Examples with ProtocolMappersResource org.keycloak.admin.client.resource.ProtocolMappersResource used on opensource projects

Search in sources :

Example 16 with ProtocolMappersResource

use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.

the class SAMLServletAdapterTest method testUserAttributeStatementMapperUserGroupsNoAggregate.

@Test
public void testUserAttributeStatementMapperUserGroupsNoAggregate() throws Exception {
    GroupRepresentation group1 = new GroupRepresentation();
    group1.setName("group1");
    group1.setAttributes(new HashMap<>());
    group1.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
    ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), AbstractSamlTest.SAML_CLIENT_ID_EMPLOYEE_2);
    ProtocolMappersResource protocolMappersResource = clientResource.getProtocolMappers();
    Map<String, String> config = new LinkedHashMap<>();
    config.put("attribute.nameformat", "Basic");
    config.put("user.attribute", "group-value");
    config.put("attribute.name", "group-attribute");
    try (AutoCloseable g1 = Creator.create(testRealmResource(), group1);
        AutoCloseable uau = UserAttributeUpdater.forUserByUsername(testRealmResource(), "bburke").setAttribute("group-value", "user-value1").setGroups("/group1").update();
        AutoCloseable c = createProtocolMapper(protocolMappersResource, "group-value", "saml", "saml-user-attribute-mapper", config)) {
        employee2ServletPage.navigateTo();
        assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
        testRealmSAMLPostLoginPage.form().login("bburke", "password");
        driver.navigate().to(employee2ServletPage.getUriBuilder().clone().path("getAttributes").build().toURL());
        waitForPageToLoad();
        String body = driver.findElement(By.xpath("//body")).getText();
        String[] values = parseCommaSeparatedAttributes(body, "group-attribute");
        assertThat(values, arrayContaining("user-value1"));
        employee2ServletPage.logout();
        checkLoggedOut(employee2ServletPage, testRealmSAMLPostLoginPage);
    }
}
Also used : GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource) LinkedHashMap(java.util.LinkedHashMap) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 17 with ProtocolMappersResource

use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.

the class SAMLServletAdapterTest method testUserAttributeStatementMapperUserGroupsAggregate.

@Test
public void testUserAttributeStatementMapperUserGroupsAggregate() throws Exception {
    GroupRepresentation group1 = new GroupRepresentation();
    group1.setName("group1");
    group1.setAttributes(new HashMap<>());
    group1.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
    ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), AbstractSamlTest.SAML_CLIENT_ID_EMPLOYEE_2);
    ProtocolMappersResource protocolMappersResource = clientResource.getProtocolMappers();
    Map<String, String> config = new LinkedHashMap<>();
    config.put("attribute.nameformat", "Basic");
    config.put("user.attribute", "group-value");
    config.put("attribute.name", "group-attribute");
    config.put("aggregate.attrs", "true");
    try (AutoCloseable g1 = Creator.create(testRealmResource(), group1);
        AutoCloseable uau = UserAttributeUpdater.forUserByUsername(testRealmResource(), "bburke").setAttribute("group-value", "user-value1").setGroups("/group1").update();
        AutoCloseable c = createProtocolMapper(protocolMappersResource, "group-value", "saml", "saml-user-attribute-mapper", config)) {
        employee2ServletPage.navigateTo();
        assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
        testRealmSAMLPostLoginPage.form().login("bburke", "password");
        driver.navigate().to(employee2ServletPage.getUriBuilder().clone().path("getAttributes").build().toURL());
        waitForPageToLoad();
        String body = driver.findElement(By.xpath("//body")).getText();
        String[] values = parseCommaSeparatedAttributes(body, "group-attribute");
        assertThat(values, arrayContainingInAnyOrder("user-value1", "value1", "value2"));
        employee2ServletPage.logout();
        checkLoggedOut(employee2ServletPage, testRealmSAMLPostLoginPage);
    }
}
Also used : GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource) LinkedHashMap(java.util.LinkedHashMap) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 18 with ProtocolMappersResource

use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.

