in keycloak, i have defined an active directory for 'user federation'.
i have also define a client application (OpenID connect). by default, all
user (in the AD) can login the client.
now i want to restrict only certain user (e.g. by AD group, by AD attribute
value) can login the client ( i have tried the 'authorization' feature, but
it seems still allowing non-valid user to login the client [a JWT token
i have a search and find this post:
Which mention 2 methods:
- by coding a custom AD authenticator .
- by 'authorization' (failed for me...user still able to login and JWT
can you please share your way to achieve this?