Examples with OIDCAdvancedConfigWrapper org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper used on opensource projects

Search in sources :

Example 31 with OIDCAdvancedConfigWrapper

use of org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper in project keycloak by keycloak.

the class SecureLogoutExecutor method executeOnEvent.

@Override
public void executeOnEvent(ClientPolicyContext context) throws ClientPolicyException {
    switch(context.getEvent()) {
        case REGISTER:
        case UPDATE:
            ClientCRUDContext updateContext = (ClientCRUDContext) context;
            ClientRepresentation client = updateContext.getProposedClientRepresentation();
            OIDCAdvancedConfigWrapper clientWrapper = OIDCAdvancedConfigWrapper.fromClientRepresentation(client);
            if (!configuration.isAllowFrontChannelLogout() && (Optional.ofNullable(client.isFrontchannelLogout()).orElse(false) || StringUtil.isNotBlank(clientWrapper.getFrontChannelLogoutUrl()))) {
                throwFrontChannelLogoutNotAllowed();
            }
            return;
        case LOGOUT_REQUEST:
            HttpRequest request = session.getContext().getContextObject(HttpRequest.class);
            if (HttpMethod.GET.equalsIgnoreCase(request.getHttpMethod()) && !configuration.isAllowFrontChannelLogout()) {
                throwFrontChannelLogoutNotAllowed();
            }
            return;
        default:
            return;
    }
}
Also used : HttpRequest(org.jboss.resteasy.spi.HttpRequest) ClientCRUDContext(org.keycloak.services.clientpolicy.context.ClientCRUDContext) OIDCAdvancedConfigWrapper(org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)

Example 32 with OIDCAdvancedConfigWrapper

use of org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper in project keycloak by keycloak.

the class OidcBackchannelLogoutBrokerConfiguration method createConsumerClients.

@Override
public List<ClientRepresentation> createConsumerClients() {
    ClientRepresentation client = new ClientRepresentation();
    client.setClientId(CONSUMER_CLIENT_ID);
    client.setName(CONSUMER_CLIENT_ID);
    client.setSecret(CONSUMER_CLIENT_SECRET);
    client.setEnabled(true);
    client.setDirectAccessGrantsEnabled(true);
    client.setRedirectUris(Collections.singletonList(getConsumerRoot() + "/auth/realms/" + REALM_SUB_CONS_NAME + "/broker/" + SUB_CONSUMER_IDP_OIDC_ALIAS + "/endpoint/*"));
    client.setBaseUrl(getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/app");
    OIDCAdvancedConfigWrapper oidcAdvancedConfigWrapper = OIDCAdvancedConfigWrapper.fromClientRepresentation(client);
    oidcAdvancedConfigWrapper.setBackchannelLogoutSessionRequired(true);
    oidcAdvancedConfigWrapper.setBackchannelLogoutRevokeOfflineTokens(false);
    oidcAdvancedConfigWrapper.setBackchannelLogoutUrl(getConsumerRoot() + "/auth/realms/" + REALM_SUB_CONS_NAME + "/protocol/openid-connect/logout/backchannel-logout");
    return Collections.singletonList(client);
}
Also used : OIDCAdvancedConfigWrapper(org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)

Example 33 with OIDCAdvancedConfigWrapper

use of org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper in project keycloak by keycloak.

the class OidcBackchannelLogoutBrokerConfiguration method createProviderClients.

