use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class KcOidcBrokerTest method createAdditionalMapperWithCustomSyncMode.
@Override
protected void createAdditionalMapperWithCustomSyncMode(IdentityProviderMapperSyncMode syncMode) {
IdentityProviderMapperRepresentation friendlyManagerMapper = new IdentityProviderMapperRepresentation();
friendlyManagerMapper.setName("friendly-manager-role-mapper");
friendlyManagerMapper.setIdentityProviderMapper(ExternalKeycloakRoleToRoleMapper.PROVIDER_ID);
friendlyManagerMapper.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, syncMode.toString()).put("external.role", ROLE_FRIENDLY_MANAGER).put("role", ROLE_FRIENDLY_MANAGER).build());
friendlyManagerMapper.setIdentityProviderAlias(bc.getIDPAlias());
RealmResource realm = adminClient.realm(bc.consumerRealmName());
IdentityProviderResource idpResource = realm.identityProviders().get(bc.getIDPAlias());
idpResource.addMapper(friendlyManagerMapper).close();
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class KcOidcBrokerTest method testReauthenticationOIDCBrokerWithOTPRequired.
/**
* Refers to in old test suite: PostBrokerFlowTest#testBrokerReauthentication_oidcBrokerWithOTPRequired
*/
@Test
public void testReauthenticationOIDCBrokerWithOTPRequired() throws Exception {
KcSamlBrokerConfiguration samlBrokerConfig = KcSamlBrokerConfiguration.INSTANCE;
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients().get(0);
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider();
RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
try {
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
consumerRealm.identityProviders().create(samlBroker);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
logInWithBroker(samlBrokerConfig);
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
testingClient.server(bc.consumerRealmName()).run(configurePostBrokerLoginWithOTP(bc.getIDPAlias()));
logInWithBroker(bc);
waitForPage(driver, "account already exists", false);
idpConfirmLinkPage.assertCurrent();
idpConfirmLinkPage.clickLinkAccount();
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
driver.navigate().back();
logInWithBroker(samlBrokerConfig);
totpPage.assertCurrent();
String totpSecret = totpPage.getTotpSecret();
totpPage.configure(totp.generateTOTP(totpSecret));
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
assertNumFederatedIdentities(consumerRealm.users().search(samlBrokerConfig.getUserLogin()).get(0).getId(), 2);
} finally {
updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
removeUserByUsername(consumerRealm, "consumer");
}
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class KcOidcBrokerTest method testReauthenticationBothBrokersWithOTPRequired.
/**
* Refers to in old test suite: PostBrokerFlowTest#testBrokerReauthentication_bothBrokerWithOTPRequired
*/
@Test
public void testReauthenticationBothBrokersWithOTPRequired() throws Exception {
KcSamlBrokerConfiguration samlBrokerConfig = KcSamlBrokerConfiguration.INSTANCE;
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients().get(0);
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider();
RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
try {
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
consumerRealm.identityProviders().create(samlBroker);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
testingClient.server(bc.consumerRealmName()).run(configurePostBrokerLoginWithOTP(samlBrokerConfig.getIDPAlias()));
logInWithBroker(samlBrokerConfig);
totpPage.assertCurrent();
String totpSecret = totpPage.getTotpSecret();
totpPage.configure(totp.generateTOTP(totpSecret));
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
testingClient.server(bc.consumerRealmName()).run(configurePostBrokerLoginWithOTP(bc.getIDPAlias()));
logInWithBroker(bc);
waitForPage(driver, "account already exists", false);
idpConfirmLinkPage.assertCurrent();
idpConfirmLinkPage.clickLinkAccount();
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
driver.navigate().back();
logInWithBroker(samlBrokerConfig);
loginTotpPage.assertCurrent();
loginTotpPage.login(totp.generateTOTP(totpSecret));
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
logInWithBroker(bc);
loginTotpPage.assertCurrent();
loginTotpPage.login(totp.generateTOTP(totpSecret));
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
assertNumFederatedIdentities(consumerRealm.users().search(samlBrokerConfig.getUserLogin()).get(0).getId(), 2);
} finally {
updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
removeUserByUsername(consumerRealm, "consumer");
}
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class KcOidcFirstBrokerLoginDetectExistingUserTest method beforeBrokerTest.
@Override
@Before
public void beforeBrokerTest() {
super.beforeBrokerTest();
log.debug("creating detect existing user flow for realm " + bc.providerRealmName());
final RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
AuthenticationManagementResource authMgmtResource = consumerRealm.flows();
// Creates detectExistingUserFlow
String detectExistingFlowAlias = "detectExistingUserFlow";
final AuthenticationFlowRepresentation authenticationFlowRepresentation = newFlow(detectExistingFlowAlias, detectExistingFlowAlias, "basic-flow", true, false);
authMgmtResource.createFlow(authenticationFlowRepresentation);
AuthenticationFlowRepresentation authenticationFlowRepresentation1 = getFlow(authMgmtResource, detectExistingFlowAlias);
assertNotNull("The authentication flow must exist", authenticationFlowRepresentation1);
// retrieves the id of the newly created flow
String flowId = authenticationFlowRepresentation1.getId();
// Adds executions to the flow
addExecution(authMgmtResource, flowId, IdpDetectExistingBrokerUserAuthenticatorFactory.PROVIDER_ID, 10);
addExecution(authMgmtResource, flowId, IdpAutoLinkAuthenticatorFactory.PROVIDER_ID, 20);
// Updates the FirstBrokerLoginFlowAlias for the identity provider
IdentityProviderResource identityConsumerResource = consumerRealm.identityProviders().get(bc.getIDPAlias());
IdentityProviderRepresentation identityProviderRepresentation = consumerRealm.identityProviders().findAll().get(0);
identityProviderRepresentation.setFirstBrokerLoginFlowAlias(detectExistingFlowAlias);
identityProviderRepresentation.getConfig().put(IdentityProviderModel.SYNC_MODE, IdentityProviderSyncMode.FORCE.toString());
identityConsumerResource.update(identityProviderRepresentation);
assertEquals("Two executions must have been created", 2, getFlow(authMgmtResource, detectExistingFlowAlias).getAuthenticationExecutions().size());
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class KcOidcBrokerWithConsentTest method beforeBrokerTest.
@Override
public void beforeBrokerTest() {
super.beforeBrokerTest();
// Require broker to show consent screen
RealmResource brokeredRealm = adminClient.realm(bc.providerRealmName());
List<ClientRepresentation> clients = brokeredRealm.clients().findByClientId("brokerapp");
org.junit.Assert.assertEquals(1, clients.size());
ClientRepresentation brokerApp = clients.get(0);
brokerApp.setConsentRequired(true);
brokeredRealm.clients().get(brokerApp.getId()).update(brokerApp);
// Change timeouts on realm-with-broker to lower values
RealmResource realmWithBroker = adminClient.realm(bc.consumerRealmName());
RealmRepresentation realmRep = realmWithBroker.toRepresentation();
realmRep.setAccessCodeLifespanLogin(30);
;
realmRep.setAccessCodeLifespan(30);
realmRep.setAccessCodeLifespanUserAction(30);
realmWithBroker.update(realmRep);
}
Aggregations