Hello,
If an AD group is a member of 2 other AD groups. Then if we synch AD groups to Forgerock roles, will we only get the main AD group or will Forgerock roles also show information in regards to 2 other AD groups.
Because the user effectively has privileges of 3 AD Groups. And this information somehow needs to be available via Forgerock roles.
The UI interacting with Forgerock user service OAuth2Client.getUserInfo() is more like a dummy UI and it relies on Forgerock user service to provide up to date Ad group membership info. The AD group memberships can be updated and thus UI code should get all the information from Forgerock user service.
I wanted to know if the AD Group synch to Forgerock can handle such an enterprise website scenario. Thanks