libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Merge pull request #3554 from hassaneinaltememyictu/2.3.0-ictu-change-role-attributeToRoleMapper

Browse source 
grant the new role from the saml token if it exist
This commit is contained in:
Bill Burke 2016-12-03 13:43:40 -05:00 committed by GitHub
commit 0ab352706b
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
services/src/main/java/org/keycloak/broker/saml/mappers/AttributeToRoleMapper.java
View file

@ -139,10 +139,12 @@ public class AttributeToRoleMapper extends AbstractIdentityProviderMapper {
@Override @Override
public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
String roleName = mapperModel.getConfig().get(ConfigConstants.ROLE); String roleName = mapperModel.getConfig().get(ConfigConstants.ROLE);
RoleModel role = KeycloakModelUtils.getRoleFromString(realm, roleName);
if (role == null) throw new IdentityBrokerException("Unable to find role: " + roleName);
if (!isAttributePresent(mapperModel, context)) { if (!isAttributePresent(mapperModel, context)) {
RoleModel role = KeycloakModelUtils.getRoleFromString(realm, roleName);
if (role == null) throw new IdentityBrokerException("Unable to find role: " + roleName);
user.deleteRoleMapping(role); user.deleteRoleMapping(role);
}else{
user.grantRole(role);
} }
} }