diff --git a/services/src/main/java/org/keycloak/protocol/oidc/utils/AcrUtils.java b/services/src/main/java/org/keycloak/protocol/oidc/utils/AcrUtils.java index 9b54ad27026..9f5741fb5f7 100644 --- a/services/src/main/java/org/keycloak/protocol/oidc/utils/AcrUtils.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/utils/AcrUtils.java @@ -119,6 +119,8 @@ public class AcrUtils { if (!essential || acrClaim.isEssential()) { if (acrClaim.getValues() != null) { acrValues.addAll(acrClaim.getValues()); + } else if (acrClaim.getValue() != null) { + acrValues.add(acrClaim.getValue()); } } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LevelOfAssuranceFlowTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LevelOfAssuranceFlowTest.java index e3244f0d733..32f63c49e5e 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LevelOfAssuranceFlowTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LevelOfAssuranceFlowTest.java @@ -1088,15 +1088,21 @@ public class LevelOfAssuranceFlowTest extends AbstractChangeImportedUserPassword } public static ClaimsRepresentation claims(boolean essential, String... acrValues) { + //in order to test both values and value + //setValue only for essential false and only one value ClaimsRepresentation.ClaimValue acrClaim = new ClaimsRepresentation.ClaimValue<>(); acrClaim.setEssential(essential); - acrClaim.setValues(Arrays.asList(acrValues)); + if (essential || acrValues.length > 1) { + acrClaim.setValues(Arrays.asList(acrValues)); + } else { + acrClaim.setValue(acrValues[0]); + } ClaimsRepresentation claims = new ClaimsRepresentation(); claims.setIdTokenClaims(Collections.singletonMap(IDToken.ACR, acrClaim)); return claims; } - + private void authenticateWithUsernamePassword() { loginPage.assertCurrent(); loginPage.login("test-user@localhost", getPassword("test-user@localhost"));