[keycloak-user] Mapping SAML attributes from ADFS

[Rens Verhage]

Hi all,

I’m having some trouble importing users from ADFS. On first time login, Keycloak displays the user registration form with only the username pre-filled, first name, last name and e-mail address are empty. According to the ADFS administrator, these attributes are being sent in the SAML response.

Do I have to explicitly map these attributes?

How can I log the SAML response in plain text? All SAML assertions are encrypted, how can I log / debug the mapping of user attributes?


Rens