I do have a WebApp that only supports OIDC and I also have a SAML / Shibboleth IdentityProvider ready.
I want to use KeyCloak to basically pass through the authentication done by the SAML Identity provider to the OIDC Client without actually storing the user-data (permanent) in the KC database.
Is this even possible? I don’t know how to setup this usecase…
I’ve configured the SAML IdP in KC and the login flow works fine. However, it always asks me to fill out first name / last name after SAML authentication.
If I set “first login flow” to direct grant, it complains about missing username after SAML Login flow. I’ve mapped a SAML attribute to “username” though…
What should the basic setup look like?