I am having a Kerberos login issue because the userprincipalname in AD was modified for Office 365 to be user@emaildomain and not user@kerberosdomain, and there is no attribute in AD that represents this.
In passthrough the browser is sending the user with the kerberosdomain.com domain. The best match I have in the Kerberos Integration is sAMAccountName, but this fails because it does not have the domain name. I have tried setting the uid attribute to add the Kerberos domain, and Kerberos passthrough works fine, but I am not allowed to do this enterprise-wide.
I am using Keycloak Version 26.2.0 in a Docker container. It seems like stripping the domain name should be an easy task, but I have not had any luck with enabling Script mapping. I am not even sure if this is the correct approach to take.
Any help would be greatly appreciated.