We are in the process of integrating SAML authentication for an application we deploy on AWS Appstream 2.0. We expected to keep receiving the original username in the AppStream_UserName environment variable, but we are getting an id or token. Is there any way we can use it to retrieve the original username from our application, which is a classic .NET desktop application? We are using Keycloak as identity provider.
I'm aware of the answer in How do I get the current user from within an AWS AppStream?, but we are likely to have tens if not hundreds of users and, if I understood the answer correctly, it would complicate user management considerably.
It turns out that the username format is not defined by either SAML or Appstream, but is in fact a Keycloak setting. The SAML Client configuration page has a Name ID Format field which may be set to either username or email to obtain a familiar value. You may need to also set the Force Name ID Format toggle to override request-level policies.