[keycloak-user] customizable attribute mapper

Hynek Mlnarik hmlnarik at redhat.com
Fri Oct 13 14:52:37 EDT 2017 

Might not be easily adaptable but I see the value of such a mapper in both
areas (both broker and LDAP), and when being developed, it would be nice to
provide same feature set. Hence feel free to either add a comment to
KEYCLOAK-4781 or file a new feature request linked to the same JIRA.

Thanks

--Hynek

On Fri, Oct 13, 2017 at 2:15 PM, Jonas Weismueller <jw at blue-yonder.com>
wrote:

> I looked into the PR and it looks like, that this PR is primarily for a
> broker configuration, whereas I need it as a "User Federation => Ldap =>
> LDAP Mappers" mapper.
>
> @Hynek: Will this mapper be easy adaptable to the LDAP mappers as well?
>
> Cheers Jonas
>
>
>
> On 10/06/17 14:22, Hynek Mlnarik wrote:
>
>> It's not there yet. Similar functionality has already been requested
>> in [1]. Could you please comment on your use expected case there and
>> if interested, vote for it?
>>
>> Thanks
>>
>> --Hynek
>>
>> [1] https://issues.jboss.org/browse/KEYCLOAK-4781
>>
>> On Fri, Oct 6, 2017 at 2:01 PM, Jonas Weismueller <jw at blue-yonder.com>
>> wrote:
>>
>>> Hi,
>>>
>>> we are still evaluating keycloak vs. simplesamlphp.
>>>
>>> What we find quite convenient using simplesamlphp is this authentication
>>> processing attributealter possibility:
>>>
>>> https://simplesamlphp.org/docs/stable/core:authproc_attributealter
>>>
>>> Using this especially with the feature to be able to use regex pattern
>>> matching it is quite easy to combine/construct certain SAML attributes
>>> in the way the SP needs it.
>>>
>>> For example we could add a fixed top level domain to the IDPEmail
>>> Attribute, where the SP needs it in the syntax username at domain.tld
>>> instead of username as retrieved by our LDAP backend system.
>>>
>>> One real example from our current simplesamlphp configuration:
>>>
>>> 30 => array(
>>>       'class' => 'core:AttributeAlter',
>>>       'subject' => 'uid',
>>>       'pattern' => '/([a-z]+)/',
>>>       'replacement' => '\1 at domain.tld',
>>>       'target' => 'IDPEmail',
>>> ),
>>>
>>>
>>> I could not find any similar feature within keycloak or did I just
>>> overseen it?
>>>
>>> Cheers Jonas
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>>
>


-- 

--Hynek

More information about the keycloak-user mailing list