[keycloak-user] Customize saml response

Dmitry Telegin dt at acutus.pro
Mon Feb 4 18:15:25 EST 2019

Hello Pulkit,

This is how identity brokering works. Keycloak cannot simply reuse the incoming SAML assertion, so it creates a new one for your target application. But there is a limited control over the attribute passthrough via mappers. What are the exact attributes you're talking about? Do you think they can be mapped to user properties/attributes? (like first name / last name etc.)

Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

On Tue, 2019-01-29 at 18:55 +0530, Pulkit Srivastava wrote:
> Hi,
> I am  using as external idp with keycloak. External idp sends SAML response
> to keycloak but keycloak modifies that response before sending it to the
> application, so i am unable to get some important attributes. How can we
> stop keycloak from modifying the response or how can we customize the
> response.
> Thanks,
> Pulkit
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list