i’m investigating into using vault as an oidc idp, proxying to other existing oidc providers. i was hoping to be able integrate the Entity-Alias relationship within vault as a means to provide an authoritative source for a local (site) username.
basically, someone would login via a configured oidc provider; then i could use say their “validated” email back from the provider, and map that to say a unix account - that could either be the Entity name itself, or a metadata field on the Entity. whilst i could do this externally, i was hoping that the response from vault itself could say populate the preferred_username claim.