Example 71 with ProtocolMapperRepresentation
use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.
the class TokenIntrospectionTest method afterAbstractKeycloakTestRealmImport.
@Override
protected void afterAbstractKeycloakTestRealmImport() {
ClientScopesResource clientScopesResource = testRealm().clientScopes();
List<ClientScopeRepresentation> clientScopeRepresentations = clientScopesResource.findAll();
for (ClientScopeRepresentation scope : clientScopeRepresentations) {
List<ProtocolMapperRepresentation> mappers = scope.getProtocolMappers();
if (mappers != null) {
for (ProtocolMapperRepresentation mapper : mappers) {
if ("username".equals(mapper.getName())) {
Map<String, String> config = mapper.getConfig();
config.put("user.attribute", "username");
config.put("claim.name", "preferred_username12");
clientScopesResource.get(scope.getId()).getProtocolMappers().update(mapper.getId(), mapper);
}
}
}
}
}
Also used :
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
ClientScopesResource(org.keycloak.admin.client.resource.ClientScopesResource)
Example 72 with ProtocolMapperRepresentation
use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.
the class AudienceTest method testAudienceProtocolMapperWithClientAudience.
@Test
public void testAudienceProtocolMapperWithClientAudience() throws Exception {
// Add audience protocol mapper to the clientScope "audience-scope"
ProtocolMapperRepresentation audienceMapper = ProtocolMapperUtil.createAudienceMapper("audience mapper", "service-client", null, true, false);
ClientScopeResource clientScope = ApiUtil.findClientScopeByName(testRealm(), "audience-scope");
Response resp = clientScope.getProtocolMappers().createMapper(audienceMapper);
String mapperId = ApiUtil.getCreatedId(resp);
resp.close();
// Login and check audiences in the token (just accessToken contains it)
oauth.scope("openid audience-scope");
oauth.doLogin("john", "password");
EventRepresentation loginEvent = events.expectLogin().user(userId).assertEvent();
Tokens tokens = sendTokenRequest(loginEvent, userId, "openid profile email audience-scope", "test-app");
assertAudiences(tokens.accessToken, "service-client");
assertAudiences(tokens.idToken, "test-app");
// Revert
clientScope.getProtocolMappers().delete(mapperId);
}
Also used :
Response(javax.ws.rs.core.Response)
ClientScopeResource(org.keycloak.admin.client.resource.ClientScopeResource)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
EventRepresentation(org.keycloak.representations.idm.EventRepresentation)
Test(org.junit.Test)
Example 73 with ProtocolMapperRepresentation
use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.
the class OAuthGrantTest method oauthGrantClientScopeMappers.
// KEYCLOAK-4326
@Test
public void oauthGrantClientScopeMappers() throws Exception {
// Add client scope with some protocol mapper
RealmResource appRealm = adminClient.realm(REALM_NAME);
ClientScopeRepresentation scope1 = new ClientScopeRepresentation();
scope1.setName("foo-addr");
scope1.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Response response = appRealm.clientScopes().create(scope1);
String fooScopeId = ApiUtil.getCreatedId(response);
response.close();
ProtocolMapperRepresentation protocolMapper = ProtocolMapperUtil.createAddressMapper(true, true, true);
response = appRealm.clientScopes().get(fooScopeId).getProtocolMappers().createMapper(protocolMapper);
response.close();
// Add clientScope to client
ClientResource thirdParty = findClientByClientId(appRealm, THIRD_PARTY_APP);
thirdParty.addDefaultClientScope(fooScopeId);
getCleanup().addClientScopeId(fooScopeId);
// Login
oauth.clientId(THIRD_PARTY_APP);
oauth.doLoginGrant("test-user@localhost", "password");
grantPage.assertCurrent();
grantPage.assertGrants(OAuthGrantPage.EMAIL_CONSENT_TEXT, OAuthGrantPage.PROFILE_CONSENT_TEXT, OAuthGrantPage.ROLES_CONSENT_TEXT, "foo-addr");
grantPage.accept();
events.expectLogin().client(THIRD_PARTY_APP).detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).assertEvent();
// Go to user's application screen
accountAppsPage.open();
Assert.assertTrue(accountAppsPage.isCurrent());
Map<String, AccountApplicationsPage.AppEntry> apps = accountAppsPage.getApplications();
Assert.assertTrue(apps.containsKey("third-party"));
Assert.assertTrue(apps.get("third-party").getClientScopesGranted().contains("foo-addr"));
// Login as admin and see the consent screen of particular user
UserResource user = ApiUtil.findUserByUsernameId(appRealm, "test-user@localhost");
List<Map<String, Object>> consents = user.getConsents();
Assert.assertEquals(1, consents.size());
// Assert automatically logged another time
oauth.openLoginForm();
appPage.assertCurrent();
events.expectLogin().detail(Details.AUTH_METHOD, OIDCLoginProtocol.LOGIN_PROTOCOL).detail(Details.CONSENT, Details.CONSENT_VALUE_PERSISTED_CONSENT).removeDetail(Details.USERNAME).client(THIRD_PARTY_APP).assertEvent();
// Revoke
accountAppsPage.open();
accountAppsPage.revokeGrant(THIRD_PARTY_APP);
events.expect(EventType.REVOKE_GRANT).client("account").detail(Details.REVOKED_CLIENT, THIRD_PARTY_APP).assertEvent();
// Cleanup
thirdParty.removeDefaultClientScope(fooScopeId);
}
Also used :
Response(javax.ws.rs.core.Response)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
UserResource(org.keycloak.admin.client.resource.UserResource)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
HashMap(java.util.HashMap)
Map(java.util.Map)
Test(org.junit.Test)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Example 74 with ProtocolMapperRepresentation
use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.
the class GroupPathWithoutGroupClaimPolicyTest method addTestRealms.
