Don't fail on null config map in AdvancedClaimToGroupMapper/AdvancedClaimToRoleMapper/AdvancedAttributeToGroupMapper/AdvancedAttributeToGroupMapper
Fixes #31575 Signed-off-by: Nikos Epping <n.epping@evosec.de>
This commit is contained in:
parent
6258256c1b
commit
4080ee2e84
7 changed files with 88 additions and 39 deletions
|
@ -27,6 +27,8 @@ import java.util.List;
|
|||
import java.util.Map;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import static java.util.Collections.emptyMap;
|
||||
|
||||
/**
|
||||
* Specifies a mapping from broker login to user data.
|
||||
*
|
||||
|
@ -96,6 +98,9 @@ public class IdentityProviderMapperModel implements Serializable {
|
|||
|
||||
public Map<String, List<String>> getConfigMap(String configKey) {
|
||||
String configMap = config.get(configKey);
|
||||
if (configMap == null) {
|
||||
return emptyMap();
|
||||
}
|
||||
|
||||
try {
|
||||
List<StringPair> map = JsonSerialization.readValue(configMap, MAP_TYPE_REPRESENTATION);
|
||||
|
|
|
@ -146,6 +146,21 @@ public abstract class AbstractAdvancedRoleMapperTest extends AbstractRoleMapperT
|
|||
assertThatRoleHasBeenAssignedInConsumerRealm();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void valuesMatchIfNullClaimsSpecified() {
|
||||
createAdvancedRoleMapper(null, false);
|
||||
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME,
|
||||
ImmutableList.<String>builder().add("some value").build())
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2,
|
||||
ImmutableList.<String>builder().add("some value").build())
|
||||
.build());
|
||||
|
||||
logInAsUserInIDPForFirstTime();
|
||||
|
||||
assertThatRoleHasBeenAssignedInConsumerRealm();
|
||||
}
|
||||
|
||||
public void createMapperAndLoginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode syncMode,
|
||||
boolean createAfterFirstLogin) {
|
||||
loginAsUserTwiceWithMapper(syncMode, createAfterFirstLogin, createMatchingUserConfig());
|
||||
|
|
|
@ -22,6 +22,8 @@ import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT;
|
|||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.keycloak.models.IdentityProviderMapperSyncMode;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
|
@ -69,6 +71,20 @@ public abstract class AbstractGroupBrokerMapperTest extends AbstractGroupMapperT
|
|||
return user;
|
||||
}
|
||||
|
||||
@Test
|
||||
public void valuesMatchIfNullClaimsSpecified() {
|
||||
createAdvancedGroupMapper(null, false, MAPPER_TEST_GROUP_PATH);
|
||||
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME, ImmutableList.<String>builder().add("some value").build())
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2, ImmutableList.<String>builder().add("some value").build())
|
||||
.build());
|
||||
|
||||
logInAsUserInIDPForFirstTimeAndAssertSuccess();
|
||||
|
||||
UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||
assertThatUserHasBeenAssignedToGroup(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void updateUser() {
|
||||
UserRepresentation user = findUser(bc.providerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||
|
|
|
@ -14,7 +14,10 @@ import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
|||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
|
||||
import jakarta.ws.rs.core.Response;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.keycloak.testsuite.broker.KcSamlBrokerConfiguration.ATTRIBUTE_TO_MAP_FRIENDLY_NAME;
|
||||
|
||||
|
@ -28,7 +31,7 @@ public class KcSamlAdvancedAttributeToGroupMapperTest extends AbstractGroupBroke
|
|||
" {\n" +
|
||||
" \"key\": \"" + ATTRIBUTE_TO_MAP_FRIENDLY_NAME + "\",\n" +
|
||||
" \"value\": \"value 1\"\n" +
|
||||
" },\n" +" {\n" +
|
||||
" },\n" + " {\n" +
|
||||
" \"key\": \"" + ATTRIBUTE_TO_MAP_FRIENDLY_NAME + "\",\n" +
|
||||
" \"value\": \"value 2\"\n" +
|
||||
" },\n" +
|
||||
|
@ -46,17 +49,18 @@ public class KcSamlAdvancedAttributeToGroupMapperTest extends AbstractGroupBroke
|
|||
|
||||
@Override
|
||||
protected String createMapperInIdp(IdentityProviderRepresentation idp, String claimsOrAttributeRepresentation,
|
||||
boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String groupValue) {
|
||||
boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String groupValue) {
|
||||
IdentityProviderMapperRepresentation advancedAttributeToGroupMapper = new IdentityProviderMapperRepresentation();
|
||||
advancedAttributeToGroupMapper.setName("advanced-attribute-to-group-mapper");
|
||||
advancedAttributeToGroupMapper.setIdentityProviderMapper(AdvancedAttributeToGroupMapper.PROVIDER_ID);
|
||||
advancedAttributeToGroupMapper.setConfig(ImmutableMap.<String, String> builder()
|
||||
.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString())
|
||||
.put(AdvancedAttributeToGroupMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation)
|
||||
.put(AdvancedAttributeToGroupMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME,
|
||||
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString())
|
||||
.put(ConfigConstants.GROUP, MAPPER_TEST_GROUP_PATH)
|
||||
.build());
|
||||
|
||||
final Map<String, String> config = new HashMap<>();
|
||||
config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString());
|
||||
config.put(AdvancedAttributeToGroupMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation);
|
||||
config.put(AdvancedAttributeToGroupMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME,
|
||||
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString());
|
||||
config.put(ConfigConstants.GROUP, MAPPER_TEST_GROUP_PATH);
|
||||
advancedAttributeToGroupMapper.setConfig(config);
|
||||
|
||||
IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
|
||||
advancedAttributeToGroupMapper.setIdentityProviderAlias(bc.getIDPAlias());
|
||||
|
@ -66,11 +70,11 @@ public class KcSamlAdvancedAttributeToGroupMapperTest extends AbstractGroupBroke
|
|||
|
||||
@Test
|
||||
public void attributeFriendlyNameGetsConsideredAndMatchedToGroup() {
|
||||
createAdvancedGroupMapper(ATTRIBUTES, false,KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2);
|
||||
createUserInProviderRealm(ImmutableMap.<String, List<String>> builder()
|
||||
.put(ATTRIBUTE_TO_MAP_FRIENDLY_NAME, ImmutableList.<String> builder().add("value 1").add("value 2").build())
|
||||
createAdvancedGroupMapper(ATTRIBUTES, false, KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2);
|
||||
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
|
||||
.put(ATTRIBUTE_TO_MAP_FRIENDLY_NAME, ImmutableList.<String>builder().add("value 1").add("value 2").build())
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2,
|
||||
ImmutableList.<String> builder().add("value 2").build())
|
||||
ImmutableList.<String>builder().add("value 2").build())
|
||||
.build());
|
||||
|
||||
logInAsUserInIDPForFirstTime();
|
||||
|
|
|
@ -12,7 +12,9 @@ import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
|
|||
import com.google.common.collect.ImmutableList;
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:external.martin.idel@bosch.io">Martin Idel</a>,
|
||||
|
@ -43,17 +45,18 @@ public class KcSamlAdvancedAttributeToRoleMapperTest extends AbstractAdvancedRol
|
|||
|
||||
@Override
|
||||
protected void createMapperInIdp(String claimsOrAttributeRepresentation,
|
||||
boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String roleValue) {
|
||||
boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String roleValue) {
|
||||
IdentityProviderMapperRepresentation advancedAttributeToRoleMapper = new IdentityProviderMapperRepresentation();
|
||||
advancedAttributeToRoleMapper.setName("advanced-attribute-to-role-mapper");
|
||||
advancedAttributeToRoleMapper.setIdentityProviderMapper(AdvancedAttributeToRoleMapper.PROVIDER_ID);
|
||||
advancedAttributeToRoleMapper.setConfig(ImmutableMap.<String, String> builder()
|
||||
.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString())
|
||||
.put(AdvancedAttributeToRoleMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation)
|
||||
.put(AdvancedAttributeToRoleMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME,
|
||||
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString())
|
||||
.put(ConfigConstants.ROLE, roleValue)
|
||||
.build());
|
||||
|
||||
final Map<String, String> config = new HashMap<>();
|
||||
config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString());
|
||||
config.put(AdvancedAttributeToRoleMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation);
|
||||
config.put(AdvancedAttributeToRoleMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME,
|
||||
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString());
|
||||
config.put(ConfigConstants.ROLE, roleValue);
|
||||
advancedAttributeToRoleMapper.setConfig(config);
|
||||
|
||||
persistMapper(advancedAttributeToRoleMapper);
|
||||
}
|
||||
|
@ -61,10 +64,10 @@ public class KcSamlAdvancedAttributeToRoleMapperTest extends AbstractAdvancedRol
|
|||
@Test
|
||||
public void attributeFriendlyNameGetsConsideredAndMatchedToRole() {
|
||||
createAdvancedRoleMapper(ATTRIBUTES, false);
|
||||
createUserInProviderRealm(ImmutableMap.<String, List<String>> builder()
|
||||
.put(ATTRIBUTE_TO_MAP_FRIENDLY_NAME, ImmutableList.<String> builder().add("value 1").add("value 2").build())
|
||||
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
|
||||
.put(ATTRIBUTE_TO_MAP_FRIENDLY_NAME, ImmutableList.<String>builder().add("value 1").add("value 2").build())
|
||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2,
|
||||
ImmutableList.<String> builder().add("value 2").build())
|
||||
ImmutableList.<String>builder().add("value 2").build())
|
||||
.build());
|
||||
|
||||
logInAsUserInIDPForFirstTime();
|
||||
|
|
|
@ -3,7 +3,10 @@ package org.keycloak.testsuite.broker;
|
|||
import static org.keycloak.models.IdentityProviderMapperSyncMode.FORCE;
|
||||
import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.CreatedResponseUtil;
|
||||
import org.keycloak.admin.client.resource.IdentityProviderResource;
|
||||
|
@ -41,13 +44,14 @@ public class OidcAdvancedClaimToGroupMapperTest extends AbstractGroupBrokerMappe
|
|||
IdentityProviderMapperRepresentation advancedClaimToGroupMapper = new IdentityProviderMapperRepresentation();
|
||||
advancedClaimToGroupMapper.setName("advanced-claim-to-group-mapper");
|
||||
advancedClaimToGroupMapper.setIdentityProviderMapper(AdvancedClaimToGroupMapper.PROVIDER_ID);
|
||||
advancedClaimToGroupMapper.setConfig(ImmutableMap.<String, String> builder()
|
||||
.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString())
|
||||
.put(AdvancedClaimToGroupMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation)
|
||||
.put(AdvancedClaimToGroupMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME,
|
||||
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString())
|
||||
.put(ConfigConstants.GROUP, groupPath)
|
||||
.build());
|
||||
|
||||
final Map<String, String> config = new HashMap<>();
|
||||
config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString());
|
||||
config.put(AdvancedClaimToGroupMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation);
|
||||
config.put(AdvancedClaimToGroupMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME,
|
||||
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString());
|
||||
config.put(ConfigConstants.GROUP, groupPath);
|
||||
advancedClaimToGroupMapper.setConfig(config);
|
||||
|
||||
IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
|
||||
advancedClaimToGroupMapper.setIdentityProviderAlias(bc.getIDPAlias());
|
||||
|
|
|
@ -6,7 +6,8 @@ import org.keycloak.models.IdentityProviderMapperModel;
|
|||
import org.keycloak.models.IdentityProviderMapperSyncMode;
|
||||
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
|
||||
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* <a href="mailto:external.benjamin.weimer@bosch-si.com">Benjamin Weimer</a>,
|
||||
|
@ -25,13 +26,14 @@ public class OidcAdvancedClaimToRoleMapperTest extends AbstractAdvancedRoleMappe
|
|||
IdentityProviderMapperRepresentation advancedClaimToRoleMapper = new IdentityProviderMapperRepresentation();
|
||||
advancedClaimToRoleMapper.setName("advanced-claim-to-role-mapper");
|
||||
advancedClaimToRoleMapper.setIdentityProviderMapper(AdvancedClaimToRoleMapper.PROVIDER_ID);
|
||||
advancedClaimToRoleMapper.setConfig(ImmutableMap.<String, String> builder()
|
||||
.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString())
|
||||
.put(AdvancedClaimToRoleMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation)
|
||||
.put(AdvancedClaimToRoleMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME,
|
||||
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString())
|
||||
.put(ConfigConstants.ROLE, roleValue)
|
||||
.build());
|
||||
|
||||
final Map<String, String> config = new HashMap<>();
|
||||
config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString());
|
||||
config.put(AdvancedClaimToRoleMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation);
|
||||
config.put(AdvancedClaimToRoleMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME,
|
||||
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString());
|
||||
config.put(ConfigConstants.ROLE, roleValue);
|
||||
advancedClaimToRoleMapper.setConfig(config);
|
||||
|
||||
persistMapper(advancedClaimToRoleMapper);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue