Example 91 with ProtocolMapperRepresentation
use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.
the class OIDCProtocolMappersTest method testUserRoleToAttributeMappersWithFullScopeDisabled.
/**
* KEYCLOAK-5259
* @throws Exception
*/
@Test
public void testUserRoleToAttributeMappersWithFullScopeDisabled() throws Exception {
// Add mapper for realm roles
ProtocolMapperRepresentation realmMapper = ProtocolMapperUtil.createUserRealmRoleMappingMapper("pref.", "Realm roles mapper", "roles-custom.realm", true, true, true);
ProtocolMapperRepresentation clientMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper("test-app", null, "Client roles mapper", "roles-custom.test-app", true, true, true);
ClientResource client = ApiUtil.findClientResourceByClientId(adminClient.realm("test"), "test-app");
// Disable full-scope-allowed
ClientRepresentation rep = client.toRepresentation();
rep.setFullScopeAllowed(false);
client.update(rep);
ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(adminClient.realm("test"), "test-app").getProtocolMappers();
protocolMappers.createMapper(Arrays.asList(realmMapper, clientMapper));
// Login user
OAuthClient.AccessTokenResponse response = browserLogin("password", "test-user@localhost", "password");
IDToken idToken = oauth.verifyIDToken(response.getIdToken());
// Verify attribute is filled
Map<String, Object> roleMappings = (Map<String, Object>) idToken.getOtherClaims().get("roles-custom");
Assert.assertThat(roleMappings.keySet(), containsInAnyOrder("realm", "test-app"));
Assert.assertThat(roleMappings.get("realm"), CoreMatchers.instanceOf(List.class));
Assert.assertThat(roleMappings.get("test-app"), CoreMatchers.instanceOf(List.class));
List<String> realmRoleMappings = (List<String>) roleMappings.get("realm");
List<String> testAppMappings = (List<String>) roleMappings.get("test-app");
assertRoles(realmRoleMappings, // from direct assignment in user definition
"pref.user");
assertRoles(testAppMappings, // from direct assignment in user definition
"customer-user");
// Revert
deleteMappers(protocolMappers);
rep = client.toRepresentation();
rep.setFullScopeAllowed(true);
client.update(rep);
}
Also used :
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
IDToken(org.keycloak.representations.IDToken)
List(java.util.List)
Map(java.util.Map)
HashMap(java.util.HashMap)
ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Test(org.junit.Test)
Example 92 with ProtocolMapperRepresentation
use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.
the class RepresentationToModel method createClientScope.
public static ClientScopeModel createClientScope(KeycloakSession session, RealmModel realm, ClientScopeRepresentation resourceRep) {
logger.debugv("Create client scope: {0}", resourceRep.getName());
ClientScopeModel clientScope = resourceRep.getId() != null ? realm.addClientScope(resourceRep.getId(), resourceRep.getName()) : realm.addClientScope(resourceRep.getName());
if (resourceRep.getName() != null)
clientScope.setName(resourceRep.getName());
if (resourceRep.getDescription() != null)
clientScope.setDescription(resourceRep.getDescription());
if (resourceRep.getProtocol() != null)
clientScope.setProtocol(resourceRep.getProtocol());
if (resourceRep.getProtocolMappers() != null) {
// first, remove all default/built in mappers
clientScope.getProtocolMappersStream().collect(Collectors.toList()).forEach(clientScope::removeProtocolMapper);
for (ProtocolMapperRepresentation mapper : resourceRep.getProtocolMappers()) {
clientScope.addProtocolMapper(toModel(mapper));
}
MigrationUtils.updateProtocolMappers(clientScope);
}
if (resourceRep.getAttributes() != null) {
for (Map.Entry<String, String> entry : resourceRep.getAttributes().entrySet()) {
clientScope.setAttribute(entry.getKey(), entry.getValue());
}
}
return clientScope;
}
Also used :
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
ClientScopeModel(org.keycloak.models.ClientScopeModel)
ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString)
Map(java.util.Map)
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
HashMap(java.util.HashMap)
Example 93 with ProtocolMapperRepresentation
use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.
the class EntitlementAPITest method testProcessMappersForTargetAudience.
