[keycloak-user] SAML claim/user attribute mapping from LDAP integration
Marek Posolda
mposolda at redhat.com
Wed Mar 11 15:14:31 EDT 2015
Hi,
Currently it's hardcoded so that LDAP attribute "mail" is mapped to
UserModel.email property. We have opened JIRA for dynamic mappings of
attributes from LDAP to the user attributes/properties and I hope to
start on it later this month.
However it looks that for your case, hardcoded mapping should be
sufficient for the email property. When you synced users, are you seeing
in admin console that synced users have filled email from the Active
Directory? If yes, then only issue is maybe propagating the email value
as attribute in the SAML response. Bill is working on protocol mappers
and this use-case is handled by it AFAIK. You can try latest Keycloak
master though.
Marek
On 11.3.2015 18:08, Randall_Theobald at dell.com wrote:
>
> I am currently using Keycloak 1.1.0.Final, trying to enable SSO
> between two apps with an Active Directory user store. I have keycloak
> connected to the AD directly in my realm and have sync’ed the users. I
> can successfully login in to one of my apps. However, the other app
> requires an ‘email’ claim, which is missing. It looks like the AD uses
> just ‘mail’. Is there any way to make this simple claim mapping in
> keycloak?
>
> *Randall Theobald *
>
> Common Engineering– Performance
>
> Dell Software Group | Office of the CTO
>
> randall_theobald at dell.com <mailto:randall_theobald at dell.com> |
> RR1-C336
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150311/d25c5db0/attachment.html
More information about the keycloak-user
mailing list