Don't fail on null config map in AdvancedClaimToGroupMapper/AdvancedClaimToRoleMapper/AdvancedAttributeToGroupMapper/AdvancedAttributeToGroupMapper
Fixes #31575 Signed-off-by: Nikos Epping <n.epping@evosec.de>
This commit is contained in:
parent
6258256c1b
commit
4080ee2e84
7 changed files with 88 additions and 39 deletions
|
@ -27,6 +27,8 @@ import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
|
import static java.util.Collections.emptyMap;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Specifies a mapping from broker login to user data.
|
* Specifies a mapping from broker login to user data.
|
||||||
*
|
*
|
||||||
|
@ -96,6 +98,9 @@ public class IdentityProviderMapperModel implements Serializable {
|
||||||
|
|
||||||
public Map<String, List<String>> getConfigMap(String configKey) {
|
public Map<String, List<String>> getConfigMap(String configKey) {
|
||||||
String configMap = config.get(configKey);
|
String configMap = config.get(configKey);
|
||||||
|
if (configMap == null) {
|
||||||
|
return emptyMap();
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
List<StringPair> map = JsonSerialization.readValue(configMap, MAP_TYPE_REPRESENTATION);
|
List<StringPair> map = JsonSerialization.readValue(configMap, MAP_TYPE_REPRESENTATION);
|
||||||
|
|
|
@ -146,6 +146,21 @@ public abstract class AbstractAdvancedRoleMapperTest extends AbstractRoleMapperT
|
||||||
assertThatRoleHasBeenAssignedInConsumerRealm();
|
assertThatRoleHasBeenAssignedInConsumerRealm();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void valuesMatchIfNullClaimsSpecified() {
|
||||||
|
createAdvancedRoleMapper(null, false);
|
||||||
|
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
|
||||||
|
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME,
|
||||||
|
ImmutableList.<String>builder().add("some value").build())
|
||||||
|
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2,
|
||||||
|
ImmutableList.<String>builder().add("some value").build())
|
||||||
|
.build());
|
||||||
|
|
||||||
|
logInAsUserInIDPForFirstTime();
|
||||||
|
|
||||||
|
assertThatRoleHasBeenAssignedInConsumerRealm();
|
||||||
|
}
|
||||||
|
|
||||||
public void createMapperAndLoginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode syncMode,
|
public void createMapperAndLoginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode syncMode,
|
||||||
boolean createAfterFirstLogin) {
|
boolean createAfterFirstLogin) {
|
||||||
loginAsUserTwiceWithMapper(syncMode, createAfterFirstLogin, createMatchingUserConfig());
|
loginAsUserTwiceWithMapper(syncMode, createAfterFirstLogin, createMatchingUserConfig());
|
||||||
|
|
|
@ -22,6 +22,8 @@ import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
|
import org.junit.Test;
|
||||||
import org.keycloak.models.IdentityProviderMapperSyncMode;
|
import org.keycloak.models.IdentityProviderMapperSyncMode;
|
||||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
|
@ -69,6 +71,20 @@ public abstract class AbstractGroupBrokerMapperTest extends AbstractGroupMapperT
|
||||||
return user;
|
return user;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void valuesMatchIfNullClaimsSpecified() {
|
||||||
|
createAdvancedGroupMapper(null, false, MAPPER_TEST_GROUP_PATH);
|
||||||
|
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
|
||||||
|
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME, ImmutableList.<String>builder().add("some value").build())
|
||||||
|
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2, ImmutableList.<String>builder().add("some value").build())
|
||||||
|
.build());
|
||||||
|
|
||||||
|
logInAsUserInIDPForFirstTimeAndAssertSuccess();
|
||||||
|
|
||||||
|
UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||||
|
assertThatUserHasBeenAssignedToGroup(user);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void updateUser() {
|
protected void updateUser() {
|
||||||
UserRepresentation user = findUser(bc.providerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
UserRepresentation user = findUser(bc.providerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||||
|
|
|
@ -14,7 +14,10 @@ import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
|
|
||||||
import jakarta.ws.rs.core.Response;
|
import jakarta.ws.rs.core.Response;
|
||||||
|
|
||||||
|
import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
import static org.keycloak.testsuite.broker.KcSamlBrokerConfiguration.ATTRIBUTE_TO_MAP_FRIENDLY_NAME;
|
