[NXP-29355] Fix group members update with Keycloak authentication in multi-directory environment - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: In Progress
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.10
Fix Version/s: HOTFIX_10.10, 11.x
Component/s: Authentication, Directory

Tags:
- SupCom
- nxsupport
Backlog priority:
500
Sprint:
nxsupport 12, nxsupport 13, nxsupport 14, nxsupport 15, nxsupport 16
Story Points:
1

Description

The Multi-directory session re-creates a bare EntryModel from the properties of the current userModel when it comes to update an entry in the sub-directory

https://github.com/nuxeo/nuxeo/blob/1ca7a5d8af51cd8755b12a3e23c44bb6b5512846/modules/platform/nuxeo-platform-directory/nuxeo-platform-directory-multi/src/main/java/org/nuxeo/ecm/directory/multi/MultiDirectorySession.java#L600

Because of that, if a property was not set in the userModel, it is now set in the new entryModel because a value is put in the map which creates the model at https://github.com/nuxeo/nuxeo/blob/1ca7a5d8af51cd8755b12a3e23c44bb6b5512846/modules/platform/nuxeo-platform-directory/nuxeo-platform-directory-multi/src/main/java/org/nuxeo/ecm/directory/multi/MultiDirectorySession.java#L593

It's not a problem for scalar properties. But for references like "groups", it resets the value when the user is saved

The problem can be easily fixed by fetching the complete userModel with its references in the keycloak mapper: https://github.com/nuxeo/nuxeo/blob/1ca7a5d8af51cd8755b12a3e23c44bb6b5512846/modules/platform/login/nuxeo-platform-login-keycloak/src/main/java/org/nuxeo/ecm/platform/ui/web/keycloak/KeycloakUserMapper.java#L118