<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
You need to define a mapper in our SAML identity provider config to
import the things you want.<br>
<br>
<div class="moz-cite-prefix">On 4/18/2016 1:04 PM, Jason Hobbs
wrote:<br>
</div>
<blockquote
cite="mid:CAEfK7HoGidbr+Mey1gw5=CKfwgoDnDfmCj6JRao4zSQ9ev98dQ@mail.gmail.com"
type="cite">
<div dir="ltr">I'm trying to use ADFS as a SAML identity provider,
then use OIDC to authenticate an application on JBoss EAP.
<div><br>
</div>
<div>The IDP redirects to AD and back to Keycloak seem to work
fine, and a list of groups is provided as an assertion. When
I debug within the protected application, however, the groups
from the SAML assertion are not passed through. If I make a
role in Keycloak and manually assign it to a user, it does get
passed through. </div>
<div><br>
</div>
<div>Is this something that should be supported and I'm just not
configuring something right?</div>
<div><br>
</div>
<div>Environment: Keycloak 1.9.2.Final running on OpenShift
Enterprise 3.1.</div>
<div><br clear="all">
<div>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><font size="1">----</font><br>
<span>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;color:rgb(32,18,77);font-weight:bold;vertical-align:baseline;white-space:pre-wrap">Jason Hobbs</span></p>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11px;font-family:Arial;color:rgb(68,68,68);vertical-align:baseline;white-space:pre-wrap">Lead Engineer Shop Floor Systems</span></p>
<p dir="ltr"
style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11px;font-family:Arial;color:rgb(68,68,68);vertical-align:baseline;white-space:pre-wrap">Email: </span><span style="font-size:11px;font-family:Arial;color:rgb(17,85,204);vertical-align:baseline;white-space:pre-wrap"><a moz-do-not-send="true" href="mailto:Jason.Hobbs@shawinc.com" target="_blank">Jason.Hobbs@shawinc.com</a></span><span style="font-size:11px;font-family:Arial;color:rgb(68,68,68);vertical-align:baseline;white-space:pre-wrap"> | Office: (706) 532-3858 | </span><a
moz-do-not-send="true"
href="https://www.google.com/calendar/embed?src=jason.hobbs@shawinc.com&ctz=America/New_York&mode=week&pli=1"
style="text-decoration:none"
target="_blank"><span style="font-size:11px;font-family:Arial;color:rgb(17,85,204);text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">Calendar</span></a></p>
<span style="font-size:11px;font-family:Arial;color:rgb(68,68,68);font-weight:bold;vertical-align:baseline;white-space:pre-wrap">Shaw Industries Group Inc. | </span><span style="font-size:11px;font-family:Arial;color:rgb(68,68,68);vertical-align:baseline;white-space:pre-wrap">201 S. Hamilton St., Dalton, GA 30720 | MD 0IS-01 | </span><a
moz-do-not-send="true"
href="http://shawfloors.com/"
style="text-decoration:none"
target="_blank"><span style="font-size:11px;font-family:Arial;color:rgb(17,85,204);text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">shawfloors.com</span></a></span><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div><font size="1" face="Arial">******************************<wbr>****************************</font></div>
<div><font size="1" face="Arial">Privileged and/or confidential
information may be contained in this message. If you are not
the addressee indicated in this message (or are not
responsible for delivery of this message to that person) , you
may not copy or deliver this message to anyone. In such case,
you should destroy this message and notify the sender by reply
e-mail.</font></div>
<div><font size="1" face="Arial">If you or your employer do not
consent to Internet e-mail for messages of this kind, please
advise the sender.</font></div>
<div><font size="1" face="Arial">Shaw Industries does not provide
or endorse any opinions, conclusions or other information in
this message that do not relate to the official business of
the company or its subsidiaries.</font></div>
<div><font size="1" face="Arial">******************************<wbr>****************************</font></div>
<div><br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a class="moz-txt-link-freetext" href="http://bill.burkecentral.com">http://bill.burkecentral.com</a></pre>
</body>
</html>