Remove namespaces from SAML attributes

We are facing an issue where KeyCloak’s SAML assertion to AWS is exceeding the max no. of characters specified by AWS, when the user has several roles (around 400). Where as this isn’t the case when we authenticate the same user, using ADFS.
After a bit of debugging we found out that, KeyCloak’s role mapper injects some additional namespaces in the SAML role attributes (for each role), as compared to the ADFS (Comparison screenshots attached herewith).

We would like to know if there is a way to skip these namespaces (xmlns:xs, xmlns:xsi, xsi:type) being added in every role of the SAML assertion.



A solution to this will be super helpful. Is there no way to manage the namespaces being added?

1 Like