Example 21 with ProtocolMapperRepresentation
use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.
the class ClientScopeProtocolMapperTest method test04CreateSamlProtocolMapper.
@Test
public void test04CreateSamlProtocolMapper() {
// {"protocol":"saml",
// "config":{"role":"account.view-profile","new.role.name":"new-role-name"},
// "consentRequired":true,
// "consentText":"My consent text",
// "name":"saml-role-name-maper",
// "protocolMapper":"saml-role-name-mapper"}
ProtocolMapperRepresentation rep = makeSamlMapper("saml-role-name-mapper");
int totalMappers = samlMappersRsc.getMappers().size();
int totalSamlMappers = samlMappersRsc.getMappersPerProtocol("saml").size();
Response resp = samlMappersRsc.createMapper(rep);
resp.close();
String createdId = ApiUtil.getCreatedId(resp);
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientScopeProtocolMapperPath(samlClientScopeId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
assertEquals(totalMappers + 1, samlMappersRsc.getMappers().size());
assertEquals(totalSamlMappers + 1, samlMappersRsc.getMappersPerProtocol("saml").size());
ProtocolMapperRepresentation created = samlMappersRsc.getMapperById(createdId);
assertEqualMappers(rep, created);
}
Also used :
Response(javax.ws.rs.core.Response)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
Test(org.junit.Test)
Example 22 with ProtocolMapperRepresentation
use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.
the class ClientScopeProtocolMapperTest method test07UpdateOidcMapper.
@Test
public void test07UpdateOidcMapper() {
ProtocolMapperRepresentation rep = makeOidcMapper("oidc-hardcoded-role-mapper2");
Response resp = oidcMappersRsc.createMapper(rep);
resp.close();
String createdId = ApiUtil.getCreatedId(resp);
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientScopeProtocolMapperPath(oidcClientScopeId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
rep.getConfig().put("role", "myotherrole");
rep.setId(createdId);
oidcMappersRsc.update(createdId, rep);
assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientScopeProtocolMapperPath(oidcClientScopeId, createdId), rep, ResourceType.PROTOCOL_MAPPER);
ProtocolMapperRepresentation updated = oidcMappersRsc.getMapperById(createdId);
assertEqualMappers(rep, updated);
}
Also used :
Response(javax.ws.rs.core.Response)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
Test(org.junit.Test)
Example 23 with ProtocolMapperRepresentation
use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.
the class AbstractKerberosSingleRealmTest method credentialDelegationTest.
@Test
public void credentialDelegationTest() throws Exception {
Assume.assumeTrue("Ignoring test as the embedded server is not started", getKerberosRule().isStartEmbeddedLdapServer());
// Add kerberos delegation credential mapper
ProtocolMapperModel protocolMapper = UserSessionNoteMapper.createClaimMapper(KerberosConstants.GSS_DELEGATION_CREDENTIAL_DISPLAY_NAME, KerberosConstants.GSS_DELEGATION_CREDENTIAL, KerberosConstants.GSS_DELEGATION_CREDENTIAL, "String", true, false);
ProtocolMapperRepresentation protocolMapperRep = ModelToRepresentation.toRepresentation(protocolMapper);
ClientResource clientResource = findClientByClientId(testRealmResource(), "kerberos-app");
Response response = clientResource.getProtocolMappers().createMapper(protocolMapperRep);
String protocolMapperId = ApiUtil.getCreatedId(response);
response.close();
// SPNEGO login
AccessToken token = assertSuccessfulSpnegoLogin("hnelson", "hnelson", "secret");
// Assert kerberos ticket in the accessToken can be re-used to authenticate against other 3rd party kerberos service (ApacheDS Server in this case)
String serializedGssCredential = (String) token.getOtherClaims().get(KerberosConstants.GSS_DELEGATION_CREDENTIAL);
Assert.assertNotNull(serializedGssCredential);
GSSCredential gssCredential = KerberosSerializationUtils.deserializeCredential(serializedGssCredential);
String ldapResponse = invokeLdap(gssCredential, token.getPreferredUsername());
Assert.assertEquals("Horatio Nelson", ldapResponse);
// Logout
oauth.openLogout();
// Remove protocolMapper
clientResource.getProtocolMappers().delete(protocolMapperId);
// Login and assert delegated credential not anymore
token = assertSuccessfulSpnegoLogin("hnelson", "hnelson", "secret");
Assert.assertFalse(token.getOtherClaims().containsKey(KerberosConstants.GSS_DELEGATION_CREDENTIAL));
events.clear();
}
Also used :
Response(javax.ws.rs.core.Response)
GSSCredential(org.ietf.jgss.GSSCredential)
AccessToken(org.keycloak.representations.AccessToken)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
ProtocolMapperModel(org.keycloak.models.ProtocolMapperModel)
Test(org.junit.Test)
Example 24 with ProtocolMapperRepresentation
use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.
the class OpenShiftTokenReviewEndpointTest method configureTestRealm.
