How to configure Keycloak as IdP in Freshdesk
83 views
Skip to first unread message
Sanghamitra Choudhury
Sep 28, 2022, 12:27:14 AM9/28/22
to Keycloak User
Hi Team,
We are facing issue while configuring Keycloak as IdP in Freshdesk. Freshdesk Team is asking for giving email address under the key "sub" which is giving auto generated key currently. And because of this we are not able to proceed futher to use Keycloak as SSO. Freshdesk Team has shown us the example of Okta configuration where email address is being sent under the key "sub".
Please suggest here. Can we override the value of "sub" key in user info API of Keycloak. We want to pass email address as value for "sub" key.
C R
Sep 28, 2022, 5:30:24 AM9/28/22
to Sanghamitra Choudhury, Keycloak User
Le mer. 28 sept. 2022 à 06:27, Sanghamitra Choudhury
<smc....@gmail.com> a écrit :>
This sounds like a terrible idea to me because emails are changeable
over time. This is the spec for sub:
sub REQUIRED. Subject Identifier. A locally unique and never
reassigned identifier within the Issuer for the End-User, which is
intended to be consumed by the Client, e.g., 24400320 or
AItOawmwtWwcT0k51BayewNvutrJUqsvl6qs7A4. It MUST NOT exceed 255 ASCII
characters in length. The sub value is a case sensitive string.
https://openid.net/specs/openid-connect-core-1_0.html
Regards,
C.
<smc....@gmail.com> a écrit :>
> Hi Team,
>
> We are facing issue while configuring Keycloak as IdP in Freshdesk. Freshdesk Team is asking for giving email address under the key "sub" which is giving auto generated key currently. And because of this we are not able to proceed futher to use Keycloak as SSO. Freshdesk Team has shown us the example of Okta configuration where email address is being sent under the key "sub".
>
> Please suggest here. Can we override the value of "sub" key in user info API of Keycloak. We want to pass email address as value for "sub" key.
Hi Sanghamitra,
>
> We are facing issue while configuring Keycloak as IdP in Freshdesk. Freshdesk Team is asking for giving email address under the key "sub" which is giving auto generated key currently. And because of this we are not able to proceed futher to use Keycloak as SSO. Freshdesk Team has shown us the example of Okta configuration where email address is being sent under the key "sub".
>
> Please suggest here. Can we override the value of "sub" key in user info API of Keycloak. We want to pass email address as value for "sub" key.
This sounds like a terrible idea to me because emails are changeable
over time. This is the spec for sub:
sub REQUIRED. Subject Identifier. A locally unique and never
reassigned identifier within the Issuer for the End-User, which is
intended to be consumed by the Client, e.g., 24400320 or
AItOawmwtWwcT0k51BayewNvutrJUqsvl6qs7A4. It MUST NOT exceed 255 ASCII
characters in length. The sub value is a case sensitive string.
https://openid.net/specs/openid-connect-core-1_0.html
Regards,
C.
Reply all
Reply to author
Forward
0 new messages