----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: "Pedro Igor Silva" <psilva(a)redhat.com>
Sent: Friday, February 20, 2015 8:48:53 PM
Subject: Re: [keycloak-dev] Claims Mapping and Identity Federation
On 2/20/2015 11:07 AM, Pedro Igor Silva wrote:
> ----- Original Message -----
>> From: "Bill Burke" <bburke(a)redhat.com>
>> To: keycloak-dev(a)lists.jboss.org
>> Sent: Friday, February 20, 2015 1:36:31 PM
>> Subject: Re: [keycloak-dev] Claims Mapping and Identity Federation
> I'm not sure if you really need something different for SAML. The reason is
> that we can just ask users if what they want to use 'Name' or 'Friendly
> At that end, that is what really matter, right ? Just know the name of the
> attribute to map to an internal one.
From looking at SAML document it looks like you can have a attribute
name types (uri, basic, and unspecified). I'm not sure of the
difference between basic and unspecified. Do you?
AFAIK these are about how you interpret attributes. I think you can just ignore that in
this case. You are more interested in map names than deal on how they should be
interpreted. Users will probably know what they are mapping.
Then "Friendly Name" is optional.
Yeah it is optional, but you can have something like that:
In this case, it is much easier to use FriendlyName when mapping than what is in Name.
See, here there is an usage of NameFormat, in this case uri. We can just ignore ...
If I'm correct about what you are doing, users will just say:
Get "mail" from SAML Assertion and create a "email" claim in Keycloak.
Looks like I'll need to add a config map to each
ProtocolMapper...ugh...wanted to avoid that.
JBoss, a division of Red Hat