[keycloak-user] SAML question
Marek Posolda
mposolda at redhat.com
Fri Feb 26 15:30:13 EST 2016
There are 2 things you need:
1) Configure LDAP mappers for the "givenName" and "sn" attribute, so
Keycloak see them as attributes of user. After this, you should be able
to see those attributes in the "attributes" tab in admin console for
particular user from AD. If this works, step 1 is done :)
2) Configure protocol mapper for your client to map user attributes from
LDAP (mapped in step 1) to the SAML assertion.
Marek
On 26/02/16 16:32, Ben Bazian wrote:
>
> I need to add Active Directory attributes to the SAML assertion. Is
> there documentation on how to do this? Specifically I need to add
> givenName and sn to the assertion that already has the email attribute.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160226/c5f81e82/attachment.html
More information about the keycloak-user
mailing list