Skip to main content

Setup a SAML Identity Provider Mapper in Keycloak

Abstract

Setting Up a SAML Identity Provider Mapper in Keycloak to map user metadata and other metadata.

You can set up a SAML 2.0 identity provider (IDP) mapper in Keycloak to map PoolParty user metadata, groups and roles. You need this mapper to match PoolParty metadata (user name, email address etc.) and information related to authorization (groups and roles) with corresponding user attributes that the SAML IDP provides.

Example 1. Mapping givenname to firstname

The IDP used by your organization may store first names under the attribute givenname. PoolParty stores the first name in the attribute firstname.



To set up a SAML IDP mapper in Keycloak, refer to the Keycloak documentation.

Note

Which Mapper Type you choose and how you configure it depends on the assertions coming from your IDP. For more information, consult the Keycloak documentation.

You can choose the Mapper Type and configure the mapping.

PoolParty has the following attributes which you can map in Keycloak:

Table 3. PoolParty Attributes for Keycloak

PoolParty Attribute

Keycloak Identity Provider Mapper Type

Comment

firstName

Attribute Importer, Hardcoded Attribute

lastName

Attribute Importer, Hardcoded Attribute

email

Attribute Importer, Hardcoded Attribute

username

Attribute Importer, Hardcoded Attribute, Username Template Importer

Usernames must be unique.

roles

Advanced Attribute to Role, Hardcoded Role, SAML Attribute to Role

Use one of the special role mappers and select one of the predefined PoolParty roles as target.

groups

SAML Attribute to Group

Use one of the special role mappers and select one of the PoolParty groups as target.