<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Hi,<br>
      <br>
      Currently it's hardcoded so that LDAP attribute "mail" is mapped
      to UserModel.email property. We have opened JIRA for dynamic
      mappings of attributes from LDAP to the user attributes/properties
      and I hope to start on it later this month. <br>
      <br>
      However it looks that for your case, hardcoded mapping should be
      sufficient for the email property. When you synced users, are you
      seeing in admin console that synced users have filled email from
      the Active Directory? If yes, then only issue is maybe propagating
      the email value as attribute in the SAML response. Bill is working
      on protocol mappers and this use-case is handled by it AFAIK. You
      can try latest Keycloak master though.<br>
      <br>
      Marek<br>
      <br>
      On 11.3.2015 18:08, <a class="moz-txt-link-abbreviated" href="mailto:Randall_Theobald@dell.com">Randall_Theobald@dell.com</a> wrote:<br>
    </div>
    <blockquote
cite="mid:9A20E07E433AEB4D8D4025EEBE12E414069EC57767@AUSX7MCPC107.AMER.DELL.COM"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=windows-1252">
      <meta name="Generator" content="Microsoft Word 14 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
        {font-family:SimSun;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:SimSun;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:"\@SimSun";
        panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal">I am currently using Keycloak 1.1.0.Final,
          trying to enable SSO between two apps with an Active Directory
          user store. I have keycloak connected to the AD directly in my
          realm and have sync’ed the users. I can successfully login in
          to one of my apps. However, the other app requires an ‘email’
          claim, which is missing. It looks like the AD uses just
          ‘mail’. Is there any way to make this simple claim mapping in
          keycloak?<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;">Randall
              Theobald <o:p></o:p></span></b></p>
        <p class="MsoNormal"><span
style="font-size:8.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#7F7F7F">Common
            Engineering</span><span
style="font-size:8.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#7F7F7F">
            – Performance<o:p></o:p></span></p>
        <p class="MsoNormal"><span
style="font-size:8.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#7F7F7F">Dell
            Software Group  |  </span><span
style="font-size:8.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#7F7F7F">Office
            of the CTO<o:p></o:p></span></p>
        <p class="MsoNormal"><a moz-do-not-send="true"
            href="mailto:randall_theobald@dell.com"><span
style="font-size:8.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#7F7F7F;text-decoration:none"
              lang="SV">randall_theobald at dell.com</span></a><span
style="font-size:8.0pt;font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#7F7F7F"
            lang="SV">  |  RR1-C336</span><span
            style="font-size:8.0pt;color:#7F7F7F" lang="SV"><o:p></o:p></span></p>
        <p class="MsoNormal"><o:p> </o:p></p>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
    </blockquote>
    <br>
  </body>
</html>