[keycloak-dev] Fwd: An ability to evaluate/transform the template variables during the SAML/OpenID protocol mappers processing

Thomas Darimont thomas.darimont at googlemail.com
Thu May 17 08:35:30 EDT 2018 

Hi Sergey,

for OIDC you can already do something like this via the Script Protocol
Mapper which allows
to compute the result value via JavaScript.

See:
-
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/protocol/oidc/mappers/ScriptBasedOIDCProtocolMapper.java
- https://github.com/keycloak/keycloak/pull/4495

I didn't have the time yet to implement the same for the SAML protocol
mapper, but
there is a JIRA issue: https://issues.jboss.org/browse/KEYCLOAK-5520

Support for template interpolation via a dedicated protocol mapper would be
nicer though,
since it would allow for more concise mapper definitions.

Cheers,
Thomas

Am Do., 17. Mai 2018 um 11:04 Uhr schrieb Serhii Shymkiv <sergey at shimkiv.com
>:

> No luck with Users list, trying the Devs one ...
>
>
> ---------- Forwarded message ----------
> From: Serhii Shymkiv <sergey at shimkiv.com>
> Date: Sat, Apr 21, 2018 at 9:11 PM
> Subject: An ability to evaluate/transform the template variables during the
> SAML/OpenID protocol mappers processing
> To: keycloak-user at lists.jboss.org
>
>
> Hello Guys,
> current email thread is inspired by the https://github.com/keycloak/
> keycloak/pull/5042 <https://github.com/keycloak/keycloak/pull/5042>
> and the question for the community is:
> - what do you think if the Keycloak will have an ability to
> evaluate/transform the template variables during the SAML/OpenID protocol
> mappers processing ?
>
> Examples (please refer to the attached "snapshot-1.png" and
> "snapshot-2.png"):
> 1. "snapshot-1.png":
>     ${firstName} ${lastName}
>     =>
>     the simplest expression, the template variables will be evaluated into
> the real values of the user (in this case) properties
>     =>
>     e.g.: "Serhii Shymkiv" (without quotes, of course)
> 2. "snapshot-2.png":
>     Welcome back, #(${firstName} ${lastName}) ?: ${email}
>     =>
>     almost the same expression but with additional logic which means that
> the value of the #(...) block will be used only if it is not blank (null or
> space symbols only) otherwise the expression to the right of the ?:
> operator will be evaluated
>     =>
>     e.g.: "Welcome back, Serhii Shymkiv"
>     e.g.: "Welcome back, sergey at shimkiv.com"
>
> Thank you for you time.
>
>
>
>
> --
> Best regards,
> Serhii Shymkiv.
>
>
>
> --
> Best regards,
> Serhii Shymkiv.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list