diff --git a/CHANGELOG.md b/CHANGELOG.md
index 63c0de79..13a9cb93 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -41,6 +41,7 @@ to remain consistent with CLI flags. You should specify `code_challenge_method`
 - [#1750](https://github.com/oauth2-proxy/oauth2-proxy/pull/1750) Fix Nextcloud provider
 - [#1574](https://github.com/oauth2-proxy/oauth2-proxy/pull/1574) Add Azure groups support and Azure OAuth v2.0 (@adriananeci)
 - [#1851](https://github.com/oauth2-proxy/oauth2-proxy/pull/1851) Bump golang to 1.19 and min allowed version to 1.18
+- [#1815](https://github.com/oauth2-proxy/oauth2-proxy/pull/1815) Keycloak: save user and preferredUsername in session to populate headers for the backend (@babs)
 
 # V7.3.0
 
diff --git a/providers/keycloak.go b/providers/keycloak.go
index 7cab75c7..9b7510be 100644
--- a/providers/keycloak.go
+++ b/providers/keycloak.go
@@ -98,6 +98,20 @@ func (p *KeycloakProvider) EnrichSession(ctx context.Context, s *sessions.Sessio
 	}
 	s.Email = email
 
+	preferredUsername, err := json.Get("preferred_username").String()
+	if err == nil {
+		s.PreferredUsername = preferredUsername
+	}
+
+	user, err := json.Get("user").String()
+	if err == nil {
+		s.User = user
+	}
+
+	if s.User == "" && s.PreferredUsername != "" {
+		s.User = s.PreferredUsername
+	}
+
 	return nil
 }