Examples with Keycloak org.keycloak.admin.client.Keycloak used on opensource projects

Search in sources :

Example 6 with Keycloak

use of org.keycloak.admin.client.Keycloak in project airavata by apache.

the class TenantManagementKeycloakImpl method configureClient.

@Override
public Gateway configureClient(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException {
    Keycloak client = null;
    try {
        client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), this.superAdminRealmId, isSuperAdminPasswordCreds);
        ClientRepresentation pgaClient = new ClientRepresentation();
        pgaClient.setName("pga");
        pgaClient.setClientId("pga");
        pgaClient.setProtocol("openid-connect");
        pgaClient.setStandardFlowEnabled(true);
        pgaClient.setEnabled(true);
        pgaClient.setAuthorizationServicesEnabled(true);
        pgaClient.setDirectAccessGrantsEnabled(true);
        pgaClient.setServiceAccountsEnabled(true);
        pgaClient.setFullScopeAllowed(true);
        pgaClient.setClientAuthenticatorType("client-secret");
        List<String> redirectUris = new ArrayList<>();
        if (gatewayDetails.getGatewayURL() != null) {
            String gatewayURL = gatewayDetails.getGatewayURL();
            // Remove trailing slash from gatewayURL
            if (gatewayURL.endsWith("/")) {
                gatewayURL = gatewayURL.substring(0, gatewayURL.length() - 1);
            }
            // Add redirect URL after login
            redirectUris.add(gatewayURL + "/callback-url");
            // Add redirect URL after logout
            redirectUris.add(gatewayURL);
        } else {
            logger.error("Request for Realm Client Creation failed, callback URL not present");
            IamAdminServicesException ex = new IamAdminServicesException();
            ex.setMessage("Gateway Url field in GatewayProfile cannot be empty, Realm Client creation failed");
            throw ex;
        }
        pgaClient.setRedirectUris(redirectUris);
        pgaClient.setPublicClient(false);
        Response httpResponse = client.realms().realm(gatewayDetails.getGatewayId()).clients().create(pgaClient);
        logger.info("Tenant Client configuration exited with code : " + httpResponse.getStatus() + " : " + httpResponse.getStatusInfo());
        if (httpResponse.getStatus() == 201) {
            String ClientUUID = client.realms().realm(gatewayDetails.getGatewayId()).clients().findByClientId(pgaClient.getClientId()).get(0).getId();
            CredentialRepresentation clientSecret = client.realms().realm(gatewayDetails.getGatewayId()).clients().get(ClientUUID).getSecret();
            gatewayDetails.setOauthClientId(pgaClient.getClientId());
            gatewayDetails.setOauthClientSecret(clientSecret.getValue());
            return gatewayDetails;
        } else {
            logger.error("Request for Realm Client Creation failed with HTTP code : " + httpResponse.getStatus());
            logger.error("Reason for Realm Client Creation failure : " + httpResponse.getStatusInfo());
            return null;
        }
    } catch (ApplicationSettingsException ex) {
        logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
        IamAdminServicesException exception = new IamAdminServicesException();
        exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
        throw exception;
    } finally {
        if (client != null) {
            client.close();
        }
    }
}
Also used : Response(javax.ws.rs.core.Response) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) ArrayList(java.util.ArrayList) Keycloak(org.keycloak.admin.client.Keycloak)

Example 7 with Keycloak

use of org.keycloak.admin.client.Keycloak in project airavata by apache.

the class TenantManagementKeycloakImpl method enableUserAccount.

@Override
public boolean enableUserAccount(PasswordCredential realmAdminCreds, String tenantId, String username) throws IamAdminServicesException {
    Keycloak client = null;
    try {
        client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds);
        List<UserRepresentation> userResourceList = client.realm(tenantId).users().search(username, 0, 1);
        UserResource userResource = client.realm(tenantId).users().get(userResourceList.get(0).getId());
        UserRepresentation profile = userResource.toRepresentation();
        profile.setEnabled(true);
        // We require that a user verify their email before enabling the account
        profile.setEmailVerified(true);
        userResource.update(profile);
        return true;
    } catch (ApplicationSettingsException ex) {
        logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
        IamAdminServicesException exception = new IamAdminServicesException();
        exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
        throw exception;
    } finally {
        if (client != null) {
            client.close();
        }
    }
}
Also used : ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) UserResource(org.keycloak.admin.client.resource.UserResource) Keycloak(org.keycloak.admin.client.Keycloak)

Example 8 with Keycloak

use of org.keycloak.admin.client.Keycloak in project airavata by apache.

the class TenantManagementKeycloakImpl method createUser.

