In picketlink.xml, set the NAMEID_FORMAT desired i.e.:

        <Handler

class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler">
            <Option Key="NAMEID_FORMAT" Value="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
        </Handler>


urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

For persistent, a user attribute is generated:

saml.persistent.name.id.for.<APPLICATION_NAME> = random UUID



On 3/31/2015 5:06 PM, Chen Keong Yap wrote:

Hi bill,

Thanks for the reply. For option 1, how can we make the random userid
associated with the keycloak session?

For option 2, how can we implement this?

Please share your ideas. Thanks

On Mar 31, 2015 10:29 PM, "Bill Burke" <bburke@redhat.com
<mailto:bburke@redhat.com>> wrote:

    You need to configure PL SP Filter correctly.  PL SP Filter, by default
    asks for the "transient" nameid format which is a temporary randomly
    generated userid that is not stored or associated with the Keycloak
    session.  Other options include:

    persistent - randomly generated, but associated with the application
    email
    unspecified (which Keycloak will send the username instead).



    On 3/31/2015 7:42 AM, Chen Keong Yap wrote:
     > Hi leornardo,
     >
     > My application is running on websphere app server  and the only
    way to
     > talk to keycloak is to use picketlink spfilter because we are not
     > allowed to use keycloak proxy.
     >
     > On Mar 31, 2015 7:19 PM, "Leonardo Loch Zanivan"
     > <leonardo.zanivan@gmail.com <mailto:leonardo.zanivan@gmail.com>
    <mailto:leonardo.zanivan@gmail.com
    <mailto:leonardo.zanivan@gmail.com>>> wrote:
     >
     >     Chen,
     >
     >     You could set "principal-attribute" in the adapter config
     >     (keycloak.json) as "preferred_username".
     > https://issues.jboss.org/browse/KEYCLOAK-810
     >
     >     On Tue, Mar 31, 2015 at 7:50 AM Chen Keong Yap
     >     <chenkeong.yap@izeno.com <mailto:chenkeong.yap@izeno.com>
    <mailto:chenkeong.yap@izeno.com <mailto:chenkeong.yap@izeno.com>>>
    wrote:
     >
     >         Hi,
     >
     >         I was using picketlink spfilter for testing and noticed
     >         sessionid is assigned to username. We don't have this
    problem in
     >         keycloak 1.1.0 beta2 and this issue only
     >         appear starting from keycloak 1.1.0 final and in master
    build.
     >         Kindly advise.
     >
     >         Source :
     >
     >         Principal userPrincipal = (Principal)
     >         session.getAttribute(GeneralConstants.PRINCIPAL_ID);
     >         Welcome to the Employee Tool,
    <b><%=userPrincipal.getName()%></b>.
     >
     >         Output :
     >
     >         Welcome to the Employee Tool,
     >         G-155d13b0-a69d-4721-8187-cd1a16c90f3c.
     >
     >
     >         On Tue, Mar 31, 2015 at 2:33 PM, Stian Thorgersen
     >         <stian@redhat.com <mailto:stian@redhat.com>
    <mailto:stian@redhat.com <mailto:stian@redhat.com>>> wrote:
     >
     >             Can you please explain what the problem is? That
    issue is an
     >             enhancement, not a bug.
     >
     >             ----- Original Message -----
     >              > From: "Chen Keong Yap" <chenkeong.yap@izeno.com
    <mailto:chenkeong.yap@izeno.com>
     >             <mailto:chenkeong.yap@izeno.com
    <mailto:chenkeong.yap@izeno.com>>>
     >              > To: keycloak-user@lists.jboss.org
    <mailto:keycloak-user@lists.jboss.org>
     >             <mailto:keycloak-user@lists.jboss.org
    <mailto:keycloak-user@lists.jboss.org>>
     >              > Sent: Tuesday, 31 March, 2015 8:20:26 AM
     >              > Subject: [keycloak-user] User ID should be used as
    "user
     >             reference" not       username
     >              >
     >              > Hi,
     >              >
     >              > This issue is happened again in the master build.
     >              >
     >              > Can advise which object is causing the issue?
     >              >
     >              > Reference :
     >              >
     >              > https://issues.jboss.org/browse/KEYCLOAK-284
     >              >
     >              >
     >              > _______________________________________________
     >              > keycloak-user mailing list
     >              > keycloak-user@lists.jboss.org
    <mailto:keycloak-user@lists.jboss.org>
     >             <mailto:keycloak-user@lists.jboss.org
    <mailto:keycloak-user@lists.jboss.org>>
     >              > https://lists.jboss.org/mailman/listinfo/keycloak-user
     >
     >
     >
     >
     >
     >
     >         _________________________________________________
     >         keycloak-user mailing list
     > keycloak-user@lists.jboss.org
    <mailto:keycloak-user@lists.jboss.org>
    <mailto:keycloak-user@lists.jboss.org
    <mailto:keycloak-user@lists.jboss.org>>
     > https://lists.jboss.org/__mailman/listinfo/keycloak-user
     >         <https://lists.jboss.org/mailman/listinfo/keycloak-user>
     >
     >
     >
     > _______________________________________________
     > keycloak-user mailing list
     > keycloak-user@lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
     > https://lists.jboss.org/mailman/listinfo/keycloak-user
     >

    --
    Bill Burke
    JBoss, a division of Red Hat
    http://bill.burkecentral.com
    _______________________________________________
    keycloak-user mailing list
    keycloak-user@lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
    https://lists.jboss.org/mailman/listinfo/keycloak-user

--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com