KEYCLOAK-3689 Update identityProvider docs about session data

This commit is contained in:
mposolda 2016-12-02 11:19:45 +01:00
parent b17fa49ee2
commit 7b6546d9e5

View file

@ -4,8 +4,12 @@
After a user logs in from the external IDP, there's some additional user session note data that {{book.project.name}} stores that you can access. After a user logs in from the external IDP, there's some additional user session note data that {{book.project.name}} stores that you can access.
This data can be propagated to the client requesting a login via the token or SAML assertion being passed back to it by using an appropriate client mapper. This data can be propagated to the client requesting a login via the token or SAML assertion being passed back to it by using an appropriate client mapper.
BROKER_PROVIDER_ID:: identity_provider::
This is the IDP alias of the broker used to perform the login. This is the IDP alias of the broker used to perform the login.
You can use a <<fake/../../clients/protocol-mappers.adoc#_protocol-mappers, Protocol Mapper>> to propagate this information to your clients. identity_provider_identity::
This is the IDP username of the currently authenticated user. This is often same like the {{book.project.name}} username, but doesn't necessarily needs to be.
For example {{book.project.name}} user `john` can be linked to the Facebook user `john123@gmail.com`, so in that case value of user session note will be `john123@gmail.com` .
You can use a <<fake/../../clients/protocol-mappers.adoc#_protocol-mappers, Protocol Mapper>> of type `User Session Note` to propagate this information to your clients.