keycloak-scim/securing_apps/topics/saml/java/general-config/roleidentifiers_element.adoc


===== RoleIdentifiers Element

The `RoleIdentifiers` element defines what SAML attributes within the assertion received from the user should be used
as role identifiers within the Java EE Security Context for the user.

[source,xml]
----

<RoleIdentifiers>
     <Attribute name="Role"/>
     <Attribute name="member"/>
     <Attribute name="memberOf"/>
</RoleIdentifiers>
----

By default `Role` attribute values are converted to Java EE roles.
Some IdPs send roles using a `member` or `memberOf` attribute assertion.
You can define one or more `Attribute` elements to specify which SAML attributes must be converted into roles.
initial saml 2016-06-02 16:07:45 +00:00
WIP: mod_auth_mellon edits 2017-02-03 22:14:17 +00:00			`===== RoleIdentifiers Element`
initial saml 2016-06-02 16:07:45 +00:00
saml general config 2016-06-02 20:50:43 +00:00			The `RoleIdentifiers` element defines what SAML attributes within the assertion received from the user should be used
			`as role identifiers within the Java EE Security Context for the user.`

initial saml 2016-06-02 16:07:45 +00:00			`[source,xml]`
			`----`

			`<RoleIdentifiers>`
			`<Attribute name="Role"/>`
			`<Attribute name="member"/>`
			`<Attribute name="memberOf"/>`
			`</RoleIdentifiers>`
			`----`

			By default `Role` attribute values are converted to Java EE roles.
WIP: mod_auth_mellon edits 2017-02-03 22:14:17 +00:00			Some IdPs send roles using a `member` or `memberOf` attribute assertion.
saml general config 2016-06-02 20:50:43 +00:00			You can define one or more `Attribute` elements to specify which SAML attributes must be converted into roles.
initial saml 2016-06-02 16:07:45 +00:00