Hi All,
In our application, we integrate with Microsoft AD for authenticating users. As part of the authentication result, we also fetch group information for the user authenticated. We also have a pre-defined group-role mapping defined in the
application server [This is a JEE configuration file]. This helps decide whether a particular user based on the role he belongs to can access a resource or not. I read another thread “Apply
group membership filter on ldap login ” on similar lines. Couple of clarifications.
1.
Based on what I read there is no feature to get roles and map them to specific roles in keycloak and would be available in a future release. I just wanted to understand if my reading of this is on the right lines. Also, wanted to know
if there’s a workaround for this in the short term.
2.
Also does keycloak provide fine grained access control on the lines of apache shiro?
Thanks
Prasad