From 6f88d50d4dc92f4a3073425b057914c3a280eba5 Mon Sep 17 00:00:00 2001
From: Bill Burke <bburke@redhat.com>
Date: Mon, 2 Mar 2015 08:55:11 -0500
Subject: [PATCH 1/3] fix mongo

---
 ...DefaultMongoConnectionFactoryProvider.java |   2 +
 .../ClientIdentityProviderMappingEntity.java  |   4 +-
 .../keycloak/adapters/ClientAdapter.java      |   5 +-
 .../mongo/keycloak/adapters/RealmAdapter.java |   2 +-
 .../broker/ImportIdentityProviderTest.java    | 605 +++++++++---------
 5 files changed, 311 insertions(+), 307 deletions(-)
 mode change 100644 => 100755 model/api/src/main/java/org/keycloak/models/entities/ClientIdentityProviderMappingEntity.java
 mode change 100644 => 100755 testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java

diff --git a/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java b/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java
index 3c0db050c5..5dff7c15de 100755
--- a/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java
+++ b/connections/mongo/src/main/java/org/keycloak/connections/mongo/DefaultMongoConnectionFactoryProvider.java
@@ -28,6 +28,8 @@ public class DefaultMongoConnectionFactoryProvider implements MongoConnectionPro
             "org.keycloak.models.mongo.keycloak.entities.MongoUserEntity",
             "org.keycloak.models.mongo.keycloak.entities.MongoRoleEntity",
             "org.keycloak.models.entities.IdentityProviderEntity",
+            "org.keycloak.models.entities.ClientIdentityProviderMappingEntity",
+            "org.keycloak.models.entities.ProtocolMapperEntity",
             "org.keycloak.models.entities.RequiredCredentialEntity",
             "org.keycloak.models.entities.CredentialEntity",
             "org.keycloak.models.entities.FederatedIdentityEntity",
diff --git a/model/api/src/main/java/org/keycloak/models/entities/ClientIdentityProviderMappingEntity.java b/model/api/src/main/java/org/keycloak/models/entities/ClientIdentityProviderMappingEntity.java
old mode 100644
new mode 100755
index a788aacf4b..eafe478107
--- a/model/api/src/main/java/org/keycloak/models/entities/ClientIdentityProviderMappingEntity.java
+++ b/model/api/src/main/java/org/keycloak/models/entities/ClientIdentityProviderMappingEntity.java
@@ -23,7 +23,7 @@ package org.keycloak.models.entities;
 public class ClientIdentityProviderMappingEntity {
 
     private String id;
-    private Boolean retrieveToken;
+    private boolean retrieveToken;
 
     public String getId() {
         return this.id;
@@ -33,7 +33,7 @@ public class ClientIdentityProviderMappingEntity {
         this.id = id;
     }
 
-    public Boolean isRetrieveToken() {
+    public boolean isRetrieveToken() {
         return this.retrieveToken;
     }
 
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java
index c0202c1f52..4d3465b9be 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java
@@ -327,15 +327,14 @@ public abstract class ClientAdapter<T extends MongoIdentifiableEntity> extends A
     @Override
     public void updateAllowedIdentityProviders(List<ClientIdentityProviderMappingModel> identityProviders) {
         List<ClientIdentityProviderMappingEntity> stored = getMongoEntityAsClient().getIdentityProviders();
-
+        stored.clear();
         for (ClientIdentityProviderMappingModel model : identityProviders) {
             ClientIdentityProviderMappingEntity entity = new ClientIdentityProviderMappingEntity();
 
             entity.setId(model.getIdentityProvider());
             entity.setRetrieveToken(model.isRetrieveToken());
+            stored.add(entity);
         }
-
-        getMongoEntityAsClient().setIdentityProviders(stored);
         updateMongoEntity();
     }
 
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
index d48ae7d898..be033a3e28 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
@@ -910,7 +910,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
         mapping.setConsentRequired(entity.isConsentRequired());
         mapping.setConsentText(entity.getConsentText());
         Map<String, String> config = new HashMap<String, String>();
-        if (entity.getConfig() != null) config.putAll(config);
+        if (entity.getConfig() != null) config.putAll(entity.getConfig());
         mapping.setConfig(config);
         return mapping;
     }
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java
old mode 100644
new mode 100755
index 8f43860e05..fe4febd40c
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java
@@ -1,301 +1,304 @@
-/*
- * JBoss, Home of Professional Open Source
- *
- * Copyright 2013 Red Hat, Inc. and/or its affiliates.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.keycloak.testsuite.broker;
-
-import org.junit.Test;
-import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
-import org.keycloak.broker.oidc.OIDCIdentityProvider;
-import org.keycloak.broker.oidc.OIDCIdentityProviderConfig;
-import org.keycloak.broker.oidc.OIDCIdentityProviderFactory;
-import org.keycloak.broker.saml.SAMLIdentityProvider;
-import org.keycloak.broker.saml.SAMLIdentityProviderConfig;
-import org.keycloak.broker.saml.SAMLIdentityProviderFactory;
-import org.keycloak.models.ClientIdentityProviderMappingModel;
-import org.keycloak.models.ClientModel;
-import org.keycloak.models.IdentityProviderModel;
-import org.keycloak.models.RealmModel;
-import org.keycloak.representations.idm.RealmRepresentation;
-import org.keycloak.social.facebook.FacebookIdentityProvider;
-import org.keycloak.social.facebook.FacebookIdentityProviderFactory;
-import org.keycloak.social.github.GitHubIdentityProvider;
-import org.keycloak.social.github.GitHubIdentityProviderFactory;
-import org.keycloak.social.google.GoogleIdentityProvider;
-import org.keycloak.social.google.GoogleIdentityProviderFactory;
-import org.keycloak.social.twitter.TwitterIdentityProvider;
-import org.keycloak.social.twitter.TwitterIdentityProviderFactory;
-
-import java.io.IOException;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
-
-/**
- * @author pedroigor
- */
-public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTest {
-
-    @Test
-    public void testInstallation() throws Exception {
-        RealmModel realm = installTestRealm();
-
-        assertIdentityProviderConfig(realm.getIdentityProviders());
-
-        assertTrue(realm.isIdentityFederationEnabled());
-    }
-
-    @Test
-    public void testUpdateIdentityProvider() throws Exception {
-        RealmModel realm = installTestRealm();
-        List<IdentityProviderModel> identityProviders = realm.getIdentityProviders();
-
-        assertFalse(identityProviders.isEmpty());
-
-        IdentityProviderModel identityProviderModel = identityProviders.get(0);
-        String identityProviderId = identityProviderModel.getId();
-
-        identityProviderModel.setName("Changed Name");
-        identityProviderModel.getConfig().put("config-added", "value-added");
-        identityProviderModel.setEnabled(false);
-        identityProviderModel.setUpdateProfileFirstLogin(false);
-        identityProviderModel.setStoreToken(true);
-        identityProviderModel.setAuthenticateByDefault(true);
-
-        realm.updateIdentityProvider(identityProviderModel);
-
-        commit();
-
-        realm = this.realmManager.getRealm(realm.getId());
-
-        identityProviderModel = realm.getIdentityProviderById(identityProviderId);
-
-        assertEquals("Changed Name", identityProviderModel.getName());
-        assertEquals("value-added", identityProviderModel.getConfig().get("config-added"));
-        assertFalse(identityProviderModel.isEnabled());
-        assertFalse(identityProviderModel.isUpdateProfileFirstLogin());
-        assertTrue(identityProviderModel.isStoreToken());
-        assertTrue(identityProviderModel.isAuthenticateByDefault());
-
-        identityProviderModel.setName("Changed Name Again");
-        identityProviderModel.getConfig().remove("config-added");
-        identityProviderModel.setEnabled(true);
-        identityProviderModel.setUpdateProfileFirstLogin(true);
-        identityProviderModel.setAuthenticateByDefault(false);
-
-        realm.updateIdentityProvider(identityProviderModel);
-
-        commit();
-
-        realm = this.realmManager.getRealm(realm.getId());
-        identityProviderModel = realm.getIdentityProviderById(identityProviderId);
-
-        assertEquals("Changed Name Again", identityProviderModel.getName());
-        assertFalse(identityProviderModel.getConfig().containsKey("config-added"));
-        assertTrue(identityProviderModel.isEnabled());
-        assertTrue(identityProviderModel.isUpdateProfileFirstLogin());
-        assertFalse(identityProviderModel.isAuthenticateByDefault());
-    }
-
-    @Test
-    public void testApplicationIdentityProviders() throws Exception {
-        RealmModel realm = installTestRealm();
-
-        ClientModel client = realm.findClient("test-app-with-allowed-providers");
-        List<ClientIdentityProviderMappingModel> identityProviders = client.getIdentityProviders();
-
-        assertEquals(1, identityProviders.size());
-
-        ClientIdentityProviderMappingModel identityProviderMappingModel = identityProviders.get(0);
-
-        assertEquals("kc-oidc-idp", identityProviderMappingModel.getIdentityProvider());
-        assertEquals(false, identityProviderMappingModel.isRetrieveToken());
-
-        identityProviders.remove(identityProviderMappingModel);
-
-        client.updateAllowedIdentityProviders(identityProviders);
-
-        client = realm.findClientById(client.getId());
-        identityProviders = client.getIdentityProviders();
-
-        assertEquals(0, identityProviders.size());
-    }
-
-
-    private void assertIdentityProviderConfig(List<IdentityProviderModel> identityProviders) {
-        assertFalse(identityProviders.isEmpty());
-
-        Set<String> checkedProviders = new HashSet<String>(getExpectedProviders());
-
-        for (IdentityProviderModel identityProvider : identityProviders) {
-            if (identityProvider.getId().startsWith("model-")) {
-                String providerId = identityProvider.getProviderId();
-
-                if (SAMLIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
-                    assertSamlIdentityProviderConfig(identityProvider);
-                } else if (GoogleIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
-                    assertGoogleIdentityProviderConfig(identityProvider);
-                } else if (OIDCIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
-                    assertOidcIdentityProviderConfig(identityProvider);
-                } else if (FacebookIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
-                    assertFacebookIdentityProviderConfig(identityProvider);
-                } else if (GitHubIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
-                    assertGitHubIdentityProviderConfig(identityProvider);
-                } else if (TwitterIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
-                    assertTwitterIdentityProviderConfig(identityProvider);
-                } else {
-                    continue;
-                }
-
-                checkedProviders.remove(providerId);
-            }
-        }
-
-        assertTrue(checkedProviders.isEmpty());
-    }
-
-    private void assertGoogleIdentityProviderConfig(IdentityProviderModel identityProvider) {
-        GoogleIdentityProvider googleIdentityProvider = new GoogleIdentityProviderFactory().create(identityProvider);
-        OIDCIdentityProviderConfig config = googleIdentityProvider.getConfig();
-
-        assertEquals("model-google", config.getId());
-        assertEquals(GoogleIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
-        assertEquals("Google", config.getName());
-        assertEquals(true, config.isEnabled());
-        assertEquals(true, config.isUpdateProfileFirstLogin());
-        assertEquals(false, config.isAuthenticateByDefault());
-        assertEquals(true, config.isStoreToken());
-        assertEquals("clientId", config.getClientId());
-        assertEquals("clientSecret", config.getClientSecret());
-        assertEquals(GoogleIdentityProvider.AUTH_URL, config.getAuthorizationUrl());
-        assertEquals(GoogleIdentityProvider.TOKEN_URL, config.getTokenUrl());
-        assertEquals(GoogleIdentityProvider.PROFILE_URL, config.getUserInfoUrl());
-
-    }
-
-    private void assertSamlIdentityProviderConfig(IdentityProviderModel identityProvider) {
-        SAMLIdentityProvider samlIdentityProvider = new SAMLIdentityProviderFactory().create(identityProvider);
-        SAMLIdentityProviderConfig config = samlIdentityProvider.getConfig();
-
-        assertEquals("model-saml-signed-idp", config.getId());
-        assertEquals(SAMLIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
-        assertEquals("SAML Signed IdP", config.getName());
-        assertEquals(true, config.isEnabled());
-        assertEquals(true, config.isUpdateProfileFirstLogin());
-        assertEquals(false, config.isAuthenticateByDefault());
-        assertEquals(false, config.isStoreToken());
-        assertEquals("http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml", config.getSingleSignOnServiceUrl());
-        assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", config.getNameIDPolicyFormat());
-        assertEquals("MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin", config.getSigningCertificate());
-        assertEquals(true, config.isWantAuthnRequestsSigned());
-        assertEquals(true, config.isForceAuthn());
-        assertEquals(true, config.isPostBindingAuthnRequest());
-        assertEquals(true, config.isPostBindingResponse());
-        assertEquals(true, config.isValidateSignature());
-    }
-
-    private void assertOidcIdentityProviderConfig(IdentityProviderModel identityProvider) {
-        OIDCIdentityProvider googleIdentityProvider = new OIDCIdentityProviderFactory().create(identityProvider);
-        OIDCIdentityProviderConfig config = googleIdentityProvider.getConfig();
-
-        assertEquals("model-oidc-idp", config.getId());
-        assertEquals(OIDCIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
-        assertEquals("OIDC IdP", config.getName());
-        assertEquals(false, config.isEnabled());
-        assertEquals(false, config.isUpdateProfileFirstLogin());
-        assertEquals(false, config.isAuthenticateByDefault());
-        assertEquals(false, config.isStoreToken());
-        assertEquals("clientId", config.getClientId());
-        assertEquals("clientSecret", config.getClientSecret());
-    }
-
-    private void assertFacebookIdentityProviderConfig(IdentityProviderModel identityProvider) {
-        FacebookIdentityProvider facebookIdentityProvider = new FacebookIdentityProviderFactory().create(identityProvider);
-        OAuth2IdentityProviderConfig config = facebookIdentityProvider.getConfig();
-
-        assertEquals("model-facebook", config.getId());
-        assertEquals(FacebookIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
-        assertEquals("Facebook", config.getName());
-        assertEquals(true, config.isEnabled());
-        assertEquals(true, config.isUpdateProfileFirstLogin());
-        assertEquals(false, config.isAuthenticateByDefault());
-        assertEquals(false, config.isStoreToken());
-        assertEquals("clientId", config.getClientId());
-        assertEquals("clientSecret", config.getClientSecret());
-        assertEquals(FacebookIdentityProvider.AUTH_URL, config.getAuthorizationUrl());
-        assertEquals(FacebookIdentityProvider.TOKEN_URL, config.getTokenUrl());
-        assertEquals(FacebookIdentityProvider.PROFILE_URL, config.getUserInfoUrl());
-    }
-
-    private void assertGitHubIdentityProviderConfig(IdentityProviderModel identityProvider) {
-        GitHubIdentityProvider gitHubIdentityProvider = new GitHubIdentityProviderFactory().create(identityProvider);
-        OAuth2IdentityProviderConfig config = gitHubIdentityProvider.getConfig();
-
-        assertEquals("model-github", config.getId());
-        assertEquals(GitHubIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
-        assertEquals("GitHub", config.getName());
-        assertEquals(true, config.isEnabled());
-        assertEquals(true, config.isUpdateProfileFirstLogin());
-        assertEquals(false, config.isAuthenticateByDefault());
-        assertEquals(false, config.isStoreToken());
-        assertEquals("clientId", config.getClientId());
-        assertEquals("clientSecret", config.getClientSecret());
-        assertEquals(GitHubIdentityProvider.AUTH_URL, config.getAuthorizationUrl());
-        assertEquals(GitHubIdentityProvider.TOKEN_URL, config.getTokenUrl());
-        assertEquals(GitHubIdentityProvider.PROFILE_URL, config.getUserInfoUrl());
-    }
-
-    private void assertTwitterIdentityProviderConfig(IdentityProviderModel identityProvider) {
-        TwitterIdentityProvider twitterIdentityProvider = new TwitterIdentityProviderFactory().create(identityProvider);
-        OAuth2IdentityProviderConfig config = twitterIdentityProvider.getConfig();
-
-        assertEquals("model-twitter", config.getId());
-        assertEquals(TwitterIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
-        assertEquals("Twitter", config.getName());
-        assertEquals(true, config.isEnabled());
-        assertEquals(true, config.isUpdateProfileFirstLogin());
-        assertEquals(false, config.isAuthenticateByDefault());
-        assertEquals(true, config.isStoreToken());
-        assertEquals("clientId", config.getClientId());
-        assertEquals("clientSecret", config.getClientSecret());
-    }
-
-    private RealmModel installTestRealm() throws IOException {
-        RealmRepresentation realmRepresentation = loadJson("broker-test/test-realm-with-broker.json");
-
-        assertNotNull(realmRepresentation);
-        assertEquals("realm-with-broker", realmRepresentation.getRealm());
-
