Re: [keycloak-user] customizable attribute mapper
I looked into the PR and it looks like, that this PR is primarily for a
broker configuration, whereas I need it as a "User Federation => Ldap =>
LDAP Mappers" mapper.
@Hynek: Will this mapper be easy adaptable to the LDAP mappers as well?
Cheers Jonas
On 10/06/17 14:22, Hynek Mlnarik wrote:
It's not there yet. Similar functionality has already been
requested
in [1]. Could you please comment on your use expected case there and
if interested, vote for it?
Thanks
--Hynek
[1] https://issues.jboss.org/browse/KEYCLOAK-4781
On Fri, Oct 6, 2017 at 2:01 PM, Jonas Weismueller <jw(a)blue-yonder.com> wrote:
> Hi,
>
> we are still evaluating keycloak vs. simplesamlphp.
>
> What we find quite convenient using simplesamlphp is this authentication
> processing attributealter possibility:
>
> https://simplesamlphp.org/docs/stable/core:authproc_attributealter
>
> Using this especially with the feature to be able to use regex pattern
> matching it is quite easy to combine/construct certain SAML attributes
> in the way the SP needs it.
>
> For example we could add a fixed top level domain to the IDPEmail
> Attribute, where the SP needs it in the syntax username(a)domain.tld
> instead of username as retrieved by our LDAP backend system.
>
> One real example from our current simplesamlphp configuration:
>
> 30 => array(
> 'class' => 'core:AttributeAlter',
> 'subject' => 'uid',
> 'pattern' => '/([a-z]+)/',
> 'replacement' => '\1(a)domain.tld',
> 'target' => 'IDPEmail',
> ),
>
>
> I could not find any similar feature within keycloak or did I just
> overseen it?
>
> Cheers Jonas
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user