Keycloak gives you more than 20+ mapper types, but real confusion starts when developers ask:
“Ye mapper internally Keycloak ke kis table me store hota hai?”
“User Attribute vs User Property ke database tables alag kyun hote hain?”
“Role mapper ka data kaha save hota hai?”
“Client Scope add karne se backend me kya change hota hai?”
This blog finally solves these questions with full technical breakdown, database tables, architecture diagrams, and real Laravel / microservices use cases.
📑
Table of Contents
Keycloak Mapper System – Short Introduction
High-Level Architecture Diagram
Why Mapper Database Tables Matter
Full List of Mapper Types & Their Corresponding DB Tables
User Attribute
User Property
User Realm Role
User Client Role
Group Membership
Hardcoded Claim
Hardcoded Role
Address Mapper
Session Note
Audience Mapper
Subject (sub) Mapper
Special Tables Used by Client Scopes
Quick Reference Summary Table
Real Use Cases (Laravel + Multi-domain SSO + Microservices)
Conclusion
🚀 1.
Keycloak Mapper System – Short Introductio
n
In Keycloak, mappers decide what data goes inside a token:
Access Token
ID Token
UserInfo Response
Token Introspection
Whenever you add a custom attribute, custom claim, custom role, or custom scope, the result is handled by protocol mappers.
But internal working is hidden.
To understand debugging, migrations, or automation—knowing the exact database tables is extremely important.
🧩 2. High-Level Architecture Diagram
Top comments (0)