[keycloak-user] Mapping in additional user roles

[Tom Barber]

Hi folks,

This may have a simple answer in which case I apologise.

I’ve been tasked with fronting some web apps with Keycloak connected via
SAML to AD FS as the ID provider.

I found this
http://blog.keycloak.org/2017/03/how-to-setup-ms-ad-fs-30-as-brokered.html so
planned to do similar.

The next issue I face is that the AD FS service is hosted by a different
entity and we don’t have the ability to change yet we need to map roles in.

What extension points are there available to us in Keycloak that allows a
user to login but then have us assign roles by looking them up in a
*different* AD server and pulling their roles from there?

Thanks

Tom

-- 


Spicule Limited is registered in England & Wales. Company Number: 
09954122. Registered office: First Floor, Telecom House, 125-135 Preston 
Road, Brighton, England, BN1 6AF. VAT No. 251478891.




All engagements 
are subject to Spicule Terms and Conditions of Business. This email and its 
contents are intended solely for the individual to whom it is addressed and 
may contain information that is confidential, privileged or otherwise 
protected from disclosure, distributing or copying. Any views or opinions 
presented in this email are solely those of the author and do not 
necessarily represent those of Spicule Limited. The company accepts no 
liability for any damage caused by any virus transmitted by this email. If 
you have received this message in error, please notify us immediately by 
reply email before deleting it from your system. Service of legal notice 
cannot be effected on Spicule Limited by email.