4:51 a.m.
Hi,
The identity-provider-mapper SPI is an internal one.Any chance you will make it public?
I'd like to use it to write our own mapper.I actually allready have.I know it is not
recommended to depend on an internal spi but I have written a new mapper as I needed
something with less work to configure the mapping of our brokered saml idp to user
attributes. Our idp returns a lot of attributes and configuring each and every attribute
is quite some work.
Moreover, you currently can't export this config from one realm to another in the same
environment.My mapper is quite similar to the UserAttributeMapper but not limited to one
attribute.It basically takes the incoming assertion and maps every saml attribute it finds
to a user attribute with the same name.It has 5 config fields:- optional regex in order to
filter out some attribute(s) you don't want to map.- name of attribute to use as
firstName property.- name of attribute to use as lastName property.- name of attribute to
use as email property.
- option to use saml friendlyName instead of Name to map with the user attribute name.
If you are interested, I am willing to share it with you.I like Keycloak a lot :-)
Kind regards,
Frederik Libert
2:28 a.m.
You can use the internal SPIs, but bear in mind that these are not
guaranteed to be backwards compatible. They are also not supported in Red
Hat Single Sign-On.
We are planning on refining and making more and more SPIs public and
backwards compatible. However, that's a big task and we have to do it
incrementally.
Could be handy to have a built-in mapper that copies everything, would like
to see it have both inclusion and exclusion though. Maybe it should support
space separate lists as well rather than just regex. To accept it we'd have
to have the same mapper for OIDC and SAML, it would also need to be fully
tested.
On 13 February 2017 at 11:51, <frelibert(a)yahoo.com> wrote:
Hi,
The identity-provider-mapper SPI is an internal one.Any chance you will
make it public?
I'd like to use it to write our own mapper.I actually allready have.I know
it is not recommended to depend on an internal spi but I have written a new
mapper as I needed something with less work to configure the mapping of our
brokered saml idp to user attributes. Our idp returns a lot of attributes
and configuring each and every attribute is quite some work.
Moreover, you currently can't export this config from one realm to another
in the same environment.My mapper is quite similar to the
UserAttributeMapper but not limited to one attribute.It basically takes the
incoming assertion and maps every saml attribute it finds to a user
attribute with the same name.It has 5 config fields:- optional regex in
order to filter out some attribute(s) you don't want to map.- name of
attribute to use as firstName property.- name of attribute to use as
lastName property.- name of attribute to use as email property.
- option to use saml friendlyName instead of Name to map with the user
attribute name.
If you are interested, I am willing to share it with you.I like Keycloak a
lot :-)
Kind regards,
Frederik Libert
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
2870
days inactive
2873
days old
1 comments
2 participants
participants (2)
-
frelibert@yahoo.com -
Stian Thorgersen