IDP Mapper Setup in Shakudo Keycloak

This document provides detailed guidance for setting up Identity Provider (IDP) mappers in Shakudo Keycloak. These mappers are essential for translating identity provider attributes into Shakudo Keycloak-specific roles and user representations.

Prerequisites

Before proceeding with this setup, ensure that you have:

• A running Shakudo Keycloak instance.
• Administrative access to the Shakudo Keycloak Admin Console.

Steps to Set Up IDP Mapper in Shakudo Keycloak

1. Log in to the Shakudo Keycloak Admin Console

   • Open your Shakudo Keycloak Admin Console.
   • Enter your administrator credentials to access the dashboard.

2. Navigate to Identity Providers

   • In the left-hand navigation panel, click on Identity Providers to view the list of configured identity providers.

3. Select Your Identity Provider

   • Click on the name of the identity provider you wish to configure. This will take you to the settings for that particular provider.

4. Add a Mapper

   • Go to the Mappers tab.
   • Click Add to create a new mapper.
   • Fill in the required fields such as Name, Mapper Type, Attribute Name, etc.
   • Configure the other settings, including claim mapping, attribute mapping, etc.

5. Save the Configuration

   • After configuring the settings, click Save to apply changes.

6. Test the Configuration

   • Ensure that the mapper works as expected by testing it through a login flow.

Reference these steps during the configuration process to ensure correct setup and integration across your services.

Example: Azure AD Integration

This section provides a step-by-step example for configuring Azure AD to correctly import preferred_username as both email and username in Shakudo Keycloak using IDP mappers.

Step-by-Step Configuration

1. Access Azure AD Configuration:
   • Log in to the Azure portal.
   • Navigate to Azure Active Directory and select App registrations.

2. Shakudo Keycloak IDP Mapper Setup:

   • Log in to the Shakudo Keycloak Admin Console.
   • Navigate to Identity Providers and select Azure AD from your configured providers.
   • Go to the Mappers tab and click Add.

3. Create Mapper for preferred_username:

   • Set the Name to "Preferred Username to Email".
   • Choose Mapper Type as Attribute Importer.
   • Set Attribute Name to preferred_username.
   • Map this attribute to the email and username fields in Shakudo Keycloak by setting User Attribute Name to email, then create another mapper setting it to username.

4. Save the Configuration:

   • Click Save for both mappers to save your configurations.

5. Test the Integration:

   • Perform a test login using Azure AD credentials.
   • Verify that the preferred_username is correctly mapped in Shakudo Keycloak as both email and username.

By following these steps, you can ensure that Azure AD is configured to pass the preferred_username correctly to Shakudo Keycloak, where it will be mapped to the email and username fields for user accounts.