I am trying to configure user synchronization between LDAP and keycloak, and I have following questions:
- Does it possible to use Identity Provider(SAML/ADFS) for authentication, and User Federation (LDAP) for authorization (assign to a group)?
- Is it possible to define mapping of user atribute (which value is e.g."##group1#group2#" to group? I mean the situation when we synchronize users from LDAP (users without group assignment) with user attribute which is also synchronized to keycloak. It possible to map user atribute to groups? I am sking for configuration in keycloak GUI, for sure it is possible via script.