[keycloak-user] retrieving group membership info from LDAP/AD

[Mahantesh Prasad Katti]

Hi All,

In our application, we integrate with Microsoft AD for authenticating users. As part of the authentication result, we also fetch group information for the user authenticated. We also have a pre-defined group-role mapping defined in the application server [This is a JEE configuration file]. This helps decide whether a particular user based on the role he belongs to can access a resource or not. I read another thread "Apply group membership filter on ldap login <http://lists.jboss.org/pipermail/keycloak-user/2015-December/003982.html> " on similar lines. Couple of clarifications.


1.       Based on what I read there is no feature to get roles and map them to specific roles in keycloak and would be available in a future release. I just wanted to understand if my reading of this is on the right lines. Also, wanted to know if there's a workaround for this in the short term.

2.       Also does keycloak provide fine grained access control on the lines of apache shiro?

Thanks
Prasad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151230/c55c50ff/attachment.html