Search in sources :

Example 1 with ClaimsRepresentation

use of org.keycloak.representations.ClaimsRepresentation in project keycloak by keycloak.

the class JsonParserTest method testReadClaimsParameter.

@Test
public void testReadClaimsParameter() throws Exception {
    InputStream is = getClass().getClassLoader().getResourceAsStream("sample-claims.json");
    ClaimsRepresentation claimsRep = JsonSerialization.readValue(is, ClaimsRepresentation.class);
    Assert.assertTrue(claimsRep.isPresent("auth_time", ClaimsRepresentation.ClaimContext.ID_TOKEN));
    Assert.assertFalse(claimsRep.isPresent("auth_time", ClaimsRepresentation.ClaimContext.USERINFO));
    Assert.assertFalse(claimsRep.isPresentAsNullClaim("auth_time", ClaimsRepresentation.ClaimContext.ID_TOKEN));
    Assert.assertTrue(claimsRep.isPresentAsNullClaim("nickname", ClaimsRepresentation.ClaimContext.USERINFO));
    Assert.assertNull(claimsRep.getClaimValue("nickname", ClaimsRepresentation.ClaimContext.USERINFO, String.class));
    ClaimsRepresentation.ClaimValue<String> email = claimsRep.getClaimValue("email", ClaimsRepresentation.ClaimContext.USERINFO, String.class);
    assertClaimValue(email, true, null);
    ClaimsRepresentation.ClaimValue<Boolean> emailVerified = claimsRep.getClaimValue("email_verified", ClaimsRepresentation.ClaimContext.USERINFO, Boolean.class);
    assertClaimValue(emailVerified, true, null);
    Assert.assertTrue(emailVerified.isEssential());
    emailVerified = claimsRep.getClaimValue("email_verified", ClaimsRepresentation.ClaimContext.ID_TOKEN, Boolean.class);
    assertClaimValue(emailVerified, false, true);
    Assert.assertFalse(emailVerified.isEssential());
    ClaimsRepresentation.ClaimValue<String> sub = claimsRep.getClaimValue("sub", ClaimsRepresentation.ClaimContext.ID_TOKEN, String.class);
    assertClaimValue(sub, null, "248289761001");
    Assert.assertFalse(sub.isEssential());
    ClaimsRepresentation.ClaimValue<String> acr = claimsRep.getClaimValue("acr", ClaimsRepresentation.ClaimContext.ID_TOKEN, String.class);
    assertClaimValue(acr, null, null, "urn:mace:incommon:iap:silver", "urn:mace:incommon:iap:gold");
}
Also used : InputStream(java.io.InputStream) ClaimsRepresentation(org.keycloak.representations.ClaimsRepresentation) Test(org.junit.Test)

Example 2 with ClaimsRepresentation

use of org.keycloak.representations.ClaimsRepresentation in project keycloak by keycloak.

the class JavascriptAdapterTest method testAcrInLoginOptionsShouldBeConsideredByLoginUrl.

