Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-15611

[7.4.z] The userinfo endpoint ignores mappers on "sub" claim (Regression in 7.4.1)

    XMLWordPrintable

    Details

      Description

      After upgrading to RH-SSO 7.4.2, the userinfo endpoint no longer allows mappers on the "sub" claim.  Previously they were allowed.

      The appears to be a regression introduced in 7.4.1 for KEYCLOAK-13860 / KEYCLOAK-7450 in org.keycloak.protocol.oidc.endpoints.UserinfoEndpoint.issueUserInfo().  The order of the following lines was changed to disable mappers (as the comment indicates):

       

      claims.putAll(userInfo.getOtherClaims());
      

      and

      claims.put("sub", userInfo.getSubject());

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              pcraveiro Pedro Igor Silva
              Reporter:
              chris.dolphy Chris Dolphy
              Votes:
              3 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: