Java Code Examples for org.keycloak.representations.idm.ProtocolMapperRepresentation#setName()

The following examples show how to use org.keycloak.representations.idm.ProtocolMapperRepresentation#setName() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: OpenShiftTokenReviewEndpointTest.java    From keycloak with Apache License 2.0 6 votes vote down vote up
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
    ClientRepresentation client = testRealm.getClients().stream().filter(r -> r.getClientId().equals("test-app")).findFirst().get();

    List<ProtocolMapperRepresentation> mappers = new LinkedList<>();
    ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
    mapper.setName("groups");
    mapper.setProtocolMapper(GroupMembershipMapper.PROVIDER_ID);
    mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    Map<String, String> config = new HashMap<>();
    config.put("full.path", "false");
    config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "groups");
    config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    mapper.setConfig(config);
    mappers.add(mapper);

    client.setProtocolMappers(mappers);
    client.setPublicClient(false);
    client.setClientAuthenticatorType("testsuite-client-dummy");

    testRealm.getUsers().add(UserBuilder.create().username("groups-user").password("password").addGroups("/topGroup", "/topGroup/level2group").build());
}
 
Example 2
Source File: RoleMapperTest.java    From keycloak with Apache License 2.0 6 votes vote down vote up
public static ProtocolMapperRepresentation createSamlProtocolMapper(String protocolMapperProviderId, String... configKeyValue) {
    ProtocolMapperRepresentation res = new ProtocolMapperRepresentation();
    res.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    res.setName(protocolMapperProviderId + "-" + RoleMapperTest.COUNTER++);
    res.setProtocolMapper(protocolMapperProviderId);

    Map<String, String> config = new HashMap<>();
    for (int i = 0; i < configKeyValue.length - 1; i += 2) {
        String key = configKeyValue[i];
        String value = configKeyValue[i + 1];
        config.put(key, value);
    }
    res.setConfig(config);

    return res;
}
 
Example 3
Source File: AbstractBasePhotozExampleAdapterTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected void setManageAlbumScopeRequired() {
    ClientScopeRepresentation clientScope = new ClientScopeRepresentation();

    clientScope.setName("manage-albums");
    clientScope.setProtocol("openid-connect");

    ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();

    mapper.setName("manage-albums");
    mapper.setProtocol("openid-connect");
    mapper.setProtocolMapper(UserClientRoleMappingMapper.PROVIDER_ID);

    Map<String, String> config = new HashMap<>();
    config.put("access.token.claim", "true");
    config.put("id.token.claim", "true");
    config.put("userinfo.token.claim", "true");
    config.put(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID, "photoz-restful-api");

    mapper.setConfig(config);

    clientScope.setProtocolMappers(Arrays.asList(mapper));

    RealmResource realmResource = realmsResouce().realm(REALM_NAME);
    ClientScopesResource clientScopes = realmResource.clientScopes();
    Response resp = clientScopes.create(clientScope);
    Assert.assertEquals(201, resp.getStatus());
    resp.close();
    String clientScopeId = ApiUtil.getCreatedId(resp);
    ClientResource resourceServer = getClientResource(RESOURCE_SERVER_ID);
    clientScopes.get(clientScopeId).getScopeMappings().clientLevel(resourceServer.toRepresentation().getId()).add(Arrays.asList(resourceServer.roles().get("manage-albums").toRepresentation()));
    ClientResource html5ClientApp = getClientResource("photoz-html5-client");
    html5ClientApp.addOptionalClientScope(clientScopeId);
    html5ClientApp.getScopeMappings().realmLevel().add(Arrays.asList(realmResource.roles().get("user").toRepresentation(), realmResource.roles().get("admin").toRepresentation()));
    ClientRepresentation clientRep = html5ClientApp.toRepresentation();
    clientRep.setFullScopeAllowed(false);
    html5ClientApp.update(clientRep);
}
 
Example 4
Source File: SHA256PairwiseSubMapper.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static ProtocolMapperRepresentation createPairwiseMapper(String sectorIdentifierUri, String salt) {
    Map<String, String> config;
    ProtocolMapperRepresentation pairwise = new ProtocolMapperRepresentation();
    pairwise.setName("pairwise subject identifier");
    pairwise.setProtocolMapper(new SHA256PairwiseSubMapper().getId());
    pairwise.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    config = new HashMap<>();
    config.put(PairwiseSubMapperHelper.SECTOR_IDENTIFIER_URI, sectorIdentifierUri);
    if (salt == null) {
        salt = KeycloakModelUtils.generateId();
    }
    config.put(PairwiseSubMapperHelper.PAIRWISE_SUB_ALGORITHM_SALT, salt);
    pairwise.setConfig(config);
    return pairwise;
}
 
