Hello Rémi,
Could you please open your client settings in Keycloak and try the following:
- change Name ID format to email;
- under the Mappers tab, add builtin X500 email mapper;
- under the same tab, create user property mapper with Property = email, SAML Attribute
Name = email and SAML Attribute NameFormat = basic.
Let me know if this helps. If it doesn't, we can examine SAML payloads from Auth0
exchange and try to understand what's required by Workplace.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Tue, 2018-08-28 at 09:14 +0000, Rémi GOYARD wrote:
Hi All,
I just tried to use the Auth0 service and it worked with Workplace by facebook (following
this documentation :
https://scontent-cdt1-1.xx.fbcdn.net/v/t39.2365-6/33246377_95188065163880...)
It seems that keycloak do not produce a Valid response for the email mapping, The above
documentation precise the following configuration steps but I really don’t know how to map
it In Keycloak :
{
> "audience": "https://www.facebook.com/company/ID”,
> "recipient": "https://workplace.facebook.com/work/saml.php”,
"mappings": { "email": "Email", },
"nameIdentifierFormat":
"urn:oasis:names:tc:SAML:2.0:nameid-format:email”,
"nameIdentifierProbes”: [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ],
}
I think that I need to precise the informations : "nameIdentifierFormat":
"urn:oasis:names:tc:SAML:2.0:nameid-format:email”,
"nameIdentifierProbes”: [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ],
Does anyone have ideas ?
Regards
Rémi
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user