diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/MongoUserProvider.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/MongoUserProvider.java index bd41eff37d..bcae24de1e 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/MongoUserProvider.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/MongoUserProvider.java @@ -230,26 +230,12 @@ public class MongoUserProvider implements UserProvider { return result; } - private FederatedIdentityEntity findSocialLink(UserModel userModel, String socialProvider, RealmModel realm) { - UserModel user = getUserById(userModel.getId(), realm); - MongoUserEntity userEntity = ((UserAdapter) user).getUser(); - List linkEntities = userEntity.getFederatedIdentities(); - if (linkEntities == null) { - return null; - } - - for (FederatedIdentityEntity federatedIdentityEntity : linkEntities) { - if (federatedIdentityEntity.getIdentityProvider().equals(socialProvider)) { - return federatedIdentityEntity; - } - } - return null; - } - - @Override public FederatedIdentityModel getFederatedIdentity(UserModel user, String socialProvider, RealmModel realm) { - FederatedIdentityEntity federatedIdentityEntity = findSocialLink(user, socialProvider, realm); + user = getUserById(user.getId(), realm); + MongoUserEntity userEntity = ((UserAdapter) user).getUser(); + FederatedIdentityEntity federatedIdentityEntity = findFederatedIdentityLink(userEntity, socialProvider); + return federatedIdentityEntity != null ? new FederatedIdentityModel(federatedIdentityEntity.getIdentityProvider(), federatedIdentityEntity.getUserId(), federatedIdentityEntity.getUserName(), federatedIdentityEntity.getToken()) : null; } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java index 59a0cf3026..400fba4c12 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java @@ -6,10 +6,12 @@ import org.keycloak.broker.provider.IdentityProvider; import org.keycloak.broker.provider.IdentityProviderFactory; import org.keycloak.models.ClientIdentityProviderMappingModel; import org.keycloak.models.ClientModel; +import org.keycloak.models.FederatedIdentityModel; import org.keycloak.models.IdentityProviderModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.RealmModel; +import org.keycloak.models.UserModel; import org.keycloak.models.utils.ModelToRepresentation; import org.keycloak.models.utils.RepresentationToModel; import org.keycloak.provider.ProviderFactory; @@ -80,11 +82,12 @@ public class IdentityProviderResource { if (oldProviderId != null && !oldProviderId.equals(newProviderId)) { - // User changed the ID (alias) of identity provider. We must update all clients - logger.info("Changing identityProviderMapping in all clients. oldProviderId=" + oldProviderId + ", newProviderId=" + newProviderId); + // Admin changed the ID (alias) of identity provider. We must update all clients and users + logger.debug("Changing providerId in all clients and linked users. oldProviderId=" + oldProviderId + ", newProviderId=" + newProviderId); updateClientsAfterProviderAliasChange(this.realm.getApplications(), oldProviderId, newProviderId); updateClientsAfterProviderAliasChange(this.realm.getOAuthClients(), oldProviderId, newProviderId); + updateUsersAfterProviderAliasChange(this.session.users().getUsers(this.realm), oldProviderId, newProviderId); } return Response.noContent().build(); @@ -124,6 +127,22 @@ public class IdentityProviderResource { } } + private void updateUsersAfterProviderAliasChange(List users, String oldProviderId, String newProviderId) { + for (UserModel user : users) { + FederatedIdentityModel federatedIdentity = this.session.users().getFederatedIdentity(user, oldProviderId, this.realm); + if (federatedIdentity != null) { + // Remove old link first + this.session.users().removeFederatedIdentity(this.realm, user, oldProviderId); + + // And create new + FederatedIdentityModel newFederatedIdentity = new FederatedIdentityModel(newProviderId, federatedIdentity.getUserId(), federatedIdentity.getUserName(), + federatedIdentity.getToken()); + this.session.users().addFederatedIdentity(this.realm, user, newFederatedIdentity); + } + } + } + + private IdentityProviderFactory getIdentityProviderFactory() { List allProviders = new ArrayList();