[keycloak-user] basic saml attribute send question
lists
lists at merit.unu.edu
Tue May 23 06:33:08 EDT 2017
Hi,
Running keycloak 2.5.0 with AD federation provider. We configured the
group-ldap-mapper, this all works beautifully.
Created a simplesamlphp test page, and all AD groups memberships are
displayed in a list after a successful logon. Good start.
But now, to make this more secure and confidential, we would like to NOT
display ALL groups after login, but only send specific SAML attributes,
depending on group memberships.
So suppose a user is member of AD group1, group2 and group3. We would
like to make a config to sent attribute "group1", but keep the rest of
the groups hidden.
I'm sure this _very_ basic functionality... But can anyone give us some
pointers/keywords how to do this..?
Best regards,
MJ
More information about the keycloak-user
mailing list