Search in sources :

Example 1 with IdentityProviderMapperRepresentation

use of org.keycloak.representations.idm.IdentityProviderMapperRepresentation in project keycloak by keycloak.

the class KcSamlMultipleAttributeToRoleMappersTest method createMapperInIdp.

@Override
protected void createMapperInIdp(IdentityProviderRepresentation idp, IdentityProviderMapperSyncMode syncMode) {
    // first mapper that maps a role the test user has - it should perform the mapping.
    IdentityProviderMapperRepresentation firstSamlAttributeToRoleMapper = new IdentityProviderMapperRepresentation();
    firstSamlAttributeToRoleMapper.setName("first-role-mapper");
    firstSamlAttributeToRoleMapper.setIdentityProviderMapper(AttributeToRoleMapper.PROVIDER_ID);
    firstSamlAttributeToRoleMapper.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()).put(UserAttributeMapper.ATTRIBUTE_NAME, "Role").put(ATTRIBUTE_VALUE, ROLE_USER).put(ConfigConstants.ROLE, CLIENT_ROLE_MAPPER_REPRESENTATION).build());
    IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
    firstSamlAttributeToRoleMapper.setIdentityProviderAlias(bc.getIDPAlias());
    idpResource.addMapper(firstSamlAttributeToRoleMapper).close();
    // second mapper that maps a role the test user doesn't have - it would normally end up removing the mapped role but
    // it should now check if a previous mapper has already granted the same mapped role.
    IdentityProviderMapperRepresentation secondSamlAttributeToRoleMapper = new IdentityProviderMapperRepresentation();
    secondSamlAttributeToRoleMapper.setName("second-role-mapper");
    secondSamlAttributeToRoleMapper.setIdentityProviderMapper(AttributeToRoleMapper.PROVIDER_ID);
    secondSamlAttributeToRoleMapper.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()).put(UserAttributeMapper.ATTRIBUTE_NAME, "Role").put(ATTRIBUTE_VALUE, "missing-role").put(ConfigConstants.ROLE, CLIENT_ROLE_MAPPER_REPRESENTATION).build());
    secondSamlAttributeToRoleMapper.setIdentityProviderAlias(bc.getIDPAlias());
    idpResource.addMapper(secondSamlAttributeToRoleMapper).close();
    // third mapper (advanced) that maps an attribute the test user doesn't have - it would normally end up removing the
    // mapped role but it should now check if a previous mapper has already granted the same role.
    IdentityProviderMapperRepresentation thirdSamlAttributeToRoleMapper = new IdentityProviderMapperRepresentation();
    thirdSamlAttributeToRoleMapper.setName("advanced-role-mapper");
    thirdSamlAttributeToRoleMapper.setIdentityProviderMapper(AdvancedAttributeToRoleMapper.PROVIDER_ID);
    thirdSamlAttributeToRoleMapper.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()).put(AdvancedAttributeToRoleMapper.ATTRIBUTE_PROPERTY_NAME, ATTRIBUTES_TO_MATCH).put(AdvancedAttributeToRoleMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME, Boolean.FALSE.toString()).put(ConfigConstants.ROLE, CLIENT_ROLE_MAPPER_REPRESENTATION).build());
    thirdSamlAttributeToRoleMapper.setIdentityProviderAlias(bc.getIDPAlias());
    idpResource.addMapper(thirdSamlAttributeToRoleMapper).close();
}
Also used : IdentityProviderMapperRepresentation(org.keycloak.representations.idm.IdentityProviderMapperRepresentation) IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource)

Example 2 with IdentityProviderMapperRepresentation

use of org.keycloak.representations.idm.IdentityProviderMapperRepresentation in project keycloak by keycloak.

the class KcSamlSpDescriptorTest method testAttributeConsumingServiceAttributeRoleMapperInSpMetadataWithServiceName.

