org.keycloak.representations.idm.ProtocolMapperRepresentation Java Examples
The following examples show how to use
org.keycloak.representations.idm.ProtocolMapperRepresentation.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ClientMappersOIDCTest.java From keycloak with Apache License 2.0 | 6 votes |
@Test public void testUserSessionNote() { //create clientMappersPage.mapperTable().createMapper(); setInitialValues("user session note"); createClientMappersPage.form().setMapperType(USER_SESSION_NOTE); createClientMappersPage.form().setUserSessionNote("session note"); createClientMappersPage.form().setTokenClaimName("claim name"); createClientMappersPage.form().setClaimJSONType("int"); createClientMappersPage.form().setAddToIDToken(false); createClientMappersPage.form().setAddToAccessToken(false); createClientMappersPage.form().save(); assertAlertSuccess(); //check ProtocolMapperRepresentation found = findClientMapperByName(id, "user session note"); assertNotNull(found); assertEquals("oidc-usersessionmodel-note-mapper", found.getProtocolMapper()); Map<String, String> config = found.getConfig(); assertEquals("claim name", config.get("claim.name")); assertEquals("session note", config.get("user.session.note")); assertEquals("int", config.get("jsonType.label")); }
Example #2
Source File: KcOidcBrokerTest.java From keycloak with Apache License 2.0 | 6 votes |
@Test public void testInvalidAudience() { loginUser(); logoutFromRealm(getProviderRoot(), bc.providerRealmName()); logoutFromRealm(getConsumerRoot(), bc.consumerRealmName()); log.debug("Clicking social " + bc.getIDPAlias()); loginPage.clickSocial(bc.getIDPAlias()); waitForPage(driver, "log in to", true); RealmResource realm = adminClient.realm(bc.providerRealmName()); ClientRepresentation rep = realm.clients().findByClientId(BrokerTestConstants.CLIENT_ID).get(0); ClientResource clientResource = realm.clients().get(rep.getId()); ProtocolMapperRepresentation hardCodedAzp = createHardcodedClaim("hard", "aud", "invalid-aud", ProviderConfigProperty.LIST_TYPE, true, true); clientResource.getProtocolMappers().createMapper(hardCodedAzp); log.debug("Logging in"); loginPage.login(bc.getUserLogin(), bc.getUserPassword()); errorPage.assertCurrent(); }
Example #3
Source File: ClientMappersSAMLTest.java From keycloak with Apache License 2.0 | 6 votes |
@Test public void testHardcodedAttribute() { //create clientMappersPage.mapperTable().createMapper(); setInitialValues("hardcoded attribute"); createClientMappersPage.form().setMapperType(HARDCODED_ATTRIBUTE); createClientMappersPage.form().setAttributeValue("attribute value"); createClientMappersPage.form().save(); assertAlertSuccess(); //check ProtocolMapperRepresentation found = findClientMapperByName(id, "hardcoded attribute"); assertNotNull(found); assertEquals("saml-hardcode-attribute-mapper", found.getProtocolMapper()); Map<String, String> config = found.getConfig(); assertEquals("attribute value", config.get("attribute.value")); }
Example #4
Source File: ClientScopeProtocolMapperTest.java From keycloak with Apache License 2.0 | 6 votes |
@Test public void testDeleteSamlMapper() { ProtocolMapperRepresentation rep = makeSamlMapper("saml-role-name-mapper3"); Response resp = samlMappersRsc.createMapper(rep); resp.close(); String createdId = ApiUtil.getCreatedId(resp); assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientScopeProtocolMapperPath(samlClientScopeId, createdId), rep, ResourceType.PROTOCOL_MAPPER); samlMappersRsc.delete(createdId); assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientScopeProtocolMapperPath(samlClientScopeId, createdId), ResourceType.PROTOCOL_MAPPER); try { samlMappersRsc.getMapperById(createdId); Assert.fail("Not expected to find mapper"); } catch (NotFoundException nfe) { // Expected } }