@Test
public void testProcessMappersForTargetAudience() throws Exception {
ClientResource publicClient = getClient(getRealm(), PUBLIC_TEST_CLIENT);
ProtocolMapperRepresentation customClaimMapper = new ProtocolMapperRepresentation();
customClaimMapper.setName("custom_claim");
customClaimMapper.setProtocolMapper(HardcodedClaim.PROVIDER_ID);
customClaimMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Map<String, String> config = new HashMap<>();
config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "custom_claim");
config.put(HardcodedClaim.CLAIM_VALUE, PUBLIC_TEST_CLIENT);
config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
customClaimMapper.setConfig(config);
publicClient.getProtocolMappers().createMapper(customClaimMapper);
ClientResource client = getClient(getRealm(), RESOURCE_SERVER_TEST);
config.put(HardcodedClaim.CLAIM_VALUE, RESOURCE_SERVER_TEST);
client.getProtocolMappers().createMapper(customClaimMapper);
AuthorizationResource authorization = client.authorization();
JSPolicyRepresentation policy = new JSPolicyRepresentation();
policy.setName(KeycloakModelUtils.generateId());
policy.setCode("$evaluation.grant();");
authorization.policies().js().create(policy).close();
ResourceRepresentation resource = new ResourceRepresentation();
resource.setName("Sensors");
try (Response response = authorization.resources().create(resource)) {
resource = response.readEntity(ResourceRepresentation.class);
}
ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
permission.setName("View Sensor");
permission.addResource(resource.getName());
permission.addPolicy(policy.getName());
authorization.permissions().resource().create(permission).close();
oauth.realm("authz-test");
oauth.clientId(PUBLIC_TEST_CLIENT);
oauth.doLogin("marta", "password");
// Token request
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, null);
AccessToken token = toAccessToken(response.getAccessToken());
assertEquals(PUBLIC_TEST_CLIENT, token.getOtherClaims().get("custom_claim"));
AuthorizationRequest request = new AuthorizationRequest();
request.addPermission("Sensors");
AuthorizationResponse authorizationResponse = getAuthzClient(AUTHZ_CLIENT_CONFIG).authorization(response.getAccessToken()).authorize(request);
token = toAccessToken(authorizationResponse.getToken());
assertEquals(RESOURCE_SERVER_TEST, token.getOtherClaims().get("custom_claim"));
assertEquals(PUBLIC_TEST_CLIENT, token.getIssuedFor());
authorizationResponse = getAuthzClient(AUTHZ_CLIENT_CONFIG).authorization(response.getAccessToken()).authorize(request);
token = toAccessToken(authorizationResponse.getToken());
assertEquals(RESOURCE_SERVER_TEST, token.getOtherClaims().get("custom_claim"));
assertEquals(PUBLIC_TEST_CLIENT, token.getIssuedFor());
}
Also used :
AuthorizationRequest(org.keycloak.representations.idm.authorization.AuthorizationRequest)
HashMap(java.util.HashMap)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation)
AuthorizationResource(org.keycloak.admin.client.resource.AuthorizationResource)
ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)
ResourcePermissionRepresentation(org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation)
AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)
AccessTokenResponse(org.keycloak.representations.AccessTokenResponse)
Response(javax.ws.rs.core.Response)
TokenIntrospectionResponse(org.keycloak.authorization.client.representation.TokenIntrospectionResponse)
AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse)
PermissionResponse(org.keycloak.representations.idm.authorization.PermissionResponse)
AccessToken(org.keycloak.representations.AccessToken)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
Test(org.junit.Test)
Example 94 with ProtocolMapperRepresentation
use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.
the class ClientMappersSAMLTest method testUserSessionNote.
@Test
public void testUserSessionNote() {
// create
clientMappersPage.mapperTable().createMapper();
setInitialValues("user session note");
createClientMappersPage.form().setMapperType(USER_SESSION_NOTE);
createClientMappersPage.form().save();
assertAlertSuccess();
// check
ProtocolMapperRepresentation found = findClientMapperByName(id, "user session note");
assertNotNull(found);
assertEquals("saml-user-session-note-mapper", found.getProtocolMapper());
}
Also used :
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
Test(org.junit.Test)
Example 95 with ProtocolMapperRepresentation
use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.
the class ClientMappersSAMLTest method testHardcodedRole.
@Test
public void testHardcodedRole() {
// create
clientMappersPage.mapperTable().createMapper();
setInitialValues("hardcoded role");
createClientMappersPage.form().setMapperType(HARDCODED_ROLE_SAML);
createClientMappersPage.form().selectRole(REALM_ROLE, "offline_access", null);
createClientMappersPage.form().save();
assertAlertSuccess();
// check
ProtocolMapperRepresentation found = findClientMapperByName(id, "hardcoded role");
assertNotNull(found);
assertEquals("saml-hardcode-role-mapper", found.getProtocolMapper());
Map<String, String> config = found.getConfig();
assertEquals(1, config.size());
assertEquals("offline_access", config.get("role"));
}
Also used :
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
Test(org.junit.Test)
Aggregations
ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)107
Test (org.junit.Test)68
HashMap (java.util.HashMap)30
Response (javax.ws.rs.core.Response)30
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)27
Map (java.util.Map)23
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)20
ClientResource (org.keycloak.admin.client.resource.ClientResource)19
OAuthClient (org.keycloak.testsuite.util.OAuthClient)17
RealmResource (org.keycloak.admin.client.resource.RealmResource)14
List (java.util.List)13
ProtocolMappersResource (org.keycloak.admin.client.resource.ProtocolMappersResource)12
IDToken (org.keycloak.representations.IDToken)12
Matchers.isEmptyOrNullString (org.hamcrest.Matchers.isEmptyOrNullString)11
ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)11
AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)10
UserRepresentation (org.keycloak.representations.idm.UserRepresentation)8
ArrayList (java.util.ArrayList)7
LinkedList (java.util.LinkedList)7
AccessToken (org.keycloak.representations.AccessToken)7
