If I configure the groups-field with a custom claim with a namespaced URI format, no groups are found.
akhq:
security:
oidc:
enabled: true
providers:
custom-provider:
label: "Login with OIDC"
groups-field: https://custom.namespace.com/claims/rolesThis happens because org.akhq.security.mapper.OidcUserDetailsMapper#getClaimValue is spiting the claim name by ".":
|
private Object getClaimValue(OpenIdClaims openIdClaims, String name) { |
|
final String[] subFields = name.split("\\."); |
|
Object claimValue = openIdClaims.get(subFields[0]); |
|
for(int i = 1; i < subFields.length; i++) { |
|
final String subField = subFields[i]; |
|
if (claimValue instanceof Map) { |
|
claimValue = ((Map) claimValue).get(subField); |
|
} else { |
|
break; |
|
} |
|
} |
|
return claimValue; |
|
} |
Can this be changed to first check if the claim exists?
private Object getClaimValue(OpenIdClaims openIdClaims, String name) {
if (openIdClaims.contains(name)) {
return openIdClaims.get(name);
}
final String[] subFields = name.split("\\.");
Object claimValue = openIdClaims.get(subFields[0]);
for(int i = 1; i < subFields.length; i++) {
final String subField = subFields[i];
if (claimValue instanceof Map) {
claimValue = ((Map) claimValue).get(subField);
} else {
break;
}
}
return claimValue;
}
If I configure the groups-field with a custom claim with a namespaced URI format, no groups are found.
This happens because org.akhq.security.mapper.OidcUserDetailsMapper#getClaimValue is spiting the claim name by ".":
akhq/src/main/java/org/akhq/security/mapper/OidcUserDetailsMapper.java
Lines 146 to 158 in 45a5fc3
Can this be changed to first check if the claim exists?