Example #5
Source File: ClientMappersSAMLTest.java From keycloak with Apache License 2.0 | 6 votes |
@Test public void testRoleList() { //create clientMappersPage.mapperTable().createMapper(); setInitialValues("new role list"); createClientMappersPage.form().setMapperType(ROLE_LIST); createClientMappersPage.form().setRoleAttributeName("role attribute name"); createClientMappersPage.form().setFriendlyName("friendly name"); createClientMappersPage.form().setSamlAttributeNameFormat("URI Reference"); createClientMappersPage.form().setSingleRoleAttribute(true); createClientMappersPage.form().save(); assertAlertSuccess(); //check ProtocolMapperRepresentation found = findClientMapperByName(id, "new role list"); assertNotNull(found); assertEquals("saml-role-list-mapper", found.getProtocolMapper()); Map<String, String> config = found.getConfig(); assertEquals("role attribute name", config.get("attribute.name")); assertEquals("URI Reference", config.get("attribute.nameformat")); assertEquals("friendly name", config.get("friendly.name")); assertEquals("true", config.get("single")); }
Example #6
Source File: ClientScopeProtocolMapperTest.java From keycloak with Apache License 2.0 | 6 votes |
@Test public void test07UpdateOidcMapper() { ProtocolMapperRepresentation rep = makeOidcMapper("oidc-hardcoded-role-mapper2"); Response resp = oidcMappersRsc.createMapper(rep); resp.close(); String createdId = ApiUtil.getCreatedId(resp); assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientScopeProtocolMapperPath(oidcClientScopeId, createdId), rep, ResourceType.PROTOCOL_MAPPER); rep.getConfig().put("role", "myotherrole"); rep.setId(createdId); oidcMappersRsc.update(createdId, rep); assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientScopeProtocolMapperPath(oidcClientScopeId, createdId), rep, ResourceType.PROTOCOL_MAPPER); ProtocolMapperRepresentation updated = oidcMappersRsc.getMapperById(createdId); assertEqualMappers(rep, updated); }
Example #7
Source File: ClientScopeProtocolMapperTest.java From keycloak with Apache License 2.0 | 6 votes |
@Test public void test06UpdateSamlMapper() { ProtocolMapperRepresentation rep = makeSamlMapper("saml-role-name-mapper2"); Response resp = samlMappersRsc.createMapper(rep); resp.close(); String createdId = ApiUtil.getCreatedId(resp); assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientScopeProtocolMapperPath(samlClientScopeId, createdId), rep, ResourceType.PROTOCOL_MAPPER); rep.getConfig().put("role", "account.manage-account"); rep.setId(createdId); samlMappersRsc.update(createdId, rep); assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientScopeProtocolMapperPath(samlClientScopeId, createdId), rep, ResourceType.PROTOCOL_MAPPER); ProtocolMapperRepresentation updated = samlMappersRsc.getMapperById(createdId); assertEqualMappers(rep, updated); }
Example #8
Source File: ClientScopeProtocolMapperTest.java From keycloak with Apache License 2.0 | 6 votes |
@Test public void test04CreateSamlProtocolMapper() { //{"protocol":"saml", // "config":{"role":"account.view-profile","new.role.name":"new-role-name"}, // "consentRequired":true, // "consentText":"My consent text", // "name":"saml-role-name-maper", // "protocolMapper":"saml-role-name-mapper"} ProtocolMapperRepresentation rep = makeSamlMapper("saml-role-name-mapper"); int totalMappers = samlMappersRsc.getMappers().size(); int totalSamlMappers = samlMappersRsc.getMappersPerProtocol("saml").size(); Response resp = samlMappersRsc.createMapper(rep); resp.close(); String createdId = ApiUtil.getCreatedId(resp); assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientScopeProtocolMapperPath(samlClientScopeId, createdId), rep, ResourceType.PROTOCOL_MAPPER); assertEquals(totalMappers + 1, samlMappersRsc.getMappers().size()); assertEquals(totalSamlMappers + 1, samlMappersRsc.getMappersPerProtocol("saml").size()); ProtocolMapperRepresentation created = samlMappersRsc.getMapperById(createdId); assertEqualMappers(rep, created); }