the class OIDCProtocolMappersTest method testUserGroupRoleToAttributeMappers.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testUserGroupRoleToAttributeMappers() throws Exception {
    // Add mapper for realm roles
    String clientId = "test-app";
    ProtocolMapperRepresentation realmMapper = ProtocolMapperUtil.createUserRealmRoleMappingMapper("pref.", "Realm roles mapper", "roles-custom.realm", true, true);
    ProtocolMapperRepresentation clientMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper(clientId, "ta.", "Client roles mapper", "roles-custom.test-app", true, true);
    ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(adminClient.realm("test"), clientId).getProtocolMappers();
    protocolMappers.createMapper(Arrays.asList(realmMapper, clientMapper));
    // Login user
    OAuthClient.AccessTokenResponse response = browserLogin("password", "rich.roles@redhat.com", "password");
    IDToken idToken = oauth.verifyIDToken(response.getIdToken());
    // Verify attribute is filled
    Map<String, Object> roleMappings = (Map<String, Object>) idToken.getOtherClaims().get("roles-custom");
    Assert.assertThat(roleMappings.keySet(), containsInAnyOrder("realm", clientId));
    String realmRoleMappings = (String) roleMappings.get("realm");
    String testAppMappings = (String) roleMappings.get(clientId);
    assertRolesString(realmRoleMappings, // from direct assignment to /roleRichGroup/level2group
    "pref.admin", // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
    "pref.user", // from client role customer-admin-composite-role - realm role for test-app
    "pref.customer-user-premium", // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
    "pref.realm-composite-role", // from realm role realm-composite-role
    "pref.sample-realm-role");
    assertRolesString(testAppMappings, // from direct assignment to /roleRichGroup/level2group
    "ta.customer-user", // from direct assignment to /roleRichGroup/level2group
    "ta.customer-admin-composite-role", // from client role customer-admin-composite-role - client role for test-app
    "ta.customer-admin", // from realm role realm-composite-role - client role for test-app
    "ta.sample-client-role");
    // Revert
    deleteMappers(protocolMappers);
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) IDToken(org.keycloak.representations.IDToken) Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString) Map(java.util.Map) HashMap(java.util.HashMap) ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 19 with ProtocolMappersResource

use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.

the class OIDCProtocolMappersTest method testUserGroupRoleToAttributeMappersNotScopedOtherApp.

@Test
public void testUserGroupRoleToAttributeMappersNotScopedOtherApp() throws Exception {
    String clientId = "test-app-authz";
    ProtocolMapperRepresentation realmMapper = ProtocolMapperUtil.createUserRealmRoleMappingMapper("pref.", "Realm roles mapper", "roles-custom.realm", true, true);
    ProtocolMapperRepresentation clientMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper(clientId, null, "Client roles mapper", "roles-custom." + clientId, true, true);
    ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(adminClient.realm("test"), clientId).getProtocolMappers();
    protocolMappers.createMapper(Arrays.asList(realmMapper, clientMapper));
    // Login user
    ClientManager.realm(adminClient.realm("test")).clientId(clientId).directAccessGrant(true);
    oauth.clientId(clientId);
    String oldRedirectUri = oauth.getRedirectUri();
    oauth.redirectUri(UriUtils.getOrigin(oldRedirectUri) + "/test-app-authz");
    OAuthClient.AccessTokenResponse response = browserLogin("secret", "rich.roles@redhat.com", "password");
    IDToken idToken = oauth.verifyIDToken(response.getIdToken());
    // revert redirect_uri
    oauth.redirectUri(oldRedirectUri);
    // Verify attribute is filled
    Map<String, Object> roleMappings = (Map<String, Object>) idToken.getOtherClaims().get("roles-custom");
    Assert.assertThat(roleMappings.keySet(), containsInAnyOrder("realm"));
    String realmRoleMappings = (String) roleMappings.get("realm");
    String testAppAuthzMappings = (String) roleMappings.get(clientId);
    assertRolesString(realmRoleMappings, // from direct assignment to /roleRichGroup/level2group
    "pref.admin", // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
    "pref.user", // from client role customer-admin-composite-role - realm role for test-app
    "pref.customer-user-premium", // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
    "pref.realm-composite-role", // from realm role realm-composite-role
    "pref.sample-realm-role");
    // There is no client role defined for test-app-authz
    assertNull(testAppAuthzMappings);
    // Revert
    deleteMappers(protocolMappers);
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) IDToken(org.keycloak.representations.IDToken) Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString) Map(java.util.Map) HashMap(java.util.HashMap) ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 20 with ProtocolMappersResource

