libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Don't fail on null config map in AdvancedClaimToGroupMapper/AdvancedClaimToRoleMapper/AdvancedAttributeToGroupMapper/AdvancedAttributeToGroupMapper

Browse source 
Fixes #31575

Signed-off-by: Nikos Epping <n.epping@evosec.de>
This commit is contained in:
Nikos Epping 2024-07-25 15:09:53 +02:00 committed by Alexander Schwartz
parent 6258256c1b
commit 4080ee2e84
7 changed files with 88 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
server-spi/src/main/java/org/keycloak/models/IdentityProviderMapperModel.java
View file

@ -27,6 +27,8 @@ import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import static java.util.Collections.emptyMap;
/**
* Specifies a mapping from broker login to user data.
*
@ -96,6 +98,9 @@ public class IdentityProviderMapperModel implements Serializable {
public Map<String, List<String>> getConfigMap(String configKey) {
String configMap = config.get(configKey);
if (configMap == null) {
return emptyMap();
}
try {
List<StringPair> map = JsonSerialization.readValue(configMap, MAP_TYPE_REPRESENTATION);

15
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractAdvancedRoleMapperTest.java
View file

@ -146,6 +146,21 @@ public abstract class AbstractAdvancedRoleMapperTest extends AbstractRoleMapperT
assertThatRoleHasBeenAssignedInConsumerRealm();
}
@Test
public void valuesMatchIfNullClaimsSpecified() {
createAdvancedRoleMapper(null, false);
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME,
ImmutableList.<String>builder().add("some value").build())
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2,
ImmutableList.<String>builder().add("some value").build())
.build());
logInAsUserInIDPForFirstTime();
assertThatRoleHasBeenAssignedInConsumerRealm();
}
public void createMapperAndLoginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode syncMode,
boolean createAfterFirstLogin) {
loginAsUserTwiceWithMapper(syncMode, createAfterFirstLogin, createMatchingUserConfig());

16
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractGroupBrokerMapperTest.java
View file

@ -22,6 +22,8 @@ import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT;
import java.io.IOException;
import java.util.List;
import java.util.Map;
import org.junit.Test;
import org.keycloak.models.IdentityProviderMapperSyncMode;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
@ -69,6 +71,20 @@ public abstract class AbstractGroupBrokerMapperTest extends AbstractGroupMapperT
return user;
}
@Test
public void valuesMatchIfNullClaimsSpecified() {
createAdvancedGroupMapper(null, false, MAPPER_TEST_GROUP_PATH);
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME, ImmutableList.<String>builder().add("some value").build())
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2, ImmutableList.<String>builder().add("some value").build())
.build());
logInAsUserInIDPForFirstTimeAndAssertSuccess();
UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
assertThatUserHasBeenAssignedToGroup(user);
}
@Override
protected void updateUser() {
UserRepresentation user = findUser(bc.providerRealmName(), bc.getUserLogin(), bc.getUserEmail());

30
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlAdvancedAttributeToGroupMapperTest.java
View file

@ -14,7 +14,10 @@ import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import jakarta.ws.rs.core.Response;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import static org.keycloak.testsuite.broker.KcSamlBrokerConfiguration.ATTRIBUTE_TO_MAP_FRIENDLY_NAME;
@ -28,7 +31,7 @@ public class KcSamlAdvancedAttributeToGroupMapperTest extends AbstractGroupBroke
" {\n" +
" \"key\": \"" + ATTRIBUTE_TO_MAP_FRIENDLY_NAME + "\",\n" +
" \"value\": \"value 1\"\n" +
" },\n" +" {\n" +
" },\n" + " {\n" +
" \"key\": \"" + ATTRIBUTE_TO_MAP_FRIENDLY_NAME + "\",\n" +
" \"value\": \"value 2\"\n" +
" },\n" +
@ -46,17 +49,18 @@ public class KcSamlAdvancedAttributeToGroupMapperTest extends AbstractGroupBroke
@Override
protected String createMapperInIdp(IdentityProviderRepresentation idp, String claimsOrAttributeRepresentation,
boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String groupValue) {
boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String groupValue) {
IdentityProviderMapperRepresentation advancedAttributeToGroupMapper = new IdentityProviderMapperRepresentation();
advancedAttributeToGroupMapper.setName("advanced-attribute-to-group-mapper");
advancedAttributeToGroupMapper.setIdentityProviderMapper(AdvancedAttributeToGroupMapper.PROVIDER_ID);
advancedAttributeToGroupMapper.setConfig(ImmutableMap.<String, String> builder()
.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString())
.put(AdvancedAttributeToGroupMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation)
.put(AdvancedAttributeToGroupMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME,
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString())
.put(ConfigConstants.GROUP, MAPPER_TEST_GROUP_PATH)
.build());
final Map<String, String> config = new HashMap<>();
config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString());
config.put(AdvancedAttributeToGroupMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation);
config.put(AdvancedAttributeToGroupMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME,
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString());
config.put(ConfigConstants.GROUP, MAPPER_TEST_GROUP_PATH);
advancedAttributeToGroupMapper.setConfig(config);
IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
advancedAttributeToGroupMapper.setIdentityProviderAlias(bc.getIDPAlias());
@ -66,11 +70,11 @@ public class KcSamlAdvancedAttributeToGroupMapperTest extends AbstractGroupBroke
@Test
public void attributeFriendlyNameGetsConsideredAndMatchedToGroup() {
createAdvancedGroupMapper(ATTRIBUTES, false,KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2);
createUserInProviderRealm(ImmutableMap.<String, List<String>> builder()
.put(ATTRIBUTE_TO_MAP_FRIENDLY_NAME, ImmutableList.<String> builder().add("value 1").add("value 2").build())
createAdvancedGroupMapper(ATTRIBUTES, false, KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2);
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
.put(ATTRIBUTE_TO_MAP_FRIENDLY_NAME, ImmutableList.<String>builder().add("value 1").add("value 2").build())
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2,
ImmutableList.<String> builder().add("value 2").build())
ImmutableList.<String>builder().add("value 2").build())
.build());
logInAsUserInIDPForFirstTime();

25
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlAdvancedAttributeToRoleMapperTest.java
View file

@ -12,7 +12,9 @@ import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
* @author <a href="mailto:external.martin.idel@bosch.io">Martin Idel</a>,
@ -43,17 +45,18 @@ public class KcSamlAdvancedAttributeToRoleMapperTest extends AbstractAdvancedRol
@Override
protected void createMapperInIdp(String claimsOrAttributeRepresentation,
boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String roleValue) {
boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String roleValue) {
IdentityProviderMapperRepresentation advancedAttributeToRoleMapper = new IdentityProviderMapperRepresentation();
advancedAttributeToRoleMapper.setName("advanced-attribute-to-role-mapper");
advancedAttributeToRoleMapper.setIdentityProviderMapper(AdvancedAttributeToRoleMapper.PROVIDER_ID);
advancedAttributeToRoleMapper.setConfig(ImmutableMap.<String, String> builder()
.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString())
.put(AdvancedAttributeToRoleMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation)
.put(AdvancedAttributeToRoleMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME,
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString())
.put(ConfigConstants.ROLE, roleValue)
.build());
final Map<String, String> config = new HashMap<>();
config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString());
config.put(AdvancedAttributeToRoleMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation);
config.put(AdvancedAttributeToRoleMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME,
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString());
config.put(ConfigConstants.ROLE, roleValue);
advancedAttributeToRoleMapper.setConfig(config);
persistMapper(advancedAttributeToRoleMapper);
}
@ -61,10 +64,10 @@ public class KcSamlAdvancedAttributeToRoleMapperTest extends AbstractAdvancedRol
@Test
public void attributeFriendlyNameGetsConsideredAndMatchedToRole() {
createAdvancedRoleMapper(ATTRIBUTES, false);
createUserInProviderRealm(ImmutableMap.<String, List<String>> builder()
.put(ATTRIBUTE_TO_MAP_FRIENDLY_NAME, ImmutableList.<String> builder().add("value 1").add("value 2").build())
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
.put(ATTRIBUTE_TO_MAP_FRIENDLY_NAME, ImmutableList.<String>builder().add("value 1").add("value 2").build())
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2,
ImmutableList.<String> builder().add("value 2").build())
ImmutableList.<String>builder().add("value 2").build())
.build());
logInAsUserInIDPForFirstTime();

18
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/OidcAdvancedClaimToGroupMapperTest.java
View file

@ -3,7 +3,10 @@ package org.keycloak.testsuite.broker;
import static org.keycloak.models.IdentityProviderMapperSyncMode.FORCE;
import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.junit.Test;
import org.keycloak.admin.client.CreatedResponseUtil;
import org.keycloak.admin.client.resource.IdentityProviderResource;
@ -41,13 +44,14 @@ public class OidcAdvancedClaimToGroupMapperTest extends AbstractGroupBrokerMappe
IdentityProviderMapperRepresentation advancedClaimToGroupMapper = new IdentityProviderMapperRepresentation();
advancedClaimToGroupMapper.setName("advanced-claim-to-group-mapper");
advancedClaimToGroupMapper.setIdentityProviderMapper(AdvancedClaimToGroupMapper.PROVIDER_ID);
advancedClaimToGroupMapper.setConfig(ImmutableMap.<String, String> builder()
.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString())
.put(AdvancedClaimToGroupMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation)
.put(AdvancedClaimToGroupMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME,
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString())
.put(ConfigConstants.GROUP, groupPath)
.build());
final Map<String, String> config = new HashMap<>();
config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString());
config.put(AdvancedClaimToGroupMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation);
config.put(AdvancedClaimToGroupMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME,
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString());
config.put(ConfigConstants.GROUP, groupPath);
advancedClaimToGroupMapper.setConfig(config);
IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
advancedClaimToGroupMapper.setIdentityProviderAlias(bc.getIDPAlias());

18
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/OidcAdvancedClaimToRoleMapperTest.java
View file

@ -6,7 +6,8 @@ import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.IdentityProviderMapperSyncMode;
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import com.google.common.collect.ImmutableMap;
import java.util.HashMap;
import java.util.Map;
/**
* <a href="mailto:external.benjamin.weimer@bosch-si.com">Benjamin Weimer</a>,
@ -25,13 +26,14 @@ public class OidcAdvancedClaimToRoleMapperTest extends AbstractAdvancedRoleMappe
IdentityProviderMapperRepresentation advancedClaimToRoleMapper = new IdentityProviderMapperRepresentation();
advancedClaimToRoleMapper.setName("advanced-claim-to-role-mapper");
advancedClaimToRoleMapper.setIdentityProviderMapper(AdvancedClaimToRoleMapper.PROVIDER_ID);
advancedClaimToRoleMapper.setConfig(ImmutableMap.<String, String> builder()
.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString())
.put(AdvancedClaimToRoleMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation)
.put(AdvancedClaimToRoleMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME,
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString())
.put(ConfigConstants.ROLE, roleValue)
.build());
final Map<String, String> config = new HashMap<>();
config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString());
config.put(AdvancedClaimToRoleMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation);
config.put(AdvancedClaimToRoleMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME,
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString());
config.put(ConfigConstants.ROLE, roleValue);
advancedClaimToRoleMapper.setConfig(config);
persistMapper(advancedClaimToRoleMapper);
}