[keycloak-user] retrieving group membership info from LDAP/AD

Mahantesh Prasad Katti Mahantesh.Katti at Indecomm.net
Wed Dec 30 12:42:00 EST 2015


Hi All,

In our application, we integrate with Microsoft AD for authenticating users. As part of the authentication result, we also fetch group information for the user authenticated. We also have a pre-defined group-role mapping defined in the application server [This is a JEE configuration file]. This helps decide whether a particular user based on the role he belongs to can access a resource or not. I read another thread "Apply group membership filter on ldap login <http://lists.jboss.org/pipermail/keycloak-user/2015-December/003982.html> " on similar lines. Couple of clarifications.


1.       Based on what I read there is no feature to get roles and map them to specific roles in keycloak and would be available in a future release. I just wanted to understand if my reading of this is on the right lines. Also, wanted to know if there's a workaround for this in the short term.

2.       Also does keycloak provide fine grained access control on the lines of apache shiro?

Thanks
Prasad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151230/c55c50ff/attachment.html 


More information about the keycloak-user mailing list