-        RealmModel realmModel = this.realmManager.getRealm("realm-with-broker");
-
-        if (realmModel == null) {
-            realmModel = this.realmManager.importRealm(realmRepresentation);
-
-            commit();
-
-            realmModel = this.realmManager.getRealm(realmModel.getId());
-
-            assertNotNull(realmModel);
-        }
-
-        return realmModel;
-    }
-}
+/*
+ * JBoss, Home of Professional Open Source
+ *
+ * Copyright 2013 Red Hat, Inc. and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.broker;
+
+import org.junit.Test;
+import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
+import org.keycloak.broker.oidc.OIDCIdentityProvider;
+import org.keycloak.broker.oidc.OIDCIdentityProviderConfig;
+import org.keycloak.broker.oidc.OIDCIdentityProviderFactory;
+import org.keycloak.broker.saml.SAMLIdentityProvider;
+import org.keycloak.broker.saml.SAMLIdentityProviderConfig;
+import org.keycloak.broker.saml.SAMLIdentityProviderFactory;
+import org.keycloak.models.ClientIdentityProviderMappingModel;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.IdentityProviderModel;
+import org.keycloak.models.RealmModel;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.social.facebook.FacebookIdentityProvider;
+import org.keycloak.social.facebook.FacebookIdentityProviderFactory;
+import org.keycloak.social.github.GitHubIdentityProvider;
+import org.keycloak.social.github.GitHubIdentityProviderFactory;
+import org.keycloak.social.google.GoogleIdentityProvider;
+import org.keycloak.social.google.GoogleIdentityProviderFactory;
+import org.keycloak.social.twitter.TwitterIdentityProvider;
+import org.keycloak.social.twitter.TwitterIdentityProviderFactory;
+
+import java.io.IOException;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * @author pedroigor
+ */
+public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTest {
+
+    @Test
+    public void testInstallation() throws Exception {
+        RealmModel realm = installTestRealm();
+
+        assertIdentityProviderConfig(realm.getIdentityProviders());
+
+        assertTrue(realm.isIdentityFederationEnabled());
+        this.realmManager.removeRealm(realm);
+    }
+
+    @Test
+    public void testUpdateIdentityProvider() throws Exception {
+        RealmModel realm = installTestRealm();
+        List<IdentityProviderModel> identityProviders = realm.getIdentityProviders();
+
+        assertFalse(identityProviders.isEmpty());
+
+        IdentityProviderModel identityProviderModel = identityProviders.get(0);
+        String identityProviderId = identityProviderModel.getId();
+
+        identityProviderModel.setName("Changed Name");
+        identityProviderModel.getConfig().put("config-added", "value-added");
+        identityProviderModel.setEnabled(false);
+        identityProviderModel.setUpdateProfileFirstLogin(false);
+        identityProviderModel.setStoreToken(true);
+        identityProviderModel.setAuthenticateByDefault(true);
+
+        realm.updateIdentityProvider(identityProviderModel);
+
+        commit();
+
+        realm = this.realmManager.getRealm(realm.getId());
+
+        identityProviderModel = realm.getIdentityProviderById(identityProviderId);
+
+        assertEquals("Changed Name", identityProviderModel.getName());
+        assertEquals("value-added", identityProviderModel.getConfig().get("config-added"));
+        assertFalse(identityProviderModel.isEnabled());
+        assertFalse(identityProviderModel.isUpdateProfileFirstLogin());
+        assertTrue(identityProviderModel.isStoreToken());
+        assertTrue(identityProviderModel.isAuthenticateByDefault());
+
+        identityProviderModel.setName("Changed Name Again");
+        identityProviderModel.getConfig().remove("config-added");
+        identityProviderModel.setEnabled(true);
+        identityProviderModel.setUpdateProfileFirstLogin(true);
+        identityProviderModel.setAuthenticateByDefault(false);
+
+        realm.updateIdentityProvider(identityProviderModel);
+
+        commit();
+
+        realm = this.realmManager.getRealm(realm.getId());
+        identityProviderModel = realm.getIdentityProviderById(identityProviderId);
+
+        assertEquals("Changed Name Again", identityProviderModel.getName());
+        assertFalse(identityProviderModel.getConfig().containsKey("config-added"));
+        assertTrue(identityProviderModel.isEnabled());
+        assertTrue(identityProviderModel.isUpdateProfileFirstLogin());
+        assertFalse(identityProviderModel.isAuthenticateByDefault());
+        this.realmManager.removeRealm(realm);
+    }
+
+    @Test
+    public void testApplicationIdentityProviders() throws Exception {
+        RealmModel realm = installTestRealm();
+
+        ClientModel client = realm.findClient("test-app-with-allowed-providers");
+        List<ClientIdentityProviderMappingModel> identityProviders = client.getIdentityProviders();
+
+        assertEquals(1, identityProviders.size());
+
+        ClientIdentityProviderMappingModel identityProviderMappingModel = identityProviders.get(0);
+
+        assertEquals("kc-oidc-idp", identityProviderMappingModel.getIdentityProvider());
+        assertEquals(false, identityProviderMappingModel.isRetrieveToken());
+
+        identityProviders.remove(identityProviderMappingModel);
+
+        client.updateAllowedIdentityProviders(identityProviders);
+
+        client = realm.findClientById(client.getId());
+        identityProviders = client.getIdentityProviders();
+
+        assertEquals(0, identityProviders.size());
+        this.realmManager.removeRealm(realm);
+    }
+
+
+    private void assertIdentityProviderConfig(List<IdentityProviderModel> identityProviders) {
+        assertFalse(identityProviders.isEmpty());
+
+        Set<String> checkedProviders = new HashSet<String>(getExpectedProviders());
+
+        for (IdentityProviderModel identityProvider : identityProviders) {
+            if (identityProvider.getId().startsWith("model-")) {
+                String providerId = identityProvider.getProviderId();
+
+                if (SAMLIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+                    assertSamlIdentityProviderConfig(identityProvider);
+                } else if (GoogleIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+                    assertGoogleIdentityProviderConfig(identityProvider);
+                } else if (OIDCIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+                    assertOidcIdentityProviderConfig(identityProvider);
+                } else if (FacebookIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+                    assertFacebookIdentityProviderConfig(identityProvider);
+                } else if (GitHubIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+                    assertGitHubIdentityProviderConfig(identityProvider);
+                } else if (TwitterIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+                    assertTwitterIdentityProviderConfig(identityProvider);
+                } else {
+                    continue;
+                }
+
+                checkedProviders.remove(providerId);
+            }
+        }
+
+        assertTrue(checkedProviders.isEmpty());
+    }
+
+    private void assertGoogleIdentityProviderConfig(IdentityProviderModel identityProvider) {
+        GoogleIdentityProvider googleIdentityProvider = new GoogleIdentityProviderFactory().create(identityProvider);
+        OIDCIdentityProviderConfig config = googleIdentityProvider.getConfig();
+
+        assertEquals("model-google", config.getId());
+        assertEquals(GoogleIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
+        assertEquals("Google", config.getName());
+        assertEquals(true, config.isEnabled());
+        assertEquals(true, config.isUpdateProfileFirstLogin());
+        assertEquals(false, config.isAuthenticateByDefault());
+        assertEquals(true, config.isStoreToken());
+        assertEquals("clientId", config.getClientId());
+        assertEquals("clientSecret", config.getClientSecret());
+        assertEquals(GoogleIdentityProvider.AUTH_URL, config.getAuthorizationUrl());
+        assertEquals(GoogleIdentityProvider.TOKEN_URL, config.getTokenUrl());
+        assertEquals(GoogleIdentityProvider.PROFILE_URL, config.getUserInfoUrl());
+
+    }
+
+    private void assertSamlIdentityProviderConfig(IdentityProviderModel identityProvider) {
+        SAMLIdentityProvider samlIdentityProvider = new SAMLIdentityProviderFactory().create(identityProvider);
+        SAMLIdentityProviderConfig config = samlIdentityProvider.getConfig();
+
+        assertEquals("model-saml-signed-idp", config.getId());
+        assertEquals(SAMLIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
+        assertEquals("SAML Signed IdP", config.getName());
+        assertEquals(true, config.isEnabled());
+        assertEquals(true, config.isUpdateProfileFirstLogin());
+        assertEquals(false, config.isAuthenticateByDefault());
+        assertEquals(false, config.isStoreToken());
+        assertEquals("http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml", config.getSingleSignOnServiceUrl());
+        assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", config.getNameIDPolicyFormat());
+        assertEquals("MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin", config.getSigningCertificate());
+        assertEquals(true, config.isWantAuthnRequestsSigned());
+        assertEquals(true, config.isForceAuthn());
+        assertEquals(true, config.isPostBindingAuthnRequest());
+        assertEquals(true, config.isPostBindingResponse());
+        assertEquals(true, config.isValidateSignature());
+    }
+
+    private void assertOidcIdentityProviderConfig(IdentityProviderModel identityProvider) {
+        OIDCIdentityProvider googleIdentityProvider = new OIDCIdentityProviderFactory().create(identityProvider);
+        OIDCIdentityProviderConfig config = googleIdentityProvider.getConfig();
+
+        assertEquals("model-oidc-idp", config.getId());
+        assertEquals(OIDCIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
+        assertEquals("OIDC IdP", config.getName());
+        assertEquals(false, config.isEnabled());
+        assertEquals(false, config.isUpdateProfileFirstLogin());
+        assertEquals(false, config.isAuthenticateByDefault());
+        assertEquals(false, config.isStoreToken());
+        assertEquals("clientId", config.getClientId());
+        assertEquals("clientSecret", config.getClientSecret());
+    }
+
+    private void assertFacebookIdentityProviderConfig(IdentityProviderModel identityProvider) {
+        FacebookIdentityProvider facebookIdentityProvider = new FacebookIdentityProviderFactory().create(identityProvider);
+        OAuth2IdentityProviderConfig config = facebookIdentityProvider.getConfig();
+
+        assertEquals("model-facebook", config.getId());
+        assertEquals(FacebookIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
+        assertEquals("Facebook", config.getName());
+        assertEquals(true, config.isEnabled());
+        assertEquals(true, config.isUpdateProfileFirstLogin());
+        assertEquals(false, config.isAuthenticateByDefault());
+        assertEquals(false, config.isStoreToken());
+        assertEquals("clientId", config.getClientId());
+        assertEquals("clientSecret", config.getClientSecret());
+        assertEquals(FacebookIdentityProvider.AUTH_URL, config.getAuthorizationUrl());
+        assertEquals(FacebookIdentityProvider.TOKEN_URL, config.getTokenUrl());
+        assertEquals(FacebookIdentityProvider.PROFILE_URL, config.getUserInfoUrl());
+    }
+
+    private void assertGitHubIdentityProviderConfig(IdentityProviderModel identityProvider) {
+        GitHubIdentityProvider gitHubIdentityProvider = new GitHubIdentityProviderFactory().create(identityProvider);
+        OAuth2IdentityProviderConfig config = gitHubIdentityProvider.getConfig();
+
+        assertEquals("model-github", config.getId());
+        assertEquals(GitHubIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
+        assertEquals("GitHub", config.getName());
+        assertEquals(true, config.isEnabled());
+        assertEquals(true, config.isUpdateProfileFirstLogin());
+        assertEquals(false, config.isAuthenticateByDefault());
+        assertEquals(false, config.isStoreToken());
+        assertEquals("clientId", config.getClientId());
+        assertEquals("clientSecret", config.getClientSecret());
+        assertEquals(GitHubIdentityProvider.AUTH_URL, config.getAuthorizationUrl());
+        assertEquals(GitHubIdentityProvider.TOKEN_URL, config.getTokenUrl());
+        assertEquals(GitHubIdentityProvider.PROFILE_URL, config.getUserInfoUrl());
+    }
+
+    private void assertTwitterIdentityProviderConfig(IdentityProviderModel identityProvider) {
+        TwitterIdentityProvider twitterIdentityProvider = new TwitterIdentityProviderFactory().create(identityProvider);
+        OAuth2IdentityProviderConfig config = twitterIdentityProvider.getConfig();
+
+        assertEquals("model-twitter", config.getId());
+        assertEquals(TwitterIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
+        assertEquals("Twitter", config.getName());
+        assertEquals(true, config.isEnabled());
+        assertEquals(true, config.isUpdateProfileFirstLogin());
+        assertEquals(false, config.isAuthenticateByDefault());
+        assertEquals(true, config.isStoreToken());
+        assertEquals("clientId", config.getClientId());
+        assertEquals("clientSecret", config.getClientSecret());
+    }
+
+    private RealmModel installTestRealm() throws IOException {
+        RealmRepresentation realmRepresentation = loadJson("broker-test/test-realm-with-broker.json");
+
+        assertNotNull(realmRepresentation);
+        assertEquals("realm-with-broker", realmRepresentation.getRealm());
+
+        RealmModel realmModel = this.realmManager.getRealm("realm-with-broker");
+
+        if (realmModel == null) {
+            realmModel = this.realmManager.importRealm(realmRepresentation);
+
+            commit();
+
+            realmModel = this.realmManager.getRealm(realmModel.getId());
+
+            assertNotNull(realmModel);
+        }
+
+        return realmModel;
+    }
+}

