keycloak-developers
Changes
services/src/main/java/org/keycloak/broker/provider/HardcodedUserSessionAttributeMapper.java 19(+13 -6)
Details
diff --git a/services/src/main/java/org/keycloak/broker/provider/HardcodedUserSessionAttributeMapper.java b/services/src/main/java/org/keycloak/broker/provider/HardcodedUserSessionAttributeMapper.java
index 1b91f56..5a8a2ed 100755
--- a/services/src/main/java/org/keycloak/broker/provider/HardcodedUserSessionAttributeMapper.java
+++ b/services/src/main/java/org/keycloak/broker/provider/HardcodedUserSessionAttributeMapper.java
@@ -85,20 +85,27 @@ public class HardcodedUserSessionAttributeMapper extends AbstractIdentityProvide
@Override
public void preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
- String attribute = mapperModel.getConfig().get(ATTRIBUTE);
- String attributeValue = mapperModel.getConfig().get(ATTRIBUTE_VALUE);
- context.getAuthenticationSession().setUserSessionNote(attribute, attributeValue);
+ setHardcodedUserSessionAttribute(mapperModel, context);
}
@Override
public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
- String attribute = mapperModel.getConfig().get(ATTRIBUTE);
- String attributeValue = mapperModel.getConfig().get(ATTRIBUTE_VALUE);
- context.getAuthenticationSession().setUserSessionNote(attribute, attributeValue);
+ setHardcodedUserSessionAttribute(mapperModel, context);
+ }
+
+ @Override
+ public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
+ setHardcodedUserSessionAttribute(mapperModel, context);
}
@Override
public String getHelpText() {
return "When user is imported from provider, hardcode a value to a specific user session attribute.";
}
+
+ private void setHardcodedUserSessionAttribute(IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
+ String attribute = mapperModel.getConfig().get(ATTRIBUTE);
+ String attributeValue = mapperModel.getConfig().get(ATTRIBUTE_VALUE);
+ context.getAuthenticationSession().setUserSessionNote(attribute, attributeValue);
+ }
}
diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java
index b64cf03..acd524b 100755
--- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java
+++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java
@@ -28,6 +28,7 @@ import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
+import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.DefaultAuthenticationFlows;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.services.managers.RealmManager;
@@ -755,6 +756,31 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractIdentityProvi
}, APP_REALM_ID);
}
+ // KEYCLOAK-7696
+ @Test
+ public void testHardcodedUserSessionNoteIsSetAfterFristBrokerLogin() {
+ brokerServerRule.update(new KeycloakRule.KeycloakSetup() {
+ @Override
+ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel realmWithBroker) {
+ setUpdateProfileFirstLogin(realmWithBroker, IdentityProviderRepresentation.UPFLM_ON);
+ }
+ }, APP_REALM_ID);
+
+ loginIDP("pedroigor");
+ this.updateProfileWithUsernamePage.assertCurrent();
+
+ this.updateProfileWithUsernamePage.update("Test", "User", "some-user@redhat.com", "some-new-user");
+
+ UserSessionModel userSession = session.sessions().getUserSessions(getRealm(), getFederatedUser()).get(0);
+ assertEquals("sessionvalue", userSession.getNote("user-session-attr"));
+ brokerServerRule.update(new KeycloakRule.KeycloakSetup() {
+ @Override
+ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel realmWithBroker) {
+ setUpdateProfileFirstLogin(realmWithBroker, IdentityProviderRepresentation.UPFLM_MISSING);
+ }
+ }, APP_REALM_ID);
+ }
+
protected void assertFederatedUser(String expectedUsername, String expectedEmail, String expectedFederatedUsername) {
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app"));
diff --git a/testsuite/integration-deprecated/src/test/resources/broker-test/test-realm-with-broker.json b/testsuite/integration-deprecated/src/test/resources/broker-test/test-realm-with-broker.json
index 8d5f102..bbcda61 100755
--- a/testsuite/integration-deprecated/src/test/resources/broker-test/test-realm-with-broker.json
+++ b/testsuite/integration-deprecated/src/test/resources/broker-test/test-realm-with-broker.json
@@ -314,6 +314,15 @@
},
{
+ "name": "hardcoded-user-session",
+ "identityProviderAlias": "kc-oidc-idp",
+ "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper",
+ "config": {
+ "attribute.value": "sessionvalue",
+ "attribute": "user-session-attr"
+ }
+ },
+ {
"name": "mobile-mapper",
"identityProviderAlias": "kc-oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
@@ -343,6 +352,15 @@
}
},
{
+ "name": "hardcoded-user-session",
+ "identityProviderAlias": "kc-saml-idp-basic",
+ "identityProviderMapper": "hardcoded-user-session-attribute-idp-mapper",
+ "config": {
+ "attribute.value": "sessionvalue",
+ "attribute": "user-session-attr"
+ }
+ },
+ {
"name": "manager-mapper",
"identityProviderAlias": "kc-saml-signed-idp",
"identityProviderMapper": "saml-role-idp-mapper",