Disable identity provider at the realm level when an organization is disabled

Closes #29483 Signed-off-by: vramik <vramik@redhat.com>
2024-05-21 09:27:06 +02:00 · 2024-05-21 09:27:06 +02:00 · 55bf4feebc
commit 55bf4feebc
parent 278341aff9
1 changed files with 3 additions and 1 deletions
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java
@ -883,7 +883,9 @@ public class RealmAdapter implements CachedRealmModel {
            public boolean isEnabled() {
                // if IdP is bound to an org
                if (getOrganizationId() != null) {
-                    return session.getProvider(OrganizationProvider.class).isEnabled() && super.isEnabled();
+                    OrganizationProvider provider = session.getProvider(OrganizationProvider.class);
+                    OrganizationModel org = provider == null ? null : provider.getById(getOrganizationId());
+                    return org != null && provider.isEnabled() && org.isEnabled() && super.isEnabled();
                }
                return super.isEnabled();
            }