Example #9
Source File: ProtocolMappersResource.java From keycloak with Apache License 2.0 | 6 votes |
/** * Create multiple mappers * */ @Path("add-models") @POST @NoCache @Consumes(MediaType.APPLICATION_JSON) public void createMapper(List<ProtocolMapperRepresentation> reps) { managePermission.require(); ProtocolMapperModel model = null; for (ProtocolMapperRepresentation rep : reps) { model = RepresentationToModel.toModel(rep); validateModel(model); model = client.addProtocolMapper(model); } adminEvent.operation(OperationType.CREATE).resourcePath(session.getContext().getUri()).representation(reps).success(); }
Example #10
Source File: ClientProtocolMapperTest.java From keycloak with Apache License 2.0 | 6 votes |
@Test public void test06UpdateSamlMapper() { ProtocolMapperRepresentation rep = makeSamlMapper("saml-role-name-mapper2"); Response resp = samlMappersRsc.createMapper(rep); resp.close(); String createdId = ApiUtil.getCreatedId(resp); assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER); rep.getConfig().put("role", "account.manage-account"); rep.setId(createdId); samlMappersRsc.update(createdId, rep); assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER); ProtocolMapperRepresentation updated = samlMappersRsc.getMapperById(createdId); assertEqualMappers(rep, updated); }
Example #11
Source File: ClientMappersOIDCTest.java From keycloak with Apache License 2.0 | 6 votes |
@Test public void testUserAttribute() { //create clientMappersPage.mapperTable().createMapper(); setInitialValues("user attribute"); createClientMappersPage.form().setMapperType(USER_ATTRIBUTE); createClientMappersPage.form().setUserAttribute("user attribute"); createClientMappersPage.form().setMultivalued(true); createClientMappersPage.form().save(); assertAlertSuccess(); //check ProtocolMapperRepresentation found = findClientMapperByName(id, "user attribute"); assertEquals("oidc-usermodel-attribute-mapper", found.getProtocolMapper()); Map<String, String> config = found.getConfig(); assertEquals("true", config.get("multivalued")); assertEquals("user attribute", config.get("user.attribute")); }
Example #12
Source File: ClientProtocolMapperTest.java From keycloak with Apache License 2.0 | 6 votes |
@Test public void test08DeleteSamlMapper() { ProtocolMapperRepresentation rep = makeSamlMapper("saml-role-name-mapper3"); Response resp = samlMappersRsc.createMapper(rep); resp.close(); String createdId = ApiUtil.getCreatedId(resp); assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), rep, ResourceType.PROTOCOL_MAPPER); samlMappersRsc.delete(createdId); assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientProtocolMapperPath(samlClientId, createdId), ResourceType.PROTOCOL_MAPPER); try { samlMappersRsc.getMapperById(createdId); Assert.fail("Not expected to find mapper"); } catch (NotFoundException nfe) { // Expected } }
Example #13
Source File: ClientMappersOIDCTest.java From keycloak with Apache License 2.0 | 6 votes |
@Test public void testUserProperty() { //create clientMappersPage.mapperTable().createMapper(); setInitialValues("user property"); createClientMappersPage.form().setMapperType(USER_PROPERTY); createClientMappersPage.form().setProperty("property"); createClientMappersPage.form().save(); assertAlertSuccess(); //check ProtocolMapperRepresentation found = findClientMapperByName(id, "user property"); assertEquals("oidc-usermodel-property-mapper", found.getProtocolMapper()); Map<String, String> config = found.getConfig(); assertEquals("property", config.get("user.attribute")); }
Example #14
Source File: OpenShiftTokenReviewEndpointTest.java From keycloak with Apache License 2.0 | 6 votes |
@Override public void configureTestRealm(RealmRepresentation testRealm) { ClientRepresentation client = testRealm.getClients().stream().filter(r -> r.getClientId().equals("test-app")).findFirst().get(); List<ProtocolMapperRepresentation> mappers = new LinkedList<>(); ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation(); mapper.setName("groups"); mapper.setProtocolMapper(GroupMembershipMapper.PROVIDER_ID); mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); Map<String, String> config = new HashMap<>(); config.put("full.path", "false"); config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "groups"); config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true"); config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true"); mapper.setConfig(config); mappers.add(mapper); client.setProtocolMappers(mappers); client.setPublicClient(false); client.setClientAuthenticatorType("testsuite-client-dummy"); testRealm.getUsers().add(UserBuilder.create().username("groups-user").password("password").addGroups("/topGroup", "/topGroup/level2group").build()); }
Example #15
Source File: DefaultMigrationProvider.java From keycloak with Apache License 2.0 | 6 votes |
@Override public List<ProtocolMapperRepresentation> getMappersForClaimMask(Long claimMask) { Map<String, ProtocolMapperRepresentation> allMappers = getAllDefaultMappers(session); if (claimMask == null) { return new ArrayList<ProtocolMapperRepresentation>(allMappers.values()); } if (!ClaimMask.hasUsername(claimMask)) { allMappers.remove(OIDCLoginProtocolFactory.USERNAME); } if (!ClaimMask.hasEmail(claimMask)) { allMappers.remove(OIDCLoginProtocolFactory.EMAIL); } if (!ClaimMask.hasName(claimMask)) { allMappers.remove(OIDCLoginProtocolFactory.FAMILY_NAME); allMappers.remove(OIDCLoginProtocolFactory.FULL_NAME); allMappers.remove(OIDCLoginProtocolFactory.GIVEN_NAME); } return new ArrayList<ProtocolMapperRepresentation>(allMappers.values()); }
Example #16
Source File: KcOidcBrokerTest.java From keycloak with Apache License 2.0 | 6 votes |
@Test public void testInvalidIssuedFor() { loginUser(); logoutFromRealm(getProviderRoot(), bc.providerRealmName()); logoutFromRealm(getConsumerRoot(), bc.consumerRealmName()); log.debug("Clicking social " + bc.getIDPAlias()); loginPage.clickSocial(bc.getIDPAlias()); waitForPage(driver, "log in to", true); RealmResource realm = adminClient.realm(bc.providerRealmName()); ClientRepresentation rep = realm.clients().findByClientId(BrokerTestConstants.CLIENT_ID).get(0); ClientResource clientResource = realm.clients().get(rep.getId()); ProtocolMapperRepresentation hardCodedAzp = createHardcodedClaim("hard", "azp", "invalid-azp", ProviderConfigProperty.STRING_TYPE, true, true); clientResource.getProtocolMappers().createMapper(hardCodedAzp); log.debug("Logging in"); loginPage.login(bc.getUserLogin(), bc.getUserPassword()); errorPage.assertCurrent(); }
Example #17
Source File: ClientMappersSAMLTest.java From keycloak with Apache License 2.0 | 6 votes |
@Test public void testGroupList() { //create clientMappersPage.mapperTable().createMapper(); setInitialValues("group list"); createClientMappersPage.form().setMapperType(GROUP_LIST); createClientMappersPage.form().setGroupAttributeName("group attribute name"); createClientMappersPage.form().setSingleGroupAttribute(true); createClientMappersPage.form().setFullGroupPath(true); createClientMappersPage.form().save(); assertAlertSuccess(); //check ProtocolMapperRepresentation found = findClientMapperByName(id, "group list"); assertEquals("saml-group-membership-mapper", found.getProtocolMapper()); Map<String, String> config = found.getConfig(); assertEquals("true", config.get("full.path")); assertEquals("true", config.get("single")); assertEquals("group attribute name", config.get("attribute.name")); }
