KEYCLOAK-3505: updated the oidc user attribute mapper used to map oidc broker claims to map the claims from userinfo claim set
This commit is contained in:
parent
59674e44bf
commit
b97908fb02
6 changed files with 60 additions and 3 deletions
|
@ -18,14 +18,17 @@
|
|||
package org.keycloak.broker.oidc.mappers;
|
||||
|
||||
import org.keycloak.broker.oidc.KeycloakOIDCIdentityProvider;
|
||||
import org.keycloak.broker.oidc.OIDCIdentityProvider;
|
||||
import org.keycloak.broker.provider.AbstractIdentityProviderMapper;
|
||||
import org.keycloak.broker.provider.BrokeredIdentityContext;
|
||||
import org.keycloak.models.IdentityProviderMapperModel;
|
||||
import org.keycloak.representations.JsonWebToken;
|
||||
|
||||
import com.fasterxml.jackson.databind.JsonNode;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
|
@ -71,6 +74,12 @@ public abstract class AbstractClaimMapper extends AbstractIdentityProviderMapper
|
|||
}
|
||||
|
||||
}
|
||||
{
|
||||
// Search the OIDC UserInfo claim set (if any)
|
||||
JsonNode profileJsonNode = (JsonNode) context.getContextData().get(OIDCIdentityProvider.USER_INFO);
|
||||
String value = AbstractJsonUserAttributeMapper.getJsonValue(profileJsonNode, claim);
|
||||
if (value != null) return value;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
|
|
|
@ -126,7 +126,7 @@ public class UserAttributeMapper extends AbstractClaimMapper {
|
|||
|
||||
@Override
|
||||
public String getHelpText() {
|
||||
return "Import declared claim if it exists in ID or access token into the specified user property or attribute.";
|
||||
return "Import declared claim if it exists in ID, access token or the claim set returned by the user profile endpoint into the specified user property or attribute.";
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -316,6 +316,20 @@ public abstract class AbstractKeycloakIdentityProviderTest extends AbstractIdent
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test for KEYCLOAK-3505 - Verify the claims from the claim set returned by the OIDC UserInfo are correctly mapped
|
||||
* by the user attribute mapper
|
||||
*
|
||||
*/
|
||||
protected void verifyAttributeMapperHandlesUserInfoClaims() {
|
||||
IdentityProviderModel identityProviderModel = getIdentityProviderModel();
|
||||
setUpdateProfileFirstLogin(IdentityProviderRepresentation.UPFLM_ON);
|
||||
|
||||
UserModel user = assertSuccessfulAuthentication(identityProviderModel, "test-user", "new@email.com", true);
|
||||
Assert.assertEquals("A00", user.getFirstAttribute("tenantid"));
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testSuccessfulAuthenticationWithoutUpdateProfile_newUser_emailAsUsername() {
|
||||
RealmModel realm = getRealm();
|
||||
|
|
|
@ -100,6 +100,17 @@ public class OIDCBrokerUserPropertyTest extends AbstractKeycloakIdentityProvider
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test for KEYCLOAK-3505 - Verify the claims from the claim set returned by the OIDC UserInfo are correctly mapped
|
||||
* by the user attribute mapper
|
||||
*
|
||||
*/
|
||||
@Test
|
||||
public void testSuccessfulAuthentication_verifyAttributeMapperHandlesUserInfoClaims() {
|
||||
verifyAttributeMapperHandlesUserInfoClaims();
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
@Test
|
||||
public void testSuccessfulAuthenticationWithoutUpdateProfile() {
|
||||
|
|
|
@ -17,6 +17,20 @@
|
|||
"http://localhost:8081/auth/realms/realm-with-broker/broker/kc-oidc-idp-property-mappers/endpoint/*"
|
||||
],
|
||||
"protocolMappers": [
|
||||
{
|
||||
"name": "tenantid",
|
||||
"protocol": "openid-connect",
|
||||
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
||||
"consentRequired": false,
|
||||
"config": {
|
||||
"user.attribute": "tenantid",
|
||||
"claim.name": "tenantid",
|
||||
"Claim JSON Type": "String",
|
||||
"access.token.claim": "false",
|
||||
"id.token.claim": "false",
|
||||
"userinfo.token.claim": "true"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "mobile",
|
||||
"protocol": "openid-connect",
|
||||
|
@ -28,7 +42,6 @@
|
|||
"Claim JSON Type": "String",
|
||||
"access.token.claim": "true",
|
||||
"id.token.claim": "true"
|
||||
|
||||
}
|
||||
},
|
||||
{
|
||||
|
@ -109,7 +122,8 @@
|
|||
],
|
||||
"realmRoles": ["manager"],
|
||||
"attributes": {
|
||||
"mobile": "617-666-7777"
|
||||
"mobile": "617-666-7777",
|
||||
"tenantid": "A00"
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
|
@ -243,6 +243,15 @@
|
|||
"claim": "family_name"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "kc-tenantid-mapper",
|
||||
"identityProviderAlias": "kc-oidc-idp-property-mappers",
|
||||
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
|
||||
"config": {
|
||||
"user.attribute": "tenantid",
|
||||
"claim": "tenantid"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "manager-mapper",
|
||||
"identityProviderAlias": "kc-oidc-idp",
|
||||
|
|
Loading…
Reference in a new issue