Probable Cause:
Keycloak has not been configured to include necessary attributes (such as email, givenName, or surname) in the SAML assertion.
Solution:
- In Keycloak admin → Clients → Client Scopes → select your WordPress client.
- Go to the Mappers tab.
- Click Add Builtin and add attributes such as:
- X500 email
- X500 givenName
- X500 surname to ensure those attributes are sent in the SAML response.
- Save mappings.
- In WordPress plugin → Attribute/Role Mapping, map the incoming attribute values correctly.
Still need help?
Contact us at samlsupport@xecurify.com
