@Test
public void testAttributes() throws Exception {
// this test has a hardcoded SAMLRequest and we hack a SP face servlet to get the SAMLResponse
// so we can look
// at the assertions sent. This is because Picketlink, AFAICT, does not give you any way to get
// access to
// the assertion.
{
SamlSPFacade.samlResponse = null;
driver.navigate().to("http://*****:*****@redhat.com");
email = true;
} else if (attr.getName().equals("phone")) {
Assert.assertEquals(
JBossSAMLURIConstants.ATTRIBUTE_FORMAT_BASIC.get(), attr.getNameFormat());
Assert.assertEquals(attr.getAttributeValue().get(0), "617");
phone = true;
} else if (attr.getName().equals("Role")) {
if (attr.getAttributeValue().get(0).equals("manager")) managerRole = true;
if (attr.getAttributeValue().get(0).equals("user")) userRole = true;
}
}
}
Assert.assertTrue(email);
Assert.assertTrue(phone);
Assert.assertTrue(userRole);
Assert.assertTrue(managerRole);
}
keycloakRule.update(
new KeycloakRule.KeycloakSetup() {
@Override
public void config(
RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
ClientModel app = appRealm.getClientByClientId("http://localhost:8081/employee/");
for (ProtocolMapperModel mapper : app.getProtocolMappers()) {
if (mapper.getName().equals("role-list")) {
app.removeProtocolMapper(mapper);
mapper.setId(null);
mapper.getConfig().put(RoleListMapper.SINGLE_ROLE_ATTRIBUTE, "true");
mapper.getConfig().put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "memberOf");
app.addProtocolMapper(mapper);
}
}
app.addProtocolMapper(
HardcodedAttributeMapper.create(
"hardcoded-attribute",
"hardcoded-attribute",
"Basic",
null,
"hard",
false,
null));
app.addProtocolMapper(HardcodedRole.create("hardcoded-role", "hardcoded-role"));
app.addProtocolMapper(RoleNameMapper.create("renamed-role", "manager", "el-jefe"));
app.addProtocolMapper(
RoleNameMapper.create(
"renamed-employee-role", "http://localhost:8081/employee/.employee", "pee-on"));
}
},
"demo");
System.out.println(">>>>>>>>>> single role attribute <<<<<<<<");
{
SamlSPFacade.samlResponse = null;
driver.navigate().to("http://localhost:8081/employee/");
System.out.println(driver.getCurrentUrl());
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee/");
Assert.assertNotNull(SamlSPFacade.samlResponse);
SAML2Response saml2Response = new SAML2Response();
byte[] samlResponse = PostBindingUtil.base64Decode(SamlSPFacade.samlResponse);
ResponseType rt = saml2Response.getResponseType(new ByteArrayInputStream(samlResponse));
Assert.assertTrue(rt.getAssertions().size() == 1);
AssertionType assertion = rt.getAssertions().get(0).getAssertion();
// test attributes and roles
boolean userRole = false;
boolean managerRole = false;
boolean single = false;
boolean hardcodedRole = false;
boolean hardcodedAttribute = false;
boolean peeOn = false;
for (AttributeStatementType statement : assertion.getAttributeStatements()) {
for (AttributeStatementType.ASTChoiceType choice : statement.getAttributes()) {
AttributeType attr = choice.getAttribute();
if (attr.getName().equals("memberOf")) {
if (single) Assert.fail("too many role attributes");
single = true;
for (Object value : attr.getAttributeValue()) {
if (value.equals("el-jefe")) managerRole = true;
if (value.equals("user")) userRole = true;
if (value.equals("hardcoded-role")) hardcodedRole = true;
if (value.equals("pee-on")) peeOn = true;
}
} else if (attr.getName().equals("hardcoded-attribute")) {
hardcodedAttribute = true;
Assert.assertEquals(attr.getAttributeValue().get(0), "hard");
}
}
}
Assert.assertTrue(single);
Assert.assertTrue(hardcodedAttribute);
Assert.assertTrue(hardcodedRole);
Assert.assertTrue(peeOn);
Assert.assertTrue(userRole);
Assert.assertTrue(managerRole);
}
}
protected SAMLDocumentHolder extractPostBindingResponse(String response) {
byte[] samlBytes = PostBindingUtil.base64Decode(response);
return SAMLRequestParser.parseResponseDocument(samlBytes);
}