External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity

case insensitive match on organization identity provider domain

Browse Source 
Closes #40253

Signed-off-by: ryan-morris <ryan@devenvy.com>
This commit is contained in:
Ryan Morris 2025-06-05 07:04:53 -05:00 committed by GitHub
parent a62a2c4414
commit cf8c837125
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
services/src/main/java/org/keycloak/organization/authentication/authenticators/browser/OrganizationAuthenticator.java
View File

@ -259,10 +259,10 @@ public class OrganizationAuthenticator extends IdentityProviderAuthenticator {
return false;
}
// first look for an IDP that matches exactly the specified domain
// first look for an IDP that matches exactly the specified domain (case-insensitive)
IdentityProviderModel idp = organization.getIdentityProviders()
.filter(broker -> IdentityProviderRedirectMode.EMAIL_MATCH.isSet(broker) &&
domain.equals(broker.getConfig().get(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE))).findFirst().orElse(null);
domain.equalsIgnoreCase(broker.getConfig().get(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE))).findFirst().orElse(null);
if (idp != null) {
// redirect the user using the broker that matches the specified domain

24
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/organization/broker/AbstractBrokerSelfRegistrationTest.java
View File

@ -475,6 +475,30 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
assertEquals(bc.getIDPAlias(), federatedIdentities.get(0).getIdentityProvider());
}
@Test
public void testRedirectToIdentityProviderAssociatedWithOrganizationDomainCaseInsensitive() {
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
IdentityProviderRepresentation idp = organization.identityProviders().get(bc.getIDPAlias()).toRepresentation();
idp.getConfig().put(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE, "neworg.org");
testRealm().identityProviders().get(bc.getIDPAlias()).update(idp);
idp.setAlias("second-idp");
idp.setInternalId(null);
idp.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE);
testRealm().identityProviders().create(idp).close();
getCleanup().addCleanup(testRealm().identityProviders().get("second-idp")::remove);
organization.identityProviders().addIdentityProvider(idp.getAlias()).close();
openIdentityFirstLoginPage(bc.getUserEmail().toUpperCase(), true, idp.getAlias(), false, false);
loginOrgIdp(bc.getUserEmail().toUpperCase(), bc.getUserEmail().toUpperCase(),true, true);
assertIsMember(bc.getUserEmail().toUpperCase(), organization);
UserRepresentation user = testRealm().users().search(bc.getUserEmail().toUpperCase()).get(0);
List<FederatedIdentityRepresentation> federatedIdentities = testRealm().users().get(user.getId()).getFederatedIdentity();
assertEquals(1, federatedIdentities.size());
assertEquals(bc.getIDPAlias(), federatedIdentities.get(0).getIdentityProvider());
}
@Test
public void testRedirectToIdentityProviderAssociatedWithOrganizationDomainUsingAnyMatch() {
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());