Customize email with script mapper

michimau · January 28, 2022, 4:17pm

Dears,

I am connecting arcgis with an openid endpoint from Keyclock.
Keycloak uses ldap as user federation.

Before keycloak a direct connection with ldap was in place and all users are named after the uid attribute of ldap.

Once connected with openid, arcgis will use the field “email” from token and extract the username as:
"name.surname" from the email user.surname@domain.example

I was wondering if i can overwrite the email in the token as “preferred_username@domain.example”, so i do not have to face a challenging and risky process of wrestling all usernames and its user spaces.
“preferred_username” of the token contains “uid” from ldap.

I have tried with script mappers, with no luck. Any clue?

michimau · January 28, 2022, 8:32pm

something like this works for me:

token.getOtherClaims().put("email", user.username + user.email.substring(user.email.lastIndexOf("@")));

exports = roles;

Topic		Replies	Views
LDAP create email based on two ldap attributes Getting advice ldap	0	591	July 5, 2021
Handling name changes in federated LDAP Configuring the server user-federation , ldap	0	540	July 27, 2021
Parse Username Template Importer Getting advice oidc	0	1022	November 17, 2020
Use different ID for the sub Getting advice	8	3188	February 3, 2024
Sync Keycloak user ID (or a random UUID) as an independent attribute into LDAP Getting advice user-federation , ldap	3	2577	September 1, 2021

Customize email with script mapper

Related Topics