use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class AuthorizationTest method testEnableAuthorizationServices.
@Test
public void testEnableAuthorizationServices() {
ClientResource clientResource = getClientResource();
ClientRepresentation resourceServer = getResourceServer();
RealmResource realm = realmsResouce().realm(getRealmId());
UserRepresentation serviceAccount = realm.users().search(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + resourceServer.getClientId()).get(0);
Assert.assertNotNull(serviceAccount);
List<RoleRepresentation> serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
enableAuthorizationServices(false);
enableAuthorizationServices(true);
serviceAccount = clientResource.getServiceAccountUser();
Assert.assertNotNull(serviceAccount);
realm = realmsResouce().realm(getRealmId());
serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
JSPolicyRepresentation policy = new JSPolicyRepresentation();
policy.setName("should be removed");
policy.setCode("");
clientResource.authorization().policies().js().create(policy);
List<ResourceRepresentation> defaultResources = clientResource.authorization().resources().resources();
assertEquals(1, defaultResources.size());
List<PolicyRepresentation> defaultPolicies = clientResource.authorization().policies().policies();
assertEquals(3, defaultPolicies.size());
enableAuthorizationServices(false);
enableAuthorizationServices(true);
ResourceServerRepresentation settings = clientResource.authorization().getSettings();
assertEquals(PolicyEnforcerConfig.EnforcementMode.ENFORCING.name(), settings.getPolicyEnforcementMode().name());
assertTrue(settings.isAllowRemoteResourceManagement());
assertEquals(resourceServer.getId(), settings.getClientId());
defaultResources = clientResource.authorization().resources().resources();
assertEquals(1, defaultResources.size());
defaultPolicies = clientResource.authorization().policies().policies();
assertEquals(2, defaultPolicies.size());
serviceAccount = clientResource.getServiceAccountUser();
Assert.assertNotNull(serviceAccount);
serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(resourceServer.getId()).listEffective();
Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class AbstractEventTest method saveConfig.
protected void saveConfig() {
RealmResource testRsc = testRealmResource();
testRsc.updateRealmEventsConfig(configRep);
configRep = testRsc.getRealmEventsConfig();
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class AbstractEventTest method setConfigRep.
@Before
public void setConfigRep() {
RealmResource testRsc = testRealmResource();
configRep = testRsc.getRealmEventsConfig();
configRep.setAdminEventsDetailsEnabled(false);
configRep.setAdminEventsEnabled(false);
configRep.setEventsEnabled(false);
// resets to all types
configRep.setEnabledEventTypes(Collections.<String>emptyList());
saveConfig();
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class KcOidcBrokerTest method testInvalidAudience.
@Test
public void testInvalidAudience() {
loginUser();
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());
waitForPage(driver, "sign in to", true);
RealmResource realm = adminClient.realm(bc.providerRealmName());
ClientRepresentation rep = realm.clients().findByClientId(BrokerTestConstants.CLIENT_ID).get(0);
ClientResource clientResource = realm.clients().get(rep.getId());
ProtocolMapperRepresentation hardCodedAzp = createHardcodedClaim("hard", "aud", "invalid-aud", ProviderConfigProperty.LIST_TYPE, true, true);
clientResource.getProtocolMappers().createMapper(hardCodedAzp);
log.debug("Logging in");
loginPage.login(bc.getUserLogin(), bc.getUserPassword());
errorPage.assertCurrent();
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class KcOidcBrokerTest method testReauthenticationSamlBrokerWithOTPRequired.
/**
* Refers to in old test suite: PostBrokerFlowTest#testBrokerReauthentication_samlBrokerWithOTPRequired
*/
@Test
public void testReauthenticationSamlBrokerWithOTPRequired() throws Exception {
KcSamlBrokerConfiguration samlBrokerConfig = KcSamlBrokerConfiguration.INSTANCE;
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients().get(0);
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider();
RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
try {
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
consumerRealm.identityProviders().create(samlBroker);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
testingClient.server(bc.consumerRealmName()).run(configurePostBrokerLoginWithOTP(samlBrokerConfig.getIDPAlias()));
logInWithBroker(samlBrokerConfig);
totpPage.assertCurrent();
String totpSecret = totpPage.getTotpSecret();
totpPage.configure(totp.generateTOTP(totpSecret));
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "account already exists", false);
idpConfirmLinkPage.assertCurrent();
idpConfirmLinkPage.clickLinkAccount();
loginPage.clickSocial(samlBrokerConfig.getIDPAlias());
waitForPage(driver, "sign in to", true);
log.debug("Logging in");
loginTotpPage.login(totp.generateTOTP(totpSecret));
assertNumFederatedIdentities(consumerRealm.users().search(samlBrokerConfig.getUserLogin()).get(0).getId(), 2);
} finally {
updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
removeUserByUsername(consumerRealm, "consumer");
}
}
Aggregations