Re: [keycloak-user] SAML claim/user attribute mapping from LDAP integration
Hi,
Currently it's hardcoded so that LDAP attribute "mail" is mapped to
UserModel.email property. We have opened JIRA for dynamic mappings of
attributes from LDAP to the user attributes/properties and I hope to
start on it later this month.
However it looks that for your case, hardcoded mapping should be
sufficient for the email property. When you synced users, are you seeing
in admin console that synced users have filled email from the Active
Directory? If yes, then only issue is maybe propagating the email value
as attribute in the SAML response. Bill is working on protocol mappers
and this use-case is handled by it AFAIK. You can try latest Keycloak
master though.
Marek
On 11.3.2015 18:08, Randall_Theobald(a)dell.com wrote:
I am currently using Keycloak 1.1.0.Final, trying to enable SSO
between two apps with an Active Directory user store. I have keycloak
connected to the AD directly in my realm and have sync’ed the users. I
can successfully login in to one of my apps. However, the other app
requires an ‘email’ claim, which is missing. It looks like the AD uses
just ‘mail’. Is there any way to make this simple claim mapping in
keycloak?
*Randall Theobald *
Common Engineering– Performance
Dell Software Group | Office of the CTO
randall_theobald at dell.com <mailto:randall_theobald@dell.com> |
RR1-C336
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.html (text/html — 5.2 KB)