Examples with ProtocolMappersResource org.keycloak.admin.client.resource.ProtocolMappersResource used on opensource projects

Search in sources :

Example 1 with ProtocolMappersResource

use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.

the class SAMLLoginResponseHandlingTest method testAttributes.

@Test
public void testAttributes() throws Exception {
    ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), AbstractSamlTest.SAML_CLIENT_ID_EMPLOYEE_2);
    ProtocolMappersResource protocolMappersResource = clientResource.getProtocolMappers();
    Map<String, String> config = new LinkedHashMap<>();
    config.put("attribute.nameformat", "Basic");
    config.put("user.attribute", "topAttribute");
    config.put("attribute.name", "topAttribute");
    getCleanup().addCleanup(createProtocolMapper(protocolMappersResource, "topAttribute", "saml", "saml-user-attribute-mapper", config));
    config = new LinkedHashMap<>();
    config.put("attribute.nameformat", "Basic");
    config.put("user.attribute", "level2Attribute");
    config.put("attribute.name", "level2Attribute");
    getCleanup().addCleanup(createProtocolMapper(protocolMappersResource, "level2Attribute", "saml", "saml-user-attribute-mapper", config));
    config = new LinkedHashMap<>();
    config.put("attribute.nameformat", "Basic");
    config.put("single", "true");
    config.put("attribute.name", "group");
    getCleanup().addCleanup(createProtocolMapper(protocolMappersResource, "groups", "saml", "saml-group-membership-mapper", config));
    setRolesToCheck("manager,user");
    employee2ServletPage.navigateTo();
    assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
    testRealmSAMLPostLoginPage.form().login("level2GroupUser", "password");
    driver.navigate().to(employee2ServletPage.getUriBuilder().clone().path("getAttributes").build().toURL());
    waitUntilElement(By.xpath("//body")).text().contains("topAttribute: true");
    waitUntilElement(By.xpath("//body")).text().contains("level2Attribute: true");
    waitUntilElement(By.xpath("//body")).text().contains(X500SAMLProfileConstants.EMAIL.get() + ": level2@redhat.com");
    waitUntilElement(By.xpath("//body")).text().not().contains("group: []");
    waitUntilElement(By.xpath("//body")).text().not().contains("group: null");
    waitUntilElement(By.xpath("//body")).text().not().contains("group: <br />");
    waitUntilElement(By.xpath("//body")).text().contains("group: level2");
    employee2ServletPage.logout();
    checkLoggedOut(employee2ServletPage, testRealmSAMLPostLoginPage);
    setRolesToCheck("manager,employee,user");
    employee2ServletPage.navigateTo();
    assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
    testRealmSAMLPostLoginPage.form().login(bburkeUser);
    driver.navigate().to(employee2ServletPage.getUriBuilder().clone().path("getAttributes").build().toURL());
    waitUntilElement(By.xpath("//body")).text().contains(X500SAMLProfileConstants.EMAIL.get() + ": bburke@redhat.com");
    waitUntilElement(By.xpath("//body")).text().contains("friendly email: bburke@redhat.com");
    waitUntilElement(By.xpath("//body")).text().contains("phone: 617");
    waitUntilElement(By.xpath("//body")).text().not().contains("friendly phone:");
    driver.navigate().to(employee2ServletPage.getUriBuilder().clone().path("getAssertionFromDocument").build().toURL());
    waitForPageToLoad();
    Assert.assertEquals("", getRawPageSource());
    employee2ServletPage.logout();
    checkLoggedOut(employee2ServletPage, testRealmSAMLPostLoginPage);
    config = new LinkedHashMap<>();
    config.put("attribute.value", "hard");
    config.put("attribute.nameformat", "Basic");
    config.put("attribute.name", "hardcoded-attribute");
    getCleanup().addCleanup(createProtocolMapper(protocolMappersResource, "hardcoded-attribute", "saml", "saml-hardcode-attribute-mapper", config));
    config = new LinkedHashMap<>();
    config.put("role", "hardcoded-role");
    getCleanup().addCleanup(createProtocolMapper(protocolMappersResource, "hardcoded-role", "saml", "saml-hardcode-role-mapper", config));
    config = new LinkedHashMap<>();
    config.put("new.role.name", "pee-on");
    config.put("role", "http://localhost:8280/employee/.employee");
    getCleanup().addCleanup(createProtocolMapper(protocolMappersResource, "renamed-employee-role", "saml", "saml-role-name-mapper", config));
    for (ProtocolMapperRepresentation mapper : clientResource.toRepresentation().getProtocolMappers()) {
        if (mapper.getName().equals("role-list")) {
            protocolMappersResource.delete(mapper.getId());
            Map<String, String> origConfig = new HashMap<>(mapper.getConfig());
            mapper.setId(null);
            mapper.getConfig().put(RoleListMapper.SINGLE_ROLE_ATTRIBUTE, "true");
            mapper.getConfig().put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "memberOf");
            try (Response response = protocolMappersResource.createMapper(mapper)) {
                String createdId = getCreatedId(response);
                getCleanup().addCleanup((Runnable) () -> {
                    protocolMappersResource.delete(createdId);
                    mapper.setConfig(origConfig);
                    protocolMappersResource.createMapper(mapper).close();
                });
            }
        }
    }
    setRolesToCheck("pee-on,el-jefe,manager,hardcoded-role");
    config = new LinkedHashMap<>();
    config.put("new.role.name", "el-jefe");
    config.put("role", "user");
    getCleanup().addCleanup(createProtocolMapper(protocolMappersResource, "renamed-role", "saml", "saml-role-name-mapper", config));
    employee2ServletPage.navigateTo();
    assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
    testRealmSAMLPostLoginPage.form().login(bburkeUser);
    driver.navigate().to(employee2ServletPage.getUriBuilder().clone().path("getAttributes").build().toURL());
    waitUntilElement(By.xpath("//body")).text().contains("hardcoded-attribute: hard");
    employee2ServletPage.checkRolesEndPoint(false);
    employee2ServletPage.logout();
    checkLoggedOut(employee2ServletPage, testRealmSAMLPostLoginPage);
}
Also used : Response(javax.ws.rs.core.Response) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) Matchers.containsString(org.hamcrest.Matchers.containsString) ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource) LinkedHashMap(java.util.LinkedHashMap) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 2 with ProtocolMappersResource

use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.

the class SAMLServletAdapterTest method testUserAttributeStatementMapperGroupsNoAggregate.

@Test
public void testUserAttributeStatementMapperGroupsNoAggregate() throws Exception {
    GroupRepresentation group1 = new GroupRepresentation();
    group1.setName("group1");
    group1.setAttributes(new HashMap<>());
    group1.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
    GroupRepresentation group2 = new GroupRepresentation();
    group2.setName("group2");
    group2.setAttributes(new HashMap<>());
    group2.getAttributes().put("group-value", Arrays.asList("value2", "value3"));
    ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), AbstractSamlTest.SAML_CLIENT_ID_EMPLOYEE_2);
    ProtocolMappersResource protocolMappersResource = clientResource.getProtocolMappers();
    Map<String, String> config = new LinkedHashMap<>();
    config.put("attribute.nameformat", "Basic");
    config.put("user.attribute", "group-value");
    config.put("attribute.name", "group-attribute");
    try (AutoCloseable g1 = Creator.create(testRealmResource(), group1);
        AutoCloseable g2 = Creator.create(testRealmResource(), group2);
        AutoCloseable uau = UserAttributeUpdater.forUserByUsername(testRealmResource(), "bburke").setGroups("/group1", "/group2").update();
        AutoCloseable c = createProtocolMapper(protocolMappersResource, "group-value", "saml", "saml-user-attribute-mapper", config)) {
        employee2ServletPage.navigateTo();
        assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
        testRealmSAMLPostLoginPage.form().login("bburke", "password");
        driver.navigate().to(employee2ServletPage.getUriBuilder().clone().path("getAttributes").build().toURL());
        waitForPageToLoad();
        String body = driver.findElement(By.xpath("//body")).getText();
        String[] values = parseCommaSeparatedAttributes(body, "group-attribute");
        assertThat(values, anyOf(arrayContainingInAnyOrder("value1", "value2"), arrayContainingInAnyOrder("value2", "value3")));
        employee2ServletPage.logout();
        checkLoggedOut(employee2ServletPage, testRealmSAMLPostLoginPage);
    }
}
Also used : GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource) LinkedHashMap(java.util.LinkedHashMap) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 3 with ProtocolMappersResource

use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.

the class SAMLServletAdapterTest method testUserAttributeStatementMapperGroupsAggregate.

