Don't fail on null config map in AdvancedClaimToGroupMapper/AdvancedClaimToRoleMapper/AdvancedAttributeToGroupMapper/AdvancedAttributeToGroupMapper

Fixes #31575

Signed-off-by: Nikos Epping <n.epping@evosec.de>
This commit is contained in:
Nikos Epping 2024-07-25 15:09:53 +02:00 committed by Alexander Schwartz
parent 6258256c1b
commit 4080ee2e84
7 changed files with 88 additions and 39 deletions

View file

@ -27,6 +27,8 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import static java.util.Collections.emptyMap;
/** /**
* Specifies a mapping from broker login to user data. * Specifies a mapping from broker login to user data.
* *
@ -96,6 +98,9 @@ public class IdentityProviderMapperModel implements Serializable {
public Map<String, List<String>> getConfigMap(String configKey) { public Map<String, List<String>> getConfigMap(String configKey) {
String configMap = config.get(configKey); String configMap = config.get(configKey);
if (configMap == null) {
return emptyMap();
}
try { try {
List<StringPair> map = JsonSerialization.readValue(configMap, MAP_TYPE_REPRESENTATION); List<StringPair> map = JsonSerialization.readValue(configMap, MAP_TYPE_REPRESENTATION);

View file

@ -146,6 +146,21 @@ public abstract class AbstractAdvancedRoleMapperTest extends AbstractRoleMapperT
assertThatRoleHasBeenAssignedInConsumerRealm(); assertThatRoleHasBeenAssignedInConsumerRealm();
} }
@Test
public void valuesMatchIfNullClaimsSpecified() {
createAdvancedRoleMapper(null, false);
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME,
ImmutableList.<String>builder().add("some value").build())
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2,
ImmutableList.<String>builder().add("some value").build())
.build());
logInAsUserInIDPForFirstTime();
assertThatRoleHasBeenAssignedInConsumerRealm();
}
public void createMapperAndLoginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode syncMode, public void createMapperAndLoginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode syncMode,
boolean createAfterFirstLogin) { boolean createAfterFirstLogin) {
loginAsUserTwiceWithMapper(syncMode, createAfterFirstLogin, createMatchingUserConfig()); loginAsUserTwiceWithMapper(syncMode, createAfterFirstLogin, createMatchingUserConfig());

View file

@ -22,6 +22,8 @@ import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT;
import java.io.IOException; import java.io.IOException;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import org.junit.Test;
import org.keycloak.models.IdentityProviderMapperSyncMode; import org.keycloak.models.IdentityProviderMapperSyncMode;
import org.keycloak.representations.idm.IdentityProviderRepresentation; import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
@ -69,6 +71,20 @@ public abstract class AbstractGroupBrokerMapperTest extends AbstractGroupMapperT
return user; return user;
} }
@Test
public void valuesMatchIfNullClaimsSpecified() {
createAdvancedGroupMapper(null, false, MAPPER_TEST_GROUP_PATH);
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME, ImmutableList.<String>builder().add("some value").build())
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2, ImmutableList.<String>builder().add("some value").build())
.build());
logInAsUserInIDPForFirstTimeAndAssertSuccess();
UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
assertThatUserHasBeenAssignedToGroup(user);
}
@Override @Override
protected void updateUser() { protected void updateUser() {
UserRepresentation user = findUser(bc.providerRealmName(), bc.getUserLogin(), bc.getUserEmail()); UserRepresentation user = findUser(bc.providerRealmName(), bc.getUserLogin(), bc.getUserEmail());

View file

@ -14,7 +14,10 @@ import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response;
import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map;
import static org.keycloak.testsuite.broker.KcSamlBrokerConfiguration.ATTRIBUTE_TO_MAP_FRIENDLY_NAME; import static org.keycloak.testsuite.broker.KcSamlBrokerConfiguration.ATTRIBUTE_TO_MAP_FRIENDLY_NAME;
@ -50,13 +53,14 @@ public class KcSamlAdvancedAttributeToGroupMapperTest extends AbstractGroupBroke
IdentityProviderMapperRepresentation advancedAttributeToGroupMapper = new IdentityProviderMapperRepresentation(); IdentityProviderMapperRepresentation advancedAttributeToGroupMapper = new IdentityProviderMapperRepresentation();
advancedAttributeToGroupMapper.setName("advanced-attribute-to-group-mapper"); advancedAttributeToGroupMapper.setName("advanced-attribute-to-group-mapper");
advancedAttributeToGroupMapper.setIdentityProviderMapper(AdvancedAttributeToGroupMapper.PROVIDER_ID); advancedAttributeToGroupMapper.setIdentityProviderMapper(AdvancedAttributeToGroupMapper.PROVIDER_ID);
advancedAttributeToGroupMapper.setConfig(ImmutableMap.<String, String> builder()
.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()) final Map<String, String> config = new HashMap<>();
.put(AdvancedAttributeToGroupMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation) config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString());
.put(AdvancedAttributeToGroupMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME, config.put(AdvancedAttributeToGroupMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation);
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString()) config.put(AdvancedAttributeToGroupMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME,
.put(ConfigConstants.GROUP, MAPPER_TEST_GROUP_PATH) Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString());
.build()); config.put(ConfigConstants.GROUP, MAPPER_TEST_GROUP_PATH);
advancedAttributeToGroupMapper.setConfig(config);
IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias()); IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
advancedAttributeToGroupMapper.setIdentityProviderAlias(bc.getIDPAlias()); advancedAttributeToGroupMapper.setIdentityProviderAlias(bc.getIDPAlias());

View file

@ -12,7 +12,9 @@ import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableMap;
import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map;
/** /**
* @author <a href="mailto:external.martin.idel@bosch.io">Martin Idel</a>, * @author <a href="mailto:external.martin.idel@bosch.io">Martin Idel</a>,
@ -47,13 +49,14 @@ public class KcSamlAdvancedAttributeToRoleMapperTest extends AbstractAdvancedRol
IdentityProviderMapperRepresentation advancedAttributeToRoleMapper = new IdentityProviderMapperRepresentation(); IdentityProviderMapperRepresentation advancedAttributeToRoleMapper = new IdentityProviderMapperRepresentation();
advancedAttributeToRoleMapper.setName("advanced-attribute-to-role-mapper"); advancedAttributeToRoleMapper.setName("advanced-attribute-to-role-mapper");
advancedAttributeToRoleMapper.setIdentityProviderMapper(AdvancedAttributeToRoleMapper.PROVIDER_ID); advancedAttributeToRoleMapper.setIdentityProviderMapper(AdvancedAttributeToRoleMapper.PROVIDER_ID);
advancedAttributeToRoleMapper.setConfig(ImmutableMap.<String, String> builder()
.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()) final Map<String, String> config = new HashMap<>();
.put(AdvancedAttributeToRoleMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation) config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString());
.put(AdvancedAttributeToRoleMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME, config.put(AdvancedAttributeToRoleMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation);
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString()) config.put(AdvancedAttributeToRoleMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME,
.put(ConfigConstants.ROLE, roleValue) Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString());
.build()); config.put(ConfigConstants.ROLE, roleValue);
advancedAttributeToRoleMapper.setConfig(config);
persistMapper(advancedAttributeToRoleMapper); persistMapper(advancedAttributeToRoleMapper);
} }

View file

@ -3,7 +3,10 @@ package org.keycloak.testsuite.broker;
import static org.keycloak.models.IdentityProviderMapperSyncMode.FORCE; import static org.keycloak.models.IdentityProviderMapperSyncMode.FORCE;
import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT; import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT;
import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.CreatedResponseUtil; import org.keycloak.admin.client.CreatedResponseUtil;
import org.keycloak.admin.client.resource.IdentityProviderResource; import org.keycloak.admin.client.resource.IdentityProviderResource;
@ -41,13 +44,14 @@ public class OidcAdvancedClaimToGroupMapperTest extends AbstractGroupBrokerMappe
IdentityProviderMapperRepresentation advancedClaimToGroupMapper = new IdentityProviderMapperRepresentation(); IdentityProviderMapperRepresentation advancedClaimToGroupMapper = new IdentityProviderMapperRepresentation();
advancedClaimToGroupMapper.setName("advanced-claim-to-group-mapper"); advancedClaimToGroupMapper.setName("advanced-claim-to-group-mapper");
advancedClaimToGroupMapper.setIdentityProviderMapper(AdvancedClaimToGroupMapper.PROVIDER_ID); advancedClaimToGroupMapper.setIdentityProviderMapper(AdvancedClaimToGroupMapper.PROVIDER_ID);
advancedClaimToGroupMapper.setConfig(ImmutableMap.<String, String> builder()
.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()) final Map<String, String> config = new HashMap<>();
.put(AdvancedClaimToGroupMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation) config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString());
.put(AdvancedClaimToGroupMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME, config.put(AdvancedClaimToGroupMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation);
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString()) config.put(AdvancedClaimToGroupMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME,
.put(ConfigConstants.GROUP, groupPath) Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString());
.build()); config.put(ConfigConstants.GROUP, groupPath);
advancedClaimToGroupMapper.setConfig(config);
IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias()); IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
advancedClaimToGroupMapper.setIdentityProviderAlias(bc.getIDPAlias()); advancedClaimToGroupMapper.setIdentityProviderAlias(bc.getIDPAlias());

View file

@ -6,7 +6,8 @@ import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.IdentityProviderMapperSyncMode; import org.keycloak.models.IdentityProviderMapperSyncMode;
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation; import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import com.google.common.collect.ImmutableMap; import java.util.HashMap;
import java.util.Map;
/** /**
* <a href="mailto:external.benjamin.weimer@bosch-si.com">Benjamin Weimer</a>, * <a href="mailto:external.benjamin.weimer@bosch-si.com">Benjamin Weimer</a>,
@ -25,13 +26,14 @@ public class OidcAdvancedClaimToRoleMapperTest extends AbstractAdvancedRoleMappe
IdentityProviderMapperRepresentation advancedClaimToRoleMapper = new IdentityProviderMapperRepresentation(); IdentityProviderMapperRepresentation advancedClaimToRoleMapper = new IdentityProviderMapperRepresentation();
advancedClaimToRoleMapper.setName("advanced-claim-to-role-mapper"); advancedClaimToRoleMapper.setName("advanced-claim-to-role-mapper");
advancedClaimToRoleMapper.setIdentityProviderMapper(AdvancedClaimToRoleMapper.PROVIDER_ID); advancedClaimToRoleMapper.setIdentityProviderMapper(AdvancedClaimToRoleMapper.PROVIDER_ID);
advancedClaimToRoleMapper.setConfig(ImmutableMap.<String, String> builder()
.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()) final Map<String, String> config = new HashMap<>();
.put(AdvancedClaimToRoleMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation) config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString());
.put(AdvancedClaimToRoleMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME, config.put(AdvancedClaimToRoleMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation);
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString()) config.put(AdvancedClaimToRoleMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME,
.put(ConfigConstants.ROLE, roleValue) Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString());
.build()); config.put(ConfigConstants.ROLE, roleValue);
advancedClaimToRoleMapper.setConfig(config);
persistMapper(advancedClaimToRoleMapper); persistMapper(advancedClaimToRoleMapper);
} }