@Test
  public void testAttributes() throws Exception {
    // this test has a hardcoded SAMLRequest and we hack a SP face servlet to get the SAMLResponse
    // so we can look
    // at the assertions sent.  This is because Picketlink, AFAICT, does not give you any way to get
    // access to
    // the assertion.

    {
      SamlSPFacade.samlResponse = null;
      driver.navigate().to("http://*****:*****@redhat.com");
            email = true;
          } else if (attr.getName().equals("phone")) {
            Assert.assertEquals(
                JBossSAMLURIConstants.ATTRIBUTE_FORMAT_BASIC.get(), attr.getNameFormat());
            Assert.assertEquals(attr.getAttributeValue().get(0), "617");
            phone = true;
          } else if (attr.getName().equals("Role")) {
            if (attr.getAttributeValue().get(0).equals("manager")) managerRole = true;
            if (attr.getAttributeValue().get(0).equals("user")) userRole = true;
          }
        }
      }

      Assert.assertTrue(email);
      Assert.assertTrue(phone);
      Assert.assertTrue(userRole);
      Assert.assertTrue(managerRole);
    }

    keycloakRule.update(
        new KeycloakRule.KeycloakSetup() {
          @Override
          public void config(
              RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
            ClientModel app = appRealm.getClientByClientId("http://localhost:8081/employee/");
            for (ProtocolMapperModel mapper : app.getProtocolMappers()) {
              if (mapper.getName().equals("role-list")) {
                app.removeProtocolMapper(mapper);
                mapper.setId(null);
                mapper.getConfig().put(RoleListMapper.SINGLE_ROLE_ATTRIBUTE, "true");
                mapper.getConfig().put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "memberOf");
                app.addProtocolMapper(mapper);
              }
            }
            app.addProtocolMapper(
                HardcodedAttributeMapper.create(
                    "hardcoded-attribute",
                    "hardcoded-attribute",
                    "Basic",
                    null,
                    "hard",
                    false,
                    null));
            app.addProtocolMapper(HardcodedRole.create("hardcoded-role", "hardcoded-role"));
            app.addProtocolMapper(RoleNameMapper.create("renamed-role", "manager", "el-jefe"));
            app.addProtocolMapper(
                RoleNameMapper.create(
                    "renamed-employee-role", "http://localhost:8081/employee/.employee", "pee-on"));
          }
        },
        "demo");

    System.out.println(">>>>>>>>>> single role attribute <<<<<<<<");

    {
      SamlSPFacade.samlResponse = null;
      driver.navigate().to("http://localhost:8081/employee/");
      System.out.println(driver.getCurrentUrl());
      Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee/");
      Assert.assertNotNull(SamlSPFacade.samlResponse);
      SAML2Response saml2Response = new SAML2Response();
      byte[] samlResponse = PostBindingUtil.base64Decode(SamlSPFacade.samlResponse);
      ResponseType rt = saml2Response.getResponseType(new ByteArrayInputStream(samlResponse));
      Assert.assertTrue(rt.getAssertions().size() == 1);
      AssertionType assertion = rt.getAssertions().get(0).getAssertion();

      // test attributes and roles

      boolean userRole = false;
      boolean managerRole = false;
      boolean single = false;
      boolean hardcodedRole = false;
      boolean hardcodedAttribute = false;
      boolean peeOn = false;
      for (AttributeStatementType statement : assertion.getAttributeStatements()) {
        for (AttributeStatementType.ASTChoiceType choice : statement.getAttributes()) {
          AttributeType attr = choice.getAttribute();
          if (attr.getName().equals("memberOf")) {
            if (single) Assert.fail("too many role attributes");
            single = true;
            for (Object value : attr.getAttributeValue()) {
              if (value.equals("el-jefe")) managerRole = true;
              if (value.equals("user")) userRole = true;
              if (value.equals("hardcoded-role")) hardcodedRole = true;
              if (value.equals("pee-on")) peeOn = true;
            }
          } else if (attr.getName().equals("hardcoded-attribute")) {
            hardcodedAttribute = true;
            Assert.assertEquals(attr.getAttributeValue().get(0), "hard");
          }
        }
      }

      Assert.assertTrue(single);
      Assert.assertTrue(hardcodedAttribute);
      Assert.assertTrue(hardcodedRole);
      Assert.assertTrue(peeOn);
      Assert.assertTrue(userRole);
      Assert.assertTrue(managerRole);
    }
  }
 protected SAMLDocumentHolder extractPostBindingResponse(String response) {
   byte[] samlBytes = PostBindingUtil.base64Decode(response);
   return SAMLRequestParser.parseResponseDocument(samlBytes);
 }