Class UserRealmRoleProtocolMapper

# keycloak.openid.UserRealmRoleProtocolMapper

Allows for creating and managing user realm role protocol mappers within Keycloak.

User realm role protocol mappers allow you to define a claim containing the list of the realm roles. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

Example Usage (Client)

using Pulumi;
using Keycloak = Pulumi.Keycloak;

class MyStack : Stack
{
public MyStack()
{
    var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
    {
        Enabled = true,
        Realm = "my-realm",
    });
    var openidClient = new Keycloak.OpenId.Client("openidClient", new Keycloak.OpenId.ClientArgs
    {
        AccessType = "CONFIDENTIAL",
        ClientId = "test-client",
        Enabled = true,
        RealmId = realm.Id,
        ValidRedirectUris = 
        {
            "http://localhost:8080/openid-callback",
        },
    });
    var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper("userRealmRoleMapper", new Keycloak.OpenId.UserRealmRoleProtocolMapperArgs
    {
        ClaimName = "foo",
        ClientId = openidClient.Id,
        RealmId = realm.Id,
    });
}

}

Example Usage (Client Scope)

using Pulumi;
using Keycloak = Pulumi.Keycloak;

class MyStack : Stack
{
public MyStack()
{
    var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
    {
        Enabled = true,
        Realm = "my-realm",
    });
    var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new Keycloak.OpenId.ClientScopeArgs
    {
        RealmId = realm.Id,
    });
    var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper("userRealmRoleMapper", new Keycloak.OpenId.UserRealmRoleProtocolMapperArgs
    {
        ClaimName = "foo",
        ClientScopeId = clientScope.Id,
        RealmId = realm.Id,
    });
}

}

Argument Reference

The following arguments are supported:

  • realm_id - (Required) The realm this protocol mapper exists within.
  • client_id - (Required if client_scope_id is not specified) The client this protocol mapper is attached to.
  • client_scope_id - (Required if client_id is not specified) The client scope this protocol mapper is attached to.
  • name - (Required) The display name of this protocol mapper in the GUI.
  • claim_name - (Required) The name of the claim to insert into a token.
  • claim_value_type - (Optional) The claim type used when serializing JSON tokens. Can be one of String, long, int, or boolean. Defaults to String.
  • multivalued - (Optional) Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to true.
  • realm_role_prefix - (Optional) A prefix for each Realm Role.
  • add_to_id_token - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to true.
  • add_to_access_token - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to true.
  • add_to_userinfo - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to true.
Inheritance
System.Object
Resource
CustomResource
UserRealmRoleProtocolMapper
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Keycloak.OpenId
Assembly: Pulumi.Keycloak.dll
Syntax
public class UserRealmRoleProtocolMapper : CustomResource

Constructors

View Source

UserRealmRoleProtocolMapper(String, UserRealmRoleProtocolMapperArgs, CustomResourceOptions)

Create a UserRealmRoleProtocolMapper resource with the given unique name, arguments, and options.

Declaration
public UserRealmRoleProtocolMapper(string name, UserRealmRoleProtocolMapperArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
UserRealmRoleProtocolMapperArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

AddToAccessToken

Indicates if the attribute should be a claim in the access token.

Declaration
public Output<bool?> AddToAccessToken { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

AddToIdToken

Indicates if the attribute should be a claim in the id token.

Declaration
public Output<bool?> AddToIdToken { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

AddToUserinfo

Indicates if the attribute should appear in the userinfo response body.

Declaration
public Output<bool?> AddToUserinfo { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

ClaimName

Declaration
public Output<string> ClaimName { get; }
Property Value
Type Description
Output<System.String>
View Source

ClaimValueType

Claim type used when serializing tokens.

Declaration
public Output<string> ClaimValueType { get; }
Property Value
Type Description
Output<System.String>
View Source

ClientId

The mapper's associated client. Cannot be used at the same time as client_scope_id.

Declaration
public Output<string> ClientId { get; }
Property Value
Type Description
Output<System.String>
View Source

ClientScopeId

The mapper's associated client scope. Cannot be used at the same time as client_id.

Declaration
public Output<string> ClientScopeId { get; }
Property Value
Type Description
Output<System.String>
View Source

Multivalued

Indicates whether this attribute is a single value or an array of values.

Declaration
public Output<bool?> Multivalued { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

Name

A human-friendly name that will appear in the Keycloak console.

Declaration
public Output<string> Name { get; }
Property Value
Type Description
Output<System.String>
View Source

RealmId

The realm id where the associated client or client scope exists.

Declaration
public Output<string> RealmId { get; }
Property Value
Type Description
Output<System.String>
View Source

RealmRolePrefix

Prefix that will be added to each realm role.

Declaration
public Output<string> RealmRolePrefix { get; }
Property Value
Type Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, UserRealmRoleProtocolMapperState, CustomResourceOptions)

Get an existing UserRealmRoleProtocolMapper resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static UserRealmRoleProtocolMapper Get(string name, Input<string> id, UserRealmRoleProtocolMapperState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
UserRealmRoleProtocolMapperState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
UserRealmRoleProtocolMapper