Sorry for late response.
We have JIRA created for that. You can possibly add yourself as a
watcher. See
https://issues.jboss.org/browse/KEYCLOAK-3422
Maybe an alternative for you is to use protocolMappers. That
should allow you to "construct" the token for particular client
exactly how you want and also use the different value for "sub"
claim.
Another possibility is, to handle this on adapter side. We already
have an adapter option "principal-attribute", which specifies that
application will see the different attribute instead of "sub" as
subject. For example when in appllication you call
"httpServletRequest.getRemoteUser()" it will return "john" instead
of "123456-unique-johns-uuid" . See
https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/2.1/topics/oidc/java/java-adapter-config.html
Hopefully some of the options can be useful for you?
Marek
On 02/08/16 14:13, Martin Hardselius wrote: