13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
# File 'manifests/client_scope/saml.pp', line 13
define keycloak::client_scope::saml (
String $realm,
String $resource_name = $name,
) {
include keycloak
keycloak_client_scope { $name:
realm => $realm,
resource_name => $resource_name,
protocol => 'saml',
}
keycloak_protocol_mapper { "username for ${name} on ${realm}":
protocol => 'saml',
type => 'saml-user-property-mapper',
attribute_nameformat => 'uri',
user_attribute => 'username',
friendly_name => 'userid',
attribute_name => 'urn:oid:0.9.2342.19200300.100.1.1',
}
keycloak_protocol_mapper { "X500 email for ${name} on ${realm}":
protocol => 'saml',
type => 'saml-user-property-mapper',
attribute_nameformat => 'uri',
user_attribute => 'email',
friendly_name => 'email',
attribute_name => 'urn:oid:1.2.840.113549.1.9.1',
}
keycloak_protocol_mapper { "X500 givenName for ${name} on ${realm}":
protocol => 'saml',
type => 'saml-user-property-mapper',
attribute_nameformat => 'uri',
user_attribute => 'firstName',
friendly_name => 'givenName',
attribute_name => 'urn:oid:2.5.4.42',
}
keycloak_protocol_mapper { "X500 surname for ${name} on ${realm}":
protocol => 'saml',
type => 'saml-user-property-mapper',
attribute_nameformat => 'uri',
user_attribute => 'lastName',
friendly_name => 'surname',
attribute_name => 'urn:oid:2.5.4.4',
}
keycloak_protocol_mapper { "role list for ${name} on ${realm}":
protocol => 'saml',
type => 'saml-role-list-mapper',
single => false,
attribute_nameformat => 'basic',
attribute_name => 'Role',
}
}
|