From eb5e5253f6567268f4fb94c6c758103fb63a30dc Mon Sep 17 00:00:00 2001
From: Stanislav Melnichuk <melnichuk.stas@gmail.com>
Date: Thu, 11 Apr 2024 11:46:40 +0300
Subject: [PATCH] Handle situation when empty groups not come from the keycloak
 (and hence from mod_auth_openidc)

Before the keycloak v22 it sends empty array as group claim when user not in a member of any group.
After v22 it not put this claim at all.
Look discussion: https://github.com/keycloak/keycloak/issues/22340

Signed-off-by: Stanislav Melnichuk <melnichuk.stas@gmail.com>
---
 .../ovirt/engine/extension/aaa/misc/QueryExecutor.java    | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/ovirt/engine/extension/aaa/misc/QueryExecutor.java b/src/main/java/org/ovirt/engine/extension/aaa/misc/QueryExecutor.java
index 8e71455..b94a791 100644
--- a/src/main/java/org/ovirt/engine/extension/aaa/misc/QueryExecutor.java
+++ b/src/main/java/org/ovirt/engine/extension/aaa/misc/QueryExecutor.java
@@ -93,8 +93,14 @@ public ExtMap buildPrincipalRecord(Map<String, String> headers, String nameArg,
     }
 
     public Collection<ExtMap> buildPrincipalRecordGroups(Map<String, String> headers, String groupsArg) {
+        List<String> groupNames;
+        if (headers.containsKey(groupsArg)) {
+            groupNames = Arrays.asList(headers.get(groupsArg).split(","));
+        } else {
+            return Collections.emptyList();
+        }
+
         LinkedList<ExtMap> groups = new LinkedList<>();
-        List<String> groupNames = Arrays.asList(headers.get(groupsArg).split(","));
         for (String groupName : groupNames) {
             groupName = groupName.replaceFirst("^/", "");
             ExtMap group = new ExtMap();