keycloak-aplcache
Changes
saml/saml-protocol/src/main/resources/META-INF/services/org.keycloak.protocol.ProtocolMapper 4(+2 -2)
Details
diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocolFactory.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocolFactory.java
index 83b4b1a..8ef3c80 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocolFactory.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocolFactory.java
@@ -9,7 +9,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.protocol.AbstractLoginProtocolFactory;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.saml.mappers.AttributeStatementHelper;
-import org.keycloak.protocol.saml.mappers.SAMLBasicRoleListMapper;
+import org.keycloak.protocol.saml.mappers.RoleListMapper;
import org.keycloak.protocol.saml.mappers.UserPropertyAttributeStatementMapper;
import org.keycloak.services.managers.AuthenticationManager;
import org.picketlink.common.constants.JBossSAMLURIConstants;
@@ -77,7 +77,7 @@ public class SamlProtocolFactory extends AbstractLoginProtocolFactory {
X500SAMLProfileConstants.SURNAME.getFriendlyName(),
true, "family name");
builtins.add(model);
- model = SAMLBasicRoleListMapper.create("role list", "Role", AttributeStatementHelper.BASIC, null, false);
+ model = RoleListMapper.create("role list", "Role", AttributeStatementHelper.BASIC, null, false);
builtins.add(model);
defaultBuiltins.add(model);
diff --git a/saml/saml-protocol/src/main/resources/META-INF/services/org.keycloak.protocol.ProtocolMapper b/saml/saml-protocol/src/main/resources/META-INF/services/org.keycloak.protocol.ProtocolMapper
index 52f5d7c..392feae 100755
--- a/saml/saml-protocol/src/main/resources/META-INF/services/org.keycloak.protocol.ProtocolMapper
+++ b/saml/saml-protocol/src/main/resources/META-INF/services/org.keycloak.protocol.ProtocolMapper
@@ -1,5 +1,5 @@
-org.keycloak.protocol.saml.mappers.SAMLBasicRoleListMapper
-org.keycloak.protocol.saml.mappers.SAMLBasicRoleNameMapper
+org.keycloak.protocol.saml.mappers.RoleListMapper
+org.keycloak.protocol.saml.mappers.RoleNameMapper
org.keycloak.protocol.saml.mappers.HardcodedRole
org.keycloak.protocol.saml.mappers.HardcodedAttributeMapper
org.keycloak.protocol.saml.mappers.UserAttributeStatementMapper
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolFactory.java b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolFactory.java
index 1c27033..120446f 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolFactory.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolFactory.java
@@ -8,11 +8,11 @@ import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.AbstractLoginProtocolFactory;
import org.keycloak.protocol.LoginProtocol;
-import org.keycloak.protocol.oidc.mappers.OIDCAddressMapper;
+import org.keycloak.protocol.oidc.mappers.AddressMapper;
+import org.keycloak.protocol.oidc.mappers.FullNameMapper;
import org.keycloak.protocol.oidc.mappers.OIDCAttributeMapperHelper;
-import org.keycloak.protocol.oidc.mappers.OIDCFullNameMapper;
-import org.keycloak.protocol.oidc.mappers.OIDCUserModelMapper;
-import org.keycloak.protocol.oidc.mappers.OIDCUserSessionNoteMapper;
+import org.keycloak.protocol.oidc.mappers.UserPropertyMapper;
+import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
import org.keycloak.services.managers.AuthenticationManager;
import java.util.ArrayList;
@@ -41,35 +41,35 @@ public class OIDCLoginProtocolFactory extends AbstractLoginProtocolFactory {
static {
ProtocolMapperModel model;
- model = OIDCUserModelMapper.createClaimMapper("username",
+ model = UserPropertyMapper.createClaimMapper("username",
"username",
"preferred_username", "String",
true, "username",
true, true);
builtins.add(model);
defaultBuiltins.add(model);
- model = OIDCUserModelMapper.createClaimMapper("email",
+ model = UserPropertyMapper.createClaimMapper("email",
"email",
"email", "String",
true, "email",
true, true);
builtins.add(model);
defaultBuiltins.add(model);
- model = OIDCUserModelMapper.createClaimMapper("given name",
+ model = UserPropertyMapper.createClaimMapper("given name",
"firstName",
"given_name", "String",
true, "given name",
true, true);
builtins.add(model);
defaultBuiltins.add(model);
- model = OIDCUserModelMapper.createClaimMapper("family name",
+ model = UserPropertyMapper.createClaimMapper("family name",
"lastName",
"family_name", "String",
true, "family name",
true, true);
builtins.add(model);
defaultBuiltins.add(model);
- model = OIDCUserModelMapper.createClaimMapper("email verified",
+ model = UserPropertyMapper.createClaimMapper("email verified",
"emailVerified",
"email_verified", "boolean",
false, null,
@@ -78,7 +78,7 @@ public class OIDCLoginProtocolFactory extends AbstractLoginProtocolFactory {
ProtocolMapperModel fullName = new ProtocolMapperModel();
fullName.setName("full name");
- fullName.setProtocolMapper(OIDCFullNameMapper.PROVIDER_ID);
+ fullName.setProtocolMapper(FullNameMapper.PROVIDER_ID);
fullName.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
fullName.setConsentRequired(true);
fullName.setConsentText("full name");
@@ -89,10 +89,10 @@ public class OIDCLoginProtocolFactory extends AbstractLoginProtocolFactory {
builtins.add(fullName);
defaultBuiltins.add(fullName);
- ProtocolMapperModel address = OIDCAddressMapper.createAddressMapper();
+ ProtocolMapperModel address = AddressMapper.createAddressMapper();
builtins.add(address);
- model = OIDCUserSessionNoteMapper.createClaimMapper(KerberosConstants.GSS_DELEGATION_CREDENTIAL_DISPLAY_NAME,
+ model = UserSessionNoteMapper.createClaimMapper(KerberosConstants.GSS_DELEGATION_CREDENTIAL_DISPLAY_NAME,
KerberosConstants.GSS_DELEGATION_CREDENTIAL,
KerberosConstants.GSS_DELEGATION_CREDENTIAL, "String",
true, KerberosConstants.GSS_DELEGATION_CREDENTIAL_DISPLAY_NAME,
diff --git a/services/src/main/resources/META-INF/services/org.keycloak.protocol.ProtocolMapper b/services/src/main/resources/META-INF/services/org.keycloak.protocol.ProtocolMapper
index f8cc934..4ea322a 100755
--- a/services/src/main/resources/META-INF/services/org.keycloak.protocol.ProtocolMapper
+++ b/services/src/main/resources/META-INF/services/org.keycloak.protocol.ProtocolMapper
@@ -1,10 +1,10 @@
-org.keycloak.protocol.oidc.mappers.OIDCUserAttributeMapper
-org.keycloak.protocol.oidc.mappers.OIDCFullNameMapper
-org.keycloak.protocol.oidc.mappers.OIDCUserModelMapper
-org.keycloak.protocol.oidc.mappers.OIDCAddressMapper
-org.keycloak.protocol.oidc.mappers.OIDCAddClaimMapper
-org.keycloak.protocol.oidc.mappers.OIDCAddRoleMapper
-org.keycloak.protocol.oidc.mappers.OIDCRoleMapper
-org.keycloak.protocol.oidc.mappers.OIDCUserSessionNoteMapper
+org.keycloak.protocol.oidc.mappers.UserAttributeMapper
+org.keycloak.protocol.oidc.mappers.FullNameMapper
+org.keycloak.protocol.oidc.mappers.UserPropertyMapper
+org.keycloak.protocol.oidc.mappers.AddressMapper
+org.keycloak.protocol.oidc.mappers.HardcodedClaim
+org.keycloak.protocol.oidc.mappers.HardcodedRole
+org.keycloak.protocol.oidc.mappers.RoleNameMapper
+org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/AbstractKerberosTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/AbstractKerberosTest.java
old mode 100644
new mode 100755
index 2cbe7ae..9d59ad9
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/AbstractKerberosTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/federation/AbstractKerberosTest.java
@@ -17,7 +17,6 @@ import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
-import org.keycloak.OAuth2Constants;
import org.keycloak.adapters.HttpClientBuilder;
import org.keycloak.events.Details;
import org.keycloak.federation.kerberos.CommonKerberosConfig;
@@ -31,15 +30,11 @@ import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
-import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
-import org.keycloak.protocol.oidc.mappers.OIDCUserSessionNoteMapper;
+import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.OAuthClient;
-import org.keycloak.testsuite.adapter.AdapterTest;
-import org.keycloak.testsuite.adapter.AdapterTestStrategy;
import org.keycloak.testsuite.pages.AccountPasswordPage;
-import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
@@ -182,7 +177,7 @@ public abstract class AbstractKerberosTest {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
- ProtocolMapperModel protocolMapper = OIDCUserSessionNoteMapper.createClaimMapper(KerberosConstants.GSS_DELEGATION_CREDENTIAL_DISPLAY_NAME,
+ ProtocolMapperModel protocolMapper = UserSessionNoteMapper.createClaimMapper(KerberosConstants.GSS_DELEGATION_CREDENTIAL_DISPLAY_NAME,
KerberosConstants.GSS_DELEGATION_CREDENTIAL,
KerberosConstants.GSS_DELEGATION_CREDENTIAL, "String",
true, KerberosConstants.GSS_DELEGATION_CREDENTIAL_DISPLAY_NAME,
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
index 6fca683..7b51c15 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
@@ -40,8 +40,12 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
-import org.keycloak.protocol.oidc.mappers.OIDCAddressMapper;
-import org.keycloak.protocol.oidc.mappers.OIDCUserAttributeMapper;
+import org.keycloak.protocol.oidc.mappers.AddressMapper;
+import org.keycloak.protocol.oidc.mappers.FullNameMapper;
+import org.keycloak.protocol.oidc.mappers.HardcodedClaim;
+import org.keycloak.protocol.oidc.mappers.HardcodedRole;
+import org.keycloak.protocol.oidc.mappers.RoleNameMapper;
+import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.IDToken;
import org.keycloak.services.managers.RealmManager;
@@ -67,6 +71,7 @@ import javax.ws.rs.core.UriBuilder;
import java.io.IOException;
import java.net.URI;
import java.util.HashMap;
+import java.util.Map;
import static org.hamcrest.Matchers.*;
import static org.junit.Assert.*;
@@ -594,9 +599,14 @@ public class AccessTokenTest {
user.setAttribute("country", "USA");
user.setAttribute("phone", "617-777-6666");
ApplicationModel app = realm.getApplicationByName("test-app");
- ProtocolMapperModel mapper = OIDCAddressMapper.createAddressMapper(true, true);
+ ProtocolMapperModel mapper = AddressMapper.createAddressMapper(true, true);
app.addProtocolMapper(mapper);
- app.addProtocolMapper(OIDCUserAttributeMapper.createClaimMapper("custom phone", "phone", "home_phone", "String", true, "", true, true));
+ app.addProtocolMapper(HardcodedClaim.create("hard", "hard", "coded", "String", false, null, true, true));
+ app.addProtocolMapper(HardcodedClaim.create("hard-nested", "nested.hard", "coded-nested", "String", false, null, true, true));
+ app.addProtocolMapper(UserAttributeMapper.createClaimMapper("custom phone", "phone", "home_phone", "String", true, "", true, true));
+ app.addProtocolMapper(UserAttributeMapper.createClaimMapper("nested phone", "phone", "home.phone", "String", true, "", true, true));
+ app.addProtocolMapper(HardcodedRole.create("hard-realm", "hardcoded"));
+ app.addProtocolMapper(HardcodedRole.create("hard-app", "app.hardcoded"));
session.getTransaction().commit();
session.close();
}
@@ -607,15 +617,22 @@ public class AccessTokenTest {
org.keycloak.representations.AccessTokenResponse tokenResponse = response.readEntity(org.keycloak.representations.AccessTokenResponse.class);
IDToken idToken = getIdToken(tokenResponse);
Assert.assertNotNull(idToken.getAddress());
+ Assert.assertEquals(idToken.getName(), "Tom Brady");
Assert.assertEquals(idToken.getAddress().getStreetAddress(), "5 Yawkey Way");
Assert.assertEquals(idToken.getAddress().getLocality(), "Boston");
Assert.assertEquals(idToken.getAddress().getRegion(), "MA");
Assert.assertEquals(idToken.getAddress().getPostalCode(), "02115");
Assert.assertEquals(idToken.getAddress().getCountry(), "USA");
Assert.assertNotNull(idToken.getOtherClaims().get("home_phone"));
- //Assert.assertEquals("617-777-6666", idToken.getOtherClaims().get("home_phone"));
+ Assert.assertEquals("617-777-6666", idToken.getOtherClaims().get("home_phone"));
+ Assert.assertEquals("coded", idToken.getOtherClaims().get("hard"));
+ Map nested = (Map)idToken.getOtherClaims().get("nested");
+ Assert.assertEquals("coded-nested", nested.get("hard"));
+ nested = (Map)idToken.getOtherClaims().get("home");
+ Assert.assertEquals("617-777-6666", nested.get("phone"));
AccessToken accessToken = getAccessToken(tokenResponse);
+ Assert.assertEquals(accessToken.getName(), "Tom Brady");
Assert.assertNotNull(accessToken.getAddress());
Assert.assertEquals(accessToken.getAddress().getStreetAddress(), "5 Yawkey Way");
Assert.assertEquals(accessToken.getAddress().getLocality(), "Boston");
@@ -624,6 +641,13 @@ public class AccessTokenTest {
Assert.assertEquals(accessToken.getAddress().getCountry(), "USA");
Assert.assertNotNull(accessToken.getOtherClaims().get("home_phone"));
Assert.assertEquals("617-777-6666", accessToken.getOtherClaims().get("home_phone"));
+ Assert.assertEquals("coded", accessToken.getOtherClaims().get("hard"));
+ nested = (Map)accessToken.getOtherClaims().get("nested");
+ Assert.assertEquals("coded-nested", nested.get("hard"));
+ nested = (Map)accessToken.getOtherClaims().get("home");
+ Assert.assertEquals("617-777-6666", nested.get("phone"));
+ Assert.assertTrue(accessToken.getRealmAccess().getRoles().contains("hardcoded"));
+ Assert.assertTrue(accessToken.getResourceAccess("app").getRoles().contains("hardcoded"));
response.close();
@@ -645,7 +669,7 @@ public class AccessTokenTest {
}
private AccessToken getAccessToken(org.keycloak.representations.AccessTokenResponse tokenResponse) throws VerificationException {
- JWSInput input = new JWSInput(tokenResponse.getIdToken());
+ JWSInput input = new JWSInput(tokenResponse.getToken());
AccessToken idToken = null;
try {
idToken = input.readJsonContent(AccessToken.class);
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlBindingTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlBindingTest.java
index 389fd09..b8e9e1c 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlBindingTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlBindingTest.java
@@ -3,7 +3,6 @@ package org.keycloak.testsuite.saml;
import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput;
import org.junit.Assert;
import org.junit.ClassRule;
-import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.Config;
@@ -18,8 +17,8 @@ import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.protocol.saml.mappers.AttributeStatementHelper;
import org.keycloak.protocol.saml.mappers.HardcodedAttributeMapper;
import org.keycloak.protocol.saml.mappers.HardcodedRole;
-import org.keycloak.protocol.saml.mappers.SAMLBasicRoleListMapper;
-import org.keycloak.protocol.saml.mappers.SAMLBasicRoleNameMapper;
+import org.keycloak.protocol.saml.mappers.RoleListMapper;
+import org.keycloak.protocol.saml.mappers.RoleNameMapper;
import org.keycloak.representations.AccessToken;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.admin.AdminRoot;
@@ -263,15 +262,15 @@ public class SamlBindingTest {
if (mapper.getName().equals("role-list")) {
app.removeProtocolMapper(mapper);
mapper.setId(null);
- mapper.getConfig().put(SAMLBasicRoleListMapper.SINGLE_ROLE_ATTRIBUTE, "true");
+ mapper.getConfig().put(RoleListMapper.SINGLE_ROLE_ATTRIBUTE, "true");
mapper.getConfig().put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "memberOf");
app.addProtocolMapper(mapper);
}
}
app.addProtocolMapper(HardcodedAttributeMapper.create("hardcoded-attribute", "hardcoded-attribute", "Basic", null, "hard", false, null));
app.addProtocolMapper(HardcodedRole.create("hardcoded-role", "hardcoded-role"));
- app.addProtocolMapper(SAMLBasicRoleNameMapper.create("renamed-role","manager", "el-jefe"));
- app.addProtocolMapper(SAMLBasicRoleNameMapper.create("renamed-employee-role","http://localhost:8081/employee/.employee", "pee-on"));
+ app.addProtocolMapper(RoleNameMapper.create("renamed-role", "manager", "el-jefe"));
+ app.addProtocolMapper(RoleNameMapper.create("renamed-employee-role", "http://localhost:8081/employee/.employee", "pee-on"));
}
}, "demo");
@@ -324,9 +323,6 @@ public class SamlBindingTest {
Assert.assertTrue(userRole);
Assert.assertTrue(managerRole);
}
-
-
-
}
@Test
diff --git a/testsuite/integration/src/test/resources/testrealm.json b/testsuite/integration/src/test/resources/testrealm.json
index 81a442d..17c54dc 100755
--- a/testsuite/integration/src/test/resources/testrealm.json
+++ b/testsuite/integration/src/test/resources/testrealm.json
@@ -20,6 +20,8 @@
"username" : "test-user@localhost",
"enabled": true,
"email" : "test-user@localhost",
+ "firstName": "Tom",
+ "lastName": "Brady",
"credentials" : [
{ "type" : "password",
"value" : "password" }