Technical help with the design

Hi Team,

I have few questions with the design

  1. I am integrating the keycloak with an ADFS server. Access to the applications is based on the user permissions which are controlled by AD groups. Will I be able to create the mappers to automatically fetch the AD group details from SAML assertion and update the roles within Keycloak ?

  2. in User federation using LDAP, if the user try to login to the application will their username/password validated against LDAP server by Keycloak ? Will it sync the user password in keycloak database ?

Thanks in advance