Hi there, Do you have a guide on how to implement a custom SAML attribute mapper? Does that involve building KC on our own? What we need: Our SAML Idp (a widely used public Danish service) provides a custom attribute on the SAML assertion. To support a detailed user privileges profile, a chunk of xml data is base 64 encoded and added as the value of a single attribute as follows: <Attribute Name="dk:gov:saml:attribute:Privileges_intermediate" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <AttributeValue>PD94bWwg ....based 64 encoded XML data..... dmVyc2l==</AttributeValue> </Attribute> We want to implement a mapper that will: extract the attribute value, decode the data, parse the XML and finally map each privilege to a role on the Keycloak user. Alternatively, if post-processing of the user is an option, we could map the attribute on to the user and do the privilege/role processing later? Any suggestions are appreciated :) Kind regards, Ulrik and Anders -- View this message in context: http://keycloak-user.88327.x6.nabble.com/SAML-attribute-mapper-with-proce... Sent from the keycloak-user mailing list archive at Nabble.com.