[keycloak-user] Group Policy - Claim?

[christian lutz]

Hello,

yesterday I played a bit with the Group Policy. https://issues.jboss.org/browse/KEYCLOAK-3168
But I didn't understand how it should work, the documentation for it is missing.

Assume I do have a user X part of the group A/B/C
All I expected to be required in the group policy is that I had to select a group like A/B/C.
During the policy check the corresponding identity groups will be loaded and checked against the group policy groups.

So with this mental model I am complete wrong, because of the group claim. Within the policy I have to provide a group claim
and within the GroupPolicyProvider based an the group claim a identity (user) attribute will be loaded. 

Please could somebody explain to me how this is expected to work?




Mit freundlichen Grüßen / with best regards


christian lutz / B. Sc.
software engineering  

inovel elektronik gmbh 
inovel systeme AG 
gebhardstr. 7 
88046 friedrichshafen

phone  +49 (0) 7541 39900-35
fax      +49 (0) 7541 39900-99
mail     christianlutz at inovel.de
web    www.inovel.de




inovel elektronik gmbh
general manager: axel dittus, robert steinhauser
hrb 632191 amtsgericht ulm; VAT Reg. No.: DE811926597

inovel systeme AG
board of management: markus spinnenhirn (chairman), axel dittus, robert steinhauser
chairman of the supervisory board: joachim zodel
registered office: friedrichshafen; hrb 728443 amtsgericht ulm; VAT Reg. No.: DE814611877



This email (including any attachments) may contain confidential and/or privileged information or information otherwise 
protected from disclosure. If you are not the intended recipient, please notify the sender immediately, do not copy this 
message or any attachments and do not use it for any purpose or disclose its content to any person, but delete this 
message and any attachments from your system. inovel disclaims any and all liability if this email transmission was virus 
corrupted, altered or falsified.