Example #18
Source File: ClientMappersOIDCTest.java From keycloak with Apache License 2.0 | 6 votes |
@Test public void testGroupMembership() { //create clientMappersPage.mapperTable().createMapper(); setInitialValues("group membership"); createClientMappersPage.form().setMapperType(GROUP_MEMBERSHIP); createClientMappersPage.form().setFullGroupPath(true); createClientMappersPage.form().save(); assertAlertSuccess(); //check ProtocolMapperRepresentation found = findClientMapperByName(id, "group membership"); assertEquals("oidc-group-membership-mapper", found.getProtocolMapper()); Map<String, String> config = found.getConfig(); assertEquals("true", config.get("full.path")); }
Example #19
Source File: ClientRepository.java From keycloak-config-cli with Apache License 2.0 | 6 votes |
public void updateProtocolMappers(String realm, String clientId, List<ProtocolMapperRepresentation> protocolMappers) { ClientResource clientResource = loadClientById(realm, clientId); ProtocolMappersResource protocolMappersResource = clientResource.getProtocolMappers(); for (ProtocolMapperRepresentation protocolMapper : protocolMappers) { try { protocolMappersResource.update(protocolMapper.getId(), protocolMapper); } catch (WebApplicationException error) { String errorMessage = ResponseUtil.getErrorMessage(error); throw new ImportProcessingException( "Cannot update protocolMapper '" + protocolMapper.getName() + "' for client '" + clientResource.toRepresentation().getClientId() + "' for realm '" + realm + "'" + ": " + errorMessage, error ); } } }
Example #20
Source File: AbstractMigrationTest.java From keycloak with Apache License 2.0 | 6 votes |
private void testAccountConsoleClient(RealmResource realm) { ClientRepresentation accountConsoleClient = realm.clients().findByClientId(Constants.ACCOUNT_CONSOLE_CLIENT_ID).get(0); assertEquals(Constants.AUTH_BASE_URL_PROP, accountConsoleClient.getRootUrl()); assertEquals("/realms/" + realm.toRepresentation().getRealm() + "/account/", accountConsoleClient.getBaseUrl()); assertTrue(accountConsoleClient.isPublicClient()); assertFalse(accountConsoleClient.isFullScopeAllowed()); assertTrue(accountConsoleClient.isStandardFlowEnabled()); assertFalse(accountConsoleClient.isDirectAccessGrantsEnabled()); assertEquals("S256", accountConsoleClient.getAttributes().get(OIDCConfigAttributes.PKCE_CODE_CHALLENGE_METHOD)); ClientResource clientResource = realm.clients().get(accountConsoleClient.getId()); MappingsRepresentation scopes = clientResource.getScopeMappings().getAll(); assertNull(scopes.getRealmMappings()); assertEquals(1, scopes.getClientMappings().size()); assertEquals(1, scopes.getClientMappings().get(ACCOUNT_MANAGEMENT_CLIENT_ID).getMappings().size()); assertEquals(MANAGE_ACCOUNT, scopes.getClientMappings().get(ACCOUNT_MANAGEMENT_CLIENT_ID).getMappings().get(0).getName()); List<ProtocolMapperRepresentation> mappers = clientResource.getProtocolMappers().getMappers(); assertEquals(1, mappers.size()); assertEquals("oidc-audience-resolve-mapper", mappers.get(0).getProtocolMapper()); }
Example #21
Source File: OIDCPairwiseClientRegistrationTest.java From keycloak with Apache License 2.0 | 6 votes |
