[keycloak-user] simplesamlphp attribute is expected but missing
Tiemen Ruiten
t.ruiten at rdmedia.com
Mon Oct 9 08:14:50 EDT 2017
Hello,
I'm trying to authenticate Wordpress users with the help of the wp-saml-auth
plugin <https://wordpress.org/plugins/wp-saml-auth/> and the simplesamlphp
library. <https://simplesamlphp.org/> I'm not sure if this is an issue on
the Keycloak side or on the PHP side, hopefully someone can point me in the
right direction.
The redirect from the Wordpress login page to Keycloak is going fine, so I
login on the Keycloak page, but after the redirect back to Wordpress, I'm
getting this error:
"mail" attribute is expected, but missing, in SAML response. Attribute is
used to fetch existing user by "email". Please contact your administrator.
The user has an emailaddress and is coming from an AD federation. There is
a a user-attribute-ldap-mapper is setup that maps the User Model Attribute
'email' to LDAP attribute 'mail'. I tried setting up a User Property mapper
in the client that maps the property 'email' to SAML Attribute name 'email'
(also tested with 'mail'), but it didn't make a difference in the error
message.
What am I missing? Does the application need to request the SAML-attributes
explicitly? Is there a way to intercept the SAML-response in the browser?
--
Tiemen Ruiten
Systems Engineer
R&D Media
More information about the keycloak-user
mailing list