I successfully installed and set up Keycloak as the new SSO provider via univention-app.
I then quickly noticed that nested groups from the LDAP are not resolved.
group: all < group: all.ch < group: all.ch.basel < user: maxmuster
In the OIDC token you see only contain the group
'groups' => [ '/Domain Users', '/all.ch.basel' ],
Is it possible to get the keycloak to resolve the nested groups correctly?
The memberOf in the user object can only list the direct groups, so it doesn’t help me either.