<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">You may need to write custom
IdentityProviderMapper. See the docs for how to implement custom
SPI:
<a class="moz-txt-link-freetext" href="http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html">http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html</a><br>
<br>
Also you can take a look at our provider examples.<br>
<br>
Marek<br>
<br>
On 10/12/15 10:30, Mai Zi wrote:<br>
</div>
<blockquote
cite="mid:1493914661.189174.1449739806153.JavaMail.yahoo@mail.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff;
font-family:garamond, new york, times, serif;font-size:14px">
<div id="yui_3_16_0_1_1449738372653_3072">Hi, there ,</div>
<div id="yui_3_16_0_1_1449738372653_3072"><br>
</div>
<div id="yui_3_16_0_1_1449738372653_3072">Let me try to describe
the case first. </div>
<div id="yui_3_16_0_1_1449738372653_3072"><br>
</div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr">We are using
SAML 2.0 ID broker to authenticate the users. </div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr">From the
returned assertions, we can only get the user's ID number. </div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr">So far as we
know ,there will be thousands of users . In ID provider
system,</div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr">there is no
role concept ,so not possible to return us the Role claim. </div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr"><br>
</div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr">Now we want
to assign roles to those users in keycloak . We made a rule .</div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr">For example,
if the ID number is less than 100, we assign Role A to this
user.</div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr">If ID number
is between 101 and 1000, we assign Role B to it , and so on. </div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr"><br>
</div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr">Of course We
can do this manually one by one in admin console. but for
thousands of </div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr">users, it
doesn't make much sense. </div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr"><br>
</div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr">We notice
there is a Mapper button when configuring the ID provider, is
there any way</div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr">to achieve
our goal with that mechanism? </div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr"><br>
</div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr"><br>
</div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr">Thanks a
lot.</div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr"><br>
</div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr">Mai</div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr"><br>
</div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr"><br>
</div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr"><br>
</div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr"><br>
</div>
<div id="yui_3_16_0_1_1449738372653_3072" dir="ltr"> </div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>