[keycloak-user] Mapping in additional user roles
Tom Barber
tom at spicule.co.uk
Sat Jan 5 06:26:33 EST 2019
Hi folks,
This may have a simple answer in which case I apologise.
I’ve been tasked with fronting some web apps with Keycloak connected via
SAML to AD FS as the ID provider.
I found this
http://blog.keycloak.org/2017/03/how-to-setup-ms-ad-fs-30-as-brokered.html so
planned to do similar.
The next issue I face is that the AD FS service is hosted by a different
entity and we don’t have the ability to change yet we need to map roles in.
What extension points are there available to us in Keycloak that allows a
user to login but then have us assign roles by looking them up in a
*different* AD server and pulling their roles from there?
Thanks
Tom
--
Spicule Limited is registered in England & Wales. Company Number:
09954122. Registered office: First Floor, Telecom House, 125-135 Preston
Road, Brighton, England, BN1 6AF. VAT No. 251478891.
All engagements
are subject to Spicule Terms and Conditions of Business. This email and its
contents are intended solely for the individual to whom it is addressed and
may contain information that is confidential, privileged or otherwise
protected from disclosure, distributing or copying. Any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of Spicule Limited. The company accepts no
liability for any damage caused by any virus transmitted by this email. If
you have received this message in error, please notify us immediately by
reply email before deleting it from your system. Service of legal notice
cannot be effected on Spicule Limited by email.
More information about the keycloak-user
mailing list