Hi,
I have been doing some development with Keycloak and specifically OpenID Connect, Password
Grant and an LDAP user federation with Active Directory. Overall everything is working
great but I am a little surprised that on a token refresh I get told that the user account
is disabled but on a login I do not. The exception to this would be if I try to login with
a disabled account after a user federation sync has occurred.
Is this a configuration issue or do you need to implement LDAP diagnostic messages for
login?
Thanks for developing a fantastic product!!
Regards
Mark