@Override
public boolean createUser(PasswordCredential realmAdminCreds, String tenantId, String username, String emailAddress, String firstName, String lastName, String newPassword) throws IamAdminServicesException {
    Keycloak client = null;
    try {
        client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds);
        UserRepresentation user = new UserRepresentation();
        user.setUsername(username);
        user.setFirstName(firstName);
        user.setLastName(lastName);
        user.setEmail(emailAddress);
        user.setEnabled(false);
        Response httpResponse = client.realm(tenantId).users().create(user);
        if (httpResponse.getStatus() == 201) {
            // HTTP code for record creation: HTTP 201
            List<UserRepresentation> retrieveCreatedUserList = client.realm(tenantId).users().search(user.getUsername(), user.getFirstName(), user.getLastName(), user.getEmail(), 0, 1);
            UserResource retrievedUser = client.realm(tenantId).users().get(retrieveCreatedUserList.get(0).getId());
            CredentialRepresentation credential = new CredentialRepresentation();
            credential.setType(CredentialRepresentation.PASSWORD);
            credential.setValue(newPassword);
            credential.setTemporary(false);
            retrievedUser.resetPassword(credential);
        } else {
            logger.error("Request for user Account Creation failed with HTTP code : " + httpResponse.getStatus());
            logger.error("Reason for user account creation failure : " + httpResponse.getStatusInfo());
            return false;
        }
    } catch (ApplicationSettingsException ex) {
        logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
        IamAdminServicesException exception = new IamAdminServicesException();
        exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
        throw exception;
    } finally {
        if (client != null) {
            client.close();
        }
    }
    return false;
}
Also used : Response(javax.ws.rs.core.Response) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) UserResource(org.keycloak.admin.client.resource.UserResource) Keycloak(org.keycloak.admin.client.Keycloak)

Example 9 with Keycloak

use of org.keycloak.admin.client.Keycloak in project airavata by apache.

the class TenantManagementKeycloakImpl method createTenantAdminAccount.

@Override
public boolean createTenantAdminAccount(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails, String tenantAdminPassword) throws IamAdminServicesException {
    Keycloak client = null;
    try {
        client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), this.superAdminRealmId, isSuperAdminPasswordCreds);
        UserRepresentation user = new UserRepresentation();
        user.setUsername(gatewayDetails.getIdentityServerUserName());
        user.setFirstName(gatewayDetails.getGatewayAdminFirstName());
        user.setLastName(gatewayDetails.getGatewayAdminLastName());
        user.setEmail(gatewayDetails.getGatewayAdminEmail());
        user.setEmailVerified(true);
        user.setEnabled(true);
        Response httpResponse = client.realm(gatewayDetails.getGatewayId()).users().create(user);
        logger.info("Tenant Admin account creation exited with code : " + httpResponse.getStatus() + " : " + httpResponse.getStatusInfo());
        if (httpResponse.getStatus() == 201) {
            // HTTP code for record creation: HTTP 201
            List<UserRepresentation> retrieveCreatedUserList = client.realm(gatewayDetails.getGatewayId()).users().search(user.getUsername(), user.getFirstName(), user.getLastName(), user.getEmail(), 0, 1);
            UserResource retrievedUser = client.realm(gatewayDetails.getGatewayId()).users().get(retrieveCreatedUserList.get(0).getId());
            // Add user to the "admin" role
            RoleResource adminRoleResource = client.realm(gatewayDetails.getGatewayId()).roles().get("admin");
            retrievedUser.roles().realmLevel().add(Arrays.asList(adminRoleResource.toRepresentation()));
            CredentialRepresentation credential = new CredentialRepresentation();
            credential.setType(CredentialRepresentation.PASSWORD);
            credential.setValue(tenantAdminPassword);
            credential.setTemporary(false);
            retrievedUser.resetPassword(credential);
            List<ClientRepresentation> realmClients = client.realm(gatewayDetails.getGatewayId()).clients().findAll();
            String realmManagementClientId = null;
            for (ClientRepresentation realmClient : realmClients) {
                if (realmClient.getClientId().equals("realm-management")) {
                    realmManagementClientId = realmClient.getId();
                }
            }
            retrievedUser.roles().clientLevel(realmManagementClientId).add(retrievedUser.roles().clientLevel(realmManagementClientId).listAvailable());
            return true;
        } else {
            logger.error("Request for Tenant Admin Account Creation failed with HTTP code : " + httpResponse.getStatus());
            logger.error("Reason for Tenant Admin account creation failure : " + httpResponse.getStatusInfo());
            return false;
        }
    } catch (ApplicationSettingsException ex) {
        logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
        IamAdminServicesException exception = new IamAdminServicesException();
        exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
        throw exception;
    } catch (Exception ex) {
        logger.error("Error creating Realm Admin Account in keycloak server, reason: " + ex.getMessage(), ex);
        IamAdminServicesException exception = new IamAdminServicesException();
        exception.setMessage("Error creating Realm Admin Account in keycloak server, reason: " + ex.getMessage());
        throw exception;
    } finally {
        if (client != null) {
            client.close();
        }
    }
}
Also used : ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) UserResource(org.keycloak.admin.client.resource.UserResource) IOException(java.io.IOException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) Response(javax.ws.rs.core.Response) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) RoleResource(org.keycloak.admin.client.resource.RoleResource) Keycloak(org.keycloak.admin.client.Keycloak)

Example 10 with Keycloak

use of org.keycloak.admin.client.Keycloak in project airavata by apache.

the class TenantManagementKeycloakImpl method addTenant.

@Override
public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException {
    Keycloak client = null;
    try {
        // get client
        client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), this.superAdminRealmId, isSuperAdminPasswordCreds);
        // create realm
        RealmRepresentation newRealmDetails = new RealmRepresentation();
        newRealmDetails.setEnabled(true);
        newRealmDetails.setId(gatewayDetails.getGatewayId());
        newRealmDetails.setDisplayName(gatewayDetails.getGatewayName());
        newRealmDetails.setRealm(gatewayDetails.getGatewayId());
        // Following two settings allow duplicate email addresses
        newRealmDetails.setLoginWithEmailAllowed(false);
        newRealmDetails.setDuplicateEmailsAllowed(true);
        // Default access token lifespan to 30 minutes, SSO session idle to 60 minutes
        newRealmDetails.setAccessTokenLifespan(1800);
        newRealmDetails.setSsoSessionIdleTimeout(3600);
        RealmRepresentation realmWithRoles = TenantManagementKeycloakImpl.createDefaultRoles(newRealmDetails);
        client.realms().create(realmWithRoles);
        return gatewayDetails;
    } catch (ApplicationSettingsException ex) {
        logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex);
        IamAdminServicesException exception = new IamAdminServicesException();
        exception.setMessage("Error getting Iam server Url from property file, reason: " + ex.getMessage());
        throw exception;
    } catch (Exception ex) {
        logger.error("Error creating Realm in Keycloak Server, reason: " + ex.getMessage(), ex);
        IamAdminServicesException exception = new IamAdminServicesException();
        exception.setMessage("Error creating Realm in Keycloak Server, reason: " + ex.getMessage());
        throw exception;
    } finally {
        if (client != null) {
            client.close();
        }
    }
}
Also used : ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) Keycloak(org.keycloak.admin.client.Keycloak) IOException(java.io.IOException) ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException) IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException)

Aggregations

Keycloak (org.keycloak.admin.client.Keycloak)12 ApplicationSettingsException (org.apache.airavata.common.exception.ApplicationSettingsException)11 IamAdminServicesException (org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException)11 UserResource (org.keycloak.admin.client.resource.UserResource)9 IOException (java.io.IOException)6 ArrayList (java.util.ArrayList)4 Response (javax.ws.rs.core.Response)4 RoleResource (org.keycloak.admin.client.resource.RoleResource)3 UserProfile (org.apache.airavata.model.user.UserProfile)2 FileInputStream (java.io.FileInputStream)1 KeyStore (java.security.KeyStore)1 List (java.util.List)1 Map (java.util.Map)1 Collectors (java.util.stream.Collectors)1 ResteasyClient (org.jboss.resteasy.client.jaxrs.ResteasyClient)1 ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)1 KeycloakBuilder (org.keycloak.admin.client.KeycloakBuilder)1 CredentialRepresentation (org.keycloak.representations.idm.CredentialRepresentation)1 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)1 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial