Red Hat Bugzilla – Bug 1316992
SSO: Users with uppercase letters hard coded in business processes does not work with Keycloak
Last modified: 2016-03-21 09:36:07 EDT
Created attachment 1135297 [details]
BPMS authorized with Keycloak
Description of problem:
SSO stores user records as lowercase letters strings. User can login to BC via Keycloak with loginname eg. USER, User, or user, but is authorized in lowercase letters finally. If business processes have hard coded usernames eg. task delegation to users with uppercase letters after migration to Keycloak authentication will not work properly.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install EAP 6.4/BPMS 6.3.0 and authorize with RH SSO.
2. Create BC/task and delegate to user with uppercase letters in login name.
Task is not delegated to user.
Task is delegated to user.
See attached screenshot.
Is this a limitation / constraint of KeyCloak we might not be able to work around?
KeyCloak 1.9 (RH SSO 7.0.0.ER7) converts users to lowercase and roles are case sensitive.
It seems a limitation from the Keycloak and its adapter.
Comments from the KC team "I'm afraid this is by design and we can't change it in Keycloak. In Keycloak username is not case sensitive, further we convert to lowercase to make sure the username is consistent.
If we had case insensitive match of username, but didn't lowercase you could end up either "username" or "Username" in the token and both referring to the same user."