use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.
the class OIDCProtocolMappersTest method testGroupAttributeTwoGroupMultiValueAggregate.
@Test
public void testGroupAttributeTwoGroupMultiValueAggregate() throws Exception {
// get the user
UserResource userResource = findUserByUsernameId(adminClient.realm("test"), "test-user@localhost");
// create two groups with two values (one is the same value)
GroupRepresentation group1 = new GroupRepresentation();
group1.setName("group1");
group1.setAttributes(new HashMap<>());
group1.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
adminClient.realm("test").groups().add(group1);
group1 = adminClient.realm("test").getGroupByPath("/group1");
userResource.joinGroup(group1.getId());
GroupRepresentation group2 = new GroupRepresentation();
group2.setName("group2");
group2.setAttributes(new HashMap<>());
group2.getAttributes().put("group-value", Arrays.asList("value2", "value3"));
adminClient.realm("test").groups().add(group2);
group2 = adminClient.realm("test").getGroupByPath("/group2");
userResource.joinGroup(group2.getId());
// create the attribute mapper
ProtocolMappersResource protocolMappers = findClientResourceByClientId(adminClient.realm("test"), "test-app").getProtocolMappers();
protocolMappers.createMapper(createClaimMapper("group-value", "group-value", "group-value", "String", true, true, true, true)).close();
try {
// test it
OAuthClient.AccessTokenResponse response = browserLogin("password", "test-user@localhost", "password");
IDToken idToken = oauth.verifyIDToken(response.getIdToken());
assertNotNull(idToken.getOtherClaims());
assertNotNull(idToken.getOtherClaims().get("group-value"));
assertTrue(idToken.getOtherClaims().get("group-value") instanceof List);
assertEquals(3, ((List) idToken.getOtherClaims().get("group-value")).size());
assertTrue(((List) idToken.getOtherClaims().get("group-value")).contains("value1"));
assertTrue(((List) idToken.getOtherClaims().get("group-value")).contains("value2"));
assertTrue(((List) idToken.getOtherClaims().get("group-value")).contains("value3"));
} finally {
// revert
userResource.leaveGroup(group1.getId());
adminClient.realm("test").groups().group(group1.getId()).remove();
userResource.leaveGroup(group2.getId());
adminClient.realm("test").groups().group(group2.getId()).remove();
deleteMappers(protocolMappers);
}
}
use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.
the class OIDCAdvancedRequestParamsTest method processClaimsRequestParamSupported.
@Test
public void processClaimsRequestParamSupported() throws Exception {
String clientScopeId = null;
try {
for (ClientScopeRepresentation rep : adminClient.realm("test").clientScopes().findAll()) {
if (rep.getName().equals("profile")) {
clientScopeId = rep.getId();
break;
}
}
findClientResourceByClientId(adminClient.realm("test"), "test-app").removeDefaultClientScope(clientScopeId);
ClientResource app = findClientResourceByClientId(adminClient.realm("test"), "test-app");
ProtocolMappersResource res = app.getProtocolMappers();
res.createMapper(ModelToRepresentation.toRepresentation(ClaimsParameterTokenMapper.createMapper("claimsParameterTokenMapper", true, false))).close();
Map<String, Object> claims = ImmutableMap.of("id_token", ImmutableMap.of("email", ImmutableMap.of("essential", true), "preferred_username", ImmutableMap.of("essential", true), "family_name", ImmutableMap.of("essential", false), "given_name", ImmutableMap.of("wesentlich", true), "name", ImmutableMap.of("essential", true)), "userinfo", ImmutableMap.of("preferred_username", ImmutableMap.of("essential", "Ja"), "family_name", ImmutableMap.of("essential", true), "given_name", ImmutableMap.of("essential", true)));
Map<String, Object> oidcRequest = new HashMap<>();
oidcRequest.put(OIDCLoginProtocol.CLIENT_ID_PARAM, "test-app");
oidcRequest.put(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE);
oidcRequest.put(OIDCLoginProtocol.REDIRECT_URI_PARAM, oauth.getRedirectUri());
oidcRequest.put(OIDCLoginProtocol.CLAIMS_PARAM, claims);
oidcRequest.put(OIDCLoginProtocol.SCOPE_PARAM, "openid");
String request = new JWSBuilder().jsonContent(oidcRequest).none();
oauth = oauth.request(request);
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
OAuthClient.AccessTokenResponse accessTokenResponse = sendTokenRequestAndGetResponse(loginEvent);
IDToken idToken = oauth.verifyIDToken(accessTokenResponse.getIdToken());
assertEquals("test-user@localhost", idToken.getEmail());
assertEquals("test-user@localhost", idToken.getPreferredUsername());
assertNull(idToken.getFamilyName());
assertNull(idToken.getGivenName());
assertEquals("Tom Brady", idToken.getName());
Client client = AdminClientUtil.createResteasyClient();
try {
Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getAccessToken());
UserInfo userInfo = response.readEntity(UserInfo.class);
assertEquals("test-user@localhost", userInfo.getEmail());
assertNull(userInfo.getPreferredUsername());
assertEquals("Brady", userInfo.getFamilyName());
assertEquals("Tom", userInfo.getGivenName());
assertNull(userInfo.getName());
} finally {
events.expect(EventType.USER_INFO_REQUEST).session(accessTokenResponse.getSessionState()).client("test-app").assertEvent();
client.close();
}
oauth.doLogout(accessTokenResponse.getRefreshToken(), "password");
events.expectLogout(accessTokenResponse.getSessionState()).client("test-app").clearDetails().assertEvent();
claims = ImmutableMap.of("id_token", ImmutableMap.of("test_claim", ImmutableMap.of("essential", true)), "access_token", ImmutableMap.of("email", ImmutableMap.of("essential", true), "preferred_username", ImmutableMap.of("essential", true), "family_name", ImmutableMap.of("essential", true), "given_name", ImmutableMap.of("essential", true), "name", ImmutableMap.of("essential", true)));
oidcRequest = new HashMap<>();
oidcRequest.put(OIDCLoginProtocol.CLIENT_ID_PARAM, "test-app");
oidcRequest.put(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE);
oidcRequest.put(OIDCLoginProtocol.REDIRECT_URI_PARAM, oauth.getRedirectUri());
oidcRequest.put(OIDCLoginProtocol.CLAIMS_PARAM, claims);
oidcRequest.put(OIDCLoginProtocol.SCOPE_PARAM, "openid");
request = new JWSBuilder().jsonContent(oidcRequest).none();
oauth = oauth.request(request);
oauth.doLogin("test-user@localhost", "password");
loginEvent = events.expectLogin().assertEvent();
accessTokenResponse = sendTokenRequestAndGetResponse(loginEvent);
idToken = oauth.verifyIDToken(accessTokenResponse.getIdToken());
// "email" default scope still remains
assertEquals("test-user@localhost", idToken.getEmail());
assertNull(idToken.getPreferredUsername());
assertNull(idToken.getFamilyName());
assertNull(idToken.getGivenName());
assertNull(idToken.getName());
client = AdminClientUtil.createResteasyClient();
try {
Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getAccessToken());
UserInfo userInfo = response.readEntity(UserInfo.class);
assertEquals("test-user@localhost", userInfo.getEmail());
assertNull(userInfo.getPreferredUsername());
assertNull(userInfo.getFamilyName());
assertNull(userInfo.getGivenName());
assertNull(userInfo.getName());
} finally {
client.close();
}
} finally {
// revert "profile" default client scope
findClientResourceByClientId(adminClient.realm("test"), "test-app").addDefaultClientScope(clientScopeId);
}
}
use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.
the class ClientTest method testProtocolMappers.
@Test
public void testProtocolMappers() {
String clientDbId = createClient().getId();
ProtocolMappersResource mappersResource = ApiUtil.findClientByClientId(realm, "my-app").getProtocolMappers();
protocolMappersTest(clientDbId, mappersResource);
}
use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.
the class JsonUserAttributeMapperTest method updateClaimSentToIDP.
private void updateClaimSentToIDP(String claim, String updatedValue) {
ProtocolMapperRepresentation claimMapper = null;
final ClientRepresentation brokerClient = adminClient.realm(bc.providerRealmName()).clients().findByClientId(BrokerTestConstants.CLIENT_ID).get(0);
ProtocolMappersResource protocolMappers = adminClient.realm(bc.providerRealmName()).clients().get(brokerClient.getId()).getProtocolMappers();
for (ProtocolMapperRepresentation representation : protocolMappers.getMappers()) {
if (representation.getProtocolMapper().equals(HardcodedClaim.PROVIDER_ID)) {
claimMapper = representation;
}
}
assertThat(claimMapper, notNullValue());
claimMapper.getConfig().put(HardcodedClaim.CLAIM_VALUE, "{\"" + claim + "\": \"" + updatedValue + "\"}");
adminClient.realm(bc.providerRealmName()).clients().get(brokerClient.getId()).getProtocolMappers().update(claimMapper.getId(), claimMapper);
}
use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.
the class ClientScopeTest method testUpdateProtocolMappers.
// KEYCLOAK-5863
@Test
public void testUpdateProtocolMappers() {
ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
scopeRep.setName("testUpdateProtocolMappers");
scopeRep.setProtocol("openid-connect");
String scopeId = createClientScope(scopeRep);
ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
mapper.setName("test");
mapper.setProtocol("openid-connect");
mapper.setProtocolMapper("oidc-usermodel-attribute-mapper");
Map<String, String> m = new HashMap<>();
m.put("user.attribute", "test");
m.put("claim.name", "");
m.put("jsonType.label", "");
mapper.setConfig(m);
ProtocolMappersResource protocolMappers = clientScopes().get(scopeId).getProtocolMappers();
Response response = protocolMappers.createMapper(mapper);
String mapperId = ApiUtil.getCreatedId(response);
mapper = protocolMappers.getMapperById(mapperId);
mapper.getConfig().put("claim.name", "claim");
protocolMappers.update(mapperId, mapper);
List<ProtocolMapperRepresentation> mappers = protocolMappers.getMappers();
assertEquals(1, mappers.size());
assertEquals(2, mappers.get(0).getConfig().size());
assertEquals("test", mappers.get(0).getConfig().get("user.attribute"));
assertEquals("claim", mappers.get(0).getConfig().get("claim.name"));
clientScopes().get(scopeId).remove();
}
Aggregations