[keycloak-user] group federation?
mposolda at redhat.com
Wed Dec 5 03:17:15 EST 2018
There is no real group federation support in Keycloak and we probably
won't add it due the big complexity.
However what you can do is to create Group LDAP mapper (See tab
"mappers" in the admin console when you're on the page with your LDAP
provider). When you do it, you have the possibility to sync the groups
from LDAP to the Keycloak, and have your users from LDAP to be seen as
members of the particular Keycloak groups.
This approach has some (hopefully) minor limitations. For example when
you synced the groups from LDAP to Keycloak and then you remove group
"abc" from LDAP, the group will be still visible in Keycloak. But most
of the cases, the groups mapper approach should be sufficient.
On 26/11/2018 16:39, Wyllys Ingersoll wrote:
> We have a realm configured to get federated users from our Active Directory
> domain server. Is there a way to also get the list of federated group
> information for each user (i.e. include the AD groups that the AD user is a
> member of in the federated user information) ?
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
More information about the keycloak-user