Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-826

Add IdentityProviderMapper that dynamically maps all returned attributes.

XMLWordPrintable

      1. What is the nature and description of the request?

      It should be possible to configure 1 brokered idp attribute mapper that maps all incoming attributes to user attributes.

      2. Why does the customer need this? (List the business requirements here)

      Our brokered idp returns a lot of attributes and configuring each and every attribute is quite some work.
      Moreover, you currently can't export this config from one realm to another in the same environment.

      3. How would the customer like to achieve this? (List the functional requirements here)

      Quite similar to the UserAttributeMapper but not limited to one attribute.
      It would basically take the incoming assertion and map every saml attribute to a user attribute with the same name.
      It should have at least 5 config fields:

      • optional regex in order to filter out some attribute(s) you don't want to map.
      • name of attribute to use as firstName property.
      • name of attribute to use as lastName property.
      • name of attribute to use as email property.
      • option to use saml friendlyName instead of Name to map with the user attribute name.
        On first login, the attributes are created.
        On subsequent login, the attributes should be updated or removed (if they are no longer sent by the IDP).

      4. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.

      It should be easy to test with any brokered idp.

      5. Is there already an existing RFE upstream or in Red Hat Bugzilla?

      No, but there is a mail on the dev list: Adding IdentityProviderMappers (13/02/2017).

      6. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?

      No, but it would ease configuration a lot with less human interaction and therefore, less risk of human error.

      7. List any affected packages or components.

      Brokered IdentityProvider

      8. Would the customer be able to assist in testing this functionality if implemented?

      Yes.
      We have allready implemented and tested the mapper. We are willing to share this code (1 class).

              Unassigned Unassigned
              rhn-support-sshriram Saurabh Shriramwar (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: