Add keycloak_openid_generic_mapper to support custom identity mappers

[hamiltont]

Currently custom identity broker mappings cannot be configured through this project.

By adding a generic option, similar to the keycloak_generic_client_protocol_mapper, we could allow for custom mappers to be configured & managed through this provider

For context, the runtime (non-compiled) configuration is based on the ProviderConfigProperty, which puts a nice restriction the the types of configuration keys (strings, lists, etc).

Also for context, here is the Model class

I'm not familiar enough with SAML to know if a keycloak_generic_identity_broker_mapper would make more sense, where the user selects SAML or OIDC as a config value

[hamiltont]

FYI - Added a $200 bounty over on bountysource because I could use this feature but sadly don't have time right now to implement it myself

[tomrutsaert]

If i am understanding it correctly, I think it already exists

https://mrparkers.github.io/terraform-provider-keycloak/resources/keycloak_attribute_importer_identity_provider_mapper/

Have fun, keep the money,
Reinvest into the project when you have some more time.

Let me know if that is not what you are searching for

[hamiltont]

@tomrutsaert thanks for the reply! As far as I can tell, that's not the same thing. The "Attribute Importer" is one specific type of Identity Provider Mapper in KeyCloak. There are 4-5 of these predefined ones. Note the confusing terminology of "Identity Provider Mappers" (these are distinct from the more common "Client Mappers") in KeyCloak. To see the list of builtin ones, on any KC realm, navigate to Identity Providers > Select a provider > Mappers > Create. For what it's worth, I think the Attribute Importer is the only type currently supported by this provider. It would probably be the only example of how to make another one.

This ticket is about adding a "generic" version that looks like the existing keycloak_attribute_importer_identity_provider_mapper but allows passing in arbitrary config items in the same way the keycloak_generic_client_protocol_mapper allows

PS - It's my first time mixing money and FOSS...IMO $200 isn't enough to pay for a dev to actually do this, so I'm looking at it as a way to say thanks for someone taking up an issue that matters to me. If it's inappropriate, someone let me know :-) I wish I had the time right now to dig in myself

[tomrutsaert]

You are right,
You need a small extension on top of the generic_keycloak_identity_provider_mapper, that allows to set the IdentityProviderMapper field. The code would not be so different as the code of keycloak_attribute_importer_identity_provider_mapper.
Also imho it should support more then just oidc and saml identityProviders.
It should not be too hard to do, But I do not have the time right now....