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
ClientRepresentation client = testRealm.getClients().stream().filter(r -> r.getClientId().equals("test-app")).findFirst().get();
List<ProtocolMapperRepresentation> mappers = new LinkedList<>();
ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
mapper.setName("groups");
mapper.setProtocolMapper(GroupMembershipMapper.PROVIDER_ID);
mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Map<String, String> config = new HashMap<>();
config.put("full.path", "false");
config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "groups");
config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
mapper.setConfig(config);
mappers.add(mapper);
client.setProtocolMappers(mappers);
client.setPublicClient(false);
client.setClientAuthenticatorType("testsuite-client-dummy");
testRealm.getUsers().add(UserBuilder.create().username("groups-user").password("password").addGroups("/topGroup", "/topGroup/level2group").role("account", "view-profile").build());
testRealm.getUsers().add(UserBuilder.create().username("empty-audience").password("password").build());
}
Also used :
HashMap(java.util.HashMap)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
LinkedList(java.util.LinkedList)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Example 25 with ProtocolMapperRepresentation
use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.
the class AudienceTest method testAudienceProtocolMapperWithCustomAudience.
@Test
public void testAudienceProtocolMapperWithCustomAudience() throws Exception {
// Add audience protocol mapper to the clientScope "audience-scope"
ProtocolMapperRepresentation audienceMapper = ProtocolMapperUtil.createAudienceMapper("audience mapper 1", null, "http://host/service/ctx1", true, false);
ClientScopeResource clientScope = ApiUtil.findClientScopeByName(testRealm(), "audience-scope");
Response resp = clientScope.getProtocolMappers().createMapper(audienceMapper);
String mapper1Id = ApiUtil.getCreatedId(resp);
resp.close();
audienceMapper = ProtocolMapperUtil.createAudienceMapper("audience mapper 2", null, "http://host/service/ctx2", true, true);
resp = clientScope.getProtocolMappers().createMapper(audienceMapper);
String mapper2Id = ApiUtil.getCreatedId(resp);
resp.close();
// Login and check audiences in the token
oauth.scope("openid audience-scope");
oauth.doLogin("john", "password");
EventRepresentation loginEvent = events.expectLogin().user(userId).assertEvent();
Tokens tokens = sendTokenRequest(loginEvent, userId, "openid profile email audience-scope", "test-app");
assertAudiences(tokens.accessToken, "http://host/service/ctx1", "http://host/service/ctx2");
assertAudiences(tokens.idToken, "test-app", "http://host/service/ctx2");
// Revert
clientScope.getProtocolMappers().delete(mapper1Id);
clientScope.getProtocolMappers().delete(mapper2Id);
}
Also used :
Response(javax.ws.rs.core.Response)
ClientScopeResource(org.keycloak.admin.client.resource.ClientScopeResource)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
EventRepresentation(org.keycloak.representations.idm.EventRepresentation)
Test(org.junit.Test)
Aggregations
ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)107
Test (org.junit.Test)68
HashMap (java.util.HashMap)30
Response (javax.ws.rs.core.Response)30
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)27
Map (java.util.Map)23
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)20
ClientResource (org.keycloak.admin.client.resource.ClientResource)19
OAuthClient (org.keycloak.testsuite.util.OAuthClient)17
RealmResource (org.keycloak.admin.client.resource.RealmResource)14
List (java.util.List)13
ProtocolMappersResource (org.keycloak.admin.client.resource.ProtocolMappersResource)12
IDToken (org.keycloak.representations.IDToken)12
Matchers.isEmptyOrNullString (org.hamcrest.Matchers.isEmptyOrNullString)11
ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)11
AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)10
UserRepresentation (org.keycloak.representations.idm.UserRepresentation)8
ArrayList (java.util.ArrayList)7
LinkedList (java.util.LinkedList)7
AccessToken (org.keycloak.representations.AccessToken)7
