c7a8742a36
Source code headers
34 lines
No EOL
1.9 KiB
XML
Executable file
34 lines
No EOL
1.9 KiB
XML
Executable file
<!--
|
|
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
|
~ and other contributors as indicated by the @author tags.
|
|
~
|
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
|
~ you may not use this file except in compliance with the License.
|
|
~ You may obtain a copy of the License at
|
|
~
|
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
~
|
|
~ Unless required by applicable law or agreed to in writing, software
|
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
~ See the License for the specific language governing permissions and
|
|
~ limitations under the License.
|
|
-->
|
|
|
|
<chapter id="mappers">
|
|
<title>OIDC Token and SAML Assertion Mappings</title>
|
|
<para>
|
|
Applications that receive ID Tokens, Access Tokens, or SAML assertions may need or want different user metadata
|
|
and roles. Keycloak allows you to define what exactly is transferred. You can hardcode roles, claims and custom
|
|
attributes. You can pull user metadata into a token or assertion. You can rename roles. Basicall you have
|
|
a lot of control of what exactly goes back to the client.
|
|
</para>
|
|
<para>
|
|
Within the admin console, if you go to an application you've registered, you'll see a "Mappers" sub-menu item.
|
|
This is the place where you can control how a OIDC ID Token, Access Token, and SAML login response assertions look
|
|
like. When you click on this you'll see some default mappers that have been set up for you. Clicking the
|
|
"Add Builtin" button gives you the option to add other preconfigured mappers. Clicking on "Create" allows
|
|
you to define your own protocol mappers. The tooltips are very helpful to learn exactly what you can do
|
|
to tailor your tokens and assertions. They should be enough to guide you through the process.
|
|
</para>
|
|
</chapter> |