[keycloak-user] group mapper per client

Ronald Demneri ronald.demneri at amdtia.com
Mon Oct 29 11:35:32 EDT 2018


Hello everyone,

Please forgive me if this was already asked previously. After creating the LDAP connection (read-only) and some LDAP mappers, I am trying to figure out a way how to allow login to clients for users in respective groups in AD, for example for client app1 allow login to users that are members of AD_group_app1; if account is not a member of the app1 group in AD, then he should not be allowed to login. Is it also possible to do it via role mappings? Please note that we'd like to avoid modification of AD at all costs.


Thanks in advance,
Ronald


More information about the keycloak-user mailing list