<div dir="ltr">The authenticator can add the value to the user session, which can be used by a protocol mapper. Thinking about it I'm not sure if it's actually possible to override the NameID from a protocol mapper.<div><br></div><div>Bill - wdyt?</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 5 September 2016 at 16:06, Rashmi Singh <span dir="ltr"><<a href="mailto:singhrasster@gmail.com" target="_blank">singhrasster@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>I apologize for sending reminders. I was just not sure if my query was somehow missed from being read. So, I was only trying to assure that its not getting missed/lost since responses to my earlier questions used to be pretty quick. But, I am sorry if it sounded impatient though. We will definitely look into the higher level of support as you indicated.</div><div><br></div>Meanwhile, with regard to your response to my query, My keycloak app calls an external TokenValidator for authentication. This TokenValidator returns an SP specific username. So, the NameID value in the SAML response need to be handled in the "application code" and the value needs to be changed to the value returned from the TokenValidator during authentication. I think using the protocol mapper, its a one time change with a certian value? But, in my setup, everytime, as part f authentication, my keycloak app calls an external tokenValidator service which will return a certain value (this value is not fixed, it could be different each time depending on various factors, example, the user passed in authentication, the settings on the TokenValidator etc). <div><br></div><div>So, I believe it needs to be handled in the code dynamically for each authentication, so when a SAML response is created on keycloak (I am not sure where and how its done internally by keycloak though), we need to be able to write some code that can be used to edit the NameID in the SAML response with a dynamic value that we fetched from a call to an external service (TokenValidator) during that specific authentication. I hope my question is more clear now. Let me know if not.</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 5, 2016 at 1:49 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">This is a free community forum so please be patient. We are not always able to provide an answer straight away. If you are interested in a higher level of support please consider our supported option <a href="https://access.redhat.com/products/red-hat-single-sign-on" target="_blank">https://access.redhat.c<wbr>om/products/red-hat-single-sig<wbr>n-on</a>.<div><br></div><div>I'm not quite following what your setup is, but you can modify the SAML assertions through protocol mappers for the client in the Keycloak admin console.</div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On 2 September 2016 at 07:11, Rashmi Singh <span dir="ltr"><<a href="mailto:singhrasster@gmail.com" target="_blank">singhrasster@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr">Can someone please give some pointers on if this is even possible? If yes, then what needs to be done for this?<div>Its an urgent requirement for us, so any help on this will be very much appreciated.</div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 31, 2016 at 8:28 AM, Rashmi Singh <span dir="ltr"><<a href="mailto:singhrasster@gmail.com" target="_blank">singhrasster@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Any help on this?</div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Aug 29, 2016 at 9:32 PM, Rashmi Singh <span dir="ltr"><<a href="mailto:singhrasster@gmail.com" target="_blank">singhrasster@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I have a keycloak app that calls an external TokenValidator for authentication. This TokenValidator returns a SP specific username value. I want my SAML response to contain this value in the NameID field. My question is how do I edit the SAML response to change the value in NameID field to this value?<div><br></div><div>Any insight into how to edit the NameID field in the SAML response?</div><div><br></div><div><br></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div><br></div></div>______________________________<wbr>_________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/keycloak-dev</a><br></blockquote></div><br></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>