Handle situation when empty groups not come from the keycloak (and he…

…nce from mod_auth_openidc) Before the keycloak v22 it sends empty array as group claim when user not a member of any group. After v22 it not put this claim at all. Look discussion: keycloak/keycloak#22340 Signed-off-by: Stanislav Melnichuk <melnichuk.stas@gmail.com>
oVirt · Apr 26, 2024 · 0d006fa · 0d006fa
1 parent 7238a37
commit 0d006fa
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/...odules/enginesso/src/main/java/org/ovirt/engine/core/sso/service/ExternalOIDCService.java b/...odules/enginesso/src/main/java/org/ovirt/engine/core/sso/service/ExternalOIDCService.java
@@ -10,6 +10,7 @@
 import java.security.GeneralSecurityException;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
@@ -200,8 +201,14 @@ private static ExtMap buildPrincipalRecord(Map<String, Object> response, String
     }
 
     private static Collection<ExtMap> buildPrincipalRecordGroups(Map<String, Object> response) {
+        List<String> groupNames;
+        if (response.containsKey("groups")) {
+            groupNames = (List<String>) response.get("groups");
+        } else {
+            return Collections.emptyList();
+        }
+
         LinkedList<ExtMap> groups = new LinkedList<>();
-        List<String> groupNames = (List<String>) response.get("groups");
         for (String groupName : groupNames) {
             groupName = groupName.replaceFirst("^/", "");
             ExtMap group = new ExtMap();