[deployment][ocis-keycloak] Both old and new group names appear in OCIS web-UI after renaming the group name from keycloak

[nabim777]

Describe the bug

When a group is renamed from the Keycloak, both the old and new group names appear in the OCIS web UI, leading to confusion.

Steps to reproduce

NOTE:

1. Here is using example deployment of ocis_keycloak link here
2. User need to log in to sync the group.
3. In keycloak, create a group named demo.
4. In keycloak, add member einstein in the group demo.
5. In keycloak, rename the group from demo to demo_rename.
6. In OCIS-webUI, both old group name demo and new group name demo_rename will appear in the group list.

Expected behavior

Only the renamed group name demo_rename should be appeared in the OCIS web UI group list.

Actual behavior

Both the old group name demo and the new group name demo_rename appear in the OCIS web UI group list.

Tested on

OwnCloud Web UI 11.0.0 Infinite Scale 6.6.1

CC @rhafer @mmattel

[rhafer]

Hm, I fear there is not much we can do here apart from documenting the behavior. The only thing we get from the IDP is a list of group memberships for the specific user that is logging in (via the user's claims). There is no way to figure out if one of the groups was renamed or if the user was just moved into a different group and the old group does still exist.

I guess the best we can do here is to document the current behavior in the README.

[mmattel]

@nabim777 just discussed with @rhafer. Keycloak has no events procatively sending changes. Which means, that when a users has a change like being assigned to a group or group renaming, this can only be recognized by ocis when the user logges out and relogs in. Then the updated claims are sent and ocis can process them.

This belongs to the proxy service, I will add a note about this asap both in the dev as well in the admin docs.

[nabim777]

@rhafer @mmattel Thank you for clarifying! Documenting the current behavior seems good.