@Test
public void testAttributeConsumingServiceAttributeRoleMapperInSpMetadataWithServiceName() throws IOException, ParsingException, URISyntaxException {
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.ATTRIBUTE_CONSUMING_SERVICE_INDEX, "9").setAttribute(SAMLIdentityProviderConfig.ATTRIBUTE_CONSUMING_SERVICE_NAME, "My Attribute Set").update()) {
        IdentityProviderMapperRepresentation attrMapperRole = new IdentityProviderMapperRepresentation();
        attrMapperRole.setName("attribute-mapper-someroleattribute");
        attrMapperRole.setIdentityProviderMapper(AttributeToRoleMapper.PROVIDER_ID);
        attrMapperRole.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, IdentityProviderMapperSyncMode.INHERIT.toString()).put(AttributeToRoleMapper.ATTRIBUTE_NAME, "role_attr_name").put(AttributeToRoleMapper.ATTRIBUTE_FRIENDLY_NAME, "role_attr_friendlyname").put(ConfigConstants.ROLE, "somerole").build());
        attrMapperRole.setIdentityProviderAlias(bc.getIDPAlias());
        identityProviderResource.addMapper(attrMapperRole);
        String spDescriptorString = identityProviderResource.export(null).readEntity(String.class);
        SAMLParser parser = SAMLParser.getInstance();
        EntityDescriptorType o = (EntityDescriptorType) parser.parse(new StringInputStream(spDescriptorString));
        SPSSODescriptorType spDescriptor = o.getChoiceType().get(0).getDescriptors().get(0).getSpDescriptor();
        assertThat(spDescriptor.getAttributeConsumingService(), not(empty()));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getIndex(), is(9));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute(), notNullValue());
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute(), not(empty()));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute().get(0).getName(), is("role_attr_name"));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute().get(0).getFriendlyName(), is("role_attr_friendlyname"));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getServiceName(), notNullValue());
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getServiceName().get(0).getValue(), is("My Attribute Set"));
    }
}
Also used : IdentityProviderMapperRepresentation(org.keycloak.representations.idm.IdentityProviderMapperRepresentation) StringInputStream(org.apache.tools.ant.filters.StringInputStream) Closeable(java.io.Closeable) IdentityProviderAttributeUpdater(org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater) SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) Test(org.junit.Test)

Example 3 with IdentityProviderMapperRepresentation

use of org.keycloak.representations.idm.IdentityProviderMapperRepresentation in project keycloak by keycloak.

the class KcSamlSpDescriptorTest method testAttributeConsumingServiceMappersInSpMetadataWithServiceName.

@Test
public void testAttributeConsumingServiceMappersInSpMetadataWithServiceName() throws IOException, ParsingException, URISyntaxException {
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.ATTRIBUTE_CONSUMING_SERVICE_INDEX, "12").setAttribute(SAMLIdentityProviderConfig.ATTRIBUTE_CONSUMING_SERVICE_NAME, "My Attribute Set").update()) {
        IdentityProviderMapperRepresentation attrMapperEmail = new IdentityProviderMapperRepresentation();
        attrMapperEmail.setName("attribute-mapper-email");
        attrMapperEmail.setIdentityProviderMapper(UserAttributeMapper.PROVIDER_ID);
        attrMapperEmail.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, IdentityProviderMapperSyncMode.INHERIT.toString()).put(UserAttributeMapper.ATTRIBUTE_NAME, "email_attr_name").put(UserAttributeMapper.ATTRIBUTE_FRIENDLY_NAME, "email_attr_friendlyname").put(UserAttributeMapper.USER_ATTRIBUTE, "email").build());
        attrMapperEmail.setIdentityProviderAlias(bc.getIDPAlias());
        identityProviderResource.addMapper(attrMapperEmail);
        String spDescriptorString = identityProviderResource.export(null).readEntity(String.class);
        SAMLParser parser = SAMLParser.getInstance();
        EntityDescriptorType o = (EntityDescriptorType) parser.parse(new StringInputStream(spDescriptorString));
        SPSSODescriptorType spDescriptor = o.getChoiceType().get(0).getDescriptors().get(0).getSpDescriptor();
        assertThat(spDescriptor.getAttributeConsumingService(), not(empty()));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getIndex(), is(12));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute(), notNullValue());
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute(), not(empty()));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute().get(0).getName(), is("email_attr_name"));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute().get(0).getFriendlyName(), is("email_attr_friendlyname"));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getServiceName(), notNullValue());
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getServiceName().get(0).getValue(), is("My Attribute Set"));
    }
}
Also used : IdentityProviderMapperRepresentation(org.keycloak.representations.idm.IdentityProviderMapperRepresentation) StringInputStream(org.apache.tools.ant.filters.StringInputStream) Closeable(java.io.Closeable) IdentityProviderAttributeUpdater(org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater) SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) Test(org.junit.Test)

Example 4 with IdentityProviderMapperRepresentation

use of org.keycloak.representations.idm.IdentityProviderMapperRepresentation in project keycloak by keycloak.

the class KcSamlUsernameTemplateMapperTest method createMapperInIdp.

