HI everyone,
I’m currently facing an issue with my Keycloak setup.
I’ve successfully connected Keycloak to my LDAP directory and created user-attribute-ldap-mapper to retreive informations of my users as well as group-ldap-mapper to retreive membership informations.
This works very well for my first application client but I need to retreive the objectclass of my users for my 2nd future application.
Indeed, in my LDAP, we have custom objectclasses like this:
top>person>organizationalPerson>inetOrgPerson>internalperson>vip
top>person>organizationalPerson>inetOrgPerson>internalperson>standard
…
And each subclass (vip, standard…) gives differents custom attributes (not the same ones for each subclass).
The authorization flow in the future application will be determined by the objectclass of the user, so, how can I add this field in my SAML assertion? (firstly I want to retrieve it from the LDAP in the mapper configuration).
Is there a way to do this or Keycloak can’t retrieve objectclass attribute?
Thanks!!