Search code examples
keycloakkeycloak-services

Keycloak 'ID' as an Attribute Release to a Client

Could the ID for a user be retrieved to be sent as a SAML attribute to a Client?

Thank you.

enter image description here

Solution

  • I have not work with SAML before but I think that what you want can be done by:

    • Go to the Realm where the client is;
    • Go to the Client;
    • Select Mappers;
    • Click on [Create];
    • As mapper type chose Javascript Mapper;
    • In the script type user.id
    • Fill up the rest accordingly, and click [save];

    enter image description here

    As pointed out by @Jan Garaj in the comments:

    Script for Javascript Mapper is (already/still) deprecated feature and it may be removed in the further Keycloak release.

    You can use a User Property Mapper:

    • Go to the Realm where the client is;
    • Go to the Client;
    • Select Mappers;
    • Click on [Create];
    • As mapper type chose User Property;
    • In the property type id
    • Fill up the rest accordingly, and click [save];

    enter image description here