unique username for brokered user

2015-04-01 10:32:47 -04:00 · 2015-04-01 10:32:47 -04:00 · 1d56805faf
commit 1d56805faf
parent 03bfca5e41
5 changed files with 36 additions and 5 deletions
--- a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
+++ b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
@ -39,6 +39,7 @@ import org.keycloak.models.OAuthClientModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.UserSessionModel;
 import org.keycloak.models.utils.KeycloakModelUtils;
 import org.keycloak.protocol.oidc.TokenManager;
 import org.keycloak.provider.ProviderFactory;
 import org.keycloak.services.managers.AppAuthManager;
@ -488,7 +489,11 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
        String username = updatedIdentity.getUsername();
        if (this.realmModel.isRegistrationEmailAsUsername() && !Validation.isEmpty(updatedIdentity.getEmail())) {
            username = updatedIdentity.getEmail();
-        } 
+        } else if (username == null) {
            username = updatedIdentity.getIdentityProviderId() + "." + updatedIdentity.getId();
        } else {
            username = updatedIdentity.getIdentityProviderId() + "." + updatedIdentity.getUsername();
        }
        if (username != null) {
            username = username.trim();
        }
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
@ -250,7 +250,7 @@ public abstract class AbstractIdentityProviderTest {
    }
    protected void doAssertFederatedUserNoEmail(UserModel federatedUser) {
-        assertEquals("test-user-noemail", federatedUser.getUsername());
+        assertEquals("kc-oidc-idp.test-user-noemail", federatedUser.getUsername());
        assertEquals(null, federatedUser.getEmail());
        assertEquals("Test", federatedUser.getFirstName());
        assertEquals("User", federatedUser.getLastName());
@ -580,7 +580,7 @@ public abstract class AbstractIdentityProviderTest {
        FederatedIdentityModel federatedIdentityModel = federatedIdentities.iterator().next();
        assertEquals(getProviderId(), federatedIdentityModel.getIdentityProvider());
-        assertEquals(federatedUser.getUsername(), federatedIdentityModel.getUserName());
+        assertEquals(federatedUser.getUsername(), federatedIdentityModel.getIdentityProvider() + "." + federatedIdentityModel.getUserName());
        driver.navigate().to("http://localhost:8081/test-app/logout");
        driver.navigate().to("http://localhost:8081/test-app");
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java
@ -1,6 +1,7 @@
 package org.keycloak.testsuite.broker;
 import org.junit.ClassRule;
 import org.junit.Test;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.representations.AccessTokenResponse;
@ -66,4 +67,29 @@ public class OIDCKeyCloakServerBrokerBasicTest extends AbstractIdentityProviderT
    protected String getProviderId() {
        return "kc-oidc-idp";
    }
    @Test
    public void testSuccessfulAuthentication() {
        super.testSuccessfulAuthentication();
    }
    @Test
    public void testSuccessfulAuthenticationWithoutUpdateProfile() {
        super.testSuccessfulAuthenticationWithoutUpdateProfile();
    }
    @Test
    public void testSuccessfulAuthenticationWithoutUpdateProfile_emailNotProvided_emailVerifyEnabled() {
        super.testSuccessfulAuthenticationWithoutUpdateProfile_emailNotProvided_emailVerifyEnabled();
    }
    @Test
    public void testSuccessfulAuthenticationWithoutUpdateProfile_newUser_emailAsUsername() {
        super.testSuccessfulAuthenticationWithoutUpdateProfile_newUser_emailAsUsername();
    }
    @Test
    public void testSuccessfulAuthenticationWithoutUpdateProfile_newUser_emailAsUsername_emailNotProvided() {
        super.testSuccessfulAuthenticationWithoutUpdateProfile_newUser_emailAsUsername_emailNotProvided();
    }
 }
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java
@ -69,7 +69,7 @@ public class SAMLKeyCloakServerBrokerBasicTest extends AbstractIdentityProviderT
    @Override
    protected void doAssertFederatedUserNoEmail(UserModel federatedUser) {
-        assertEquals("", federatedUser.getUsername());
+        assertEquals("kc-saml-idp-basic.", federatedUser.getUsername());
        assertEquals("", federatedUser.getEmail());
        assertEquals(null, federatedUser.getFirstName());
        assertEquals(null, federatedUser.getLastName());
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
@ -68,7 +68,7 @@ public class SAMLKeyCloakServerBrokerWithSignatureTest extends AbstractIdentityP
    @Override
    protected void doAssertFederatedUserNoEmail(UserModel federatedUser) {
-        assertEquals("", federatedUser.getUsername());
+        assertEquals("kc-saml-signed-idp.", federatedUser.getUsername());
        assertEquals("", federatedUser.getEmail());
        assertEquals(null, federatedUser.getFirstName());
        assertEquals(null, federatedUser.getLastName());