Search in sources :

Example 1 with Profile

use of org.keycloak.common.Profile in project keycloak by keycloak.

the class JavascriptAdapterTest method testScopeInLoginOptionsShouldBeConsideredByLoginUrl.

/**
 * Test for scope handling via {@code loginOptions}: <pre>{@code
 * Keycloak keycloak = new Keycloak(); keycloak.login({.... scope: "profile email phone"})
 * }</pre>
 * See KEYCLOAK-14412
 */
@Test
public void testScopeInLoginOptionsShouldBeConsideredByLoginUrl() {
    testExecutor.configure().init(defaultArguments());
    JSObjectBuilder loginOptions = JSObjectBuilder.create().add("scope", "profile email phone");
    testExecutor.login(loginOptions, (JavascriptStateValidator) (driver, output, events) -> {
        assertThat(driver.getCurrentUrl(), containsString("&scope=openid%20profile%20email%20phone"));
    });
}
Also used : JavascriptBrowser(org.keycloak.testsuite.util.JavascriptBrowser) URL(java.net.URL) JavascriptStateValidator(org.keycloak.testsuite.util.javascript.JavascriptStateValidator) AssertEvents(org.keycloak.testsuite.AssertEvents) WebElement(org.openqa.selenium.WebElement) Page(org.jboss.arquillian.graphene.page.Page) OAuthClient(org.keycloak.testsuite.util.OAuthClient) Assert.assertThat(org.junit.Assert.assertThat) Map(java.util.Map) ClientResource(org.keycloak.admin.client.resource.ClientResource) IsMapContaining.hasEntry(org.hamcrest.collection.IsMapContaining.hasEntry) UriUtils(org.keycloak.common.util.UriUtils) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature) AUTH_SERVER_HOST(org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_HOST) UpdatePassword(org.keycloak.testsuite.auth.page.login.UpdatePassword) IDToken(org.keycloak.representations.IDToken) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) XMLHttpRequest(org.keycloak.testsuite.util.javascript.XMLHttpRequest) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) List(java.util.List) URLAssert.assertCurrentUrlStartsWith(org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith) TimeoutException(org.openqa.selenium.TimeoutException) Details(org.keycloak.events.Details) OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol) Matchers.greaterThan(org.hamcrest.Matchers.greaterThan) Matchers.is(org.hamcrest.Matchers.is) OAuth2Constants(org.keycloak.OAuth2Constants) WaitUtils.waitUntilElement(org.keycloak.testsuite.util.WaitUtils.waitUntilElement) CoreMatchers.anyOf(org.hamcrest.CoreMatchers.anyOf) Profile(org.keycloak.common.Profile) Assert(org.keycloak.testsuite.Assert) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) WebDriver(org.openqa.selenium.WebDriver) WebDriverException(org.openqa.selenium.WebDriverException) JavascriptTestExecutor(org.keycloak.testsuite.util.javascript.JavascriptTestExecutor) OAuthGrant(org.keycloak.testsuite.auth.page.login.OAuthGrant) RealmBuilder(org.keycloak.testsuite.util.RealmBuilder) UserBuilder(org.keycloak.testsuite.util.UserBuilder) CoreMatchers.both(org.hamcrest.CoreMatchers.both) Matchers.lessThan(org.hamcrest.Matchers.lessThan) URLAssert.assertCurrentUrlDoesntStartWith(org.keycloak.testsuite.util.URLAssert.assertCurrentUrlDoesntStartWith) Assume(org.junit.Assume) Math.toIntExact(java.lang.Math.toIntExact) AuthServer(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer) Retry(org.keycloak.common.util.Retry) Before(org.junit.Before) ClaimsRepresentation(org.keycloak.representations.ClaimsRepresentation) ApiUtil(org.keycloak.testsuite.admin.ApiUtil) SuiteContext(org.keycloak.testsuite.arquillian.SuiteContext) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Assert.assertTrue(org.junit.Assert.assertTrue) Test(org.junit.Test) EventType(org.keycloak.events.EventType) IOException(java.io.IOException) WaitUtils.waitForPageToLoad(org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad) JsonSerialization(org.keycloak.util.JsonSerialization) Rule(org.junit.Rule) JSObjectBuilder(org.keycloak.testsuite.util.javascript.JSObjectBuilder) Applications(org.keycloak.testsuite.auth.page.account.Applications) Assert.assertEquals(org.junit.Assert.assertEquals) JSObjectBuilder(org.keycloak.testsuite.util.javascript.JSObjectBuilder) Test(org.junit.Test)

Example 2 with Profile

use of org.keycloak.common.Profile in project keycloak by keycloak.

the class ClientPoliciesUtil method getValidatedGlobalClientProfilesRepresentation.

