Keycloak already supports adding the attributes defined in the Attribute importer to a list of <RequestedAttribute> elements of the <AttributeConsumingService> element of the SAML SP metadata. However, the attribute name format of the RequestedAttribute currently defaults to urn:oasis:names:tc:SAML:2.0:attrname-format:basic. It should be possible to configure a different format such as urn:oasis:names:tc:SAML:2.0:attrname-format:uri which is required in many profiles (e.g. eIDAS SAML Attribute Profile - Version 1.2)
The following formats should at least be supported:
urn:oasis:names:tc:SAML:2.0:attrname-format:uri,
urn:oasis:names:tc:SAML:2.0:attrname-format:basic and
Keycloak already supports adding the attributes defined in the Attribute importer to a list of
<RequestedAttribute>
elements of the<AttributeConsumingService>
element of the SAML SP metadata. However, the attribute name format of the RequestedAttribute currently defaults tourn:oasis:names:tc:SAML:2.0:attrname-format:basic
. It should be possible to configure a different format such asurn:oasis:names:tc:SAML:2.0:attrname-format:uri
which is required in many profiles (e.g. eIDAS SAML Attribute Profile - Version 1.2)The following formats should at least be supported:
urn:oasis:names:tc:SAML:2.0:attrname-format:uri
,urn:oasis:names:tc:SAML:2.0:attrname-format:basic
andurn:oasis:names:tc:SAML:2.0:attrname-format:unspecified