Search in sources :

Example 16 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class BackchannelLogoutTest method createProviderRealmUser.

@Before
public void createProviderRealmUser() {
    log.debug("creating user for realm " + nbc.providerRealmName());
    final UserRepresentation userProviderRealm = new UserRepresentation();
    userProviderRealm.setUsername(nbc.getUserLogin());
    userProviderRealm.setEmail(nbc.getUserEmail());
    userProviderRealm.setEmailVerified(true);
    userProviderRealm.setEnabled(true);
    final RealmResource realmResource = adminClient.realm(nbc.providerRealmName());
    userIdProviderRealm = createUserWithAdminClient(realmResource, userProviderRealm);
    resetUserPassword(realmResource.users().get(userIdProviderRealm), nbc.getUserPassword(), false);
}
Also used : RealmResource(org.keycloak.admin.client.resource.RealmResource) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Before(org.junit.Before)

Example 17 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class OIDCProtocolMappersTest method testUserRolesMovedFromAccessTokenProperties.

// Test to update protocolMappers to not have roles on the default position (realm_access and resource_access properties)
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testUserRolesMovedFromAccessTokenProperties() throws Exception {
    RealmResource realm = adminClient.realm("test");
    ClientScopeResource rolesScope = ApiUtil.findClientScopeByName(realm, OIDCLoginProtocolFactory.ROLES_SCOPE);
    // Update builtin protocolMappers to put roles to different position (claim "custom.roles") for both realm and client roles
    ProtocolMapperRepresentation realmRolesMapper = null;
    ProtocolMapperRepresentation clientRolesMapper = null;
    for (ProtocolMapperRepresentation rep : rolesScope.getProtocolMappers().getMappers()) {
        if (OIDCLoginProtocolFactory.REALM_ROLES.equals(rep.getName())) {
            realmRolesMapper = rep;
        } else if (OIDCLoginProtocolFactory.CLIENT_ROLES.equals(rep.getName())) {
            clientRolesMapper = rep;
        }
    }
    String realmRolesTokenClaimOrig = realmRolesMapper.getConfig().get(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME);
    String clientRolesTokenClaimOrig = clientRolesMapper.getConfig().get(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME);
    realmRolesMapper.getConfig().put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "custom.roles");
    rolesScope.getProtocolMappers().update(realmRolesMapper.getId(), realmRolesMapper);
    clientRolesMapper.getConfig().put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "custom.roles");
    rolesScope.getProtocolMappers().update(clientRolesMapper.getId(), clientRolesMapper);
    // Create some hardcoded role mapper
    Response resp = rolesScope.getProtocolMappers().createMapper(createHardcodedRole("hard-realm", "hardcoded"));
    String hardcodedMapperId = ApiUtil.getCreatedId(resp);
    resp.close();
    try {
        OAuthClient.AccessTokenResponse response = browserLogin("password", "test-user@localhost", "password");
        AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
        // Assert roles are not on their original positions
        Assert.assertNull(accessToken.getRealmAccess());
        Assert.assertTrue(accessToken.getResourceAccess().isEmpty());
        // KEYCLOAK-8481 Assert that accessToken JSON doesn't have "realm_access" or "resource_access" fields in it
        String accessTokenJson = new String(new JWSInput(response.getAccessToken()).getContent(), StandardCharsets.UTF_8);
        Assert.assertFalse(accessTokenJson.contains("realm_access"));
        Assert.assertFalse(accessTokenJson.contains("resource_access"));
        // Assert both realm and client roles on the new position. Hardcoded role should be here as well
        Map<String, Object> cst1 = (Map<String, Object>) accessToken.getOtherClaims().get("custom");
        List<String> roles = (List<String>) cst1.get("roles");
        Assert.assertNames(roles, "offline_access", "user", "customer-user", "hardcoded", AccountRoles.VIEW_PROFILE, AccountRoles.MANAGE_ACCOUNT, AccountRoles.MANAGE_ACCOUNT_LINKS);
        // Assert audience
        Assert.assertNames(Arrays.asList(accessToken.getAudience()), "account");
    } finally {
        // Revert
        rolesScope.getProtocolMappers().delete(hardcodedMapperId);
        realmRolesMapper.getConfig().put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, realmRolesTokenClaimOrig);
        rolesScope.getProtocolMappers().update(realmRolesMapper.getId(), realmRolesMapper);
        clientRolesMapper.getConfig().put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, clientRolesTokenClaimOrig);
        rolesScope.getProtocolMappers().update(clientRolesMapper.getId(), clientRolesMapper);
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) RealmResource(org.keycloak.admin.client.resource.RealmResource) Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString) JWSInput(org.keycloak.jose.jws.JWSInput) Response(javax.ws.rs.core.Response) ClientScopeResource(org.keycloak.admin.client.resource.ClientScopeResource) AccessToken(org.keycloak.representations.AccessToken) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) List(java.util.List) Map(java.util.Map) HashMap(java.util.HashMap) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 18 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class AccessTokenTest method testClientSessionMaxLifespan.