From 753feae49ed4f99d87b5b5ebfadc3b7de2f18373 Mon Sep 17 00:00:00 2001
From: Bill Burke <bburke@redhat.com>
Date: Mon, 2 Mar 2015 21:39:43 -0500
Subject: [PATCH 2/3] fixes

---
 .../idm/ProtocolMapperTypeRepresentation.java |  18 +
 .../models/utils/RepresentationToModel.java   |  14 -
 .../org/keycloak/protocol/ProtocolMapper.java |  21 ++
 .../oidc/OIDCLoginProtocolFactory.java        |  15 +-
 .../keycloak/protocol/oidc/TokenManager.java  |   4 +-
 .../protocol/oidc/UserInfoService.java        | 308 +++++++++---------
 .../oidc/mappers/OIDCAccessTokenMapper.java   |   4 +-
 .../oidc/mappers/OIDCAddressMapper.java       |  37 ++-
 .../mappers/OIDCAttributeMapperHelper.java    |  20 +-
 .../oidc/mappers/OIDCFullNameMapper.java      |  35 +-
 .../oidc/mappers/OIDCIDTokenMapper.java       |  18 +
 .../oidc/mappers/OIDCUserAttributeMapper.java |  51 ++-
 .../oidc/mappers/OIDCUserModelMapper.java     |  61 +++-
 .../admin/ServerInfoAdminResource.java        |   2 +
 .../testsuite/admin/AdminAPITest.java         |   4 -
 15 files changed, 406 insertions(+), 206 deletions(-)
 create mode 100755 services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCIDTokenMapper.java

diff --git a/core/src/main/java/org/keycloak/representations/idm/ProtocolMapperTypeRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/ProtocolMapperTypeRepresentation.java
index 78e13bda9a..1e510f8bfa 100755
--- a/core/src/main/java/org/keycloak/representations/idm/ProtocolMapperTypeRepresentation.java
+++ b/core/src/main/java/org/keycloak/representations/idm/ProtocolMapperTypeRepresentation.java
@@ -16,6 +16,8 @@ public class ProtocolMapperTypeRepresentation {
         protected String name;
         protected String label;
         protected String helpText;
+        protected String type;
+        protected String defaultValue;
 
         public String getName() {
             return name;
@@ -33,6 +35,22 @@ public class ProtocolMapperTypeRepresentation {
             this.label = label;
         }
 
+        public String getType() {
+            return type;
+        }
+
+        public void setType(String type) {
+            this.type = type;
+        }
+
+        public String getDefaultValue() {
+            return defaultValue;
+        }
+
+        public void setDefaultValue(String defaultValue) {
+            this.defaultValue = defaultValue;
+        }
+
         public String getHelpText() {
             return helpText;
         }
diff --git a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
index 2bf61e2395..f24a094c24 100755
--- a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
@@ -457,12 +457,6 @@ public class RepresentationToModel {
             applicationModel.updateDefaultRoles(resourceRep.getDefaultRoles());
         }
 
-        if (resourceRep.getClaims() != null) {
-            setClaims(applicationModel, resourceRep.getClaims());
-        } else {
-            applicationModel.setAllowedClaimsMask(ClaimMask.ALL);
-        }
-
         if (resourceRep.getProtocolMappers() != null) {
             Set<String> ids = new HashSet<String>();
             for (ClientProtocolMappingRepresentation map : resourceRep.getProtocolMappers()) {
@@ -524,10 +518,6 @@ public class RepresentationToModel {
             }
         }
 
-        if (rep.getClaims() != null) {
-            setClaims(resource, rep.getClaims());
-        }
-
         updateClientIdentityProvides(rep.getIdentityProviders(), resource);
     }
 
@@ -633,10 +623,6 @@ public class RepresentationToModel {
             model.setWebOrigins(new HashSet<String>(webOrigins));
         }
 
-        if (rep.getClaims() != null) {
-            setClaims(model, rep.getClaims());
-        }
-
         if (rep.getNotBefore() != null) {
             model.setNotBefore(rep.getNotBefore());
         }
diff --git a/services/src/main/java/org/keycloak/protocol/ProtocolMapper.java b/services/src/main/java/org/keycloak/protocol/ProtocolMapper.java
index 2c3d230d29..ff6e10591c 100755
--- a/services/src/main/java/org/keycloak/protocol/ProtocolMapper.java
+++ b/services/src/main/java/org/keycloak/protocol/ProtocolMapper.java
@@ -16,9 +16,14 @@ public interface ProtocolMapper extends Provider, ProviderFactory<ProtocolMapper
     String getHelpText();
 
     public static class ConfigProperty {
+        public static final String BOOLEAN_TYPE="boolean";
+        public static final String STRING_TYPE="String";
+
         protected String name;
         protected String label;
         protected String helpText;
+        protected String type;
+        protected String defaultValue;
 
         public String getName() {
             return name;
@@ -36,6 +41,22 @@ public interface ProtocolMapper extends Provider, ProviderFactory<ProtocolMapper
             this.label = label;
         }
 
+        public String getType() {
+            return type;
+        }
+
+        public void setType(String type) {
+            this.type = type;
+        }
+
+        public String getDefaultValue() {
+            return defaultValue;
+        }
+
+        public void setDefaultValue(String defaultValue) {
+            this.defaultValue = defaultValue;
+        }
+
         public String getHelpText() {
             return helpText;
         }
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolFactory.java b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolFactory.java
index a53a7590aa..8d3a6367af 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolFactory.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolFactory.java
@@ -29,27 +29,32 @@ public class OIDCLoginProtocolFactory extends AbstractLoginProtocolFactory {
                 "username",
                 "preferred_username", "String",
                 true, "username",
-                true);
+                true,
+                true, true);
         OIDCUserModelMapper.addClaimMapper(realm, "email",
                 "email",
                 "email", "String",
                 true, "email",
-                true);
+                true,
+                true, true);
         OIDCUserModelMapper.addClaimMapper(realm, "given name",
                 "firstName",
                 "given_name", "String",
                 true, "given name",
-                true);
+                true,
+                true, true);
         OIDCUserModelMapper.addClaimMapper(realm, "family name",
                 "lastName",
                 "family_name", "String",
                 true, "family name",
-                true);
+                true,
+                true, true);
         OIDCUserModelMapper.addClaimMapper(realm, "email verified",
                 "emailVerified",
                 "email_verified", "boolean",
                 false, null,
-                false);
+                false,
+                true, true);
 
