[keycloak-user] Active Directory Federated Services SAML Identity Provider; Pass groups thru

Bill Burke bburke at redhat.com
Mon Apr 18 15:37:42 EDT 2016 

You need to define a mapper in our SAML identity provider config to 
import the things you want.

On 4/18/2016 1:04 PM, Jason Hobbs wrote:
> I'm trying to use ADFS as a SAML identity provider, then use OIDC to 
> authenticate an application on JBoss EAP.
>
> The IDP redirects to AD and back to Keycloak seem to work fine, and a 
> list of groups is provided as an assertion.  When I debug within the 
> protected application, however, the groups from the SAML assertion are 
> not passed through.  If I make a role in Keycloak and manually assign 
> it to a user, it does get passed through.
>
> Is this something that should be supported and I'm just not 
> configuring something right?
>
> Environment: Keycloak 1.9.2.Final running on OpenShift Enterprise 3.1.
>
> ----
>
> Jason Hobbs
>
> Lead Engineer Shop Floor Systems
>
> Email: Jason.Hobbs at shawinc.com <mailto:Jason.Hobbs at shawinc.com> | 
>  Office: (706) 532-3858  | Calendar 
> <https://www.google.com/calendar/embed?src=jason.hobbs@shawinc.com&ctz=America/New_York&mode=week&pli=1>
>
> Shaw Industries Group Inc.  | 201 S. Hamilton St., Dalton, GA 30720  | 
>  MD 0IS-01  | shawfloors.com <http://shawfloors.com/>
>
> **********************************************************
> Privileged and/or confidential information may be contained in this 
> message. If you are not the addressee indicated in this message (or 
> are not responsible for delivery of this message to that person) , you 
> may not copy or deliver this message to anyone. In such case, you 
> should destroy this message and notify the sender by reply e-mail.
> If you or your employer do not consent to Internet e-mail for messages 
> of this kind, please advise the sender.
> Shaw Industries does not provide or endorse any opinions, conclusions 
> or other information in this message that do not relate to the 
> official business of the company  or its subsidiaries.
> **********************************************************
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160418/d9dd1a15/attachment.html

More information about the keycloak-user mailing list