[COI]: LDB Manager assignment

[Andrew-Vargas-bcgov]

Currently, when a manager is assigned permissions through Camunda, UserGroupAssignmentListener looks up their username from their email + _idir, then creates a new one if one does not exist. This prevents the manager role being assigned to LDB supervisors for COI, as the username structure for LDB does not match the structure for idir.

task:

• Find the configuration to convert _ldb to _ldb when an LDB user logs in or signs up, In keycloak.

[fazil-ey]

Waiting for LDB to provide test username to explore different configurations

[fazil-ey]

@Stella-Archer to follow up and escalate

[Stella-Archer]

Need test account - from LDB contact Sean/Nicole

[Stella-Archer]

@Andrew-Vargas-bcgov check in with Bhumin about his and the test account

[bhumin-fw]

Notes: Updating the username after user creation can be handled without code changes in Keycloak version 18. Currently, we have version 16.1 deployed on OpenShift. I'll check with Kunal to see if we can upgrade to Keycloak 18 without affecting the existing configuration.

We can close this ticket for now. The Test LDB is stopped due to the certificate expiring on November 25th. I have sent an email to Jan Galvez and added Stella in CC regarding this. Hopefully, they will update the certificate or provide a new SAML configuration to resolve the issue and resume work.