         ProtocolMapperModel fullName = new ProtocolMapperModel();
         if (realm.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, "full name") == null) {
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
index 8e48aeb640..55a78da71f 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
@@ -9,7 +9,6 @@ import org.keycloak.jose.jws.JWSBuilder;
 import org.keycloak.jose.jws.JWSInput;
 import org.keycloak.jose.jws.crypto.RSAProvider;
 import org.keycloak.models.ApplicationModel;
-import org.keycloak.models.ClaimMask;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.ClientSessionModel;
 import org.keycloak.models.KeycloakSession;
@@ -25,7 +24,6 @@ import org.keycloak.protocol.ProtocolMapper;
 import org.keycloak.protocol.oidc.mappers.OIDCAccessTokenMapper;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.AccessTokenResponse;
-import org.keycloak.representations.UserClaimSet;
 import org.keycloak.representations.IDToken;
 import org.keycloak.representations.RefreshToken;
 import org.keycloak.services.managers.AuthenticationManager;
@@ -244,7 +242,7 @@ public class TokenManager {
 
             ProtocolMapper mapper = (ProtocolMapper)sessionFactory.getProviderFactory(ProtocolMapper.class, mapping.getProtocolMapper());
             if (mapper == null || !(mapper instanceof OIDCAccessTokenMapper)) continue;
-            token = ((OIDCAccessTokenMapper)mapper).transformToken(token, mapping, session, userSession, clientSession);
+            token = ((OIDCAccessTokenMapper)mapper).transformAccessToken(token, mapping, session, userSession, clientSession);
 
 
 
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/UserInfoService.java b/services/src/main/java/org/keycloak/protocol/oidc/UserInfoService.java
index 0829d67f8b..c96b9f194a 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/UserInfoService.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/UserInfoService.java
@@ -1,154 +1,154 @@
-/*
- * JBoss, Home of Professional Open Source
- *
- * Copyright 2013 Red Hat, Inc. and/or its affiliates.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.keycloak.protocol.oidc;
-
-import org.jboss.resteasy.annotations.cache.NoCache;
-import org.jboss.resteasy.spi.HttpRequest;
-import org.jboss.resteasy.spi.HttpResponse;
-import org.jboss.resteasy.spi.UnauthorizedException;
-import org.keycloak.ClientConnection;
-import org.keycloak.events.Details;
-import org.keycloak.events.EventBuilder;
-import org.keycloak.events.EventType;
-import org.keycloak.models.ClientModel;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.UserModel;
-import org.keycloak.models.UserSessionModel;
-import org.keycloak.representations.AccessToken;
-import org.keycloak.representations.UserClaimSet;
-import org.keycloak.services.managers.AppAuthManager;
-import org.keycloak.services.managers.EventsManager;
-import org.keycloak.services.resources.Cors;
-
-import javax.ws.rs.Consumes;
-import javax.ws.rs.FormParam;
-import javax.ws.rs.GET;
-import javax.ws.rs.OPTIONS;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.Status;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * @author pedroigor
- */
-public class UserInfoService {
-
-    @Context
-    private HttpRequest request;
-
-    @Context
-    private HttpResponse response;
-
-    @Context
-    private KeycloakSession session;
-
-    @Context
-    private ClientConnection clientConnection;
-
-    private final TokenManager tokenManager;
-    private final AppAuthManager appAuthManager;
-    private final OIDCLoginProtocolService openIdConnectService;
-    private final RealmModel realmModel;
-
-    public UserInfoService(OIDCLoginProtocolService openIDConnectService) {
-        this.realmModel = openIDConnectService.getRealm();
-
-        if (this.realmModel == null) {
-            throw new RuntimeException("Null realm.");
-        }
-
-        this.tokenManager = openIDConnectService.getTokenManager();
-
-        if (this.tokenManager == null) {
-            throw new RuntimeException("Null token manager.");
-        }
-
-        this.openIdConnectService = openIDConnectService;
-        this.appAuthManager = new AppAuthManager();
-    }
-
-    @Path("/")
-    @OPTIONS
-    @Produces(MediaType.APPLICATION_JSON)
-    public Response issueUserInfoPreflight() {
-        return Cors.add(this.request, Response.ok()).auth().preflight().build();
-    }
-
-    @Path("/")
-    @GET
-    @NoCache
-    @Produces(MediaType.APPLICATION_JSON)
-    public Response issueUserInfoGet(@Context final HttpHeaders headers) {
-        String accessToken = this.appAuthManager.extractAuthorizationHeaderToken(headers);
-        return issueUserInfo(accessToken);
-    }
-
-    @Path("/")
-    @POST
-    @NoCache
-    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
-    @Produces(MediaType.APPLICATION_JSON)
-    public Response issueUserInfoPost(@FormParam("access_token") String accessToken) {
-        return issueUserInfo(accessToken);
-    }
-
-    private Response issueUserInfo(String token) {
-        try {
-            EventBuilder event = new EventsManager(this.realmModel, this.session, this.clientConnection).createEventBuilder()
-                    .event(EventType.USER_INFO_REQUEST)
-                    .detail(Details.AUTH_METHOD, Details.VALIDATE_ACCESS_TOKEN);
-
-            Response validationResponse = this.openIdConnectService.validateAccessToken(token);
-
-            if (!AccessToken.class.isInstance(validationResponse.getEntity())) {
-                event.error(EventType.USER_INFO_REQUEST.name());
-                return Response.fromResponse(validationResponse).status(Status.FORBIDDEN).build();
-            }
-
-            AccessToken accessToken = (AccessToken) validationResponse.getEntity();
-            UserSessionModel userSession = session.sessions().getUserSession(realmModel, accessToken.getSessionState());
-            ClientModel clientModel = realmModel.findClient(accessToken.getIssuedFor());
-            UserModel userModel = userSession.getUser();
-            AccessToken userInfo = new AccessToken();
-            this.tokenManager.transformToken(session, userInfo, realmModel, clientModel, userModel, userSession, null);
-
-            event
-                .detail(Details.USERNAME, userModel.getUsername())
-                .client(clientModel)
-                .session(userSession)
-                .user(userModel)
-                .success();
-
-            Map<String, Object> claims = new HashMap<String, Object>();
-            claims.putAll(userInfo.getOtherClaims());
-            claims.put("sub", userModel.getId());
-            return Cors.add(request, Response.ok(claims)).auth().allowedOrigins(accessToken).build();
-        } catch (Exception e) {
-            throw new UnauthorizedException("Could not retrieve user info.", e);
-        }
-    }
-
-}
+/*
+ * JBoss, Home of Professional Open Source
+ *
+ * Copyright 2013 Red Hat, Inc. and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.protocol.oidc;
+
+import org.jboss.resteasy.annotations.cache.NoCache;
+import org.jboss.resteasy.spi.HttpRequest;
+import org.jboss.resteasy.spi.HttpResponse;
+import org.jboss.resteasy.spi.UnauthorizedException;
+import org.keycloak.ClientConnection;
+import org.keycloak.events.Details;
+import org.keycloak.events.EventBuilder;
+import org.keycloak.events.EventType;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.models.UserSessionModel;
+import org.keycloak.representations.AccessToken;
+import org.keycloak.representations.UserClaimSet;
+import org.keycloak.services.managers.AppAuthManager;
+import org.keycloak.services.managers.EventsManager;
+import org.keycloak.services.resources.Cors;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.FormParam;
+import javax.ws.rs.GET;
+import javax.ws.rs.OPTIONS;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author pedroigor
+ */
+public class UserInfoService {
+
+    @Context
+    private HttpRequest request;
+
+    @Context
+    private HttpResponse response;
+
+    @Context
+    private KeycloakSession session;
+
+    @Context
+    private ClientConnection clientConnection;
+
+    private final TokenManager tokenManager;
+    private final AppAuthManager appAuthManager;
+    private final OIDCLoginProtocolService openIdConnectService;
+    private final RealmModel realmModel;
+
+    public UserInfoService(OIDCLoginProtocolService openIDConnectService) {
+        this.realmModel = openIDConnectService.getRealm();
+
+        if (this.realmModel == null) {
+            throw new RuntimeException("Null realm.");
+        }
+
+        this.tokenManager = openIDConnectService.getTokenManager();
+
+        if (this.tokenManager == null) {
+            throw new RuntimeException("Null token manager.");
+        }
+
+        this.openIdConnectService = openIDConnectService;
+        this.appAuthManager = new AppAuthManager();
+    }
+
+    @Path("/")
+    @OPTIONS
+    @Produces(MediaType.APPLICATION_JSON)
+    public Response issueUserInfoPreflight() {
+        return Cors.add(this.request, Response.ok()).auth().preflight().build();
+    }
+
+    @Path("/")
+    @GET
+    @NoCache
+    @Produces(MediaType.APPLICATION_JSON)
+    public Response issueUserInfoGet(@Context final HttpHeaders headers) {
+        String accessToken = this.appAuthManager.extractAuthorizationHeaderToken(headers);
+        return issueUserInfo(accessToken);
+    }
+
+    @Path("/")
+    @POST
+    @NoCache
+    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+    @Produces(MediaType.APPLICATION_JSON)
+    public Response issueUserInfoPost(@FormParam("access_token") String accessToken) {
+        return issueUserInfo(accessToken);
+    }
+
+    private Response issueUserInfo(String token) {
+        try {
+            EventBuilder event = new EventsManager(this.realmModel, this.session, this.clientConnection).createEventBuilder()
+                    .event(EventType.USER_INFO_REQUEST)
+                    .detail(Details.AUTH_METHOD, Details.VALIDATE_ACCESS_TOKEN);
+
+            Response validationResponse = this.openIdConnectService.validateAccessToken(token);
+
+            if (!AccessToken.class.isInstance(validationResponse.getEntity())) {
+                event.error(EventType.USER_INFO_REQUEST.name());
+                return Response.fromResponse(validationResponse).status(Status.FORBIDDEN).build();
+            }
+
+            AccessToken accessToken = (AccessToken) validationResponse.getEntity();
+            UserSessionModel userSession = session.sessions().getUserSession(realmModel, accessToken.getSessionState());
+            ClientModel clientModel = realmModel.findClient(accessToken.getIssuedFor());
+            UserModel userModel = userSession.getUser();
+            AccessToken userInfo = new AccessToken();
+            this.tokenManager.transformToken(session, userInfo, realmModel, clientModel, userModel, userSession, null);
+
+            event
+                .detail(Details.USERNAME, userModel.getUsername())
+                .client(clientModel)
+                .session(userSession)
+                .user(userModel)
+                .success();
+
+            Map<String, Object> claims = new HashMap<String, Object>();
+            claims.putAll(userInfo.getOtherClaims());
+            claims.put("sub", userModel.getId());
+            return Cors.add(request, Response.ok(claims)).auth().allowedOrigins(accessToken).build();
+        } catch (Exception e) {
+            throw new UnauthorizedException("Could not retrieve user info.", e);
+        }
+    }
+
+}
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAccessTokenMapper.java b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAccessTokenMapper.java
index e2c479fb4a..eebda6ff6a 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAccessTokenMapper.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAccessTokenMapper.java
@@ -12,6 +12,6 @@ import org.keycloak.representations.AccessToken;
  */
 public interface OIDCAccessTokenMapper {
 
