Java Code Examples for org.keycloak.representations.idm.ProtocolMapperRepresentation#setProtocol()

@Override
public void configureTestRealm(RealmRepresentation testRealm) {
    ClientRepresentation client = testRealm.getClients().stream().filter(r -> r.getClientId().equals("test-app")).findFirst().get();

    List<ProtocolMapperRepresentation> mappers = new LinkedList<>();
    ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
    mapper.setName("groups");
    mapper.setProtocolMapper(GroupMembershipMapper.PROVIDER_ID);
    mapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    Map<String, String> config = new HashMap<>();
    config.put("full.path", "false");
    config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "groups");
    config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    mapper.setConfig(config);
    mappers.add(mapper);

    client.setProtocolMappers(mappers);
    client.setPublicClient(false);
    client.setClientAuthenticatorType("testsuite-client-dummy");

    testRealm.getUsers().add(UserBuilder.create().username("groups-user").password("password").addGroups("/topGroup", "/topGroup/level2group").build());
}
 

public static ProtocolMapperRepresentation createSamlProtocolMapper(String protocolMapperProviderId, String... configKeyValue) {
    ProtocolMapperRepresentation res = new ProtocolMapperRepresentation();
    res.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    res.setName(protocolMapperProviderId + "-" + RoleMapperTest.COUNTER++);
    res.setProtocolMapper(protocolMapperProviderId);

    Map<String, String> config = new HashMap<>();
    for (int i = 0; i < configKeyValue.length - 1; i += 2) {
        String key = configKeyValue[i];
        String value = configKeyValue[i + 1];
        config.put(key, value);
    }
    res.setConfig(config);

    return res;
}
 

protected void setManageAlbumScopeRequired() {
    ClientScopeRepresentation clientScope = new ClientScopeRepresentation();

    clientScope.setName("manage-albums");
    clientScope.setProtocol("openid-connect");

    ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();

    mapper.setName("manage-albums");
    mapper.setProtocol("openid-connect");
    mapper.setProtocolMapper(UserClientRoleMappingMapper.PROVIDER_ID);

    Map<String, String> config = new HashMap<>();
    config.put("access.token.claim", "true");
    config.put("id.token.claim", "true");
    config.put("userinfo.token.claim", "true");
    config.put(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID, "photoz-restful-api");

    mapper.setConfig(config);

    clientScope.setProtocolMappers(Arrays.asList(mapper));

    RealmResource realmResource = realmsResouce().realm(REALM_NAME);
    ClientScopesResource clientScopes = realmResource.clientScopes();
    Response resp = clientScopes.create(clientScope);
    Assert.assertEquals(201, resp.getStatus());
    resp.close();
    String clientScopeId = ApiUtil.getCreatedId(resp);
    ClientResource resourceServer = getClientResource(RESOURCE_SERVER_ID);
    clientScopes.get(clientScopeId).getScopeMappings().clientLevel(resourceServer.toRepresentation().getId()).add(Arrays.asList(resourceServer.roles().get("manage-albums").toRepresentation()));
    ClientResource html5ClientApp = getClientResource("photoz-html5-client");
    html5ClientApp.addOptionalClientScope(clientScopeId);
    html5ClientApp.getScopeMappings().realmLevel().add(Arrays.asList(realmResource.roles().get("user").toRepresentation(), realmResource.roles().get("admin").toRepresentation()));
    ClientRepresentation clientRep = html5ClientApp.toRepresentation();
    clientRep.setFullScopeAllowed(false);
    html5ClientApp.update(clientRep);
}
 

public static ProtocolMapperRepresentation createPairwiseMapper(String sectorIdentifierUri, String salt) {
    Map<String, String> config;
    ProtocolMapperRepresentation pairwise = new ProtocolMapperRepresentation();
    pairwise.setName("pairwise subject identifier");
    pairwise.setProtocolMapper(new SHA256PairwiseSubMapper().getId());
    pairwise.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    config = new HashMap<>();
    config.put(PairwiseSubMapperHelper.SECTOR_IDENTIFIER_URI, sectorIdentifierUri);
    if (salt == null) {
        salt = KeycloakModelUtils.generateId();
    }
    config.put(PairwiseSubMapperHelper.PAIRWISE_SUB_ALGORITHM_SALT, salt);
    pairwise.setConfig(config);
    return pairwise;
}
 

private void addProtocolMapper(ClientRepresentation client, String mapperName) {
    ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
    mapper.setName(mapperName);
    mapper.setProtocol("openid-connect");
    mapper.setProtocolMapper("oidc-usermodel-attribute-mapper");
    mapper.getConfig().put("userinfo.token.claim", "true");
    mapper.getConfig().put("user.attribute", "someAttribute");
    mapper.getConfig().put("id.token.claim", "true");
    mapper.getConfig().put("access.token.claim", "true");
    mapper.getConfig().put("claim.name", "someClaimName");
    mapper.getConfig().put("jsonType.label", "long");

    client.setProtocolMappers(new ArrayList<>());
    client.getProtocolMappers().add(mapper);
}
 

@Test
@AuthServerContainerExclude(AuthServer.REMOTE) // We would need to do domain name -> ip address to set trusted host
public void testProtocolMappersUpdate() throws Exception {
    setTrustedHost("localhost");

    // Check I can add client with allowed protocolMappers
    ProtocolMapperRepresentation protocolMapper = new ProtocolMapperRepresentation();
    protocolMapper.setName("Full name");
    protocolMapper.setProtocolMapper(FullNameMapper.PROVIDER_ID);
    protocolMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);

    ClientRepresentation clientRep = createRep("test-app");
    clientRep.setProtocolMappers(Collections.singletonList(protocolMapper));

    ClientRepresentation registeredClient = reg.create(clientRep);
    reg.auth(Auth.token(registeredClient));

    // Add some disallowed protocolMapper
    registeredClient.getProtocolMappers().add(createHardcodedMapperRep());

    // Check I can't update client because of protocolMapper
    assertFail(ClientRegOp.UPDATE, registeredClient, 403, "ProtocolMapper type not allowed");

    // Remove "bad" protocolMapper
    registeredClient.getProtocolMappers().removeIf((ProtocolMapperRepresentation mapper) -> {
        return mapper.getProtocolMapper().equals(HardcodedRole.PROVIDER_ID);
    });

    // Check I can update client now
    reg.update(registeredClient);

    // Revert client
    ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
}
 

private ProtocolMapperRepresentation createHardcodedMapperRep() {
    ProtocolMapperRepresentation protocolMapper = new ProtocolMapperRepresentation();
    protocolMapper.setName("Hardcoded foo role");
    protocolMapper.setProtocolMapper(HardcodedRole.PROVIDER_ID);
    protocolMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    protocolMapper.getConfig().put(HardcodedRole.ROLE_CONFIG, "foo-role");
    return protocolMapper;
}
 

protected AutoCloseable createProtocolMapper(ProtocolMappersResource resource, String name, String protocol, String protocolMapper, Map<String, String> config) {
    ProtocolMapperRepresentation representation = new ProtocolMapperRepresentation();
    representation.setName(name);
    representation.setProtocol(protocol);
    representation.setProtocolMapper(protocolMapper);
    representation.setConfig(config);
    try (Response response = resource.createMapper(representation)) {
        String createdId = getCreatedId(response);
        return () -> resource.delete(createdId);
    }
}
 

private ProtocolMapperRepresentation createGroupMapper() {
    ProtocolMapperRepresentation protocolMapperRepresentation = new ProtocolMapperRepresentation();
    protocolMapperRepresentation.setProtocolMapper(GroupMembershipMapper.PROVIDER_ID);
    protocolMapperRepresentation.setProtocol(PROTOCOL);
    protocolMapperRepresentation.setName("Group mapper");
    Map<String, String> config = new HashMap<>();
    putAccessTokenClaim(config);
    // the name of the property we got from the class GroupMembershipMapper
    config.put("full.path", "true");
    config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "groups");
    protocolMapperRepresentation.setConfig(config);
    return protocolMapperRepresentation;
}
 

