[keycloak-user] Mapping saml attributes to roles in keycloak
Marek Posolda
mposolda at redhat.com
Thu Sep 29 02:34:17 EDT 2016
If you look at the tab "Mappers" when you are in identityProvider in
admin console, you can see we have some builtin implementations of
IdentityProviderMapper, which allows you to map the stuff from IDP into
Keycloak. If none of the builtin is sufficient for you, you can try to
create JIRA or implement your own mapper.
Marek
On 27/09/16 12:16, Manuel Palacio wrote:
>
> Hello,
>
> I have a Java application that talks openid-connect with Keycloak and
> then Keycloak uses the SAML 2.0 Identity provider to redirect to a
> 3^rd party SAML idp, acting as an identity broker.
>
> So far so good, I can login into my application with a user existing
> in the 3^rd party idp. Great! but where I am bit stuck is when I try
> to map attributes in the SAML response from the idp.
>
> Basically, I would like Keycloak to populate the roles in the access
> token that my application gets in the web request with the information
> coming in the SAML attribute. In other words, I want the 3^rd party
> SAML idp to decide what role/s should be assigned to the user.
>
> Is my assumption correct that all I need is the attribute importer
> mapper in the SAML provider to do this? So far I could not get it to
> work L What is the appropriate way to do this?
>
> Thank you!
>
> Manuel Palacio
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160929/3d7d5465/attachment.html
More information about the keycloak-user
mailing list