[keycloak-user] Active Directory Federated Services SAML Identity Provider; Pass groups thru
Jason Hobbs
jason.hobbs at shawinc.com
Tue Apr 19 08:18:34 EDT 2016
Thanks, Bill.
I was hoping for something similar to the Role Mappings used with User
Federation via LDAP. We have that working well with AD, but wanted to try
the SAML route to evaluate it. I don't see a mapper like that wherein we
can create a single mapping in the IDP configuration and have it propagate
the groups in the SAML assertion to Realm Roles. I did find a way to
create a mapping per Role, but we have too many roles for that to scale
well.
If we're better off just sticking with LDAP integration, and perhaps adding
Kerberos to that, then I'm fine with that. Would that be your
recommendation?
--
**********************************************************
Privileged and/or confidential information may be contained in this
message. If you are not the addressee indicated in this message (or are not
responsible for delivery of this message to that person) , you may not copy
or deliver this message to anyone. In such case, you should destroy this
message and notify the sender by reply e-mail.
If you or your employer do not consent to Internet e-mail for messages of
this kind, please advise the sender.
Shaw Industries does not provide or endorse any opinions, conclusions or
other information in this message that do not relate to the official
business of the company or its subsidiaries.
**********************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160419/46d1a3d6/attachment.html
More information about the keycloak-user
mailing list