Set hardcoded user session attribute after IDP first login flow

2018-06-23 23:41:16 +02:00 · 2018-06-23 23:41:16 +02:00 · fc3ca33033
commit fc3ca33033
parent 2fb022e501
3 changed files with 57 additions and 6 deletions
--- a/services/src/main/java/org/keycloak/broker/provider/HardcodedUserSessionAttributeMapper.java
+++ b/services/src/main/java/org/keycloak/broker/provider/HardcodedUserSessionAttributeMapper.java
@ -85,20 +85,27 @@ public class HardcodedUserSessionAttributeMapper extends AbstractIdentityProvide

    @Override
    public void preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
-        String attribute = mapperModel.getConfig().get(ATTRIBUTE);
-        String attributeValue = mapperModel.getConfig().get(ATTRIBUTE_VALUE);
-        context.getAuthenticationSession().setUserSessionNote(attribute, attributeValue);
+        setHardcodedUserSessionAttribute(mapperModel, context);
    }

    @Override
    public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
-        String attribute = mapperModel.getConfig().get(ATTRIBUTE);
-        String attributeValue = mapperModel.getConfig().get(ATTRIBUTE_VALUE);
-        context.getAuthenticationSession().setUserSessionNote(attribute, attributeValue);
+        setHardcodedUserSessionAttribute(mapperModel, context);
+    }
+
+    @Override
+    public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
+        setHardcodedUserSessionAttribute(mapperModel, context);
    }

    @Override
    public String getHelpText() {
        return "When user is imported from provider, hardcode a value to a specific user session attribute.";
    }
+
+    private void setHardcodedUserSessionAttribute(IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
+        String attribute = mapperModel.getConfig().get(ATTRIBUTE);
+        String attributeValue = mapperModel.getConfig().get(ATTRIBUTE_VALUE);
+        context.getAuthenticationSession().setUserSessionNote(attribute, attributeValue);
+    }
 }
--- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java
+++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java
@ -28,6 +28,7 @@ import org.keycloak.models.AuthenticatorConfigModel;
 import org.keycloak.models.FederatedIdentityModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
+import org.keycloak.models.UserSessionModel;
 import org.keycloak.models.utils.DefaultAuthenticationFlows;
 import org.keycloak.representations.idm.IdentityProviderRepresentation;
 import org.keycloak.services.managers.RealmManager;
@ -755,6 +756,31 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractIdentityProvi
        }, APP_REALM_ID);
    }

+    // KEYCLOAK-7696
+    @Test
+    public void testHardcodedUserSessionNoteIsSetAfterFristBrokerLogin() {
+        brokerServerRule.update(new KeycloakRule.KeycloakSetup() {
+            @Override
+            public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel realmWithBroker) {
+                setUpdateProfileFirstLogin(realmWithBroker, IdentityProviderRepresentation.UPFLM_ON);
+            }
+        }, APP_REALM_ID);
+
+        loginIDP("pedroigor");
+        this.updateProfileWithUsernamePage.assertCurrent();
+
+        this.updateProfileWithUsernamePage.update("Test", "User", "some-user@redhat.com", "some-new-user");
+
+        UserSessionModel userSession = session.sessions().getUserSessions(getRealm(), getFederatedUser()).get(0);
+        assertEquals("sessionvalue", userSession.getNote("user-session-attr"));
+        brokerServerRule.update(new KeycloakRule.KeycloakSetup() {
+            @Override
+            public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel realmWithBroker) {
+                setUpdateProfileFirstLogin(realmWithBroker, IdentityProviderRepresentation.UPFLM_MISSING);
+            }
+        }, APP_REALM_ID);
+    }
+

    protected void assertFederatedUser(String expectedUsername, String expectedEmail, String expectedFederatedUsername) {
        assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app"));
--- a/testsuite/integration-deprecated/src/test/resources/broker-test/test-realm-with-broker.json
+++ b/testsuite/integration-deprecated/src/test/resources/broker-test/test-realm-with-broker.json
@ -313,6 +313,15 @@
            }

        },
+        {
+            "name": "hardcoded-user-session",
+            "identityProviderAlias": "kc-oidc-idp",
+            "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper",
+            "config": {
+                "attribute.value": "sessionvalue",
+                "attribute": "user-session-attr"
+            }
+        },
        {
            "name": "mobile-mapper",
            "identityProviderAlias": "kc-oidc-idp",
@ -342,6 +351,15 @@
                "attribute.name": "mobile"
            }
        },
+        {
+            "name": "hardcoded-user-session",
+            "identityProviderAlias": "kc-saml-idp-basic",
+            "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper",
+            "config": {
+                "attribute.value": "sessionvalue",
+                "attribute": "user-session-attr"
+            }
+        },
        {
            "name": "manager-mapper",
            "identityProviderAlias": "kc-saml-signed-idp",