Search in sources :

Example 26 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class OfflineTokenTest method testClientOfflineSessionMaxLifespan.

@Test
public void testClientOfflineSessionMaxLifespan() throws Exception {
    ClientResource client = ApiUtil.findClientByClientId(adminClient.realm("test"), "offline-client");
    ClientRepresentation clientRepresentation = client.toRepresentation();
    RealmResource realm = adminClient.realm("test");
    RealmRepresentation rep = realm.toRepresentation();
    Boolean originalOfflineSessionMaxLifespanEnabled = rep.getOfflineSessionMaxLifespanEnabled();
    Integer originalOfflineSessionMaxLifespan = rep.getOfflineSessionMaxLifespan();
    int offlineSessionMaxLifespan = rep.getOfflineSessionIdleTimeout() - 100;
    Integer originalClientOfflineSessionMaxLifespan = rep.getClientOfflineSessionMaxLifespan();
    try {
        rep.setOfflineSessionMaxLifespanEnabled(true);
        rep.setOfflineSessionMaxLifespan(offlineSessionMaxLifespan);
        realm.update(rep);
        oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
        oauth.clientId("offline-client");
        oauth.redirectUri(offlineClientAppUri);
        oauth.doLogin("test-user@localhost", "password");
        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
        OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "secret1");
        assertEquals(200, response.getStatusCode());
        assertExpiration(response.getRefreshExpiresIn(), offlineSessionMaxLifespan);
        rep.setClientOfflineSessionMaxLifespan(offlineSessionMaxLifespan - 100);
        realm.update(rep);
        String refreshToken = response.getRefreshToken();
        response = oauth.doRefreshTokenRequest(refreshToken, "secret1");
        assertEquals(200, response.getStatusCode());
        assertExpiration(response.getRefreshExpiresIn(), offlineSessionMaxLifespan - 100);
        clientRepresentation.getAttributes().put(OIDCConfigAttributes.CLIENT_OFFLINE_SESSION_MAX_LIFESPAN, Integer.toString(offlineSessionMaxLifespan - 200));
        client.update(clientRepresentation);
        refreshToken = response.getRefreshToken();
        response = oauth.doRefreshTokenRequest(refreshToken, "secret1");
        assertEquals(200, response.getStatusCode());
        assertExpiration(response.getRefreshExpiresIn(), offlineSessionMaxLifespan - 200);
    } finally {
        rep.setOfflineSessionMaxLifespanEnabled(originalOfflineSessionMaxLifespanEnabled);
        rep.setOfflineSessionMaxLifespan(originalOfflineSessionMaxLifespan);
        rep.setClientOfflineSessionMaxLifespan(originalClientOfflineSessionMaxLifespan);
        realm.update(rep);
        clientRepresentation.getAttributes().put(OIDCConfigAttributes.CLIENT_OFFLINE_SESSION_MAX_LIFESPAN, null);
        client.update(clientRepresentation);
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) RealmResource(org.keycloak.admin.client.resource.RealmResource) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 27 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class OfflineTokenTest method offlineTokenAdminRESTAccess.

/**
 * KEYCLOAK-4201
 *
 * @throws Exception
 */
@Test
public void offlineTokenAdminRESTAccess() throws Exception {
    // Grant "view-realm" role to user
    RealmResource appRealm = adminClient.realm("test");
    ClientResource realmMgmt = ApiUtil.findClientByClientId(appRealm, Constants.REALM_MANAGEMENT_CLIENT_ID);
    String realmMgmtUuid = realmMgmt.toRepresentation().getId();
    RoleRepresentation roleRep = realmMgmt.roles().get(AdminRoles.VIEW_REALM).toRepresentation();
    UserResource testUser = findUserByUsernameId(appRealm, "test-user@localhost");
    testUser.roles().clientLevel(realmMgmtUuid).add(Collections.singletonList(roleRep));
    // Login with offline token now
    oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
    oauth.clientId("offline-client");
    OAuthClient.AccessTokenResponse tokenResponse = oauth.doGrantAccessTokenRequest("secret1", "test-user@localhost", "password");
    events.clear();
    // Set the time offset, so that "normal" userSession expires
    setTimeOffset(86400);
    // Remove expired sessions. This will remove "normal" userSession
    testingClient.testing().removeUserSessions(appRealm.toRepresentation().getId());
    // Refresh with the offline token
    tokenResponse = oauth.doRefreshTokenRequest(tokenResponse.getRefreshToken(), "secret1");
    // Use accessToken to admin REST request
    try (Keycloak offlineTokenAdmin = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", AuthRealm.MASTER, Constants.ADMIN_CLI_CLIENT_ID, tokenResponse.getAccessToken(), TLSUtils.initializeTLS())) {
        RealmRepresentation testRealm = offlineTokenAdmin.realm("test").toRepresentation();
        Assert.assertNotNull(testRealm);
    }
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) OAuthClient(org.keycloak.testsuite.util.OAuthClient) RealmResource(org.keycloak.admin.client.resource.RealmResource) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) UserResource(org.keycloak.admin.client.resource.UserResource) ClientResource(org.keycloak.admin.client.resource.ClientResource) Keycloak(org.keycloak.admin.client.Keycloak) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 28 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class OfflineTokenTest method offlineTokenAllowedWithCompositeRole.

