Hi All,
In our application, we integrate with Microsoft AD for authenticating users. As part of
the authentication result, we also fetch group information for the user authenticated. We
also have a pre-defined group-role mapping defined in the application server [This is a
JEE configuration file]. This helps decide whether a particular user based on the role he
belongs to can access a resource or not. I read another thread "Apply group
membership filter on ldap login
<
http://lists.jboss.org/pipermail/keycloak-user/2015-December/003982.html> " on
similar lines. Couple of clarifications.
1. Based on what I read there is no feature to get roles and map them to specific
roles in keycloak and would be available in a future release. I just wanted to understand
if my reading of this is on the right lines. Also, wanted to know if there's a
workaround for this in the short term.
2. Also does keycloak provide fine grained access control on the lines of apache
shiro?
Thanks
Prasad