@Test
public void testUserAttributeStatementMapperGroupsAggregate() throws Exception {
    GroupRepresentation group1 = new GroupRepresentation();
    group1.setName("group1");
    group1.setAttributes(new HashMap<>());
    group1.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
    GroupRepresentation group2 = new GroupRepresentation();
    group2.setName("group2");
    group2.setAttributes(new HashMap<>());
    group2.getAttributes().put("group-value", Arrays.asList("value2", "value3"));
    ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), AbstractSamlTest.SAML_CLIENT_ID_EMPLOYEE_2);
    ProtocolMappersResource protocolMappersResource = clientResource.getProtocolMappers();
    Map<String, String> config = new LinkedHashMap<>();
    config.put("attribute.nameformat", "Basic");
    config.put("user.attribute", "group-value");
    config.put("attribute.name", "group-attribute");
    config.put("aggregate.attrs", "true");
    try (AutoCloseable g1 = Creator.create(testRealmResource(), group1);
        AutoCloseable g2 = Creator.create(testRealmResource(), group2);
        AutoCloseable uau = UserAttributeUpdater.forUserByUsername(testRealmResource(), "bburke").setGroups("/group1", "/group2").update();
        AutoCloseable c = createProtocolMapper(protocolMappersResource, "group-value", "saml", "saml-user-attribute-mapper", config)) {
        employee2ServletPage.navigateTo();
        assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
        testRealmSAMLPostLoginPage.form().login("bburke", "password");
        driver.navigate().to(employee2ServletPage.getUriBuilder().clone().path("getAttributes").build().toURL());
        waitForPageToLoad();
        String body = driver.findElement(By.xpath("//body")).getText();
        String[] values = parseCommaSeparatedAttributes(body, "group-attribute");
        assertThat(values, arrayContainingInAnyOrder("value1", "value2", "value3"));
        employee2ServletPage.logout();
        checkLoggedOut(employee2ServletPage, testRealmSAMLPostLoginPage);
    }
}
Also used : GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource) LinkedHashMap(java.util.LinkedHashMap) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 4 with ProtocolMappersResource

use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.

the class OIDCProtocolMappersTest method testUserRoleToAttributeMappersWithMultiValuedRoles.

/**
 * KEYCLOAK-4205
 * @throws Exception
 */
@Test
public void testUserRoleToAttributeMappersWithMultiValuedRoles() throws Exception {
    // Add mapper for realm roles
    ProtocolMapperRepresentation realmMapper = ProtocolMapperUtil.createUserRealmRoleMappingMapper("pref.", "Realm roles mapper", "roles-custom.realm", true, true, true);
    ProtocolMapperRepresentation clientMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper("test-app", null, "Client roles mapper", "roles-custom.test-app", true, true, true);
    ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(adminClient.realm("test"), "test-app").getProtocolMappers();
    protocolMappers.createMapper(Arrays.asList(realmMapper, clientMapper));
    // Login user
    OAuthClient.AccessTokenResponse response = browserLogin("password", "test-user@localhost", "password");
    IDToken idToken = oauth.verifyIDToken(response.getIdToken());
    // Verify attribute is filled
    Map<String, Object> roleMappings = (Map<String, Object>) idToken.getOtherClaims().get("roles-custom");
    Assert.assertThat(roleMappings.keySet(), containsInAnyOrder("realm", "test-app"));
    Assert.assertThat(roleMappings.get("realm"), CoreMatchers.instanceOf(List.class));
    Assert.assertThat(roleMappings.get("test-app"), CoreMatchers.instanceOf(List.class));
    List<String> realmRoleMappings = (List<String>) roleMappings.get("realm");
    List<String> testAppMappings = (List<String>) roleMappings.get("test-app");
    assertRoles(realmRoleMappings, // from direct assignment in user definition
    "pref.user", // from direct assignment in user definition
    "pref.offline_access");
    assertRoles(testAppMappings, // from direct assignment in user definition
    "customer-user");
    // Revert
    deleteMappers(protocolMappers);
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) IDToken(org.keycloak.representations.IDToken) List(java.util.List) Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString) Map(java.util.Map) HashMap(java.util.HashMap) ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 5 with ProtocolMappersResource

use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.

