Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-5657

Support for transient NameIDPolicy in SAML Identity Brokering

    XMLWordPrintable

    Details

      Description

      Add support for urn:oasis:names:tc:SAML:2.0:nameid-format:transient format in SAML Identity Provider brokering. This touches both admin console (NameID Policy Format in Identity Provider configuration) and the code that handles users.

      Brokered Shibboleth is configured to require

      <samlp:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
      

      that option is not available on keycloak configuration. Keycloak configurator should allow this option and also allow AllowCreate to be setted in case of transient.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              hmlnarik@redhat.com Hynek Mlnařík
              Reporter:
              denis.miorandi_jira Denis Miorandi (Inactive)
              Votes:
              11 Vote for this issue
              Watchers:
              16 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: