Combine UserInfo KcOidcBrokerConfiguration with OidcUserInfoClaimToRoleMapperTest
This commit is contained in:
parent
787d44be78
commit
65ecfc960a
2 changed files with 49 additions and 66 deletions
|
@ -1,60 +0,0 @@
|
|||
package org.keycloak.testsuite.broker;
|
||||
|
||||
import org.keycloak.models.IdentityProviderSyncMode;
|
||||
import org.keycloak.protocol.ProtocolMapperUtils;
|
||||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
|
||||
import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
|
||||
import org.keycloak.provider.ProviderConfigProperty;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
|
||||
public class KcOidcBrokerClientUserInfoTest extends AbstractBrokerTest {
|
||||
|
||||
protected static final String ATTRIBUTE_TO_MAP_USER_INFO = "user-attribute-ufo";
|
||||
|
||||
@Override
|
||||
protected BrokerConfiguration getBrokerConfiguration() {
|
||||
return new KcOidcBrokerConfigurationUserInfoOnlyMappers();
|
||||
}
|
||||
|
||||
private class KcOidcBrokerConfigurationUserInfoOnlyMappers extends KcOidcBrokerConfiguration {
|
||||
|
||||
@Override
|
||||
public List<ClientRepresentation> createProviderClients() {
|
||||
List<ClientRepresentation> clientsRepList = super.createProviderClients();
|
||||
log.info("Update provider clients to disable attributes in Access & ID token");
|
||||
|
||||
ProtocolMapperRepresentation userAttrMapper = new ProtocolMapperRepresentation();
|
||||
userAttrMapper.setName("attribute - name");
|
||||
userAttrMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
|
||||
userAttrMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);
|
||||
|
||||
Map<String, String> userAttrMapperConfig = userAttrMapper.getConfig();
|
||||
userAttrMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, ATTRIBUTE_TO_MAP_USER_INFO);
|
||||
userAttrMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, ATTRIBUTE_TO_MAP_USER_INFO);
|
||||
userAttrMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
|
||||
userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "false");
|
||||
userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "false");
|
||||
userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");
|
||||
|
||||
for (ClientRepresentation client: clientsRepList) {
|
||||
client.setProtocolMappers(Arrays.asList(userAttrMapper));
|
||||
}
|
||||
|
||||
return clientsRepList;
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void applyDefaultConfiguration(final Map<String, String> config, IdentityProviderSyncMode syncMode) {
|
||||
super.applyDefaultConfiguration(config, syncMode);
|
||||
config.put("disableUserInfo", "false");
|
||||
}
|
||||
}
|
||||
}
|
|
@ -8,21 +8,29 @@ import org.keycloak.broker.oidc.mappers.ClaimToRoleMapper;
|
|||
import org.keycloak.broker.provider.ConfigConstants;
|
||||
import org.keycloak.models.IdentityProviderMapperModel;
|
||||
import org.keycloak.models.IdentityProviderMapperSyncMode;
|
||||
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.models.IdentityProviderSyncMode;
|
||||
import org.keycloak.protocol.ProtocolMapperUtils;
|
||||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
|
||||
import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
|
||||
import org.keycloak.provider.ProviderConfigProperty;
|
||||
import org.keycloak.representations.idm.*;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
public class OidcUserInfoClaimToRoleMapperTest extends AbstractRoleMapperTest {
|
||||
|
||||
private static final String USER_INFO_CLAIM = KcOidcBrokerClientUserInfoTest.ATTRIBUTE_TO_MAP_USER_INFO;
|
||||
protected static final String ATTRIBUTE_TO_MAP_USER_INFO = "user-attribute-info";
|
||||
private static final String USER_INFO_CLAIM = ATTRIBUTE_TO_MAP_USER_INFO;
|
||||
private static final String USER_INFO_CLAIM_VALUE = "value 1";
|
||||
private String claimOnSecondLogin = "";
|
||||
|
||||
|
||||
@Override
|
||||
protected BrokerConfiguration getBrokerConfiguration() {
|
||||
return new KcOidcBrokerClientUserInfoTest().getBrokerConfiguration();
|
||||
return new KcOidcBrokerConfigurationUserInfoOnlyMappers();
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -65,7 +73,7 @@ public class OidcUserInfoClaimToRoleMapperTest extends AbstractRoleMapperTest {
|
|||
protected void createMapperInIdp(IdentityProviderRepresentation idp, IdentityProviderMapperSyncMode syncMode) {
|
||||
createClaimToRoleMapper(idp, USER_INFO_CLAIM_VALUE, syncMode);
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
protected void updateUser() {
|
||||
UserRepresentation user = findUser(bc.providerRealmName(), bc.getUserLogin(), bc.getUserEmail());
|
||||
|
@ -92,4 +100,39 @@ public class OidcUserInfoClaimToRoleMapperTest extends AbstractRoleMapperTest {
|
|||
idpResource.addMapper(claimToRoleMapper).close();
|
||||
}
|
||||
|
||||
private class KcOidcBrokerConfigurationUserInfoOnlyMappers extends KcOidcBrokerConfiguration {
|
||||
|
||||
@Override
|
||||
public List<ClientRepresentation> createProviderClients() {
|
||||
List<ClientRepresentation> clientsRepList = super.createProviderClients();
|
||||
log.info("Update provider clients to disable attributes in Access & ID token");
|
||||
|
||||
ProtocolMapperRepresentation userAttrMapper = new ProtocolMapperRepresentation();
|
||||
userAttrMapper.setName("attribute - name");
|
||||
userAttrMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
|
||||
userAttrMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);
|
||||
|
||||
Map<String, String> userAttrMapperConfig = userAttrMapper.getConfig();
|
||||
userAttrMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, ATTRIBUTE_TO_MAP_USER_INFO);
|
||||
userAttrMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, ATTRIBUTE_TO_MAP_USER_INFO);
|
||||
userAttrMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
|
||||
userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "false");
|
||||
userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "false");
|
||||
userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");
|
||||
|
||||
for (ClientRepresentation client: clientsRepList) {
|
||||
client.setProtocolMappers(Arrays.asList(userAttrMapper));
|
||||
}
|
||||
|
||||
return clientsRepList;
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void applyDefaultConfiguration(final Map<String, String> config, IdentityProviderSyncMode syncMode) {
|
||||
super.applyDefaultConfiguration(config, syncMode);
|
||||
config.put("disableUserInfo", "false");
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue