Re: [keycloak-user] SAML attribute importer with multiple values

Friday, 30 September 2016

Looks like a limitation of the user attribute importer:

https://github.com/keycloak/keycloak/blob/master/services/src/main/java/o...

It simply picks the first value and uses that.

You can create a JIRA feature request to have support for importing multi
valued attributes. A PR for this would be great if you're up for it. If you
need a solution quick you can create your own custom mapper.

On 28 September 2016 at 11:04, Manuel Palacio <emanuel.palacio(a)gmail.com&gt;
wrote:

...
 Hello,

 I am trying to process a SAML attribute with multiple values.

 To that end I have created a client mapper of type User Attribute with
 "Multivalued" on.

 I also have an "attribute importer" mapper in the SAML v2.0 identity
 provider. It points to user attribute name defined in the client mapper
 mentioned above.

 Unfortunately, it is only mapping the first value into the access token.

 The attribute in the SAML response looks like this

 <Attribute Name="http://cambio.se/2016-09/cds/profile">
<AttributeValue>
 value1</AttributeValue> <AttributeValue>value2</AttributeValue> <
 AttributeValue>value3</AttributeValue> </Attribute>

 In the access token only the first value appears as part of "otherClaims"
 map.

 What do I need to do in order to get all the values in the access token?

 Thanks

 /Manuel

 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] SAML attribute importer with multiple values