[keycloak-user] Setting NameID to Unspecified

Aaron Echols aechols at bfcsaz.com
Tue Apr 9 14:17:19 EDT 2019 

Wouldn't you just need to add a mapper under your client to map to
username, then set SAML Attribute NameFormat to unspecified there? Maybe
I'm wrong, but that seems like the correct way to do this per client.
--
Aaron Echols

On Mon, Apr 8, 2019 at 5:07 AM Ron Alleva <ronallevatech at gmail.com> wrote:

> Hi Manuel,
>
> Thanks for replying. That url does help me understand the difference
> between the different identifier types.
>
> However, the client I'm working with has it set in their IdP that the SAML
> message sent to it should contain one of the user's attributes (specific
> string of numbers, like a special user id) in the NameID field, with a
> format of unspecified. In Keycloak (at least 4.4 and 5.0, that I checked),
> there's no option for "unspecified" in the NameID format setting, or a way
> to remove it altogether to default to unspecified.
>
> Is this something Keycloak can support out of the box? Is it something I
> can accomplish with a JavaScript protocol mapper, or do I have to code my
> own mapper for that purpose?
>
> Thanks,
>
> Ron
>
> On Mon, Apr 8, 2019, 05:03 Manuel Waltschek <
> manuel.waltschek at prisma-solutions.at> wrote:
>
> > Hello Ron,
> >
> > maybe this url will help you:
> >
> https://stackoverflow.com/questions/11693297/what-are-the-different-nameid-format-used-for
> >
> > As the answer states unspecified can be used and it purely depends on the
> > entities implementation on their own wish. So as I understand you have to
> > send the nameId in some format, but have to decide for one format to send
> > the client on keycloak site. Unspecified often defaults to the
> > implementation specific default settings.
> >
> > Regards,
> >
> > Manuel
> >
> >
> >
> > -----Ursprüngliche Nachricht-----
> > Von: keycloak-user-bounces at lists.jboss.org <
> > keycloak-user-bounces at lists.jboss.org> Im Auftrag von Ron Alleva
> > Gesendet: Montag, 08. April 2019 04:52
> > An: keycloak-user at lists.jboss.org
> > Betreff: [keycloak-user] Setting NameID to Unspecified
> >
> > Hi all,
> >
> > I'm working with a particular IdP client, and they have requested that I
> > set the NameID field to an attribute on the user that is neither username
> > or email, and that it must be in the "unspecified" format.
> >
> > I've been trying a bunch of different configuration options to get it
> > work, but none seem to do what I need it to do. I know about
> > "saml.persistent.name.id.for.$clientId" on a user, and I've been trying
> > variations on that.
> >
> > Does anyone have any guidance on how to have a attribute of the user be
> > populated in the NameID field, with a format of "unspecified"?
> >
> > Thanks,
> > Ron
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list