use of org.keycloak.broker.provider.util.SimpleHttp in project keycloak by keycloak.
the class HttpAuthenticationChannelProvider method requestAuthentication.
@Override
public boolean requestAuthentication(CIBAAuthenticationRequest request, String infoUsedByAuthenticator) {
// Creates JWT formatted/JWS signed/JWE encrypted Authentication Channel ID by the same manner in creating auth_req_id.
// Authentication Channel ID binds Backchannel Authentication Request with Authentication by Authentication Device (AD).
// JWE serialized Authentication Channel ID works as a bearer token. It includes client_id
// that can be used on Authentication Channel Callback Endpoint to recognize the Consumption Device (CD)
// that sent Backchannel Authentication Request.
// The following scopes should be displayed on AD:
// 1. scopes specified explicitly as query parameter in the authorization request
// 2. scopes specified implicitly as default client scope in keycloak
checkAuthenticationChannel();
ClientModel client = request.getClient();
try {
AuthenticationChannelRequest channelRequest = new AuthenticationChannelRequest();
channelRequest.setScope(request.getScope());
channelRequest.setBindingMessage(request.getBindingMessage());
channelRequest.setLoginHint(infoUsedByAuthenticator);
channelRequest.setConsentRequired(client.isConsentRequired());
channelRequest.setAcrValues(request.getAcrValues());
channelRequest.setAdditionalParameters(request.getOtherClaims());
SimpleHttp simpleHttp = SimpleHttp.doPost(httpAuthenticationChannelUri, session).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).json(channelRequest).auth(createBearerToken(request, client));
int status = completeDecoupledAuthnRequest(simpleHttp, channelRequest).asStatus();
if (status == Status.CREATED.getStatusCode()) {
return true;
}
} catch (IOException ioe) {
throw new RuntimeException("Authentication Channel Access failed.", ioe);
}
return false;
}
use of org.keycloak.broker.provider.util.SimpleHttp in project keycloak by keycloak.
the class ResourcesRestServiceTest method doGet.
private <R> R doGet(String resource, String token, TypeReference<R> typeReference, Consumer<SimpleHttp.Response> responseHandler) {
try {
SimpleHttp http = get(resource, token);
http.header("Accept", "application/json");
SimpleHttp.Response response = http.asResponse();
if (responseHandler != null) {
responseHandler.accept(response);
}
R result = JsonSerialization.readValue(response.asString(), typeReference);
return result;
} catch (IOException cause) {
throw new RuntimeException("Failed to fetch resource", cause);
}
}
use of org.keycloak.broker.provider.util.SimpleHttp in project keycloak by keycloak.
the class DefaultHostnameTest method assertWelcomePage.
private void assertWelcomePage(String expectedAdminUrl) throws IOException {
try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
SimpleHttp get = SimpleHttp.doGet(AUTH_SERVER_ROOT + "/", client);
for (Map.Entry<String, String> entry : createRequestHeaders(expectedAdminUrl).entrySet()) {
get.header(entry.getKey(), entry.getValue());
}
String welcomePage = get.asString();
assertTrue(welcomePage.contains("<a href=\"" + expectedAdminUrl + "/admin/\">"));
}
}
use of org.keycloak.broker.provider.util.SimpleHttp in project keycloak by keycloak.
the class DefaultHostnameTest method assertAdminPage.
private void assertAdminPage(String realm, String expectedFrontendUrl, String expectedAdminUrl) throws IOException, URISyntaxException {
try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
SimpleHttp get = SimpleHttp.doGet(AUTH_SERVER_ROOT + "/admin/" + realm + "/console/", client);
for (Map.Entry<String, String> entry : createRequestHeaders(expectedAdminUrl).entrySet()) {
get.header(entry.getKey(), entry.getValue());
}
SimpleHttp.Response response = get.asResponse();
String indexPage = response.asString();
assertTrue(indexPage.contains("authServerUrl = '" + expectedFrontendUrl + "'"));
assertTrue(indexPage.contains("authUrl = '" + expectedAdminUrl + "'"));
assertTrue(indexPage.contains("consoleBaseUrl = '" + new URI(expectedAdminUrl).getPath() + "/admin/" + realm + "/console/'"));
assertTrue(indexPage.contains("resourceUrl = '" + new URI(expectedAdminUrl).getPath() + "/resources/"));
String cspHeader = response.getFirstHeader(BrowserSecurityHeaders.CONTENT_SECURITY_POLICY.getHeaderName());
if (expectedFrontendUrl.equalsIgnoreCase(expectedAdminUrl)) {
assertEquals("frame-src 'self'; frame-ancestors 'self'; object-src 'none';", cspHeader);
} else {
assertEquals("frame-src " + UriUtils.getOrigin(expectedFrontendUrl) + "; frame-ancestors 'self'; object-src 'none';", cspHeader);
}
}
}
use of org.keycloak.broker.provider.util.SimpleHttp in project keycloak by keycloak.
the class BackchannelAuthenticationCallbackEndpoint method sendClientNotificationRequest.
protected void sendClientNotificationRequest(ClientModel client, CibaConfig cibaConfig, OAuth2DeviceCodeModel deviceModel) {
String clientNotificationEndpoint = cibaConfig.getBackchannelClientNotificationEndpoint(client);
if (clientNotificationEndpoint == null) {
event.error(Errors.INVALID_REQUEST);
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Client notification endpoint not set for the client with the ping mode", Response.Status.BAD_REQUEST);
}
logger.debugf("Sending request to client notification endpoint '%s' for the client '%s'", clientNotificationEndpoint, client.getClientId());
ClientNotificationEndpointRequest clientNotificationRequest = new ClientNotificationEndpointRequest();
clientNotificationRequest.setAuthReqId(deviceModel.getAuthReqId());
SimpleHttp simpleHttp = SimpleHttp.doPost(clientNotificationEndpoint, session).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).json(clientNotificationRequest).auth(deviceModel.getClientNotificationToken());
try {
int notificationResponseStatus = simpleHttp.asStatus();
logger.tracef("Received status '%d' from request to client notification endpoint '%s' for the client '%s'", notificationResponseStatus, clientNotificationEndpoint, client.getClientId());
if (notificationResponseStatus != 200 && notificationResponseStatus != 204) {
logger.warnf("Invalid status returned from client notification endpoint '%s' of client '%s'", clientNotificationEndpoint, client.getClientId());
event.error(Errors.INVALID_REQUEST);
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Failed to send request to client notification endpoint", Response.Status.BAD_REQUEST);
}
} catch (IOException ioe) {
logger.errorf(ioe, "Failed to send request to client notification endpoint '%s' of client '%s'", clientNotificationEndpoint, client.getClientId());
event.error(Errors.INVALID_REQUEST);
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Failed to send request to client notification endpoint", Response.Status.BAD_REQUEST);
}
}
Aggregations