SAML based Client- group Based Authentication

Skmishra · March 26, 2021, 4:14am

Dear All,

can anyone please help me on group based authentication for SAML based client.

Use case- i have two client:

one is with OpenID connect and other is with SAML.

we have 2 group in AD and there is mandate requirement that, only one group member should login to SAML based client.

we don’t want to go with multiple REALM.

can anyone please help me on this.

Thanks.

snadmin · June 16, 2021, 3:49pm

I too am in a similar situation. Seeking guidance on how to restrict SAML client connection based on Group membership.

mbonn · June 17, 2021, 7:23am

Hello,

I solved this writing a JavaScript based Authenticator, as described here:
https://www.keycloak.org/docs/latest/server_development/index.html#_script_providers

In the authenticator, you can check the user’s account properties to decide wheather to authenticate or not.
Add the execution of this authenticator to the login flow.

Regards, Matthias

Topic		Replies	Views
Restrict SAML App via Groups	0	271	June 23, 2021
Use SAML Protocol, Is it possible to set a client that can log in per user in one realm Getting advice authentication , saml	4	467	April 14, 2020
LDAP AD group permissions authentication	3	1657	March 11, 2021
SAML Attribute to Group Mapper Extending the server saml	0	505	January 28, 2022
24h SAML for some, regular SAML for others Getting advice	0	379	April 22, 2022

SAML based Client- group Based Authentication

Related Topics