[keycloak-dev] Fwd: An ability to evaluate/transform the template variables during the SAML/OpenID protocol mappers processing
Serhii Shymkiv
sergey at shimkiv.com
Fri May 18 02:14:46 EDT 2018
Hey Thomas,
thank you for reply and the info provided.
Not sure what to do next, though.
Should we discuss the implementation details of the protocol mapper tpl
interpolation ?
--
Best regards,
Serhii Shymkiv.
On Thu, May 17, 2018, 14:35 Thomas Darimont <thomas.darimont at googlemail.com>
wrote:
> Hi Sergey,
>
> for OIDC you can already do something like this via the Script Protocol
> Mapper which allows
> to compute the result value via JavaScript.
>
> See:
> -
> https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/protocol/oidc/mappers/ScriptBasedOIDCProtocolMapper.java
> - https://github.com/keycloak/keycloak/pull/4495
>
> I didn't have the time yet to implement the same for the SAML protocol
> mapper, but
> there is a JIRA issue: https://issues.jboss.org/browse/KEYCLOAK-5520
>
> Support for template interpolation via a dedicated protocol mapper would
> be nicer though,
> since it would allow for more concise mapper definitions.
>
> Cheers,
> Thomas
>
> Am Do., 17. Mai 2018 um 11:04 Uhr schrieb Serhii Shymkiv <
> sergey at shimkiv.com>:
>
>> No luck with Users list, trying the Devs one ...
>>
>>
>> ---------- Forwarded message ----------
>> From: Serhii Shymkiv <sergey at shimkiv.com>
>> Date: Sat, Apr 21, 2018 at 9:11 PM
>> Subject: An ability to evaluate/transform the template variables during
>> the
>> SAML/OpenID protocol mappers processing
>> To: keycloak-user at lists.jboss.org
>>
>>
>> Hello Guys,
>> current email thread is inspired by the https://github.com/keycloak/
>> keycloak/pull/5042 <https://github.com/keycloak/keycloak/pull/5042>
>> and the question for the community is:
>> - what do you think if the Keycloak will have an ability to
>> evaluate/transform the template variables during the SAML/OpenID protocol
>> mappers processing ?
>>
>> Examples (please refer to the attached "snapshot-1.png" and
>> "snapshot-2.png"):
>> 1. "snapshot-1.png":
>> ${firstName} ${lastName}
>> =>
>> the simplest expression, the template variables will be evaluated into
>> the real values of the user (in this case) properties
>> =>
>> e.g.: "Serhii Shymkiv" (without quotes, of course)
>> 2. "snapshot-2.png":
>> Welcome back, #(${firstName} ${lastName}) ?: ${email}
>> =>
>> almost the same expression but with additional logic which means that
>> the value of the #(...) block will be used only if it is not blank (null
>> or
>> space symbols only) otherwise the expression to the right of the ?:
>> operator will be evaluated
>> =>
>> e.g.: "Welcome back, Serhii Shymkiv"
>> e.g.: "Welcome back, sergey at shimkiv.com"
>>
>> Thank you for you time.
>>
>>
>>
>>
>> --
>> Best regards,
>> Serhii Shymkiv.
>>
>>
>>
>> --
>> Best regards,
>> Serhii Shymkiv.
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
More information about the keycloak-dev
mailing list