Hi,

Currently it's hardcoded so that LDAP attribute "mail" is mapped to UserModel.email property. We have opened JIRA for dynamic mappings of attributes from LDAP to the user attributes/properties and I hope to start on it later this month.

However it looks that for your case, hardcoded mapping should be sufficient for the email property. When you synced users, are you seeing in admin console that synced users have filled email from the Active Directory? If yes, then only issue is maybe propagating the email value as attribute in the SAML response. Bill is working on protocol mappers and this use-case is handled by it AFAIK. You can try latest Keycloak master though.

Marek

On 11.3.2015 18:08, Randall_Theobald@dell.com wrote:

I am currently using Keycloak 1.1.0.Final, trying to enable SSO between two apps with an Active Directory user store. I have keycloak connected to the AD directly in my realm and have sync’ed the users. I can successfully login in to one of my apps. However, the other app requires an ‘email’ claim, which is missing. It looks like the AD uses just ‘mail’. Is there any way to make this simple claim mapping in keycloak?

Randall Theobald

Common Engineering – Performance

Dell Software Group | Office of the CTO

randall_theobald at dell.com | RR1-C336
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user