Hello everyone.
I have Keycloak 16.1.1 connect with ADFS according to documentation in this URL
How to Setup MS AD FS 3.0 as Brokered Identity Provider in Keycloak - Keycloak
I already add Attribute email, lastname, name, GroupManagers according to document.
Now I try to be mapping some custom Attribute from ADFS (as in picture below) but I would like to know how to mapping custom attribute from ADFS and how to check if Keycloak can mapping it properly. Please advices, Thank you for your kindly help
Hi, if Keycloak does not support it by default with some mapper, then you can create your custom mapper:
public class SamlAttributeMapper implements IdentityProviderMapper{
... required methods ...
static {
ProviderConfigProperty property;
property = new ProviderConfigProperty();
property.setName("attribute.name");
property.setLabel("Attribute Name");
property.setHelpText("Name of the SAML attribute to map.");
property.setType(ProviderConfigProperty.STRING_TYPE);
configProperties.add(property);
property = new ProviderConfigProperty();
property.setName("user.attribute");
property.setLabel("User Attribute");
property.setHelpText("Name of the user attribute to map the SAML attribute to.");
property.setType(ProviderConfigProperty.STRING_TYPE);
configProperties.add(property);
}
@Override
public void preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
String attributeName = mapperModel.getConfig().get("attribute.name");
String userAttribute = mapperModel.getConfig().get("user.attribute");
String attributeValue = context.getContextData().get(attributeName).toString();
context.setUserAttribute(userAttribute, attributeValue);
}
@Override
public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
preprocessFederatedIdentity(session, realm, mapperModel, context);
}
@Override
public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
preprocessFederatedIdentity(session, realm, mapperModel, context);
}
}
Do not forget to add provider Id and to register it in:
org.keycloak.broker.provider.IdentityProviderMapper META-INF
1 Like
Couple of troubleshooting tips:
-
If you are using SAML, use the “Saml-tracer “ chrome extension to view the claims being sent. If the claim is not sent, you cannot map it.
-
If the claim is there, make sure the value matches.
-
Try deleting the user in keycloak and logging in fresh.
1 Like
Thank you, I will try to use SAML-Tracer for check its.
Thank you for your help. I search additional information from Zerto
Zerto Knowledge Portal
and found that I must create Keycloak Client Mapper for receive value from custom IDP Mapper too.
1 Like
