Keycloak SAML NameID Mapper

Skip to first unread message


Mar 25, 2021, 9:29:57 AMMar 25
to Keycloak Dev

We need user attribute mapper for SAML NameID.
Keycloak does not have builtin NameID Mapper.
So, We are planning to implement the code for PR.
Some people make the same request.

We are thinking of adding the code for call user attribute mapper in the URL below.

What do you think?
Is this feature welcomed?

It is NameID Mapper in admin console image.

スクリーンショット 2021-03-25 22.06.05.pngスクリーンショット 2021-03-25 22.07.33.pngスクリーンショット 2021-03-25 22.07.59.png

Hynek Mlnarik

Mar 30, 2021, 8:40:35 AMMar 30
to i7a7467, Keycloak Dev
This sounds interesting, thank you! PR with tests would be nice.

Before changing the mapper logic, I suggest trying this:

1) Create the mapper as the user attribute mapper as you proposed
2) In the mapper, set SAML_NAME_ID and SAML_NAME_ID_FORMAT notes like in [1]
3) In SamlProtocol, swap lines 454 and 455 [2], and 
4) Move setting nameID from [3] into between the two lines, using the notes from client session if set by the mapper, otherwise fall back to the current implementation


You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit


Mar 31, 2021, 12:02:45 PMMar 31
to Keycloak Dev
We will try your suggestion and create a PR with integration tests.
Before writing tests, maybe we might make a Draft PR.

2021年3月30日火曜日 21:40:35 UTC+9
Reply all
Reply to author
0 new messages