Skip to content
Permalink
Browse files
OAK-9773: DefaultSyncContext#syncMembership() compares external ids c…
…ase-sensitively.

Added logging.
  • Loading branch information
Manfred Baedke committed Jun 10, 2022
1 parent 2d3b2d4 commit e5d4c6e628ad313914a9bb50cc1b9f2d0b0cc56f
Showing 1 changed file with 7 additions and 0 deletions.
@@ -518,10 +518,12 @@ protected void syncMembership(@NotNull ExternalIdentity external, @NotNull Autho

// first get the set of the existing groups that are synced ones
Map<String, Group> declaredExternalGroups = new HashMap<>();
List<String> declaredExternalGroupIds = new ArrayList<>();
Iterator<Group> grpIter = auth.declaredMemberOf();
while (grpIter.hasNext()) {
Group grp = grpIter.next();
if (isSameIDP(grp)) {
declaredExternalGroupIds.add(grp.getID());
declaredExternalGroups.put(grp.getID().toLowerCase(), grp);
}
}
@@ -546,9 +548,14 @@ protected void syncMembership(@NotNull ExternalIdentity external, @NotNull Autho
log.debug("- idp returned '{}'", extGroup.getId());

// mark group as processed
boolean idMatches = declaredExternalGroupIds.contains(extGroup.getId());
Group grp = declaredExternalGroups.remove(extGroup.getId().toLowerCase());
boolean exists = grp != null;

if (exists && !idMatches) {
log.warn("The existing authorizable {} and the external group {} have identifiers that only differ by case. Since the identifiers are compared case-insensitively, the existing authorizable will be considered to match the external group.");
}

if (!exists) {
Authorizable a = userManager.getAuthorizable(extGroup.getId());
if (a == null) {

0 comments on commit e5d4c6e

Please sign in to comment.