[keycloak-user] SAML2 Identity provider Mappers

Hi, We have created a salesforce SAML2 identity provider, a part of the response xml from salesforce is added below. Next to this we configured a tomcat with a json file with argument : "principal-attribute": “preferred_username” When we do nothing more we get the NameID with the prefix in Tomcat as the logged in user. We like to map the SAML Attribute Name=“email” to the “preferred_username” How do we do this? <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">henk.laracker@p*n.nl</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData InResponseTo="ID_e44eedb6-2f93-4c7e-aecd-90f355e3cbc3" NotOnOrAfter="2015-06-02T08:12:07.080Z" Recipient="https://fr-authtest.planoncloud.com/auth/realms/ciwwa-tes... /> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2015-06-02T08:06:37.080Z" NotOnOrAfter="2015-06-02T08:12:07.080Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" <saml:AudienceRestriction> <saml:Audience>https://fr-authtest.planoncloud.com/auth/realms/ciwwa-te... </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2015-06-02T08:07:07.080Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" <saml:AuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> <saml:AttributeStatement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Attribute Name="userId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType" </saml:Attribute> <saml:Attribute Name="username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType" </saml:Attribute> <saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType" </saml:Attribute> <saml:Attribute Name="is_portal_user" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType" </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> Met vriendelijke groet / Yours sincerely / Mit freundlichen Grüßen / Très cordialement, Henk Laracker