[keycloak-user] NameID formats
lists
lists at merit.unu.edu
Mon Nov 28 15:39:05 EST 2016
Hi,
I am using simplesamlphp's builtin "test authentication sources"
functionality against my keycloak server.
From what I understand it should be possible to obtain the regular
username as a NameID, if I ask for the format
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
However, simplesaml test auth source keeps telling me:
> NameId G-6445a8a1-c453-295b-3865-81dd5e4820f6
> Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
I am trying to use (mostly) clients that require access to the normal
username, and not some string like above.
- in keycloak client config I have set NameID format to "username".
- in simplesaml I (think I) request
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
So the question: how can I make keycloak return the regular (active
directory) username to a client?
As a workaround I now use "urn:oid:2.5.4.4" for a username, as for most
users this is identical to the username.
MJ
More information about the keycloak-user
mailing list