I’m currently adding Microsoft as an Identity Provider to allow login with Ofiice365.
After successfull integration i’m having a custom problem where the uid is in the form username@domain.com.
However my ldap and current keycloak users only use the “username” part as identifier.
Is there anyway to trim ou adjust the incoming “uid” field to use only the part before the “@” character?
I looked into identity provider template mappers but couldn’t find documentation on how to use it or if it would work for this situation.
Maybe there are other ways to deal with this?
Most likely it’s too late for you, but just in case it helps others. Keycloak could read the optional claim preferred_username in the JWT and it will use it as user identifier. If you can configure Azure AD to provide that claim, then Keycloak will recognise it.
Sorry that I don’t have a complete answer. I have observed that Keycloak gives preference to the claim preferred_username over the uid claim, so if you are able to add that claim at the JWT from Azure AD, then Keycloak will read the value at preferred_username rather than the value at uid
We are currently doing an integration with Azure AD and Keycloak and I will be able to test some use-cases in the coming months. I will keep you posted if I find the complete answer.