private ProtocolMapperRepresentation makeMapper(String name, String mapperType, Map<String, String> config) {
    ProtocolMapperRepresentation rep = new ProtocolMapperRepresentation();
    rep.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    rep.setName(name);
    rep.setProtocolMapper(mapperType);
    rep.setConfig(config);
    return rep;
}
 

protected ProtocolMapperRepresentation makeMapper(String protocol, String name, String mapperType, Map<String, String> config) {
    ProtocolMapperRepresentation rep = new ProtocolMapperRepresentation();
    rep.setProtocol(protocol);
    rep.setName(name);
    rep.setProtocolMapper(mapperType);
    rep.setConfig(config);
    return rep;
}
 

@Test
public void testUpdateProtocolMappers() {
    ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
    scopeRep.setName("testUpdateProtocolMappers");
    scopeRep.setProtocol("openid-connect");


    String scopeId = createClientScope(scopeRep);

    ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
    mapper.setName("test");
    mapper.setProtocol("openid-connect");
    mapper.setProtocolMapper("oidc-usermodel-attribute-mapper");

    Map<String, String> m = new HashMap<>();
    m.put("user.attribute", "test");
    m.put("claim.name", "");
    m.put("jsonType.label", "");

    mapper.setConfig(m);

    ProtocolMappersResource protocolMappers = clientScopes().get(scopeId).getProtocolMappers();

    Response response = protocolMappers.createMapper(mapper);
    String mapperId = ApiUtil.getCreatedId(response);

    mapper = protocolMappers.getMapperById(mapperId);

    mapper.getConfig().put("claim.name", "claim");

    protocolMappers.update(mapperId, mapper);

    List<ProtocolMapperRepresentation> mappers = protocolMappers.getMappers();
    assertEquals(1, mappers.size());
    assertEquals(2, mappers.get(0).getConfig().size());
    assertEquals("test", mappers.get(0).getConfig().get("user.attribute"));
    assertEquals("claim", mappers.get(0).getConfig().get("claim.name"));

    clientScopes().get(scopeId).remove();
}
 

private ProtocolMapperRepresentation createHelloWordMapper() {
    ProtocolMapperRepresentation protocolMapperRepresentation = new ProtocolMapperRepresentation();
    protocolMapperRepresentation.setProtocolMapper(HelloWorldMapper.PROVIDER_ID);
    protocolMapperRepresentation.setProtocol(PROTOCOL);
    protocolMapperRepresentation.setName("Hello world mapper");
    Map<String, String> config = new HashMap<>();
    putAccessTokenClaim(config);
    config.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "example.message");
    protocolMapperRepresentation.setConfig(config);
    return protocolMapperRepresentation;
}
 

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void updateClientWithProtocolMapper() {
    ClientRepresentation rep = new ClientRepresentation();
    rep.setClientId("my-app");

    ProtocolMapperRepresentation fooMapper = new ProtocolMapperRepresentation();
    fooMapper.setName("foo");
    fooMapper.setProtocol("openid-connect");
    fooMapper.setProtocolMapper("oidc-hardcoded-claim-mapper");
    rep.setProtocolMappers(Collections.singletonList(fooMapper));

    Response response = realm.clients().create(rep);
    response.close();
    String id = ApiUtil.getCreatedId(response);
    getCleanup().addClientUuid(id);

    ClientResource clientResource = realm.clients().get(id);
    assertNotNull(clientResource);
    ClientRepresentation client = clientResource.toRepresentation();
    List<ProtocolMapperRepresentation> protocolMappers = client.getProtocolMappers();
    assertEquals(1, protocolMappers.size());
    ProtocolMapperRepresentation mapper = protocolMappers.get(0);
    assertEquals("foo", mapper.getName());

    ClientRepresentation newClient = new ClientRepresentation();
    newClient.setId(client.getId());
    newClient.setClientId(client.getClientId());

    ProtocolMapperRepresentation barMapper = new ProtocolMapperRepresentation();
    barMapper.setName("bar");
    barMapper.setProtocol("openid-connect");
    barMapper.setProtocolMapper("oidc-hardcoded-role-mapper");
    protocolMappers.add(barMapper);
    newClient.setProtocolMappers(protocolMappers);

    realm.clients().get(client.getId()).update(newClient);

