[keycloak-user] How to configure what claim will be used as the user name in SpringSecurity adapter?

Michael Furman michael_furman at hotmail.com
Tue Dec 13 08:36:25 EST 2016 

Works perfect!

Thanks!


________________________________
From: Sebastien Blanc <sblanc at redhat.com>
Sent: Tuesday, December 13, 2016 2:48 PM
To: Michael Furman
Subject: Re: [keycloak-user] How to configure what claim will be used as the user name in SpringSecurity adapter?

Ok I found the answer in older thread on this list (thx Thomas ;) ) :

try adding: "principal-attribute": "preferred_username" to your keycloak.json.



On Tue, Dec 13, 2016 at 1:33 PM, Michael Furman <michael_furman at hotmail.com<mailto:michael_furman at hotmail.com>> wrote:
HI Sebastien,
It is correct, the client settings mapper on IDP maps the username to the token claim name "preferred_username".
But after the SpringSecurity adapter authentication the SpringSecurity holds KeycloakAuthenticationToken while its principal name is equal to the claim with the name "sub" (it value is like e9cd6db8-378f-445e-8c83-265d439e3381).
What should I do on the SpringSecurity adapter side to allow to take the value from the claim "preferred_username"?

Any help will be appreciated.
Best regards,
   Michael


________________________________
From: Sebastien Blanc <sblanc at redhat.com<mailto:sblanc at redhat.com>>
Sent: Tuesday, December 13, 2016 1:31 PM
To: Michael Furman
Cc: keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
Subject: Re: [keycloak-user] How to configure what claim will be used as the user name in SpringSecurity adapter?

Isn't this already the case ? If you go to your client settings and look at the mappers you can see that username has the token claim name "preferred_username"


On Tue, Dec 13, 2016 at 11:56 AM, Michael Furman <michael_furman at hotmail.com<mailto:michael_furman at hotmail.com>> wrote:
Hi all,
I want to configure the claim preferred_username will be used as the user name after SpringSecurity adapter authentication.
How can I configure it?
Any help will be appreciated.
Best regards,
   Michael

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list