[keycloak-dev] External role to role idp mapper update brokered user behavior buggy ?
Marek Posolda
mposolda at redhat.com
Tue Jan 29 05:38:56 EST 2019
+1 that this is a bug. I added a comment to the JIRA with some
suggestions for the PR. In shortuct, it will be good to:
- Have an automated test for this
- Ensure that "user.grantRole" is called in "updateBrokeredUser" just in
case that user is not yet member of that role. Otherwise it will be DB
call and cache invalidation during each login of the user (Bad for
performance...)
Marek
On 21/01/2019 09:50, Sebastien SB. BERTHIER wrote:
> Hi,
>
> Some months ago, I reported a strange behavior about external role to role idp mapper.
> https://issues.jboss.org/browse/KEYCLOAK-8690
>
> It concernes particularly the update method.
> - When a user (with local role) leaves external token role, then the mapped role is remove from local keycloak user.
> - But when a user (without local role) gains the external token role, then the mapped role is not added to local keycloak user.
>
> For me and Stian (see comments), it seems to be a bug. What is your opinion ?
>
> S?bastien B.?
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list