[keycloak-user] Mapping saml attributes to roles in keycloak
Manuel Palacio
emanuel.palacio at gmail.com
Tue Sep 27 06:16:12 EDT 2016
Hello,
I have a Java application that talks openid-connect with Keycloak and then
Keycloak uses the SAML 2.0 Identity provider to redirect to a 3rd party
SAML idp, acting as an identity broker.
So far so good, I can login into my application with a user existing in the
3rd party idp. Great! but where I am bit stuck is when I try to map
attributes in the SAML response from the idp.
Basically, I would like Keycloak to populate the roles in the access token
that my application gets in the web request with the information coming in
the SAML attribute. In other words, I want the 3rd party SAML idp to decide
what role/s should be assigned to the user.
Is my assumption correct that all I need is the attribute importer mapper
in the SAML provider to do this? So far I could not get it to work L What
is the appropriate way to do this?
Thank you!
Manuel Palacio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160927/ba314cb6/attachment.html
More information about the keycloak-user
mailing list