5:23 a.m.
Thanks Tony! This helped a lot.
After mapping the attributes like this everything works fine:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname -> lastName
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname -> firstName
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress -> email
Rens
On 4 Jun 2018, at 11:58, Tony Harris
<Tony.Harris@oneadvanced.com<mailto:Tony.Harris@oneadvanced.com>> wrote:
This might help get you started. This maps the surname claim in SAML to the LastName
attribute in Keycloak.
The SAML names here should give you the name of the others.
https://www.ibm.com/support/knowledgecenter/en/SSCT62/com.ibm.iamservice....
<image001.png>
-----Original Message-----
From:
keycloak-user-bounces@lists.jboss.org<mailto:keycloak-user-bounces@lists.jboss.org>
[mailto:keycloak-user-bounces@lists.jboss.org] On Behalf Of Rens Verhage
Sent: 04 June 2018 10:28
To: keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
Subject: [keycloak-user] Mapping SAML attributes from ADFS
Hi all,
I’m having some trouble importing users from ADFS. On first time login, Keycloak displays
the user registration form with only the username pre-filled, first name, last name and
e-mail address are empty. According to the ADFS administrator, these attributes are being
sent in the SAML response.
Do I have to explicitly map these attributes?
How can I log the SAML response in plain text? All SAML assertions are encrypted, how can
I log / debug the mapping of user attributes?
Rens
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
________________________________
Please consider the environment: Think before you print!
This message has been scanned for malware by Websense.
www.websense.com<http://www.websense.com/>
1:16 a.m.
New subject: Mapping SAML attributes from ADFS
Still have one more question though. Seems like the ADFS I’m connecting with doesn’t send
me the custom attributes we have agreed upon (at least I’m suspecting, not sure). Is it
possible to log the decrypted assertion so that I can verify? Tried adding trace level
logging, but no luck…
On 4 Jun 2018, at 12:23, Rens Verhage <Rens.Verhage(a)topicus.nl>
wrote:
Thanks Tony! This helped a lot.
After mapping the attributes like this everything works fine:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname -> lastName
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname -> firstName
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress -> email
Rens
On 4 Jun 2018, at 11:58, Tony Harris
<Tony.Harris@oneadvanced.com<mailto:Tony.Harris@oneadvanced.com>> wrote:
This might help get you started. This maps the surname claim in SAML to the LastName
attribute in Keycloak.
The SAML names here should give you the name of the others.
https://www.ibm.com/support/knowledgecenter/en/SSCT62/com.ibm.iamservice....
<image001.png>
-----Original Message-----
From:
keycloak-user-bounces@lists.jboss.org<mailto:keycloak-user-bounces@lists.jboss.org>
[mailto:keycloak-user-bounces@lists.jboss.org] On Behalf Of Rens Verhage
Sent: 04 June 2018 10:28
To: keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
Subject: [keycloak-user] Mapping SAML attributes from ADFS
Hi all,
I’m having some trouble importing users from ADFS. On first time login, Keycloak displays
the user registration form with only the username pre-filled, first name, last name and
e-mail address are empty. According to the ADFS administrator, these attributes are being
sent in the SAML response.
Do I have to explicitly map these attributes?
How can I log the SAML response in plain text? All SAML assertions are encrypted, how can
I log / debug the mapping of user attributes?
Rens
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
________________________________
Please consider the environment: Think before you print!
This message has been scanned for malware by Websense.
www.websense.com<http://www.websense.com/>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2410
days inactive
2411
days old
1 comments
1 participants
participants (1)
-
Rens Verhage