Versions Compared

Old Version 1

changes.mady.by.user Craig McNally

Saved on

compared with

New Version 2

changes.mady.by.user Craig McNally

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Use the "EmailAddress" attribute from the SAML response, to match the "email" attribute on the Keycloak user record

  • Give the mapper a "Name", e.g. "external_system_idemail"
  • "Sync mode override":  "Force"
  • "Mapper type":  "Attribute Importer"
  • "Attribute Name":  "EmailAddress"
    1. This will select the SAML Response's EmailAddress attribute 
  • "Friendly Name":  <leave blank>
  • "Name Format":  "ATTRIBUTE_FORMAT_BASIC"
  • "User Attribute Name":  "email"

Recipe (externalSystemId):

Use the "Subject NamdID" from the SAML response, to match the "external_system_id" attribute on the Keycloak user record

  • Give the mapper a "Name", e.g. "external_system_id"
  • "Sync mode override":  "Force"
  • "Mapper type":  "Attribute Importer"
  • "Attribute Name":  "Subject NameID"
    1. This will select the SAML Response's Subject → NameID (Hint: in the example SAML response above this value is LxyImDFLVb4jnlOayJIybA77mZw6)
  • "Friendly Name":  <leave blank>
  • "Name Format":  "ATTRIBUTE_FORMAT_BASIC"
  • "User Attribute Name":  "external_system_id"

N.B.  As of the external_system_id user attribute is not currently set/migrated from user records in Folio to Keycloak.  However, there are plans to add this soon.  Keep in mind that you can always manually add/set arbitrary user attributes in Keycloak for testing purposes.

Open Questions

  • TBD