[keycloak-user] SAML IdP Mapping

Bill Burke bburke at redhat.com
Tue Oct 27 09:09:02 EDT 2015

On 10/27/2015 7:32 AM, Matthew Woolnough wrote:
> I have added a SAML IdP and can successfully authenticate.
> I have also added some mappings to map assertions in the SAML token to
> database fields.
> I can see that the SAML token is in the POST back to keycloak contains
> the assertions i am after, but nothing is appearing in Keycloak.

Which leg is missing the SAML assertion?  You have to do 2 different 

#1 Map SAML assertion that you receive rom the external IDP into 
keycloak user db.

#2  Map keycloak user db into the assertion created for the client 
application.  This 2nd part must be done for each client application in 
the "Clients" tab.

Does that answer the question?

Bill Burke
JBoss, a division of Red Hat

More information about the keycloak-user mailing list