<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>
<div>
<div>Bump.</div>
<div><br>
</div>
<div>I saw someone had a previous question in October about IdP mappings but the thread died without clear resolution. I didn’t see any general information on enabling DEBUG mode in keycloak to help with troubleshooting.</div>
<div><br>
</div>
<div>When I log into the “account” client application via SAML, I’m presented with a screen to enter in my login, email, first name and last name so I can see that none of the values in the SAML assertion are being picked up by the mappers.</div>
<div><br>
</div>
<div>-Jason</div>
<div>
<div id="MAC_OUTLOOK_SIGNATURE"></div>
</div>
</div>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:12pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span><<a href="mailto:keycloak-user-bounces@lists.jboss.org">keycloak-user-bounces@lists.jboss.org</a>> on behalf of Jason Axley <<a href="mailto:jaxley@expedia.com">jaxley@expedia.com</a>><br>
<span style="font-weight:bold">Date: </span>Thursday, February 18, 2016 at 1:49 PM<br>
<span style="font-weight:bold">To: </span>"<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>" <<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>><br>
<span style="font-weight:bold">Subject: </span>[keycloak-user] SAML attribute mapping debugging<br>
</div>
<div><br>
</div>
<div>
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>I’ve set up incoming SAML authentication using Microsoft ADFS as the IdP. However, the attribute mappings I’ve configured are not picking up the data. A couple things are not clear:</div>
<ol>
<li>How can one debug the mappings to find out why they did not find the data?</li><li>Where is the “user model” documented to know which fields are available to map to? I pulled out some things from existing LDAP mappings but would be nice to know what else is there to map (e.g. AD or other LDAP Groups)</li></ol>
<div>For example, I’ve set up an email mapper that is configured:</div>
<div><br>
</div>
<div>Mapper Type: Attribute Importer</div>
<div>Attribute Name: <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</a></div>
<div>Friendly Name: emailaddress</div>
<div>User Attribute Name: email</div>
<div><br>
</div>
<div>Doesn’t work…</div>
<div><br>
</div>
<div>
<div id="">
<div style="font-size: 14px;">
<div>-Jason</div>
</div>
<div style="font-size: 14px;"><br>
</div>
<div>
<p class="MsoNormal" style="font-size: 11pt; margin: 0in 0in 0.0001pt;"><span style="font-size: 8pt; color: rgb(31, 73, 125);"></span></p>
</div>
</div>
</div>
</div>
</div>
</span>
</body>
</html>