Keycloak SAML NameID Mapper

136 views
Skip to first unread message

i7a7467

unread,
Mar 25, 2021, 9:29:57 AMMar 25
to Keycloak Dev

We need user attribute mapper for SAML NameID.
Keycloak does not have builtin NameID Mapper.
So, We are planning to implement the code for PR.
Some people make the same request.
https://issues.redhat.com/browse/KEYCLOAK-16918

We are thinking of adding the code for call user attribute mapper in the URL below.
https://github.com/keycloak/keycloak/blob/60e4bd622f7bc712129ae2b13536ca9ba8296c1f/services/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java#L388

What do you think?
Is this feature welcomed?

It is NameID Mapper in admin console image.

スクリーンショット 2021-03-25 22.06.05.pngスクリーンショット 2021-03-25 22.07.33.pngスクリーンショット 2021-03-25 22.07.59.png

Hynek Mlnarik

unread,
Mar 30, 2021, 8:40:35 AMMar 30
to i7a7467, Keycloak Dev
This sounds interesting, thank you! PR with tests would be nice.

Before changing the mapper logic, I suggest trying this:

1) Create the mapper as the user attribute mapper as you proposed
2) In the mapper, set SAML_NAME_ID and SAML_NAME_ID_FORMAT notes like in [1]
3) In SamlProtocol, swap lines 454 and 455 [2], and 
4) Move setting nameID from [3] into between the two lines, using the notes from client session if set by the mapper, otherwise fall back to the current implementation

--Hynek


--
You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/f32c346c-11f2-45ad-ae69-2d575c6956d0n%40googlegroups.com.

i7a7467

unread,
Mar 31, 2021, 12:02:45 PMMar 31
to Keycloak Dev
Thanks.
We will try your suggestion and create a PR with integration tests.
Before writing tests, maybe we might make a Draft PR.

2021年3月30日火曜日 21:40:35 UTC+9 hmln...@redhat.com:
Reply all
Reply to author
Forward
0 new messages