[keycloak-user] Using email attribute in SAML identity brokering
Hynek Mlnarik
hmlnarik at redhat.com
Tue Jan 10 07:11:45 EST 2017
Use Username Template Importer mapper, configured in the identity provider
mappers with template ${ATTRIBUTE.attribute-name} (adjust the
attribute-name appropriately).
--Hynek
On Tue, Jan 10, 2017 at 11:21 AM, Moshe Ben-Shoham <
mosheb at perfectomobile.com> wrote:
> Hi,
>
> We have a few clients integrated with Keycloak relam, using email address
> as the user identifier.
>
> Now we wish to integrate KeyCloak with external IdP using its identity
> brokering capabilities based on SAML. The problem is, the user identifier
> in the external IdP is not the email address but some other username. We
> are able to get the email as an attribute in the SAML assertion coming into
> KeyCloak, but the missing part is mapping the email attribute to the user
> identifier in KeyCloak - how do we do that?
>
> Thanks!
> The information contained in this message is proprietary to the sender,
> protected from disclosure, and may be privileged. The information is
> intended to be conveyed only to the designated recipient(s) of the message.
> If the reader of this message is not the intended recipient, you are hereby
> notified that any dissemination, use, distribution or copying of this
> communication is strictly prohibited and may be unlawful. If you have
> received this communication in error, please notify us immediately by
> replying to the message and deleting it from your computer. Thank you.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
--Hynek
More information about the keycloak-user
mailing list