Examples with OIDCAdvancedConfigWrapper org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper used on opensource projects

Search in sources :

Example 16 with OIDCAdvancedConfigWrapper

use of org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper in project keycloak by keycloak.

the class OIDCClientRegistrationTest method testSignaturesRequired.

@Test
public void testSignaturesRequired() throws Exception {
    OIDCClientRepresentation clientRep = null;
    OIDCClientRepresentation response = null;
    try {
        clientRep = createRep();
        clientRep.setUserinfoSignedResponseAlg(Algorithm.ES256.toString());
        clientRep.setRequestObjectSigningAlg(Algorithm.ES256.toString());
        response = reg.oidc().create(clientRep);
        Assert.assertEquals(Algorithm.ES256.toString(), response.getUserinfoSignedResponseAlg());
        Assert.assertEquals(Algorithm.ES256.toString(), response.getRequestObjectSigningAlg());
        Assert.assertNotNull(response.getClientSecret());
        // Test Keycloak representation
        ClientRepresentation kcClient = getClient(response.getClientId());
        OIDCAdvancedConfigWrapper config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
        Assert.assertEquals(config.getUserInfoSignedResponseAlg(), Algorithm.ES256);
        Assert.assertEquals(config.getRequestObjectSignatureAlg(), Algorithm.ES256);
        // update (ES256 to PS256)
        clientRep.setUserinfoSignedResponseAlg(Algorithm.PS256.toString());
        clientRep.setRequestObjectSigningAlg(Algorithm.PS256.toString());
        response = reg.oidc().create(clientRep);
        Assert.assertEquals(Algorithm.PS256.toString(), response.getUserinfoSignedResponseAlg());
        Assert.assertEquals(Algorithm.PS256.toString(), response.getRequestObjectSigningAlg());
        // keycloak representation
        kcClient = getClient(response.getClientId());
        config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
        Assert.assertEquals(config.getUserInfoSignedResponseAlg(), Algorithm.PS256);
        Assert.assertEquals(config.getRequestObjectSignatureAlg(), Algorithm.PS256);
    } finally {
        // back to RS256 for other tests
        clientRep.setUserinfoSignedResponseAlg(Algorithm.RS256.toString());
        clientRep.setRequestObjectSigningAlg(Algorithm.RS256.toString());
        response = reg.oidc().create(clientRep);
    }
}
Also used : OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) OIDCAdvancedConfigWrapper(org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 17 with OIDCAdvancedConfigWrapper

use of org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper in project keycloak by keycloak.

the class OIDCClientRegistrationTest method testTlsClientAuthSubjectDn.

@Test
public void testTlsClientAuthSubjectDn() throws Exception {
    OIDCClientRepresentation response = null;
    OIDCClientRepresentation updated = null;
    try {
        // create (no specification)
        OIDCClientRepresentation clientRep = createRep();
        clientRep.setTokenEndpointAuthMethod(OIDCLoginProtocol.TLS_CLIENT_AUTH);
        clientRep.setTlsClientAuthSubjectDn("Ein");
        response = reg.oidc().create(clientRep);
        Assert.assertEquals(OIDCLoginProtocol.TLS_CLIENT_AUTH, response.getTokenEndpointAuthMethod());
        Assert.assertEquals("Ein", response.getTlsClientAuthSubjectDn());
        // Test Keycloak representation
        ClientRepresentation kcClient = getClient(response.getClientId());
        OIDCAdvancedConfigWrapper config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
        Assert.assertEquals(X509ClientAuthenticator.PROVIDER_ID, kcClient.getClientAuthenticatorType());
        Assert.assertEquals("Ein", config.getTlsClientAuthSubjectDn());
        Assert.assertFalse(config.getAllowRegexPatternComparison());
        // update
        reg.auth(Auth.token(response));
        response.setTlsClientAuthSubjectDn("(.*?)(?:$)");
        updated = reg.oidc().update(response);
        Assert.assertEquals(OIDCLoginProtocol.TLS_CLIENT_AUTH, updated.getTokenEndpointAuthMethod());
        Assert.assertEquals("(.*?)(?:$)", updated.getTlsClientAuthSubjectDn());
        // Test Keycloak representation
        kcClient = getClient(updated.getClientId());
        config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
        Assert.assertEquals(X509ClientAuthenticator.PROVIDER_ID, kcClient.getClientAuthenticatorType());
        Assert.assertEquals("(.*?)(?:$)", config.getTlsClientAuthSubjectDn());
    } finally {
        // revert
        reg.auth(Auth.token(updated));
        updated.setTokenEndpointAuthMethod(null);
        updated.setTlsClientAuthSubjectDn(null);
        reg.oidc().update(updated);
    }
}
Also used : OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) OIDCAdvancedConfigWrapper(org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 18 with OIDCAdvancedConfigWrapper

use of org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper in project keycloak by keycloak.

the class OIDCClientRegistrationTest method testDefaultAcrValues.

@Test
public void testDefaultAcrValues() throws Exception {
    // Set realm acr-to-loa mapping
    RealmRepresentation realmRep = adminClient.realm("test").toRepresentation();
    Map<String, Integer> acrLoaMap = new HashMap<>();
    acrLoaMap.put("copper", 0);
    acrLoaMap.put("silver", 1);
    acrLoaMap.put("gold", 2);
    realmRep.getAttributes().put(Constants.ACR_LOA_MAP, JsonSerialization.writeValueAsString(acrLoaMap));
    adminClient.realm("test").update(realmRep);
    OIDCClientRepresentation clientRep = createRep();
    clientRep.setDefaultAcrValues(Arrays.asList("silver", "foo"));
    try {
        OIDCClientRepresentation response = reg.oidc().create(clientRep);
        fail("Expected 400");
    } catch (ClientRegistrationException e) {
        assertEquals(400, ((HttpErrorException) e.getCause()).getStatusLine().getStatusCode());
    }
    clientRep.setDefaultAcrValues(Arrays.asList("silver", "gold"));
    OIDCClientRepresentation response = reg.oidc().create(clientRep);
    Assert.assertNames(response.getDefaultAcrValues(), "silver", "gold");
    // Test Keycloak representation
    ClientRepresentation kcClient = getClient(response.getClientId());
    OIDCAdvancedConfigWrapper config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
    Assert.assertNames(config.getAttributeMultivalued(Constants.DEFAULT_ACR_VALUES), "silver", "gold");
    // Revert realm acr-to-loa mappings
    realmRep.getAttributes().remove(Constants.ACR_LOA_MAP);
    adminClient.realm("test").update(realmRep);
}
Also used : OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) OIDCAdvancedConfigWrapper(org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ClientRegistrationException(org.keycloak.client.registration.ClientRegistrationException) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 19 with OIDCAdvancedConfigWrapper

use of org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper in project keycloak by keycloak.

the class OIDCClientRegistrationTest method testTokenEndpointSigningAlg.

@Test
public void testTokenEndpointSigningAlg() throws Exception {
    OIDCClientRepresentation response = null;
    OIDCClientRepresentation updated = null;
    try {
        OIDCClientRepresentation clientRep = createRep();
        clientRep.setTokenEndpointAuthSigningAlg(Algorithm.ES256.toString());
        response = reg.oidc().create(clientRep);
        Assert.assertEquals(Algorithm.ES256.toString(), response.getTokenEndpointAuthSigningAlg());
        ClientRepresentation kcClient = getClient(response.getClientId());
        OIDCAdvancedConfigWrapper config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
        Assert.assertEquals(Algorithm.ES256.toString(), config.getTokenEndpointAuthSigningAlg());
        reg.auth(Auth.token(response));
        response.setTokenEndpointAuthSigningAlg(null);
        updated = reg.oidc().update(response);
        Assert.assertEquals(null, response.getTokenEndpointAuthSigningAlg());
        kcClient = getClient(updated.getClientId());
        config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
        Assert.assertEquals(null, config.getTokenEndpointAuthSigningAlg());
    } finally {
        // revert
        reg.auth(Auth.token(updated));
        updated.setTokenEndpointAuthSigningAlg(null);
        reg.oidc().update(updated);
    }
}
Also used : OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) OIDCAdvancedConfigWrapper(org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 20 with OIDCAdvancedConfigWrapper

use of org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper in project keycloak by keycloak.

the class OIDCClientRegistrationTest method testAuthorizationResponseSigningAlg.

@Test
public void testAuthorizationResponseSigningAlg() throws Exception {
    OIDCClientRepresentation response = null;
    OIDCClientRepresentation updated = null;
    try {
        OIDCClientRepresentation clientRep = createRep();
        clientRep.setAuthorizationSignedResponseAlg(Algorithm.PS256.toString());
        response = reg.oidc().create(clientRep);
        Assert.assertEquals(Algorithm.PS256.toString(), response.getAuthorizationSignedResponseAlg());
        ClientRepresentation kcClient = getClient(response.getClientId());
        OIDCAdvancedConfigWrapper config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
        Assert.assertEquals(Algorithm.PS256.toString(), config.getAuthorizationSignedResponseAlg());
        reg.auth(Auth.token(response));
        response.setAuthorizationSignedResponseAlg(null);
        updated = reg.oidc().update(response);
        Assert.assertEquals(null, response.getAuthorizationSignedResponseAlg());
        kcClient = getClient(updated.getClientId());
        config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
        Assert.assertEquals(null, config.getAuthorizationSignedResponseAlg());
    } finally {
        // revert
        reg.auth(Auth.token(updated));
        updated.setAuthorizationSignedResponseAlg(null);
        reg.oidc().update(updated);
    }
}
Also used : OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) OIDCAdvancedConfigWrapper(org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Aggregations

OIDCAdvancedConfigWrapper (org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper)33 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)27 Test (org.junit.Test)22 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)17 ClientResource (org.keycloak.admin.client.resource.ClientResource)7 Matchers.containsString (org.hamcrest.Matchers.containsString)5 ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)5 OAuthClient (org.keycloak.testsuite.util.OAuthClient)4 JSONWebKeySet (org.keycloak.jose.jwk.JSONWebKeySet)3 ClientRegistrationException (org.keycloak.services.clientregistration.ClientRegistrationException)3 AuthenticationRequestAcknowledgement (org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement)3 IOException (java.io.IOException)2 Response (javax.ws.rs.core.Response)2 ClientAuthenticatorFactory (org.keycloak.authentication.ClientAuthenticatorFactory)2 ClientModel (org.keycloak.models.ClientModel)2 AccessToken (org.keycloak.representations.AccessToken)2 CertificateRepresentation (org.keycloak.representations.idm.CertificateRepresentation)2 AuthorizationEndpointRequestObject (org.keycloak.testsuite.rest.resource.TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject)2 GeneralSecurityException (java.security.GeneralSecurityException)1 PublicKey (java.security.PublicKey)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial