Search in sources :

Example 11 with ProtocolMappersResource

use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.

the class OIDCProtocolMappersTest method testGroupAttributeTwoGroupMultiValueAggregate.

@Test
public void testGroupAttributeTwoGroupMultiValueAggregate() throws Exception {
    // get the user
    UserResource userResource = findUserByUsernameId(adminClient.realm("test"), "test-user@localhost");
    // create two groups with two values (one is the same value)
    GroupRepresentation group1 = new GroupRepresentation();
    group1.setName("group1");
    group1.setAttributes(new HashMap<>());
    group1.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
    adminClient.realm("test").groups().add(group1);
    group1 = adminClient.realm("test").getGroupByPath("/group1");
    userResource.joinGroup(group1.getId());
    GroupRepresentation group2 = new GroupRepresentation();
    group2.setName("group2");
    group2.setAttributes(new HashMap<>());
    group2.getAttributes().put("group-value", Arrays.asList("value2", "value3"));
    adminClient.realm("test").groups().add(group2);
    group2 = adminClient.realm("test").getGroupByPath("/group2");
    userResource.joinGroup(group2.getId());
    // create the attribute mapper
    ProtocolMappersResource protocolMappers = findClientResourceByClientId(adminClient.realm("test"), "test-app").getProtocolMappers();
    protocolMappers.createMapper(createClaimMapper("group-value", "group-value", "group-value", "String", true, true, true, true)).close();
    try {
        // test it
        OAuthClient.AccessTokenResponse response = browserLogin("password", "test-user@localhost", "password");
        IDToken idToken = oauth.verifyIDToken(response.getIdToken());
        assertNotNull(idToken.getOtherClaims());
        assertNotNull(idToken.getOtherClaims().get("group-value"));
        assertTrue(idToken.getOtherClaims().get("group-value") instanceof List);
        assertEquals(3, ((List) idToken.getOtherClaims().get("group-value")).size());
        assertTrue(((List) idToken.getOtherClaims().get("group-value")).contains("value1"));
        assertTrue(((List) idToken.getOtherClaims().get("group-value")).contains("value2"));
        assertTrue(((List) idToken.getOtherClaims().get("group-value")).contains("value3"));
    } finally {
        // revert
        userResource.leaveGroup(group1.getId());
        adminClient.realm("test").groups().group(group1.getId()).remove();
        userResource.leaveGroup(group2.getId());
        adminClient.realm("test").groups().group(group2.getId()).remove();
        deleteMappers(protocolMappers);
    }
}
Also used : GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) OAuthClient(org.keycloak.testsuite.util.OAuthClient) UserResource(org.keycloak.admin.client.resource.UserResource) IDToken(org.keycloak.representations.IDToken) List(java.util.List) ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 12 with ProtocolMappersResource

use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.

the class OIDCAdvancedRequestParamsTest method processClaimsRequestParamSupported.

@Test
public void processClaimsRequestParamSupported() throws Exception {
    String clientScopeId = null;
    try {
        for (ClientScopeRepresentation rep : adminClient.realm("test").clientScopes().findAll()) {
            if (rep.getName().equals("profile")) {
                clientScopeId = rep.getId();
                break;
            }
        }
        findClientResourceByClientId(adminClient.realm("test"), "test-app").removeDefaultClientScope(clientScopeId);
        ClientResource app = findClientResourceByClientId(adminClient.realm("test"), "test-app");
        ProtocolMappersResource res = app.getProtocolMappers();
        res.createMapper(ModelToRepresentation.toRepresentation(ClaimsParameterTokenMapper.createMapper("claimsParameterTokenMapper", true, false))).close();
        Map<String, Object> claims = ImmutableMap.of("id_token", ImmutableMap.of("email", ImmutableMap.of("essential", true), "preferred_username", ImmutableMap.of("essential", true), "family_name", ImmutableMap.of("essential", false), "given_name", ImmutableMap.of("wesentlich", true), "name", ImmutableMap.of("essential", true)), "userinfo", ImmutableMap.of("preferred_username", ImmutableMap.of("essential", "Ja"), "family_name", ImmutableMap.of("essential", true), "given_name", ImmutableMap.of("essential", true)));
        Map<String, Object> oidcRequest = new HashMap<>();
        oidcRequest.put(OIDCLoginProtocol.CLIENT_ID_PARAM, "test-app");
        oidcRequest.put(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE);
        oidcRequest.put(OIDCLoginProtocol.REDIRECT_URI_PARAM, oauth.getRedirectUri());
        oidcRequest.put(OIDCLoginProtocol.CLAIMS_PARAM, claims);
        oidcRequest.put(OIDCLoginProtocol.SCOPE_PARAM, "openid");
        String request = new JWSBuilder().jsonContent(oidcRequest).none();
        oauth = oauth.request(request);
        oauth.doLogin("test-user@localhost", "password");
        EventRepresentation loginEvent = events.expectLogin().assertEvent();
        OAuthClient.AccessTokenResponse accessTokenResponse = sendTokenRequestAndGetResponse(loginEvent);
        IDToken idToken = oauth.verifyIDToken(accessTokenResponse.getIdToken());
        assertEquals("test-user@localhost", idToken.getEmail());
        assertEquals("test-user@localhost", idToken.getPreferredUsername());
        assertNull(idToken.getFamilyName());
        assertNull(idToken.getGivenName());
        assertEquals("Tom Brady", idToken.getName());
        Client client = AdminClientUtil.createResteasyClient();
        try {
            Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getAccessToken());
            UserInfo userInfo = response.readEntity(UserInfo.class);
            assertEquals("test-user@localhost", userInfo.getEmail());
            assertNull(userInfo.getPreferredUsername());
            assertEquals("Brady", userInfo.getFamilyName());
            assertEquals("Tom", userInfo.getGivenName());
            assertNull(userInfo.getName());
        } finally {
            events.expect(EventType.USER_INFO_REQUEST).session(accessTokenResponse.getSessionState()).client("test-app").assertEvent();
            client.close();
        }
        oauth.doLogout(accessTokenResponse.getRefreshToken(), "password");
        events.expectLogout(accessTokenResponse.getSessionState()).client("test-app").clearDetails().assertEvent();
        claims = ImmutableMap.of("id_token", ImmutableMap.of("test_claim", ImmutableMap.of("essential", true)), "access_token", ImmutableMap.of("email", ImmutableMap.of("essential", true), "preferred_username", ImmutableMap.of("essential", true), "family_name", ImmutableMap.of("essential", true), "given_name", ImmutableMap.of("essential", true), "name", ImmutableMap.of("essential", true)));
        oidcRequest = new HashMap<>();
        oidcRequest.put(OIDCLoginProtocol.CLIENT_ID_PARAM, "test-app");
        oidcRequest.put(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE);
        oidcRequest.put(OIDCLoginProtocol.REDIRECT_URI_PARAM, oauth.getRedirectUri());
        oidcRequest.put(OIDCLoginProtocol.CLAIMS_PARAM, claims);
        oidcRequest.put(OIDCLoginProtocol.SCOPE_PARAM, "openid");
        request = new JWSBuilder().jsonContent(oidcRequest).none();
        oauth = oauth.request(request);
        oauth.doLogin("test-user@localhost", "password");
        loginEvent = events.expectLogin().assertEvent();
        accessTokenResponse = sendTokenRequestAndGetResponse(loginEvent);
        idToken = oauth.verifyIDToken(accessTokenResponse.getIdToken());
        // "email" default scope still remains
        assertEquals("test-user@localhost", idToken.getEmail());
        assertNull(idToken.getPreferredUsername());
        assertNull(idToken.getFamilyName());
        assertNull(idToken.getGivenName());
        assertNull(idToken.getName());
        client = AdminClientUtil.createResteasyClient();
        try {
            Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getAccessToken());
            UserInfo userInfo = response.readEntity(UserInfo.class);
            assertEquals("test-user@localhost", userInfo.getEmail());
            assertNull(userInfo.getPreferredUsername());
            assertNull(userInfo.getFamilyName());
            assertNull(userInfo.getGivenName());
            assertNull(userInfo.getName());
        } finally {
            client.close();
        }
    } finally {
        // revert "profile" default client scope
        findClientResourceByClientId(adminClient.realm("test"), "test-app").addDefaultClientScope(clientScopeId);
    }
}
Also used : HashMap(java.util.HashMap) MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) OAuthClient(org.keycloak.testsuite.util.OAuthClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) UserInfo(org.keycloak.representations.UserInfo) JWSBuilder(org.keycloak.jose.jws.JWSBuilder) Response(javax.ws.rs.core.Response) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) IDToken(org.keycloak.representations.IDToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) Client(javax.ws.rs.client.Client) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource) AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 13 with ProtocolMappersResource

use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.

the class ClientTest method testProtocolMappers.

