use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class KcRegCreateTest method testCreateWithAuthorizationServices.
@Test
public void testCreateWithAuthorizationServices() throws IOException {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
FileConfigHandler handler = initCustomConfigFile();
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
KcRegExec exe = execute("config credentials -x --config '" + configFile.getName() + "' --insecure --server " + oauth.AUTH_SERVER_ROOT + " --realm master --user admin --password admin");
assertExitCodeAndStreamSizes(exe, 0, 0, 3);
String token = issueInitialAccessToken("test");
exe = execute("create --config '" + configFile.getName() + "' --insecure --server " + oauth.AUTH_SERVER_ROOT + " --realm test -s clientId=authz-client -s authorizationServicesEnabled=true -t " + token);
assertExitCodeAndStreamSizes(exe, 0, 0, 3);
RealmResource realm = adminClient.realm("test");
ClientsResource clients = realm.clients();
ClientRepresentation clientRep = clients.findByClientId("authz-client").get(0);
ClientResource client = clients.get(clientRep.getId());
clientRep = client.toRepresentation();
Assert.assertTrue(clientRep.getAuthorizationServicesEnabled());
ResourceServerRepresentation settings = client.authorization().getSettings();
Assert.assertEquals(PolicyEnforcementMode.ENFORCING, settings.getPolicyEnforcementMode());
Assert.assertTrue(settings.isAllowRemoteResourceManagement());
List<RoleRepresentation> roles = client.roles().list();
Assert.assertEquals(1, roles.size());
Assert.assertEquals("uma_protection", roles.get(0).getName());
// create using oidc endpoint - autodetect format
String content = " {\n" + " \"redirect_uris\" : [ \"http://localhost:8980/myapp/*\" ],\n" + " \"grant_types\" : [ \"authorization_code\", \"client_credentials\", \"refresh_token\", \"" + OAuth2Constants.UMA_GRANT_TYPE + "\" ],\n" + " \"response_types\" : [ \"code\", \"none\" ],\n" + " \"client_name\" : \"My Reg Authz\",\n" + " \"client_uri\" : \"http://localhost:8980/myapp\"\n" + " }";
try (TempFileResource tmpFile = new TempFileResource(initTempFile(".json", content))) {
exe = execute("create --insecure --config '" + configFile.getName() + "' -s 'client_name=My Reg Authz' --realm test -t " + token + " -s 'redirect_uris=[\"http://localhost:8980/myapp5/*\"]' -s client_uri=http://localhost:8980/myapp5" + " -o -f - < '" + tmpFile.getName() + "'");
assertExitCodeAndStdErrSize(exe, 0, 2);
OIDCClientRepresentation oidcClient = JsonSerialization.readValue(exe.stdout(), OIDCClientRepresentation.class);
Assert.assertNotNull("clientId", oidcClient.getClientId());
Assert.assertEquals("redirect_uris", Arrays.asList("http://localhost:8980/myapp5/*"), oidcClient.getRedirectUris());
Assert.assertThat("grant_types", oidcClient.getGrantTypes(), Matchers.containsInAnyOrder("authorization_code", "client_credentials", "refresh_token", OAuth2Constants.UMA_GRANT_TYPE));
Assert.assertEquals("response_types", Arrays.asList("code", "none"), oidcClient.getResponseTypes());
Assert.assertEquals("client_name", "My Reg Authz", oidcClient.getClientName());
Assert.assertEquals("client_uri", "http://localhost:8980/myapp5", oidcClient.getClientUri());
client = clients.get(oidcClient.getClientId());
clientRep = client.toRepresentation();
Assert.assertTrue(clientRep.getAuthorizationServicesEnabled());
settings = client.authorization().getSettings();
Assert.assertEquals(PolicyEnforcementMode.ENFORCING, settings.getPolicyEnforcementMode());
Assert.assertTrue(settings.isAllowRemoteResourceManagement());
roles = client.roles().list();
Assert.assertEquals(1, roles.size());
Assert.assertEquals("uma_protection", roles.get(0).getName());
UserRepresentation serviceAccount = realm.users().search(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + clientRep.getClientId()).get(0);
Assert.assertNotNull(serviceAccount);
List<RoleRepresentation> serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(clientRep.getId()).listAll();
Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
}
}
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class AbstractRegCliTest method addLocalhostToAllowedHosts.
void addLocalhostToAllowedHosts(String realm) {
RealmResource realmResource = adminClient.realm(realm);
String anonPolicy = ClientRegistrationPolicyManager.getComponentTypeKey(RegistrationAuth.ANONYMOUS);
ComponentRepresentation trustedHostRep = findPolicyByProviderAndAuth(realm, TrustedHostClientRegistrationPolicyFactory.PROVIDER_ID, anonPolicy);
trustedHostRep.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.TRUSTED_HOSTS, "localhost");
realmResource.components().component(trustedHostRep.getId()).update(trustedHostRep);
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class KcAdmUpdateTest method testUpdateIDPWithoutInternalId.
@Test
public void testUpdateIDPWithoutInternalId() throws IOException {
final String realm = "test";
final RealmResource realmResource = adminClient.realm(realm);
IdentityProviderRepresentation identityProvider = IdentityProviderBuilder.create().providerId(SAMLIdentityProviderFactory.PROVIDER_ID).alias("idpAlias").displayName("SAML").setAttribute(SAMLIdentityProviderConfig.SINGLE_SIGN_ON_SERVICE_URL, "https://saml.idp/saml").setAttribute(SAMLIdentityProviderConfig.SINGLE_LOGOUT_SERVICE_URL, "https://saml.idp/saml").setAttribute(SAMLIdentityProviderConfig.NAME_ID_POLICY_FORMAT, "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress").setAttribute(SAMLIdentityProviderConfig.POST_BINDING_RESPONSE, "false").setAttribute(SAMLIdentityProviderConfig.POST_BINDING_AUTHN_REQUEST, "false").setAttribute(SAMLIdentityProviderConfig.BACKCHANNEL_SUPPORTED, "false").build();
try (Closeable ipc = new IdentityProviderCreator(realmResource, identityProvider)) {
FileConfigHandler handler = initCustomConfigFile();
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
loginAsUser(configFile.getFile(), serverUrl, realm, "user1", "userpass");
KcAdmExec exe = execute("get identity-provider/instances/idpAlias -r " + realm + " --config " + configFile.getFile());
assertExitCodeAndStdErrSize(exe, 0, 0);
final File idpJson = new File("target/test-classes/cli/idp-keycloak-9167.json");
exe = execute("update identity-provider/instances/idpAlias -r " + realm + " -f " + idpJson.getAbsolutePath() + " --config " + configFile.getFile());
assertExitCodeAndStdErrSize(exe, 0, 0);
}
Assert.assertThat(realmResource.identityProviders().get("idpAlias").toRepresentation().getDisplayName(), is(equalTo("SAML_UPDATED")));
}
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class OIDCPairwiseClientRegistrationTest method updateToPairwiseThroughAdminRESTSuccess.
@Test
public void updateToPairwiseThroughAdminRESTSuccess() throws Exception {
OIDCClientRepresentation response = create();
Assert.assertEquals("public", response.getSubjectType());
Assert.assertNull(response.getSectorIdentifierUri());
// Push redirect uris to the sector identifier URI
List<String> sectorRedirects = new ArrayList<>();
sectorRedirects.addAll(response.getRedirectUris());
TestOIDCEndpointsApplicationResource oidcClientEndpointsResource = testingClient.testApp().oidcClientEndpoints();
oidcClientEndpointsResource.setSectorIdentifierRedirectUris(sectorRedirects);
String sectorIdentifierUri = TestApplicationResourceUrls.pairwiseSectorIdentifierUri();
// Add protocolMapper through admin REST endpoint
String clientId = response.getClientId();
ProtocolMapperRepresentation pairwiseProtMapper = SHA256PairwiseSubMapper.createPairwiseMapper(sectorIdentifierUri, null);
RealmResource realmResource = realmsResouce().realm("test");
ClientManager.realm(realmResource).clientId(clientId).addProtocolMapper(pairwiseProtMapper);
reg.auth(Auth.token(response));
OIDCClientRepresentation rep = reg.oidc().get(response.getClientId());
Assert.assertEquals("pairwise", rep.getSubjectType());
Assert.assertEquals(sectorIdentifierUri, rep.getSectorIdentifierUri());
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class OAuth2DeviceAuthorizationGrantTest method testUpdateConfig.
@Test
public void testUpdateConfig() {
RealmResource realm = getAdminClient().realm(REALM_NAME);
RealmRepresentation rep = realm.toRepresentation();
rep.setOAuth2DevicePollingInterval(DEFAULT_OAUTH2_DEVICE_POLLING_INTERVAL);
rep.setOAuth2DeviceCodeLifespan(DEFAULT_OAUTH2_DEVICE_CODE_LIFESPAN);
realm.update(rep);
rep = realm.toRepresentation();
Assert.assertEquals(DEFAULT_OAUTH2_DEVICE_POLLING_INTERVAL, rep.getOAuth2DevicePollingInterval().intValue());
Assert.assertEquals(DEFAULT_OAUTH2_DEVICE_CODE_LIFESPAN, rep.getOAuth2DeviceCodeLifespan().intValue());
rep.setOAuth2DevicePollingInterval(10);
rep.setOAuth2DeviceCodeLifespan(15);
realm.update(rep);
rep = realm.toRepresentation();
Assert.assertEquals(10, rep.getOAuth2DevicePollingInterval().intValue());
Assert.assertEquals(15, rep.getOAuth2DeviceCodeLifespan().intValue());
}
Aggregations