Set hardcoded user session attribute after IDP first login flow

This commit is contained in:
Johannes Knutsen 2018-06-23 23:41:16 +02:00 committed by Marek Posolda
parent 2fb022e501
commit fc3ca33033
3 changed files with 57 additions and 6 deletions

View file

@ -85,20 +85,27 @@ public class HardcodedUserSessionAttributeMapper extends AbstractIdentityProvide
@Override
public void preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
String attribute = mapperModel.getConfig().get(ATTRIBUTE);
String attributeValue = mapperModel.getConfig().get(ATTRIBUTE_VALUE);
context.getAuthenticationSession().setUserSessionNote(attribute, attributeValue);
setHardcodedUserSessionAttribute(mapperModel, context);
}
@Override
public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
String attribute = mapperModel.getConfig().get(ATTRIBUTE);
String attributeValue = mapperModel.getConfig().get(ATTRIBUTE_VALUE);
context.getAuthenticationSession().setUserSessionNote(attribute, attributeValue);
setHardcodedUserSessionAttribute(mapperModel, context);
}
@Override
public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
setHardcodedUserSessionAttribute(mapperModel, context);
}
@Override
public String getHelpText() {
return "When user is imported from provider, hardcode a value to a specific user session attribute.";
}
private void setHardcodedUserSessionAttribute(IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
String attribute = mapperModel.getConfig().get(ATTRIBUTE);
String attributeValue = mapperModel.getConfig().get(ATTRIBUTE_VALUE);
context.getAuthenticationSession().setUserSessionNote(attribute, attributeValue);
}
}

View file

@ -28,6 +28,7 @@ import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.DefaultAuthenticationFlows;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.services.managers.RealmManager;
@ -755,6 +756,31 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractIdentityProvi
}, APP_REALM_ID);
}
// KEYCLOAK-7696
@Test
public void testHardcodedUserSessionNoteIsSetAfterFristBrokerLogin() {
brokerServerRule.update(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel realmWithBroker) {
setUpdateProfileFirstLogin(realmWithBroker, IdentityProviderRepresentation.UPFLM_ON);
}
}, APP_REALM_ID);
loginIDP("pedroigor");
this.updateProfileWithUsernamePage.assertCurrent();
this.updateProfileWithUsernamePage.update("Test", "User", "some-user@redhat.com", "some-new-user");
UserSessionModel userSession = session.sessions().getUserSessions(getRealm(), getFederatedUser()).get(0);
assertEquals("sessionvalue", userSession.getNote("user-session-attr"));
brokerServerRule.update(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel realmWithBroker) {
setUpdateProfileFirstLogin(realmWithBroker, IdentityProviderRepresentation.UPFLM_MISSING);
}
}, APP_REALM_ID);
}
protected void assertFederatedUser(String expectedUsername, String expectedEmail, String expectedFederatedUsername) {
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app"));

View file

@ -313,6 +313,15 @@
}
},
{
"name": "hardcoded-user-session",
"identityProviderAlias": "kc-oidc-idp",
"identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper",
"config": {
"attribute.value": "sessionvalue",
"attribute": "user-session-attr"
}
},
{
"name": "mobile-mapper",
"identityProviderAlias": "kc-oidc-idp",
@ -342,6 +351,15 @@
"attribute.name": "mobile"
}
},
{
"name": "hardcoded-user-session",
"identityProviderAlias": "kc-saml-idp-basic",
"identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper",
"config": {
"attribute.value": "sessionvalue",
"attribute": "user-session-attr"
}
},
{
"name": "manager-mapper",
"identityProviderAlias": "kc-saml-signed-idp",