@Test
public void testProtocolMappers() {
    String clientDbId = createClient().getId();
    ProtocolMappersResource mappersResource = ApiUtil.findClientByClientId(realm, "my-app").getProtocolMappers();
    protocolMappersTest(clientDbId, mappersResource);
}
Also used : ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource) Test(org.junit.Test)

Example 14 with ProtocolMappersResource

use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.

the class JsonUserAttributeMapperTest method updateClaimSentToIDP.

private void updateClaimSentToIDP(String claim, String updatedValue) {
    ProtocolMapperRepresentation claimMapper = null;
    final ClientRepresentation brokerClient = adminClient.realm(bc.providerRealmName()).clients().findByClientId(BrokerTestConstants.CLIENT_ID).get(0);
    ProtocolMappersResource protocolMappers = adminClient.realm(bc.providerRealmName()).clients().get(brokerClient.getId()).getProtocolMappers();
    for (ProtocolMapperRepresentation representation : protocolMappers.getMappers()) {
        if (representation.getProtocolMapper().equals(HardcodedClaim.PROVIDER_ID)) {
            claimMapper = representation;
        }
    }
    assertThat(claimMapper, notNullValue());
    claimMapper.getConfig().put(HardcodedClaim.CLAIM_VALUE, "{\"" + claim + "\": \"" + updatedValue + "\"}");
    adminClient.realm(bc.providerRealmName()).clients().get(brokerClient.getId()).getProtocolMappers().update(claimMapper.getId(), claimMapper);
}
Also used : ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)

Example 15 with ProtocolMappersResource

use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.

the class ClientScopeTest method testUpdateProtocolMappers.

// KEYCLOAK-5863
@Test
public void testUpdateProtocolMappers() {
    ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
    scopeRep.setName("testUpdateProtocolMappers");
    scopeRep.setProtocol("openid-connect");
    String scopeId = createClientScope(scopeRep);
    ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
    mapper.setName("test");
    mapper.setProtocol("openid-connect");
    mapper.setProtocolMapper("oidc-usermodel-attribute-mapper");
    Map<String, String> m = new HashMap<>();
    m.put("user.attribute", "test");
    m.put("claim.name", "");
    m.put("jsonType.label", "");
    mapper.setConfig(m);
    ProtocolMappersResource protocolMappers = clientScopes().get(scopeId).getProtocolMappers();
    Response response = protocolMappers.createMapper(mapper);
    String mapperId = ApiUtil.getCreatedId(response);
    mapper = protocolMappers.getMapperById(mapperId);
    mapper.getConfig().put("claim.name", "claim");
    protocolMappers.update(mapperId, mapper);
    List<ProtocolMapperRepresentation> mappers = protocolMappers.getMappers();
    assertEquals(1, mappers.size());
    assertEquals(2, mappers.get(0).getConfig().size());
    assertEquals("test", mappers.get(0).getConfig().get("user.attribute"));
    assertEquals("claim", mappers.get(0).getConfig().get("claim.name"));
    clientScopes().get(scopeId).remove();
}
Also used : Response(javax.ws.rs.core.Response) HashMap(java.util.HashMap) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource) Test(org.junit.Test)

Aggregations

ProtocolMappersResource (org.keycloak.admin.client.resource.ProtocolMappersResource)27 Test (org.junit.Test)25 IDToken (org.keycloak.representations.IDToken)18 OAuthClient (org.keycloak.testsuite.util.OAuthClient)18 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)17 GroupRepresentation (org.keycloak.representations.idm.GroupRepresentation)14 ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)12 HashMap (java.util.HashMap)11 Matchers.isEmptyOrNullString (org.hamcrest.Matchers.isEmptyOrNullString)11 UserResource (org.keycloak.admin.client.resource.UserResource)10 List (java.util.List)8 Map (java.util.Map)8 ClientResource (org.keycloak.admin.client.resource.ClientResource)7 LinkedHashMap (java.util.LinkedHashMap)5 AbstractSamlTest (org.keycloak.testsuite.saml.AbstractSamlTest)5 Response (javax.ws.rs.core.Response)3 ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)3 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)3 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)2 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)2