[keycloak-dev] advanced claim support

Bill Burke bburke at redhat.com
Fri Feb 6 10:32:16 EST 2015


Wrote this awhile ago.  I'm starting on this now.  Discuss now, or 
forever hold your peace :)

Current UserModel.attributes will be used for internal bookkeeping only.
   Going to add a new "UserProfileType", "UserProfileValue" (name TBD)
type that contains:

UserProfileType:
* id
* name
* .css type
* type (bool, int, date, etc.)
* boolean displayOnRegistrationPage

Question, do I need a .css id to plug in a value too?  How would we
display the german label name for "phone"?


UserProfileValue:
* id
* UserClaimType
* String value


OIDC clients will have a "Claim mapping" tab.  SAML clients will have an
"Assertion Mapping" tab.  These tabs will be able to map from
UserProfileValues to te appropriate claim/assertion and also be able to
set up whether or not a claim should be added to token/assertion list.

ClientModel.claimMask will go away.  ClientModel will gain a list of
ClaimMappingModel

* id
* UserProfileType
* String claimNameMapping

Might want to eventually add a "ClaimTransformerProvider" pluggin
ability that can be attached to ClaimMappingModel...We might also want a
"TokenTransformerProvider" plugin too that can intercept token/saml doc
creation.  We'll see...

Bill
-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list