keycloak-scim/docs/guides/securing-apps/partials/saml/roleidentifiers_element.adoc

22 lines
635 B
Text
Raw Normal View History

2016-06-02 16:07:45 +00:00
== RoleIdentifiers element
2016-06-02 16:07:45 +00:00
2016-06-02 20:50:43 +00:00
The `RoleIdentifiers` element defines what SAML attributes within the assertion received from the user should be used
as role identifiers within the Jakarta EE Security Context for the user.
2016-06-02 20:50:43 +00:00
2016-06-02 16:07:45 +00:00
[source,xml]
----
<RoleIdentifiers>
<Attribute name="Role"/>
<Attribute name="member"/>
<Attribute name="memberOf"/>
</RoleIdentifiers>
----
By default `Role` attribute values are converted to Jakarta EE roles.
2017-02-03 22:14:17 +00:00
Some IdPs send roles using a `member` or `memberOf` attribute assertion.
2016-06-02 20:50:43 +00:00
You can define one or more `Attribute` elements to specify which SAML attributes must be converted into roles.
2016-06-02 16:07:45 +00:00