Is there a way to convert saml assertion to token claims without storing them as role/group or user attribute

kkcmadhu · January 25, 2023, 4:34pm

I have an saml2.0 identity provider, I have some assertions coming in , I want to map those assertions into custom claims in my keycloak jwt token,
how can i achieve this.
I dont want to really store the incoming assertion into a role/group or user attribute…
I just want to get those attributes from saml assertion, not store anywhere in keycloak, and mint the info in token.

Is this possible?

kkcmadhu · January 25, 2023, 4:42pm

There is something called userSession mapper in saml/oidc identity provider mapper, and user session note mapper in client scopes… i am thinking of exploring that combination to check if it will work.

but , the time out (user session timeout), etc could be challenging… not sure if it will work.

has any one tried such a thing??

Topic		Replies	Views
Getting hold of the AuthenticatingAuthority Getting advice	2	543	May 1, 2022
SAML Bearer Assertion Flow Getting advice authentication , saml	0	340	June 5, 2023
SAML Bearer Assertion Flow - how to setup Keycloak to issue tokens based on SAML assertion Configuring the server oidc , saml	3	1875	November 17, 2021
Custom SPI for OIDC-to-SAML Broker Extending the server authentication , identity-brokering , saml	2	1670	June 21, 2021
Keycloak External IDP SAML - Assertion Consumer Service Metadata	0	385	January 25, 2021

Is there a way to convert saml assertion to token claims without storing them as role/group or user attribute

Related Topics