Notice
The examples and use cases described here are intended to show the different ways SURF Research Access Management can be used and connected to application. These examples and use cases are not always validated by SURF.
Note about connecting KeyCloak as an application.
Configuration in KeyCloak / Section "Identity Provider"
Identity Provider: https://proxy.sram.surf.nl/proxy
Advised values
When you have configured any Attribute Mappings for this Identity Provider, KeyCloak will add a section in the Metadata that the requestedAttributes are limited to the ones where you have configured a mapping for. That might not be the desired case. Normally SRAM will provide all attributes except if the metadata describes a specific set of requested attributes, them SRAM will only provide these.
If you do want to retrieve ALL attributes of a User during authentication, then you need to mention that during the you KeyCloak SP registration with SRAM. Please add the remark:
- My SP is a KeyCloak application
- I would like to retrieve ALL attributes during authentication
- Therefor 'ignore' the metadata section on "requestedAttributes"
- Please consider the metadata 'static', (do not automatically refresh it)
The Administrator of the KeyCloak SP, needs to explicitly request for metadata refresh if there is any change at the SP side.
The resulting SAML2 Metadata of a KeyCloak **Realm** can be retrieved by clicking on field after label "Endpoints":
