Hi Sergey,
for OIDC you can already do something like this via the Script Protocol
Mapper which allows
to compute the result value via JavaScript.
See:
-
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/o...
-
https://github.com/keycloak/keycloak/pull/4495
I didn't have the time yet to implement the same for the SAML protocol
mapper, but
there is a JIRA issue:
https://issues.jboss.org/browse/KEYCLOAK-5520
Support for template interpolation via a dedicated protocol mapper would be
nicer though,
since it would allow for more concise mapper definitions.
Cheers,
Thomas
Am Do., 17. Mai 2018 um 11:04 Uhr schrieb Serhii Shymkiv <sergey(a)shimkiv.com
:
No luck with Users list, trying the Devs one ...
---------- Forwarded message ----------
From: Serhii Shymkiv <sergey(a)shimkiv.com>
Date: Sat, Apr 21, 2018 at 9:11 PM
Subject: An ability to evaluate/transform the template variables during the
SAML/OpenID protocol mappers processing
To: keycloak-user(a)lists.jboss.org
Hello Guys,
current email thread is inspired by the
https://github.com/keycloak/
keycloak/pull/5042 <
https://github.com/keycloak/keycloak/pull/5042>
and the question for the community is:
- what do you think if the Keycloak will have an ability to
evaluate/transform the template variables during the SAML/OpenID protocol
mappers processing ?
Examples (please refer to the attached "snapshot-1.png" and
"snapshot-2.png"):
1. "snapshot-1.png":
${firstName} ${lastName}
=>
the simplest expression, the template variables will be evaluated into
the real values of the user (in this case) properties
=>
e.g.: "Serhii Shymkiv" (without quotes, of course)
2. "snapshot-2.png":
Welcome back, #(${firstName} ${lastName}) ?: ${email}
=>
almost the same expression but with additional logic which means that
the value of the #(...) block will be used only if it is not blank (null or
space symbols only) otherwise the expression to the right of the ?:
operator will be evaluated
=>
e.g.: "Welcome back, Serhii Shymkiv"
e.g.: "Welcome back, sergey(a)shimkiv.com"
Thank you for you time.
--
Best regards,
Serhii Shymkiv.
--
Best regards,
Serhii Shymkiv.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev