[keycloak-user] Active Directory Federated Services SAML Identity Provider; Pass groups thru

[Jason Hobbs]

Thanks, Bill.

I was hoping for something similar to the Role Mappings used with User
Federation via LDAP.  We have that working well with AD, but wanted to try
the SAML route to evaluate it.  I don't see a mapper like that wherein we
can create a single mapping in the IDP configuration and have it propagate
the groups in the SAML assertion to Realm Roles.  I did find a way to
create a mapping per Role, but we have too many roles for that to scale
well.

If we're better off just sticking with LDAP integration, and perhaps adding
Kerberos to that, then I'm fine with that.  Would that be your
recommendation?

-- 
**********************************************************
Privileged and/or confidential information may be contained in this 
message. If you are not the addressee indicated in this message (or are not 
responsible for delivery of this message to that person) , you may not copy 
or deliver this message to anyone. In such case, you should destroy this 
message and notify the sender by reply e-mail.
If you or your employer do not consent to Internet e-mail for messages of 
this kind, please advise the sender.
Shaw Industries does not provide or endorse any opinions, conclusions or 
other information in this message that do not relate to the official 
business of the company  or its subsidiaries.
**********************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160419/46d1a3d6/attachment.html