OAK-9773: DefaultSyncContext#syncMembership() compares external ids c…

…ase-sensitively. Fixed.
apache · Jun 10, 2022 · 469ee05 · 469ee05
1 parent 4c59b36
commit 469ee05
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/.../apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java b/.../apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java
@@ -522,7 +522,7 @@ protected void syncMembership(@NotNull ExternalIdentity external, @NotNull Autho
         while (grpIter.hasNext()) {
             Group grp = grpIter.next();
             if (isSameIDP(grp)) {
-                declaredExternalGroups.put(grp.getID(), grp);
+                declaredExternalGroups.put(grp.getID().toLowerCase(), grp);
             }
         }
         timer.mark("reading");
@@ -546,29 +546,29 @@ protected void syncMembership(@NotNull ExternalIdentity external, @NotNull Autho
             log.debug("- idp returned '{}'", extGroup.getId());
 
             // mark group as processed
-            Group grp = declaredExternalGroups.remove(extGroup.getId());
+            Group grp = declaredExternalGroups.remove(extGroup.getId().toLowerCase());
             boolean exists = grp != null;
 
             if (!exists) {
                 Authorizable a = userManager.getAuthorizable(extGroup.getId());
                 if (a == null) {
                     grp = createGroup(extGroup);
-                    log.debug("- created new group");
+                    log.debug("- created new group '{}'", grp.getID());
                 } else if (a.isGroup() && isSameIDP(a)) {
                     grp = (Group) a;
                 } else {
                     log.warn("Existing authorizable '{}' is not a group from this IDP '{}'.", extGroup.getId(), idp.getName());
                     continue;
                 }
-                log.debug("- user manager returned '{}'", grp);
+                log.debug("- user manager returned '{}'", grp.getID());
             }
 
             syncGroup(extGroup, grp);
 
             if (!exists) {
                 // ensure membership
                 grp.addMember(auth);
-                log.debug("- added '{}' as member to '{}'", auth, grp);
+                log.debug("- added '{}' as member to '{}'", auth, grp.getID());
             }
 
             // recursively apply further membership