[keycloak-dev] Sending Username/emailid in the saml req as NameID
rony joy
ronyjoy at gmail.com
Tue Oct 4 09:56:47 EDT 2016
Hi All,
We have a requirement to send Username/EmailId in the Subject/NameID field
to the keycloak. Keycloak then receive that value in a custom authenticator
and send it to the tokenvalidator for further flow. The idea here is to
omit the step to ask user name from user again.
1. In Keycloak I am not able to see NameID value since keycloak is not
putting this in the client session. why?
2. I can see that keycloak is parsing the Subject/Name ID field. How can I
get this value in my custom Autheticator ?
3. Please see our SAML request
Please let me know your suggestions and ideas
Rony Joy
<?xml version="1.0" encoding="UTF-8"?><saml2p:AuthnRequest
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="
http://192.168.99.100:9980/auth/realms/saml-demo/protocol/saml"
ForceAuthn="false" ID="daakemmdhjmfajnhpljnckldjmcejllkffegibdj"
IsPassive="false" IssueInstant="2016-10-04T04:42:32.860Z"
Version="2.0"><saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
http://localhost:8080/employee-sig-idfirst/</saml2:Issuer><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
URI="#daakemmdhjmfajnhpljnckldjmcejllkffegibdj"><ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1
"/><ds:DigestValue>R4HTkFdDm5tYqRLGb1Wh8QUwa0o=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>IokRvOo8z3EES+85HvckmYYXQ/Q8DadiGHJdZmmYGpQ3VZW1MYnlBgeVwc5Dx4wsNGvRPpAsNM7ij9qGhgLUORuqZshb4YFMMqqDTzg4SoHuq2Ol7jdXo3x39hyZGKjoiC7qBxXbSml7j9UixL/7CescKvuh1xTSOBulsM4EefaY+J7Ud8ZSEMaqfCk36OaWZwq+8Ss/aZ6p31oMKu9T2dGTW7DZY3mn4Fz0aVr3lYzkaJAOQ+mMHOK8TDYlmZcc1e9l37KuKR3Z9dBawXdplHHD25vW/C0NnNfxbo90UTgN2kpDlhGSjrxW3XpvqEpEaF3DwR9Q40iD3M0+su6ZXg==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIC5TCCAc0CBgFWTDcTwDANBgkqhkiG9w0BAQsFADA2MTQwMgYDVQQDDCtodHRwOi8vbG9jYWxo
b3N0OjgwODAvZW1wbG95ZWUtc2lnLWlkZmlyc3QvMB4XDTE2MDgwMjE3MDMxM1oXDTI2MDgwMjE3
MDQ1M1owNjE0MDIGA1UEAwwraHR0cDovL2xvY2FsaG9zdDo4MDgwL2VtcGxveWVlLXNpZy1pZGZp
cnN0LzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI9BGbuxabZxnZdlT8UwWZmT4537
zduU08apai2E3m3/xJNEKU5gcufLlYXzAoHNGvoX1j+GowKjv+Z0uypJLpFoyE9tj+ng15sO5QfE
EK5L7K0yl3W3s4AeNue6YTQjeuL0DoFVj2hUcMEZpd7gjLp/aVzk/9Rx53kIJpEOt9Y1RHql+vW2
hIeq9Qap2qkOzjPN85257hqCylfhfk7z7xgMDA6EUalU+QCMecsqEr2FDfUtE1qHPAJTMHmjK8DC
4PjtnkLroPSaUoJ1YxJtCcw1vzOrDbSsMW2J6GBtkzNMkRIJIZCqCus4C9MtAVE8hlgSAZSzwN6S
FVIj/pgYAscCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAKtrEjO1MWXxQGx6dD4Ogw9fcJfjXVlY0
lsis1s7hxeaqYHZSAtNWTkFp7JltaPp6VFmBs7hPSJUvPo7z13rP+0KuoEht+VgiFlceWFNUN5ur
tYskQoN+sQ1V8Z6u/vku6fwVOQm9YpS7Nn582A2nBL4IdgCMYhpPPfN39yV24yWpv4VTrOG1q3pj
yc1IHCU+ooP8pa64gXt0T/HRRCnm+CWgwYSrhdYYG0rYxAdKQ5GhkfRhR2rx2kOgHIuxZ4e2kVla
x9zQ9fuBtDn6u4VdzoikJUiEYxt4Sb4YfvgchU1Sk4G0Y+K2oP5dPMemdsZMWqzzvrSNQrebPgsB
KYpXxA==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>*<saml2:Subject
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">username</saml2:NameID></saml2:Subject>*<saml2p:NameIDPolicy
AllowCreate="true"
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/></saml2p:AuthnRequest>
More information about the keycloak-dev
mailing list