the class OIDCProtocolMappersTest method testGroupAttributeUserOneGroupMultivalueAggregate.

@Test
public void testGroupAttributeUserOneGroupMultivalueAggregate() throws Exception {
    // get the user
    UserResource userResource = findUserByUsernameId(adminClient.realm("test"), "test-user@localhost");
    UserRepresentation user = userResource.toRepresentation();
    user.setAttributes(new HashMap<>());
    user.getAttributes().put("group-value", Arrays.asList("user-value1", "user-value2"));
    userResource.update(user);
    // create a group1 with two values
    GroupRepresentation group1 = new GroupRepresentation();
    group1.setName("group1");
    group1.setAttributes(new HashMap<>());
    group1.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
    adminClient.realm("test").groups().add(group1);
    group1 = adminClient.realm("test").getGroupByPath("/group1");
    userResource.joinGroup(group1.getId());
    // create the attribute mapper
    ProtocolMappersResource protocolMappers = findClientResourceByClientId(adminClient.realm("test"), "test-app").getProtocolMappers();
    protocolMappers.createMapper(createClaimMapper("group-value", "group-value", "group-value", "String", true, true, true, true)).close();
    try {
        // test it
        OAuthClient.AccessTokenResponse response = browserLogin("password", "test-user@localhost", "password");
        IDToken idToken = oauth.verifyIDToken(response.getIdToken());
        assertNotNull(idToken.getOtherClaims());
        assertNotNull(idToken.getOtherClaims().get("group-value"));
        assertTrue(idToken.getOtherClaims().get("group-value") instanceof List);
        assertEquals(4, ((List) idToken.getOtherClaims().get("group-value")).size());
        assertTrue(((List) idToken.getOtherClaims().get("group-value")).contains("user-value1"));
        assertTrue(((List) idToken.getOtherClaims().get("group-value")).contains("user-value2"));
        assertTrue(((List) idToken.getOtherClaims().get("group-value")).contains("value1"));
        assertTrue(((List) idToken.getOtherClaims().get("group-value")).contains("value2"));
    } finally {
        // revert
        user.getAttributes().remove("group-value");
        userResource.update(user);
        userResource.leaveGroup(group1.getId());
        adminClient.realm("test").groups().group(group1.getId()).remove();
        deleteMappers(protocolMappers);
    }
}
Also used : GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) OAuthClient(org.keycloak.testsuite.util.OAuthClient) UserResource(org.keycloak.admin.client.resource.UserResource) IDToken(org.keycloak.representations.IDToken) List(java.util.List) ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Aggregations

ProtocolMappersResource (org.keycloak.admin.client.resource.ProtocolMappersResource)27 Test (org.junit.Test)25 IDToken (org.keycloak.representations.IDToken)18 OAuthClient (org.keycloak.testsuite.util.OAuthClient)18 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)17 GroupRepresentation (org.keycloak.representations.idm.GroupRepresentation)14 ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)12 HashMap (java.util.HashMap)11 Matchers.isEmptyOrNullString (org.hamcrest.Matchers.isEmptyOrNullString)11 UserResource (org.keycloak.admin.client.resource.UserResource)10 List (java.util.List)8 Map (java.util.Map)8 ClientResource (org.keycloak.admin.client.resource.ClientResource)7 LinkedHashMap (java.util.LinkedHashMap)5 AbstractSamlTest (org.keycloak.testsuite.saml.AbstractSamlTest)5 Response (javax.ws.rs.core.Response)3 ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)3 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)3 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)2 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial