
<html>

  <head>

    <meta content="text/html; charset=windows-1252"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">Sorry for late response. <br>

      <br>

      We have JIRA created for that. You can possibly add yourself as a

      watcher. See <a class="moz-txt-link-freetext" href="https://issues.jboss.org/browse/KEYCLOAK-3422">https://issues.jboss.org/browse/KEYCLOAK-3422</a><br>

      <br>

      Maybe an alternative for you is to use protocolMappers. That

      should allow you to "construct" the token for particular client

      exactly how you want and also use the different value for "sub"

      claim. <br>

      <br>

      Another possibility is, to handle this on adapter side. We already

      have an adapter option "principal-attribute", which specifies that

      application will see the different attribute instead of "sub" as

      subject. For example when in appllication you call

      "httpServletRequest.getRemoteUser()" it will return "john" instead

      of "123456-unique-johns-uuid" . See

<a class="moz-txt-link-freetext" href="https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/2.1/topics/oidc/java/java-adapter-config.html">https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/2.1/topics/oidc/java/java-adapter-config.html</a><br>

      <br>

      Hopefully some of the options can be useful for you?<br>

      <br>

      Marek<br>

      <br>

      On 02/08/16 14:13, Martin Hardselius wrote:<br>

    </div>

    <blockquote

cite="mid:CAPJq0L_jxq+J4Drb47TzmEMAK8cqvGHrq9=cwLWwh9Q4aBXdDA@mail.gmail.com"

      type="cite">

      <div dir="ltr">

        <div>Me and my team are working towards getting Keycloak,

          customized for our needs, into production but we've identified

          the need for Pairwise Subject Identifiers as we don't want to

          expose internal user ids.</div>

        <div><br>

        </div>

        <div>Right now, the only subject_types_supported seems to be

          "public". Are there any near-future plans to include

          "pairwise"? Can we pitch in with a PR to make this happen as

          soon as possible?</div>

        <div><br>

        </div>

        <div>Links to relevant sections in the spec:</div>

        <div><br>

        </div>

        <a moz-do-not-send="true"

href="http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes">http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes</a><br>

        <div><a moz-do-not-send="true"

            href="http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg">http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg</a><br>

        </div>

        <div><br>

        </div>

        <div>-- </div>

        <div>Martin</div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

keycloak-dev mailing list

<a class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a>

<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>

    </blockquote>

    <br>

  </body>

</html>