[keycloak-user] Prompting user to select "active" group

[Richard Abdill]

Hi all, kind of a peculiar question for the group: We currently have a
login system set up with Keycloak in which users can successfully log in
and have their group membership imported via SSSD. The unusual part is what
needs to happen next: If a user is a member of multiple groups, we need to
present a prompt for the user to select a single group to use for this
particular session. For example, if a user is a member of groups "alpha,"
"secondary," and "seven," we want to ask them which group they're going to
be "in" for this session, and then send along only *that* group in the
assertion, rather than all of them, as it's doing now.

We're trying to figure out a way to accomplish this, and I thought it'd be
best to check with the community to see if anyone has dealt with a similar
issue or happened to know about a package that does something like this.
I'm guessing a custom post-login flow is what's needed, but does anyone
have any thoughts?

Best,
Rich