I configured two instances of keycloak: one as an Identity provider and the other one for some testing. Let’s call them IdP and Test.
Now I configured an identity provider (SAML) pointing to IdP, where a client was created to handle the requests from Test. On Test, I even created some mappers so that the user returned from IdP would have First Name, Surname, and e-mail.
But so far, the only thing I got was the username, after configuring NameID to unspecified.
I have two questions:
1 - How can I get these attributes from IdP into Test? I have Test on debug mode, and I don’t see any other attribute on the response (a few “role” attributes).
2 - When problem 1 is solved, can I prevent users to edit the data returned by the IdP?