Getting groups from Azure Active Directory IDP

JeanRibes · August 5, 2021, 5:49pm

i piggypack this thread to showcase my keycloak extension, that adds a “Claim to Group” IDP mapper (OpenID Connect only right now)
https://github.com/JeanRibes/keycloak-idp-group-mapper
it’s a bit rough around the edges, but hey it works
the JAR is built against Keycloak 11, but you can change the version in the pom.xml and rebuild

as a side note, there is no GUI to select the group, you need to input the group ID (show in the URL when looking at a group’s details)

nitinpokharna · January 5, 2023, 5:04pm

Hi @maartenvds Even after doing similar configuration in Keycloak I am not able to restrict access to URL only to the AD group that is being added as member in AD Application.

AD application created with defined Redirect URI. Group Membership claim set to Application group. AD group added as member.
Configured Azure OIDC.
Created mapper as per the guidance.
Could you please advice what could be the error.

maartenvds · January 8, 2023, 2:53pm

I think your application should handle the the case where the user is not member to a group/role. In my case users without groups are handled as guests.

Topic		Replies	Views
Is "Microsoft" Identity provider using OpenID Connect v1.0? Tips and tricks oidc	2	1194	May 6, 2023
Groups from Azure AD Configuring the server authentication , identity-brokering , oidc	5	12138	February 20, 2024
Azure AD IdP how to check group memberships and/or GUIDs Configuring the server identity-brokering , oidc	4	710	February 3, 2022
Keycloak not getting the optional claims from Azure AD Getting advice	1	296	February 19, 2024
Request groups from AD Getting advice authentication , user-federation , oidc	0	389	December 9, 2022

Getting groups from Azure Active Directory IDP

Related Topics