Keycloak SAML NameID Mapper
1,849 views
Skip to first unread message
i7a7467
Mar 25, 2021, 9:29:57 AM3/25/21
to Keycloak Dev
We need user attribute mapper for SAML NameID.
Keycloak does not have builtin NameID Mapper.
So, We are planning to implement the code for PR.
Some people make the same request.
https://issues.redhat.com/browse/KEYCLOAK-16918
We are thinking of adding the code for call user attribute mapper in the URL below.
https://github.com/keycloak/keycloak/blob/60e4bd622f7bc712129ae2b13536ca9ba8296c1f/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java#L388
What do you think?
Is this feature welcomed?
It is NameID Mapper in admin console image.
Hynek Mlnarik
Mar 30, 2021, 8:40:35 AM3/30/21
to i7a7467, Keycloak Dev
This sounds interesting, thank you! PR with tests would be nice.
Before changing the mapper logic, I suggest trying this:
1) Create the mapper as the user attribute mapper as you proposed
2) In the mapper, set SAML_NAME_ID and SAML_NAME_ID_FORMAT notes like in [1]
3) In SamlProtocol, swap lines 454 and 455 [2], and
4) Move setting nameID from [3] into between the two lines, using the notes from client session if set by the mapper, otherwise fall back to the current implementation
--Hynek
--
You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/f32c346c-11f2-45ad-ae69-2d575c6956d0n%40googlegroups.com.
i7a7467
Mar 31, 2021, 12:02:45 PM3/31/21
to Keycloak Dev
Thanks.
We will try your suggestion and create a PR with integration tests.
Before writing tests, maybe we might make a Draft PR.
2021年3月30日火曜日 21:40:35 UTC+9 hmln...@redhat.com:
Reply all
Reply to author
Forward
0 new messages