Keycloak group policy update - UI does not reflect the change

Extending the server
1

I’m making a keycloak extension (on kc 23.0.4/quarkus) in which I have to rename a group policy.
My code seems to work fine as the change is persisted in keycloak db but the UI does not reflect the change.

Here’s my code

public void editGroupsAndPolicies(RealmModel realm, KeycloakSession session, AuthenticationManager.AuthResult auth, SubcontractorEditRequestDTO dto) {
        if (!hasRole(session, realm, "manage-subcontractor")) {
            throw ErrorResponse.error("User has no permission", Response.Status.UNAUTHORIZED);
        }

        // retrieve parents
        GroupModel driversGroupModel = session.groups().getGroupByName(realm, null, "Drivers");
        GroupModel fleetManagersGroupModel = session.groups().getGroupByName(realm, null, "FleetManagers");

        // retrieve subgroups to edit
        GroupModel driversSubGroup = session.groups().getGroupByName(realm, driversGroupModel, dto.oldName());
        GroupModel fleetManagerSubGroup = session.groups().getGroupByName(realm, fleetManagersGroupModel, dto.oldName());

        driversSubGroup.setName(dto.newName());
        fleetManagerSubGroup.setName(dto.newName());

        String oldPolicyName = "isFleetManagerOf" + dto.oldName();
        String newPolicyName = "isFleetManagerOf" + dto.newName();
        ClientModel clientModel = realm.getClientByClientId("realm-management");

        ResourceServer resourceServer = session.getProvider(StoreFactory.class).getResourceServerStore().findByClient(clientModel);
        PolicyStore policyStore = session.getProvider(StoreFactory.class).getPolicyStore();

        AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class);
        
        
        Policy policyToBeEdited = policyStore.findByName(resourceServer, oldPolicyName);
        AbstractPolicyRepresentation representation = ModelToRepresentation.toRepresentation(policyToBeEdited, authz);
        representation.setName(newPolicyName);
        representation.setId(policyToBeEdited.getId());

        RepresentationToModel.toModel(representation, authz, policyToBeEdited);


        AdminAuth adminAuth = new AdminAuth(realm, auth.getToken(), auth.getUser(), auth.getClient());
        AdminEventBuilder adminEvent = new AdminEventBuilder(realm, adminAuth, session, session.getContext().getConnection());
        session.getTransactionManager().commit();
        adminEvent.operation(OperationType.UPDATE).resourcePath(authz.getKeycloakSession().getContext().getUri()).representation(representation).success();
    }

It looks like some kind of server caching issue, I also tried forcing cache invalidation by moving a subgroup

realm.moveGroup(driversSubGroup, driversSubGroup);

but it doesn’t work.
Keycloak doesn’t log any error

I tried to invalidate cache from bash and it works,

./kcadm.sh create clear-realm-cache -r MyRealm -s realm=MyRealm

but I need to do it via java code

2

Don’t know if it’s a definitive solution but I managed to solve in this way:

Cache<String, Revisioned> cache = session.getProvider(InfinispanConnectionProvider.class).getCache(InfinispanConnectionProvider.REALM_CACHE_NAME);
Cache<String, Long> revisions = session.getProvider(InfinispanConnectionProvider.class).getCache(InfinispanConnectionProvider.REALM_REVISIONS_CACHE_NAME);
RealmCacheManager realmCacheManager = new RealmCacheManager(cache, revisions);

RealmCacheSession realmCacheSession = new RealmCacheSession(realmCacheManager, session);
realmCacheSession.clear();