I want to pass a custom dynamic attribute say custom_parameter=your-parameter-value in login uri :
https://keycloak-server/realms/your-realm/protocol/openid-connect/auth?client_id=your-client-id&redirect_uri=your-redirect-uri&response_type=code&scope=openid&state=your-state-value&custom_parameter=your-parameter-value
After this there's a login with saml button which redirects me to saml idp
And I want custom_parameter value to be read by saml IDP somehow and bind it to SAMLAssertion and send the custom attribute to destination sp
To make IDP read the query params and add it to saml assertion requires a mapper. Is it possible maybe via Script mapper in Keycloak to fetch custom_parameter into a mapper and add it to SAMLAssertion attribute?
I tried various other mappers but none of them gives me the ability to pass on custom parameter from client to keycloak's IDP. Other mappers requires data to be present in user attribute or client attribute.
My expectations are
- I send a custom attribute to keycloak as query params in keycloak's login uri
- Keycloak as an IDP when verifies the user should add that custom attribute as saml attribute
- SAMLAssertion will be sent to target SP which can use that attribute as per it's requirement