Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-5657

Support for transient NameIDPolicy in SAML Identity Brokering

    Details

      Description

      Add support for urn:oasis:names:tc:SAML:2.0:nameid-format:transient format in SAML Identity Provider brokering. This touches both admin console (NameID Policy Format in Identity Provider configuration) and the code that handles users.

      Brokered Shibboleth is configured to require

      <samlp:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
      

      that option is not available on keycloak configuration. Keycloak configurator should allow this option and also allow AllowCreate to be setted in case of transient.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  hmlnarik Hynek Mlnařík
                  Reporter:
                  denis.miorandi Denis Miorandi
                • Votes:
                  10 Vote for this issue
                  Watchers:
                  15 Start watching this issue

                  Dates

                  • Created:
                    Updated: