[keycloak-user] Bug in AbstractClaimMapper class
Lohitha Chiranjeewa
kalc04 at gmail.com
Tue Nov 3 01:50:11 EST 2015
We came across an issue when integrating a custom OIDC IDP and mapping
roles into it. When we have a list of external roles to map into Keycloak
roles, the process fails.
The issue is at the bottom of the valueEquals(String, Object) method in the
AbstractClaimMapper class. When the incoming Object is a list, it just
performs the comparison with the first element and returns...
...
} else if (value instanceof List) {
List list = (List)value;
for (Object val : list) {
return valueEquals(desiredValue, val);
}
}
...
Instead the code should be something like this:
...
} else if (value instanceof List) {
List list = (List)value;
for (Object val : list) {
if (valueEquals(desiredValue, val)) return true;
}
}
...
Regards,
Lohitha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151103/694a364f/attachment.html
More information about the keycloak-user
mailing list