/**
 * get validated and modified global (built-in) client profiles set on keycloak app as representation.
 * it is loaded from json file enclosed in keycloak's binary.
 * not return null.
 */
static List<ClientProfileRepresentation> getValidatedGlobalClientProfilesRepresentation(KeycloakSession session, InputStream is) throws ClientPolicyException {
    // load builtin client profiles representation
    ClientProfilesRepresentation proposedProfilesRep = null;
    try {
        proposedProfilesRep = JsonSerialization.readValue(is, ClientProfilesRepresentation.class);
    } catch (Exception e) {
        throw new ClientPolicyException("failed to deserialize global proposed client profiles json string.", e.getMessage());
    }
    if (proposedProfilesRep == null) {
        return Collections.emptyList();
    }
    // no profile contained (it is valid)
    List<ClientProfileRepresentation> proposedProfileRepList = proposedProfilesRep.getProfiles();
    if (proposedProfileRepList == null || proposedProfileRepList.isEmpty()) {
        return Collections.emptyList();
    }
    // duplicated profile name is not allowed.
    if (proposedProfileRepList.size() != proposedProfileRepList.stream().map(i -> i.getName()).distinct().count()) {
        throw new ClientPolicyException("proposed global client profile name duplicated.");
    }
    // construct validated and modified profiles from builtin profiles in JSON file enclosed in keycloak binary.
    List<ClientProfileRepresentation> updatingProfileList = new LinkedList<>();
    for (ClientProfileRepresentation proposedProfileRep : proposedProfilesRep.getProfiles()) {
        if (proposedProfileRep.getName() == null) {
            throw new ClientPolicyException("client profile without its name not allowed.");
        }
        ClientProfileRepresentation profileRep = new ClientProfileRepresentation();
        profileRep.setName(proposedProfileRep.getName());
        profileRep.setDescription(proposedProfileRep.getDescription());
        // to prevent returning null
        profileRep.setExecutors(new ArrayList<>());
        if (proposedProfileRep.getExecutors() != null) {
            for (ClientPolicyExecutorRepresentation executorRep : proposedProfileRep.getExecutors()) {
                // Skip the check if feature is disabled as then the executor implementations are disabled
                if (Profile.isFeatureEnabled(Profile.Feature.CLIENT_POLICIES) && !isValidExecutor(session, executorRep.getExecutorProviderId())) {
                    throw new ClientPolicyException("proposed client profile contains the executor with its invalid configuration.");
                }
                profileRep.getExecutors().add(executorRep);
            }
        }
        updatingProfileList.add(profileRep);
    }
    return updatingProfileList;
}
Also used : ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation) Profile(org.keycloak.common.Profile) Logger(org.jboss.logging.Logger) Constants(org.keycloak.models.Constants) ArrayList(java.util.ArrayList) ComponentModel(org.keycloak.component.ComponentModel) ClientPolicyConditionConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation) JsonNode(com.fasterxml.jackson.databind.JsonNode) LinkedList(java.util.LinkedList) ClientPolicyConditionProvider(org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider) ClientPolicyExecutorProvider(org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider) ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientPolicyExecutorConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorConfigurationRepresentation) RealmModel(org.keycloak.models.RealmModel) Set(java.util.Set) KeycloakSession(org.keycloak.models.KeycloakSession) IOException(java.io.IOException) Collectors(java.util.stream.Collectors) JsonConfigComponentModel(org.keycloak.component.JsonConfigComponentModel) ClientPolicyExecutorRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorRepresentation) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) JsonSerialization(org.keycloak.util.JsonSerialization) List(java.util.List) Collections(java.util.Collections) InputStream(java.io.InputStream) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) ClientPolicyExecutorRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation) IOException(java.io.IOException) LinkedList(java.util.LinkedList)

Example 3 with Profile

use of org.keycloak.common.Profile in project keycloak by keycloak.

the class ClientPoliciesUtil method getValidatedClientProfilesForUpdate.

/**
 * get validated and modified client profiles as representation.
 * it can be constructed by merging proposed client profiles with existing client profiles.
 * not return null.
 */
static ClientProfilesRepresentation getValidatedClientProfilesForUpdate(KeycloakSession session, RealmModel realm, ClientProfilesRepresentation proposedProfilesRep, List<ClientProfileRepresentation> globalClientProfiles) throws ClientPolicyException {
    if (realm == null) {
        throw new ClientPolicyException("realm not specified.");
    }
    // no profile contained (it is valid)
    List<ClientProfileRepresentation> proposedProfileRepList = proposedProfilesRep.getProfiles();
    if (proposedProfileRepList == null || proposedProfileRepList.isEmpty()) {
        proposedProfileRepList = new ArrayList<>();
        proposedProfilesRep.setProfiles(new ArrayList<>());
    }
    // Profile without name not allowed
    if (proposedProfileRepList.stream().anyMatch(clientProfile -> clientProfile.getName() == null || clientProfile.getName().isEmpty())) {
        throw new ClientPolicyException("client profile without its name not allowed.");
    }
    // duplicated profile name is not allowed.
    if (proposedProfileRepList.size() != proposedProfileRepList.stream().map(i -> i.getName()).distinct().count()) {
        throw new ClientPolicyException("proposed client profile name duplicated.");
    }
    // Conflict with any global profile is not allowed
    Set<String> globalProfileNames = globalClientProfiles.stream().map(ClientProfileRepresentation::getName).collect(Collectors.toSet());
    for (ClientProfileRepresentation clientProfile : proposedProfileRepList) {
        if (globalProfileNames.contains(clientProfile.getName())) {
            throw new ClientPolicyException("Proposed profile name duplicated as the name of some global profile");
        }
    }
    // Validate executor
    for (ClientProfileRepresentation proposedProfileRep : proposedProfilesRep.getProfiles()) {
        if (proposedProfileRep.getExecutors() != null) {
            for (ClientPolicyExecutorRepresentation executorRep : proposedProfileRep.getExecutors()) {
                if (!isValidExecutor(session, executorRep.getExecutorProviderId())) {
                    throw new ClientPolicyException("proposed client profile contains the executor, which does not have valid provider, or has invalid configuration.");
                }
            }
        }
    }
    // Make sure to not save built-in inside realm attribute
    proposedProfilesRep.setGlobalProfiles(null);
    return proposedProfilesRep;
}
Also used : ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation) Profile(org.keycloak.common.Profile) Logger(org.jboss.logging.Logger) Constants(org.keycloak.models.Constants) ArrayList(java.util.ArrayList) ComponentModel(org.keycloak.component.ComponentModel) ClientPolicyConditionConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation) JsonNode(com.fasterxml.jackson.databind.JsonNode) LinkedList(java.util.LinkedList) ClientPolicyConditionProvider(org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider) ClientPolicyExecutorProvider(org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider) ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientPolicyExecutorConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorConfigurationRepresentation) RealmModel(org.keycloak.models.RealmModel) Set(java.util.Set) KeycloakSession(org.keycloak.models.KeycloakSession) IOException(java.io.IOException) Collectors(java.util.stream.Collectors) JsonConfigComponentModel(org.keycloak.component.JsonConfigComponentModel) ClientPolicyExecutorRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorRepresentation) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) JsonSerialization(org.keycloak.util.JsonSerialization) List(java.util.List) Collections(java.util.Collections) InputStream(java.io.InputStream) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) ClientPolicyExecutorRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorRepresentation)

Example 4 with Profile

use of org.keycloak.common.Profile in project keycloak by keycloak.

the class ClientPoliciesUtil method getValidatedClientPoliciesForUpdate.