-    AccessToken transformToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
-                               UserSessionModel userSession, ClientSessionModel clientSession);
+    AccessToken transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
+                                     UserSessionModel userSession, ClientSessionModel clientSession);
 }
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAddressMapper.java b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAddressMapper.java
index 9b3adab21e..da7a25893a 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAddressMapper.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAddressMapper.java
@@ -6,6 +6,7 @@ import org.keycloak.models.ProtocolMapperModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.UserSessionModel;
 import org.keycloak.representations.AccessToken;
+import org.keycloak.representations.IDToken;
 import org.keycloak.representations.UserClaimSet;
 
 import java.util.ArrayList;
@@ -17,12 +18,26 @@ import java.util.List;
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
  */
-public class OIDCAddressMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper {
+public class OIDCAddressMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper {
 
     private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
 
     static {
-
+        ConfigProperty property;
+        property = new ConfigProperty();
+        property.setName(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN);
+        property.setLabel(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN_LABEL);
+        property.setType(ConfigProperty.BOOLEAN_TYPE);
+        property.setDefaultValue("true");
+        property.setHelpText(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN_HELP_TEXT);
+        configProperties.add(property);
+        property = new ConfigProperty();
+        property.setName(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN);
+        property.setLabel(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN_LABEL);
+        property.setType(ConfigProperty.BOOLEAN_TYPE);
+        property.setDefaultValue("true");
+        property.setHelpText(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN_HELP_TEXT);
+        configProperties.add(property);
     }
 
     public static final String PROVIDER_ID = "oidc-address-mapper";
@@ -53,8 +68,21 @@ public class OIDCAddressMapper extends AbstractOIDCProtocolMapper implements OID
     }
 
     @Override
-    public AccessToken transformToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
-                                      UserSessionModel userSession, ClientSessionModel clientSession) {
+    public AccessToken transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
+                                            UserSessionModel userSession, ClientSessionModel clientSession) {
+        if (!OIDCAttributeMapperHelper.includeInAccessToken(mappingModel)) return token;
+        setClaim(token, userSession);
+        return token;
+    }
+
+    @Override
+    public IDToken transformIDToken(IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionModel clientSession) {
+        if (!OIDCAttributeMapperHelper.includeInIDToken(mappingModel)) return token;
+        setClaim(token, userSession);
+        return token;
+    }
+
+    protected void setClaim(IDToken token, UserSessionModel userSession) {
         UserModel user = userSession.getUser();
         UserClaimSet.AddressClaimSet addressSet = new UserClaimSet.AddressClaimSet();
         addressSet.setStreetAddress(user.getAttribute("street"));
@@ -63,7 +91,6 @@ public class OIDCAddressMapper extends AbstractOIDCProtocolMapper implements OID
         addressSet.setPostalCode(user.getAttribute("postal_code"));
         addressSet.setCountry(user.getAttribute("country"));
         token.getOtherClaims().put("address", addressSet);
-        return token;
     }
 
 }
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java
index a6c98bebcd..552e4718d0 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCAttributeMapperHelper.java
@@ -5,6 +5,7 @@ import org.keycloak.models.RealmModel;
 import org.keycloak.protocol.ProtocolMapperUtils;
 import org.keycloak.protocol.oidc.OIDCLoginProtocol;
 import org.keycloak.representations.AccessToken;
+import org.keycloak.representations.IDToken;
 
 import java.util.HashMap;
 import java.util.Map;
@@ -16,6 +17,12 @@ import java.util.Map;
 public class OIDCAttributeMapperHelper {
     public static final String TOKEN_CLAIM_NAME = "Token Claim Name";
     public static final String JSON_TYPE = "Claim JSON Type";
+    public static final String INCLUDE_IN_ACCESS_TOKEN = "access.token.claim";
+    public static final String INCLUDE_IN_ACCESS_TOKEN_LABEL = "Add to access token";
+    public static final String INCLUDE_IN_ACCESS_TOKEN_HELP_TEXT = "Should the claim be added to the access token?";
+    public static final String INCLUDE_IN_ID_TOKEN = "id.token.claim";
+    public static final String INCLUDE_IN_ID_TOKEN_LABEL = "Add to ID token";
+    public static final String INCLUDE_IN_ID_TOKEN_HELP_TEXT = "Should the claim be added to the ID token?";
 
     public static Object mapAttributeValue(ProtocolMapperModel mappingModel, Object attributeValue) {
         if (attributeValue == null) return null;
@@ -40,7 +47,7 @@ public class OIDCAttributeMapperHelper {
         return attributeValue;
     }
 
-    public static void mapClaim(AccessToken token, ProtocolMapperModel mappingModel, Object attributeValue) {
+    public static void mapClaim(IDToken token, ProtocolMapperModel mappingModel, Object attributeValue) {
         if (attributeValue == null) return;
         attributeValue = mapAttributeValue(mappingModel, attributeValue);
         String protocolClaim = mappingModel.getConfig().get(TOKEN_CLAIM_NAME);
@@ -65,6 +72,7 @@ public class OIDCAttributeMapperHelper {
                                   String tokenClaimName, String claimType,
                                   boolean consentRequired, String consentText,
                                   boolean appliedByDefault,
+                                  boolean accessToken, boolean idToken,
                                   String mapperId) {
         ProtocolMapperModel mapper = realm.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, name);
         if (mapper != null) return;
@@ -79,7 +87,17 @@ public class OIDCAttributeMapperHelper {
         config.put(ProtocolMapperUtils.USER_ATTRIBUTE, userAttribute);
         config.put(TOKEN_CLAIM_NAME, tokenClaimName);
         config.put(JSON_TYPE, claimType);
+        if (accessToken) config.put(INCLUDE_IN_ACCESS_TOKEN, "true");
+        if (idToken) config.put(INCLUDE_IN_ID_TOKEN, "true");
         mapper.setConfig(config);
         realm.addProtocolMapper(mapper);
     }
+
+    public static boolean includeInIDToken(ProtocolMapperModel mappingModel) {
+        return "true".equals(mappingModel.getConfig().get(INCLUDE_IN_ID_TOKEN));
+    }
+
+    public static boolean includeInAccessToken(ProtocolMapperModel mappingModel) {
+        return "true".equals(mappingModel.getConfig().get(INCLUDE_IN_ACCESS_TOKEN));
+    }
 }
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCFullNameMapper.java b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCFullNameMapper.java
index 169494a514..f91abe5515 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCFullNameMapper.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCFullNameMapper.java
@@ -6,6 +6,7 @@ import org.keycloak.models.ProtocolMapperModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.UserSessionModel;
 import org.keycloak.representations.AccessToken;
+import org.keycloak.representations.IDToken;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -16,11 +17,26 @@ import java.util.List;
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
  */
-public class OIDCFullNameMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper {
+public class OIDCFullNameMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper {
 
     private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
 
     static {
+        ConfigProperty property;
+        property = new ConfigProperty();
+        property.setName(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN);
+        property.setLabel(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN_LABEL);
+        property.setType(ConfigProperty.BOOLEAN_TYPE);
+        property.setDefaultValue("true");
+        property.setHelpText(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN_HELP_TEXT);
+        configProperties.add(property);
+        property = new ConfigProperty();
+        property.setName(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN);
+        property.setLabel(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN_LABEL);
+        property.setType(ConfigProperty.BOOLEAN_TYPE);
+        property.setDefaultValue("true");
+        property.setHelpText(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN_HELP_TEXT);
+        configProperties.add(property);
 
