We are using LDAP as user federation back-end and we used SAML javascript in couple of client scope mappers, now that the javascrpting is gone, what are our options to achieve something like, having a User attribute that the results will be something like DB/LDAP User attribute + Another DB/LDAP Userattribite “or static string” ? for example username-LDAProle , where username is UserModel.attribute map and LDAProle is an actual string
One more question, so I got scripts feature loaded, crated the jar file and everything seems okay, created the mappers, so far so good, but got the error below
Error during execution of ProtocolMapper script: org.keycloak.scripting.ScriptExecutionException: Could not execute script 'attribute-mapper-script_eduPersonEntitlement' problem was: TypeError: user.getAttribute is not a function in <eval> at line number 5
the script is as follows,
var JTHashSet = Java.type('java.util.HashSet');
var roles = new JTHashSet();
var userNameFromLDAP = user.getAttribute("username");
var eduPersonPrincipalName = userNameFromLDAP[0].toString()+"@staff";
print("eduPersonPrincipalName", eduPersonPrincipalName);
eduPersonPrincipalName;
but I thought that user.getAttribute("username") should work fine, it just I do have more than one SAML script need to work out, would this user.attributes.SOMETHING works with non built in attributes? like eduPersonEntitlement which is fetched from LDAP for example?
For the generic non-built-in attributes, I typically use user.attributes.SOMETHING in scripts and .ftl templates but user.attributes.Get(“SOMETHING”) should also work in scripts.
Thanks @mbonn , did that earlier today and worked and moving to the next problem with client interface I think I am getting there, it just way overkill for such simple tasks , wish it was click and configure