We are facing an issue where KeyCloak’s SAML assertion to AWS is exceeding the max no. of characters specified by AWS, when the user has several roles (around 400). Where as this isn’t the case when we authenticate the same user, using ADFS.
After a bit of debugging we found out that, KeyCloak’s role mapper injects some additional namespaces in the SAML role attributes (for each role), as compared to the ADFS (Comparison screenshots attached herewith).
We would like to know if there is a way to skip these namespaces (xmlns:xs, xmlns:xsi, xsi:type) being added in every role of the SAML assertion.