[keycloak-user] mapping roles received from remote IDP token to keycloak roles during Identity brokering ?

Stian Thorgersen stian at redhat.com
Wed May 20 00:45:08 EDT 2015 


----- Original Message -----
> From: "ROMELOT Didier" <didier.romelot at renault.com>
> To: keycloak-user at lists.jboss.org
> Sent: Tuesday, 19 May, 2015 5:16:49 PM
> Subject: [keycloak-user] mapping roles received from remote IDP token to keycloak roles during Identity brokering ?
> 
> 
> 
> Hi, we try to implement the following use case using keycloak identity
> brokering functionnality :
> 
> 
> 
> - User request a resource to Service Provider, then select a remote IDP (SAML
> IDP in our case based on PicketLink…) and authenticates on this remote IDP
> 
> - Keycloak computes local Authentication / Identity Federation based on
> Authentication Response from remote IDP
> 
> - During local authentication, Keycloak maps roles contained in the
> Authentication response from remote IDP to roles defined in keycloak.
> 
> 
> 
> Does Keycloak support such scenario through mappers ?

Yes

> 
> 
> 
> regards
> 
> 
> -- Disclaimer ------------------------------------
> Ce message ainsi que les eventuelles pieces jointes constituent une
> correspondance privee et confidentielle a l'attention exclusive du
> destinataire designe ci-dessus. Si vous n'etes pas le destinataire du
> present message ou une personne susceptible de pouvoir le lui delivrer, il
> vous est signifie que toute divulgation, distribution ou copie de cette
> transmission est strictement interdite. Si vous avez recu ce message par
> erreur, nous vous remercions d'en informer l'expediteur par telephone ou de
> lui retourner le present message, puis d'effacer immediatement ce message de
> votre systeme.
> 
> *** This e-mail and any attachments is a confidential correspondence intended
> only for use of the individual or entity named above. If you are not the
> intended recipient or the agent responsible for delivering the message to
> the intended recipient, you are hereby notified that any disclosure,
> distribution or copying of this communication is strictly prohibited. If you
> have received this communication in error, please notify the sender by phone
> or by replying this message, and then delete this message from your system.
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list