I’m finally upgrading my Keycloak system from v17 to v20, and I discovered that the JS SAML mapper has been removed. I used to use it to pass a SAML attribute named groups that was simply admin-[username]:
var stringArray = java.lang.reflect.Array.newInstance(java.lang.String.class, 2);
var username = user.getUsername();
stringArray[0] = 'admin';
stringArray[1] = 'admin-' + username;
stringArray;
Is there a way to do this without writing a custom provider? I’m capable of doing that, but I’d rather use a native method if available.
Thanks!
Well, it’s not my best work (my Java is very rusty), but this does the trick:
With this, you can combine any text with user properties (email, federationLink, firstName, id, lastName, serviceAccountClientLink, or username) and/or custom user attributes. Properties or attributes must be surrounded with backticks (`). To escape a backtick, use a backslash (). For example:
`username`-last:\``lastName`\`_`customAttribName`
username and lastName will be replaced with the user properties username and lastName, respectively.- The backticks around
lastName will be escaped and left in place.
customAttribName will be replaced with the user attribute of the same name, but if this attribute does not exist, the text customAttribName will be left in place.- All other text will appear as text.
Honestly, this provider could replace the saml-hardcode-attribute-mapper, saml-user-property-mapper, and saml-user-attribute-mapper providers. Mine allows mappers to be created with all three mapper sources on their own or as a dynamic combination of all sources.