Fix confusing SAML NameId mapper format tooltip

Closes #26051 Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2024-01-26 10:33:20 +01:00 · 2024-01-26 10:33:20 +01:00 · de598577b1
commit de598577b1
parent 7558bb8dce
3 changed files with 19 additions and 6 deletions
--- a/docs/documentation/release_notes/topics/24_0_0.adoc
+++ b/docs/documentation/release_notes/topics/24_0_0.adoc
@ -199,4 +199,21 @@ link:{upgradingguide_link}[{upgradingguide_name}].
 = Updates to cookies
 Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.
+for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.
 = SAML User Attribute Mapper For NameID now suggests only valid NameID formats
 User Attribute Mapper For NameID allowed setting `Name ID Format` option to the following values:
 - `urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName`
 - `urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName`
 - `urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos`
 - `urn:oasis:names:tc:SAML:2.0:nameid-format:entity`
 However, Keycloak does not support receiving `AuthnRequest` document with one of these `NameIDPolicy`, therefore these
 mappers would never be used. The supported options were updated to only include the following Name ID Formats:
 - `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`
 - `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified`
 - `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`
 - `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`
--- a/js/apps/admin-ui/maven-resources/theme/keycloak.v2/admin/messages/messages_en.properties
+++ b/js/apps/admin-ui/maven-resources/theme/keycloak.v2/admin/messages/messages_en.properties
@ -494,7 +494,7 @@ clientTypeHelp='OpenID Connect' allows Clients to verify the identity of the End
 addOpenIdProvider=Add OpenID Connect provider
 memory=Memory
 eventTypes.CLIENT_LOGIN.name=Client login
-mapper.nameid.format.tooltip=Name ID Format using Mapper
+mapper.nameid.format.tooltip=This mapper is applied only if the NameID format of the incoming AuthnRequest is equal to this value.
 hideOnLoginPageHelp=If hidden, login with this provider is possible only if requested explicitly, for example using the 'kc_idp_hint' parameter.
 eventTypes.UPDATE_PROFILE.description=Update profile
 assignRolesTo=Assign roles to {{client}}
--- a/services/src/main/java/org/keycloak/protocol/saml/mappers/NameIdMapperHelper.java
+++ b/services/src/main/java/org/keycloak/protocol/saml/mappers/NameIdMapperHelper.java
@ -23,10 +23,6 @@ public class NameIdMapperHelper {
        List<String> types = new ArrayList<String>();
        types.add(JBossSAMLURIConstants.NAMEID_FORMAT_UNSPECIFIED.get());
        types.add(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get());
        types.add(JBossSAMLURIConstants.NAMEID_FORMAT_X509SUBJECTNAME.get());
        types.add(JBossSAMLURIConstants.NAMEID_FORMAT_WINDOWS_DOMAIN_NAME.get());
        types.add(JBossSAMLURIConstants.NAMEID_FORMAT_KERBEROS.get());
        types.add(JBossSAMLURIConstants.NAMEID_FORMAT_ENTITY.get());
        types.add(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
        types.add(JBossSAMLURIConstants.NAMEID_FORMAT_TRANSIENT.get());
        property.setType(ProviderConfigProperty.LIST_TYPE);