Class GroupMembershipProtocolMapper

# keycloak.openid.GroupMembershipProtocolMapper

Allows for creating and managing group membership protocol mappers within Keycloak.

Group membership protocol mappers allow you to map a user's group memberships to a claim in a token. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

Example Usage (Client)

using Pulumi;
using Keycloak = Pulumi.Keycloak;

class MyStack : Stack
{
public MyStack()
{
    var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
    {
        Enabled = true,
        Realm = "my-realm",
    });
    var openidClient = new Keycloak.OpenId.Client("openidClient", new Keycloak.OpenId.ClientArgs
    {
        AccessType = "CONFIDENTIAL",
        ClientId = "test-client",
        Enabled = true,
        RealmId = realm.Id,
        ValidRedirectUris = 
        {
            "http://localhost:8080/openid-callback",
        },
    });
    var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper("groupMembershipMapper", new Keycloak.OpenId.GroupMembershipProtocolMapperArgs
    {
        ClaimName = "groups",
        ClientId = openidClient.Id,
        RealmId = realm.Id,
    });
}

}

Example Usage (Client Scope)

using Pulumi;
using Keycloak = Pulumi.Keycloak;

class MyStack : Stack
{
public MyStack()
{
    var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
    {
        Enabled = true,
        Realm = "my-realm",
    });
    var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new Keycloak.OpenId.ClientScopeArgs
    {
        RealmId = realm.Id,
    });
    var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper("groupMembershipMapper", new Keycloak.OpenId.GroupMembershipProtocolMapperArgs
    {
        ClaimName = "groups",
        ClientScopeId = clientScope.Id,
        RealmId = realm.Id,
    });
}

}

Argument Reference

The following arguments are supported:

  • realm_id - (Required) The realm this protocol mapper exists within.
  • client_id - (Required if client_scope_id is not specified) The client this protocol mapper is attached to.
  • client_scope_id - (Required if client_id is not specified) The client scope this protocol mapper is attached to.
  • name - (Required) The display name of this protocol mapper in the GUI.
  • claim_name - (Required) The name of the claim to insert into a token.
  • full_path - (Optional) Indicates whether the full path of the group including its parents will be used. Defaults to true.
  • add_to_id_token - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to true.
  • add_to_access_token - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to true.
  • add_to_userinfo - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to true.
Inheritance
System.Object
Resource
CustomResource
GroupMembershipProtocolMapper
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Keycloak.OpenId
Assembly: Pulumi.Keycloak.dll
Syntax
public class GroupMembershipProtocolMapper : CustomResource

Constructors

View Source

GroupMembershipProtocolMapper(String, GroupMembershipProtocolMapperArgs, CustomResourceOptions)

Create a GroupMembershipProtocolMapper resource with the given unique name, arguments, and options.

Declaration
public GroupMembershipProtocolMapper(string name, GroupMembershipProtocolMapperArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
GroupMembershipProtocolMapperArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

AddToAccessToken

Declaration
public Output<bool?> AddToAccessToken { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

AddToIdToken

Declaration
public Output<bool?> AddToIdToken { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

AddToUserinfo

Declaration
public Output<bool?> AddToUserinfo { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

ClaimName

Declaration
public Output<string> ClaimName { get; }
Property Value
Type Description
Output<System.String>
View Source

ClientId

The mapper's associated client. Cannot be used at the same time as client_scope_id.

Declaration
public Output<string> ClientId { get; }
Property Value
Type Description
Output<System.String>
View Source

ClientScopeId

The mapper's associated client scope. Cannot be used at the same time as client_id.

Declaration
public Output<string> ClientScopeId { get; }
Property Value
Type Description
Output<System.String>
View Source

FullPath

Declaration
public Output<bool?> FullPath { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

Name

A human-friendly name that will appear in the Keycloak console.

Declaration
public Output<string> Name { get; }
Property Value
Type Description
Output<System.String>
View Source

RealmId

The realm id where the associated client or client scope exists.

Declaration
public Output<string> RealmId { get; }
Property Value
Type Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, GroupMembershipProtocolMapperState, CustomResourceOptions)

Get an existing GroupMembershipProtocolMapper resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static GroupMembershipProtocolMapper Get(string name, Input<string> id, GroupMembershipProtocolMapperState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
GroupMembershipProtocolMapperState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
GroupMembershipProtocolMapper