Re: [keycloak-user] simplesamlphp attribute is expected but missing

Hello, I'm trying to authenticate Wordpress users with the help of the wp-saml-auth plugin <https://wordpress.org/plugins/wp-saml-auth/> and the simplesamlphp library. <https://simplesamlphp.org/> I'm not sure if this is an issue on the Keycloak side or on the PHP side, hopefully someone can point me in the right direction. The redirect from the Wordpress login page to Keycloak is going fine, so I login on the Keycloak page, but after the redirect back to Wordpress, I'm getting this error: "mail" attribute is expected, but missing, in SAML response. Attribute is used to fetch existing user by "email". Please contact your administrator. The user has an emailaddress and is coming from an AD federation. There is a a user-attribute-ldap-mapper is setup that maps the User Model Attribute 'email' to LDAP attribute 'mail'. I tried setting up a User Property mapper in the client that maps the property 'email' to SAML Attribute name 'email' (also tested with 'mail'), but it didn't make a difference in the error message. What am I missing? Does the application need to request the SAML-attributes explicitly? Is there a way to intercept the SAML-response in the browser? -- Tiemen Ruiten Systems Engineer R&D Media _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user