Hi,
We have connected our Keycloak to our organisations Shibboleth idP for SSO and now we can login and create users with the released attributes from our idP.
Unfortunately as a “best practise” the idP only releases some attributes as default and all other attributes are only released “if required” (onlyIfRequired) in the idP.
Have added som attrbutes as requested but cannot find if it is possible to add ‘isRequired=“true”’?
Part of the metadata from Keycloak
<md:AttributeConsumingService index="1" isDefault="true">
<md:ServiceName xml:lang="en">HiG KeyCloak Kubtest</md:ServiceName>
<md:RequestedAttribute FriendlyName="norEduPersonNIN" Name="norEduPersonNIN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
<md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="eduPersonPrincipalName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
<md:RequestedAttribute FriendlyName="higPrimaryAffiliation" Name="higPrimaryAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
<md:RequestedAttribute FriendlyName="cn" Name="cn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
<md:RequestedAttribute FriendlyName="mail" Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
<md:RequestedAttribute FriendlyName="givenName" Name="givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
<md:RequestedAttribute FriendlyName="higAffiliation" Name="higAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
<md:RequestedAttribute FriendlyName="sn" Name="sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
</md:AttributeConsumingService>
Is it possible to require attributes from a SAML idP?