I eventually figured out that the Group LDAP Mapper was the thing I needed,
but thanks for the response.
-Wyllys
On Wed, Dec 5, 2018 at 3:17 AM Marek Posolda <mposolda(a)redhat.com> wrote:
There is no real group federation support in Keycloak and we
probably
won't add it due the big complexity.
However what you can do is to create Group LDAP mapper (See tab
"mappers" in the admin console when you're on the page with your LDAP
provider). When you do it, you have the possibility to sync the groups
from LDAP to the Keycloak, and have your users from LDAP to be seen as
members of the particular Keycloak groups.
This approach has some (hopefully) minor limitations. For example when
you synced the groups from LDAP to Keycloak and then you remove group
"abc" from LDAP, the group will be still visible in Keycloak. But most
of the cases, the groups mapper approach should be sufficient.
Marek
On 26/11/2018 16:39, Wyllys Ingersoll wrote:
> We have a realm configured to get federated users from our Active
Directory
> domain server. Is there a way to also get the list of federated group
> information for each user (i.e. include the AD groups that the AD user
is a
> member of in the federated user information) ?
>
> thanks...
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user