@Test public void updateToPairwiseThroughAdminRESTFailure() throws Exception { OIDCClientRepresentation response = create(); Assert.assertEquals("public", response.getSubjectType()); Assert.assertNull(response.getSectorIdentifierUri()); // Push empty list to the sector identifier URI TestOIDCEndpointsApplicationResource oidcClientEndpointsResource = testingClient.testApp().oidcClientEndpoints(); oidcClientEndpointsResource.setSectorIdentifierRedirectUris(new ArrayList<>()); String sectorIdentifierUri = TestApplicationResourceUrls.pairwiseSectorIdentifierUri(); // Add protocolMapper through admin REST endpoint String clientId = response.getClientId(); ProtocolMapperRepresentation pairwiseProtMapper = SHA256PairwiseSubMapper.createPairwiseMapper(sectorIdentifierUri, null); RealmResource realmResource = realmsResouce().realm("test"); ClientResource clientResource = ApiUtil.findClientByClientId(realmsResouce().realm("test"), clientId); Response resp = clientResource.getProtocolMappers().createMapper(pairwiseProtMapper); Assert.assertEquals(400, resp.getStatus()); // Assert still public reg.auth(Auth.token(response)); OIDCClientRepresentation rep = reg.oidc().get(response.getClientId()); Assert.assertEquals("public", rep.getSubjectType()); Assert.assertNull(rep.getSectorIdentifierUri()); }
Example #22
Source File: ClientScopeRepository.java From keycloak-config-cli with Apache License 2.0 | 6 votes |
public void updateProtocolMappers(String realm, String clientScopeId, List<ProtocolMapperRepresentation> protocolMappers) { ClientScopeResource clientScopeResource = loadClientScopeById(realm, clientScopeId); ProtocolMappersResource protocolMappersResource = clientScopeResource.getProtocolMappers(); for (ProtocolMapperRepresentation protocolMapper : protocolMappers) { try { protocolMappersResource.update(protocolMapper.getId(), protocolMapper); } catch (WebApplicationException error) { String errorMessage = ResponseUtil.getErrorMessage(error); throw new ImportProcessingException( "Cannot update protocolMapper '" + protocolMapper.getName() + "' for clientScope '" + clientScopeResource.toRepresentation().getName() + "' for realm '" + realm + "'" + ": " + errorMessage, error ); } } }
Example #23
Source File: AudienceTest.java From keycloak with Apache License 2.0 | 6 votes |
@Test public void testAudienceProtocolMapperWithClientAudience() throws Exception { // Add audience protocol mapper to the clientScope "audience-scope" ProtocolMapperRepresentation audienceMapper = ProtocolMapperUtil.createAudienceMapper("audience mapper", "service-client", null, true, false); ClientScopeResource clientScope = ApiUtil.findClientScopeByName(testRealm(), "audience-scope"); Response resp = clientScope.getProtocolMappers().createMapper(audienceMapper); String mapperId = ApiUtil.getCreatedId(resp); resp.close(); // Login and check audiences in the token (just accessToken contains it) oauth.scope("openid audience-scope"); oauth.doLogin("john", "password"); EventRepresentation loginEvent = events.expectLogin() .user(userId) .assertEvent(); Tokens tokens = sendTokenRequest(loginEvent, userId,"openid profile email audience-scope", "test-app"); assertAudiences(tokens.accessToken, "service-client"); assertAudiences(tokens.idToken, "test-app"); // Revert clientScope.getProtocolMappers().delete(mapperId); }
Example #24
Source File: ClientRegistrationPoliciesTest.java From keycloak with Apache License 2.0 | 5 votes |
private ProtocolMapperRepresentation createHardcodedMapperRep() { ProtocolMapperRepresentation protocolMapper = new ProtocolMapperRepresentation(); protocolMapper.setName("Hardcoded foo role"); protocolMapper.setProtocolMapper(HardcodedRole.PROVIDER_ID); protocolMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); protocolMapper.getConfig().put(HardcodedRole.ROLE_CONFIG, "foo-role"); return protocolMapper; }
Example #25
Source File: OIDCProtocolMappersTest.java From keycloak with Apache License 2.0 | 5 votes |