import static org.keycloak.testsuite.broker.KcSamlBrokerConfiguration.ATTRIBUTE_TO_MAP_FRIENDLY_NAME;
|
||||||
|
|
||||||
|
@ -28,7 +31,7 @@ public class KcSamlAdvancedAttributeToGroupMapperTest extends AbstractGroupBroke
|
||||||
" {\n" +
|
" {\n" +
|
||||||
" \"key\": \"" + ATTRIBUTE_TO_MAP_FRIENDLY_NAME + "\",\n" +
|
" \"key\": \"" + ATTRIBUTE_TO_MAP_FRIENDLY_NAME + "\",\n" +
|
||||||
" \"value\": \"value 1\"\n" +
|
" \"value\": \"value 1\"\n" +
|
||||||
" },\n" +" {\n" +
|
" },\n" + " {\n" +
|
||||||
" \"key\": \"" + ATTRIBUTE_TO_MAP_FRIENDLY_NAME + "\",\n" +
|
" \"key\": \"" + ATTRIBUTE_TO_MAP_FRIENDLY_NAME + "\",\n" +
|
||||||
" \"value\": \"value 2\"\n" +
|
" \"value\": \"value 2\"\n" +
|
||||||
" },\n" +
|
" },\n" +
|
||||||
|
@ -46,17 +49,18 @@ public class KcSamlAdvancedAttributeToGroupMapperTest extends AbstractGroupBroke
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected String createMapperInIdp(IdentityProviderRepresentation idp, String claimsOrAttributeRepresentation,
|
protected String createMapperInIdp(IdentityProviderRepresentation idp, String claimsOrAttributeRepresentation,
|
||||||
boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String groupValue) {
|
boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String groupValue) {
|
||||||
IdentityProviderMapperRepresentation advancedAttributeToGroupMapper = new IdentityProviderMapperRepresentation();
|
IdentityProviderMapperRepresentation advancedAttributeToGroupMapper = new IdentityProviderMapperRepresentation();
|
||||||
advancedAttributeToGroupMapper.setName("advanced-attribute-to-group-mapper");
|
advancedAttributeToGroupMapper.setName("advanced-attribute-to-group-mapper");
|
||||||
advancedAttributeToGroupMapper.setIdentityProviderMapper(AdvancedAttributeToGroupMapper.PROVIDER_ID);
|
advancedAttributeToGroupMapper.setIdentityProviderMapper(AdvancedAttributeToGroupMapper.PROVIDER_ID);
|
||||||
advancedAttributeToGroupMapper.setConfig(ImmutableMap.<String, String> builder()
|
|
||||||
.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString())
|
final Map<String, String> config = new HashMap<>();
|
||||||
.put(AdvancedAttributeToGroupMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation)
|
config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString());
|
||||||
.put(AdvancedAttributeToGroupMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME,
|
config.put(AdvancedAttributeToGroupMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation);
|
||||||
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString())
|
config.put(AdvancedAttributeToGroupMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME,
|
||||||
.put(ConfigConstants.GROUP, MAPPER_TEST_GROUP_PATH)
|
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString());
|
||||||
.build());
|
config.put(ConfigConstants.GROUP, MAPPER_TEST_GROUP_PATH);
|
||||||
|
advancedAttributeToGroupMapper.setConfig(config);
|
||||||
|
|
||||||
IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
|
IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
|
||||||
advancedAttributeToGroupMapper.setIdentityProviderAlias(bc.getIDPAlias());
|
advancedAttributeToGroupMapper.setIdentityProviderAlias(bc.getIDPAlias());
|
||||||
|
@ -66,11 +70,11 @@ public class KcSamlAdvancedAttributeToGroupMapperTest extends AbstractGroupBroke
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void attributeFriendlyNameGetsConsideredAndMatchedToGroup() {
|
public void attributeFriendlyNameGetsConsideredAndMatchedToGroup() {
|
||||||
createAdvancedGroupMapper(ATTRIBUTES, false,KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2);
|
createAdvancedGroupMapper(ATTRIBUTES, false, KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2);
|
||||||
createUserInProviderRealm(ImmutableMap.<String, List<String>> builder()
|
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
|
||||||
.put(ATTRIBUTE_TO_MAP_FRIENDLY_NAME, ImmutableList.<String> builder().add("value 1").add("value 2").build())
|
.put(ATTRIBUTE_TO_MAP_FRIENDLY_NAME, ImmutableList.<String>builder().add("value 1").add("value 2").build())
|
||||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2,
|
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2,
|
||||||
ImmutableList.<String> builder().add("value 2").build())
|
ImmutableList.<String>builder().add("value 2").build())
|
||||||
.build());
|
.build());
|
||||||
|
|
||||||
logInAsUserInIDPForFirstTime();
|
logInAsUserInIDPForFirstTime();
|
||||||
|
|
|
@ -12,7 +12,9 @@ import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
|
||||||
import com.google.common.collect.ImmutableList;
|
import com.google.common.collect.ImmutableList;
|
||||||
import com.google.common.collect.ImmutableMap;
|
import com.google.common.collect.ImmutableMap;
|
||||||
|
|
||||||
|
import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:external.martin.idel@bosch.io">Martin Idel</a>,
|
* @author <a href="mailto:external.martin.idel@bosch.io">Martin Idel</a>,
|
||||||
|
@ -43,17 +45,18 @@ public class KcSamlAdvancedAttributeToRoleMapperTest extends AbstractAdvancedRol
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void createMapperInIdp(String claimsOrAttributeRepresentation,
|
protected void createMapperInIdp(String claimsOrAttributeRepresentation,
|
||||||
boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String roleValue) {
|
boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String roleValue) {
|
||||||
IdentityProviderMapperRepresentation advancedAttributeToRoleMapper = new IdentityProviderMapperRepresentation();
|
IdentityProviderMapperRepresentation advancedAttributeToRoleMapper = new IdentityProviderMapperRepresentation();
|
||||||
advancedAttributeToRoleMapper.setName("advanced-attribute-to-role-mapper");
|
advancedAttributeToRoleMapper.setName("advanced-attribute-to-role-mapper");
|
||||||
advancedAttributeToRoleMapper.setIdentityProviderMapper(AdvancedAttributeToRoleMapper.PROVIDER_ID);
|
advancedAttributeToRoleMapper.setIdentityProviderMapper(AdvancedAttributeToRoleMapper.PROVIDER_ID);
|
||||||
advancedAttributeToRoleMapper.setConfig(ImmutableMap.<String, String> builder()
|
|
||||||
.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString())
|
final Map<String, String> config = new HashMap<>();
|
||||||
.put(AdvancedAttributeToRoleMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation)
|
config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString());
|
||||||
.put(AdvancedAttributeToRoleMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME,
|
config.put(AdvancedAttributeToRoleMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation);
|
||||||
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString())
|
config.put(AdvancedAttributeToRoleMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME,
|
||||||
.put(ConfigConstants.ROLE, roleValue)
|
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString());
|
||||||
.build());
|
config.put(ConfigConstants.ROLE, roleValue);
|
||||||
|
advancedAttributeToRoleMapper.setConfig(config);
|
||||||
|
|
||||||
persistMapper(advancedAttributeToRoleMapper);
|
persistMapper(advancedAttributeToRoleMapper);
|
||||||
}
|
}
|
||||||
|
@ -61,10 +64,10 @@ public class KcSamlAdvancedAttributeToRoleMapperTest extends AbstractAdvancedRol
|
||||||
@Test
|
@Test
|
||||||
public void attributeFriendlyNameGetsConsideredAndMatchedToRole() {
|
public void attributeFriendlyNameGetsConsideredAndMatchedToRole() {
|
||||||
createAdvancedRoleMapper(ATTRIBUTES, false);
|
createAdvancedRoleMapper(ATTRIBUTES, false);
|
||||||
createUserInProviderRealm(ImmutableMap.<String, List<String>> builder()
|
createUserInProviderRealm(ImmutableMap.<String, List<String>>builder()
|
||||||
.put(ATTRIBUTE_TO_MAP_FRIENDLY_NAME, ImmutableList.<String> builder().add("value 1").add("value 2").build())
|
.put(ATTRIBUTE_TO_MAP_FRIENDLY_NAME, ImmutableList.<String>builder().add("value 1").add("value 2").build())
|
||||||
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2,
|
.put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2,
|
||||||
ImmutableList.<String> builder().add("value 2").build())
|
ImmutableList.<String>builder().add("value 2").build())
|
||||||
.build());
|
.build());
|
||||||
|
|
||||||
logInAsUserInIDPForFirstTime();
|
logInAsUserInIDPForFirstTime();
|
||||||
|
|
|
@ -3,7 +3,10 @@ package org.keycloak.testsuite.broker;
|
||||||
import static org.keycloak.models.IdentityProviderMapperSyncMode.FORCE;
|
import static org.keycloak.models.IdentityProviderMapperSyncMode.FORCE;
|
||||||
import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT;
|
import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT;
|
||||||
|
|
||||||
|
import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.admin.client.CreatedResponseUtil;
|
import org.keycloak.admin.client.CreatedResponseUtil;
|
||||||
import org.keycloak.admin.client.resource.IdentityProviderResource;
