The short answer is yes.
You probably mean additional authorization, given the tags you used (XACML). Usually you use AD / LDAP to authenticate with the application. After you retrieve the user roles and groups, you can then call the decision point (PDP) from both the interceptor and the application requesting authentication. The PDP then authorizes the request using XACML policies.