Re: [keycloak-user] group federation?

There is no real group federation support in Keycloak and we probably won't add it due the big complexity. However what you can do is to create Group LDAP mapper (See tab "mappers" in the admin console when you're on the page with your LDAP provider). When you do it, you have the possibility to sync the groups from LDAP to the Keycloak, and have your users from LDAP to be seen as members of the particular Keycloak groups. This approach has some (hopefully) minor limitations. For example when you synced the groups from LDAP to Keycloak and then you remove group "abc" from LDAP, the group will be still visible in Keycloak. But most of the cases, the groups mapper approach should be sufficient. Marek On 26/11/2018 16:39, Wyllys Ingersoll wrote: > We have a realm configured to get federated users from our Active Directory > domain server. Is there a way to also get the list of federated group > information for each user (i.e. include the AD groups that the AD user is a > member of in the federated user information) ? > > thanks... > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user