When login in with CiLogon first name and last names are switched. Also an error is thrown "Cannot read property 'first_name'"

[eroma2014]

Description

First name and last name switched when login in with institute credentials.
But was able to get access to the portal without any issue.

Experienced the same when tried gmail through CILogon as well. Image attached with the error

Steps to Reproduce

1. In the portal click Login with Institution
2. Select the institute
3. Errors are thrown when logged in
4. In Manage users, can view the name switch.

Expected Behaviour

Your Environment

https://demo.gateway.custos.scigap.org/

• Custos branch or release version used:
• Operating system and version:

Additional Context

[eroma2014]

Tested on 10/14/20 in https://testdrive.usecustos.org/
Still, the names are switched but users can change in their user profile.
Need to investigate whether this is coming from cilogon in the switched form.

[machristie]

I realized I posted my comment in the wrong issue, here it is:

---

I'm pretty sure this is related to this bug in Keycloak where it prefers parsing name over using given_name and family_name claims: https://issues.redhat.com/browse/KEYCLOAK-10932

We worked around this by explicitly mapping given_name to firstName and family_name to lastName using a Keycloak Attribute Mapper. From our internal CILogon notes:

Add the following attribute mappers

• family_name
  • name: family_name
  • Mapper Type: Attribute Importer
  • claim: family_name
  • User Attribute Name: lastName
• given_name
  • name: given_name
  • Mapper Type: Attribute Importer
  • claim: given_name
  • User Attribute Name: firstName

Claim mapping documentation: http://www.keycloak.org/docs/2.5/server_admin/topics/identity-broker/mappers.html

That link is broken, but this one works: https://www.keycloak.org/docs/4.8/server_admin/index.html#_mappers