Search in sources :

Example 1 with SimpleHttp

use of org.keycloak.broker.provider.util.SimpleHttp in project keycloak by keycloak.

the class HttpAuthenticationChannelProvider method requestAuthentication.

@Override
public boolean requestAuthentication(CIBAAuthenticationRequest request, String infoUsedByAuthenticator) {
    // Creates JWT formatted/JWS signed/JWE encrypted Authentication Channel ID by the same manner in creating auth_req_id.
    // Authentication Channel ID binds Backchannel Authentication Request with Authentication by Authentication Device (AD).
    // JWE serialized Authentication Channel ID works as a bearer token. It includes client_id
    // that can be used on Authentication Channel Callback Endpoint to recognize the Consumption Device (CD)
    // that sent Backchannel Authentication Request.
    // The following scopes should be displayed on AD:
    // 1. scopes specified explicitly as query parameter in the authorization request
    // 2. scopes specified implicitly as default client scope in keycloak
    checkAuthenticationChannel();
    ClientModel client = request.getClient();
    try {
        AuthenticationChannelRequest channelRequest = new AuthenticationChannelRequest();
        channelRequest.setScope(request.getScope());
        channelRequest.setBindingMessage(request.getBindingMessage());
        channelRequest.setLoginHint(infoUsedByAuthenticator);
        channelRequest.setConsentRequired(client.isConsentRequired());
        channelRequest.setAcrValues(request.getAcrValues());
        channelRequest.setAdditionalParameters(request.getOtherClaims());
        SimpleHttp simpleHttp = SimpleHttp.doPost(httpAuthenticationChannelUri, session).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).json(channelRequest).auth(createBearerToken(request, client));
        int status = completeDecoupledAuthnRequest(simpleHttp, channelRequest).asStatus();
        if (status == Status.CREATED.getStatusCode()) {
            return true;
        }
    } catch (IOException ioe) {
        throw new RuntimeException("Authentication Channel Access failed.", ioe);
    }
    return false;
}
Also used : ClientModel(org.keycloak.models.ClientModel) SimpleHttp(org.keycloak.broker.provider.util.SimpleHttp) IOException(java.io.IOException)

Example 2 with SimpleHttp

use of org.keycloak.broker.provider.util.SimpleHttp in project keycloak by keycloak.

the class ResourcesRestServiceTest method doGet.

private <R> R doGet(String resource, String token, TypeReference<R> typeReference, Consumer<SimpleHttp.Response> responseHandler) {
    try {
        SimpleHttp http = get(resource, token);
        http.header("Accept", "application/json");
        SimpleHttp.Response response = http.asResponse();
        if (responseHandler != null) {
            responseHandler.accept(response);
        }
        R result = JsonSerialization.readValue(response.asString(), typeReference);
        return result;
    } catch (IOException cause) {
        throw new RuntimeException("Failed to fetch resource", cause);
    }
}
Also used : SimpleHttp(org.keycloak.broker.provider.util.SimpleHttp) IOException(java.io.IOException)

Example 3 with SimpleHttp

use of org.keycloak.broker.provider.util.SimpleHttp in project keycloak by keycloak.

the class DefaultHostnameTest method assertWelcomePage.

private void assertWelcomePage(String expectedAdminUrl) throws IOException {
    try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
        SimpleHttp get = SimpleHttp.doGet(AUTH_SERVER_ROOT + "/", client);
        for (Map.Entry<String, String> entry : createRequestHeaders(expectedAdminUrl).entrySet()) {
            get.header(entry.getKey(), entry.getValue());
        }
        String welcomePage = get.asString();
        assertTrue(welcomePage.contains("<a href=\"" + expectedAdminUrl + "/admin/\">"));
    }
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) SimpleHttp(org.keycloak.broker.provider.util.SimpleHttp) HashMap(java.util.HashMap) Map(java.util.Map)

Example 4 with SimpleHttp

use of org.keycloak.broker.provider.util.SimpleHttp in project keycloak by keycloak.

the class DefaultHostnameTest method assertAdminPage.

