Open arheom opened 1 year ago
sorry for the very late reply. I do not think that this solution will work smoothly. There might be some environments with a large amount of groups. So if this is really necessary for some providers I would prefer a way like this one:
EntityManager entityManager = getEntityManager(keycloakSession);
Query query = entityManager.createQuery("select g from GroupEntity g where g.id in :groupIds").setParameter("groupIds", memberIds)...;
This one would be much preferable.
Looks good! I can make the change and test on our environments to make sure all work well.
Adding a fallback when the type is not provided by the IDP (like AAD) by checking the existing records, as first the users and groups are added and then the group associations.