If this is enabled, we will allow an admin (i.e. has manage-organizationsrealm-management role) to set an IdP to "shared" and associate with multiple organizations.
Only /link and /unlink endpoints only can link unlink shared idps
We need to add a "shared" flag to the /link endpoint
A home.idp.shared flag should be added to the idp config object in the idp
We need update the UI to allow setting that flag
Also might be necessary to show in the modal the idps that are assigned (i.e. have home.idp.discovery.org but also home.idp.shared
Org admin management endpoints (the ones that permission holders within the organization can call) don’t show shared IdPs
When an org admin attempts to add an idp where a shared one is already configured, they get a 409 (should be the same as today)
Need to update
home idp discovery
org admin management endpoints (IdentityProvidersResource and IdentityProviderResource)
Change: If globalConfig for sharedIdp is enabled, put IDP attribute ORG_OWNER_CONFIG_KEY, as a multivalue list of all organzationId; Otherwise to be able to add just one organizationId
Depends on https://github.com/p2-inc/keycloak-orgs/issues/248 for setting the global config value to allow shared IdPs.
If this is enabled, we will allow an admin (i.e. has
manage-organizations
realm-management
role) to set an IdP to "shared" and associate with multiple organizations./link
and/unlink
endpoints only can link unlink shared idps/link
endpointhome.idp.shared
flag should be added to the idpconfig
object in the idphome.idp.discovery.org
but alsohome.idp.shared
409
(should be the same as today)Need to update
IdentityProvidersResource
andIdentityProviderResource
)