Example 5
Source File: ClientRegistrationTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
private void addProtocolMapper(ClientRepresentation client, String mapperName) {
    ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
    mapper.setName(mapperName);
    mapper.setProtocol("openid-connect");
    mapper.setProtocolMapper("oidc-usermodel-attribute-mapper");
    mapper.getConfig().put("userinfo.token.claim", "true");
    mapper.getConfig().put("user.attribute", "someAttribute");
    mapper.getConfig().put("id.token.claim", "true");
    mapper.getConfig().put("access.token.claim", "true");
    mapper.getConfig().put("claim.name", "someClaimName");
    mapper.getConfig().put("jsonType.label", "long");

    client.setProtocolMappers(new ArrayList<>());
    client.getProtocolMappers().add(mapper);
}
 
Example 6
Source File: ClientRegistrationPoliciesTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Test
@AuthServerContainerExclude(AuthServer.REMOTE) // We would need to do domain name -> ip address to set trusted host
public void testProtocolMappersUpdate() throws Exception {
    setTrustedHost("localhost");

    // Check I can add client with allowed protocolMappers
    ProtocolMapperRepresentation protocolMapper = new ProtocolMapperRepresentation();
    protocolMapper.setName("Full name");
    protocolMapper.setProtocolMapper(FullNameMapper.PROVIDER_ID);
    protocolMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);

    ClientRepresentation clientRep = createRep("test-app");
    clientRep.setProtocolMappers(Collections.singletonList(protocolMapper));

    ClientRepresentation registeredClient = reg.create(clientRep);
    reg.auth(Auth.token(registeredClient));

    // Add some disallowed protocolMapper
    registeredClient.getProtocolMappers().add(createHardcodedMapperRep());

    // Check I can't update client because of protocolMapper
    assertFail(ClientRegOp.UPDATE, registeredClient, 403, "ProtocolMapper type not allowed");

    // Remove "bad" protocolMapper
    registeredClient.getProtocolMappers().removeIf((ProtocolMapperRepresentation mapper) -> {
        return mapper.getProtocolMapper().equals(HardcodedRole.PROVIDER_ID);
    });

    // Check I can update client now
    reg.update(registeredClient);

    // Revert client
    ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
}
 
Example 7
Source File: ClientRegistrationPoliciesTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
private ProtocolMapperRepresentation createHardcodedMapperRep() {
    ProtocolMapperRepresentation protocolMapper = new ProtocolMapperRepresentation();
    protocolMapper.setName("Hardcoded foo role");
    protocolMapper.setProtocolMapper(HardcodedRole.PROVIDER_ID);
    protocolMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    protocolMapper.getConfig().put(HardcodedRole.ROLE_CONFIG, "foo-role");
    return protocolMapper;
}
 
Example 8
Source File: AbstractSAMLServletAdapterTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected AutoCloseable createProtocolMapper(ProtocolMappersResource resource, String name, String protocol, String protocolMapper, Map<String, String> config) {
    ProtocolMapperRepresentation representation = new ProtocolMapperRepresentation();
    representation.setName(name);
    representation.setProtocol(protocol);
    representation.setProtocolMapper(protocolMapper);
    representation.setConfig(config);
    try (Response response = resource.createMapper(representation)) {
        String createdId = getCreatedId(response);
        return () -> resource.delete(createdId);
    }
}
 
Example 9
Source File: ClientMapperSetup.java    From keycloak-custom-protocol-mapper-example with Apache License 2.0 5 votes vote down vote up
private ProtocolMapperRepresentation createGroupMapper() {
    ProtocolMapperRepresentation protocolMapperRepresentation = new ProtocolMapperRepresentation();
    protocolMapperRepresentation.setProtocolMapper(GroupMembershipMapper.PROVIDER_ID);
    protocolMapperRepresentation.setProtocol(PROTOCOL);
    protocolMapperRepresentation.setName("Group mapper");
    Map<String, String> config = new HashMap<>();
    putAccessTokenClaim(config);
    // the name of the property we got from the class GroupMembershipMapper
    config.put("full.path", "true");
    config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "groups");
    protocolMapperRepresentation.setConfig(config);
    return protocolMapperRepresentation;
}
 
Example 10
Source File: OIDCProtocolMappersTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
private ProtocolMapperRepresentation makeMapper(String name, String mapperType, Map<String, String> config) {
    ProtocolMapperRepresentation rep = new ProtocolMapperRepresentation();
    rep.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    rep.setName(name);
    rep.setProtocolMapper(mapperType);
    rep.setConfig(config);
    return rep;
}
 
Example 11
Source File: AbstractProtocolMapperTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected ProtocolMapperRepresentation makeMapper(String protocol, String name, String mapperType, Map<String, String> config) {
    ProtocolMapperRepresentation rep = new ProtocolMapperRepresentation();
    rep.setProtocol(protocol);
    rep.setName(name);
    rep.setProtocolMapper(mapperType);
    rep.setConfig(config);
    return rep;
}
 
Example 12
Source File: ClientScopeTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Test
public void testUpdateProtocolMappers() {
    ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
    scopeRep.setName("testUpdateProtocolMappers");
    scopeRep.setProtocol("openid-connect");


    String scopeId = createClientScope(scopeRep);

    ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
    mapper.setName("test");
    mapper.setProtocol("openid-connect");
    mapper.setProtocolMapper("oidc-usermodel-attribute-mapper");

    Map<String, String> m = new HashMap<>();
    m.put("user.attribute", "test");
    m.put("claim.name", "");
    m.put("jsonType.label", "");

    mapper.setConfig(m);

    ProtocolMappersResource protocolMappers = clientScopes().get(scopeId).getProtocolMappers();

    Response response = protocolMappers.createMapper(mapper);
    String mapperId = ApiUtil.getCreatedId(response);

    mapper = protocolMappers.getMapperById(mapperId);

    mapper.getConfig().put("claim.name", "claim");

    protocolMappers.update(mapperId, mapper);

    List<ProtocolMapperRepresentation> mappers = protocolMappers.getMappers();
    assertEquals(1, mappers.size());
    assertEquals(2, mappers.get(0).getConfig().size());
    assertEquals("test", mappers.get(0).getConfig().get("user.attribute"));
    assertEquals("claim", mappers.get(0).getConfig().get("claim.name"));

    clientScopes().get(scopeId).remove();
}
 
Example 13
Source File: ClientMapperSetup.java    From keycloak-custom-protocol-mapper-example with Apache License 2.0 5 votes vote down vote up
private ProtocolMapperRepresentation createHelloWordMapper() {
    ProtocolMapperRepresentation protocolMapperRepresentation = new ProtocolMapperRepresentation();
    protocolMapperRepresentation.setProtocolMapper(HelloWorldMapper.PROVIDER_ID);
    protocolMapperRepresentation.setProtocol(PROTOCOL);
    protocolMapperRepresentation.setName("Hello world mapper");
    Map<String, String> config = new HashMap<>();
    putAccessTokenClaim(config);
    config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "example.message");
    protocolMapperRepresentation.setConfig(config);
    return protocolMapperRepresentation;
}
 
Example 14
Source File: ClientTest.java    From keycloak with Apache License 2.0 4 votes vote down vote up
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void updateClientWithProtocolMapper() {
    ClientRepresentation rep = new ClientRepresentation();
    rep.setClientId("my-app");

    ProtocolMapperRepresentation fooMapper = new ProtocolMapperRepresentation();
    fooMapper.setName("foo");
    fooMapper.setProtocol("openid-connect");
    fooMapper.setProtocolMapper("oidc-hardcoded-claim-mapper");
    rep.setProtocolMappers(Collections.singletonList(fooMapper));

    Response response = realm.clients().create(rep);
    response.close();
    String id = ApiUtil.getCreatedId(response);
    getCleanup().addClientUuid(id);

    ClientResource clientResource = realm.clients().get(id);
    assertNotNull(clientResource);
    ClientRepresentation client = clientResource.toRepresentation();
    List<ProtocolMapperRepresentation> protocolMappers = client.getProtocolMappers();
    assertEquals(1, protocolMappers.size());
    ProtocolMapperRepresentation mapper = protocolMappers.get(0);
    assertEquals("foo", mapper.getName());

    ClientRepresentation newClient = new ClientRepresentation();
    newClient.setId(client.getId());
    newClient.setClientId(client.getClientId());

    ProtocolMapperRepresentation barMapper = new ProtocolMapperRepresentation();
    barMapper.setName("bar");
    barMapper.setProtocol("openid-connect");
    barMapper.setProtocolMapper("oidc-hardcoded-role-mapper");
    protocolMappers.add(barMapper);
    newClient.setProtocolMappers(protocolMappers);

    realm.clients().get(client.getId()).update(newClient);

