<div dir="ltr">hi bill,<div><br></div><div>i've made the change but principal username still showing random userid. Kindly advise.<br><div><br></div><div><div><PicketLink xmlns="urn:picketlink:identity-federation:config:2.1"></div><div><span class="" style="white-space:pre"> </span><PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"</div><div><span class="" style="white-space:pre"> </span>ServerEnvironment="tomcat" BindingType="REDIRECT" RelayState="someURL"></div><div><span class="" style="white-space:pre"> </span><IdentityURL>${idp.url::<a href="https://localhost:8443/auth/realms/saml-demo-1/protocol/saml">https://localhost:8443/auth/realms/saml-demo-1/protocol/saml</a>}</IdentityURL></div><div><span class="" style="white-space:pre"> </span><ServiceURL>${EMPLOYEE.url::<a href="http://localhost:8080/employee/test.jsp">http://localhost:8080/employee/test.jsp</a>}</div><div><span class="" style="white-space:pre"> </span></ServiceURL></div><div><span class="" style="white-space:pre"> </span></PicketLinkSP></div><div><span class="" style="white-space:pre"> </span><Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1"></div><div><span class="" style="white-space:pre"> </span><Handler</div><div><span class="" style="white-space:pre"> </span>class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" /></div><div><span class="" style="white-space:pre"> </span><Handler</div><div><span class="" style="white-space:pre"> </span>class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"></div><div><span class="" style="white-space:pre"> </span><Option Key="NAMEID_FORMAT" Value="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/></div><div><span class="" style="white-space:pre"> </span></Handler></div><div><span class="" style="white-space:pre"> </span><Handler</div><div><span class="" style="white-space:pre"> </span>class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" /></div><div><span class="" style="white-space:pre"> </span></Handlers></div><div></PicketLink></div></div><div><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Apr 1, 2015 at 8:20 AM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">In picketlink.xml, set the NAMEID_FORMAT desired i.e.:<br>
<br>
<Handler<br>
<br>
class="org.picketlink.<u></u>identity.federation.web.<u></u>handlers.saml2.<u></u>SAML2AuthenticationHandler"><br>
<Option Key="NAMEID_FORMAT" Value="urn:oasis:names:tc:<u></u>SAML:2.0:nameid-format:<u></u>persistent"/><br>
</Handler><br>
<br>
<br>
urn:oasis:names:tc:SAML:2.0:<u></u>nameid-format:persistent urn:oasis:names:tc:SAML:1.1:<u></u>nameid-format:unspecified urn:oasis:names:tc:SAML:1.1:<u></u>nameid-format:emailAddress<br>
<br>
For persistent, a user attribute is generated:<br>
<br>
saml.persistent.name.id.for.<<u></u>APPLICATION_NAME> = random UUID<span class=""><br>
<br>
<br>
<br>
On 3/31/2015 5:06 PM, Chen Keong Yap wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
Hi bill,<br>
<br>
Thanks for the reply. For option 1, how can we make the random userid<br>
associated with the keycloak session?<br>
<br>
For option 2, how can we implement this?<br>
<br>
Please share your ideas. Thanks<br>
<br>
On Mar 31, 2015 10:29 PM, "Bill Burke" <<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br></span><span class="">
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>> wrote:<br>
<br>
You need to configure PL SP Filter correctly. PL SP Filter, by default<br>
asks for the "transient" nameid format which is a temporary randomly<br>
generated userid that is not stored or associated with the Keycloak<br>
session. Other options include:<br>
<br>
persistent - randomly generated, but associated with the application<br>
email<br>
unspecified (which Keycloak will send the username instead).<br>
<br>
<br>
<br>
On 3/31/2015 7:42 AM, Chen Keong Yap wrote:<br>
> Hi leornardo,<br>
><br>
> My application is running on websphere app server and the only<br>
way to<br>
> talk to keycloak is to use picketlink spfilter because we are not<br>
> allowed to use keycloak proxy.<br>
><br>
> On Mar 31, 2015 7:19 PM, "Leonardo Loch Zanivan"<br>
> <<a href="mailto:leonardo.zanivan@gmail.com" target="_blank">leonardo.zanivan@gmail.com</a> <mailto:<a href="mailto:leonardo.zanivan@gmail.com" target="_blank">leonardo.zanivan@<u></u>gmail.com</a>><br></span>
<mailto:<a href="mailto:leonardo.zanivan@gmail.com" target="_blank">leonardo.zanivan@<u></u>gmail.com</a><span class=""><br>
<mailto:<a href="mailto:leonardo.zanivan@gmail.com" target="_blank">leonardo.zanivan@<u></u>gmail.com</a>>>> wrote:<br>
><br>
> Chen,<br>
><br>
> You could set "principal-attribute" in the adapter config<br>
> (keycloak.json) as "preferred_username".<br>
