Hello,
I’m trying to configure SSO for a webapplication with SAML and Keycloak as the IdP. I know the application uses simplesamlphp and I know the application works with ADFS. I have some configuration instructions for ADFS:
1: c:[Type == “hxxp://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname”, Issuer == “AD AUTHORITY”] => issue(store = “Active Directory”, types = (“hxxp://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn”), query = “;userPrincipalName;{0}”, param = c.Value);
2: c:[Type == “hxxp://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn”] => issue(Type = “hxxp://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier”, Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties[“hxxp://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format”] = “urn:oasis:names:tc:SAML:2.0:nameid-format:transient”);
But I’m not able to replicate these settings in keycloak. Can anyone point me into the right direction on how to configure keycloak to mimic this setup?