    ClientRepresentation storedClient = realm.clients().get(client.getId()).toRepresentation();
    assertClient(client, storedClient);
}
 
Example 15
Source File: ClientTest.java    From keycloak with Apache License 2.0 4 votes vote down vote up
public void protocolMappersTest(String clientDbId, ProtocolMappersResource mappersResource) {
    // assert default mappers found
    List<ProtocolMapperRepresentation> protocolMappers = mappersResource.getMappers();

    String emailMapperId = null;
    String usernameMapperId = null;
    String fooMapperId = null;
    for (ProtocolMapperRepresentation mapper : protocolMappers) {
        if (mapper.getName().equals(OIDCLoginProtocolFactory.EMAIL)) {
            emailMapperId = mapper.getId();
        } else if (mapper.getName().equals(OIDCLoginProtocolFactory.USERNAME)) {
            usernameMapperId = mapper.getId();
        } else if (mapper.getName().equals("foo")) {
            fooMapperId = mapper.getId();
        }
    }

    // Builtin mappers are not here
    assertNull(emailMapperId);
    assertNull(usernameMapperId);

    assertNull(fooMapperId);

    // Create foo mapper
    ProtocolMapperRepresentation fooMapper = new ProtocolMapperRepresentation();
    fooMapper.setName("foo");
    fooMapper.setProtocol("openid-connect");
    fooMapper.setProtocolMapper("oidc-hardcoded-claim-mapper");
    Response response = mappersResource.createMapper(fooMapper);
    String location = response.getLocation().toString();
    fooMapperId = location.substring(location.lastIndexOf("/") + 1);
    response.close();

    assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId), fooMapper, ResourceType.PROTOCOL_MAPPER);

    fooMapper = mappersResource.getMapperById(fooMapperId);
    assertEquals(fooMapper.getName(), "foo");

    // Update foo mapper
    mappersResource.update(fooMapperId, fooMapper);

    assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId), fooMapper, ResourceType.PROTOCOL_MAPPER);

    fooMapper = mappersResource.getMapperById(fooMapperId);

    // Remove foo mapper
    mappersResource.delete(fooMapperId);
    assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId), ResourceType.PROTOCOL_MAPPER);
    try {
        mappersResource.getMapperById(fooMapperId);
        fail("Not expected to find deleted mapper");
    } catch (NotFoundException nfe) {
    }
}
 
Example 16
Source File: KcOidcBrokerConfiguration.java    From keycloak with Apache License 2.0 4 votes vote down vote up
@Override
public List<ClientRepresentation> createProviderClients() {
    ClientRepresentation client = new ClientRepresentation();
    client.setId(CLIENT_ID);
    client.setClientId(getIDPClientIdInProviderRealm());
    client.setName(CLIENT_ID);
    client.setSecret(CLIENT_SECRET);
    client.setEnabled(true);

    client.setRedirectUris(Collections.singletonList(getConsumerRoot() +
            "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint/*"));

    client.setAdminUrl(getConsumerRoot() +
            "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint");

    ProtocolMapperRepresentation emailMapper = new ProtocolMapperRepresentation();
    emailMapper.setName("email");
    emailMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    emailMapper.setProtocolMapper(UserPropertyMapper.PROVIDER_ID);

    Map<String, String> emailMapperConfig = emailMapper.getConfig();
    emailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "email");
    emailMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "email");
    emailMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    emailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    emailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    emailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");

    ProtocolMapperRepresentation nestedAttrMapper = new ProtocolMapperRepresentation();
    nestedAttrMapper.setName("attribute - nested claim");
    nestedAttrMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    nestedAttrMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);

    Map<String, String> nestedEmailMapperConfig = nestedAttrMapper.getConfig();
    nestedEmailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "nested.email");
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "nested.email");
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");

    ProtocolMapperRepresentation dottedAttrMapper = new ProtocolMapperRepresentation();
    dottedAttrMapper.setName("attribute - claim with dot in name");
    dottedAttrMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    dottedAttrMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);

    Map<String, String> dottedEmailMapperConfig = dottedAttrMapper.getConfig();
    dottedEmailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "dotted.email");
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "dotted\\.email");
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");

    ProtocolMapperRepresentation userAttrMapper = new ProtocolMapperRepresentation();
    userAttrMapper.setName("attribute - name");
    userAttrMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    userAttrMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);

    Map<String, String> userAttrMapperConfig = userAttrMapper.getConfig();
    userAttrMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, ATTRIBUTE_TO_MAP_NAME);
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, ATTRIBUTE_TO_MAP_NAME);
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");
    userAttrMapperConfig.put(ProtocolMapperUtils.MULTIVALUED, "true");

    ProtocolMapperRepresentation userAttrMapper2 = new ProtocolMapperRepresentation();
    userAttrMapper2.setName("attribute - name - 2");
    userAttrMapper2.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    userAttrMapper2.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);

    Map<String, String> userAttrMapperConfig2 = userAttrMapper2.getConfig();
    userAttrMapperConfig2.put(ProtocolMapperUtils.USER_ATTRIBUTE, ATTRIBUTE_TO_MAP_NAME_2);
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, ATTRIBUTE_TO_MAP_NAME_2);
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");
    userAttrMapperConfig2.put(ProtocolMapperUtils.MULTIVALUED, "true");

    ProtocolMapperRepresentation hardcodedJsonClaim = new ProtocolMapperRepresentation();
    hardcodedJsonClaim.setName("json-mapper");
    hardcodedJsonClaim.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    hardcodedJsonClaim.setProtocolMapper(HardcodedClaim.PROVIDER_ID);

    Map<String, String> hardcodedJsonClaimMapperConfig = hardcodedJsonClaim.getConfig();
    hardcodedJsonClaimMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, KcOidcBrokerConfiguration.USER_INFO_CLAIM);
    hardcodedJsonClaimMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, "JSON");
    hardcodedJsonClaimMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    hardcodedJsonClaimMapperConfig.put(HardcodedClaim.CLAIM_VALUE, "{\"" + HARDOCDED_CLAIM + "\": \"" + HARDOCDED_VALUE + "\"}");

    client.setProtocolMappers(Arrays.asList(emailMapper, userAttrMapper, userAttrMapper2, nestedAttrMapper, dottedAttrMapper, hardcodedJsonClaim));

    return Collections.singletonList(client);
}
 
Example 17
Source File: KcSamlBrokerConfiguration.java    From keycloak with Apache License 2.0 4 votes vote down vote up
private ClientRepresentation createProviderClient(String clientId) {
    ClientRepresentation client = new ClientRepresentation();

    client.setClientId(clientId);
    client.setEnabled(true);
    client.setProtocol(IDP_SAML_PROVIDER_ID);
    client.setRedirectUris(Collections.singletonList(
            getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint"
    ));

    Map<String, String> attributes = new HashMap<>();

    attributes.put(SamlConfigAttributes.SAML_AUTHNSTATEMENT, "true");
    attributes.put(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE,
            getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
    attributes.put(SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE,
            getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
    attributes.put(SamlConfigAttributes.SAML_FORCE_NAME_ID_FORMAT_ATTRIBUTE, "true");
    attributes.put(SamlConfigAttributes.SAML_NAME_ID_FORMAT_ATTRIBUTE, "username");
    attributes.put(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, "false");
    attributes.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "false");
    attributes.put(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false");
    attributes.put(SamlConfigAttributes.SAML_ENCRYPT, "false");

    client.setAttributes(attributes);

    ProtocolMapperRepresentation emailMapper = new ProtocolMapperRepresentation();
    emailMapper.setName("email");
    emailMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    emailMapper.setProtocolMapper(UserPropertyAttributeStatementMapper.PROVIDER_ID);

    Map<String, String> emailMapperConfig = emailMapper.getConfig();
    emailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "email");
    emailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "urn:oid:1.2.840.113549.1.9.1");
    emailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
    emailMapperConfig.put(AttributeStatementHelper.FRIENDLY_NAME, "email");

    ProtocolMapperRepresentation dottedAttrMapper = new ProtocolMapperRepresentation();
    dottedAttrMapper.setName("email - dotted");
    dottedAttrMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    dottedAttrMapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);

    Map<String, String> dottedEmailMapperConfig = dottedAttrMapper.getConfig();
    dottedEmailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "dotted.email");
    dottedEmailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "dotted.email");
    dottedEmailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");

    ProtocolMapperRepresentation nestedAttrMapper = new ProtocolMapperRepresentation();
    nestedAttrMapper.setName("email - nested");
    nestedAttrMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    nestedAttrMapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);

    Map<String, String> nestedEmailMapperConfig = nestedAttrMapper.getConfig();
    nestedEmailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "nested.email");
    nestedEmailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "nested.email");
    nestedEmailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");

    ProtocolMapperRepresentation userAttrMapper = new ProtocolMapperRepresentation();
    userAttrMapper.setName("attribute - name");
    userAttrMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    userAttrMapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);

    Map<String, String> userAttrMapperConfig = userAttrMapper.getConfig();
    userAttrMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME);
    userAttrMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME);
    userAttrMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, AttributeStatementHelper.BASIC);
    userAttrMapperConfig.put(AttributeStatementHelper.FRIENDLY_NAME, "");

    ProtocolMapperRepresentation userFriendlyAttrMapper = new ProtocolMapperRepresentation();
    userFriendlyAttrMapper.setName("attribute - friendly name");
    userFriendlyAttrMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    userFriendlyAttrMapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);

    Map<String, String> userFriendlyAttrMapperConfig = userFriendlyAttrMapper.getConfig();
    userFriendlyAttrMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, AbstractUserAttributeMapperTest.ATTRIBUTE_TO_MAP_FRIENDLY_NAME);
    userFriendlyAttrMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "urn:oid:1.2.3.4.5.6.7");
    userFriendlyAttrMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, AttributeStatementHelper.BASIC);
    userFriendlyAttrMapperConfig.put(AttributeStatementHelper.FRIENDLY_NAME, AbstractUserAttributeMapperTest.ATTRIBUTE_TO_MAP_FRIENDLY_NAME);

    client.setProtocolMappers(Arrays.asList(emailMapper, dottedAttrMapper, nestedAttrMapper, userAttrMapper, userFriendlyAttrMapper));

    return client;
}
 
Example 18
Source File: ClientMappersOIDCTest.java    From keycloak with Apache License 2.0 4 votes vote down vote up
@Test
public void testEditMapper() {
    //prepare data
    ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
    mapper.setName("mapper name");
    //mapper.setConsentRequired(true);
    //mapper.setConsentText("consent text");
    mapper.setProtocol("openid-connect");
    mapper.setProtocolMapper("oidc-usersessionmodel-note-mapper");
    
    Map<String, String> config = new HashMap<>();
    config.put("access.token.claim", "true");
    config.put("id.token.claim", "true");
    config.put("claim.name", "claim name");
    config.put("jsonType.label", "String");
    config.put("user.session.note", "session note");
    
    mapper.setConfig(config);
    
    //insert data
    testRealmResource().clients().get(id).getProtocolMappers().createMapper(mapper).close();
    
    //check form
    clientMapperPage.setId(id);
    String mapperId = findClientMapperByName(id, "mapper name").getId();
    clientMapperPage.setMapperId(mapperId);
    clientMapperPage.navigateTo();
    
    assertEquals("openid-connect", clientMapperPage.form().getProtocol());
    assertEquals(mapperId, clientMapperPage.form().getMapperId());
    assertEquals("mapper name", clientMapperPage.form().getName());
    assertEquals("User Session Note", clientMapperPage.form().getMapperType());
    assertEquals("session note", clientMapperPage.form().getUserSessionNote());
    assertEquals("claim name", clientMapperPage.form().getTokenClaimName());
    assertEquals("String", clientMapperPage.form().getClaimJSONType());
    assertTrue(clientMapperPage.form().isAddToIDToken());
    assertTrue(clientMapperPage.form().isAddToAccessToken());
    
    //edit
    clientMapperPage.form().setAddToAccessToken(false);
    clientMapperPage.form().save();
    assertAlertSuccess();
    
    //check
    assertTrue(clientMapperPage.form().isAddToIDToken());
    assertFalse(clientMapperPage.form().isAddToAccessToken());

    ProtocolMapperRepresentation rep = findClientMapperByName(id, "mapper name");
    assertEquals("false", rep.getConfig().get(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN));
    assertEquals("true", rep.getConfig().get(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN));

}
 
Example 19
Source File: ClientMappers.java    From keycloak with Apache License 2.0 3 votes vote down vote up
public ProtocolMapperRepresentation getMappingFromRow(WebElement row) {
    if (!row.isDisplayed()) {return null;} // Is that necessary?

    ProtocolMapperRepresentation mappingsRepresentation = new ProtocolMapperRepresentation();
    List<WebElement> cols = row.findElements(By.tagName("td"));


    mappingsRepresentation.setName(getTextFromElement(cols.get(0)));
    //mappingsRepresentation.setProtocol(cols.get(1).getText());
    mappingsRepresentation.setProtocolMapper(getTextFromElement(cols.get(2)));

    return mappingsRepresentation;
}