[keycloak-user] NameID formats

lists lists at merit.unu.edu
Mon Nov 28 15:39:05 EST 2016


I am using simplesamlphp's builtin "test authentication sources" 
functionality against my keycloak server.

 From what I understand it should be possible to obtain the regular 
username as a NameID, if I ask for the format 

However, simplesaml test auth source keeps telling me:
> NameId	G-6445a8a1-c453-295b-3865-81dd5e4820f6
> Format	urn:oasis:names:tc:SAML:2.0:nameid-format:transient

I am trying to use (mostly) clients that require access to the normal 
username, and not some string like above.

- in keycloak client config I have set NameID format to "username".
- in simplesaml I (think I) request 

So the question: how can I make keycloak return the regular (active 
directory) username to a client?

As a workaround I now use "urn:oid:" for a username, as for most 
users this is identical to the username.


More information about the keycloak-user mailing list