Created attachment 1135297 [details] BPMS authorized with Keycloak Description of problem: SSO stores user records as lowercase letters strings. User can login to BC via Keycloak with loginname eg. USER, User, or user, but is authorized in lowercase letters finally. If business processes have hard coded usernames eg. task delegation to users with uppercase letters after migration to Keycloak authentication will not work properly. Version-Release number of selected component (if applicable): BPMS 6.3.0.DR2 How reproducible: Always Steps to Reproduce: 1. Install EAP 6.4/BPMS 6.3.0 and authorize with RH SSO. 2. Create BC/task and delegate to user with uppercase letters in login name. Actual results: Task is not delegated to user. Expected results: Task is delegated to user. Additional info: See attached screenshot.
Is this a limitation / constraint of KeyCloak we might not be able to work around?
KeyCloak 1.9 (RH SSO 7.0.0.ER7) converts users to lowercase and roles are case sensitive.
It seems a limitation from the Keycloak and its adapter. Comments from the KC team "I'm afraid this is by design and we can't change it in Keycloak. In Keycloak username is not case sensitive, further we convert to lowercase to make sure the username is consistent. If we had case insensitive match of username, but didn't lowercase you could end up either "username" or "Username" in the token and both referring to the same user."