@Override
protected void createMapperInIdp(IdentityProviderRepresentation idp, IdentityProviderMapperSyncMode syncMode) {
    IdentityProviderMapperRepresentation usernameTemplateMapper = new IdentityProviderMapperRepresentation();
    usernameTemplateMapper.setName("saml-username-template-mapper");
    usernameTemplateMapper.setIdentityProviderMapper(PROVIDER_ID);
    usernameTemplateMapper.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()).put("template", "${ALIAS}-${ATTRIBUTE.user-attribute}").build());
    IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
    usernameTemplateMapper.setIdentityProviderAlias(bc.getIDPAlias());
    idpResource.addMapper(usernameTemplateMapper).close();
}
Also used : IdentityProviderMapperRepresentation(org.keycloak.representations.idm.IdentityProviderMapperRepresentation) IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource)

Example 5 with IdentityProviderMapperRepresentation

use of org.keycloak.representations.idm.IdentityProviderMapperRepresentation in project keycloak by keycloak.

the class OidcAdvancedClaimToGroupMapperTest method createMapperInIdp.

@Override
protected void createMapperInIdp(IdentityProviderRepresentation idp, String claimsOrAttributeRepresentation, boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode) {
    IdentityProviderMapperRepresentation advancedClaimToGroupMapper = new IdentityProviderMapperRepresentation();
    advancedClaimToGroupMapper.setName("advanced-claim-to-group-mapper");
    advancedClaimToGroupMapper.setIdentityProviderMapper(AdvancedClaimToGroupMapper.PROVIDER_ID);
    advancedClaimToGroupMapper.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()).put(AdvancedClaimToGroupMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation).put(AdvancedClaimToGroupMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME, areClaimsOrAttributeValuesRegexes ? "true" : "false").put(ConfigConstants.GROUP, MAPPER_TEST_GROUP_PATH).build());
    IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
    advancedClaimToGroupMapper.setIdentityProviderAlias(bc.getIDPAlias());
    idpResource.addMapper(advancedClaimToGroupMapper).close();
}
Also used : IdentityProviderMapperRepresentation(org.keycloak.representations.idm.IdentityProviderMapperRepresentation) IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource)

Aggregations

IdentityProviderMapperRepresentation (org.keycloak.representations.idm.IdentityProviderMapperRepresentation)34 IdentityProviderResource (org.keycloak.admin.client.resource.IdentityProviderResource)25 Test (org.junit.Test)9 RealmResource (org.keycloak.admin.client.resource.RealmResource)7 Response (javax.ws.rs.core.Response)6 IdentityProviderRepresentation (org.keycloak.representations.idm.IdentityProviderRepresentation)5 Closeable (java.io.Closeable)3 HashMap (java.util.HashMap)3 StringInputStream (org.apache.tools.ant.filters.StringInputStream)3 Matchers.containsString (org.hamcrest.Matchers.containsString)3 EntityDescriptorType (org.keycloak.dom.saml.v2.metadata.EntityDescriptorType)3 SPSSODescriptorType (org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType)3 SAMLParser (org.keycloak.saml.processing.core.parsers.saml.SAMLParser)3 IdentityProviderAttributeUpdater (org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater)3 Before (org.junit.Before)2 NotFoundException (javax.ws.rs.NotFoundException)1 MultipartFormDataOutput (org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput)1 ClientsResource (org.keycloak.admin.client.resource.ClientsResource)1 AuthenticationExecutionInfoRepresentation (org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)1 AuthenticationFlowRepresentation (org.keycloak.representations.idm.AuthenticationFlowRepresentation)1