@Test
public void offlineTokenAllowedWithCompositeRole() throws Exception {
    RealmResource appRealm = adminClient.realm("test");
    UserResource testUser = findUserByUsernameId(appRealm, "test-user@localhost");
    RoleRepresentation offlineAccess = findRealmRoleByName(adminClient.realm("test"), Constants.OFFLINE_ACCESS_ROLE).toRepresentation();
    // Grant offline_access role indirectly through composite role
    appRealm.roles().create(RoleBuilder.create().name("composite").build());
    RoleResource roleResource = appRealm.roles().get("composite");
    roleResource.addComposites(Collections.singletonList(offlineAccess));
    testUser.roles().realmLevel().remove(Collections.singletonList(offlineAccess));
    testUser.roles().realmLevel().add(Collections.singletonList(roleResource.toRepresentation()));
    // Integration test
    offlineTokenDirectGrantFlow();
    // Revert changes
    testUser.roles().realmLevel().remove(Collections.singletonList(appRealm.roles().get("composite").toRepresentation()));
    appRealm.roles().get("composite").remove();
    testUser.roles().realmLevel().add(Collections.singletonList(offlineAccess));
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) RoleResource(org.keycloak.admin.client.resource.RoleResource) UserResource(org.keycloak.admin.client.resource.UserResource) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 29 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class OfflineTokenTest method testClientOfflineSessionIdleTimeout.

@Test
public void testClientOfflineSessionIdleTimeout() throws Exception {
    ClientResource client = ApiUtil.findClientByClientId(adminClient.realm("test"), "offline-client");
    ClientRepresentation clientRepresentation = client.toRepresentation();
    RealmResource realm = adminClient.realm("test");
    RealmRepresentation rep = realm.toRepresentation();
    Boolean originalOfflineSessionMaxLifespanEnabled = rep.getOfflineSessionMaxLifespanEnabled();
    int offlineSessionIdleTimeout = rep.getOfflineSessionIdleTimeout();
    Integer originalClientOfflineSessionIdleTimeout = rep.getClientOfflineSessionIdleTimeout();
    try {
        rep.setOfflineSessionMaxLifespanEnabled(true);
        realm.update(rep);
        oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
        oauth.clientId("offline-client");
        oauth.redirectUri(offlineClientAppUri);
        oauth.doLogin("test-user@localhost", "password");
        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
        OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "secret1");
        assertEquals(200, response.getStatusCode());
        assertExpiration(response.getRefreshExpiresIn(), offlineSessionIdleTimeout);
        rep.setClientOfflineSessionIdleTimeout(offlineSessionIdleTimeout - 100);
        realm.update(rep);
        String refreshToken = response.getRefreshToken();
        response = oauth.doRefreshTokenRequest(refreshToken, "secret1");
        assertEquals(200, response.getStatusCode());
        assertExpiration(response.getRefreshExpiresIn(), offlineSessionIdleTimeout - 100);
        clientRepresentation.getAttributes().put(OIDCConfigAttributes.CLIENT_OFFLINE_SESSION_IDLE_TIMEOUT, Integer.toString(offlineSessionIdleTimeout - 200));
        client.update(clientRepresentation);
        refreshToken = response.getRefreshToken();
        response = oauth.doRefreshTokenRequest(refreshToken, "secret1");
        assertEquals(200, response.getStatusCode());
        assertExpiration(response.getRefreshExpiresIn(), offlineSessionIdleTimeout - 200);
    } finally {
        rep.setOfflineSessionMaxLifespanEnabled(originalOfflineSessionMaxLifespanEnabled);
        rep.setClientOfflineSessionIdleTimeout(originalClientOfflineSessionIdleTimeout);
        realm.update(rep);
        clientRepresentation.getAttributes().put(OIDCConfigAttributes.CLIENT_OFFLINE_SESSION_IDLE_TIMEOUT, null);
        client.update(clientRepresentation);
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) RealmResource(org.keycloak.admin.client.resource.RealmResource) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 30 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class RefreshTokenTest method testUserSessionRefreshAndIdleRememberMe.

@Test
public void testUserSessionRefreshAndIdleRememberMe() throws Exception {
    RealmResource testRealm = adminClient.realm("test");
    RealmRepresentation testRealmRep = testRealm.toRepresentation();
    Boolean previousRememberMe = testRealmRep.isRememberMe();
    int originalIdleRememberMe = testRealmRep.getSsoSessionIdleTimeoutRememberMe();
    try {
        testRealmRep.setRememberMe(true);
        testRealm.update(testRealmRep);
        oauth.doRememberMeLogin("test-user@localhost", "password");
        EventRepresentation loginEvent = events.expectLogin().assertEvent();
        String sessionId = loginEvent.getSessionId();
        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
        OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "password");
        events.poll();
        String refreshId = oauth.parseRefreshToken(tokenResponse.getRefreshToken()).getId();
        int last = testingClient.testing().getLastSessionRefresh("test", sessionId, false);
        setTimeOffset(2);
        tokenResponse = oauth.doRefreshTokenRequest(tokenResponse.getRefreshToken(), "password");
        oauth.verifyToken(tokenResponse.getAccessToken());
        oauth.parseRefreshToken(tokenResponse.getRefreshToken());
        assertEquals(200, tokenResponse.getStatusCode());
        int next = testingClient.testing().getLastSessionRefresh("test", sessionId, false);
        Assert.assertNotEquals(last, next);
        testRealmRep.setSsoSessionIdleTimeoutRememberMe(1);
        testRealm.update(testRealmRep);
        events.clear();
        // Needs to add some additional time due the tollerance allowed by IDLE_TIMEOUT_WINDOW_SECONDS
        setTimeOffset(6 + SessionTimeoutHelper.IDLE_TIMEOUT_WINDOW_SECONDS);
        tokenResponse = oauth.doRefreshTokenRequest(tokenResponse.getRefreshToken(), "password");
        // test idle remember me timeout
        assertEquals(400, tokenResponse.getStatusCode());
        assertNull(tokenResponse.getAccessToken());
        assertNull(tokenResponse.getRefreshToken());
        events.expectRefresh(refreshId, sessionId).error(Errors.INVALID_TOKEN);
        events.clear();
    } finally {
        testRealmRep.setSsoSessionIdleTimeoutRememberMe(originalIdleRememberMe);
        testRealmRep.setRememberMe(previousRememberMe);
        testRealm.update(testRealmRep);
        setTimeOffset(0);
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) RealmResource(org.keycloak.admin.client.resource.RealmResource) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Aggregations

RealmResource (org.keycloak.admin.client.resource.RealmResource)263 Test (org.junit.Test)190 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)67 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)61 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)58 Response (javax.ws.rs.core.Response)55 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)48 ClientResource (org.keycloak.admin.client.resource.ClientResource)39 OAuthClient (org.keycloak.testsuite.util.OAuthClient)37 GroupRepresentation (org.keycloak.representations.idm.GroupRepresentation)36 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)34 Before (org.junit.Before)31 UserResource (org.keycloak.admin.client.resource.UserResource)30 IdentityProviderRepresentation (org.keycloak.representations.idm.IdentityProviderRepresentation)25 List (java.util.List)19 LinkedList (java.util.LinkedList)16 ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)16 VerifyProfileTest (org.keycloak.testsuite.forms.VerifyProfileTest)14 ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)13 AccessToken (org.keycloak.representations.AccessToken)12