Skip to content

Disable sever federation link #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Maelstrom96 wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Disable sever federation link #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
cc50092
Adding new config to disable federation sever
Maelstrom96 Nov 14, 2025
9e1d7a4
Adding support for disabling federation sever
Maelstrom96 Nov 14, 2025
5e6b62c
Update ConfigurationProperties.java
Maelstrom96 Nov 18, 2025
d990972
Fixing tests
Maelstrom96 Nov 18, 2025
9ab229d
Fixing and adding tests
Maelstrom96 Nov 18, 2025
e4fefa1
Fix tests
Maelstrom96 Nov 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions src/main/java/com/danielfrak/code/keycloak/providers/rest/ConfigurationProperties.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ public final class ConfigurationProperties {
public static final String API_HTTP_BASIC_USERNAME_PROPERTY = "API_HTTP_BASIC_USERNAME";
public static final String API_HTTP_BASIC_PASSWORD_PROPERTY = "API_HTTP_BASIC_PASSWORD";
public static final String USE_USER_ID_FOR_CREDENTIAL_VERIFICATION = "USE_USER_ID_FOR_CREDENTIAL_VERIFICATION";
public static final String DISABLE_SEVER_FEDERATION_LINK = "DISABLE_SEVER_FEDERATION_LINK";
public static final String ROLE_MAP_PROPERTY = "ROLE_MAP";
public static final String GROUP_MAP_PROPERTY = "GROUP_MAP";
public static final String MIGRATE_UNMAPPED_ROLES_PROPERTY = "MIGRATE_UNMAPPED_ROLES";
Expand Down Expand Up @@ -51,6 +52,11 @@ public final class ConfigurationProperties {
"Use the id of the user instead of the username as the path" +
"parameter when making a credential verification request",
BOOLEAN_TYPE, false),
new ProviderConfigProperty(DISABLE_SEVER_FEDERATION_LINK,
"Disable federation link sever",
"When a login is successfull, do not sever the federation link, " +
"allowing the next login to be validated against the legacy system.",
BOOLEAN_TYPE, false),
new ProviderConfigProperty(ROLE_MAP_PROPERTY,
"Legacy role conversion",
"Role conversion in the format 'legacyRole:newRole'",
Expand Down
6 changes: 5 additions & 1 deletion src/main/java/com/danielfrak/code/keycloak/providers/rest/LegacyProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,11 @@ public void close() {

@Override
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input) {
severFederationLink(user);
var disableSeverFederationConfig = model.getConfig().getFirst(ConfigurationProperties.DISABLE_SEVER_FEDERATION_LINK);
boolean severFederation = !Boolean.parseBoolean(disableSeverFederationConfig);
if (severFederation) {
severFederationLink(user);
}
return false;
}

Expand Down
31 changes: 30 additions & 1 deletion src/test/java/com/danielfrak/code/keycloak/providers/rest/LegacyProviderTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
import java.util.stream.Stream;

import static com.danielfrak.code.keycloak.providers.rest.ConfigurationProperties.USE_USER_ID_FOR_CREDENTIAL_VERIFICATION;
import static com.danielfrak.code.keycloak.providers.rest.ConfigurationProperties.DISABLE_SEVER_FEDERATION_LINK;
import static com.danielfrak.code.keycloak.providers.rest.remote.TestLegacyUser.aMinimalLegacyUser;
import static java.util.Collections.emptySet;
import static org.junit.jupiter.api.Assertions.*;
Expand Down Expand Up @@ -309,18 +310,42 @@ void shouldRemoveFederationLinkWhenCredentialUpdates() {
when(userModel.getFederationLink())
.thenReturn("someId");

MultivaluedHashMap<String, String> config = new MultivaluedHashMap<>();
config.put(DISABLE_SEVER_FEDERATION_LINK, List.of("false"));
when(model.getConfig()).thenReturn(config);

assertFalse(legacyProvider.updateCredential(realmModel, userModel, input));

verify(userModel)
.setFederationLink(null);
}

@Test
void shouldNotRemoveFederationLinkWhenCredentialUpdatesWithConfig() {
var input = mock(CredentialInput.class);
lenient().when(userModel.getFederationLink())
.thenReturn("someId");

MultivaluedHashMap<String, String> config = new MultivaluedHashMap<>();
config.put(DISABLE_SEVER_FEDERATION_LINK, List.of("true"));
when(model.getConfig()).thenReturn(config);

assertFalse(legacyProvider.updateCredential(realmModel, userModel, input));

verify(userModel, never())
.setFederationLink(null);
}

@Test
void shouldNotRemoveFederationLinkWhenBlankAndCredentialUpdates() {
var input = mock(CredentialInput.class);
when(userModel.getFederationLink())
.thenReturn(" ");

MultivaluedHashMap<String, String> config = new MultivaluedHashMap<>();
config.put(DISABLE_SEVER_FEDERATION_LINK, List.of("false"));
when(model.getConfig()).thenReturn(config);

assertFalse(legacyProvider.updateCredential(realmModel, userModel, input));

verify(userModel, never())
Expand All @@ -333,6 +358,10 @@ void shouldNotRemoveFederationLinkWhenNullAndCredentialUpdates() {
when(userModel.getFederationLink())
.thenReturn(null);

MultivaluedHashMap<String, String> config = new MultivaluedHashMap<>();
config.put(DISABLE_SEVER_FEDERATION_LINK, List.of("false"));
when(model.getConfig()).thenReturn(config);

assertFalse(legacyProvider.updateCredential(realmModel, userModel, input));

verify(userModel, never())
Expand Down Expand Up @@ -368,4 +397,4 @@ void removeUserShouldReturnTrue() {
var result = legacyProvider.removeUser(realmModel, userModel);
assertTrue(result);
}
}
}
Loading