Hi,

I tested out the SAML broker functionality that is listed in the below example
https://github.com/keycloak/keycloak/tree/master/examples/broker/saml-broker-authentication

We have a very important use case that is similar to the above except that the SAML Identity broker is ADFS and a few issues are preventing me from testing it out:

1) The ADFS IDP requires that I upload the KC SAML broker information (SAML metadata) which is not available currently. Perhaps I can generate my own metadata using the above example but would prefer KC to provide one that is similar to IDP metadata that is listed in the documentation.
2) The ADFS IDP metadata has RoleDescriptor element that is not currently being parsed by the KC SAML broker. I logged my issues in the JIRA https://issues.jboss.org/browse/KEYCLOAK-883
3) The roles and other claims need to passed back to the client applications using OIDC (I am aware that Bill is making some functionality available over the next few days and hopefully it will address my requirement)

Any suggestions on how I handle the first two?

Thanks,
Raghu