Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-11979

Transform case of SAML2.0 tag NameID in identity provider settings

    Details

    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      We are creating an Identity Providers with an ADFS 2012r2 version 3.0.
      This ADFS return as SAML NameID(what is used for keycloak user id) the windows account name.

      Everything working fine on the set up. But in the use depending on the environnement (windows/linux/phone) The Windows account name arrive with a different case.

      example for user jhon doe the windows account name can arrive like:
      domain\JDoe or domain\jdoe.

      When it happen user have the message: User already exist.

      We can't merge user for security reasons.
      We can't transform the windows account name before sending it to keycloak because the ADFS version does not support it.

      The best would have to specify in the idendity provider settings to ignore the case or the NameId SAML attributes.

      I join an SAML response send tokeycloak where the NameID tag is setted to help understand/identify the part of the code concerned.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                hmlnarik Hynek Mlnařík
                Reporter:
                amontagu Adrien Montagu
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: