diff --git a/server-spi/src/main/java/org/keycloak/models/IdentityProviderMapperModel.java b/server-spi/src/main/java/org/keycloak/models/IdentityProviderMapperModel.java index d49a5373e01..c28986c85a3 100755 --- a/server-spi/src/main/java/org/keycloak/models/IdentityProviderMapperModel.java +++ b/server-spi/src/main/java/org/keycloak/models/IdentityProviderMapperModel.java @@ -27,6 +27,8 @@ import java.util.List; import java.util.Map; import java.util.stream.Collectors; +import static java.util.Collections.emptyMap; + /** * Specifies a mapping from broker login to user data. * @@ -96,6 +98,9 @@ public class IdentityProviderMapperModel implements Serializable { public Map> getConfigMap(String configKey) { String configMap = config.get(configKey); + if (configMap == null) { + return emptyMap(); + } try { List map = JsonSerialization.readValue(configMap, MAP_TYPE_REPRESENTATION); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractAdvancedRoleMapperTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractAdvancedRoleMapperTest.java index 531bc3f1730..e907b28da04 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractAdvancedRoleMapperTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractAdvancedRoleMapperTest.java @@ -146,6 +146,21 @@ public abstract class AbstractAdvancedRoleMapperTest extends AbstractRoleMapperT assertThatRoleHasBeenAssignedInConsumerRealm(); } + @Test + public void valuesMatchIfNullClaimsSpecified() { + createAdvancedRoleMapper(null, false); + createUserInProviderRealm(ImmutableMap.>builder() + .put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME, + ImmutableList.builder().add("some value").build()) + .put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2, + ImmutableList.builder().add("some value").build()) + .build()); + + logInAsUserInIDPForFirstTime(); + + assertThatRoleHasBeenAssignedInConsumerRealm(); + } + public void createMapperAndLoginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode syncMode, boolean createAfterFirstLogin) { loginAsUserTwiceWithMapper(syncMode, createAfterFirstLogin, createMatchingUserConfig()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractGroupBrokerMapperTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractGroupBrokerMapperTest.java index d82bfd9dc8d..8494e543b40 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractGroupBrokerMapperTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractGroupBrokerMapperTest.java @@ -22,6 +22,8 @@ import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT; import java.io.IOException; import java.util.List; import java.util.Map; + +import org.junit.Test; import org.keycloak.models.IdentityProviderMapperSyncMode; import org.keycloak.representations.idm.IdentityProviderRepresentation; import org.keycloak.representations.idm.UserRepresentation; @@ -69,6 +71,20 @@ public abstract class AbstractGroupBrokerMapperTest extends AbstractGroupMapperT return user; } + @Test + public void valuesMatchIfNullClaimsSpecified() { + createAdvancedGroupMapper(null, false, MAPPER_TEST_GROUP_PATH); + createUserInProviderRealm(ImmutableMap.>builder() + .put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME, ImmutableList.builder().add("some value").build()) + .put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2, ImmutableList.builder().add("some value").build()) + .build()); + + logInAsUserInIDPForFirstTimeAndAssertSuccess(); + + UserRepresentation user = findUser(bc.consumerRealmName(), bc.getUserLogin(), bc.getUserEmail()); + assertThatUserHasBeenAssignedToGroup(user); + } + @Override protected void updateUser() { UserRepresentation user = findUser(bc.providerRealmName(), bc.getUserLogin(), bc.getUserEmail()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlAdvancedAttributeToGroupMapperTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlAdvancedAttributeToGroupMapperTest.java index fdde47115d5..c92675747bd 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlAdvancedAttributeToGroupMapperTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlAdvancedAttributeToGroupMapperTest.java @@ -14,7 +14,10 @@ import org.keycloak.representations.idm.IdentityProviderRepresentation; import org.keycloak.representations.idm.UserRepresentation; import jakarta.ws.rs.core.Response; + +import java.util.HashMap; import java.util.List; +import java.util.Map; import static org.keycloak.testsuite.broker.KcSamlBrokerConfiguration.ATTRIBUTE_TO_MAP_FRIENDLY_NAME; @@ -28,7 +31,7 @@ public class KcSamlAdvancedAttributeToGroupMapperTest extends AbstractGroupBroke " {\n" + " \"key\": \"" + ATTRIBUTE_TO_MAP_FRIENDLY_NAME + "\",\n" + " \"value\": \"value 1\"\n" + - " },\n" +" {\n" + + " },\n" + " {\n" + " \"key\": \"" + ATTRIBUTE_TO_MAP_FRIENDLY_NAME + "\",\n" + " \"value\": \"value 2\"\n" + " },\n" + @@ -46,17 +49,18 @@ public class KcSamlAdvancedAttributeToGroupMapperTest extends AbstractGroupBroke @Override protected String createMapperInIdp(IdentityProviderRepresentation idp, String claimsOrAttributeRepresentation, - boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String groupValue) { + boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String groupValue) { IdentityProviderMapperRepresentation advancedAttributeToGroupMapper = new IdentityProviderMapperRepresentation(); advancedAttributeToGroupMapper.setName("advanced-attribute-to-group-mapper"); advancedAttributeToGroupMapper.setIdentityProviderMapper(AdvancedAttributeToGroupMapper.PROVIDER_ID); - advancedAttributeToGroupMapper.setConfig(ImmutableMap. builder() - .put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()) - .put(AdvancedAttributeToGroupMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation) - .put(AdvancedAttributeToGroupMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME, - Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString()) - .put(ConfigConstants.GROUP, MAPPER_TEST_GROUP_PATH) - .build()); + + final Map config = new HashMap<>(); + config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()); + config.put(AdvancedAttributeToGroupMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation); + config.put(AdvancedAttributeToGroupMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME, + Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString()); + config.put(ConfigConstants.GROUP, MAPPER_TEST_GROUP_PATH); + advancedAttributeToGroupMapper.setConfig(config); IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias()); advancedAttributeToGroupMapper.setIdentityProviderAlias(bc.getIDPAlias()); @@ -66,11 +70,11 @@ public class KcSamlAdvancedAttributeToGroupMapperTest extends AbstractGroupBroke @Test public void attributeFriendlyNameGetsConsideredAndMatchedToGroup() { - createAdvancedGroupMapper(ATTRIBUTES, false,KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2); - createUserInProviderRealm(ImmutableMap.> builder() - .put(ATTRIBUTE_TO_MAP_FRIENDLY_NAME, ImmutableList. builder().add("value 1").add("value 2").build()) + createAdvancedGroupMapper(ATTRIBUTES, false, KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2); + createUserInProviderRealm(ImmutableMap.>builder() + .put(ATTRIBUTE_TO_MAP_FRIENDLY_NAME, ImmutableList.builder().add("value 1").add("value 2").build()) .put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2, - ImmutableList. builder().add("value 2").build()) + ImmutableList.builder().add("value 2").build()) .build()); logInAsUserInIDPForFirstTime(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlAdvancedAttributeToRoleMapperTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlAdvancedAttributeToRoleMapperTest.java index 17134104467..99e2c2140c6 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlAdvancedAttributeToRoleMapperTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlAdvancedAttributeToRoleMapperTest.java @@ -12,7 +12,9 @@ import org.keycloak.representations.idm.IdentityProviderMapperRepresentation; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; +import java.util.HashMap; import java.util.List; +import java.util.Map; /** * @author Martin Idel, @@ -43,17 +45,18 @@ public class KcSamlAdvancedAttributeToRoleMapperTest extends AbstractAdvancedRol @Override protected void createMapperInIdp(String claimsOrAttributeRepresentation, - boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String roleValue) { + boolean areClaimsOrAttributeValuesRegexes, IdentityProviderMapperSyncMode syncMode, String roleValue) { IdentityProviderMapperRepresentation advancedAttributeToRoleMapper = new IdentityProviderMapperRepresentation(); advancedAttributeToRoleMapper.setName("advanced-attribute-to-role-mapper"); advancedAttributeToRoleMapper.setIdentityProviderMapper(AdvancedAttributeToRoleMapper.PROVIDER_ID); - advancedAttributeToRoleMapper.setConfig(ImmutableMap. builder() - .put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()) - .put(AdvancedAttributeToRoleMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation) - .put(AdvancedAttributeToRoleMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME, - Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString()) - .put(ConfigConstants.ROLE, roleValue) - .build()); + + final Map config = new HashMap<>(); + config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()); + config.put(AdvancedAttributeToRoleMapper.ATTRIBUTE_PROPERTY_NAME, claimsOrAttributeRepresentation); + config.put(AdvancedAttributeToRoleMapper.ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME, + Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString()); + config.put(ConfigConstants.ROLE, roleValue); + advancedAttributeToRoleMapper.setConfig(config); persistMapper(advancedAttributeToRoleMapper); } @@ -61,10 +64,10 @@ public class KcSamlAdvancedAttributeToRoleMapperTest extends AbstractAdvancedRol @Test public void attributeFriendlyNameGetsConsideredAndMatchedToRole() { createAdvancedRoleMapper(ATTRIBUTES, false); - createUserInProviderRealm(ImmutableMap.> builder() - .put(ATTRIBUTE_TO_MAP_FRIENDLY_NAME, ImmutableList. builder().add("value 1").add("value 2").build()) + createUserInProviderRealm(ImmutableMap.>builder() + .put(ATTRIBUTE_TO_MAP_FRIENDLY_NAME, ImmutableList.builder().add("value 1").add("value 2").build()) .put(KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME_2, - ImmutableList. builder().add("value 2").build()) + ImmutableList.builder().add("value 2").build()) .build()); logInAsUserInIDPForFirstTime(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/OidcAdvancedClaimToGroupMapperTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/OidcAdvancedClaimToGroupMapperTest.java index 16b08dd0e78..68c38906cb8 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/OidcAdvancedClaimToGroupMapperTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/OidcAdvancedClaimToGroupMapperTest.java @@ -3,7 +3,10 @@ package org.keycloak.testsuite.broker; import static org.keycloak.models.IdentityProviderMapperSyncMode.FORCE; import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT; +import java.util.HashMap; import java.util.List; +import java.util.Map; + import org.junit.Test; import org.keycloak.admin.client.CreatedResponseUtil; import org.keycloak.admin.client.resource.IdentityProviderResource; @@ -41,13 +44,14 @@ public class OidcAdvancedClaimToGroupMapperTest extends AbstractGroupBrokerMappe IdentityProviderMapperRepresentation advancedClaimToGroupMapper = new IdentityProviderMapperRepresentation(); advancedClaimToGroupMapper.setName("advanced-claim-to-group-mapper"); advancedClaimToGroupMapper.setIdentityProviderMapper(AdvancedClaimToGroupMapper.PROVIDER_ID); - advancedClaimToGroupMapper.setConfig(ImmutableMap. builder() - .put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()) - .put(AdvancedClaimToGroupMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation) - .put(AdvancedClaimToGroupMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME, - Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString()) - .put(ConfigConstants.GROUP, groupPath) - .build()); + + final Map config = new HashMap<>(); + config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()); + config.put(AdvancedClaimToGroupMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation); + config.put(AdvancedClaimToGroupMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME, + Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString()); + config.put(ConfigConstants.GROUP, groupPath); + advancedClaimToGroupMapper.setConfig(config); IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias()); advancedClaimToGroupMapper.setIdentityProviderAlias(bc.getIDPAlias()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/OidcAdvancedClaimToRoleMapperTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/OidcAdvancedClaimToRoleMapperTest.java index f57026495be..2f2e837f191 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/OidcAdvancedClaimToRoleMapperTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/OidcAdvancedClaimToRoleMapperTest.java @@ -6,7 +6,8 @@ import org.keycloak.models.IdentityProviderMapperModel; import org.keycloak.models.IdentityProviderMapperSyncMode; import org.keycloak.representations.idm.IdentityProviderMapperRepresentation; -import com.google.common.collect.ImmutableMap; +import java.util.HashMap; +import java.util.Map; /** * Benjamin Weimer, @@ -25,13 +26,14 @@ public class OidcAdvancedClaimToRoleMapperTest extends AbstractAdvancedRoleMappe IdentityProviderMapperRepresentation advancedClaimToRoleMapper = new IdentityProviderMapperRepresentation(); advancedClaimToRoleMapper.setName("advanced-claim-to-role-mapper"); advancedClaimToRoleMapper.setIdentityProviderMapper(AdvancedClaimToRoleMapper.PROVIDER_ID); - advancedClaimToRoleMapper.setConfig(ImmutableMap. builder() - .put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()) - .put(AdvancedClaimToRoleMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation) - .put(AdvancedClaimToRoleMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME, - Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString()) - .put(ConfigConstants.ROLE, roleValue) - .build()); + + final Map config = new HashMap<>(); + config.put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()); + config.put(AdvancedClaimToRoleMapper.CLAIM_PROPERTY_NAME, claimsOrAttributeRepresentation); + config.put(AdvancedClaimToRoleMapper.ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME, + Boolean.valueOf(areClaimsOrAttributeValuesRegexes).toString()); + config.put(ConfigConstants.ROLE, roleValue); + advancedClaimToRoleMapper.setConfig(config); persistMapper(advancedClaimToRoleMapper); }