0

I'm trying to connect an external IdP to Keycloak, so that I have "Login with [X, an external system]" feature.

I managed to configure it so that the IdP returns a response with the following subject in assertion:

<saml2:Subject>
    <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">T=Private Person, SERIALNUMBER=1234567890, GIVENNAME=John, SURNAME=Doe, CN=Mock, C=EN</saml2:NameID>
    ...
</saml2:Subject>

How can I configure the mappers so that after logging in, the attributes from X509 NameID are mapped correctly to user attributes?

What I tried so far:

  • Set NameID policy format to X.509 Subject Name (and actually other options)
  • Create basic Attribute Importers for the attributes

Thanks in advance.

Related questions
4
Keycloak: Invalid SAML Response by External IdP
2
Keycloak IDP initiated logout SAML
2
Modify SAML attribute from IDP inside keycloak
Load 2 more related questions Show fewer related questions

0

Reset to default

Browse other questions tagged or ask your own question.