diff -ruN oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java oak-auth-external-patch/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java --- oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java 2021-01-14 23:13:36.000000000 +0100 +++ oak-auth-external-patch/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java 2022-04-07 14:06:02.018884200 +0200 @@ -520,7 +520,7 @@ while (grpIter.hasNext()) { Group grp = grpIter.next(); if (isSameIDP(grp)) { - declaredExternalGroups.put(grp.getID(), grp); + declaredExternalGroups.put(grp.getID().toLowerCase(), grp); } } timer.mark("reading"); @@ -544,21 +544,21 @@ log.debug("- idp returned '{}'", extGroup.getId()); // mark group as processed - Group grp = declaredExternalGroups.remove(extGroup.getId()); + Group grp = declaredExternalGroups.remove(extGroup.getId().toLowerCase()); boolean exists = grp != null; if (!exists) { Authorizable a = userManager.getAuthorizable(extGroup.getId()); if (a == null) { grp = createGroup(extGroup); - log.debug("- created new group"); + log.debug("- created new group '{}'", grp.getID()); } else if (a.isGroup() && isSameIDP(a)) { grp = (Group) a; } else { log.warn("Existing authorizable '{}' is not a group from this IDP '{}'.", extGroup.getId(), idp.getName()); continue; } - log.debug("- user manager returned '{}'", grp); + log.debug("- user manager returned '{}'", grp.getID()); } syncGroup(extGroup, grp); @@ -566,7 +566,7 @@ if (!exists) { // ensure membership grp.addMember(auth); - log.debug("- added '{}' as member to '{}'", auth, grp); + log.debug("- added '{}' as member to '{}'", auth, grp.getID()); } // recursively apply further membership