@Test @AuthServerContainerExclude(AuthServer.REMOTE) public void testUserGroupRoleToAttributeMappers() throws Exception { // Add mapper for realm roles String clientId = "test-app"; ProtocolMapperRepresentation realmMapper = ProtocolMapperUtil.createUserRealmRoleMappingMapper("pref.", "Realm roles mapper", "roles-custom.realm", true, true); ProtocolMapperRepresentation clientMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper(clientId, "ta.", "Client roles mapper", "roles-custom.test-app", true, true); ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(adminClient.realm("test"), clientId).getProtocolMappers(); protocolMappers.createMapper(Arrays.asList(realmMapper, clientMapper)); // Login user OAuthClient.AccessTokenResponse response = browserLogin("password", "rich.roles@redhat.com", "password"); IDToken idToken = oauth.verifyIDToken(response.getIdToken()); // Verify attribute is filled Map<String, Object> roleMappings = (Map<String, Object>)idToken.getOtherClaims().get("roles-custom"); Assert.assertThat(roleMappings.keySet(), containsInAnyOrder("realm", clientId)); String realmRoleMappings = (String) roleMappings.get("realm"); String testAppMappings = (String) roleMappings.get(clientId); assertRolesString(realmRoleMappings, "pref.admin", // from direct assignment to /roleRichGroup/level2group "pref.user", // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup "pref.customer-user-premium", // from client role customer-admin-composite-role - realm role for test-app "pref.realm-composite-role", // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup "pref.sample-realm-role" // from realm role realm-composite-role ); assertRolesString(testAppMappings, "ta.customer-user", // from direct assignment to /roleRichGroup/level2group "ta.customer-admin-composite-role", // from direct assignment to /roleRichGroup/level2group "ta.customer-admin", // from client role customer-admin-composite-role - client role for test-app "ta.sample-client-role" // from realm role realm-composite-role - client role for test-app ); // Revert deleteMappers(protocolMappers); }
Example #26
Source File: OIDCProtocolMappersTest.java From keycloak with Apache License 2.0 | 5 votes |
/** * KEYCLOAK-4205 * @throws Exception */ @Test public void testUserRoleToAttributeMappersWithMultiValuedRoles() throws Exception { // Add mapper for realm roles ProtocolMapperRepresentation realmMapper = ProtocolMapperUtil.createUserRealmRoleMappingMapper("pref.", "Realm roles mapper", "roles-custom.realm", true, true, true); ProtocolMapperRepresentation clientMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper("test-app", null, "Client roles mapper", "roles-custom.test-app", true, true, true); ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(adminClient.realm("test"), "test-app").getProtocolMappers(); protocolMappers.createMapper(Arrays.asList(realmMapper, clientMapper)); // Login user OAuthClient.AccessTokenResponse response = browserLogin("password", "test-user@localhost", "password"); IDToken idToken = oauth.verifyIDToken(response.getIdToken()); // Verify attribute is filled Map<String, Object> roleMappings = (Map<String, Object>)idToken.getOtherClaims().get("roles-custom"); Assert.assertThat(roleMappings.keySet(), containsInAnyOrder("realm", "test-app")); Assert.assertThat(roleMappings.get("realm"), CoreMatchers.instanceOf(List.class)); Assert.assertThat(roleMappings.get("test-app"), CoreMatchers.instanceOf(List.class)); List<String> realmRoleMappings = (List<String>) roleMappings.get("realm"); List<String> testAppMappings = (List<String>) roleMappings.get("test-app"); assertRoles(realmRoleMappings, "pref.user", // from direct assignment in user definition "pref.offline_access" // from direct assignment in user definition ); assertRoles(testAppMappings, "customer-user" // from direct assignment in user definition ); // Revert deleteMappers(protocolMappers); }
Example #27
Source File: ServerInfoAdminResource.java From keycloak with Apache License 2.0 | 5 votes |
private void setBuiltinProtocolMappers(ServerInfoRepresentation info) { info.setBuiltinProtocolMappers(new HashMap<String, List<ProtocolMapperRepresentation>>()); for (ProviderFactory p : session.getKeycloakSessionFactory().getProviderFactories(LoginProtocol.class)) { LoginProtocolFactory factory = (LoginProtocolFactory)p; List<ProtocolMapperRepresentation> mappers = new LinkedList<>(); for (ProtocolMapperModel mapper : factory.getBuiltinMappers().values()) { mappers.add(ModelToRepresentation.toRepresentation(mapper)); } info.getBuiltinProtocolMappers().put(p.getId(), mappers); } }
Example #28
Source File: OIDCProtocolMappersTest.java From keycloak with Apache License 2.0 | 5 votes |
@Test public void testUserGroupRoleToAttributeMappersScopedClientNotSet() throws Exception { String clientId = "test-app-scope"; ProtocolMapperRepresentation realmMapper = ProtocolMapperUtil.createUserRealmRoleMappingMapper("pref.", "Realm roles mapper", "roles-custom.realm", true, true); ProtocolMapperRepresentation clientMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper(null, null, "Client roles mapper", "roles-custom.test-app-scope", true, true); ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(adminClient.realm("test"), clientId).getProtocolMappers(); protocolMappers.createMapper(Arrays.asList(realmMapper, clientMapper)); // Login user ClientManager.realm(adminClient.realm("test")).clientId(clientId).directAccessGrant(true); oauth.clientId(clientId); OAuthClient.AccessTokenResponse response = browserLogin("password", "rich.roles@redhat.com", "password"); IDToken idToken = oauth.verifyIDToken(response.getIdToken()); // Verify attribute is filled Map<String, Object> roleMappings = (Map<String, Object>)idToken.getOtherClaims().get("roles-custom"); Assert.assertThat(roleMappings.keySet(), containsInAnyOrder("realm", clientId)); String realmRoleMappings = (String) roleMappings.get("realm"); String testAppScopeMappings = (String) roleMappings.get(clientId); assertRolesString(realmRoleMappings, "pref.admin", // from direct assignment to /roleRichGroup/level2group "pref.user", // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup "pref.customer-user-premium" ); assertRolesString(testAppScopeMappings, "test-app-allowed-by-scope", // from direct assignment to roleRichUser, present as scope allows it "test-app-disallowed-by-scope" // from direct assignment to /roleRichGroup/level2group, present as scope allows it ); // Revert deleteMappers(protocolMappers); }
Example #29
Source File: ClientMapperSetup.java From keycloak-custom-protocol-mapper-example with Apache License 2.0 | 5 votes |
private ProtocolMapperRepresentation createGroupMapper() { ProtocolMapperRepresentation protocolMapperRepresentation = new ProtocolMapperRepresentation(); protocolMapperRepresentation.setProtocolMapper(GroupMembershipMapper.PROVIDER_ID); protocolMapperRepresentation.setProtocol(PROTOCOL); protocolMapperRepresentation.setName("Group mapper"); Map<String, String> config = new HashMap<>(); putAccessTokenClaim(config); // the name of the property we got from the class GroupMembershipMapper config.put("full.path", "true"); config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "groups"); protocolMapperRepresentation.setConfig(config); return protocolMapperRepresentation; }
Example #30
Source File: ProtocolMapperUtil.java From keycloak with Apache License 2.0 | 5 votes |
public static ProtocolMapperRepresentation createClaimMapper(String name, String userSessionNote, String tokenClaimName, String jsonType, boolean accessToken, boolean idToken) { return ModelToRepresentation.toRepresentation(UserSessionNoteMapper.createClaimMapper(name, userSessionNote, tokenClaimName, jsonType, accessToken, idToken)); }