> <a href="https://issues.jboss.org/browse/KEYCLOAK-810" target="_blank">https://issues.jboss.org/<u></u>browse/KEYCLOAK-810</a><br>
><br>
> On Tue, Mar 31, 2015 at 7:50 AM Chen Keong Yap<br>
> <<a href="mailto:chenkeong.yap@izeno.com" target="_blank">chenkeong.yap@izeno.com</a> <mailto:<a href="mailto:chenkeong.yap@izeno.com" target="_blank">chenkeong.yap@izeno.<u></u>com</a>><br></span>
<mailto:<a href="mailto:chenkeong.yap@izeno.com" target="_blank">chenkeong.yap@izeno.<u></u>com</a> <mailto:<a href="mailto:chenkeong.yap@izeno.com" target="_blank">chenkeong.yap@izeno.<u></u>com</a>>>><span class=""><br>
wrote:<br>
><br>
> Hi,<br>
><br>
> I was using picketlink spfilter for testing and noticed<br>
> sessionid is assigned to username. We don't have this<br>
problem in<br>
> keycloak 1.1.0 beta2 and this issue only<br>
> appear starting from keycloak 1.1.0 final and in master<br>
build.<br>
> Kindly advise.<br>
><br>
> Source :<br>
><br>
> Principal userPrincipal = (Principal)<br>
> session.getAttribute(<u></u>GeneralConstants.PRINCIPAL_ID)<u></u>;<br>
> Welcome to the Employee Tool,<br>
<b><%=userPrincipal.getName()%<u></u>></b>.<br>
><br>
> Output :<br>
><br>
> Welcome to the Employee Tool,<br>
> G-155d13b0-a69d-4721-8187-<u></u>cd1a16c90f3c.<br>
><br>
><br>
> On Tue, Mar 31, 2015 at 2:33 PM, Stian Thorgersen<br>
> <<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a> <mailto:<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>><br></span><span class="">
<mailto:<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a> <mailto:<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>>>> wrote:<br>
><br>
> Can you please explain what the problem is? That<br>
issue is an<br>
> enhancement, not a bug.<br>
><br>
> ----- Original Message -----<br>
> > From: "Chen Keong Yap" <<a href="mailto:chenkeong.yap@izeno.com" target="_blank">chenkeong.yap@izeno.com</a><br>
<mailto:<a href="mailto:chenkeong.yap@izeno.com" target="_blank">chenkeong.yap@izeno.<u></u>com</a>><br></span><span class="">
> <mailto:<a href="mailto:chenkeong.yap@izeno.com" target="_blank">chenkeong.yap@izeno.<u></u>com</a><br>
<mailto:<a href="mailto:chenkeong.yap@izeno.com" target="_blank">chenkeong.yap@izeno.<u></u>com</a>>>><br>
> > To: <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>><br></span><span class="">
> <mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>>><br>
> > Sent: Tuesday, 31 March, 2015 8:20:26 AM<br>
> > Subject: [keycloak-user] User ID should be used as<br>
"user<br>
> reference" not username<br>
> ><br>
> > Hi,<br>
> ><br>
> > This issue is happened again in the master build.<br>
> ><br>
> > Can advise which object is causing the issue?<br>
> ><br>
> > Reference :<br>
> ><br>
> > <a href="https://issues.jboss.org/browse/KEYCLOAK-284" target="_blank">https://issues.jboss.org/<u></u>browse/KEYCLOAK-284</a><br>
> ><br>
> ><br>
> > ______________________________<u></u>_________________<br>
> > keycloak-user mailing list<br>
> > <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>><br></span>
> <mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a><span class=""><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>>><br>
> > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-user</a><br>
><br>
><br>
><br>
><br>
><br>
><br>
> ______________________________<u></u>___________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>><br></span>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a><span class=""><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>>><br>
> <a href="https://lists.jboss.org/__mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/__<u></u>mailman/listinfo/keycloak-user</a><br>
> <<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-user</a><u></u>><br>
><br>
><br>
><br>
> ______________________________<u></u>_________________<br>
> keycloak-user mailing list<br></span>
> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a> <mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>><span class=""><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-user</a><br>
><br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
______________________________<u></u>_________________<br>
keycloak-user mailing list<br></span>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a> <mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-user</a><br>
<br>
</blockquote><div class="HOEnZb"><div class="h5">
<br>
-- <br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
</div></div></blockquote></div><br><br clear="all"><div> </div><div class="gmail_signature"><div dir="ltr"><div style="text-align:left"><br></div></div></div>
</div></div></div>