Reputation: 722
Modify SAML attribute from IDP inside keycloak
I'm getting an SAML attribute (personal id number) following a successful IDP login. In our keycloak implementation I fetch this using an identity provider mapper with type 'Username Template Importer' and template {ATTRIBUTE.uid}
This attribute is then used within keycloak (via user federation defined endpoints) to call other services to verify the user. The problem I have is that this attribute is in the wrong format. Is it possible somehow in keycloak when fetching the attribute to modify it? Or does this need to be done within the verification service's code?
Upvotes: 2
Views: 2562
Answers (1)
Reputation: 12225
To solve this type of issue I would think you need to implement your own authenticator, and use that as a "Post Login Flow" on the identity provider.
So first, you have a simple attribute mapper that maps the attribute, and then map this value programmatically to the correct format in the authenticator.
Upvotes: 1
Related Questions
- How to read value of SAML attribute received from the IdP?
- Keycloak: Invalid SAML Response by External IdP
- Configuring keycloak saml from the command line
- Keycloak: mapping user information from external IDP. How do I know attribute names?
- Connecting keycloak with Active Directory with SAML IDP sends empty response
- Automatically add and remove roles in Keycloak based on SAML attributes
- how to get saml-metadata for keycloak as sp with certificate
- Keycloak - Custom Entity Id for SAML Provider?
- SAML 2.0 IDP with OIDC client, can I have IDP initiated SSO?
- Causing IDP to include specified attribute in authentication response