[keycloak-user] AD ObjectGUID User Federation Mappers
Marek Posolda
mposolda at redhat.com
Fri Jul 24 04:18:17 EDT 2015
Yes, by default Keycloak treats the ObjectGUID as UUID attribute of AD
users. In other words, when you choose "Active Directory" vendor in
admin console, you can see the name of UUID attribute is automatically
filled to ObjectGUID. Keycloak takes care of converting from byte array
to String and then it fills the serialized String as LDAP_ID attribute
of user. Keycloak maps UUID attribute automatically to the LDAP_ID,
there is no need to create any LDAP mapper for it.
So if you want to have it available in access token in your application,
you can just create UserAttribute protocol mapper for the LDAP_ID
attribute .
Marek
On 24.7.2015 04:14, Kenyatta Clark wrote:
> I am trying to create a user federation mapper to map the object from
> Active Directory to an attribute in the JWT. I have successfully
> mapped other Active Directory attributes but I am unable to the
> ObjectGUID to map at all. I remembered that the ObjectGUID needs to
> be converted from a byte array to a string. Does Keycloak take care
> of that conversion? What is the best way to map the ObjectGUID?
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150724/4fbde9b5/attachment.html
More information about the keycloak-user
mailing list