Keycloak plugin regex prevents underscores in client names

Currently the RequireGroupAuthenticator plugin for Keycloak has a regex which prevents using underscores in a client name.

For example, il2_32b2a83f-34e6-43c9-9eff-c1dbe01193fd_sonarqube_saml fails with the response failed ignored group protect client test. By changing the Regex, you can allow underscores while still successfully capturing the group name.

The new regex would be
^[a-z0-9-]+_([0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12})_[a-z0-9-_]+$
from
^[a-z0-9-]+_([0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12})_[a-z0-9-]+$ on this line: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak/-/blob/main/development/plugin/src/main/java/dod/p1/keycloak/authentication/RequireGroupAuthenticator.java#L48

Admin message

Keycloak plugin regex prevents underscores in client names