Used Zammad installation type: (source, package, docker-compose, …) package
Operating system: Debian 10
Browser + version: Firefox 89.0b15 (64-Bit)
I connected my Keycloak instance with the Zammad instance over SAML.
I can log in and the account is linked with the saml user but the EMail Field is not filled in the Admin Interface.
I see the same behaviour here, the account is created just as it should, but the email address is empty.
On Zammad side, I have setup the name identifier format as mentioned in the documentation to:
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
On Keycloak side, I had to change the mapping for the email stuff to use the username field and add a second mapping for the SAML emailAddress attribute
So on keycloak:
Name: first_name
Mapper type: User property
Property: firstName
SAML Attribute Name: first_name
Zammad does not allow attribute mapping apart from firstname, lastname, login and email.
Even if it would, it wouldn’t help you in organization context because that’s a field you can’t map even with ldap.