[keycloak-user] SAML2 Identity provider Mappers
Henk Laracker
Henk.Laracker at planonsoftware.com
Tue Jun 2 07:40:58 EDT 2015
Hi,
We have created a salesforce SAML2 identity provider, a part of the response xml from salesforce is added below.
Next to this we configured a tomcat with a json file with argument : "principal-attribute": “preferred_username”
When we do nothing more we get the NameID with the prefix in Tomcat as the logged in user.
We like to map the SAML Attribute Name=“email” to the “preferred_username”
How do we do this?
<saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">henk.laracker at p*n.nl</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="ID_e44eedb6-2f93-4c7e-aecd-90f355e3cbc3"
NotOnOrAfter="2015-06-02T08:12:07.080Z"
Recipient="https://fr-authtest.planoncloud.com/auth/realms/ciwwa-test/broker/salesforce/endpoint"
/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2015-06-02T08:06:37.080Z"
NotOnOrAfter="2015-06-02T08:12:07.080Z"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
>
<saml:AudienceRestriction>
<saml:Audience>https://fr-authtest.planoncloud.com/auth/realms/ciwwa-test</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2015-06-02T08:07:07.080Z"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
>
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Attribute Name="userId"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
>
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:anyType"
>005b0000000jBgI</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="username"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
>
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:anyType"
>henk.laracker at p*n.nl</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="email"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
>
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:anyType"
>henk.laracker at c*e.com</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="is_portal_user"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
>
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:anyType"
>false</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
Met vriendelijke groet / Yours sincerely / Mit freundlichen Grüßen / Très cordialement,
Henk Laracker
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150602/cff73ffd/attachment.html
More information about the keycloak-user
mailing list