keycloak-scim/docbook/auth-server-docs/reference/en/en-US/modules/protocol-mappers.xml
Stian Thorgersen c7a8742a36 KEYCLOAK-1524
Source code headers
2016-02-03 11:20:22 +01:00

34 lines
No EOL
1.9 KiB
XML
Executable file

<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<chapter id="mappers">
<title>OIDC Token and SAML Assertion Mappings</title>
<para>
Applications that receive ID Tokens, Access Tokens, or SAML assertions may need or want different user metadata
and roles. Keycloak allows you to define what exactly is transferred. You can hardcode roles, claims and custom
attributes. You can pull user metadata into a token or assertion. You can rename roles. Basicall you have
a lot of control of what exactly goes back to the client.
</para>
<para>
Within the admin console, if you go to an application you've registered, you'll see a "Mappers" sub-menu item.
This is the place where you can control how a OIDC ID Token, Access Token, and SAML login response assertions look
like. When you click on this you'll see some default mappers that have been set up for you. Clicking the
"Add Builtin" button gives you the option to add other preconfigured mappers. Clicking on "Create" allows
you to define your own protocol mappers. The tooltips are very helpful to learn exactly what you can do
to tailor your tokens and assertions. They should be enough to guide you through the process.
</para>
</chapter>