libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Propagate Username LDAP Attribute changes to the username mapper to keep mapper and main LDAP storage config in synch.

Browse source 
Closed #27984

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
This commit is contained in:
Stefan Guilhen 2024-04-01 12:43:24 -03:00 committed by Pedro Igor
parent 4ec9fea8f7
commit 9bb2402d3b
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java
View file

@ -23,7 +23,6 @@ import org.keycloak.common.constants.KerberosConstants;
import org.keycloak.component.ComponentModel; import org.keycloak.component.ComponentModel;
import org.keycloak.component.ComponentValidationException; import org.keycloak.component.ComponentValidationException;
import org.keycloak.federation.kerberos.CommonKerberosConfig; import org.keycloak.federation.kerberos.CommonKerberosConfig;
import org.keycloak.federation.kerberos.KerberosConfig;
import org.keycloak.federation.kerberos.impl.KerberosServerSubjectAuthenticator; import org.keycloak.federation.kerberos.impl.KerberosServerSubjectAuthenticator;
import org.keycloak.federation.kerberos.impl.KerberosUsernamePasswordAuthenticator; import org.keycloak.federation.kerberos.impl.KerberosUsernamePasswordAuthenticator;
import org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator; import org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator;
@ -473,6 +472,19 @@ public class LDAPStorageProviderFactory implements UserStorageProviderFactory<LD
CredentialHelper.setOrReplaceAuthenticationRequirement(session, realm, CredentialRepresentation.KERBEROS, CredentialHelper.setOrReplaceAuthenticationRequirement(session, realm, CredentialRepresentation.KERBEROS,
AuthenticationExecutionModel.Requirement.DISABLED, AuthenticationExecutionModel.Requirement.ALTERNATIVE); AuthenticationExecutionModel.Requirement.DISABLED, AuthenticationExecutionModel.Requirement.ALTERNATIVE);
} // else: keep current settings } // else: keep current settings
LDAPConfig oldConfig = new LDAPConfig(oldModel.getConfig());
LDAPConfig newConfig = new LDAPConfig(newModel.getConfig());
if (!oldConfig.getUsernameLdapAttribute().equals(newConfig.getUsernameLdapAttribute())) {
// propagate username LDAP attribute change to the username mapper.
ComponentModel usernameMapperModel = realm.getComponentsStream(oldModel.getId(), LDAPStorageMapper.class.getName())
.filter(mapper -> "username".equals(mapper.getName()))
.findFirst().orElse(null);
if (usernameMapperModel != null) {
usernameMapperModel.getConfig().putSingle(UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, newConfig.getUsernameLdapAttribute());
realm.updateComponent(usernameMapperModel);
}
}
} }
@Override @Override