use of org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException in project airavata by apache.
the class TenantManagementKeycloakImpl method removeRoleFromUser.
@Override
public boolean removeRoleFromUser(PasswordCredential realmAdminCreds, String tenantId, String username, String roleName) throws IamAdminServicesException {
Keycloak client = null;
try {
client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds);
List<UserRepresentation> retrieveCreatedUserList = client.realm(tenantId).users().search(username, null, null, null, 0, 1);
UserResource retrievedUser = client.realm(tenantId).users().get(retrieveCreatedUserList.get(0).getId());
// Remove role from user
RoleResource roleResource = client.realm(tenantId).roles().get(roleName);
retrievedUser.roles().realmLevel().remove(Arrays.asList(roleResource.toRepresentation()));
return true;
} catch (ApplicationSettingsException ex) {
logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
IamAdminServicesException exception = new IamAdminServicesException();
exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
throw exception;
} finally {
if (client != null) {
client.close();
}
}
}
use of org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException in project airavata by apache.
the class TenantManagementKeycloakImpl method configureClient.
@Override
public Gateway configureClient(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException {
Keycloak client = null;
try {
client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), this.superAdminRealmId, isSuperAdminPasswordCreds);
ClientRepresentation pgaClient = new ClientRepresentation();
pgaClient.setName("pga");
pgaClient.setClientId("pga");
pgaClient.setProtocol("openid-connect");
pgaClient.setStandardFlowEnabled(true);
pgaClient.setEnabled(true);
pgaClient.setAuthorizationServicesEnabled(true);
pgaClient.setDirectAccessGrantsEnabled(true);
pgaClient.setServiceAccountsEnabled(true);
pgaClient.setFullScopeAllowed(true);
pgaClient.setClientAuthenticatorType("client-secret");
List<String> redirectUris = new ArrayList<>();
if (gatewayDetails.getGatewayURL() != null) {
String gatewayURL = gatewayDetails.getGatewayURL();
// Remove trailing slash from gatewayURL
if (gatewayURL.endsWith("/")) {
gatewayURL = gatewayURL.substring(0, gatewayURL.length() - 1);
}
// Add redirect URL after login
redirectUris.add(gatewayURL + "/callback-url");
// Add redirect URL after logout
redirectUris.add(gatewayURL);
} else {
logger.error("Request for Realm Client Creation failed, callback URL not present");
IamAdminServicesException ex = new IamAdminServicesException();
ex.setMessage("Gateway Url field in GatewayProfile cannot be empty, Realm Client creation failed");
throw ex;
}
pgaClient.setRedirectUris(redirectUris);
pgaClient.setPublicClient(false);
Response httpResponse = client.realms().realm(gatewayDetails.getGatewayId()).clients().create(pgaClient);
logger.info("Tenant Client configuration exited with code : " + httpResponse.getStatus() + " : " + httpResponse.getStatusInfo());
if (httpResponse.getStatus() == 201) {
String ClientUUID = client.realms().realm(gatewayDetails.getGatewayId()).clients().findByClientId(pgaClient.getClientId()).get(0).getId();
CredentialRepresentation clientSecret = client.realms().realm(gatewayDetails.getGatewayId()).clients().get(ClientUUID).getSecret();
gatewayDetails.setOauthClientId(pgaClient.getClientId());
gatewayDetails.setOauthClientSecret(clientSecret.getValue());
return gatewayDetails;
} else {
logger.error("Request for Realm Client Creation failed with HTTP code : " + httpResponse.getStatus());
logger.error("Reason for Realm Client Creation failure : " + httpResponse.getStatusInfo());
return null;
}
} catch (ApplicationSettingsException ex) {
logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
IamAdminServicesException exception = new IamAdminServicesException();
exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
throw exception;
} finally {
if (client != null) {
client.close();
}
}
}
use of org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException in project airavata by apache.
the class TenantManagementKeycloakImpl method enableUserAccount.
@Override
public boolean enableUserAccount(PasswordCredential realmAdminCreds, String tenantId, String username) throws IamAdminServicesException {
Keycloak client = null;
try {
client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds);
List<UserRepresentation> userResourceList = client.realm(tenantId).users().search(username, 0, 1);
UserResource userResource = client.realm(tenantId).users().get(userResourceList.get(0).getId());
UserRepresentation profile = userResource.toRepresentation();
profile.setEnabled(true);
// We require that a user verify their email before enabling the account
profile.setEmailVerified(true);
userResource.update(profile);
return true;
} catch (ApplicationSettingsException ex) {
logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
IamAdminServicesException exception = new IamAdminServicesException();
exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
throw exception;
} finally {
if (client != null) {
client.close();
}
}
}
use of org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException in project airavata by apache.
the class TenantManagementKeycloakImpl method createUser.
@Override
public boolean createUser(PasswordCredential realmAdminCreds, String tenantId, String username, String emailAddress, String firstName, String lastName, String newPassword) throws IamAdminServicesException {
Keycloak client = null;
try {
client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds);
UserRepresentation user = new UserRepresentation();
user.setUsername(username);
user.setFirstName(firstName);
user.setLastName(lastName);
user.setEmail(emailAddress);
user.setEnabled(false);
Response httpResponse = client.realm(tenantId).users().create(user);
if (httpResponse.getStatus() == 201) {
// HTTP code for record creation: HTTP 201
List<UserRepresentation> retrieveCreatedUserList = client.realm(tenantId).users().search(user.getUsername(), user.getFirstName(), user.getLastName(), user.getEmail(), 0, 1);
UserResource retrievedUser = client.realm(tenantId).users().get(retrieveCreatedUserList.get(0).getId());
CredentialRepresentation credential = new CredentialRepresentation();
credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue(newPassword);
credential.setTemporary(false);
retrievedUser.resetPassword(credential);
} else {
logger.error("Request for user Account Creation failed with HTTP code : " + httpResponse.getStatus());
logger.error("Reason for user account creation failure : " + httpResponse.getStatusInfo());
return false;
}
} catch (ApplicationSettingsException ex) {
logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
IamAdminServicesException exception = new IamAdminServicesException();
exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
throw exception;
} finally {
if (client != null) {
client.close();
}
}
return false;
}
use of org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException in project airavata by apache.
the class TenantManagementKeycloakImpl method createTenantAdminAccount.
@Override
public boolean createTenantAdminAccount(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails, String tenantAdminPassword) throws IamAdminServicesException {
Keycloak client = null;
try {
client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), this.superAdminRealmId, isSuperAdminPasswordCreds);
UserRepresentation user = new UserRepresentation();
user.setUsername(gatewayDetails.getIdentityServerUserName());
user.setFirstName(gatewayDetails.getGatewayAdminFirstName());
user.setLastName(gatewayDetails.getGatewayAdminLastName());
user.setEmail(gatewayDetails.getGatewayAdminEmail());
user.setEmailVerified(true);
user.setEnabled(true);
Response httpResponse = client.realm(gatewayDetails.getGatewayId()).users().create(user);
logger.info("Tenant Admin account creation exited with code : " + httpResponse.getStatus() + " : " + httpResponse.getStatusInfo());
if (httpResponse.getStatus() == 201) {
// HTTP code for record creation: HTTP 201
List<UserRepresentation> retrieveCreatedUserList = client.realm(gatewayDetails.getGatewayId()).users().search(user.getUsername(), user.getFirstName(), user.getLastName(), user.getEmail(), 0, 1);
UserResource retrievedUser = client.realm(gatewayDetails.getGatewayId()).users().get(retrieveCreatedUserList.get(0).getId());
// Add user to the "admin" role
RoleResource adminRoleResource = client.realm(gatewayDetails.getGatewayId()).roles().get("admin");
retrievedUser.roles().realmLevel().add(Arrays.asList(adminRoleResource.toRepresentation()));
CredentialRepresentation credential = new CredentialRepresentation();
credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue(tenantAdminPassword);
credential.setTemporary(false);
retrievedUser.resetPassword(credential);
List<ClientRepresentation> realmClients = client.realm(gatewayDetails.getGatewayId()).clients().findAll();
String realmManagementClientId = null;
for (ClientRepresentation realmClient : realmClients) {
if (realmClient.getClientId().equals("realm-management")) {
realmManagementClientId = realmClient.getId();
}
}
retrievedUser.roles().clientLevel(realmManagementClientId).add(retrievedUser.roles().clientLevel(realmManagementClientId).listAvailable());
return true;
} else {
logger.error("Request for Tenant Admin Account Creation failed with HTTP code : " + httpResponse.getStatus());
logger.error("Reason for Tenant Admin account creation failure : " + httpResponse.getStatusInfo());
return false;
}
} catch (ApplicationSettingsException ex) {
logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
IamAdminServicesException exception = new IamAdminServicesException();
exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
throw exception;
} catch (Exception ex) {
logger.error("Error creating Realm Admin Account in keycloak server, reason: " + ex.getMessage(), ex);
IamAdminServicesException exception = new IamAdminServicesException();
exception.setMessage("Error creating Realm Admin Account in keycloak server, reason: " + ex.getMessage());
throw exception;
} finally {
if (client != null) {
client.close();
}
}
}
Aggregations