Hello,
I have a Java application that talks openid-connect with Keycloak and then
Keycloak uses the SAML 2.0 Identity provider to redirect to a 3rd party
SAML idp, acting as an identity broker.
So far so good, I can login into my application with a user existing in the
3rd party idp. Great! but where I am bit stuck is when I try to map
attributes in the SAML response from the idp.
Basically, I would like Keycloak to populate the roles in the access token
that my application gets in the web request with the information coming in
the SAML attribute. In other words, I want the 3rd party SAML idp to decide
what role/s should be assigned to the user.
Is my assumption correct that all I need is the attribute importer mapper
in the SAML provider to do this? So far I could not get it to work L What
is the appropriate way to do this?
Thank you!
Manuel Palacio