Skip to content

keycloak_user_federation: mappers can have list in config #11502

New issue
New issue
Open
#11515
Open
keycloak_user_federation: mappers can have list in config#11502
#11515
Labels
bugThis issue/PR relates to a bugmodulemodulepluginsplugin (any type)
@mixman68

Description

@mixman68
mixman68
opened on Feb 11, 2026

Summary

The config attribute for mappers in keycloak_user_federation only accept string as value,

The official api of keycloak return array of strings and the value can be multiple for some mapper

Issue Type

Bug Report

Component Name

keycloak_user_federation

Ansible Version

$ ansible --version
ansible [core 2.16.3]
  config file = None
  configured module search path = ['/home/greg/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/greg/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.12.3 (main, Jan 22 2026, 20:57:42) [GCC 13.3.0] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

Community.general Version

$ ansible-galaxy collection list community.general
# /home/greg/.ansible/collections/ansible_collections
Collection        Version
----------------- -------
community.general 12.3.0

Configuration

$ ansible-config dump --only-changed
CONFIG_FILE() = None

OS / Environment

Debian 13

Steps to Reproduce

- name: Create LDAP user federation
  community.general.keycloak_user_federation:
    auth_keycloak_url: https://keycloak.example.com/auth
    auth_realm: master
    auth_username: admin
    auth_password: password
    realm: my-realm
    name: my-ldap
    state: present
    provider_id: ldap
    provider_type: org.keycloak.storage.UserStorageProvider
    config:
      priority: 0
      enabled: true
      cachePolicy: DEFAULT
      batchSizeForSync: 1000
      editMode: READ_ONLY
      importEnabled: true
      syncRegistrations: false
      vendor: other
      usernameLDAPAttribute: uid
      rdnLDAPAttribute: uid
      uuidLDAPAttribute: entryUUID
      userObjectClasses: inetOrgPerson, organizationalPerson
      connectionUrl: ldaps://ldap.example.com:636
      usersDn: ou=Users,dc=example,dc=com
      authType: simple
      bindDn: cn=directory reader
      bindCredential: password
      searchScope: 1
      validatePasswordPolicy: false
      trustEmail: false
      useTruststoreSpi: ldapsOnly
      connectionPooling: true
      pagination: true
      allowKerberosAuthentication: false
      debug: false
      useKerberosForPasswordAuthentication: false
    mappers:
      - name: "full name"
        providerId: "full-name-ldap-mapper"
        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
        config:
          ldap.full.name.attribute: cn
          read.only: true
          write.only: false
      - config:
          included.attribute: mail
          included.list.attributes:
            - telephone
            - sso_cert
        name: RESTMapper
        providerId: custom-rest-api-mapper
        providerType: org.keycloak.storage.ldap.mappers.LDAPStorageMapper

Expected Results

the attributes config on my mapper is broken, instead of two value, i have unique with ['telephone', 'sso_cert']

Actual Results



Code of Conduct


    

  •  I agree to follow the Ansible Code of Conduct
    • 

Metadata
Metadata
Assignees
No one assigned
    Labels
    bugThis issue/PR relates to a bugmodulemodulepluginsplugin (any type)
    Type
    No type
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions