Merge pull request #11763 from IQSS/11689-builtin-users-api-auth-enhance

Enhance Builtin users SPI security

Author: ofahimIQSS

conf/keycloak/Dockerfile

@@ -29,7 +29,7 @@ COPY --from=builder /app/target/keycloak-dv-builtin-users-authenticator-1.0-SNAP
 
 # Copy additional configurations
 COPY ./builtin-users-spi/conf/quarkus.properties /opt/keycloak/conf/
-COPY ./test-realm.json /opt/keycloak/data/import/
+COPY ./test-realm-include-spi.json /opt/keycloak/data/import/
 
 # Set the Keycloak command
 ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]

conf/keycloak/builtin-users-spi/src/main/java/edu/harvard/iq/keycloak/auth/spi/adapters/DataverseUserAdapter.java

@@ -1,6 +1,7 @@
 package edu.harvard.iq.keycloak.auth.spi.adapters;
 
 import edu.harvard.iq.keycloak.auth.spi.models.DataverseUser;
+import edu.harvard.iq.keycloak.auth.spi.providers.DataverseUserStorageProviderFactory;
 import org.keycloak.component.ComponentModel;
 import org.keycloak.models.GroupModel;
 import org.keycloak.models.KeycloakSession;
@@ -15,10 +16,13 @@ public class DataverseUserAdapter extends AbstractUserAdapterFederatedStorage {
     protected DataverseUser dataverseUser;
     protected String keycloakId;
 
+    private static final String ATTRIBUTE_NAME_IDP = "idp";
+
     public DataverseUserAdapter(KeycloakSession session, RealmModel realm, ComponentModel model, DataverseUser dataverseUser) {
         super(session, realm, model);
         this.dataverseUser = dataverseUser;
         keycloakId = StorageId.keycloakId(model, dataverseUser.getBuiltinUser().getId().toString());
+        this.setSingleAttribute(ATTRIBUTE_NAME_IDP, DataverseUserStorageProviderFactory.PROVIDER_ID);
     }
 
     @Override