[keycloak-user] SAML attribute importer with multiple values

[Manuel Palacio]

I created the JIRA and the pull request linked to it. This solves my
problem. All the existing integration tests continue passing. I don't know
if I need to write any more special integration tests for this case.

https://issues.jboss.org/browse/KEYCLOAK-3648

On Fri, Sep 30, 2016 at 10:06 AM Stian Thorgersen <sthorger at redhat.com>
wrote:

> Looks like a limitation of the user attribute importer:
>
>
> https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/broker/saml/mappers/UserAttributeMapper.java#L130
>
> It simply picks the first value and uses that.
>
> You can create a JIRA feature request to have support for importing multi
> valued attributes. A PR for this would be great if you're up for it. If you
> need a solution quick you can create your own custom mapper.
>
> On 28 September 2016 at 11:04, Manuel Palacio <emanuel.palacio at gmail.com>
> wrote:
>
> Hello,
>
> I am trying to process a SAML attribute with multiple values.
>
> To that end I have created a client mapper of type User Attribute with
> "Multivalued" on.
>
> I also have an "attribute importer" mapper in the SAML v2.0 identity
> provider. It points to user attribute name defined in the client mapper
> mentioned above.
>
> Unfortunately, it is only mapping the first value into the access token.
>
> The attribute in the SAML response looks like this
>
> <Attribute Name="http://cambio.se/2016-09/cds/profile"> <AttributeValue>
> value1</AttributeValue> <AttributeValue>value2</AttributeValue> <
> AttributeValue>value3</AttributeValue> </Attribute>
>
> In the access token only the first value appears as part of "otherClaims"
> map.
>
> What do I need to do in order to get all the values in the access token?
>
> Thanks
>
> /Manuel
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>