You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a user federated from LDAP or a custom user federation become an organization member, we need a way to detect or prevent to change user attribute(s) related to the organization outside the Keycloak.
The text was updated successfully, but these errors were encountered:
AFAIK, for LDAP that would require creating a mapper for those attributes related to the organization. And if the user is being managed through the user profile provider we are already running validations. Are you considering introducing constraints on which attributes can be mapped from an LDAP mapper?
The #26415 does not prevent you entirely from setting any attribute but we could perhaps introduce validations (even if specific to the mapper configuration) to prevent touching such attributes.
Another option is rely on user-specific events to make sure such attributes don't change if not managed through the organization provider.
When a user federated from LDAP or a custom user federation become an organization member, we need a way to detect or prevent to change user attribute(s) related to the organization outside the Keycloak.
The text was updated successfully, but these errors were encountered: