I’m trying to get the claims token from MS Azure to pass through to my App via Keycloak. I’m able to see the response with the token fields, but cannot get the groups claim data. Configured using SAML.
The claim I’m looking for is
In my JSON response from keycloak, it’s not mapping the claim attribute at all. Can someone talk me through the config in keycloak?
Any help appreciated!
I had this same problem, and I had to end up building an IdentityProviderMapper that mapped that attribute to Keycloak groups. Additionally, Azure sends a different attribute if the user is a member of more than 150 groups, and I had to write a separate mapper that pulled the URL value from the http://schemas.microsoft.com/claims/groups.link attribute, and then queried MS Graph for the groups.
The upside is, these are not too difficult to write. The downside is, I did these for a customer, and they are not open source.
