Bug 1316172

Summary: KeyCloak: BC authorized to SSO shows user in lowercase
Product: [Retired] JBoss BPMS Platform 6 Reporter: Pavel Kralik <pkralik>
Component: Business CentralAssignee: Roger Martínez <romartin>
Status: CLOSED NOTABUG QA Contact: Pavel Kralik <pkralik>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 6.3.0CC: kverlaen
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-21 13:31:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
bamAnalyst user displayed as bamanalyst none

Description Pavel Kralik 2016-03-09 15:01:30 UTC 
Description of problem:
When BC is authorized to SSO and there is an user eg. bamAnalyst (loginname with uppercase and lowercase letters) it is displayed as lowercase.

Version-Release number of selected component (if applicable):
BPMS 6.3.0.DR2

How reproducible:
Always

Steps to Reproduce:
1. Set SSO as authorization provider with user with uppercase letters
2. Set preferred_name to display instead UID
3. go to BC and check the username

Actual results:
Lowercase username

Expected results:
Appropriate username

Additional info:
It is not know if it is affected functionality of BC, rest, etc.
Comment 1 Pavel Kralik 2016-03-09 15:03:28 UTC 
Created attachment 1134557 [details]
bamAnalyst user displayed as bamanalyst
Comment 3 Kris Verlaenen 2016-03-16 12:47:25 UTC 
Is this a limitation from KeyCloak we can't work around?
Comment 4 Pavel Kralik 2016-03-16 20:50:06 UTC 
KeyCloak 1.9 (RH SSO 7.0.0.ER7) converts users to lowercase and roles are case sensitive.
Comment 5 Roger Martínez 2016-03-18 19:31:00 UTC 
It seems a limitation from the Keycloak and its adapter. 

Comments from the KC team "I'm afraid this is by design and we can't change it in Keycloak. In Keycloak username is not case sensitive, further we convert to lowercase to make sure the username is consistent.

If we had case insensitive match of username, but didn't lowercase you could end up either "username" or "Username" in the token and both referring to the same user."

What should we do at this point?