     }
 
@@ -52,13 +68,24 @@ public class OIDCFullNameMapper extends AbstractOIDCProtocolMapper implements OI
     }
 
     @Override
-    public AccessToken transformToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
-                                      UserSessionModel userSession, ClientSessionModel clientSession) {
+    public AccessToken transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
+                                            UserSessionModel userSession, ClientSessionModel clientSession) {
+        if (!OIDCAttributeMapperHelper.includeInAccessToken(mappingModel)) return token;
+        setClaim(token, userSession);
+        return token;
+    }
+
+    protected void setClaim(IDToken token, UserSessionModel userSession) {
         UserModel user = userSession.getUser();
         String first = user.getFirstName() == null ? "" : user.getFirstName() + " ";
         String last = user.getLastName() == null ? "" : user.getLastName();
         token.getOtherClaims().put("name", first + last);
-        return token;
     }
 
+    @Override
+    public IDToken transformIDToken(IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionModel clientSession) {
+        if (!OIDCAttributeMapperHelper.includeInIDToken(mappingModel)) return token;
+        setClaim(token, userSession);
+        return token;
+    }
 }
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCIDTokenMapper.java b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCIDTokenMapper.java
new file mode 100755
index 0000000000..932b431e49
--- /dev/null
+++ b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCIDTokenMapper.java
@@ -0,0 +1,18 @@
+package org.keycloak.protocol.oidc.mappers;
+
+import org.keycloak.models.ClientSessionModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.ProtocolMapperModel;
+import org.keycloak.models.UserSessionModel;
+import org.keycloak.representations.AccessToken;
+import org.keycloak.representations.IDToken;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public interface OIDCIDTokenMapper {
+
+    IDToken transformIDToken(IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
+                               UserSessionModel userSession, ClientSessionModel clientSession);
+}
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCUserAttributeMapper.java b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCUserAttributeMapper.java
index 3586372f77..98045ba72f 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCUserAttributeMapper.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCUserAttributeMapper.java
@@ -8,6 +8,7 @@ import org.keycloak.models.UserModel;
 import org.keycloak.models.UserSessionModel;
 import org.keycloak.protocol.ProtocolMapperUtils;
 import org.keycloak.representations.AccessToken;
+import org.keycloak.representations.IDToken;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -20,7 +21,7 @@ import java.util.List;
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
  */
-public class OIDCUserAttributeMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper {
+public class OIDCUserAttributeMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper {
 
     private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
 
@@ -30,12 +31,35 @@ public class OIDCUserAttributeMapper extends AbstractOIDCProtocolMapper implemen
         property.setName(ProtocolMapperUtils.USER_ATTRIBUTE);
         property.setLabel(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_LABEL);
         property.setHelpText(ProtocolMapperUtils.USER_MODEL_ATTRIBUTE_HELP_TEXT);
+        property.setType(ConfigProperty.STRING_TYPE);
         configProperties.add(property);
         property = new ConfigProperty();
         property.setName(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME);
         property.setLabel(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME);
+        property.setType(ConfigProperty.STRING_TYPE);
         property.setHelpText("Name of the claim to insert into the token.  This can be a fully qualified name like 'address.street'.  In this case, a nested json object will be created.");
         configProperties.add(property);
+        property = new ConfigProperty();
+        property.setName(OIDCAttributeMapperHelper.JSON_TYPE);
+        property.setLabel(OIDCAttributeMapperHelper.JSON_TYPE);
+        property.setType(ConfigProperty.STRING_TYPE);
+        property.setDefaultValue(ConfigProperty.STRING_TYPE);
+        property.setHelpText("JSON type that should be used to populate the json claim in the token.  long, int, boolean, and String are valid values.");
+        configProperties.add(property);
+        property = new ConfigProperty();
+        property.setName(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN);
+        property.setLabel(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN_LABEL);
+        property.setType(ConfigProperty.BOOLEAN_TYPE);
+        property.setDefaultValue("true");
+        property.setHelpText(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN_HELP_TEXT);
+        configProperties.add(property);
+        property = new ConfigProperty();
+        property.setName(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN);
+        property.setLabel(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN_LABEL);
+        property.setType(ConfigProperty.BOOLEAN_TYPE);
+        property.setDefaultValue("true");
+        property.setHelpText(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN_HELP_TEXT);
+        configProperties.add(property);
 
     }
 
@@ -67,13 +91,26 @@ public class OIDCUserAttributeMapper extends AbstractOIDCProtocolMapper implemen
     }
 
     @Override
-    public AccessToken transformToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
-                                      UserSessionModel userSession, ClientSessionModel clientSession) {
+    public AccessToken transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
+                                            UserSessionModel userSession, ClientSessionModel clientSession) {
+        if (!OIDCAttributeMapperHelper.includeInAccessToken(mappingModel)) return token;
+
+        setClaim(token, mappingModel, userSession);
+        return token;
+    }
+
+    protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession) {
         UserModel user = userSession.getUser();
         String attributeName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_ATTRIBUTE);
         String attributeValue = user.getAttribute(attributeName);
-        if (attributeValue == null) return token;
+        if (attributeValue == null) return;
         OIDCAttributeMapperHelper.mapClaim(token, mappingModel, attributeValue);
+    }
+
+    @Override
+    public IDToken transformIDToken(IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionModel clientSession) {
+        if (!OIDCAttributeMapperHelper.includeInIDToken(mappingModel)) return token;
+        setClaim(token, mappingModel, userSession);
         return token;
     }
 
@@ -81,11 +118,13 @@ public class OIDCUserAttributeMapper extends AbstractOIDCProtocolMapper implemen
                                       String userAttribute,
                                       String tokenClaimName, String claimType,
                                       boolean consentRequired, String consentText,
-                                      boolean appliedByDefault) {
+                                      boolean appliedByDefault,
+                                      boolean accessToken, boolean idToken) {
         OIDCAttributeMapperHelper.addClaimMapper(realm, name, userAttribute,
                 tokenClaimName, claimType,
                 consentRequired, consentText,
-                appliedByDefault, PROVIDER_ID);
+                appliedByDefault, accessToken, idToken,
+                PROVIDER_ID);
     }
 
 
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCUserModelMapper.java b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCUserModelMapper.java
index 5e97f6d1d4..5efa6c6acd 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCUserModelMapper.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCUserModelMapper.java
@@ -8,6 +8,7 @@ import org.keycloak.models.UserModel;
 import org.keycloak.models.UserSessionModel;
 import org.keycloak.protocol.ProtocolMapperUtils;
 import org.keycloak.representations.AccessToken;
+import org.keycloak.representations.IDToken;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -20,7 +21,7 @@ import java.util.List;
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
  */
-public class OIDCUserModelMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper {
+public class OIDCUserModelMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenMapper, OIDCIDTokenMapper {
     private static final List<ConfigProperty> configProperties = new ArrayList<ConfigProperty>();
 
     static {
@@ -28,14 +29,43 @@ public class OIDCUserModelMapper extends AbstractOIDCProtocolMapper implements O
         property = new ConfigProperty();
         property.setName(ProtocolMapperUtils.USER_ATTRIBUTE);
         property.setLabel(ProtocolMapperUtils.USER_MODEL_PROPERTY_LABEL);
+        property.setType(ConfigProperty.STRING_TYPE);
         property.setHelpText(ProtocolMapperUtils.USER_MODEL_PROPERTY_HELP_TEXT);
         configProperties.add(property);
         property = new ConfigProperty();
         property.setName(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME);
         property.setLabel(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME);
+        property.setType(ConfigProperty.STRING_TYPE);
         property.setHelpText("Name of the claim to insert into the token.  This can be a fully qualified name like 'address.street'.  In this case, a nested json object will be created.");
         configProperties.add(property);
-
+        property = new ConfigProperty();
+        property.setName(OIDCAttributeMapperHelper.JSON_TYPE);
+        property.setLabel(OIDCAttributeMapperHelper.JSON_TYPE);
+        property.setType(ConfigProperty.STRING_TYPE);
+        property.setDefaultValue(ConfigProperty.STRING_TYPE);
+        property.setHelpText("JSON type that should be used to populate the json claim in the token.  long, int, boolean, and String are valid values.");
+        configProperties.add(property);
+        property = new ConfigProperty();
+        property.setName(OIDCAttributeMapperHelper.JSON_TYPE);
+        property.setLabel(OIDCAttributeMapperHelper.JSON_TYPE);
+        property.setType(ConfigProperty.BOOLEAN_TYPE);
+        property.setDefaultValue("true");
+        property.setHelpText("JSON type that should be used to populate the json claim in the token.  long, int, boolean, and String are valid values.");
+        configProperties.add(property);
+        property = new ConfigProperty();
+        property.setName(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN);
+        property.setLabel(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN_LABEL);
+        property.setType(ConfigProperty.BOOLEAN_TYPE);
+        property.setDefaultValue("true");
+        property.setHelpText(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN_HELP_TEXT);
+        configProperties.add(property);
+        property = new ConfigProperty();
+        property.setName(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN);
+        property.setLabel(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN_LABEL);
+        property.setType(ConfigProperty.BOOLEAN_TYPE);
+        property.setDefaultValue("true");
+        property.setHelpText(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN_HELP_TEXT);
+        configProperties.add(property);
     }
 
     public static final String PROVIDER_ID = "oidc-usermodel-property-mapper";
@@ -66,25 +96,40 @@ public class OIDCUserModelMapper extends AbstractOIDCProtocolMapper implements O
     }
 
