Open Keycloak
Select Clients / Select the SAML Client and Select Mappers
Add the X500. givenName, sureName and email
Open the Application
Configure the Authentication
For the username you can use
urn:oid:2.5.4.42 + " " + urn:oid:2.5.4.4
This will concatenate the X500 givenName and the surame
For the email you can use the X500 email
urn:oid:1.2.840.113549.1.9.1
You can also define the default usersgroups that a new user will be added to