[keycloak-dev] Accessing SAML Request attributes in Authenticaors

Wed Sep 21 21:31:59 EDT 2016

Just to add to my previous email, I looked into the code and came across
SAMlService::loginRequest method where we are setting different SAML
parameters into client session. So we can imagine setting NameID also in
the session notes at that point. If this change makes sense then do let me
know and I can modify the code and can generate the pull request. Or if you
would like to do this yourself, even then this is fine with me :).

Regards,
Muein

On Wed, Sep 21, 2016 at 7:22 PM, Muein Muzamil <
shmuein+keycloak-dev at gmail.com> wrote:

> Hi all,
>
> This is a feature we need for some SP integrations, so if we don't support
> this feature that is ok. We can probably implement this and generate a pull
> request for this. But can someone please share some feedback how this
> should be implemented.
>
> Thanks in advance for your feedback on this.
>
> Regards,
> Muein
>
> On Thu, Sep 15, 2016 at 10:05 AM, Muein Muzamil <
> shmuein+keycloak-dev at gmail.com> wrote:
>
>> Hi all,
>>
>> Not sure if my question was clear enough, feel free to ask for
>> clarifications if needed.
>>
>> I will really appreciate some response on this.
>>
>> Best regards,
>> Muein
>>
>> On Tue, Sep 13, 2016 at 10:29 AM, Muein Muzamil <
>> shmuein+keycloak-dev at gmail.com> wrote:
>>
>>> Hi all,
>>>
>>> Any pointers to this? I was looking at the SAMLAuthNRequestParser class
>>> and it seems we are parsing the subject from the incoming request. Now the
>>> question is how can I access it in my custom authenticator?
>>>
>>> else if (JBossSAMLConstants.SUBJECT.get().equals(elementName)) {
>>>        authnRequest.setSubject(getSubject(xmlEventReader));
>>> }
>>>
>>> Regards,
>>> Muein
>>>
>>> On Fri, Sep 9, 2016 at 3:20 PM, Muein Muzamil <
>>> shmuein+keycloak-dev at gmail.com> wrote:
>>>
>>>> Hi all,
>>>>
>>>> We are trying to integrate with an SP which sends Subject/NameID in the
>>>> Saml Request (copying example below).  I have couple of questions in this
>>>> regard
>>>>
>>>>
>>>>    1. In our custom authenticator, we want to access this NameId and
>>>>    want to pre-fill username field based on this. Can you please guide me how
>>>>    can I do that.
>>>>    2. Secondly, I am currently using KeyCloak JBoss Adapter for my
>>>>    sample SP, does the SAML Adapter supports sending nameId in SAML request?
>>>>
>>>> <samlp:AuthnRequest Destination="https://idp.com/i
>>>> dp/profile/SAML2/Redirect/SSO" Version="2.0"
>>>> IssueInstant="2016-02-24T15:45:55.325Z"
>>>> ID="ID112bf5b0e4169930b663f2d89e62c521fc2f1b8133598fa2ff"
>>>> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
>>>>
>>>> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
>>>> http://pingone.com/xxx/640d3755-e080-4a87-8f7f-91795e78c08d</saml:Iss
>>>> uer>
>>>> <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
>>>> <saml:NameID Format="urn:oasis:names:tc:SAM
>>>> L:1.1:nameid-format:unspecified">jdoe at mysecureauthentication.com
>>>> </saml:NameID>
>>>> </saml:Subject>
>>>> </samlp:AuthnRequest>
>>>>
>>>>
>>>> Regards,
>>>> Muein
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160921/12f50d3d/attachment.html 