Example 46 with ClientModel
use of org.keycloak.models.ClientModel in project keycloak by keycloak.
the class OpenShiftTokenReviewEndpoint method authorizeClient.
private void authorizeClient() {
try {
ClientModel client = AuthorizeClientUtil.authorizeClient(session, event, null).getClient();
event.client(client);
if (client == null || client.isPublicClient()) {
error(401, Errors.INVALID_CLIENT, "Public client is not permitted to invoke token review endpoint");
}
} catch (ErrorResponseException ere) {
error(401, Errors.INVALID_CLIENT_CREDENTIALS, ere.getErrorDescription());
} catch (Exception e) {
error(401, Errors.INVALID_CLIENT_CREDENTIALS, null);
}
}
Also used :
ClientModel(org.keycloak.models.ClientModel)
ErrorResponseException(org.keycloak.services.ErrorResponseException)
ErrorResponseException(org.keycloak.services.ErrorResponseException)
VerificationException(org.keycloak.common.VerificationException)
Example 47 with ClientModel
use of org.keycloak.models.ClientModel in project keycloak by keycloak.
the class SamlSessionUtils method getSessionIndex.
public static String getSessionIndex(AuthenticatedClientSessionModel clientSession) {
UserSessionModel userSession = clientSession.getUserSession();
ClientModel client = clientSession.getClient();
return userSession.getId() + DELIMITER + client.getId();
}
Also used :
ClientModel(org.keycloak.models.ClientModel)
UserSessionModel(org.keycloak.models.UserSessionModel)
Example 48 with ClientModel
use of org.keycloak.models.ClientModel in project keycloak by keycloak.
the class DeclarativeUserProfileProvider method requestedScopePredicate.
/**
* Method used for predicate which returns true if any of the configuredScopes is requested in current auth flow.
*
* @param context to get current auth flow from
* @param configuredScopes to be evaluated
* @return
*/
private static boolean requestedScopePredicate(AttributeContext context, Set<String> configuredScopes) {
KeycloakSession session = context.getSession();
AuthenticationSessionModel authenticationSession = session.getContext().getAuthenticationSession();
if (authenticationSession == null) {
return false;
}
String requestedScopesString = authenticationSession.getClientNote(OIDCLoginProtocol.SCOPE_PARAM);
ClientModel client = authenticationSession.getClient();
return getRequestedClientScopes(requestedScopesString, client).map((csm) -> csm.getName()).anyMatch(configuredScopes::contains);
}
Also used :
ClientModel(org.keycloak.models.ClientModel)
UPConfigUtils(org.keycloak.userprofile.config.UPConfigUtils)
Profile(org.keycloak.common.Profile)
ProviderConfigProperty(org.keycloak.provider.ProviderConfigProperty)
HashMap(java.util.HashMap)
Config(org.keycloak.Config)
Messages(org.keycloak.services.messages.Messages)
TokenManager.getRequestedClientScopes(org.keycloak.protocol.oidc.TokenManager.getRequestedClientScopes)
ArrayList(java.util.ArrayList)
AmphibianProviderFactory(org.keycloak.component.AmphibianProviderFactory)
AbstractSimpleValidator(org.keycloak.validate.AbstractSimpleValidator)
UserModel(org.keycloak.models.UserModel)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Map(java.util.Map)
DeclarativeUserProfileModel(org.keycloak.userprofile.config.DeclarativeUserProfileModel)
UPConfigUtils.readConfig(org.keycloak.userprofile.config.UPConfigUtils.readConfig)
ComponentModel(org.keycloak.component.ComponentModel)
AttributeRequiredByMetadataValidator(org.keycloak.userprofile.validator.AttributeRequiredByMetadataValidator)
UPGroup(org.keycloak.userprofile.config.UPGroup)
AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel)
RealmModel(org.keycloak.models.RealmModel)
UPAttributeSelector(org.keycloak.userprofile.config.UPAttributeSelector)
ImmutableAttributeValidator(org.keycloak.userprofile.validator.ImmutableAttributeValidator)
ValidatorConfig(org.keycloak.validate.ValidatorConfig)
UPAttribute(org.keycloak.userprofile.config.UPAttribute)
Predicate(java.util.function.Predicate)
UPAttributeRequired(org.keycloak.userprofile.config.UPAttributeRequired)
Set(java.util.Set)
KeycloakSession(org.keycloak.models.KeycloakSession)
IOException(java.io.IOException)
Collectors(java.util.stream.Collectors)
UPConfig(org.keycloak.userprofile.config.UPConfig)
List(java.util.List)
ObjectUtil.isBlank(org.keycloak.common.util.ObjectUtil.isBlank)
BlankAttributeValidator(org.keycloak.userprofile.validator.BlankAttributeValidator)
OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol)
UPAttributePermissions(org.keycloak.userprofile.config.UPAttributePermissions)
EmailValidator(org.keycloak.validate.validators.EmailValidator)
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
Collections(java.util.Collections)
ComponentValidationException(org.keycloak.component.ComponentValidationException)
ClientModel(org.keycloak.models.ClientModel)
AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel)
KeycloakSession(org.keycloak.models.KeycloakSession)
Example 49 with ClientModel
use of org.keycloak.models.ClientModel in project keycloak by keycloak.
