Re: [keycloak-user] Active Directory Federated Services SAML Identity Provider; Pass groups thru

Thanks, Bill. I was hoping for something similar to the Role Mappings used with User Federation via LDAP. We have that working well with AD, but wanted to try the SAML route to evaluate it. I don't see a mapper like that wherein we can create a single mapping in the IDP configuration and have it propagate the groups in the SAML assertion to Realm Roles. I did find a way to create a mapping per Role, but we have too many roles for that to scale well. If we're better off just sticking with LDAP integration, and perhaps adding Kerberos to that, then I'm fine with that. Would that be your recommendation? -- ********************************************************** Privileged and/or confidential information may be contained in this message. If you are not the addressee indicated in this message (or are not responsible for delivery of this message to that person) , you may not copy or deliver this message to anyone. In such case, you should destroy this message and notify the sender by reply e-mail. If you or your employer do not consent to Internet e-mail for messages of this kind, please advise the sender. Shaw Industries does not provide or endorse any opinions, conclusions or other information in this message that do not relate to the official business of the company or its subsidiaries. **********************************************************