/**
 * get validated and modified client policies as representation.
 * it can be constructed by merging proposed client policies with existing client policies.
 * not return null.
 *
 * @param session
 * @param realm
 * @param proposedPoliciesRep
 */
static ClientPoliciesRepresentation getValidatedClientPoliciesForUpdate(KeycloakSession session, RealmModel realm, ClientPoliciesRepresentation proposedPoliciesRep, List<ClientProfileRepresentation> existingGlobalProfiles) throws ClientPolicyException {
    if (realm == null) {
        throw new ClientPolicyException("realm not specified.");
    }
    // no policy contained (it is valid)
    List<ClientPolicyRepresentation> proposedPolicyRepList = proposedPoliciesRep.getPolicies();
    if (proposedPolicyRepList == null || proposedPolicyRepList.isEmpty()) {
        proposedPolicyRepList = new ArrayList<>();
        proposedPoliciesRep.setPolicies(new ArrayList<>());
    }
    // Policy without name not allowed
    if (proposedPolicyRepList.stream().anyMatch(clientPolicy -> clientPolicy.getName() == null || clientPolicy.getName().isEmpty())) {
        throw new ClientPolicyException("proposed client policy name missing.");
    }
    // duplicated policy name is not allowed.
    if (proposedPolicyRepList.size() != proposedPolicyRepList.stream().map(i -> i.getName()).distinct().count()) {
        throw new ClientPolicyException("proposed client policy name duplicated.");
    }
    // construct updating policies from existing policies and proposed policies
    ClientPoliciesRepresentation updatingPoliciesRep = new ClientPoliciesRepresentation();
    updatingPoliciesRep.setPolicies(new ArrayList<>());
    List<ClientPolicyRepresentation> updatingPoliciesList = updatingPoliciesRep.getPolicies();
    for (ClientPolicyRepresentation proposedPolicyRep : proposedPoliciesRep.getPolicies()) {
        // newly proposed builtin policy not allowed because builtin policy cannot added/deleted/modified.
        Boolean enabled = (proposedPolicyRep.isEnabled() != null) ? proposedPolicyRep.isEnabled() : Boolean.FALSE;
        // basically, proposed policy totally overrides existing policy except for enabled field..
        ClientPolicyRepresentation policyRep = new ClientPolicyRepresentation();
        policyRep.setName(proposedPolicyRep.getName());
        policyRep.setDescription(proposedPolicyRep.getDescription());
        policyRep.setEnabled(enabled);
        policyRep.setConditions(new ArrayList<>());
        if (proposedPolicyRep.getConditions() != null) {
            for (ClientPolicyConditionRepresentation conditionRep : proposedPolicyRep.getConditions()) {
                if (!isValidCondition(session, conditionRep.getConditionProviderId())) {
                    throw new ClientPolicyException("the proposed client policy contains the condition with its invalid configuration.");
                }
                policyRep.getConditions().add(conditionRep);
            }
        }
        Set<String> existingProfileNames = existingGlobalProfiles.stream().map(ClientProfileRepresentation::getName).collect(Collectors.toSet());
        ClientProfilesRepresentation reps = getClientProfilesRepresentation(session, realm);
        policyRep.setProfiles(new ArrayList<>());
        if (reps.getProfiles() != null) {
            existingProfileNames.addAll(reps.getProfiles().stream().map(ClientProfileRepresentation::getName).collect(Collectors.toSet()));
        }
        if (proposedPolicyRep.getProfiles() != null) {
            for (String profileName : proposedPolicyRep.getProfiles()) {
                if (!existingProfileNames.contains(profileName)) {
                    logger.warnf("Client policy %s referred not existing profile %s");
                    throw new ClientPolicyException("referring not existing client profile not allowed.");
                }
            }
            proposedPolicyRep.getProfiles().stream().distinct().forEach(profileName -> policyRep.getProfiles().add(profileName));
        }
        updatingPoliciesList.add(policyRep);
    }
    return updatingPoliciesRep;
}
Also used : ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation) Profile(org.keycloak.common.Profile) Logger(org.jboss.logging.Logger) Constants(org.keycloak.models.Constants) ArrayList(java.util.ArrayList) ComponentModel(org.keycloak.component.ComponentModel) ClientPolicyConditionConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation) JsonNode(com.fasterxml.jackson.databind.JsonNode) LinkedList(java.util.LinkedList) ClientPolicyConditionProvider(org.keycloak.services.clientpolicy.condition.ClientPolicyConditionProvider) ClientPolicyExecutorProvider(org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider) ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation) ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientPolicyExecutorConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorConfigurationRepresentation) RealmModel(org.keycloak.models.RealmModel) Set(java.util.Set) KeycloakSession(org.keycloak.models.KeycloakSession) IOException(java.io.IOException) Collectors(java.util.stream.Collectors) JsonConfigComponentModel(org.keycloak.component.JsonConfigComponentModel) ClientPolicyExecutorRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorRepresentation) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) JsonSerialization(org.keycloak.util.JsonSerialization) List(java.util.List) Collections(java.util.Collections) InputStream(java.io.InputStream) ClientPolicyRepresentation(org.keycloak.representations.idm.ClientPolicyRepresentation) ClientProfileRepresentation(org.keycloak.representations.idm.ClientProfileRepresentation) ClientPoliciesRepresentation(org.keycloak.representations.idm.ClientPoliciesRepresentation) ClientPolicyConditionRepresentation(org.keycloak.representations.idm.ClientPolicyConditionRepresentation) ClientProfilesRepresentation(org.keycloak.representations.idm.ClientProfilesRepresentation)

Aggregations

IOException (java.io.IOException)4 List (java.util.List)4 Profile (org.keycloak.common.Profile)4 JsonSerialization (org.keycloak.util.JsonSerialization)4 JsonNode (com.fasterxml.jackson.databind.JsonNode)3 InputStream (java.io.InputStream)3 ArrayList (java.util.ArrayList)3 Collections (java.util.Collections)3 LinkedList (java.util.LinkedList)3 Set (java.util.Set)3 Collectors (java.util.stream.Collectors)3 Logger (org.jboss.logging.Logger)3 ComponentModel (org.keycloak.component.ComponentModel)3 JsonConfigComponentModel (org.keycloak.component.JsonConfigComponentModel)3 Constants (org.keycloak.models.Constants)3 KeycloakSession (org.keycloak.models.KeycloakSession)3 RealmModel (org.keycloak.models.RealmModel)2 ClientPoliciesRepresentation (org.keycloak.representations.idm.ClientPoliciesRepresentation)2 ClientPolicyConditionConfigurationRepresentation (org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation)2 ClientPolicyConditionRepresentation (org.keycloak.representations.idm.ClientPolicyConditionRepresentation)2