Open Keycloak
Select Clients / Select the SAML Client and Select Mappers
Click on Add Builtin
Add the X500. givenName, sureName and email
Open the Application
Configure the Authentication
For the username you can use
urn:oid:2.5.4.42 + " " + urn:oid:2.5.4.4
This will concatenate the X500 givenName and the surame
For the email you can use the X500 email
urn:oid:1.2.840.113549.1.9.1
You can also define the default usersgroups that a new user will be added to
