[keycloak-user] Upload of SAML SP/Client metadata and detection of NameIdFormat

Bill Burke bburke at redhat.com
Mon Mar 28 14:40:57 EDT 2016 

Just fixed this in branch 1.9.x and master now.  Will be in next release.

On 3/25/2016 3:02 PM, Gabriel Lavoie wrote:
> I did it through both the admin console and the 
> RealmResource.convertClientDescription(<xml SP metadata>) API to 
> retrieve a ClientRepresentation object with the same result.
>
> As I see, in the UI, the "email", "transient" and "persistent" formats 
> could be auto-detected. A fallback to "username" if the value isn't 
> recognized would be an acceptable behavior.
>
> Gabriel
>
> 2016-03-25 13:52 GMT-04:00 Bill Burke <bburke at redhat.com 
> <mailto:bburke at redhat.com>>:
>
>     You imported a SAML SP metadata XML file into the admin console? 
>     IIRC, I didn't populate this because multiple nameID formats are
>     allowed to be specified.  Guess I should just pick one at least.
>
>
>     On 3/25/2016 10:43 AM, Gabriel Lavoie wrote:
>>     Hi,
>>          I'm trying to pre-configure a SAML 2.0 SP/Client in a realm
>>     with the upload of its metadata in XML format. The metadata I
>>     have currently tells that it wants the e-mail address as the
>>     NameIdFormat:
>>
>>     <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
>>
>>     After uploading the metadata, the Name ID Format attribute is set
>>     to "username" which seems to be the default value.
>>
>>     Tested with 1.8.0 and 1.9.1
>>
>>     Is this the expected/desired behavior or this is something that
>>     Keycloak could extract?
>>
>>     Thank you,
>>
>>     Gabriel
>>
>>     -- 
>>     Gabriel Lavoie
>>     glavoie at gmail.com <mailto:glavoie at gmail.com>
>>
>>
>>     _______________________________________________
>>     keycloak-user mailing list
>>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>     -- 
>     Bill Burke
>     JBoss, a division of Red Hat
>     http://bill.burkecentral.com
>
>
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> -- 
> Gabriel Lavoie
> glavoie at gmail.com <mailto:glavoie at gmail.com>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160328/547dec52/attachment-0001.html

More information about the keycloak-user mailing list