[keycloak-user] username to be used for importing users
Leonid Rozenblyum
lrozenblyum at gmail.com
Fri Jun 29 02:40:13 EDT 2018
I was able to achieve the goal by setting up the broker in such a way:
1) Edit identity provider: NameID Policy Format, select 'unspecified'
2) Edit every client representing Service Provider application, select
'Name id format': username
I wonder whether this approach is fine, especailly if we use not keycloak
as a 3'd party provider. Is it something generic for SAML2.0 or very
specific for keycloak?
According to doc
http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html
The supported formats for nameid are
-
Email address
-
X.509 subject name
-
Windows domain qualified name
-
Kerberos principal name
-
Entity identifier
-
Persistent identifier
-
Transient identifier
Is username something additional?
On Tue, Jun 26, 2018 at 1:16 PM Leonid Rozenblyum <lrozenblyum at gmail.com>
wrote:
> Hello!
> We're using 2 keycloak instances.
> SP -> Keycloak (broker) -> Keycloak (Identity provider)
>
> How can we configure the broker to create user names equal to the original
> username from keycloak (Idp)? Now the new users inside the broker receive a
> G-.... (long meaningless string)
> username during the first log-in.
>
> So if user logs in through Idp with login: 'hello' we would like user
> 'hello' be created in the broker
>
> Thank you for advice.
>
More information about the keycloak-user
mailing list