keycloak

Keycloak - read-only user attributes


I want to keep some information in Keycloak as custom user attributes.

Some of them should be managed by the user itself. Other attributes should be managed only by a Keycloak administrator. Attributes managed by the administrator should be read-only visible in the "Edit account" web page for the user.

I went through the guide to add custom user attributes in this page and customized the "Edit account" web page.

My question is: Is it ensured that the user cannot change the attribute that is meant as read-only for the user? E.g. by submitting a form where he/she sends correct data that will be automatically mapped on the server side to the user attribute.


Solution

  • perform an update to version 12.0.4. There were some issues < 12.0.4 with dropping all attributes if user updates his profile.

    Additionally with 12.0.4 you can create user- and admin-read only attributes.

    Check documentation: https://keycloak.org/docs/latest/server_admin/#read_only_user_attributes

    Cheers