libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Prevent updating IdP via organization API not linked with the organization

Browse source 
Closes #28833

Signed-off-by: vramik <vramik@redhat.com>
This commit is contained in:
vramik 2024-04-18 11:55:45 +02:00 committed by Pedro Igor
parent 0d60e58029
commit 860f3b7320
2 changed files with 21 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
services/src/main/java/org/keycloak/organization/admin/resource/OrganizationIdentityProviderResource.java
View file

@ -134,7 +134,7 @@ public class OrganizationIdentityProviderResource {
public Response update(IdentityProviderRepresentation rep) { public Response update(IdentityProviderRepresentation rep) {
IdentityProviderModel identityProvider = getIdentityProviderModel(); IdentityProviderModel identityProvider = getIdentityProviderModel();
if (!rep.getAlias().equals(identityProvider.getAlias())) { if (!rep.getAlias().equals(identityProvider.getAlias()) || (rep.getInternalId() != null && !Objects.equals(rep.getInternalId(), identityProvider.getInternalId()))) {
throw ErrorResponse.error("Identity provider not assigned to the organization.", Status.NOT_FOUND); throw ErrorResponse.error("Identity provider not assigned to the organization.", Status.NOT_FOUND);
} }

20
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/organization/admin/OrganizationIdentityProviderTest.java
View file

@ -125,6 +125,26 @@ public class OrganizationIdentityProviderTest extends AbstractOrganizationTest {
} }
} }
@Test
public void tryUpdateIdPWithValidAliasInvalidInternalId() {
OrganizationRepresentation orgRep = createOrganization();
OrganizationResource orgResource = testRealm().organizations().get(orgRep.getId());
OrganizationIdentityProviderResource orgIdPResource = orgResource.identityProvider();
IdentityProviderRepresentation idpRepresentation = createRep("some-broker", "oidc");
//create IdP in realm not bound to Org and get created internalId
testRealm().identityProviders().create(idpRepresentation).close();
String internalId = testRealm().identityProviders().get("some-broker").toRepresentation().getInternalId();
IdentityProviderRepresentation orgIdPRep = orgIdPResource.toRepresentation();
orgIdPRep.setInternalId(internalId);
try (Response response = orgIdPResource.update(orgIdPRep)) {
assertThat(response.getStatus(), equalTo(Response.Status.NOT_FOUND.getStatusCode()));
}
}
private IdentityProviderRepresentation createRep(String alias, String providerId) { private IdentityProviderRepresentation createRep(String alias, String providerId) {
IdentityProviderRepresentation idp = new IdentityProviderRepresentation(); IdentityProviderRepresentation idp = new IdentityProviderRepresentation();