@Test
public void testClientSessionMaxLifespan() throws Exception {
    ClientResource client = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
    ClientRepresentation clientRepresentation = client.toRepresentation();
    RealmResource realm = adminClient.realm("test");
    RealmRepresentation rep = realm.toRepresentation();
    int accessTokenLifespan = rep.getAccessTokenLifespan();
    Integer originalClientSessionMaxLifespan = rep.getClientSessionMaxLifespan();
    try {
        oauth.doLogin("test-user@localhost", "password");
        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
        OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
        assertEquals(200, response.getStatusCode());
        assertExpiration(response.getExpiresIn(), accessTokenLifespan);
        rep.setClientSessionMaxLifespan(accessTokenLifespan - 100);
        realm.update(rep);
        String refreshToken = response.getRefreshToken();
        response = oauth.doRefreshTokenRequest(refreshToken, "password");
        assertEquals(200, response.getStatusCode());
        assertExpiration(response.getExpiresIn(), accessTokenLifespan - 100);
        clientRepresentation.getAttributes().put(OIDCConfigAttributes.CLIENT_SESSION_MAX_LIFESPAN, Integer.toString(accessTokenLifespan - 200));
        client.update(clientRepresentation);
        refreshToken = response.getRefreshToken();
        response = oauth.doRefreshTokenRequest(refreshToken, "password");
        assertEquals(200, response.getStatusCode());
        assertExpiration(response.getExpiresIn(), accessTokenLifespan - 200);
    } finally {
        rep.setClientSessionMaxLifespan(originalClientSessionMaxLifespan);
        realm.update(rep);
        clientRepresentation.getAttributes().put(OIDCConfigAttributes.CLIENT_SESSION_MAX_LIFESPAN, null);
        client.update(clientRepresentation);
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) RealmResource(org.keycloak.admin.client.resource.RealmResource) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 19 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class RefreshTokenTest method testClientSessionIdleTimeout.

@Test
public void testClientSessionIdleTimeout() throws Exception {
    ClientResource client = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
    ClientRepresentation clientRepresentation = client.toRepresentation();
    RealmResource realm = adminClient.realm("test");
    RealmRepresentation rep = realm.toRepresentation();
    int ssoSessionIdleTimeout = rep.getSsoSessionIdleTimeout();
    Integer originalClientSessionIdleTimeout = rep.getClientSessionIdleTimeout();
    try {
        oauth.doLogin("test-user@localhost", "password");
        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
        OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
        assertEquals(200, response.getStatusCode());
        assertExpiration(response.getRefreshExpiresIn(), ssoSessionIdleTimeout);
        rep.setClientSessionIdleTimeout(ssoSessionIdleTimeout - 100);
        realm.update(rep);
        String refreshToken = response.getRefreshToken();
        response = oauth.doRefreshTokenRequest(refreshToken, "password");
        assertEquals(200, response.getStatusCode());
        assertExpiration(response.getRefreshExpiresIn(), ssoSessionIdleTimeout - 100);
        clientRepresentation.getAttributes().put(CLIENT_SESSION_IDLE_TIMEOUT, Integer.toString(ssoSessionIdleTimeout - 200));
        client.update(clientRepresentation);
        refreshToken = response.getRefreshToken();
        response = oauth.doRefreshTokenRequest(refreshToken, "password");
        assertEquals(200, response.getStatusCode());
        assertExpiration(response.getRefreshExpiresIn(), ssoSessionIdleTimeout - 200);
    } finally {
        rep.setClientSessionIdleTimeout(originalClientSessionIdleTimeout);
        realm.update(rep);
        clientRepresentation.getAttributes().put(CLIENT_SESSION_IDLE_TIMEOUT, null);
        client.update(clientRepresentation);
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) RealmResource(org.keycloak.admin.client.resource.RealmResource) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 20 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class RefreshTokenTest method testCheckSsl.

