[keycloak-dev] Claims Mapping and Identity Federation
Bill Burke
bburke at redhat.com
Fri Feb 20 17:48:53 EST 2015
On 2/20/2015 11:07 AM, Pedro Igor Silva wrote:
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Friday, February 20, 2015 1:36:31 PM
>> Subject: Re: [keycloak-dev] Claims Mapping and Identity Federation
>>
>> I'm still working things out. Right now I have a realm set of
>> ProtocolMappers. The data model is
>>
>> protocol (saml or oidc)
>> protocolMapper (this references a provider)
>>
>> These 3 are for simple one to one attribute mappings.
>>
>> protocolClaim
>> sourceAttributeType
>> sourceAttribute
>>
>> For OIDC there will be just one protocolMapper for simple one to one
>> claim/attribute mappings. For SAML there will be a "Friendly
>> AttributeStatement" and "URI AttributeStatement" for attribute mappings.
>
> I'm not sure if you really need something different for SAML. The reason is that we can just ask users if what they want to use 'Name' or 'Friendly Name'.
>
> At that end, that is what really matter, right ? Just know the name of the attribute to map to an internal one.
>
From looking at SAML document it looks like you can have a attribute
name types (uri, basic, and unspecified). I'm not sure of the
difference between basic and unspecified. Do you?
Then "Friendly Name" is optional.
Looks like I'll need to add a config map to each
ProtocolMapper...ugh...wanted to avoid that.
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list