use of org.keycloak.admin.client.resource.ProtocolMappersResource in project keycloak by keycloak.

the class OIDCProtocolMappersTest method testRoleMapperWithRoleInheritedFromMoreGroups.

// KEYCLOAK-8148 -- Test the scenario where:
// -- user is member of 2 groups
// -- both groups have same role "customer-user" assigned
// -- User login. Role will appear just once in the token (not twice)
@Test
public void testRoleMapperWithRoleInheritedFromMoreGroups() throws Exception {
    // Create client-mapper
    String clientId = "test-app";
    ProtocolMapperRepresentation clientMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper(clientId, null, "Client roles mapper", "roles-custom.test-app", true, true);
    ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(adminClient.realm("test"), clientId).getProtocolMappers();
    protocolMappers.createMapper(Arrays.asList(clientMapper));
    // Add user 'level2GroupUser' to the group 'level2Group2'
    GroupRepresentation level2Group2 = adminClient.realm("test").getGroupByPath("/topGroup/level2group2");
    UserResource level2GroupUser = ApiUtil.findUserByUsernameId(adminClient.realm("test"), "level2GroupUser");
    level2GroupUser.joinGroup(level2Group2.getId());
    oauth.clientId(clientId);
    OAuthClient.AccessTokenResponse response = browserLogin("password", "level2GroupUser", "password");
    IDToken idToken = oauth.verifyIDToken(response.getIdToken());
    // Verify attribute is filled AND it is filled only once
    Map<String, Object> roleMappings = (Map<String, Object>) idToken.getOtherClaims().get("roles-custom");
    Assert.assertThat(roleMappings.keySet(), containsInAnyOrder(clientId));
    String testAppScopeMappings = (String) roleMappings.get(clientId);
    assertRolesString(testAppScopeMappings, // from assignment to level2group or level2group2. It is filled just once
    "customer-user");
    // Revert
    level2GroupUser.leaveGroup(level2Group2.getId());
    deleteMappers(protocolMappers);
}
Also used : GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) OAuthClient(org.keycloak.testsuite.util.OAuthClient) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) UserResource(org.keycloak.admin.client.resource.UserResource) IDToken(org.keycloak.representations.IDToken) Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString) Map(java.util.Map) HashMap(java.util.HashMap) ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Aggregations

ProtocolMappersResource (org.keycloak.admin.client.resource.ProtocolMappersResource)27 Test (org.junit.Test)25 IDToken (org.keycloak.representations.IDToken)18 OAuthClient (org.keycloak.testsuite.util.OAuthClient)18 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)17 GroupRepresentation (org.keycloak.representations.idm.GroupRepresentation)14 ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)12 HashMap (java.util.HashMap)11 Matchers.isEmptyOrNullString (org.hamcrest.Matchers.isEmptyOrNullString)11 UserResource (org.keycloak.admin.client.resource.UserResource)10 List (java.util.List)8 Map (java.util.Map)8 ClientResource (org.keycloak.admin.client.resource.ClientResource)7 LinkedHashMap (java.util.LinkedHashMap)5 AbstractSamlTest (org.keycloak.testsuite.saml.AbstractSamlTest)5 Response (javax.ws.rs.core.Response)3 ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)3 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)3 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)2 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial