[keycloak-user] group federation?
Wyllys Ingersoll
wyllys.ingersoll at keepertech.com
Wed Dec 5 09:10:33 EST 2018
I eventually figured out that the Group LDAP Mapper was the thing I needed,
but thanks for the response.
-Wyllys
On Wed, Dec 5, 2018 at 3:17 AM Marek Posolda <mposolda at redhat.com> wrote:
> There is no real group federation support in Keycloak and we probably
> won't add it due the big complexity.
>
> However what you can do is to create Group LDAP mapper (See tab
> "mappers" in the admin console when you're on the page with your LDAP
> provider). When you do it, you have the possibility to sync the groups
> from LDAP to the Keycloak, and have your users from LDAP to be seen as
> members of the particular Keycloak groups.
>
> This approach has some (hopefully) minor limitations. For example when
> you synced the groups from LDAP to Keycloak and then you remove group
> "abc" from LDAP, the group will be still visible in Keycloak. But most
> of the cases, the groups mapper approach should be sufficient.
>
> Marek
>
> On 26/11/2018 16:39, Wyllys Ingersoll wrote:
> > We have a realm configured to get federated users from our Active
> Directory
> > domain server. Is there a way to also get the list of federated group
> > information for each user (i.e. include the AD groups that the AD user
> is a
> > member of in the federated user information) ?
> >
> > thanks...
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
More information about the keycloak-user
mailing list