2:50 a.m.
Hi,
Some months ago, I reported a strange behavior about external role to role idp mapper.
https://issues.jboss.org/browse/KEYCLOAK-8690
It concernes particularly the update method.
- When a user (with local role) leaves external token role, then the mapped role is remove
from local keycloak user.
- But when a user (without local role) gains the external token role, then the mapped role
is not added to local keycloak user.
For me and Stian (see comments), it seems to be a bug. What is your opinion ?
S?bastien B.?
4:38 a.m.
+1 that this is a bug. I added a comment to the JIRA with some
suggestions for the PR. In shortuct, it will be good to:
- Have an automated test for this
- Ensure that "user.grantRole" is called in "updateBrokeredUser" just
in
case that user is not yet member of that role. Otherwise it will be DB
call and cache invalidation during each login of the user (Bad for
performance...)
Marek
On 21/01/2019 09:50, Sebastien SB. BERTHIER wrote:
Hi,
Some months ago, I reported a strange behavior about external role to role idp mapper.
https://issues.jboss.org/browse/KEYCLOAK-8690
It concernes particularly the update method.
- When a user (with local role) leaves external token role, then the mapped role is
remove from local keycloak user.
- But when a user (without local role) gains the external token role, then the mapped
role is not added to local keycloak user.
For me and Stian (see comments), it seems to be a bug. What is your opinion ?
S?bastien B.?
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
2159
days inactive
2167
days old
1 comments
2 participants
participants (2)
-
Marek Posolda -
Sebastien SB. BERTHIER