On 10/02/17 10:01, Guus der Kinderen wrote:
That looks like a fit, yes!
OpenID Connection ID Token attribute to populate the UserPrincipal
name with. If token attribute is null, defaults to sub. Possible
values are sub, preferred_username, email, name, nickname,
given_name, family_name.
Am I right to assume though that I cannot use any attribute, just one
of the ones listed?
Looking at AdapterUtils.getPrincipalName and looks like yes.
Just those
listed here, are allowed ATM... But as a workaround, you can create
protocolMapper, which will map your desired attribute to the token
"nickname" (or any other claim you're not using in your app) and then
use nickname as value of principal_attribute on adapter side?
Marek
On 10 February 2017 at 08:54, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
I guess the "principal-attribute" adapter option is what you are
looking for? For more details see
http://www.keycloak.org/docs/2.5/securing_apps_guide/topics/oidc/java/jav...
<
http://www.keycloak.org/docs/2.5/securing_apps_guide/topics/oidc/java/jav...
.
Marek
On 09/02/17 16:57, Guus der Kinderen wrote:
Hi,
We're attempting to protect a service using Keycloak. We've
noticed that
some values that are valid usernames in Keycloak, are not
valid in our
service.
We'd like to be able to use a username in our service that's
different from
the username that is used in Keycloak. Preferably, we'd like
Keycloak to
store the association between 'our' username and the Keycloak
user.
Is something like this feasible with the existing integration
features that
are offered by Keycloak?
Regards,
Guus
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<
https://lists.jboss.org/mailman/listinfo/keycloak-user>