You need to define a mapper in our SAML identity provider config to
import the things you want.
On 4/18/2016 1:04 PM, Jason Hobbs wrote:
I'm trying to use ADFS as a SAML identity provider, then use OIDC
to
authenticate an application on JBoss EAP.
The IDP redirects to AD and back to Keycloak seem to work fine, and a
list of groups is provided as an assertion. When I debug within the
protected application, however, the groups from the SAML assertion are
not passed through. If I make a role in Keycloak and manually assign
it to a user, it does get passed through.
Is this something that should be supported and I'm just not
configuring something right?
Environment: Keycloak 1.9.2.Final running on OpenShift Enterprise 3.1.
----
Jason Hobbs
Lead Engineer Shop Floor Systems
Email: Jason.Hobbs(a)shawinc.com <mailto:Jason.Hobbs@shawinc.com> |
Office: (706) 532-3858 | Calendar
<
https://www.google.com/calendar/embed?src=jason.hobbs@shawinc.com&ctz...
Shaw Industries Group Inc. | 201 S. Hamilton St., Dalton, GA 30720 |
MD 0IS-01 |
shawfloors.com <
http://shawfloors.com/>
**********************************************************
Privileged and/or confidential information may be contained in this
message. If you are not the addressee indicated in this message (or
are not responsible for delivery of this message to that person) , you
may not copy or deliver this message to anyone. In such case, you
should destroy this message and notify the sender by reply e-mail.
If you or your employer do not consent to Internet e-mail for messages
of this kind, please advise the sender.
Shaw Industries does not provide or endorse any opinions, conclusions
or other information in this message that do not relate to the
official business of the company or its subsidiaries.
**********************************************************
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user