group-sync-operator icon indicating copy to clipboard operation
group-sync-operator copied to clipboard
verified publisher icon redhat-cop

Name collision when synchronizing sub groups from Keycloak

Open corvus-ch opened this issue 4 years ago • 0 comments

Keycloak does not ensure uniqe group names for sub groups. When synchronized to OpenShift the behaviour is random.

Preconditions

Given the following group strucutre in Keyckloak:
"""
* group-a
** sub-group
* group-b
** sub-group
"""
And a user named "user-a" asigned to group "group-a/sub-group"
And a user named "user-b" asigned to group "group-b/sub-group"
When the groups are sync with the option "scope" set to "sub"

Observation

Then there are the following groups:
"""
* group-a
* group-b
* sub-group
"""
And the user list of "sub-group" contains "user-a"
Or the user list of "sub-group" contains "user-b"

Note that the bahaviour is random. Depending on unknown conditions, users are synced from either "group-a/sub-group" or "group-b/sub-group".

Expectations

Then there are the following groups:
"""
* group-a
* group-b
* group-a-sub-group
* group-b-sub-group
"""
And the user list of "group-a-sub-group" contains "user-a"
And the user list of "group-b-sub-group" contains "user-b"

In the above - got used as a separator to prepend the parents group name. I suggest to have this configurable.

corvus-ch avatar Sep 16 '21 09:09 corvus-ch