use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class BackchannelLogoutTest method fetchConsumerRealmDetails.
@Before
public void fetchConsumerRealmDetails() {
RealmResource realmResourceConsumerRealm = adminClient.realm(nbc.consumerRealmName());
realmIdConsumerRealm = realmResourceConsumerRealm.toRepresentation().getId();
accountClientIdConsumerRealm = adminClient.realm(nbc.consumerRealmName()).clients().findByClientId(ACCOUNT_CLIENT_NAME).get(0).getId();
RealmResource realmResourceSubConsumerRealm = adminClient.realm(nbc.subConsumerRealmName());
accountClientIdSubConsumerRealm = adminClient.realm(nbc.subConsumerRealmName()).clients().findByClientId(ACCOUNT_CLIENT_NAME).get(0).getId();
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class OAuthGrantTest method oauthGrantOrderedClientScopes.
// KEYCLOAK-7470
@Test
public void oauthGrantOrderedClientScopes() throws Exception {
// Add GUI Order to client scopes --- email=1, profile=2
RealmResource appRealm = adminClient.realm(REALM_NAME);
ClientScopeResource emailScope = ApiUtil.findClientScopeByName(appRealm, "email");
ClientScopeRepresentation emailRep = emailScope.toRepresentation();
emailRep.getAttributes().put(ClientScopeModel.GUI_ORDER, "1");
emailScope.update(emailRep);
ClientScopeResource profileScope = ApiUtil.findClientScopeByName(appRealm, "profile");
ClientScopeRepresentation profileRep = profileScope.toRepresentation();
profileRep.getAttributes().put(ClientScopeModel.GUI_ORDER, "2");
profileScope.update(profileRep);
// Display consent screen --- assert email, then profile
oauth.clientId(THIRD_PARTY_APP);
oauth.doLoginGrant("test-user@localhost", "password");
grantPage.assertCurrent();
List<String> displayedScopes = grantPage.getDisplayedGrants();
Assert.assertEquals("Email address", displayedScopes.get(0));
Assert.assertEquals("User profile", displayedScopes.get(1));
grantPage.accept();
// Display account mgmt --- assert email, then profile
accountAppsPage.open();
displayedScopes = accountAppsPage.getApplications().get(THIRD_PARTY_APP).getClientScopesGranted();
Assert.assertEquals("Email address", displayedScopes.get(0));
Assert.assertEquals("User profile", displayedScopes.get(1));
// Update GUI Order --- email=3
emailRep = emailScope.toRepresentation();
emailRep.getAttributes().put(ClientScopeModel.GUI_ORDER, "3");
emailScope.update(emailRep);
// Display account mgmt --- assert profile, then email
accountAppsPage.open();
displayedScopes = accountAppsPage.getApplications().get(THIRD_PARTY_APP).getClientScopesGranted();
Assert.assertEquals("User profile", displayedScopes.get(0));
Assert.assertEquals("Email address", displayedScopes.get(1));
// Revoke grant and display consent screen --- assert profile, then email
accountAppsPage.revokeGrant(THIRD_PARTY_APP);
oauth.openLoginForm();
grantPage.assertCurrent();
displayedScopes = grantPage.getDisplayedGrants();
Assert.assertEquals("User profile", displayedScopes.get(0));
Assert.assertEquals("Email address", displayedScopes.get(1));
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class ImpersonationTest method testImpersonationWorksWhenAuthenticationSessionExists.
// KEYCLOAK-5981
@Test
public void testImpersonationWorksWhenAuthenticationSessionExists() throws Exception {
// Create test client
RealmResource realm = adminClient.realms().realm("test");
Response resp = realm.clients().create(ClientBuilder.create().clientId("test-app").addRedirectUri(OAuthClient.APP_ROOT + "/*").build());
resp.close();
// Open the URL for the client (will redirect to Keycloak server AuthorizationEndpoint and create authenticationSession)
String loginFormUrl = oauth.getLoginFormUrl();
driver.navigate().to(loginFormUrl);
loginPage.assertCurrent();
// Impersonate and get SSO cookie. Setup that cookie for webDriver
for (Cookie cookie : testSuccessfulImpersonation("realm-admin", "test")) {
driver.manage().addCookie(cookie);
}
// Open the URL again - should be directly redirected to the app due the SSO login
driver.navigate().to(loginFormUrl);
appPage.assertCurrent();
// KEYCLOAK-12783
Assert.assertEquals("/auth/realms/master/app/auth", new URL(DroneUtils.getCurrentDriver().getCurrentUrl()).getPath());
// Remove test client
ApiUtil.findClientByClientId(realm, "test-app").remove();
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class ImpersonationTest method testImpersonationByMasterRealmServiceAccount.
@Test
public void testImpersonationByMasterRealmServiceAccount() throws Exception {
// Create test client service account
RealmResource realm = adminClient.realms().realm("master");
ClientRepresentation clientApp = ClientBuilder.create().id(KeycloakModelUtils.generateId()).clientId("service-account-cl").secret("password").serviceAccountsEnabled(true).build();
clientApp.setServiceAccountsEnabled(true);
realm.clients().create(clientApp);
UserRepresentation user = ClientManager.realm(adminClient.realm("master")).clientId("service-account-cl").getServiceAccountUser();
user.setServiceAccountClientId("service-account-cl");
// add impersonation roles
ApiUtil.assignRealmRoles(realm, user.getId(), "admin");
// Impersonation
testSuccessfulServiceAccountImpersonation(user, "master");
// Remove test client
ApiUtil.findClientByClientId(realm, "service-account-cl").remove();
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class ManagementPermissionsTest method updateGroupPermissions.
@Test
public void updateGroupPermissions() {
RealmResource realmResource = adminClient.realms().realm("test");
GroupRepresentation group = new GroupRepresentation();
group.setName("perm-group-test");
Response response = realmResource.groups().add(group);
String id = ApiUtil.getCreatedId(response);
GroupResource groupResource = realmResource.groups().group(id);
ManagementPermissionReference result = groupResource.setPermissions(new ManagementPermissionRepresentation(true));
assertNotNull(result);
assertTrue(result.isEnabled());
result = groupResource.getPermissions();
assertNotNull(result);
assertTrue(result.isEnabled());
result = groupResource.setPermissions(new ManagementPermissionRepresentation(false));
assertNotNull(result);
assertFalse(result.isEnabled());
result = groupResource.getPermissions();
assertNotNull(result);
assertFalse(result.isEnabled());
result = groupResource.setPermissions(new ManagementPermissionRepresentation(true));
assertNotNull(result);
assertTrue(result.isEnabled());
result = groupResource.getPermissions();
assertNotNull(result);
assertTrue(result.isEnabled());
result = groupResource.setPermissions(new ManagementPermissionRepresentation(true));
assertNotNull(result);
assertTrue(result.isEnabled());
result = groupResource.getPermissions();
assertNotNull(result);
assertTrue(result.isEnabled());
result = groupResource.setPermissions(new ManagementPermissionRepresentation(false));
assertNotNull(result);
assertFalse(result.isEnabled());
result = groupResource.getPermissions();
assertNotNull(result);
assertFalse(result.isEnabled());
result = groupResource.setPermissions(new ManagementPermissionRepresentation(false));
assertNotNull(result);
assertFalse(result.isEnabled());
result = groupResource.getPermissions();
assertNotNull(result);
assertFalse(result.isEnabled());
}
Aggregations