Hi everyone!
I have configured LDAP user federation and it works perfect.
Now I am implementing custom Authenticator that acts as required step after user/password form.
It shows user a form with list of organization to choose. These organizations and user roles for each of them my authenticator loads from LDAP.
After user submit form with selected organization the authenticator must grant loaded roles to user.
But LDAP federation is READONLY mode. So I can’t directly grant them to user. And I can’t set user attributes as well.
I have wrapped user by my custom UserModelDelegate and overridden all roles related methods (getRealmRoleMappingsStream(), getClientRoleMappingsStream() and so on) to return downloaded roles.
Then I do:
final var userDelegate = new CustomUserModelDelegate(context.getUser(), ldapRoleModels);
userDelegate.setSingleAttribute("myAttr", "testValue");
context.clearUser();
context.setUser(userDelegate);
context.success();
User logins successfully, but doesn’t have any roles and doesn’t have assigned attribute.
Where did I go wrong?