Dell Customer Communication
Yes, I captured the SAMLResponse from Keycloak and it is behaving properly. Turned out the
receiving app wasn't parsing the SAMLResponse correctly. Thanks,
Randall Theobald
Common Engineering - Performance
Dell Software Group | Office of the CTO
randall_theobald at dell.com<mailto:randall_theobald@dell.com> | RR1-C336
From: Marek Posolda [mailto:mposolda@redhat.com]
Sent: Wednesday, March 11, 2015 2:15 PM
To: Theobald, Randall; keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] SAML claim/user attribute mapping from LDAP integration
Hi,
Currently it's hardcoded so that LDAP attribute "mail" is mapped to
UserModel.email property. We have opened JIRA for dynamic mappings of attributes from LDAP
to the user attributes/properties and I hope to start on it later this month.
However it looks that for your case, hardcoded mapping should be sufficient for the email
property. When you synced users, are you seeing in admin console that synced users have
filled email from the Active Directory? If yes, then only issue is maybe propagating the
email value as attribute in the SAML response. Bill is working on protocol mappers and
this use-case is handled by it AFAIK. You can try latest Keycloak master though.
Marek
On 11.3.2015 18:08, Randall_Theobald@dell.com<mailto:Randall_Theobald@dell.com>
wrote:
I am currently using Keycloak 1.1.0.Final, trying to enable SSO between two apps with an
Active Directory user store. I have keycloak connected to the AD directly in my realm and
have sync'ed the users. I can successfully login in to one of my apps. However, the
other app requires an 'email' claim, which is missing. It looks like the AD uses
just 'mail'. Is there any way to make this simple claim mapping in keycloak?
Randall Theobald
Common Engineering - Performance
Dell Software Group | Office of the CTO
randall_theobald at dell.com<mailto:randall_theobald@dell.com> | RR1-C336
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user