    ClientRepresentation storedClient = realm.clients().get(client.getId()).toRepresentation();
    assertClient(client, storedClient);
}
 

public void protocolMappersTest(String clientDbId, ProtocolMappersResource mappersResource) {
    // assert default mappers found
    List<ProtocolMapperRepresentation> protocolMappers = mappersResource.getMappers();

    String emailMapperId = null;
    String usernameMapperId = null;
    String fooMapperId = null;
    for (ProtocolMapperRepresentation mapper : protocolMappers) {
        if (mapper.getName().equals(OIDCLoginProtocolFactory.EMAIL)) {
            emailMapperId = mapper.getId();
        } else if (mapper.getName().equals(OIDCLoginProtocolFactory.USERNAME)) {
            usernameMapperId = mapper.getId();
        } else if (mapper.getName().equals("foo")) {
            fooMapperId = mapper.getId();
        }
    }

    // Builtin mappers are not here
    assertNull(emailMapperId);
    assertNull(usernameMapperId);

    assertNull(fooMapperId);

    // Create foo mapper
    ProtocolMapperRepresentation fooMapper = new ProtocolMapperRepresentation();
    fooMapper.setName("foo");
    fooMapper.setProtocol("openid-connect");
    fooMapper.setProtocolMapper("oidc-hardcoded-claim-mapper");
    Response response = mappersResource.createMapper(fooMapper);
    String location = response.getLocation().toString();
    fooMapperId = location.substring(location.lastIndexOf("/") + 1);
    response.close();

    assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId), fooMapper, ResourceType.PROTOCOL_MAPPER);

    fooMapper = mappersResource.getMapperById(fooMapperId);
    assertEquals(fooMapper.getName(), "foo");

    // Update foo mapper
    mappersResource.update(fooMapperId, fooMapper);

    assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId), fooMapper, ResourceType.PROTOCOL_MAPPER);

    fooMapper = mappersResource.getMapperById(fooMapperId);

    // Remove foo mapper
    mappersResource.delete(fooMapperId);
    assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.clientProtocolMapperPath(clientDbId, fooMapperId), ResourceType.PROTOCOL_MAPPER);
    try {
        mappersResource.getMapperById(fooMapperId);
        fail("Not expected to find deleted mapper");
    } catch (NotFoundException nfe) {
    }
}
 

@Override
public List<ClientRepresentation> createProviderClients() {
    ClientRepresentation client = new ClientRepresentation();
    client.setId(CLIENT_ID);
    client.setClientId(getIDPClientIdInProviderRealm());
    client.setName(CLIENT_ID);
    client.setSecret(CLIENT_SECRET);
    client.setEnabled(true);

    client.setRedirectUris(Collections.singletonList(getConsumerRoot() +
            "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint/*"));

    client.setAdminUrl(getConsumerRoot() +
            "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint");

    ProtocolMapperRepresentation emailMapper = new ProtocolMapperRepresentation();
    emailMapper.setName("email");
    emailMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    emailMapper.setProtocolMapper(UserPropertyMapper.PROVIDER_ID);

    Map<String, String> emailMapperConfig = emailMapper.getConfig();
    emailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "email");
    emailMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "email");
    emailMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    emailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    emailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    emailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");

    ProtocolMapperRepresentation nestedAttrMapper = new ProtocolMapperRepresentation();
    nestedAttrMapper.setName("attribute - nested claim");
    nestedAttrMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    nestedAttrMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);

    Map<String, String> nestedEmailMapperConfig = nestedAttrMapper.getConfig();
    nestedEmailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "nested.email");
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "nested.email");
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");

    ProtocolMapperRepresentation dottedAttrMapper = new ProtocolMapperRepresentation();
    dottedAttrMapper.setName("attribute - claim with dot in name");
    dottedAttrMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    dottedAttrMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);

    Map<String, String> dottedEmailMapperConfig = dottedAttrMapper.getConfig();
    dottedEmailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "dotted.email");
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "dotted\\.email");
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");

