In Keycloak version 21.1.1, in Client scopes section (SAML type) there is a Hardcoded attribute mapper which can be used to send custom attributes in a SAML token.
Is it possible to use this Hardcoded attribute mapper based on some condition ?
For example, phpIPAM expects is_admin=true attribute to grant Administrator role to a user, but obviously we don't want all users to have this attribute hardcoded.
Is it possible to have a defined role (for example phpIPAM Administrator), and based on that role to hardcode or not the is_admin=true attribute in a SAML token ?
There are some third-party mappers which can be used to map role attributes as user attributes, but that is not applicable to SAML type.
