use of org.keycloak.representations.idm.IdentityProviderMapperRepresentation in project keycloak by keycloak.
the class KcSamlMultipleAttributeToRoleMappersTest method createMapperInIdp.
@Override
protected void createMapperInIdp(IdentityProviderRepresentation idp, IdentityProviderMapperSyncMode syncMode) {
// first mapper that maps a role the test user has - it should perform the mapping.
IdentityProviderMapperRepresentation firstSamlAttributeToRoleMapper = new IdentityProviderMapperRepresentation();
firstSamlAttributeToRoleMapper.setName("first-role-mapper");
firstSamlAttributeToRoleMapper.setIdentityProviderMapper(AttributeToRoleMapper.PROVIDER_ID);
firstSamlAttributeToRoleMapper.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()).put(UserAttributeMapper.ATTRIBUTE_NAME, "Role").put(ATTRIBUTE_VALUE, ROLE_USER).put(ConfigConstants.ROLE, CLIENT_ROLE_MAPPER_REPRESENTATION).build());
IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
firstSamlAttributeToRoleMapper.setIdentityProviderAlias(bc.getIDPAlias());
idpResource.addMapper(firstSamlAttributeToRoleMapper).close();
// second mapper that maps a role the test user doesn't have - it would normally end up removing the mapped role but
// it should now check if a previous mapper has already granted the same mapped role.
IdentityProviderMapperRepresentation secondSamlAttributeToRoleMapper = new IdentityProviderMapperRepresentation();
secondSamlAttributeToRoleMapper.setName("second-role-mapper");
secondSamlAttributeToRoleMapper.setIdentityProviderMapper(AttributeToRoleMapper.PROVIDER_ID);
secondSamlAttributeToRoleMapper.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()).put(UserAttributeMapper.ATTRIBUTE_NAME, "Role").put(ATTRIBUTE_VALUE, "missing-role").put(ConfigConstants.ROLE, CLIENT_ROLE_MAPPER_REPRESENTATION).build());
secondSamlAttributeToRoleMapper.setIdentityProviderAlias(bc.getIDPAlias());
idpResource.addMapper(secondSamlAttributeToRoleMapper).close();
// third mapper (advanced) that maps an attribute the test user doesn't have - it would normally end up removing the
// mapped role but it should now check if a previous mapper has already granted the same role.
IdentityProviderMapperRepresentation thirdSamlAttributeToRoleMapper = new IdentityProviderMapperRepresentation();
thirdSamlAttributeToRoleMapper.setName("advanced-role-mapper");
thirdSamlAttributeToRoleMapper.setIdentityProviderMapper(AdvancedAttributeToRoleMapper.PROVIDER_ID);
thirdSamlAttributeToRoleMapper.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()).put(AdvancedAttributeToRoleMapper.ATTRIBUTE_PROPERTY_NAME, ATTRIBUTES_TO_MATCH).put(AdvancedAttributeToRoleMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME, Boolean.FALSE.toString()).put(ConfigConstants.ROLE, CLIENT_ROLE_MAPPER_REPRESENTATION).build());
thirdSamlAttributeToRoleMapper.setIdentityProviderAlias(bc.getIDPAlias());
idpResource.addMapper(thirdSamlAttributeToRoleMapper).close();
}
use of org.keycloak.representations.idm.IdentityProviderMapperRepresentation in project keycloak by keycloak.
the class KcSamlSpDescriptorTest method testAttributeConsumingServiceAttributeRoleMapperInSpMetadataWithServiceName.
@Test
public void testAttributeConsumingServiceAttributeRoleMapperInSpMetadataWithServiceName() throws IOException, ParsingException, URISyntaxException {
try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.ATTRIBUTE_CONSUMING_SERVICE_INDEX, "9").setAttribute(SAMLIdentityProviderConfig.ATTRIBUTE_CONSUMING_SERVICE_NAME, "My Attribute Set").update()) {
IdentityProviderMapperRepresentation attrMapperRole = new IdentityProviderMapperRepresentation();
attrMapperRole.setName("attribute-mapper-someroleattribute");
attrMapperRole.setIdentityProviderMapper(AttributeToRoleMapper.PROVIDER_ID);
attrMapperRole.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, IdentityProviderMapperSyncMode.INHERIT.toString()).put(AttributeToRoleMapper.ATTRIBUTE_NAME, "role_attr_name").put(AttributeToRoleMapper.ATTRIBUTE_FRIENDLY_NAME, "role_attr_friendlyname").put(ConfigConstants.ROLE, "somerole").build());
attrMapperRole.setIdentityProviderAlias(bc.getIDPAlias());
identityProviderResource.addMapper(attrMapperRole);
String spDescriptorString = identityProviderResource.export(null).readEntity(String.class);
SAMLParser parser = SAMLParser.getInstance();
EntityDescriptorType o = (EntityDescriptorType) parser.parse(new StringInputStream(spDescriptorString));
SPSSODescriptorType spDescriptor = o.getChoiceType().get(0).getDescriptors().get(0).getSpDescriptor();
assertThat(spDescriptor.getAttributeConsumingService(), not(empty()));
assertThat(spDescriptor.getAttributeConsumingService().get(0).getIndex(), is(9));
assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute(), notNullValue());
assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute(), not(empty()));
assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute().get(0).getName(), is("role_attr_name"));
assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute().get(0).getFriendlyName(), is("role_attr_friendlyname"));
assertThat(spDescriptor.getAttributeConsumingService().get(0).getServiceName(), notNullValue());
assertThat(spDescriptor.getAttributeConsumingService().get(0).getServiceName().get(0).getValue(), is("My Attribute Set"));
}
}
use of org.keycloak.representations.idm.IdentityProviderMapperRepresentation in project keycloak by keycloak.