the class DefaultClientValidationProvider method validatePairwise.
private void validatePairwise(ValidationContext<ClientModel> context, String sectorIdentifierUri) {
ClientModel client = context.getObjectToValidate();
String rootUrl = client.getRootUrl();
Set<String> redirectUris = new HashSet<>();
if (client.getRedirectUris() != null)
redirectUris.addAll(client.getRedirectUris());
try {
PairwiseSubMapperValidator.validate(context.getSession(), rootUrl, redirectUris, sectorIdentifierUri);
} catch (ProtocolMapperConfigException e) {
context.addError("pairWise", e.getMessage(), e.getMessageKey());
}
}
Also used :
ClientModel(org.keycloak.models.ClientModel)
ProtocolMapperConfigException(org.keycloak.protocol.ProtocolMapperConfigException)
HashSet(java.util.HashSet)
Example 50 with ClientModel
use of org.keycloak.models.ClientModel in project keycloak by keycloak.
the class RoleResolveUtil method addToToken.
private static void addToToken(AccessToken token, RoleModel role) {
AccessToken.Access access = null;
if (role.getContainer() instanceof RealmModel) {
access = token.getRealmAccess();
if (token.getRealmAccess() == null) {
access = new AccessToken.Access();
token.setRealmAccess(access);
} else if (token.getRealmAccess().getRoles() != null && token.getRealmAccess().isUserInRole(role.getName()))
return;
} else {
ClientModel app = (ClientModel) role.getContainer();
access = token.getResourceAccess(app.getClientId());
if (access == null) {
access = token.addAccess(app.getClientId());
if (app.isSurrogateAuthRequired())
access.verifyCaller(true);
} else if (access.isUserInRole(role.getName()))
return;
}
access.addRole(role.getName());
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
ClientModel(org.keycloak.models.ClientModel)
AccessToken(org.keycloak.representations.AccessToken)
Aggregations
ClientModel (org.keycloak.models.ClientModel)344
RealmModel (org.keycloak.models.RealmModel)148
UserModel (org.keycloak.models.UserModel)88
RoleModel (org.keycloak.models.RoleModel)74
KeycloakSession (org.keycloak.models.KeycloakSession)67
Test (org.junit.Test)64
UserSessionModel (org.keycloak.models.UserSessionModel)41
ResourceServer (org.keycloak.authorization.model.ResourceServer)39
Policy (org.keycloak.authorization.model.Policy)38
HashMap (java.util.HashMap)37
AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)36
AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)34
ModelTest (org.keycloak.testsuite.arquillian.annotation.ModelTest)34
List (java.util.List)32
Map (java.util.Map)32
Path (javax.ws.rs.Path)29
LinkedList (java.util.LinkedList)28
ClientScopeModel (org.keycloak.models.ClientScopeModel)28
ArrayList (java.util.ArrayList)27
AuthenticatedClientSessionModel (org.keycloak.models.AuthenticatedClientSessionModel)27
