I am currently using Keycloak 1.1.0.Final, trying to enable SSO between two apps with an Active Directory user store. I have keycloak connected to the AD directly in my realm and have sync’ed the users. I can successfully login in to one of my apps. However, the other app requires an ‘email’ claim, which is missing. It looks like the AD uses just ‘mail’. Is there any way to make this simple claim mapping in keycloak?

Randall Theobald

Common Engineering – Performance

Dell Software Group  |  Office of the CTO

randall_theobald at dell.com  |  RR1-C336