I apologize for sending reminders. I was just not sure if my query was somehow missed from being read. So, I was only trying to assure that its not getting missed/lost since responses to my earlier questions used to be pretty quick. But, I am sorry if it sounded impatient though. We will definitely look into the higher level of support as you indicated.

Meanwhile, with regard to your response to my query, My keycloak app calls an external TokenValidator for authentication. This TokenValidator returns an SP specific username. So, the NameID value in the SAML response need to be handled in the "application code" and the value needs to be changed to the value returned from the TokenValidator during authentication. I think using the protocol mapper, its a one time change with a certian value? But, in my setup, everytime, as part f authentication, my keycloak app calls an external tokenValidator service which will return a certain value (this value is not fixed, it could be different each time depending on various factors, example, the user passed in authentication, the settings on the TokenValidator etc).

So, I believe it needs to be handled in the code dynamically for each authentication, so when a SAML response is created on keycloak (I am not sure where and how its done internally by keycloak though), we need to be able to write some code that can be used to edit the NameID in the SAML response with a dynamic value that we fetched from a call to an external service (TokenValidator) during that specific authentication. I hope my question is more clear now. Let me know if not.

On Mon, Sep 5, 2016 at 1:49 AM, Stian Thorgersen <sthorger@redhat.com> wrote:

This is a free community forum so please be patient. We are not always able to provide an answer straight away. If you are interested in a higher level of support please consider our supported option https://access.redhat.com/products/red-hat-single-sign-on.

I'm not quite following what your setup is, but you can modify the SAML assertions through protocol mappers for the client in the Keycloak admin console.

On 2 September 2016 at 07:11, Rashmi Singh <singhrasster@gmail.com> wrote:
Can someone please give some pointers on if this is even possible? If yes, then what needs to be done for this?
Its an urgent requirement for us, so any help on this will be very much appreciated.

On Wed, Aug 31, 2016 at 8:28 AM, Rashmi Singh <singhrasster@gmail.com> wrote:
Any help on this?

On Mon, Aug 29, 2016 at 9:32 PM, Rashmi Singh <singhrasster@gmail.com> wrote:
I have a keycloak app that calls an external TokenValidator for authentication. This TokenValidator returns a SP specific username value. I want my SAML response to contain this value in the NameID field. My question is how do I edit the SAML response to change the value in NameID field to this value?

Any insight into how to edit the NameID field in the SAML response?

_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev