Search in sources :

Example 31 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class BackchannelLogoutTest method fetchConsumerRealmDetails.

@Before
public void fetchConsumerRealmDetails() {
    RealmResource realmResourceConsumerRealm = adminClient.realm(nbc.consumerRealmName());
    realmIdConsumerRealm = realmResourceConsumerRealm.toRepresentation().getId();
    accountClientIdConsumerRealm = adminClient.realm(nbc.consumerRealmName()).clients().findByClientId(ACCOUNT_CLIENT_NAME).get(0).getId();
    RealmResource realmResourceSubConsumerRealm = adminClient.realm(nbc.subConsumerRealmName());
    accountClientIdSubConsumerRealm = adminClient.realm(nbc.subConsumerRealmName()).clients().findByClientId(ACCOUNT_CLIENT_NAME).get(0).getId();
}
Also used : RealmResource(org.keycloak.admin.client.resource.RealmResource) Before(org.junit.Before)

Example 32 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class OAuthGrantTest method oauthGrantOrderedClientScopes.

// KEYCLOAK-7470
@Test
public void oauthGrantOrderedClientScopes() throws Exception {
    // Add GUI Order to client scopes --- email=1, profile=2
    RealmResource appRealm = adminClient.realm(REALM_NAME);
    ClientScopeResource emailScope = ApiUtil.findClientScopeByName(appRealm, "email");
    ClientScopeRepresentation emailRep = emailScope.toRepresentation();
    emailRep.getAttributes().put(ClientScopeModel.GUI_ORDER, "1");
    emailScope.update(emailRep);
    ClientScopeResource profileScope = ApiUtil.findClientScopeByName(appRealm, "profile");
    ClientScopeRepresentation profileRep = profileScope.toRepresentation();
    profileRep.getAttributes().put(ClientScopeModel.GUI_ORDER, "2");
    profileScope.update(profileRep);
    // Display consent screen --- assert email, then profile
    oauth.clientId(THIRD_PARTY_APP);
    oauth.doLoginGrant("test-user@localhost", "password");
    grantPage.assertCurrent();
    List<String> displayedScopes = grantPage.getDisplayedGrants();
    Assert.assertEquals("Email address", displayedScopes.get(0));
    Assert.assertEquals("User profile", displayedScopes.get(1));
    grantPage.accept();
    // Display account mgmt --- assert email, then profile
    accountAppsPage.open();
    displayedScopes = accountAppsPage.getApplications().get(THIRD_PARTY_APP).getClientScopesGranted();
    Assert.assertEquals("Email address", displayedScopes.get(0));
    Assert.assertEquals("User profile", displayedScopes.get(1));
    // Update GUI Order --- email=3
    emailRep = emailScope.toRepresentation();
    emailRep.getAttributes().put(ClientScopeModel.GUI_ORDER, "3");
    emailScope.update(emailRep);
    // Display account mgmt --- assert profile, then email
    accountAppsPage.open();
    displayedScopes = accountAppsPage.getApplications().get(THIRD_PARTY_APP).getClientScopesGranted();
    Assert.assertEquals("User profile", displayedScopes.get(0));
    Assert.assertEquals("Email address", displayedScopes.get(1));
    // Revoke grant and display consent screen --- assert profile, then email
    accountAppsPage.revokeGrant(THIRD_PARTY_APP);
    oauth.openLoginForm();
    grantPage.assertCurrent();
    displayedScopes = grantPage.getDisplayedGrants();
    Assert.assertEquals("User profile", displayedScopes.get(0));
    Assert.assertEquals("Email address", displayedScopes.get(1));
}
Also used : RealmResource(org.keycloak.admin.client.resource.RealmResource) ClientScopeResource(org.keycloak.admin.client.resource.ClientScopeResource) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 33 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class ImpersonationTest method testImpersonationWorksWhenAuthenticationSessionExists.

// KEYCLOAK-5981
@Test
public void testImpersonationWorksWhenAuthenticationSessionExists() throws Exception {
    // Create test client
    RealmResource realm = adminClient.realms().realm("test");
    Response resp = realm.clients().create(ClientBuilder.create().clientId("test-app").addRedirectUri(OAuthClient.APP_ROOT + "/*").build());
    resp.close();
    // Open the URL for the client (will redirect to Keycloak server AuthorizationEndpoint and create authenticationSession)
    String loginFormUrl = oauth.getLoginFormUrl();
    driver.navigate().to(loginFormUrl);
    loginPage.assertCurrent();
    // Impersonate and get SSO cookie. Setup that cookie for webDriver
    for (Cookie cookie : testSuccessfulImpersonation("realm-admin", "test")) {
        driver.manage().addCookie(cookie);
    }
    // Open the URL again - should be directly redirected to the app due the SSO login
    driver.navigate().to(loginFormUrl);
    appPage.assertCurrent();
    // KEYCLOAK-12783
    Assert.assertEquals("/auth/realms/master/app/auth", new URL(DroneUtils.getCurrentDriver().getCurrentUrl()).getPath());
    // Remove test client
    ApiUtil.findClientByClientId(realm, "test-app").remove();
}
Also used : Response(javax.ws.rs.core.Response) HttpResponse(org.apache.http.HttpResponse) Cookie(org.openqa.selenium.Cookie) RealmResource(org.keycloak.admin.client.resource.RealmResource) URL(java.net.URL) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 34 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class ImpersonationTest method testImpersonationByMasterRealmServiceAccount.

@Test
public void testImpersonationByMasterRealmServiceAccount() throws Exception {
    // Create test client service account
    RealmResource realm = adminClient.realms().realm("master");
    ClientRepresentation clientApp = ClientBuilder.create().id(KeycloakModelUtils.generateId()).clientId("service-account-cl").secret("password").serviceAccountsEnabled(true).build();
    clientApp.setServiceAccountsEnabled(true);
    realm.clients().create(clientApp);
    UserRepresentation user = ClientManager.realm(adminClient.realm("master")).clientId("service-account-cl").getServiceAccountUser();
    user.setServiceAccountClientId("service-account-cl");
    // add impersonation roles
    ApiUtil.assignRealmRoles(realm, user.getId(), "admin");
    // Impersonation
    testSuccessfulServiceAccountImpersonation(user, "master");
    // Remove test client
    ApiUtil.findClientByClientId(realm, "service-account-cl").remove();
}
Also used : RealmResource(org.keycloak.admin.client.resource.RealmResource) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 35 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class ManagementPermissionsTest method updateGroupPermissions.

@Test
public void updateGroupPermissions() {
    RealmResource realmResource = adminClient.realms().realm("test");
    GroupRepresentation group = new GroupRepresentation();
    group.setName("perm-group-test");
    Response response = realmResource.groups().add(group);
    String id = ApiUtil.getCreatedId(response);
    GroupResource groupResource = realmResource.groups().group(id);
    ManagementPermissionReference result = groupResource.setPermissions(new ManagementPermissionRepresentation(true));
    assertNotNull(result);
    assertTrue(result.isEnabled());
    result = groupResource.getPermissions();
    assertNotNull(result);
    assertTrue(result.isEnabled());
    result = groupResource.setPermissions(new ManagementPermissionRepresentation(false));
    assertNotNull(result);
    assertFalse(result.isEnabled());
    result = groupResource.getPermissions();
    assertNotNull(result);
    assertFalse(result.isEnabled());
    result = groupResource.setPermissions(new ManagementPermissionRepresentation(true));
    assertNotNull(result);
    assertTrue(result.isEnabled());
    result = groupResource.getPermissions();
    assertNotNull(result);
    assertTrue(result.isEnabled());
    result = groupResource.setPermissions(new ManagementPermissionRepresentation(true));
    assertNotNull(result);
    assertTrue(result.isEnabled());
    result = groupResource.getPermissions();
    assertNotNull(result);
    assertTrue(result.isEnabled());
    result = groupResource.setPermissions(new ManagementPermissionRepresentation(false));
    assertNotNull(result);
    assertFalse(result.isEnabled());
    result = groupResource.getPermissions();
    assertNotNull(result);
    assertFalse(result.isEnabled());
    result = groupResource.setPermissions(new ManagementPermissionRepresentation(false));
    assertNotNull(result);
    assertFalse(result.isEnabled());
    result = groupResource.getPermissions();
    assertNotNull(result);
    assertFalse(result.isEnabled());
}
Also used : Response(javax.ws.rs.core.Response) RealmResource(org.keycloak.admin.client.resource.RealmResource) GroupResource(org.keycloak.admin.client.resource.GroupResource) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Aggregations

RealmResource (org.keycloak.admin.client.resource.RealmResource)263 Test (org.junit.Test)190 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)67 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)61 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)58 Response (javax.ws.rs.core.Response)55 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)48 ClientResource (org.keycloak.admin.client.resource.ClientResource)39 OAuthClient (org.keycloak.testsuite.util.OAuthClient)37 GroupRepresentation (org.keycloak.representations.idm.GroupRepresentation)36 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)34 Before (org.junit.Before)31 UserResource (org.keycloak.admin.client.resource.UserResource)30 IdentityProviderRepresentation (org.keycloak.representations.idm.IdentityProviderRepresentation)25 List (java.util.List)19 LinkedList (java.util.LinkedList)16 ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)16 VerifyProfileTest (org.keycloak.testsuite.forms.VerifyProfileTest)14 ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)13 AccessToken (org.keycloak.representations.AccessToken)12