I was able to achieve the goal by setting up the broker in such a way:
1) Edit identity provider: NameID Policy Format, select 'unspecified'
2) Edit every client representing Service Provider application, select
'Name id format': username
I wonder whether this approach is fine, especailly if we use not keycloak
as a 3'd party provider. Is it something generic for SAML2.0 or very
specific for keycloak?
According to doc
The supported formats for nameid are
X.509 subject name
Windows domain qualified name
Kerberos principal name
Is username something additional?
On Tue, Jun 26, 2018 at 1:16 PM Leonid Rozenblyum <lrozenblyum(a)gmail.com>
We're using 2 keycloak instances.
SP -> Keycloak (broker) -> Keycloak (Identity provider)
How can we configure the broker to create user names equal to the original
username from keycloak (Idp)? Now the new users inside the broker receive a
G-.... (long meaningless string)
username during the first log-in.
So if user logs in through Idp with login: 'hello' we would like user
'hello' be created in the broker
Thank you for advice.