[keycloak-user] SAML attribute mapper with processing
Anders KK
anders.kabell.kristensen at systematic.com
Tue Apr 11 04:14:11 EDT 2017
Hi there,
Do you have a guide on how to implement a custom SAML attribute mapper?
Does that involve building KC on our own?
What we need:
Our SAML Idp (a widely used public Danish service) provides a custom
attribute on the SAML assertion. To support a detailed user privileges
profile, a chunk of xml data is base 64 encoded and added as the value of a
single attribute as follows:
<Attribute Name="dk:gov:saml:attribute:Privileges_intermediate"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<AttributeValue>PD94bWwg ....based 64 encoded XML data.....
dmVyc2l==</AttributeValue>
</Attribute>
We want to implement a mapper that will: extract the attribute value, decode
the data, parse the XML and finally map each privilege to a role on the
Keycloak user.
Alternatively, if post-processing of the user is an option, we could map the
attribute on to the user and do the privilege/role processing later? Any
suggestions are appreciated :)
Kind regards,
Ulrik and Anders
--
View this message in context: http://keycloak-user.88327.x6.nabble.com/SAML-attribute-mapper-with-processing-tp3506.html
Sent from the keycloak-user mailing list archive at Nabble.com.
More information about the keycloak-user
mailing list