@Override
public List<ClientRepresentation> createProviderClients() {
    ClientRepresentation client = new ClientRepresentation();
    client.setClientId(getIDPClientIdInProviderRealm());
    client.setName(CLIENT_ID);
    client.setSecret(CLIENT_SECRET);
    client.setEnabled(true);
    OIDCAdvancedConfigWrapper oidcAdvancedConfigWrapper = OIDCAdvancedConfigWrapper.fromClientRepresentation(client);
    oidcAdvancedConfigWrapper.setBackchannelLogoutSessionRequired(true);
    oidcAdvancedConfigWrapper.setBackchannelLogoutRevokeOfflineTokens(false);
    oidcAdvancedConfigWrapper.setBackchannelLogoutUrl(getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/protocol/openid-connect/logout/backchannel-logout");
    client.setRedirectUris(Collections.singletonList(getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint/*"));
    client.setAdminUrl(getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint");
    ProtocolMapperRepresentation emailMapper = new ProtocolMapperRepresentation();
    emailMapper.setName("email");
    emailMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    emailMapper.setProtocolMapper(UserPropertyMapper.PROVIDER_ID);
    Map<String, String> emailMapperConfig = emailMapper.getConfig();
    emailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "email");
    emailMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "email");
    emailMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    emailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    emailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    emailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");
    ProtocolMapperRepresentation nestedAttrMapper = new ProtocolMapperRepresentation();
    nestedAttrMapper.setName("attribute - nested claim");
    nestedAttrMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    nestedAttrMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);
    Map<String, String> nestedEmailMapperConfig = nestedAttrMapper.getConfig();
    nestedEmailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "nested.email");
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "nested.email");
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    nestedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");
    ProtocolMapperRepresentation dottedAttrMapper = new ProtocolMapperRepresentation();
    dottedAttrMapper.setName("attribute - claim with dot in name");
    dottedAttrMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    dottedAttrMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);
    Map<String, String> dottedEmailMapperConfig = dottedAttrMapper.getConfig();
    dottedEmailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "dotted.email");
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, "dotted\\.email");
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    dottedEmailMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");
    ProtocolMapperRepresentation userAttrMapper = new ProtocolMapperRepresentation();
    userAttrMapper.setName("attribute - name");
    userAttrMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    userAttrMapper.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);
    Map<String, String> userAttrMapperConfig = userAttrMapper.getConfig();
    userAttrMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, ATTRIBUTE_TO_MAP_NAME);
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, ATTRIBUTE_TO_MAP_NAME);
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    userAttrMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");
    userAttrMapperConfig.put(ProtocolMapperUtils.MULTIVALUED, "true");
    ProtocolMapperRepresentation userAttrMapper2 = new ProtocolMapperRepresentation();
    userAttrMapper2.setName("attribute - name - 2");
    userAttrMapper2.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    userAttrMapper2.setProtocolMapper(UserAttributeMapper.PROVIDER_ID);
    Map<String, String> userAttrMapperConfig2 = userAttrMapper2.getConfig();
    userAttrMapperConfig2.put(ProtocolMapperUtils.USER_ATTRIBUTE, ATTRIBUTE_TO_MAP_NAME_2);
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, ATTRIBUTE_TO_MAP_NAME_2);
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.JSON_TYPE, ProviderConfigProperty.STRING_TYPE);
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.INCLUDE_IN_ACCESS_TOKEN, "true");
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    userAttrMapperConfig2.put(OIDCAttributeMapperHelper.INCLUDE_IN_USERINFO, "true");
    userAttrMapperConfig2.put(ProtocolMapperUtils.MULTIVALUED, "true");
    ProtocolMapperRepresentation hardcodedJsonClaim = new ProtocolMapperRepresentation();
    hardcodedJsonClaim.setName("json-mapper");
    hardcodedJsonClaim.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    hardcodedJsonClaim.setProtocolMapper(HardcodedClaim.PROVIDER_ID);
    Map<String, String> hardcodedJsonClaimMapperConfig = hardcodedJsonClaim.getConfig();
    hardcodedJsonClaimMapperConfig.put(OIDCAttributeMapperHelper.TOKEN_CLAIM_NAME, OidcBackchannelLogoutBrokerConfiguration.USER_INFO_CLAIM);
    hardcodedJsonClaimMapperConfig.put(OIDCAttributeMapperHelper.JSON_TYPE, "JSON");
    hardcodedJsonClaimMapperConfig.put(OIDCAttributeMapperHelper.INCLUDE_IN_ID_TOKEN, "true");
    hardcodedJsonClaimMapperConfig.put(HardcodedClaim.CLAIM_VALUE, "{\"" + HARDOCDED_CLAIM + "\": \"" + HARDOCDED_VALUE + "\"}");
    client.setProtocolMappers(Arrays.asList(emailMapper, userAttrMapper, userAttrMapper2, nestedAttrMapper, dottedAttrMapper, hardcodedJsonClaim));
    return Collections.singletonList(client);
}
Also used : OIDCAdvancedConfigWrapper(org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)

Aggregations

OIDCAdvancedConfigWrapper (org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper)33 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)27 Test (org.junit.Test)22 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)17 ClientResource (org.keycloak.admin.client.resource.ClientResource)7 Matchers.containsString (org.hamcrest.Matchers.containsString)5 ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)5 OAuthClient (org.keycloak.testsuite.util.OAuthClient)4 JSONWebKeySet (org.keycloak.jose.jwk.JSONWebKeySet)3 ClientRegistrationException (org.keycloak.services.clientregistration.ClientRegistrationException)3 AuthenticationRequestAcknowledgement (org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement)3 IOException (java.io.IOException)2 Response (javax.ws.rs.core.Response)2 ClientAuthenticatorFactory (org.keycloak.authentication.ClientAuthenticatorFactory)2 ClientModel (org.keycloak.models.ClientModel)2 AccessToken (org.keycloak.representations.AccessToken)2 CertificateRepresentation (org.keycloak.representations.idm.CertificateRepresentation)2 AuthorizationEndpointRequestObject (org.keycloak.testsuite.rest.resource.TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject)2 GeneralSecurityException (java.security.GeneralSecurityException)1 PublicKey (java.security.PublicKey)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial