[keycloak-user] can't resolve groups from multiple group mappers
Tiemen Ruiten
t.ruiten at rdmedia.com
Thu Sep 28 04:28:59 EDT 2017
Hm, I wrote this down the wrong way, apologies. What I meant to say was
that the *access* groups don't have any members, which they should have
from the user groups. Looks like my issue is
https://issues.jboss.org/browse/KEYCLOAK-1797. Nested groups are quite
common in Active Directory, it would be nice if this issue could receive
some attention.
On 28 September 2017 at 09:41, Marek Posolda <mposolda at redhat.com> wrote:
> Not expected. It should work and our tests are passing. Looks like some
> mis-configuration or something. We have an example in keycloak-examples
> distribution called "ldap" . Here you can see some example how can LDAP
> role be configured (no example for group-mapper yet, but it's quite similar
> to role mapper)
>
> Marek
>
>
> On 26/09/17 12:04, Tiemen Ruiten wrote:
>
>> Hello,
>>
>> I'm testing with the following setup:
>>
>> In our Active Directory, which is federated to Keycloak, we have a
>> container with 'access' groups (groups that are used to give access to
>> certain applications, akin to Keycloak roles) and a container for 'user'
>> groups (eg. sales, it, marketing etc.). Users are always only direct
>> members of a user group. The access groups can only have user groups as
>> members, never users.
>>
>> In Keycloak, I have created two LDAP-group-mappers for both containers,
>> but
>> unfortunately, none of the user groups show any members. Is this expected?
>>
>> Using Keycloak 3.2.1 Final.
>>
>>
>
--
Tiemen Ruiten
Systems Engineer
R&D Media
More information about the keycloak-user
mailing list