keycloak-aplcache

Merge pull request #3554 from hassaneinaltememyictu/2.3.0-ictu-change-role-attributeToRoleMapper grant …

12/3/2016 4:43:40 PM

the new role from the saml token if it exist

Bill Burke

Commit: 0ab3527

Tree: 269faa0

Parents: eac0bb4
a119a46

Changes

services/src/main/java/org/keycloak/broker/saml/mappers/AttributeToRoleMapper.java 6(+4 -2)

Details

services/src/main/java/org/keycloak/broker/saml/mappers/AttributeToRoleMapper.java 6(+4 -2)

diff --git a/services/src/main/java/org/keycloak/broker/saml/mappers/AttributeToRoleMapper.java b/services/src/main/java/org/keycloak/broker/saml/mappers/AttributeToRoleMapper.java
index 1b0f07a..cb1e351 100755
--- a/services/src/main/java/org/keycloak/broker/saml/mappers/AttributeToRoleMapper.java
+++ b/services/src/main/java/org/keycloak/broker/saml/mappers/AttributeToRoleMapper.java
@@ -139,10 +139,12 @@ public class AttributeToRoleMapper extends AbstractIdentityProviderMapper {
     @Override
     public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
         String roleName = mapperModel.getConfig().get(ConfigConstants.ROLE);
+        RoleModel role = KeycloakModelUtils.getRoleFromString(realm, roleName);
+        if (role == null) throw new IdentityBrokerException("Unable to find role: " + roleName);
         if (!isAttributePresent(mapperModel, context)) {
-            RoleModel role = KeycloakModelUtils.getRoleFromString(realm, roleName);
-            if (role == null) throw new IdentityBrokerException("Unable to find role: " + roleName);
             user.deleteRoleMapping(role);
+        }else{
+            user.grantRole(role);
         }
 
     }