maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(ops/keycloak): use preferred_username claim from Bornhack IdP

Browse source 
Since https://github.com/bornhack/bornhack-website/pull/1838, users can
set their preferred username there, so it can be correctly propagated
to Keycloak.

Change-Id: If492d4b92b420c07b9e1450883ccb30a18802a42
Reviewed-on: https://cl.snix.dev/c/snix/+/30424
Tested-by: besadii
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Autosubmit: Florian Klink <flokli@flokli.de>
This commit is contained in:
Florian Klink 2025-05-04 15:42:22 +03:00 committed by clbot
parent 759f15390c
commit b04011dd53
1 changed files with 14 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

27
ops/keycloak/identity_providers.tf
View file

@ -70,18 +70,19 @@ resource "keycloak_oidc_identity_provider" "bornhack" {
} }
} }
# Bornhack uses a uuid as `sub`, and has an additional `nickname` claim, which we use. # Bornhack uses a uuid as `sub`, and has an additional `preferred_username` claim,
# Normally, we'd simply import this as the username, but for now we cannot, due to # which we use.
# See https://bornhack.dk/profile/oidc/?scopes=profile for an overview.
# https://github.com/bornhack/bornhack-website/issues/1837 # https://github.com/bornhack/bornhack-website/issues/1837
# resource "keycloak_custom_identity_provider_mapper" "bornhack_nickname" { resource "keycloak_custom_identity_provider_mapper" "bornhack_nickname" {
# realm = keycloak_realm.snix.id realm = keycloak_realm.snix.id
# name = "bornhack_nickname" name = "bornhack_preferred_username"
# identity_provider_alias = keycloak_oidc_identity_provider.bornhack.alias identity_provider_alias = keycloak_oidc_identity_provider.bornhack.alias
# identity_provider_mapper = "oidc-user-attribute-idp-mapper" identity_provider_mapper = "oidc-user-attribute-idp-mapper"
# extra_config = { extra_config = {
# syncMode = "INHERIT" syncMode = "INHERIT"
# claim = "nickname" claim = "preferred_username"
# "user.attribute" = "username" "user.attribute" = "username"
# } }
# } }