    ProtocolMapperRepresentation userAttrMapper = new ProtocolMapperRepresentation();
    userAttrMapper.setName("attribute - name");
    userAttrMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    userAttrMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);

    Map<String, String> userAttrMapperConfig = userAttrMapper.getConfig();
    userAttrMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, ATTRIBUTE_TO_MAP_NAME);
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, ATTRIBUTE_TO_MAP_NAME);
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");
    userAttrMapperConfig.put(ProtocolMapperUtils.MULTIVALUED, "true");

    ProtocolMapperRepresentation userAttrMapper2 = new ProtocolMapperRepresentation();
    userAttrMapper2.setName("attribute - name - 2");
    userAttrMapper2.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    userAttrMapper2.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);

    Map<String, String> userAttrMapperConfig2 = userAttrMapper2.getConfig();
    userAttrMapperConfig2.put(ProtocolMapperUtils.USER_ATTRIBUTE, ATTRIBUTE_TO_MAP_NAME_2);
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, ATTRIBUTE_TO_MAP_NAME_2);
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");
    userAttrMapperConfig2.put(ProtocolMapperUtils.MULTIVALUED, "true");

    ProtocolMapperRepresentation hardcodedJsonClaim = new ProtocolMapperRepresentation();
    hardcodedJsonClaim.setName("json-mapper");
    hardcodedJsonClaim.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    hardcodedJsonClaim.setProtocolMapper(HardcodedClaim.PROVIDER_ID);

    Map<String, String> hardcodedJsonClaimMapperConfig = hardcodedJsonClaim.getConfig();
    hardcodedJsonClaimMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, KcOidcBrokerConfiguration.USER_INFO_CLAIM);
    hardcodedJsonClaimMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, "JSON");
    hardcodedJsonClaimMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    hardcodedJsonClaimMapperConfig.put(HardcodedClaim.CLAIM_VALUE, "{\"" + HARDOCDED_CLAIM + "\": \"" + HARDOCDED_VALUE + "\"}");

    client.setProtocolMappers(Arrays.asList(emailMapper, userAttrMapper, userAttrMapper2, nestedAttrMapper, dottedAttrMapper, hardcodedJsonClaim));

    return Collections.singletonList(client);
}
 

private ClientRepresentation createProviderClient(String clientId) {
    ClientRepresentation client = new ClientRepresentation();

    client.setClientId(clientId);
    client.setEnabled(true);
    client.setProtocol(IDP_SAML_PROVIDER_ID);
    client.setRedirectUris(Collections.singletonList(
            getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint"
    ));

    Map<String, String> attributes = new HashMap<>();

    attributes.put(SamlConfigAttributes.SAML_AUTHNSTATEMENT, "true");
    attributes.put(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE,
            getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
    attributes.put(SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE,
            getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
    attributes.put(SamlConfigAttributes.SAML_FORCE_NAME_ID_FORMAT_ATTRIBUTE, "true");
    attributes.put(SamlConfigAttributes.SAML_NAME_ID_FORMAT_ATTRIBUTE, "username");
    attributes.put(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, "false");
    attributes.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "false");
    attributes.put(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false");
    attributes.put(SamlConfigAttributes.SAML_ENCRYPT, "false");

    client.setAttributes(attributes);

    ProtocolMapperRepresentation emailMapper = new ProtocolMapperRepresentation();
    emailMapper.setName("email");
    emailMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    emailMapper.setProtocolMapper(UserPropertyAttributeStatementMapper.PROVIDER_ID);

    Map<String, String> emailMapperConfig = emailMapper.getConfig();
    emailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "email");
    emailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "urn:oid:1.2.840.113549.1.9.1");
    emailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
    emailMapperConfig.put(AttributeStatementHelper.FRIENDLY_NAME, "email");

    ProtocolMapperRepresentation dottedAttrMapper = new ProtocolMapperRepresentation();
    dottedAttrMapper.setName("email - dotted");
    dottedAttrMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    dottedAttrMapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);

    Map<String, String> dottedEmailMapperConfig = dottedAttrMapper.getConfig();
    dottedEmailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "dotted.email");
    dottedEmailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "dotted.email");
    dottedEmailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");

    ProtocolMapperRepresentation nestedAttrMapper = new ProtocolMapperRepresentation();
    nestedAttrMapper.setName("email - nested");
    nestedAttrMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    nestedAttrMapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);

    Map<String, String> nestedEmailMapperConfig = nestedAttrMapper.getConfig();
    nestedEmailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "nested.email");
    nestedEmailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "nested.email");
    nestedEmailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");

    ProtocolMapperRepresentation userAttrMapper = new ProtocolMapperRepresentation();
    userAttrMapper.setName("attribute - name");
    userAttrMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    userAttrMapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);

    Map<String, String> userAttrMapperConfig = userAttrMapper.getConfig();
    userAttrMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME);
    userAttrMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME);
    userAttrMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, AttributeStatementHelper.BASIC);
    userAttrMapperConfig.put(AttributeStatementHelper.FRIENDLY_NAME, "");

    ProtocolMapperRepresentation userFriendlyAttrMapper = new ProtocolMapperRepresentation();
    userFriendlyAttrMapper.setName("attribute - friendly name");
    userFriendlyAttrMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    userFriendlyAttrMapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);

    Map<String, String> userFriendlyAttrMapperConfig = userFriendlyAttrMapper.getConfig();
    userFriendlyAttrMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, AbstractUserAttributeMapperTest.ATTRIBUTE_TO_MAP_FRIENDLY_NAME);
    userFriendlyAttrMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "urn:oid:1.2.3.4.5.6.7");
    userFriendlyAttrMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, AttributeStatementHelper.BASIC);
    userFriendlyAttrMapperConfig.put(AttributeStatementHelper.FRIENDLY_NAME, AbstractUserAttributeMapperTest.ATTRIBUTE_TO_MAP_FRIENDLY_NAME);

    client.setProtocolMappers(Arrays.asList(emailMapper, dottedAttrMapper, nestedAttrMapper, userAttrMapper, userFriendlyAttrMapper));

    return client;
}
 

@Test
public void testEditMapper() {
    //prepare data
    ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
    mapper.setName("mapper name");
    //mapper.setConsentRequired(true);
    //mapper.setConsentText("consent text");
    mapper.setProtocol("openid-connect");
    mapper.setProtocolMapper("oidc-usersessionmodel-note-mapper");
    
    Map<String, String> config = new HashMap<>();
    config.put("access.token.claim", "true");
    config.put("id.token.claim", "true");
    config.put("claim.name", "claim name");
    config.put("jsonType.label", "String");
    config.put("user.session.note", "session note");
    
    mapper.setConfig(config);
    
    //insert data
    testRealmResource().clients().get(id).getProtocolMappers().createMapper(mapper).close();
    
    //check form
    clientMapperPage.setId(id);
    String mapperId = findClientMapperByName(id, "mapper name").getId();
    clientMapperPage.setMapperId(mapperId);
    clientMapperPage.navigateTo();
    
    assertEquals("openid-connect", clientMapperPage.form().getProtocol());
    assertEquals(mapperId, clientMapperPage.form().getMapperId());
    assertEquals("mapper name", clientMapperPage.form().getName());
    assertEquals("User Session Note", clientMapperPage.form().getMapperType());
    assertEquals("session note", clientMapperPage.form().getUserSessionNote());
    assertEquals("claim name", clientMapperPage.form().getTokenClaimName());
    assertEquals("String", clientMapperPage.form().getClaimJSONType());
    assertTrue(clientMapperPage.form().isAddToIDToken());
    assertTrue(clientMapperPage.form().isAddToAccessToken());
    
    //edit
    clientMapperPage.form().setAddToAccessToken(false);
    clientMapperPage.form().save();
    assertAlertSuccess();
    
    //check
    assertTrue(clientMapperPage.form().isAddToIDToken());
    assertFalse(clientMapperPage.form().isAddToAccessToken());

    ProtocolMapperRepresentation rep = findClientMapperByName(id, "mapper name");
    assertEquals("false", rep.getConfig().get(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN));
    assertEquals("true", rep.getConfig().get(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN));

}