     @Override
-    public AccessToken transformToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
-                                      UserSessionModel userSession, ClientSessionModel clientSession) {
+    public AccessToken transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
+                                            UserSessionModel userSession, ClientSessionModel clientSession) {
+        if (!OIDCAttributeMapperHelper.includeInAccessToken(mappingModel)) return token;
+        setClaim(token, mappingModel, userSession);
+
+        return token;
+    }
+
+    @Override
+    public IDToken transformIDToken(IDToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionModel clientSession) {
+        if (!OIDCAttributeMapperHelper.includeInIDToken(mappingModel)) return token;
+        setClaim(token, mappingModel, userSession);
+
+        return token;
+    }
+
+    protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession) {
         UserModel user = userSession.getUser();
         String propertyName = mappingModel.getConfig().get(ProtocolMapperUtils.USER_ATTRIBUTE);
         String propertyValue = ProtocolMapperUtils.getUserModelValue(user, propertyName);
         OIDCAttributeMapperHelper.mapClaim(token, mappingModel, propertyValue);
-
-        return token;
     }
 
     public static void addClaimMapper(RealmModel realm, String name,
                                       String userAttribute,
                                       String tokenClaimName, String claimType,
                                       boolean consentRequired, String consentText,
-                                      boolean appliedByDefault) {
+                                      boolean appliedByDefault,
+                                      boolean accessToken, boolean idToken) {
         OIDCAttributeMapperHelper.addClaimMapper(realm, name, userAttribute,
                 tokenClaimName, claimType,
                 consentRequired, consentText,
-                appliedByDefault, PROVIDER_ID);
+                appliedByDefault, accessToken, idToken,
+                PROVIDER_ID);
     }
 
 
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java
index 6871e95192..0c870934c8 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ServerInfoAdminResource.java
@@ -150,6 +150,8 @@ public class ServerInfoAdminResource {
                 ProtocolMapperTypeRepresentation.ConfigProperty propRep = new ProtocolMapperTypeRepresentation.ConfigProperty();
                 propRep.setName(prop.getName());
                 propRep.setLabel(prop.getLabel());
+                propRep.setType(prop.getType());
+                propRep.setDefaultValue(prop.getDefaultValue());
                 propRep.setHelpText(prop.getHelpText());
                 rep.getProperties().add(propRep);
             }
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java
index 68e3f13540..100f9c1f90 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java
@@ -214,10 +214,6 @@ public class AdminAPITest {
 
             Assert.assertEquals(set, storedSet);
         }
-
-        if (appRep.getClaims() != null) {
-            Assert.assertEquals(appRep.getClaims(), storedApp.getClaims());
-        }
     }
 
     protected void checkRealmRep(RealmRepresentation rep, RealmRepresentation storedRealm) {

From 608185f06a86f52cd6181e0732ddea3a7803a564 Mon Sep 17 00:00:00 2001
From: Bill Burke <bburke@redhat.com>
Date: Tue, 3 Mar 2015 12:00:40 -0500
Subject: [PATCH 3/3] boolean mapper property types

---
 .../base/resources/js/controllers/protocols.js      |  2 ++
 .../resources/partials/protocol-mapper-detail.html  |  5 ++++-
 .../protocol/oidc/OIDCLoginProtocolFactory.java     | 13 +++++++++++++
 .../protocol/oidc/mappers/OIDCUserModelMapper.java  |  7 -------
 .../org/keycloak/testsuite/account/AccountTest.java |  2 +-
 5 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/protocols.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/protocols.js
index f6cef81469..b1b29565c6 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/protocols.js
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/protocols.js
@@ -33,6 +33,8 @@ module.controller('ProtocolMapperCtrl', function($scope, realm, serverInfo, prot
     $scope.mapper = angular.copy(mapper);
     var oldCopy = angular.copy($scope.realm);
     $scope.changed = false;
+    $scope.boolval = true;
+    $scope.boolvalId = 'boolval';
 
     console.log('protocol: ' + protocol);
     var protocolMappers = serverInfo.protocolMapperTypes[protocol];
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/protocol-mapper-detail.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/protocol-mapper-detail.html
index 7fb569db59..6ec92d3cc0 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/protocol-mapper-detail.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/protocol-mapper-detail.html
@@ -76,9 +76,12 @@
                 <div data-ng-repeat="option in mapperType.properties" class="form-group">
                     <label class="col-sm-2 control-label">{{option.label}} </label>
 
-                    <div class="col-sm-4">
+                    <div class="col-sm-4" data-ng-hide="option.type == 'boolean'">
                         <input class="form-control" type="text" data-ng-model="mapper.config[ option.name ]" >
                     </div>
+                    <div class="col-sm-4" data-ng-show="option.type == 'boolean'">
+                        <input ng-model="mapper.config[ option.name ]" value="'true'" name="option.name" id="option.name" onoffswitchmodel />
+                    </div>
                     <span tooltip-placement="right" tooltip="{{option.helpText}}" class="fa fa-info-circle"></span>
                 </div>
 
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolFactory.java b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolFactory.java
index 8d3a6367af..8b172c3f41 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolFactory.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolFactory.java
@@ -6,11 +6,16 @@ import org.keycloak.models.ProtocolMapperModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.protocol.AbstractLoginProtocolFactory;
 import org.keycloak.protocol.LoginProtocol;
+import org.keycloak.protocol.ProtocolMapperUtils;
 import org.keycloak.protocol.oidc.mappers.OIDCAddressMapper;
+import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
 import org.keycloak.protocol.oidc.mappers.OIDCFullNameMapper;
 import org.keycloak.protocol.oidc.mappers.OIDCUserModelMapper;
 import org.keycloak.services.managers.AuthenticationManager;
 
+import java.util.HashMap;
+import java.util.Map;
+
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
@@ -64,6 +69,10 @@ public class OIDCLoginProtocolFactory extends AbstractLoginProtocolFactory {
             fullName.setConsentRequired(true);
             fullName.setConsentText("full name");
             fullName.setAppliedByDefault(true);
+            Map<String, String> config = new HashMap<String, String>();
+            config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
+            config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
+            fullName.setConfig(config);
             realm.addProtocolMapper(fullName);
         }
 
@@ -75,6 +84,10 @@ public class OIDCLoginProtocolFactory extends AbstractLoginProtocolFactory {
             address.setConsentRequired(true);
             address.setConsentText("address");
             address.setAppliedByDefault(false);
+            Map<String, String> config = new HashMap<String, String>();
+            config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
+            config.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
+            address.setConfig(config);
             realm.addProtocolMapper(address);
         }
 
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCUserModelMapper.java b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCUserModelMapper.java
index 5efa6c6acd..91cb5ad23d 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCUserModelMapper.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/mappers/OIDCUserModelMapper.java
@@ -46,13 +46,6 @@ public class OIDCUserModelMapper extends AbstractOIDCProtocolMapper implements O
         property.setHelpText("JSON type that should be used to populate the json claim in the token.  long, int, boolean, and String are valid values.");
         configProperties.add(property);
         property = new ConfigProperty();
-        property.setName(OIDCAttributeMapperHelper.JSON_TYPE);
-        property.setLabel(OIDCAttributeMapperHelper.JSON_TYPE);
-        property.setType(ConfigProperty.BOOLEAN_TYPE);
-        property.setDefaultValue("true");
-        property.setHelpText("JSON type that should be used to populate the json claim in the token.  long, int, boolean, and String are valid values.");
-        configProperties.add(property);
-        property = new ConfigProperty();
         property.setName(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN);
         property.setLabel(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN_LABEL);
         property.setType(ConfigProperty.BOOLEAN_TYPE);
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java
index efe3fd4c50..722717f0eb 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java
@@ -157,7 +157,7 @@ public class AccountTest {
         });
     }
 
-    //@Test @Ignore
+    @Test @Ignore
     public void runit() throws Exception {
         Thread.sleep(10000000);
     }