[keycloak-user] Is keycloak the tool I'm looking for? selective AD user sync
Marek Posolda
mposolda at redhat.com
Thu Aug 9 03:43:37 EDT 2018
On 08/08/18 12:58, jlord87 at gmail.com wrote:
> Too bad, I would have probably needed the opposite, some kind of "user
> propagation".Would it makes any sense to create a realm for each AD and
> configure as Identity provider another "master" realm - acting as
> centralized user repository - in wich I would create a client template
> for every AD?
>>> But what we love about Keycloak is its ultimate extensibility, soI
>>> wouldn't rule out the possibility of implementing this with the
>>> help of an extension.
Not sure I understand whole context.
Just a note, that if you have Keycloak realm configured with multiple
different MSAD servers as LDAP providers, you can then configure one of
the MSAD servers with the flag "Sync registrations" to ON. Then if you
create new user in Keycloak, it will be propagated to this MSAD, which
you configured with the "Sync registrations" flag ON.
Marek
More information about the keycloak-user
mailing list