libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-14718 Adding test case for User Client Role Mapper

Browse source
This commit is contained in:
Martin Bartoš 2020-12-08 08:18:46 +01:00 committed by Hynek Mlnařík
parent 1c445cc4cc
commit 9df7fdbc55
2 changed files with 45 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/updaters/ClientAttributeUpdater.java
View file

@ -136,4 +136,9 @@ public class ClientAttributeUpdater extends ServerResourceUpdater<ClientAttribut
rep.getDefaultClientScopes().add(clientScope);
return this;
}
public ClientAttributeUpdater setDirectAccessGrantsEnabled(Boolean directAccessGranted) {
rep.setDirectAccessGrantsEnabled(directAccessGranted);
return this;
}
}

40
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java
View file

@ -49,6 +49,8 @@ import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.updaters.ProtocolMappersUpdater;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.ProtocolMapperUtil;
@ -69,6 +71,7 @@ import static org.hamcrest.Matchers.hasItems;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.isEmptyOrNullString;
import static org.hamcrest.Matchers.notNullValue;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
@ -784,6 +787,43 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
deleteMappers(protocolMappers);
}
@Test
public void testUserGroupRoleToAttributeMappersScopedWithDifferentClient() throws Exception {
final String clientId = "test-app-scope";
final String diffClient = "test-app";
final String realmName = "test";
final ProtocolMapperRepresentation realmMapper = ProtocolMapperUtil.createUserRealmRoleMappingMapper("pref.", "Realm roles mapper", "roles-custom.realm", true, true);
final ProtocolMapperRepresentation clientMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper(diffClient, null, "Client roles mapper", "roles-custom.test-app", true, true);
try (ClientAttributeUpdater cau = ClientAttributeUpdater.forClient(adminClient, realmName, clientId).setDirectAccessGrantsEnabled(true);
ProtocolMappersUpdater protocolMappers = new ProtocolMappersUpdater(cau.getResource().getProtocolMappers())) {
protocolMappers.add(realmMapper, clientMapper).update();
// Login user
oauth.clientId(clientId);
OAuthClient.AccessTokenResponse response = browserLogin("password", "rich.roles@redhat.com", "password");
IDToken idToken = oauth.verifyIDToken(response.getIdToken());
// Verify attribute is filled
Map<String, Object> roleMappings = (Map<String, Object>) idToken.getOtherClaims().get("roles-custom");
assertNotNull(roleMappings);
assertThat(roleMappings.keySet(), containsInAnyOrder("realm", diffClient));
String realmRoleMappings = (String) roleMappings.get("realm");
String testAppScopeMappings = (String) roleMappings.get(diffClient);
assertRolesString(realmRoleMappings,
"pref.admin",
"pref.user",
"pref.customer-user-premium"
);
assertRolesString(testAppScopeMappings,
"customer-admin-composite-role",
"customer-admin"
);
}
}
@Test
public void testGroupAttributeUserOneGroupNoMultivalueNoAggregate() throws Exception {
// get the user