It's not there yet. Similar functionality has already been requested
in [1]. Could you please comment on your use expected case there and
if interested, vote for it?
Thanks
--Hynek
[1]
https://issues.jboss.org/browse/KEYCLOAK-4781
On Fri, Oct 6, 2017 at 2:01 PM, Jonas Weismueller <jw(a)blue-yonder.com> wrote:
Hi,
we are still evaluating keycloak vs. simplesamlphp.
What we find quite convenient using simplesamlphp is this authentication
processing attributealter possibility:
https://simplesamlphp.org/docs/stable/core:authproc_attributealter
Using this especially with the feature to be able to use regex pattern
matching it is quite easy to combine/construct certain SAML attributes
in the way the SP needs it.
For example we could add a fixed top level domain to the IDPEmail
Attribute, where the SP needs it in the syntax username(a)domain.tld
instead of username as retrieved by our LDAP backend system.
One real example from our current simplesamlphp configuration:
30 => array(
'class' => 'core:AttributeAlter',
'subject' => 'uid',
'pattern' => '/([a-z]+)/',
'replacement' => '\1(a)domain.tld',
'target' => 'IDPEmail',
),
I could not find any similar feature within keycloak or did I just
overseen it?
Cheers Jonas
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
--Hynek