Keycloak for Sonarqube via SAML-plugin, mapper-problem

I have configured Keycloak for Sonarqube 9.0 via the in-built SAML-plugin.
Keycloak and Sonarqube are both connected to the same ActiveDirectory.
While logging-on via Keycloak, the userdata (userid and emailaddress) is recognized by Sonarqube, but Sonarqube is not able to relate it to the username as present in AD.
For instance: The username is NL22109 (as present in AD), after logging in to Sonarqube, Sonarqube creates (if it’s the first time) a new user NL2210970378 with my correct first name and surname; the avatar shows an ‘N’. But it is seen as a new user which is not in AD, so it is not added to the correct groups. Even the ‘old’ user with which I used to login with oldfashioned uid/pwd continues to exist next to it.
In Keycloak I had to create two Mappers (login and Name), the username which is defined in ‘Name’ is responsible for the passing of the involved username, while if I replace it by email and I login with Keycloak, Sonarqube creates (if it’s the first time) a new user albert.jol@domainname.com with my correct first name and surname; the avatar shows an ‘A’. Also this user is not recognized as a user which is present in AD.

I have two questions:

  1. I am wandering if the cause is in Keycloak or Sonarqube
  2. Does anybody know how to solve this?

Why Sonarqube needs to be connected to AD, when identity(authentication) is provided by Keycloak?

Because there are other (internal) users who do not login with Keycloak; besides, that is not the question. It just should work, just as it works with Jira, Confluence, Bitbucket and Jenkins; while these applications all have connection with AD, it causes no problems and for these applications there is no need and there are no mappers configured in the concerning clients. If mappers are missing in case of Sonarqube, login in is not possible at all.