the class KcSamlSpDescriptorTest method testAttributeConsumingServiceMappersInSpMetadataWithServiceName.
@Test
public void testAttributeConsumingServiceMappersInSpMetadataWithServiceName() throws IOException, ParsingException, URISyntaxException {
try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.ATTRIBUTE_CONSUMING_SERVICE_INDEX, "12").setAttribute(SAMLIdentityProviderConfig.ATTRIBUTE_CONSUMING_SERVICE_NAME, "My Attribute Set").update()) {
IdentityProviderMapperRepresentation attrMapperEmail = new IdentityProviderMapperRepresentation();
attrMapperEmail.setName("attribute-mapper-email");
attrMapperEmail.setIdentityProviderMapper(UserAttributeMapper.PROVIDER_ID);
attrMapperEmail.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, IdentityProviderMapperSyncMode.INHERIT.toString()).put(UserAttributeMapper.ATTRIBUTE_NAME, "email_attr_name").put(UserAttributeMapper.ATTRIBUTE_FRIENDLY_NAME, "email_attr_friendlyname").put(UserAttributeMapper.USER_ATTRIBUTE, "email").build());
attrMapperEmail.setIdentityProviderAlias(bc.getIDPAlias());
identityProviderResource.addMapper(attrMapperEmail);
String spDescriptorString = identityProviderResource.export(null).readEntity(String.class);
SAMLParser parser = SAMLParser.getInstance();
EntityDescriptorType o = (EntityDescriptorType) parser.parse(new StringInputStream(spDescriptorString));
SPSSODescriptorType spDescriptor = o.getChoiceType().get(0).getDescriptors().get(0).getSpDescriptor();
assertThat(spDescriptor.getAttributeConsumingService(), not(empty()));
assertThat(spDescriptor.getAttributeConsumingService().get(0).getIndex(), is(12));
assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute(), notNullValue());
assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute(), not(empty()));
assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute().get(0).getName(), is("email_attr_name"));
assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute().get(0).getFriendlyName(), is("email_attr_friendlyname"));
assertThat(spDescriptor.getAttributeConsumingService().get(0).getServiceName(), notNullValue());
assertThat(spDescriptor.getAttributeConsumingService().get(0).getServiceName().get(0).getValue(), is("My Attribute Set"));
}
}
use of org.keycloak.representations.idm.IdentityProviderMapperRepresentation in project keycloak by keycloak.
the class KcSamlUsernameTemplateMapperTest method createMapperInIdp.
@Override
protected void createMapperInIdp(IdentityProviderRepresentation idp, IdentityProviderMapperSyncMode syncMode) {
IdentityProviderMapperRepresentation usernameTemplateMapper = new IdentityProviderMapperRepresentation();
usernameTemplateMapper.setName("saml-username-template-mapper");
usernameTemplateMapper.setIdentityProviderMapper(PROVIDER_ID);
usernameTemplateMapper.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()).put("template", "${ALIAS}-${ATTRIBUTE.user-attribute}").build());
IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
usernameTemplateMapper.setIdentityProviderAlias(bc.getIDPAlias());
idpResource.addMapper(usernameTemplateMapper).close();
}
use of org.keycloak.representations.idm.IdentityProviderMapperRepresentation in project keycloak by keycloak.
the class OidcAdvancedClaimToGroupMapperTest method createMapperInIdp.
@Override
protected void createMapperInIdp(IdentityProviderRepresentation idp, String claimsOrAttributeRepresentation, boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode) {
IdentityProviderMapperRepresentation advancedClaimToGroupMapper = new IdentityProviderMapperRepresentation();
advancedClaimToGroupMapper.setName("advanced-claim-to-group-mapper");
advancedClaimToGroupMapper.setIdentityProviderMapper(AdvancedClaimToGroupMapper.PROVIDER_ID);
advancedClaimToGroupMapper.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()).put(AdvancedClaimToGroupMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation).put(AdvancedClaimToGroupMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME, areClaimsOrAttributeValuesRegexes ? "true" : "false").put(ConfigConstants.GROUP, MAPPER_TEST_GROUP_PATH).build());
IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
advancedClaimToGroupMapper.setIdentityProviderAlias(bc.getIDPAlias());
idpResource.addMapper(advancedClaimToGroupMapper).close();
}
Aggregations