[keycloak-user] Identity provider mapper - Attribute to role

Matteo Restelli mrestelli at cuebiq.com
Thu Aug 29 04:21:58 EDT 2019


Hi Stefan,
First of all, thank you for your reply.
Probably i've explained it wrong. The problem is not related to the role,
but is related to the attribute we're mapping to the role. For the sake of
clarity, please have a look at the following screenshot:

https://drive.google.com/file/d/1YzByBuPfk5kqRDBLsmQB2lZjgnymn2aQ/view?usp=sharing

>From the SAML assertion we receive the "groups" attribute, which could
potentially contain whitespaces. Currently we're struggling mapping a value
of the "groups" attribute which contains whitespaces, to a particular role.
Are you experiencing the same behaviour?

Thank you very much,
Matteo

On Wed, Aug 28, 2019 at 8:05 PM Stefan Guilhen <sguilhen at redhat.com> wrote:

> Hi Matteo,
>
> I've tried playing a bit with the KcSamlBrokerTest [1] (it includes tests
> for identity provider mappers) and I was able to add an
> AttributeToRoleMapper that uses a role with spaces and it worked fine for
> me, no need to escape anything.
> I haven't tried doing it using the console, if I find some time later this
> week I might give it a shot and see if I hit any issues.
>
> [1]
> https://github.com/keycloak/keycloak/blob/master/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlBrokerTest.java
>
> On Mon, Aug 26, 2019 at 11:05 AM Matteo Restelli <mrestelli at cuebiq.com>
> wrote:
>
>> Hi guys,
>> Any news on that?
>>
>> Thank you,
>> Matteo
>>
>> On Wed, Aug 7, 2019 at 10:34 AM Matteo Restelli <mrestelli at cuebiq.com>
>> wrote:
>>
>> > Hi all,
>> > We're trying to setup an Attribute to role mapper inside our SAML 2.0
>> > identity provider. The problem is that our attribute contains
>> whitespaces.
>> > How can we map an attribute with whitespaces to a role? Currently
>> > surrounding it with double quotes or single quotes doesn't work.
>> >
>> > Any thoughts on that?
>> >
>> > Thank you,
>> > Matteo
>> >
>>
>> --
>>
>> Like <https://www.facebook.com/cuebiq/> I Follow
>> <https://twitter.com/Cuebiq>I Connect
>> <https://www.linkedin.com/company/cuebiq>
>>
>>
>> This email is reserved
>> exclusively for sending and receiving messages inherent working
>> activities,
>> and is not intended nor authorized for personal use. Therefore, any
>> outgoing messages or incoming response messages will be treated as
>> company
>> messages and will be subject to the corporate IT policy and may possibly
>> to
>> be read by persons other than by the subscriber of the box. Confidential
>> information may be contained in this message. If you are not the address
>> indicated in this message, please do not copy or deliver this message to
>> anyone. In such case, you should notify the sender immediately and delete
>> the original message.
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
> --
>
> Stefan Guilhen
>
> Principal Software Engineer
>
> Red Hat <https://www.redhat.com/>
>
> sguilhen at redhat.com    IM: sguilhen
> @RedHat <https://twitter.com/redhat>   Red Hat
> <https://www.linkedin.com/company/red-hat>  Red Hat
> <https://www.facebook.com/RedHatInc>
> <https://www.redhat.com/>
>

-- 

Like <https://www.facebook.com/cuebiq/> I Follow  
<https://twitter.com/Cuebiq>I Connect 
<https://www.linkedin.com/company/cuebiq>


This email is reserved 
exclusively for sending and receiving messages inherent working activities, 
and is not intended nor authorized for personal use. Therefore, any 
outgoing messages or incoming response messages will be treated as company 
messages and will be subject to the corporate IT policy and may possibly to 
be read by persons other than by the subscriber of the box. Confidential 
information may be contained in this message. If you are not the address 
indicated in this message, please do not copy or deliver this message to 
anyone. In such case, you should notify the sender immediately and delete 
the original message.


More information about the keycloak-user mailing list