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
ProtocolMapperRepresentation groupProtocolMapper = new ProtocolMapperRepresentation();
groupProtocolMapper.setName("groups");
groupProtocolMapper.setProtocolMapper(GroupMembershipMapper.PROVIDER_ID);
groupProtocolMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Map<String, String> config = new HashMap<>();
config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "groups");
config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
groupProtocolMapper.setConfig(config);
testRealms.add(RealmBuilder.create().name("authz-test").roles(RolesBuilder.create().realmRole(RoleBuilder.create().name("uma_authorization").build())).group(GroupBuilder.create().name("Group A").subGroups(Arrays.asList("Group B", "Group D").stream().map(name -> {
if ("Group B".equals(name)) {
return GroupBuilder.create().name(name).subGroups(Arrays.asList("Group C", "Group E").stream().map(new Function<String, GroupRepresentation>() {
@Override
public GroupRepresentation apply(String name) {
return GroupBuilder.create().name(name).build();
}
}).collect(Collectors.toList())).build();
}
return GroupBuilder.create().name(name).build();
}).collect(Collectors.toList())).build()).group(GroupBuilder.create().name("Group E").build()).user(UserBuilder.create().username("marta").password("password").addRoles("uma_authorization").addGroups("Group A")).user(UserBuilder.create().username("alice").password("password").addRoles("uma_authorization")).user(UserBuilder.create().username("kolo").password("password").addRoles("uma_authorization")).client(ClientBuilder.create().clientId("resource-server-test").secret("secret").authorizationServicesEnabled(true).redirectUris("http://localhost/resource-server-test").defaultRoles("uma_protection").directAccessGrants()).build());
}
Also used :
GroupMembershipMapper(org.keycloak.protocol.oidc.mappers.GroupMembershipMapper)
Arrays(java.util.Arrays)
OIDCAttributeMapperHelper(org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
RolesBuilder(org.keycloak.testsuite.util.RolesBuilder)
HashMap(java.util.HashMap)
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
Function(java.util.function.Function)
Collectors(java.util.stream.Collectors)
RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
RoleBuilder(org.keycloak.testsuite.util.RoleBuilder)
List(java.util.List)
RealmBuilder(org.keycloak.testsuite.util.RealmBuilder)
UserBuilder(org.keycloak.testsuite.util.UserBuilder)
Map(java.util.Map)
ClientBuilder(org.keycloak.testsuite.util.ClientBuilder)
OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol)
AuthServer(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer)
GroupBuilder(org.keycloak.testsuite.util.GroupBuilder)
GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation)
HashMap(java.util.HashMap)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
Example 75 with ProtocolMapperRepresentation
use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.
the class RegexPolicyTest method addTestRealms.
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
ProtocolMapperRepresentation userAttrFooProtocolMapper = new ProtocolMapperRepresentation();
userAttrFooProtocolMapper.setName("userAttrFoo");
userAttrFooProtocolMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);
userAttrFooProtocolMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Map<String, String> configFoo = new HashMap<>();
configFoo.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
configFoo.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
configFoo.put(OIDCAttributeMapperHelper.JSON_TYPE, "String");
configFoo.put("user.attribute", "foo");
configFoo.put("claim.name", "foo");
userAttrFooProtocolMapper.setConfig(configFoo);
ProtocolMapperRepresentation userAttrBarProtocolMapper = new ProtocolMapperRepresentation();
userAttrBarProtocolMapper.setName("userAttrBar");
userAttrBarProtocolMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);
userAttrBarProtocolMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Map<String, String> configBar = new HashMap<>();
configBar.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
configBar.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
configBar.put(OIDCAttributeMapperHelper.JSON_TYPE, "String");
configBar.put("user.attribute", "bar");
configBar.put("claim.name", "bar");
userAttrBarProtocolMapper.setConfig(configBar);
testRealms.add(RealmBuilder.create().name("authz-test").user(UserBuilder.create().username("marta").password("password").addAttribute("foo", "foo").addAttribute("bar", "barbar")).user(UserBuilder.create().username("taro").password("password").addAttribute("foo", "faa").addAttribute("bar", "bbarbar")).client(ClientBuilder.create().clientId("resource-server-test").secret("secret").authorizationServicesEnabled(true).redirectUris("http://localhost/resource-server-test").directAccessGrants().protocolMapper(userAttrFooProtocolMapper, userAttrBarProtocolMapper)).build());
}
Also used :
HashMap(java.util.HashMap)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
Aggregations
ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)107
Test (org.junit.Test)68
HashMap (java.util.HashMap)30
Response (javax.ws.rs.core.Response)30
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)27
Map (java.util.Map)23
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)20
ClientResource (org.keycloak.admin.client.resource.ClientResource)19
OAuthClient (org.keycloak.testsuite.util.OAuthClient)17
RealmResource (org.keycloak.admin.client.resource.RealmResource)14
List (java.util.List)13
ProtocolMappersResource (org.keycloak.admin.client.resource.ProtocolMappersResource)12
IDToken (org.keycloak.representations.IDToken)12
Matchers.isEmptyOrNullString (org.hamcrest.Matchers.isEmptyOrNullString)11
ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)11
AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)10
UserRepresentation (org.keycloak.representations.idm.UserRepresentation)8
ArrayList (java.util.ArrayList)7
LinkedList (java.util.LinkedList)7
AccessToken (org.keycloak.representations.AccessToken)7
