I am working on my first keycloak SAML integration.
I have running AD FS server and deployed keycloak in k8s env.
AD FS and keycloack can trust each other however I have a problem with mappers (no real prior exp with AD FS).
For instruction I have followed:
After successful login with test user (firstname.lastname@example.org), I see that the email was mapped to keyclock. However, keyclock also requires First name and Last name.
I assume due to that reason I have “Update Account Information” form:
I have tried to configure mappers to sync First name and last name with little success…
How do I configure both keycloak and Claim Issuance Policy to also exchange this data?