SAML not returning any other attributes


I configured two instances of keycloak: one as an Identity provider and the other one for some testing. Let’s call them IdP and Test.

Now I configured an identity provider (SAML) pointing to IdP, where a client was created to handle the requests from Test. On Test, I even created some mappers so that the user returned from IdP would have First Name, Surname, and e-mail.

But so far, the only thing I got was the username, after configuring NameID to unspecified.

I have two questions:

1 - How can I get these attributes from IdP into Test? I have Test on debug mode, and I don’t see any other attribute on the response (a few “role” attributes).

2 - When problem 1 is solved, can I prevent users to edit the data returned by the IdP?