[keycloak-user] Is there any way to map thousands of id from IDP to several roles in brokering

Marek Posolda mposolda at redhat.com
Thu Dec 10 06:58:03 EST 2015


You may need to write custom IdentityProviderMapper. See the docs for 
how to implement custom SPI: 
http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html

Also you can take a look at our provider examples.

Marek

On 10/12/15 10:30, Mai Zi wrote:
> Hi, there ,
>
> Let me try to describe the case first.
>
> We are using SAML 2.0 ID broker to authenticate the users.
> From the returned assertions, we can only get the user's ID number.
> So far as we know ,there will be thousands of users . In ID provider 
> system,
> there is no role concept ,so not possible to return us the Role claim.
>
> Now we want to assign roles to those users in keycloak .  We made a rule .
> For example, if the ID number is less than 100, we assign Role A to 
> this user.
> If ID number is between 101 and 1000, we assign Role B to it , and so on.
>
> Of course We can do this manually one by one in admin console. but for 
> thousands of
> users, it doesn't make much sense.
>
> We notice there is a Mapper button when configuring the ID provider, 
> is there any way
> to achieve our goal with that mechanism?
>
>
> Thanks a lot.
>
> Mai
>
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151210/032ad8aa/attachment.html 


More information about the keycloak-user mailing list