diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/ExternalIdentityProviderDefinition.java b/common/src/main/java/org/cloudfoundry/identity/uaa/ExternalIdentityProviderDefinition.java index 0067a6dd1f1..4f88cd547e6 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/ExternalIdentityProviderDefinition.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/ExternalIdentityProviderDefinition.java @@ -1,6 +1,5 @@ package org.cloudfoundry.identity.uaa; -import java.util.LinkedHashMap; import java.util.List; import java.util.Map; @@ -18,24 +17,24 @@ *******************************************************************************/ public class ExternalIdentityProviderDefinition extends AbstractIdentityProviderDefinition { public static final String EXTERNAL_GROUPS_WHITELIST = "externalGroupsWhitelist"; - public static final String USER_ATTRIBUTES = "userAttributes"; + public static final String ATTRIBUTE_MAPPINGS = "attributeMappings"; - private Map> externalGroupsWhitelist; - private Map userAttributes; + private List externalGroupsWhitelist; + private Map attributeMappings; - public Map> getExternalGroupsWhitelist() { + public List getExternalGroupsWhitelist() { return externalGroupsWhitelist; } - public void setExternalGroupsWhitelist(Map> externalGroupsWhitelist) { + public void setExternalGroupsWhitelist(List externalGroupsWhitelist) { this.externalGroupsWhitelist = externalGroupsWhitelist; } - public void setUserAttributes(Map userAttributes) { - this.userAttributes = userAttributes; + public void setAttributeMappings(Map attributeMappings) { + this.attributeMappings = attributeMappings; } - public Map getUserAttributes() { - return userAttributes; + public Map getAttributeMappings() { + return attributeMappings; } } diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/ldap/LdapIdentityProviderDefinition.java b/common/src/main/java/org/cloudfoundry/identity/uaa/ldap/LdapIdentityProviderDefinition.java index 016f055fad7..e96f38bdade 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/ldap/LdapIdentityProviderDefinition.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/ldap/LdapIdentityProviderDefinition.java @@ -21,7 +21,6 @@ import org.springframework.util.StringUtils; import java.util.HashMap; -import java.util.LinkedHashMap; import java.util.List; import java.util.Map; @@ -99,10 +98,10 @@ public static LdapIdentityProviderDefinition fromConfig(Map ldapC definition.setEmailDomain((List) source.getProperty("emailDomain")); } if (source.getProperty("externalGroupsWhitelist")!=null) { - definition.setExternalGroupsWhitelist((Map>) source.getProperty("externalGroupsWhitelist")); + definition.setExternalGroupsWhitelist((List) source.getProperty("externalGroupsWhitelist")); } - if (source.getProperty(USER_ATTRIBUTES)!=null) { - definition.setUserAttributes((Map) source.getProperty(USER_ATTRIBUTES)); + if (source.getProperty(ATTRIBUTE_MAPPINGS)!=null) { + definition.setAttributeMappings((Map) source.getProperty(ATTRIBUTE_MAPPINGS)); } definition.setLdapProfileFile((String) source.getProperty("profile.file")); diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/SamlIdentityProviderConfigurator.java b/common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/SamlIdentityProviderConfigurator.java index d879b9926a8..c222c0e6664 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/SamlIdentityProviderConfigurator.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/SamlIdentityProviderConfigurator.java @@ -38,7 +38,6 @@ import java.util.Date; import java.util.HashMap; import java.util.HashSet; -import java.util.LinkedHashMap; import java.util.LinkedList; import java.util.List; import java.util.Map; @@ -48,7 +47,7 @@ import static org.cloudfoundry.identity.uaa.AbstractIdentityProviderDefinition.EMAIL_DOMAIN_ATTR; import static org.cloudfoundry.identity.uaa.ExternalIdentityProviderDefinition.EXTERNAL_GROUPS_WHITELIST; -import static org.cloudfoundry.identity.uaa.ExternalIdentityProviderDefinition.USER_ATTRIBUTES; +import static org.cloudfoundry.identity.uaa.ExternalIdentityProviderDefinition.ATTRIBUTE_MAPPINGS; public class SamlIdentityProviderConfigurator implements InitializingBean { private static Log logger = LogFactory.getLog(SamlIdentityProviderConfigurator.class); @@ -349,8 +348,8 @@ public void setIdentityProviders(Map> providers) { String iconUrl = (String)((Map)entry.getValue()).get("iconUrl"); String zoneId = (String)((Map)entry.getValue()).get("zoneId"); List emailDomain = (List) saml.get(EMAIL_DOMAIN_ATTR); - Map> externalGroupsWhitelist = (Map>) saml.get(EXTERNAL_GROUPS_WHITELIST); - Map userAttributes = (Map) saml.get(USER_ATTRIBUTES); + List externalGroupsWhitelist = (List) saml.get(EXTERNAL_GROUPS_WHITELIST); + Map attributeMappings = (Map) saml.get(ATTRIBUTE_MAPPINGS); SamlIdentityProviderDefinition def = new SamlIdentityProviderDefinition(); if (alias==null) { throw new IllegalArgumentException("Invalid IDP - alias must not be null ["+metaDataLocation+"]"); @@ -369,7 +368,7 @@ public void setIdentityProviders(Map> providers) { def.setIconUrl(iconUrl); def.setEmailDomain(emailDomain); def.setExternalGroupsWhitelist(externalGroupsWhitelist); - def.setUserAttributes(userAttributes); + def.setAttributeMappings(attributeMappings); def.setZoneId(StringUtils.hasText(zoneId) ? zoneId : IdentityZone.getUaa().getId()); toBeFetchedProviders.add(def); } diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/SamlIdentityProviderDefinition.java b/common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/SamlIdentityProviderDefinition.java index 01e577da4c6..9d2c7bd406a 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/SamlIdentityProviderDefinition.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/SamlIdentityProviderDefinition.java @@ -65,7 +65,7 @@ public SamlIdentityProviderDefinition(String metaDataLocation, String idpEntityA public SamlIdentityProviderDefinition(String metaDataLocation, String idpEntityAlias, String nameID, int assertionConsumerIndex, boolean metadataTrustCheck, boolean showSamlLink, String linkText, String iconUrl, String zoneId, boolean addShadowUserOnLogin, List emailDomain, - Map> externalGroupsWhitelist, Map userAttributes) { + List externalGroupsWhitelist, Map attributeMappings) { this.metaDataLocation = metaDataLocation; this.idpEntityAlias = idpEntityAlias; this.nameID = nameID; @@ -78,7 +78,7 @@ public SamlIdentityProviderDefinition(String metaDataLocation, String idpEntityA this.addShadowUserOnLogin = addShadowUserOnLogin; setEmailDomain(emailDomain); setExternalGroupsWhitelist(externalGroupsWhitelist); - setUserAttributes(userAttributes); + setAttributeMappings(attributeMappings); } @JsonIgnore @@ -217,7 +217,7 @@ public void setAddShadowUserOnLogin(boolean addShadowUserOnLogin) { } public SamlIdentityProviderDefinition clone() { - return new SamlIdentityProviderDefinition(metaDataLocation, idpEntityAlias, nameID, assertionConsumerIndex, metadataTrustCheck, showSamlLink, linkText, iconUrl, zoneId, addShadowUserOnLogin, getEmailDomain()!=null ? new ArrayList<>(getEmailDomain()) : null, getExternalGroupsWhitelist()!=null ? new LinkedHashMap(getExternalGroupsWhitelist()) : null, getUserAttributes()!=null ? new HashMap(getUserAttributes()) : null); + return new SamlIdentityProviderDefinition(metaDataLocation, idpEntityAlias, nameID, assertionConsumerIndex, metadataTrustCheck, showSamlLink, linkText, iconUrl, zoneId, addShadowUserOnLogin, getEmailDomain()!=null ? new ArrayList<>(getEmailDomain()) : null, getExternalGroupsWhitelist()!=null ? new ArrayList<>(getExternalGroupsWhitelist()) : null, getAttributeMappings()!=null ? new HashMap(getAttributeMappings()) : null); } @Override diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java b/common/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java index 4324991c900..00a807dd1db 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java @@ -32,6 +32,7 @@ import org.junit.Test; import org.springframework.mock.env.MockEnvironment; +import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.LinkedHashMap; @@ -41,7 +42,7 @@ import static org.cloudfoundry.identity.uaa.AbstractIdentityProviderDefinition.EMAIL_DOMAIN_ATTR; import static org.cloudfoundry.identity.uaa.ExternalIdentityProviderDefinition.EXTERNAL_GROUPS_WHITELIST; -import static org.cloudfoundry.identity.uaa.ExternalIdentityProviderDefinition.USER_ATTRIBUTES; +import static org.cloudfoundry.identity.uaa.ExternalIdentityProviderDefinition.ATTRIBUTE_MAPPINGS; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; @@ -81,13 +82,13 @@ public void testLdapBootstrap() throws Exception { IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, new MockEnvironment()); HashMap ldapConfig = new HashMap<>(); ldapConfig.put(EMAIL_DOMAIN_ATTR, Arrays.asList("test.domain")); - Map> attrMap = new LinkedHashMap<>(); - attrMap.put("key", Arrays.asList("value")); + List attrMap = new ArrayList<>(); + attrMap.add("value"); ldapConfig.put(EXTERNAL_GROUPS_WHITELIST, attrMap); - Map userAttributes = new HashMap<>(); - userAttributes.put("given_name", "first_name"); - ldapConfig.put(USER_ATTRIBUTES, userAttributes); + Map attributeMappings = new HashMap<>(); + attributeMappings.put("given_name", "first_name"); + ldapConfig.put(ATTRIBUTE_MAPPINGS, attributeMappings); bootstrap.setLdapConfig(ldapConfig); bootstrap.afterPropertiesSet(); @@ -98,8 +99,8 @@ public void testLdapBootstrap() throws Exception { assertNotNull(ldapProvider.getLastModified()); assertEquals(Origin.LDAP, ldapProvider.getType()); assertEquals("test.domain", ldapProvider.getConfigValue(LdapIdentityProviderDefinition.class).getEmailDomain().get(0)); - assertEquals(Arrays.asList("value"), ldapProvider.getConfigValue(LdapIdentityProviderDefinition.class).getExternalGroupsWhitelist().get("key")); - assertEquals("first_name", ldapProvider.getConfigValue(LdapIdentityProviderDefinition.class).getUserAttributes().get("given_name")); + assertEquals(Arrays.asList("value"), ldapProvider.getConfigValue(LdapIdentityProviderDefinition.class).getExternalGroupsWhitelist()); + assertEquals("first_name", ldapProvider.getConfigValue(LdapIdentityProviderDefinition.class).getAttributeMappings().get("given_name")); } @Test @@ -225,13 +226,14 @@ public void testSamlBootstrap() throws Exception { definition.setShowSamlLink(true); definition.setMetadataTrustCheck(true); definition.setEmailDomain(Arrays.asList("test.domain")); - Map> externalGroupsWhitelist = new LinkedHashMap<>(); - externalGroupsWhitelist.put("key", Arrays.asList("value1", "value2")); + List externalGroupsWhitelist = new ArrayList<>(); + externalGroupsWhitelist.add("value1"); + externalGroupsWhitelist.add("value2"); definition.setExternalGroupsWhitelist(externalGroupsWhitelist); - Map userAttributes = new HashMap<>(); - userAttributes.put("given_name", "first_name"); - definition.setUserAttributes(userAttributes); + Map attributeMappings = new HashMap<>(); + attributeMappings.put("given_name", "first_name"); + definition.setAttributeMappings(attributeMappings); SamlIdentityProviderConfigurator configurator = mock(SamlIdentityProviderConfigurator.class); when(configurator.getIdentityProviderDefinitions()).thenReturn(Arrays.asList(definition)); diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/ldap/LdapIdentityProviderDefinitionTest.java b/common/src/test/java/org/cloudfoundry/identity/uaa/ldap/LdapIdentityProviderDefinitionTest.java index b5afa6f2994..5b7bbafe313 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/ldap/LdapIdentityProviderDefinitionTest.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/ldap/LdapIdentityProviderDefinitionTest.java @@ -22,6 +22,7 @@ import org.springframework.core.io.Resource; import java.io.UnsupportedEncodingException; +import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.LinkedHashMap; @@ -349,22 +350,22 @@ public void testSetEmailDomain() { @Test public void set_external_groups_whitelist() { LdapIdentityProviderDefinition def = new LdapIdentityProviderDefinition(); - Map> externalGroupsWhitelist = new LinkedHashMap<>(); - externalGroupsWhitelist.put("key", Arrays.asList("value")); + List externalGroupsWhitelist = new ArrayList<>(); + externalGroupsWhitelist.add("value"); def.setExternalGroupsWhitelist(externalGroupsWhitelist); - assertEquals(Arrays.asList("value"), def.getExternalGroupsWhitelist().get("key")); + assertEquals(Arrays.asList("value"), def.getExternalGroupsWhitelist()); def = JsonUtils.readValue(JsonUtils.writeValueAsString(def), LdapIdentityProviderDefinition.class); - assertEquals(Arrays.asList("value"), def.getExternalGroupsWhitelist().get("key")); + assertEquals(Arrays.asList("value"), def.getExternalGroupsWhitelist()); } @Test public void set_user_attributes() { LdapIdentityProviderDefinition def = new LdapIdentityProviderDefinition(); - Map userAttributes = new HashMap<>(); - userAttributes.put("given_name", "first_name"); - def.setUserAttributes(userAttributes); - assertEquals("first_name", def.getUserAttributes().get("given_name")); + Map attributeMappings = new HashMap<>(); + attributeMappings.put("given_name", "first_name"); + def.setAttributeMappings(attributeMappings); + assertEquals("first_name", def.getAttributeMappings().get("given_name")); def = JsonUtils.readValue(JsonUtils.writeValueAsString(def), LdapIdentityProviderDefinition.class); - assertEquals("first_name", def.getUserAttributes().get("given_name")); + assertEquals("first_name", def.getAttributeMappings().get("given_name")); } } diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/login/saml/IdentityProviderConfiguratorTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/login/saml/IdentityProviderConfiguratorTests.java index 8f1e2f84ac9..92577cdf7ac 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/login/saml/IdentityProviderConfiguratorTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/login/saml/IdentityProviderConfiguratorTests.java @@ -34,7 +34,6 @@ import org.springframework.security.saml.trust.httpclient.TLSProtocolSocketFactory; import java.util.ArrayList; -import java.util.Arrays; import java.util.Collections; import java.util.HashMap; import java.util.List; @@ -98,11 +97,12 @@ public static void initializeOpenSAML() throws Exception { " - test.org\n" + " - test.com\n" + " externalGroupsWhitelist:\n" + - " roles:\n" + - " - admin\n" + - " - user\n" + - " userAttributes:\n" + + " - admin\n" + + " - user\n" + + " attributeMappings:\n" + " given_name: first_name\n" + + " external_groups:\n" + + " - roles\n" + " okta-local-2:\n" + " idpMetadata: |\n" + " MIICmTCCAgKgAwIBAgIGAUPATqmEMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEG\n" + @@ -338,8 +338,11 @@ protected void testGetIdentityProviderDefinitions(int count, boolean addData) th assertEquals(0, idp.getAssertionConsumerIndex()); assertEquals("Okta Preview 1", idp.getLinkText()); assertEquals("http://link.to/icon.jpg", idp.getIconUrl()); - assertEquals(singletonMap("given_name", "first_name"), idp.getUserAttributes()); - assertEquals(singletonMap("roles", asList("admin", "user")), idp.getExternalGroupsWhitelist()); + Map attributeMappings = new HashMap<>(); + attributeMappings.put("given_name", "first_name"); + attributeMappings.put("external_groups", asList("roles")); + assertEquals(attributeMappings, idp.getAttributeMappings()); + assertEquals(asList("admin", "user"), idp.getExternalGroupsWhitelist()); assertTrue(idp.isShowSamlLink()); assertTrue(idp.isMetadataTrustCheck()); assertTrue(idp.getEmailDomain().containsAll(asList("test.com", "test.org"))); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityProviderEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityProviderEndpointsMockMvcTests.java index 81d8b20abaa..7be124c055b 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityProviderEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityProviderEndpointsMockMvcTests.java @@ -41,6 +41,7 @@ import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder; import org.springframework.util.StringUtils; +import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.LinkedHashMap; @@ -108,12 +109,12 @@ public void testCreateSamlProvider() throws Exception { provider.setOriginKey(origin); SamlIdentityProviderDefinition samlDefinition = new SamlIdentityProviderDefinition(metadata, null, null, 0, false, true, "Test SAML Provider", null, null); samlDefinition.setEmailDomain(Arrays.asList("test.com", "test2.com")); - Map> externalGroupsWhitelist = new LinkedHashMap<>(); - externalGroupsWhitelist.put("key", Arrays.asList("value")); - Map userAttributes = new HashMap<>(); - userAttributes.put("given_name", "first_name"); + List externalGroupsWhitelist = new ArrayList<>(); + externalGroupsWhitelist.add("value"); + Map attributeMappings = new HashMap<>(); + attributeMappings.put("given_name", "first_name"); samlDefinition.setExternalGroupsWhitelist(externalGroupsWhitelist); - samlDefinition.setUserAttributes(userAttributes); + samlDefinition.setAttributeMappings(attributeMappings); provider.setConfig(JsonUtils.writeValueAsString(samlDefinition)); @@ -123,7 +124,7 @@ public void testCreateSamlProvider() throws Exception { SamlIdentityProviderDefinition samlCreated = created.getConfigValue(SamlIdentityProviderDefinition.class); assertEquals(Arrays.asList("test.com", "test2.com"), samlCreated.getEmailDomain()); assertEquals(externalGroupsWhitelist, samlCreated.getExternalGroupsWhitelist()); - assertEquals(userAttributes, samlCreated.getUserAttributes()); + assertEquals(attributeMappings, samlCreated.getAttributeMappings()); assertEquals(IdentityZone.getUaa().getId(), samlCreated.getZoneId()); assertEquals(provider.getOriginKey(), samlCreated.getIdpEntityAlias()); }