I’m finally upgrading my Keycloak system from v17 to v20, and I discovered that the JS SAML mapper has been removed. I used to use it to pass a SAML attribute named
groups that was simply
var stringArray = java.lang.reflect.Array.newInstance(java.lang.String.class, 2);
var username = user.getUsername();
stringArray = 'admin';
stringArray = 'admin-' + username;
Is there a way to do this without writing a custom provider? I’m capable of doing that, but I’d rather use a native method if available.
Well, it’s not my best work (my Java is very rusty), but this does the trick:
With this, you can combine any text with user properties (email, federationLink, firstName, id, lastName, serviceAccountClientLink, or username) and/or custom user attributes. Properties or attributes must be surrounded with backticks (`). To escape a backtick, use a backslash (). For example:
lastName will be replaced with the user properties
- The backticks around
lastName will be escaped and left in place.
customAttribName will be replaced with the user attribute of the same name, but if this attribute does not exist, the text
customAttribName will be left in place.
- All other text will appear as text.
Honestly, this provider could replace the
saml-user-attribute-mapper providers. Mine allows mappers to be created with all three mapper sources on their own or as a dynamic combination of all sources.