Propagate Username LDAP Attribute changes to the username mapper to keep mapper and main LDAP storage config in synch.

Closed #27984

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
This commit is contained in:
Stefan Guilhen 2024-04-01 12:43:24 -03:00 committed by Pedro Igor
parent 4ec9fea8f7
commit 9bb2402d3b

View file

@ -23,7 +23,6 @@ import org.keycloak.common.constants.KerberosConstants;
import org.keycloak.component.ComponentModel;
import org.keycloak.component.ComponentValidationException;
import org.keycloak.federation.kerberos.CommonKerberosConfig;
import org.keycloak.federation.kerberos.KerberosConfig;
import org.keycloak.federation.kerberos.impl.KerberosServerSubjectAuthenticator;
import org.keycloak.federation.kerberos.impl.KerberosUsernamePasswordAuthenticator;
import org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator;
@ -473,6 +472,19 @@ public class LDAPStorageProviderFactory implements UserStorageProviderFactory<LD
CredentialHelper.setOrReplaceAuthenticationRequirement(session, realm, CredentialRepresentation.KERBEROS,
AuthenticationExecutionModel.Requirement.DISABLED, AuthenticationExecutionModel.Requirement.ALTERNATIVE);
} // else: keep current settings
LDAPConfig oldConfig = new LDAPConfig(oldModel.getConfig());
LDAPConfig newConfig = new LDAPConfig(newModel.getConfig());
if (!oldConfig.getUsernameLdapAttribute().equals(newConfig.getUsernameLdapAttribute())) {
// propagate username LDAP attribute change to the username mapper.
ComponentModel usernameMapperModel = realm.getComponentsStream(oldModel.getId(), LDAPStorageMapper.class.getName())
.filter(mapper -> "username".equals(mapper.getName()))
.findFirst().orElse(null);
if (usernameMapperModel != null) {
usernameMapperModel.getConfig().putSingle(UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, newConfig.getUsernameLdapAttribute());
realm.updateComponent(usernameMapperModel);
}
}
}
@Override