<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:SimSun;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:SimSun;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
        {font-family:"\@SimSun";
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:"Trebuchet MS";
        panose-1:2 11 6 3 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        color:black;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";
        color:black;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";
        color:black;}
span.EmailStyle18
        {mso-style-type:personal;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;
        color:black;}
span.EmailStyle21
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-US link=blue vlink=purple><div class=WordSection1><p><b><span style='font-size:9.0pt;font-family:"Trebuchet MS","sans-serif";color:#AAAAAA'>Dell Customer Communication</span></b><o:p></o:p></p><p class=MsoNormal><span style='color:#1F497D'>Yes, I captured the SAMLResponse from Keycloak and it is behaving properly. Turned out the receiving app wasn’t parsing the SAMLResponse correctly. Thanks,<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>Randall Theobald <o:p></o:p></span></b></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Arial","sans-serif";color:#7F7F7F'>Common Engineering</span><span style='font-size:8.0pt;font-family:"Arial","sans-serif";color:#7F7F7F'> – Performance<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Arial","sans-serif";color:#7F7F7F'>Dell Software Group | </span><span style='font-size:8.0pt;font-family:"Arial","sans-serif";color:#7F7F7F'>Office of the CTO<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><a href="mailto:randall_theobald@dell.com"><span lang=SV style='font-size:8.0pt;font-family:"Arial","sans-serif";color:#7F7F7F;text-decoration:none'>randall_theobald at dell.com</span></a></span><span lang=SV style='font-size:8.0pt;font-family:"Arial","sans-serif";color:#7F7F7F'> | RR1-C336</span><span lang=SV style='font-size:8.0pt;color:#7F7F7F'><o:p></o:p></span></p></div><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><a name="_____replyseparator"></a><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> Marek Posolda [mailto:mposolda@redhat.com] <br><b>Sent:</b> Wednesday, March 11, 2015 2:15 PM<br><b>To:</b> Theobald, Randall; keycloak-user@lists.jboss.org<br><b>Subject:</b> Re: [keycloak-user] SAML claim/user attribute mapping from LDAP integration<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Hi,<br><br>Currently it's hardcoded so that LDAP attribute "mail" is mapped to UserModel.email property. We have opened JIRA for dynamic mappings of attributes from LDAP to the user attributes/properties and I hope to start on it later this month. <br><br>However it looks that for your case, hardcoded mapping should be sufficient for the email property. When you synced users, are you seeing in admin console that synced users have filled email from the Active Directory? If yes, then only issue is maybe propagating the email value as attribute in the SAML response. Bill is working on protocol mappers and this use-case is handled by it AFAIK. You can try latest Keycloak master though.<br><br>Marek<br><br>On 11.3.2015 18:08, <a href="mailto:Randall_Theobald@dell.com">Randall_Theobald@dell.com</a> wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>I am currently using Keycloak 1.1.0.Final, trying to enable SSO between two apps with an Active Directory user store. I have keycloak connected to the AD directly in my realm and have sync’ed the users. I can successfully login in to one of my apps. However, the other app requires an ‘email’ claim, which is missing. It looks like the AD uses just ‘mail’. Is there any way to make this simple claim mapping in keycloak?<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Randall Theobald </span></b><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Arial","sans-serif";color:#7F7F7F'>Common Engineering – Performance</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:8.0pt;font-family:"Arial","sans-serif";color:#7F7F7F'>Dell Software Group | Office of the CTO</span><o:p></o:p></p><p class=MsoNormal><a href="mailto:randall_theobald@dell.com"><span lang=SV style='font-size:8.0pt;font-family:"Arial","sans-serif";color:#7F7F7F;text-decoration:none'>randall_theobald at dell.com</span></a><span lang=SV style='font-size:8.0pt;font-family:"Arial","sans-serif";color:#7F7F7F'> | RR1-C336</span><o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><br><br><br><o:p></o:p></span></p><pre>_______________________________________________<o:p></o:p></pre><pre>keycloak-user mailing list<o:p></o:p></pre><pre><a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><o:p></o:p></pre><pre><a href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><o:p></o:p></pre></blockquote><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p></div></body></html>