Set hardcoded user session attribute after IDP first login flow
This commit is contained in:
parent
2fb022e501
commit
fc3ca33033
3 changed files with 57 additions and 6 deletions
|
@ -85,20 +85,27 @@ public class HardcodedUserSessionAttributeMapper extends AbstractIdentityProvide
|
|||
|
||||
@Override
|
||||
public void preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
|
||||
String attribute = mapperModel.getConfig().get(ATTRIBUTE);
|
||||
String attributeValue = mapperModel.getConfig().get(ATTRIBUTE_VALUE);
|
||||
context.getAuthenticationSession().setUserSessionNote(attribute, attributeValue);
|
||||
setHardcodedUserSessionAttribute(mapperModel, context);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
|
||||
String attribute = mapperModel.getConfig().get(ATTRIBUTE);
|
||||
String attributeValue = mapperModel.getConfig().get(ATTRIBUTE_VALUE);
|
||||
context.getAuthenticationSession().setUserSessionNote(attribute, attributeValue);
|
||||
setHardcodedUserSessionAttribute(mapperModel, context);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
|
||||
setHardcodedUserSessionAttribute(mapperModel, context);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getHelpText() {
|
||||
return "When user is imported from provider, hardcode a value to a specific user session attribute.";
|
||||
}
|
||||
|
||||
private void setHardcodedUserSessionAttribute(IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
|
||||
String attribute = mapperModel.getConfig().get(ATTRIBUTE);
|
||||
String attributeValue = mapperModel.getConfig().get(ATTRIBUTE_VALUE);
|
||||
context.getAuthenticationSession().setUserSessionNote(attribute, attributeValue);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -28,6 +28,7 @@ import org.keycloak.models.AuthenticatorConfigModel;
|
|||
import org.keycloak.models.FederatedIdentityModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
import org.keycloak.models.utils.DefaultAuthenticationFlows;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.services.managers.RealmManager;
|
||||
|
@ -755,6 +756,31 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractIdentityProvi
|
|||
}, APP_REALM_ID);
|
||||
}
|
||||
|
||||
// KEYCLOAK-7696
|
||||
@Test
|
||||
public void testHardcodedUserSessionNoteIsSetAfterFristBrokerLogin() {
|
||||
brokerServerRule.update(new KeycloakRule.KeycloakSetup() {
|
||||
@Override
|
||||
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel realmWithBroker) {
|
||||
setUpdateProfileFirstLogin(realmWithBroker, IdentityProviderRepresentation.UPFLM_ON);
|
||||
}
|
||||
}, APP_REALM_ID);
|
||||
|
||||
loginIDP("pedroigor");
|
||||
this.updateProfileWithUsernamePage.assertCurrent();
|
||||
|
||||
this.updateProfileWithUsernamePage.update("Test", "User", "some-user@redhat.com", "some-new-user");
|
||||
|
||||
UserSessionModel userSession = session.sessions().getUserSessions(getRealm(), getFederatedUser()).get(0);
|
||||
assertEquals("sessionvalue", userSession.getNote("user-session-attr"));
|
||||
brokerServerRule.update(new KeycloakRule.KeycloakSetup() {
|
||||
@Override
|
||||
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel realmWithBroker) {
|
||||
setUpdateProfileFirstLogin(realmWithBroker, IdentityProviderRepresentation.UPFLM_MISSING);
|
||||
}
|
||||
}, APP_REALM_ID);
|
||||
}
|
||||
|
||||
|
||||
protected void assertFederatedUser(String expectedUsername, String expectedEmail, String expectedFederatedUsername) {
|
||||
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app"));
|
||||
|
|
|
@ -313,6 +313,15 @@
|
|||
}
|
||||
|
||||
},
|
||||
{
|
||||
"name": "hardcoded-user-session",
|
||||
"identityProviderAlias": "kc-oidc-idp",
|
||||
"identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper",
|
||||
"config": {
|
||||
"attribute.value": "sessionvalue",
|
||||
"attribute": "user-session-attr"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "mobile-mapper",
|
||||
"identityProviderAlias": "kc-oidc-idp",
|
||||
|
@ -342,6 +351,15 @@
|
|||
"attribute.name": "mobile"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "hardcoded-user-session",
|
||||
"identityProviderAlias": "kc-saml-idp-basic",
|
||||
"identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper",
|
||||
"config": {
|
||||
"attribute.value": "sessionvalue",
|
||||
"attribute": "user-session-attr"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "manager-mapper",
|
||||
"identityProviderAlias": "kc-saml-signed-idp",
|
||||
|
|
Loading…
Reference in a new issue