Before reporting an issue

[x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

ldap

Describe the bug

The LDAP group mapper is being executed multiple times in the same request.

It is a regression introduced by https://github.com/keycloak/keycloak/pull/8430, where the session/request level cache for group mappings does not take into account the possibility of a user not belonging to any group in LDAP.

As a result, this is causing multiple and unnecessary calls to the LDAP server.

Version

26.4.6

Regression

[x] The issue is a regression

Expected behavior

The LDAP group mapper executed only once when querying group memberships from LDAP in the same request.

Actual behavior

The LDAP group mapper is being executed multiple times in the same request.

How to Reproduce?

• Create a LDAP provider
• Create a group mapper
• Create a user so that it is federated to LDAP. The user must not have group memberships
• Authenticate as the user

Anything else?

No response