Available User Session Data

After a user logs in from the external IDP, there’s some additional user session note data that Keycloak stores that you can access. This data can be propagated to the client requesting a login via the token or SAML assertion being passed back to it by using an appropriate client mapper.


This is the IDP alias of the broker used to perform the login.


This is the IDP username of the currently authenticated user. This is often same like the Keycloak username, but doesn’t necessarily needs to be. For example Keycloak user john can be linked to the Facebook user [email protected], so in that case value of user session note will be [email protected] .

You can use a Protocol Mapper of type User Session Note to propagate this information to your clients.