/**
 * Test for acr handling via {@code loginOptions}: <pre>{@code
 * Keycloak keycloak = new Keycloak(); keycloak.login({.... acr: { values: ["foo", "bar"], essential: false}})
 * }</pre>
 */
@Test
public void testAcrInLoginOptionsShouldBeConsideredByLoginUrl() {
    // Test when no "acr" option given. Claims parameter won't be passed to Keycloak server
    testExecutor.configure().init(defaultArguments());
    JSObjectBuilder loginOptions = JSObjectBuilder.create();
    testExecutor.login(loginOptions, (JavascriptStateValidator) (driver, output, events) -> {
        try {
            String queryString = new URL(driver.getCurrentUrl()).getQuery();
            String claimsParam = UriUtils.decodeQueryString(queryString).getFirst(OIDCLoginProtocol.CLAIMS_PARAM);
            Assert.assertNull(claimsParam);
        } catch (IOException ioe) {
            throw new AssertionError(ioe);
        }
    });
    // Test given "acr" option will be translated into the "claims" parameter passed to Keycloak server
    jsDriver.navigate().to(testAppUrl);
    testExecutor.configure().init(defaultArguments());
    JSObjectBuilder acr1 = JSObjectBuilder.create().add("values", new String[] { "foo", "bar" }).add("essential", false);
    loginOptions = JSObjectBuilder.create().add("acr", acr1);
    testExecutor.login(loginOptions, (JavascriptStateValidator) (driver, output, events) -> {
        try {
            String queryString = new URL(driver.getCurrentUrl()).getQuery();
            String claimsParam = UriUtils.decodeQueryString(queryString).getFirst(OIDCLoginProtocol.CLAIMS_PARAM);
            Assert.assertNotNull(claimsParam);
            ClaimsRepresentation claimsRep = JsonSerialization.readValue(claimsParam, ClaimsRepresentation.class);
            ClaimsRepresentation.ClaimValue<String> claimValue = claimsRep.getClaimValue(IDToken.ACR, ClaimsRepresentation.ClaimContext.ID_TOKEN, String.class);
            Assert.assertNames(claimValue.getValues(), "foo", "bar");
            Assert.assertThat(claimValue.isEssential(), is(false));
        } catch (IOException ioe) {
            throw new AssertionError(ioe);
        }
    });
}
Also used : JavascriptBrowser(org.keycloak.testsuite.util.JavascriptBrowser) URL(java.net.URL) JavascriptStateValidator(org.keycloak.testsuite.util.javascript.JavascriptStateValidator) AssertEvents(org.keycloak.testsuite.AssertEvents) WebElement(org.openqa.selenium.WebElement) Page(org.jboss.arquillian.graphene.page.Page) OAuthClient(org.keycloak.testsuite.util.OAuthClient) Assert.assertThat(org.junit.Assert.assertThat) Map(java.util.Map) ClientResource(org.keycloak.admin.client.resource.ClientResource) IsMapContaining.hasEntry(org.hamcrest.collection.IsMapContaining.hasEntry) UriUtils(org.keycloak.common.util.UriUtils) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature) AUTH_SERVER_HOST(org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_HOST) UpdatePassword(org.keycloak.testsuite.auth.page.login.UpdatePassword) IDToken(org.keycloak.representations.IDToken) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) XMLHttpRequest(org.keycloak.testsuite.util.javascript.XMLHttpRequest) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) List(java.util.List) URLAssert.assertCurrentUrlStartsWith(org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith) TimeoutException(org.openqa.selenium.TimeoutException) Details(org.keycloak.events.Details) OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol) Matchers.greaterThan(org.hamcrest.Matchers.greaterThan) Matchers.is(org.hamcrest.Matchers.is) OAuth2Constants(org.keycloak.OAuth2Constants) WaitUtils.waitUntilElement(org.keycloak.testsuite.util.WaitUtils.waitUntilElement) CoreMatchers.anyOf(org.hamcrest.CoreMatchers.anyOf) Profile(org.keycloak.common.Profile) Assert(org.keycloak.testsuite.Assert) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) WebDriver(org.openqa.selenium.WebDriver) WebDriverException(org.openqa.selenium.WebDriverException) JavascriptTestExecutor(org.keycloak.testsuite.util.javascript.JavascriptTestExecutor) OAuthGrant(org.keycloak.testsuite.auth.page.login.OAuthGrant) RealmBuilder(org.keycloak.testsuite.util.RealmBuilder) UserBuilder(org.keycloak.testsuite.util.UserBuilder) CoreMatchers.both(org.hamcrest.CoreMatchers.both) Matchers.lessThan(org.hamcrest.Matchers.lessThan) URLAssert.assertCurrentUrlDoesntStartWith(org.keycloak.testsuite.util.URLAssert.assertCurrentUrlDoesntStartWith) Assume(org.junit.Assume) Math.toIntExact(java.lang.Math.toIntExact) AuthServer(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer) Retry(org.keycloak.common.util.Retry) Before(org.junit.Before) ClaimsRepresentation(org.keycloak.representations.ClaimsRepresentation) ApiUtil(org.keycloak.testsuite.admin.ApiUtil) SuiteContext(org.keycloak.testsuite.arquillian.SuiteContext) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Assert.assertTrue(org.junit.Assert.assertTrue) Test(org.junit.Test) EventType(org.keycloak.events.EventType) IOException(java.io.IOException) WaitUtils.waitForPageToLoad(org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad) JsonSerialization(org.keycloak.util.JsonSerialization) Rule(org.junit.Rule) JSObjectBuilder(org.keycloak.testsuite.util.javascript.JSObjectBuilder) Applications(org.keycloak.testsuite.auth.page.account.Applications) Assert.assertEquals(org.junit.Assert.assertEquals) ClaimsRepresentation(org.keycloak.representations.ClaimsRepresentation) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) IOException(java.io.IOException) URL(java.net.URL) JSObjectBuilder(org.keycloak.testsuite.util.javascript.JSObjectBuilder) Test(org.junit.Test)

Example 3 with ClaimsRepresentation

use of org.keycloak.representations.ClaimsRepresentation in project keycloak by keycloak.

the class LevelOfAssuranceFlowTest method openLoginFormWithAcrClaim.

public static void openLoginFormWithAcrClaim(OAuthClient oauth, boolean essential, String... acrValues) {
    ClaimsRepresentation.ClaimValue<String> acrClaim = new ClaimsRepresentation.ClaimValue<>();
    acrClaim.setEssential(essential);
    acrClaim.setValues(Arrays.asList(acrValues));
    ClaimsRepresentation claims = new ClaimsRepresentation();
    claims.setIdTokenClaims(Collections.singletonMap(IDToken.ACR, acrClaim));
    oauth.claims(claims);
    oauth.openLoginForm();
}
Also used : ClaimsRepresentation(org.keycloak.representations.ClaimsRepresentation)

Aggregations

ClaimsRepresentation (org.keycloak.representations.ClaimsRepresentation)3 Test (org.junit.Test)2 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 Math.toIntExact (java.lang.Math.toIntExact)1 URL (java.net.URL)1 List (java.util.List)1 Map (java.util.Map)1 CoreMatchers.anyOf (org.hamcrest.CoreMatchers.anyOf)1 CoreMatchers.both (org.hamcrest.CoreMatchers.both)1 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)1 Matchers.greaterThan (org.hamcrest.Matchers.greaterThan)1 Matchers.is (org.hamcrest.Matchers.is)1 Matchers.lessThan (org.hamcrest.Matchers.lessThan)1 IsMapContaining.hasEntry (org.hamcrest.collection.IsMapContaining.hasEntry)1 Page (org.jboss.arquillian.graphene.page.Page)1 Assert.assertEquals (org.junit.Assert.assertEquals)1 Assert.assertThat (org.junit.Assert.assertThat)1 Assert.assertTrue (org.junit.Assert.assertTrue)1 Assume (org.junit.Assume)1