|
import org.keycloak.admin.client.resource.IdentityProviderResource;
|
||||||
|
@ -41,13 +44,14 @@ public class OidcAdvancedClaimToGroupMapperTest extends AbstractGroupBrokerMappe
|
||||||
IdentityProviderMapperRepresentation advancedClaimToGroupMapper = new IdentityProviderMapperRepresentation();
|
IdentityProviderMapperRepresentation advancedClaimToGroupMapper = new IdentityProviderMapperRepresentation();
|
||||||
advancedClaimToGroupMapper.setName("advanced-claim-to-group-mapper");
|
advancedClaimToGroupMapper.setName("advanced-claim-to-group-mapper");
|
||||||
advancedClaimToGroupMapper.setIdentityProviderMapper(AdvancedClaimToGroupMapper.PROVIDER_ID);
|
advancedClaimToGroupMapper.setIdentityProviderMapper(AdvancedClaimToGroupMapper.PROVIDER_ID);
|
||||||
advancedClaimToGroupMapper.setConfig(ImmutableMap.<String, String> builder()
|
|
||||||
.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString())
|
final Map<String, String> config = new HashMap<>();
|
||||||
.put(AdvancedClaimToGroupMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation)
|
config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString());
|
||||||
.put(AdvancedClaimToGroupMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME,
|
config.put(AdvancedClaimToGroupMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation);
|
||||||
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString())
|
config.put(AdvancedClaimToGroupMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME,
|
||||||
.put(ConfigConstants.GROUP, groupPath)
|
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString());
|
||||||
.build());
|
config.put(ConfigConstants.GROUP, groupPath);
|
||||||
|
advancedClaimToGroupMapper.setConfig(config);
|
||||||
|
|
||||||
IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
|
IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
|
||||||
advancedClaimToGroupMapper.setIdentityProviderAlias(bc.getIDPAlias());
|
advancedClaimToGroupMapper.setIdentityProviderAlias(bc.getIDPAlias());
|
||||||
|
|
|
@ -6,7 +6,8 @@ import org.keycloak.models.IdentityProviderMapperModel;
|
||||||
import org.keycloak.models.IdentityProviderMapperSyncMode;
|
import org.keycloak.models.IdentityProviderMapperSyncMode;
|
||||||
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
|
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
|
||||||
|
|
||||||
import com.google.common.collect.ImmutableMap;
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* <a href="mailto:external.benjamin.weimer@bosch-si.com">Benjamin Weimer</a>,
|
* <a href="mailto:external.benjamin.weimer@bosch-si.com">Benjamin Weimer</a>,
|
||||||
|
@ -25,13 +26,14 @@ public class OidcAdvancedClaimToRoleMapperTest extends AbstractAdvancedRoleMappe
|
||||||
IdentityProviderMapperRepresentation advancedClaimToRoleMapper = new IdentityProviderMapperRepresentation();
|
IdentityProviderMapperRepresentation advancedClaimToRoleMapper = new IdentityProviderMapperRepresentation();
|
||||||
advancedClaimToRoleMapper.setName("advanced-claim-to-role-mapper");
|
advancedClaimToRoleMapper.setName("advanced-claim-to-role-mapper");
|
||||||
advancedClaimToRoleMapper.setIdentityProviderMapper(AdvancedClaimToRoleMapper.PROVIDER_ID);
|
advancedClaimToRoleMapper.setIdentityProviderMapper(AdvancedClaimToRoleMapper.PROVIDER_ID);
|
||||||
advancedClaimToRoleMapper.setConfig(ImmutableMap.<String, String> builder()
|
|
||||||
.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString())
|
final Map<String, String> config = new HashMap<>();
|
||||||
.put(AdvancedClaimToRoleMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation)
|
config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString());
|
||||||
.put(AdvancedClaimToRoleMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME,
|
config.put(AdvancedClaimToRoleMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation);
|
||||||
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString())
|
config.put(AdvancedClaimToRoleMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME,
|
||||||
.put(ConfigConstants.ROLE, roleValue)
|
Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString());
|
||||||
.build());
|
config.put(ConfigConstants.ROLE, roleValue);
|
||||||
|
advancedClaimToRoleMapper.setConfig(config);
|
||||||
|
|
||||||
persistMapper(advancedClaimToRoleMapper);
|
persistMapper(advancedClaimToRoleMapper);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue