search

eosc-kc / keycloak

Open Source Identity and Access Management For Modern Applications and Services
https://www.keycloak.org
Apache License 2.0
4 stars 4 forks source link

Allow to configure the attribute name format in <RequestedAttribute> elements #122

Open NicolasLiampotis opened 2 years ago

NicolasLiampotis commented 2 years ago

Keycloak already supports adding the attributes defined in the Attribute importer to a list of <RequestedAttribute> elements of the <AttributeConsumingService> element of the SAML SP metadata. However, the attribute name format of the RequestedAttribute currently defaults to urn:oasis:names:tc:SAML:2.0:attrname-format:basic. It should be possible to configure a different format such as urn:oasis:names:tc:SAML:2.0:attrname-format:uri which is required in many profiles (e.g. eIDAS SAML Attribute Profile - Version 1.2)

The following formats should at least be supported:

  1. urn:oasis:names:tc:SAML:2.0:attrname-format:uri,
  2. urn:oasis:names:tc:SAML:2.0:attrname-format:basic and
  3. urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
cgeorgilakis commented 2 years ago

Jira issue : https://issues.redhat.com/browse/KEYCLOAK-19313

cgeorgilakis commented 2 years ago

PR: https://github.com/keycloak/keycloak/pull/8454