There are 2 things you need:
1) Configure LDAP mappers for the "givenName" and "sn" attribute,
so Keycloak see them as attributes of user. After this, you should
be able to see those attributes in the "attributes" tab in admin
console for particular user from AD. If this works, step 1 is done
:)
2) Configure protocol mapper for your client to map user
attributes from LDAP (mapped in step 1) to the SAML assertion.
Marek
On 26/02/16 16:32, Ben Bazian wrote:
I need to add Active Directory
attributes to the SAML assertion. Is there documentation on
how to do this? Specifically I need to add givenName and sn
to the assertion that already has the email attribute.
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user