@Test
public void testCheckSsl() throws Exception {
    Client client = AdminClientUtil.createResteasyClient();
    try {
        UriBuilder builder = UriBuilder.fromUri(AUTH_SERVER_ROOT);
        URI grantUri = OIDCLoginProtocolService.tokenUrl(builder).build("test");
        WebTarget grantTarget = client.target(grantUri);
        builder = UriBuilder.fromUri(AUTH_SERVER_ROOT);
        URI uri = OIDCLoginProtocolService.tokenUrl(builder).build("test");
        WebTarget refreshTarget = client.target(uri);
        String refreshToken = null;
        {
            Response response = executeGrantAccessTokenRequest(grantTarget);
            assertEquals(200, response.getStatus());
            org.keycloak.representations.AccessTokenResponse tokenResponse = response.readEntity(org.keycloak.representations.AccessTokenResponse.class);
            refreshToken = tokenResponse.getRefreshToken();
            response.close();
        }
        {
            Response response = executeRefreshToken(refreshTarget, refreshToken);
            assertEquals(200, response.getStatus());
            org.keycloak.representations.AccessTokenResponse tokenResponse = response.readEntity(org.keycloak.representations.AccessTokenResponse.class);
            refreshToken = tokenResponse.getRefreshToken();
            response.close();
        }
        if (!AUTH_SERVER_SSL_REQUIRED) {
            // test checkSsl
            RealmResource realmResource = adminClient.realm("test");
            {
                RealmManager.realm(realmResource).sslRequired(SslRequired.ALL.toString());
            }
            Response response = executeRefreshToken(refreshTarget, refreshToken);
            assertEquals(403, response.getStatus());
            response.close();
            {
                RealmManager.realm(realmResource).sslRequired(SslRequired.EXTERNAL.toString());
            }
        }
        {
            Response response = executeRefreshToken(refreshTarget, refreshToken);
            assertEquals(200, response.getStatus());
            org.keycloak.representations.AccessTokenResponse tokenResponse = response.readEntity(org.keycloak.representations.AccessTokenResponse.class);
            refreshToken = tokenResponse.getRefreshToken();
            response.close();
        }
    } finally {
        client.close();
        resetTimeOffset();
        events.clear();
    }
}
Also used : Response(javax.ws.rs.core.Response) RealmResource(org.keycloak.admin.client.resource.RealmResource) WebTarget(javax.ws.rs.client.WebTarget) OAuthClient(org.keycloak.testsuite.util.OAuthClient) Client(javax.ws.rs.client.Client) UriBuilder(javax.ws.rs.core.UriBuilder) URI(java.net.URI) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Aggregations

RealmResource (org.keycloak.admin.client.resource.RealmResource)263 Test (org.junit.Test)190 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)67 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)61 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)58 Response (javax.ws.rs.core.Response)55 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)48 ClientResource (org.keycloak.admin.client.resource.ClientResource)39 OAuthClient (org.keycloak.testsuite.util.OAuthClient)37 GroupRepresentation (org.keycloak.representations.idm.GroupRepresentation)36 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)34 Before (org.junit.Before)31 UserResource (org.keycloak.admin.client.resource.UserResource)30 IdentityProviderRepresentation (org.keycloak.representations.idm.IdentityProviderRepresentation)25 List (java.util.List)19 LinkedList (java.util.LinkedList)16 ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)16 VerifyProfileTest (org.keycloak.testsuite.forms.VerifyProfileTest)14 ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)13 AccessToken (org.keycloak.representations.AccessToken)12