Identity Provider - Trim Username (identity provider mapper)


I’m currently adding Microsoft as an Identity Provider to allow login with Ofiice365.
After successfull integration i’m having a custom problem where the uid is in the form
However my ldap and current keycloak users only use the “username” part as identifier.
Is there anyway to trim ou adjust the incoming “uid” field to use only the part before the “@” character?
I looked into identity provider template mappers but couldn’t find documentation on how to use it or if it would work for this situation.
Maybe there are other ways to deal with this?



I am trying the reverse, I want to add a @domain to the uid .

Unfortunately the mappers do not have modification options as far as I have seen. Have you managed to fix this issue?

hi @stephen
i have not pursued this feature any further due to the lack of response.
were you able to discover something on your end?

No unfortunately now.

Hi @stephen,

Most likely it’s too late for you, but just in case it helps others. Keycloak could read the optional claim preferred_username in the JWT and it will use it as user identifier. If you can configure Azure AD to provide that claim, then Keycloak will recognise it.

Do you mean something like this?

Hi @Stephen,

Sorry that I don’t have a complete answer. I have observed that Keycloak gives preference to the claim preferred_username over the uid claim, so if you are able to add that claim at the JWT from Azure AD, then Keycloak will read the value at preferred_username rather than the value at uid

We are currently doing an integration with Azure AD and Keycloak and I will be able to test some use-cases in the coming months. I will keep you posted if I find the complete answer.