Brokering identity without store personnal data

Is there a way to identify users via an Identity Provider and send data in the JWT to the client without store it in the user attributes ?
I need to auto fill a form with the user data provided by an Idp but less I store this data the better it is.

Thanks for your help,
Kings regards,

For example, would it be possible to use the “Hardcoded User Session Attribute” to pick some saml claims from Idp assertion, to be able to send it back to my web client in the id token ?

Didn’t quite get you?
Maybe you need to you the option of mappers in the idp section

At the moment, I have configured the broker mappers to get the SAML claims from the IdP into the user attributes via Attribute Importer Mapper. I saw that there’s another mapper that can put some value in the user session but it’s only hardcoded value and there seems to be no possibility to put something from the claims.

When my client delegates the authentication to keycloak, I want the user to authenticate via an external idp and get the claims value (birthdate, gender, …) directly without storing it in the user attributes.

Do you think this is possible ?

Are you concerned w.r.t storing in Keycloak? Otherwise, on each authentication – the claims can be configured to be retrieved in real time from the external IDP.

Yes, my goal is to avoid storing in Keycloak.
How could I retrieve it directly from the IDP ?

May I ask why don’t you don’t connect your application directly to the IDP? It would appear Keycloak is redundant for your use case.

I already have Keycloak in my stack to authenticate users and they can use several IdPs. Then the configuration is easier with Keycloak I guess