private void assertAdminPage(String realm, String expectedFrontendUrl, String expectedAdminUrl) throws IOException, URISyntaxException {
    try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
        SimpleHttp get = SimpleHttp.doGet(AUTH_SERVER_ROOT + "/admin/" + realm + "/console/", client);
        for (Map.Entry<String, String> entry : createRequestHeaders(expectedAdminUrl).entrySet()) {
            get.header(entry.getKey(), entry.getValue());
        }
        SimpleHttp.Response response = get.asResponse();
        String indexPage = response.asString();
        assertTrue(indexPage.contains("authServerUrl = '" + expectedFrontendUrl + "'"));
        assertTrue(indexPage.contains("authUrl = '" + expectedAdminUrl + "'"));
        assertTrue(indexPage.contains("consoleBaseUrl = '" + new URI(expectedAdminUrl).getPath() + "/admin/" + realm + "/console/'"));
        assertTrue(indexPage.contains("resourceUrl = '" + new URI(expectedAdminUrl).getPath() + "/resources/"));
        String cspHeader = response.getFirstHeader(BrowserSecurityHeaders.CONTENT_SECURITY_POLICY.getHeaderName());
        if (expectedFrontendUrl.equalsIgnoreCase(expectedAdminUrl)) {
            assertEquals("frame-src 'self'; frame-ancestors 'self'; object-src 'none';", cspHeader);
        } else {
            assertEquals("frame-src " + UriUtils.getOrigin(expectedFrontendUrl) + "; frame-ancestors 'self'; object-src 'none';", cspHeader);
        }
    }
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) SimpleHttp(org.keycloak.broker.provider.util.SimpleHttp) HashMap(java.util.HashMap) Map(java.util.Map) URI(java.net.URI)

Example 5 with SimpleHttp

use of org.keycloak.broker.provider.util.SimpleHttp in project keycloak by keycloak.

the class BackchannelAuthenticationCallbackEndpoint method sendClientNotificationRequest.

protected void sendClientNotificationRequest(ClientModel client, CibaConfig cibaConfig, OAuth2DeviceCodeModel deviceModel) {
    String clientNotificationEndpoint = cibaConfig.getBackchannelClientNotificationEndpoint(client);
    if (clientNotificationEndpoint == null) {
        event.error(Errors.INVALID_REQUEST);
        throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Client notification endpoint not set for the client with the ping mode", Response.Status.BAD_REQUEST);
    }
    logger.debugf("Sending request to client notification endpoint '%s' for the client '%s'", clientNotificationEndpoint, client.getClientId());
    ClientNotificationEndpointRequest clientNotificationRequest = new ClientNotificationEndpointRequest();
    clientNotificationRequest.setAuthReqId(deviceModel.getAuthReqId());
    SimpleHttp simpleHttp = SimpleHttp.doPost(clientNotificationEndpoint, session).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).json(clientNotificationRequest).auth(deviceModel.getClientNotificationToken());
    try {
        int notificationResponseStatus = simpleHttp.asStatus();
        logger.tracef("Received status '%d' from request to client notification endpoint '%s' for the client '%s'", notificationResponseStatus, clientNotificationEndpoint, client.getClientId());
        if (notificationResponseStatus != 200 && notificationResponseStatus != 204) {
            logger.warnf("Invalid status returned from client notification endpoint '%s' of client '%s'", clientNotificationEndpoint, client.getClientId());
            event.error(Errors.INVALID_REQUEST);
            throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Failed to send request to client notification endpoint", Response.Status.BAD_REQUEST);
        }
    } catch (IOException ioe) {
        logger.errorf(ioe, "Failed to send request to client notification endpoint '%s' of client '%s'", clientNotificationEndpoint, client.getClientId());
        event.error(Errors.INVALID_REQUEST);
        throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Failed to send request to client notification endpoint", Response.Status.BAD_REQUEST);
    }
}
Also used : SimpleHttp(org.keycloak.broker.provider.util.SimpleHttp) ErrorResponseException(org.keycloak.services.ErrorResponseException) IOException(java.io.IOException)

Aggregations

SimpleHttp (org.keycloak.broker.provider.util.SimpleHttp)7 IOException (java.io.IOException)4 HashMap (java.util.HashMap)2 Map (java.util.Map)2 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)2 URI (java.net.URI)1 NotAuthorizedException (javax.ws.rs.NotAuthorizedException)1 Response (javax.ws.rs.core.Response)1 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)1 Keycloak (org.keycloak.admin.client.Keycloak)1 ClientModel (org.keycloak.models.ClientModel)1 TokenMetadataRepresentation (org.keycloak.representations.oidc.TokenMetadataRepresentation)1 ErrorResponseException (org.keycloak.services.ErrorResponseException)1 AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)1