I wanted brokerAlias + "." external_username for backchannel logout when
the external IDP is initiating the logout in the background. An
external SAML IDP sends a subject name and optionally a session index.
These external attributes must be mapped to a UserSession in Keycloak so
the logout can be performed. Same sort of thing would need to be done
for chained keycloak realms.
Its easier to implement if it is brokerAlias + "." + external_username.
It could be implemented by doing a UserSessionModel query by Note
name/value, but then this would require changes across all the
sessionModel data stores and eventually would have to be optimized for
each as well.
On 3/24/2015 1:21 PM, Stian Thorgersen wrote:
A username like that is pointless IMO.
Using username from broker actually has a pretty high chance of clash, especially for
social logins. I very often can't get my preferred username when signing up to sites,
and judging on how may saly9581 there are out there that's a common problem.
That's why username for social logins used to be a UUID, but was for some reason
changed.
For users provisioned through idp logins we should set the username to null, or equal to
the user-id. When a user has a null username or username is equal to user-id it should not
be displayed in account management, instead we could add an option to allow the user to
set the username.
----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com>
> To: keycloak-dev(a)lists.jboss.org
> Sent: Tuesday, 24 March, 2015 4:58:24 PM
> Subject: [keycloak-dev] brokerid + subject for brokered username?
>
> Although a remote possibility, it might be possible for usernames to
> clash when there are multiple brokers. Anybody have a problem with
> creating usernames of:
>
> brokerAlias + "." + external_username
>
> ??
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
>
http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com