If you look at the tab "Mappers" when you are in identityProvider in admin console, you can see we have some builtin implementations of IdentityProviderMapper, which allows you to map the stuff from IDP into Keycloak. If none of the builtin is sufficient for you, you can try to create JIRA or implement your own mapper.

Marek

On 27/09/16 12:16, Manuel Palacio wrote:

Hello,

I have a Java application that talks openid-connect with Keycloak and then Keycloak uses the SAML 2.0 Identity provider to redirect to a 3^rd party SAML idp, acting as an identity broker.

So far so good, I can login into my application with a user existing in the 3^rd party idp. Great! but where I am bit stuck is when I try to map attributes in the SAML response from the idp.

Basically, I would like Keycloak to populate the roles in the access token that my application gets in the web request with the information coming in the SAML attribute. In other words, I want the 3^rd party SAML idp to decide what role/s should be assigned to the user.

Is my assumption correct that all I need is the attribute importer mapper in the SAML provider to do this? So far I could not get it to work L What is the appropriate way to do this?

Thank you!

Manuel Palacio
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user