Re: [keycloak-user] SAML question
There are 2 things you need:
1) Configure LDAP mappers for the "givenName" and "sn" attribute, so
Keycloak see them as attributes of user. After this, you should be able
to see those attributes in the "attributes" tab in admin console for
particular user from AD. If this works, step 1 is done :)
2) Configure protocol mapper for your client to map user attributes from
LDAP (mapped in step 1) to the SAML assertion.
Marek
On 26/02/16 16:32, Ben Bazian wrote:
I need to add Active Directory attributes to the SAML assertion. Is
there documentation on how to do this? Specifically I need to add
givenName and sn to the assertion that already has the email attribute.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.html (text/html — 3.1 KB)