Open Keycloak

Select Clients / Select the SAML Client and Select Mappers

Click on Add Builtin

Add the X500. givenName, sureName and email

Open the Application

Configure the Authentication

For the username you can use

urn:oid: + " " + urn:oid:

This will concatenate the X500 givenName and the surame

For the email you can use the X500 email


You can also define the default usersgroups that a new user will be added to

  • No labels