[keycloak-user] Using another name than Keycloak's?

Marek Posolda mposolda at redhat.com
Fri Feb 10 04:24:15 EST 2017 

On 10/02/17 10:01, Guus der Kinderen wrote:
> That looks like a fit, yes!
>
>     OpenID Connection ID Token attribute to populate the UserPrincipal
>     name with. If token attribute is null, defaults to sub. Possible
>     values are sub, preferred_username, email, name, nickname,
>     given_name, family_name.
>
>
> Am I right to assume though that I cannot use any attribute, just one 
> of the ones listed?
Looking at AdapterUtils.getPrincipalName and looks like yes. Just those 
listed here, are allowed ATM... But as a workaround, you can create 
protocolMapper, which will map your desired attribute to the token 
"nickname" (or any other claim you're not using in your app) and then 
use nickname as value of principal_attribute on adapter side?

Marek
>
> On 10 February 2017 at 08:54, Marek Posolda <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>> wrote:
>
>     I guess the "principal-attribute" adapter option is what you are
>     looking for? For more details see
>     http://www.keycloak.org/docs/2.5/securing_apps_guide/topics/oidc/java/java-adapter-config.html
>     <http://www.keycloak.org/docs/2.5/securing_apps_guide/topics/oidc/java/java-adapter-config.html>
>     .
>
>     Marek
>
>
>     On 09/02/17 16:57, Guus der Kinderen wrote:
>
>         Hi,
>
>         We're attempting to protect a service using Keycloak. We've
>         noticed that
>         some values that are valid usernames in Keycloak, are not
>         valid in our
>         service.
>
>         We'd like to be able to use a username in our service that's
>         different from
>         the username that is used in Keycloak. Preferably, we'd like
>         Keycloak to
>         store the association between 'our' username and the Keycloak
>         user.
>
>         Is something like this feasible with the existing integration
>         features that
>         are offered by Keycloak?
>
>         Regards,
>
>            Guus
>         _______________________________________________
>         keycloak-user mailing list
>         keycloak-user at lists.jboss.org
>         <mailto:keycloak-user at lists.jboss.org>
>         https://lists.jboss.org/mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>
>
>

More information about the keycloak-user mailing list