Hi,
In our Keycloak setup (ver 4.4.0) we have a master realm configured to authenticate users
in a Windows AD. We heavily use SAML and OIDC and both work great.
Is there a way to restrict access to a OIDC client based on a group membership ? I’ve been
reading up the docs and trying to get this working without success.
For example, let’s say we have 2 clients;
client-dev-api
client-prod-api
Can I configure Keycloak to issue JWT token for client-dev-api to members of AD group
“Developers” and client-prod-api to members AD group “Production” ?
Any guidance on getting this to work would be appreciated.
Thanks.
--Prashant