-note-mapper",
claimName: "foo",
claimValueType: "String",
sessionNote: "bar",
});Content copied to clipboard
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
openid_client = keycloak.openid.Client("openid_client",
realm_id=realm.id,
client_id="client",
name="client",
enabled=True,
access_type="CONFIDENTIAL",
valid_redirect_uris=["http://localhost:8080/openid-callback"])
user_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper("user_session_note_mapper",
realm_id=realm.id,
client_id=openid_client.id,
name="user-session-note-mapper",
claim_name="foo",
claim_value_type="String",
session_note="bar")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var openidClient = new Keycloak.OpenId.Client("openid_client", new()
{
RealmId = realm.Id,
ClientId = "client",
Name = "client",
Enabled = true,
AccessType = "CONFIDENTIAL",
ValidRedirectUris = new[]
{
"http://localhost:8080/openid-callback",
},
});
var userSessionNoteMapper = new Keycloak.OpenId.UserSessionNoteProtocolMapper("user_session_note_mapper", new()
{
RealmId = realm.Id,
ClientId = openidClient.Id,
Name = "user-session-note-mapper",
ClaimName = "foo",
ClaimValueType = "String",
SessionNote = "bar",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{
RealmId: realm.ID(),
ClientId: pulumi.String("client"),
Name: pulumi.String("client"),
Enabled: pulumi.Bool(true),
AccessType: pulumi.String("CONFIDENTIAL"),
ValidRedirectUris: pulumi.StringArray{
pulumi.String("http://localhost:8080/openid-callback"),
},
})
if err != nil {
return err
}
_, err = openid.NewUserSessionNoteProtocolMapper(ctx, "user_session_note_mapper", &openid.UserSessionNoteProtocolMapperArgs{
RealmId: realm.ID(),
ClientId: openidClient.ID(),
Name: pulumi.String("user-session-note-mapper"),
ClaimName: pulumi.String("foo"),
ClaimValueType: pulumi.String("String"),
SessionNote: pulumi.String("bar"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.openid.Client;
import com.pulumi.keycloak.openid.ClientArgs;
import com.pulumi.keycloak.openid.UserSessionNoteProtocolMapper;
import com.pulumi.keycloak.openid.UserSessionNoteProtocolMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var openidClient = new Client("openidClient", ClientArgs.builder()
.realmId(realm.id())
.clientId("client")
.name("client")
.enabled(true)
.accessType("CONFIDENTIAL")
.validRedirectUris("http://localhost:8080/openid-callback")
.build());
var userSessionNoteMapper = new UserSessionNoteProtocolMapper("userSessionNoteMapper", UserSessionNoteProtocolMapperArgs.builder()
.realmId(realm.id())
.clientId(openidClient.id())
.name("user-session-note-mapper")
.claimName("foo")
.claimValueType("String")
.sessionNote("bar")
.build());
}
}Content copied to clipboard
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
openidClient:
type: keycloak:openid:Client
name: openid_client
properties:
realmId: ${realm.id}
clientId: client
name: client
enabled: true
accessType: CONFIDENTIAL
validRedirectUris:
- http://localhost:8080/openid-callback
userSessionNoteMapper:
type: keycloak:openid:UserSessionNoteProtocolMapper
name: user_session_note_mapper
properties:
realmId: ${realm.id}
clientId: ${openidClient.id}
name: user-session-note-mapper
claimName: foo
claimValueType: String
sessionNote: barContent copied to clipboard
Client Scope)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const clientScope = new keycloak.openid.ClientScope("client_scope", {
realmId: realm.id,
name: "client-scope",
});
const userSessionNoteMapper = new keycloak.openid.UserSessionNoteProtocolMapper("user_session_note_mapper", {
realmId: realm.id,
clientScopeId: clientScope.id,
name: "user-session-note-mapper",
claimName: "foo",
claimValueType: "String",
sessionNote: "bar",
});Content copied to clipboard
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
client_scope = keycloak.openid.ClientScope("client_scope",
realm_id=realm.id,
name="client-scope")
user_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper("user_session_note_mapper",
realm_id=realm.id,
client_scope_id=client_scope.id,
name="user-session-note-mapper",
claim_name="foo",
claim_value_type="String",
session_note="bar")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new()
{
RealmId = realm.Id,
Name = "client-scope",
});
var userSessionNoteMapper = new Keycloak.OpenId.UserSessionNoteProtocolMapper("user_session_note_mapper", new()
{
RealmId = realm.Id,
ClientScopeId = clientScope.Id,
Name = "user-session-note-mapper",
ClaimName = "foo",
ClaimValueType = "String",
SessionNote = "bar",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{
RealmId: realm.ID(),
Name: pulumi.String("client-scope"),
})
if err != nil {
return err
}
_, err = openid.NewUserSessionNoteProtocolMapper(ctx, "user_session_note_mapper", &openid.UserSessionNoteProtocolMapperArgs{
RealmId: realm.ID(),
ClientScopeId: clientScope.ID(),
Name: pulumi.String("user-session-note-mapper"),
ClaimName: pulumi.String("foo"),
ClaimValueType: pulumi.String("String"),
SessionNote: pulumi.String("bar"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.openid.ClientScope;
import com.pulumi.keycloak.openid.ClientScopeArgs;
import com.pulumi.keycloak.openid.UserSessionNoteProtocolMapper;
import com.pulumi.keycloak.openid.UserSessionNoteProtocolMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder()
.realmId(realm.id())
.name("client-scope")
.build());
var userSessionNoteMapper = new UserSessionNoteProtocolMapper("userSessionNoteMapper", UserSessionNoteProtocolMapperArgs.builder()
.realmId(realm.id())
.clientScopeId(clientScope.id())
.name("user-session-note-mapper")
.claimName("foo")
.claimValueType("String")
.sessionNote("bar")
.build());
}
}Content copied to clipboard
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
clientScope:
type: keycloak:openid:ClientScope
name: client_scope
properties:
realmId: ${realm.id}
name: client-scope
userSessionNoteMapper:
type: keycloak:openid:UserSessionNoteProtocolMapper
name: user_session_note_mapper
properties:
realmId: ${realm.id}
clientScopeId: ${clientScope.id}
name: user-session-note-mapper
claimName: foo
claimValueType: String
sessionNote: barContent copied to clipboard
Import
Protocol mappers can be imported using one of the following formats:
Client:
{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}Client Scope:
{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}Example: bash
$ pulumi import keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper user_session_note_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4Content copied to clipboard
$ pulumi import keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper user_session_note_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4Content copied to clipboard
Properties
Link copied to clipboard
Indicates if the property should be added as a claim to the access token. Defaults to true.
Link copied to clipboard
Indicates if the property should be added as a claim to the id token. Defaults to true.
Link copied to clipboard
The claim type used when serializing JSON tokens. Can be one of String, JSON, long, int, or boolean. Defaults to String.
Link copied to clipboard
The client scope this protocol mapper should be attached to. Conflicts with client_id. One of client_id or client_scope_id must be specified.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
String value being the name of stored user session note within the UserSessionModel.note map.