[keycloak-user] customizable attribute mapper
Jonas Weismueller
jw at blue-yonder.com
Fri Oct 6 08:01:15 EDT 2017
Hi,
we are still evaluating keycloak vs. simplesamlphp.
What we find quite convenient using simplesamlphp is this authentication
processing attributealter possibility:
https://simplesamlphp.org/docs/stable/core:authproc_attributealter
Using this especially with the feature to be able to use regex pattern
matching it is quite easy to combine/construct certain SAML attributes
in the way the SP needs it.
For example we could add a fixed top level domain to the IDPEmail
Attribute, where the SP needs it in the syntax username at domain.tld
instead of username as retrieved by our LDAP backend system.
One real example from our current simplesamlphp configuration:
30 => array(
'class' => 'core:AttributeAlter',
'subject' => 'uid',
'pattern' => '/([a-z]+)/',
'replacement' => '\1 at domain.tld',
'target' => 'IDPEmail',
),
I could not find any similar feature within keycloak or did I just
overseen it?
Cheers Jonas
More information about the keycloak-user
mailing list