Good morning,
Today for SSSD Federation storage everything is read-only. This
is pretty much because we don't have any way to synchronize the changes
made at the admin console back to SSSD.
QE identified this bug[1], that kind of affects LDAP federation provider
in read-only mode too. Correct if I'm wrong, but in theory, if the federation
provider is read-only, people should not be able to edit groups or
roles.
Do we anything in the new API to prevent people from changing roles and
groups when the Federation provider is read-only?
[1] -
https://issues.jboss.org/browse/KEYCLOAK-3904
--
abstractj
PGP: 0x84DC9914