public void testAttributes() throws Exception {
    keycloakRule.update(
        new KeycloakRule.KeycloakSetup() {
          @Override
          public void config(
              RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
            ClientModel app = appRealm.getClientByClientId(APP_SERVER_BASE_URL + "/employee2/");
            app.addProtocolMapper(
                GroupMembershipMapper.create("groups", "group", null, null, true));
            app.addProtocolMapper(
                UserAttributeStatementMapper.createAttributeMapper(
                    "topAttribute", "topAttribute", "topAttribute", "Basic", null, false, null));
            app.addProtocolMapper(
                UserAttributeStatementMapper.createAttributeMapper(
                    "level2Attribute",
                    "level2Attribute",
                    "level2Attribute",
                    "Basic",
                    null,
                    false,
                    null));
          }
        },
        "demo");
    {
      SendUsernameServlet.sentPrincipal = null;
      SendUsernameServlet.checkRoles = null;
      driver.navigate().to(APP_SERVER_BASE_URL + "/employee2/");
      assertAtLoginPagePostBinding();
      List<String> requiredRoles = new LinkedList<>();
      requiredRoles.add("manager");
      requiredRoles.add("user");
      SendUsernameServlet.checkRoles = requiredRoles;
      loginPage.login("level2GroupUser", "password");
      assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee2/");
      SendUsernameServlet.checkRoles = null;
      SamlPrincipal principal = (SamlPrincipal) SendUsernameServlet.sentPrincipal;
      Assert.assertNotNull(principal);
      assertEquals(
          "*****@*****.**", principal.getAttribute(X500SAMLProfileConstants.EMAIL.get()));
      assertEquals("true", principal.getAttribute("topAttribute"));
      assertEquals("true", principal.getAttribute("level2Attribute"));
      List<String> groups = principal.getAttributes("group");
      Assert.assertNotNull(groups);
      Set<String> groupSet = new HashSet<>();
      assertEquals("*****@*****.**", principal.getFriendlyAttribute("email"));
      driver.navigate().to(APP_SERVER_BASE_URL + "/employee2/?GLO=true");
      checkLoggedOut(APP_SERVER_BASE_URL + "/employee2/", true);
    }
    {
      SendUsernameServlet.sentPrincipal = null;
      SendUsernameServlet.checkRoles = null;
      driver.navigate().to(APP_SERVER_BASE_URL + "/employee2/");
      assertAtLoginPagePostBinding();
      List<String> requiredRoles = new LinkedList<>();
      requiredRoles.add("manager");
      requiredRoles.add("employee");
      requiredRoles.add("user");
      SendUsernameServlet.checkRoles = requiredRoles;
      loginPage.login("bburke", "password");
      assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee2/");
      SendUsernameServlet.checkRoles = null;
      SamlPrincipal principal = (SamlPrincipal) SendUsernameServlet.sentPrincipal;
      Assert.assertNotNull(principal);
      assertEquals(
          "*****@*****.**", principal.getAttribute(X500SAMLProfileConstants.EMAIL.get()));
      assertEquals("*****@*****.**", principal.getFriendlyAttribute("email"));
      assertEquals("617", principal.getAttribute("phone"));
      Assert.assertNull(principal.getFriendlyAttribute("phone"));
      driver.navigate().to(APP_SERVER_BASE_URL + "/employee2/?GLO=true");
      checkLoggedOut(APP_SERVER_BASE_URL + "/employee2/", true);
    }
    keycloakRule.update(
        new KeycloakRule.KeycloakSetup() {
          @Override
          public void config(
              RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
            ClientModel app = appRealm.getClientByClientId(APP_SERVER_BASE_URL + "/employee2/");
            for (ProtocolMapperModel mapper : app.getProtocolMappers()) {
              if (mapper.getName().equals("role-list")) {
                app.removeProtocolMapper(mapper);
                mapper.setId(null);
                mapper.getConfig().put(RoleListMapper.SINGLE_ROLE_ATTRIBUTE, "true");
                mapper.getConfig().put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "memberOf");
                app.addProtocolMapper(mapper);
              }
            }
            app.addProtocolMapper(
                HardcodedAttributeMapper.create(
                    "hardcoded-attribute",
                    "hardcoded-attribute",
                    "Basic",
                    null,
                    "hard",
                    false,
                    null));
            app.addProtocolMapper(HardcodedRole.create("hardcoded-role", "hardcoded-role"));
            app.addProtocolMapper(RoleNameMapper.create("renamed-role", "manager", "el-jefe"));
            app.addProtocolMapper(
                RoleNameMapper.create(
                    "renamed-employee-role",
                    APP_SERVER_BASE_URL + "/employee/.employee",
                    "pee-on"));
          }
        },
        "demo");

    System.out.println(">>>>>>>>>> single role attribute <<<<<<<<");

    {
      SendUsernameServlet.sentPrincipal = null;
      SendUsernameServlet.checkRoles = null;
      driver.navigate().to(APP_SERVER_BASE_URL + "/employee2/");
      assertAtLoginPagePostBinding();
      List<String> requiredRoles = new LinkedList<>();
      requiredRoles.add("el-jefe");
      requiredRoles.add("user");
      requiredRoles.add("hardcoded-role");
      requiredRoles.add("pee-on");
      SendUsernameServlet.checkRoles = requiredRoles;
      loginPage.login("bburke", "password");
      assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee2/");
      SendUsernameServlet.checkRoles = null;
      SamlPrincipal principal = (SamlPrincipal) SendUsernameServlet.sentPrincipal;
      Assert.assertNotNull(principal);
      assertEquals("hard", principal.getAttribute("hardcoded-attribute"));
    }
  }
Пример #2
0
  @Test
  public void testAttributes() throws Exception {
    // this test has a hardcoded SAMLRequest and we hack a SP face servlet to get the SAMLResponse
    // so we can look
    // at the assertions sent.  This is because Picketlink, AFAICT, does not give you any way to get
    // access to
    // the assertion.

    {
      SamlSPFacade.samlResponse = null;
      driver.navigate().to("http://*****:*****@redhat.com");
            email = true;
          } else if (attr.getName().equals("phone")) {
            Assert.assertEquals(
                JBossSAMLURIConstants.ATTRIBUTE_FORMAT_BASIC.get(), attr.getNameFormat());
            Assert.assertEquals(attr.getAttributeValue().get(0), "617");
            phone = true;
          } else if (attr.getName().equals("Role")) {
            if (attr.getAttributeValue().get(0).equals("manager")) managerRole = true;
            if (attr.getAttributeValue().get(0).equals("user")) userRole = true;
          }
        }
      }

      Assert.assertTrue(email);
      Assert.assertTrue(phone);
      Assert.assertTrue(userRole);
      Assert.assertTrue(managerRole);
    }

    keycloakRule.update(
        new KeycloakRule.KeycloakSetup() {
          @Override
          public void config(
              RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
            ClientModel app = appRealm.getClientByClientId("http://localhost:8081/employee/");
            for (ProtocolMapperModel mapper : app.getProtocolMappers()) {
              if (mapper.getName().equals("role-list")) {
                app.removeProtocolMapper(mapper);
                mapper.setId(null);
                mapper.getConfig().put(RoleListMapper.SINGLE_ROLE_ATTRIBUTE, "true");
                mapper.getConfig().put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "memberOf");
                app.addProtocolMapper(mapper);
              }
            }
            app.addProtocolMapper(
                HardcodedAttributeMapper.create(
                    "hardcoded-attribute",
                    "hardcoded-attribute",
                    "Basic",
                    null,
                    "hard",
                    false,
                    null));
            app.addProtocolMapper(HardcodedRole.create("hardcoded-role", "hardcoded-role"));
            app.addProtocolMapper(RoleNameMapper.create("renamed-role", "manager", "el-jefe"));
            app.addProtocolMapper(
                RoleNameMapper.create(
                    "renamed-employee-role", "http://localhost:8081/employee/.employee", "pee-on"));
          }
        },
        "demo");

    System.out.println(">>>>>>>>>> single role attribute <<<<<<<<");

    {
      SamlSPFacade.samlResponse = null;
      driver.navigate().to("http://localhost:8081/employee/");
      System.out.println(driver.getCurrentUrl());
      Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee/");
      Assert.assertNotNull(SamlSPFacade.samlResponse);
      SAML2Response saml2Response = new SAML2Response();
      byte[] samlResponse = PostBindingUtil.base64Decode(SamlSPFacade.samlResponse);
      ResponseType rt = saml2Response.getResponseType(new ByteArrayInputStream(samlResponse));
      Assert.assertTrue(rt.getAssertions().size() == 1);
      AssertionType assertion = rt.getAssertions().get(0).getAssertion();

      // test attributes and roles

      boolean userRole = false;
      boolean managerRole = false;
      boolean single = false;
      boolean hardcodedRole = false;
      boolean hardcodedAttribute = false;
      boolean peeOn = false;
      for (AttributeStatementType statement : assertion.getAttributeStatements()) {
        for (AttributeStatementType.ASTChoiceType choice : statement.getAttributes()) {
          AttributeType attr = choice.getAttribute();
          if (attr.getName().equals("memberOf")) {
            if (single) Assert.fail("too many role attributes");
            single = true;
            for (Object value : attr.getAttributeValue()) {
              if (value.equals("el-jefe")) managerRole = true;
              if (value.equals("user")) userRole = true;
              if (value.equals("hardcoded-role")) hardcodedRole = true;
              if (value.equals("pee-on")) peeOn = true;
            }
          } else if (attr.getName().equals("hardcoded-attribute")) {
            hardcodedAttribute = true;
            Assert.assertEquals(attr.getAttributeValue().get(0), "hard");
          }
        }
      }

      Assert.assertTrue(single);
      Assert.assertTrue(hardcodedAttribute);
      Assert.assertTrue(hardcodedRole);
      Assert.assertTrue(peeOn);
      Assert.assertTrue(userRole);
      Assert.assertTrue(managerRole);
    }
  }