SAML based Client- group Based Authentication

Dear All,

can anyone please help me on group based authentication for SAML based client.

Use case- i have two client:

one is with OpenID connect and other is with SAML.

we have 2 group in AD and there is mandate requirement that, only one group member should login to SAML based client.

we don’t want to go with multiple REALM.

can anyone please help me on this.


I too am in a similar situation. Seeking guidance on how to restrict SAML client connection based on Group membership.


I solved this writing a JavaScript based Authenticator, as described here:

In the authenticator, you can check the user’s account properties to decide wheather to authenticate or not.
Add the execution of this authenticator to the login flow.

Regards, Matthias