i piggypack this thread to showcase my keycloak extension, that adds a “Claim to Group” IDP mapper (OpenID Connect only right now)
https://github.com/JeanRibes/keycloak-idp-group-mapper
it’s a bit rough around the edges, but hey it works
the JAR is built against Keycloak 11, but you can change the version in the pom.xml and rebuild
as a side note, there is no GUI to select the group, you need to input the group ID (show in the URL when looking at a group’s details)
Hi @maartenvds Even after doing similar configuration in Keycloak I am not able to restrict access to URL only to the AD group that is being added as member in AD Application.
- AD application created with defined Redirect URI. Group Membership claim set to Application group. AD group added as member.
- Configured Azure OIDC.
- Created mapper as per the guidance.
Could you please advice what could be the error.
I think your application should handle the the case where the user is not member to a group/role. In my case users without groups are handled as guests.