Example 1 with ROLE_ATTRIBUTE_NAME
use of org.keycloak.testsuite.saml.RoleMapperTest.ROLE_ATTRIBUTE_NAME in project keycloak by keycloak.
the class KcSamlBrokerTest method emptyAttributeToRoleMapperTest.
@Test
public void emptyAttributeToRoleMapperTest() throws ParsingException, ConfigurationException, ProcessingException {
createRolesForRealm(bc.consumerRealmName());
createRoleMappersForConsumerRealm();
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
Document doc = SAML2Request.convert(loginRep);
SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
Binding.POST).targetAttributeSamlRequest().build().login().user(bc.getUserLogin(), bc.getUserPassword()).build().processSamlResponse(// Response from producer IdP
Binding.POST).transformObject(ob -> {
assertThat(ob, org.keycloak.testsuite.util.Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
ResponseType resp = (ResponseType) ob;
Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
AttributeStatementType attributeType = (AttributeStatementType) statements.stream().filter(statement -> statement instanceof AttributeStatementType).findFirst().orElse(new AttributeStatementType());
AttributeType attr = new AttributeType(EMPTY_ATTRIBUTE_NAME);
attr.addAttributeValue(null);
attributeType.addAttribute(new AttributeStatementType.ASTChoiceType(attr));
resp.getAssertions().get(0).getAssertion().addStatement(attributeType);
return ob;
}).build().updateProfile().firstName("a").lastName("b").email(bc.getUserEmail()).username(bc.getUserLogin()).build().followOneRedirect().getSamlResponse(// Response from consumer IdP
Binding.POST);
Assert.assertThat(samlResponse, Matchers.notNullValue());
Assert.assertThat(samlResponse.getSamlObject(), isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
Stream<AssertionType> assertionTypeStream = assertionsUnencrypted(samlResponse.getSamlObject());
Stream<AttributeType> attributeStatementTypeStream = attributesUnecrypted(attributeStatements(assertionTypeStream));
Set<String> attributeValues = attributeStatementTypeStream.filter(a -> a.getName().equals(ROLE_ATTRIBUTE_NAME)).flatMap(a -> a.getAttributeValue().stream()).map(Object::toString).collect(Collectors.toSet());
assertThat(attributeValues, hasItems(EMPTY_ATTRIBUTE_ROLE));
}
Also used :
AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest)
Arrays(java.util.Arrays)
Matchers.statusCodeIsHC(org.keycloak.testsuite.util.Matchers.statusCodeIsHC)
SamlStreams.attributesUnecrypted(org.keycloak.testsuite.util.SamlStreams.attributesUnecrypted)
Matchers.not(org.hamcrest.Matchers.not)
ROLE_ATTRIBUTE_NAME(org.keycloak.testsuite.saml.RoleMapperTest.ROLE_ATTRIBUTE_NAME)
Matchers.hasItems(org.hamcrest.Matchers.hasItems)
AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType)
Assert.assertThat(org.junit.Assert.assertThat)
Document(org.w3c.dom.Document)
SamlClient(org.keycloak.testsuite.util.SamlClient)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
Matchers.isSamlResponse(org.keycloak.testsuite.util.Matchers.isSamlResponse)
ImmutableMap(com.google.common.collect.ImmutableMap)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
Set(java.util.Set)
Collectors(java.util.stream.Collectors)
IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource)
ParsingException(org.keycloak.saml.common.exceptions.ParsingException)
Stream(java.util.stream.Stream)
Response(javax.ws.rs.core.Response)
SAMLProtocolQNames(org.keycloak.saml.processing.core.parsers.saml.protocol.SAMLProtocolQNames)
SamlStreams.attributeStatements(org.keycloak.testsuite.util.SamlStreams.attributeStatements)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
IdentityProviderMapperModel(org.keycloak.models.IdentityProviderMapperModel)
SAML2Request(org.keycloak.saml.processing.api.saml.v2.request.SAML2Request)
HashMap(java.util.HashMap)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType)
BrokerTestTools.getConsumerRoot(org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot)
ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)
IdentityProviderMapperRepresentation(org.keycloak.representations.idm.IdentityProviderMapperRepresentation)
UserResource(org.keycloak.admin.client.resource.UserResource)
SamlStreams.assertionsUnencrypted(org.keycloak.testsuite.util.SamlStreams.assertionsUnencrypted)
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType)
JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants)
Matchers(org.hamcrest.Matchers)
Test(org.junit.Test)
UserAttributeMapper(org.keycloak.broker.saml.mappers.UserAttributeMapper)
AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)
Element(org.w3c.dom.Element)
StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType)
Binding(org.keycloak.testsuite.util.SamlClient.Binding)
IdentityProviderMapperSyncMode(org.keycloak.models.IdentityProviderMapperSyncMode)
BrokerTestTools.getProviderRoot(org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot)
Assert(org.junit.Assert)
Collections(java.util.Collections)
AttributeToRoleMapper(org.keycloak.broker.saml.mappers.AttributeToRoleMapper)
Set(java.util.Set)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType)
AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)
Document(org.w3c.dom.Document)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType)
AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType)
AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest)
Test(org.junit.Test)
Aggregations
ImmutableMap (com.google.common.collect.ImmutableMap)1
Arrays (java.util.Arrays)1
Collections (java.util.Collections)1
HashMap (java.util.HashMap)1
Set (java.util.Set)1
Collectors (java.util.stream.Collectors)1
Stream (java.util.stream.Stream)1
Response (javax.ws.rs.core.Response)1
Matchers (org.hamcrest.Matchers)1
Matchers.hasItems (org.hamcrest.Matchers.hasItems)1
Matchers.not (org.hamcrest.Matchers.not)1
Assert (org.junit.Assert)1
Assert.assertThat (org.junit.Assert.assertThat)1
Test (org.junit.Test)1
IdentityProviderResource (org.keycloak.admin.client.resource.IdentityProviderResource)1
RealmResource (org.keycloak.admin.client.resource.RealmResource)1
UserResource (org.keycloak.admin.client.resource.UserResource)1
AttributeToRoleMapper (org.keycloak.broker.saml.mappers.AttributeToRoleMapper)1
UserAttributeMapper (org.keycloak.broker.saml.mappers.UserAttributeMapper)1
AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)1
