Examples with OIDCConfigurationRepresentation org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation used on opensource projects

Example 1 with OIDCConfigurationRepresentation

use of org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation in project keycloak by keycloak.

the class KeycloakDeployment method resolveUrls.

/**
 * URLs are loaded lazily when used. This allows adapter to be deployed prior to Keycloak server starting, and will
 * also allow the adapter to retry loading config for each request until the Keycloak server is ready.
 *
 * In the future we may want to support reloading config at a configurable interval.
 */
protected void resolveUrls() {
    if (realmInfoUrl == null) {
        synchronized (this) {
            if (realmInfoUrl == null) {
                KeycloakUriBuilder authUrlBuilder = KeycloakUriBuilder.fromUri(authServerBaseUrl);
                String discoveryUrl = authUrlBuilder.clone().path(ServiceUrlConstants.DISCOVERY_URL).build(getRealm()).toString();
                try {
                    log.debugv("Resolving URLs from {0}", discoveryUrl);
                    OIDCConfigurationRepresentation config = getOidcConfiguration(discoveryUrl);
                    authUrl = KeycloakUriBuilder.fromUri(config.getAuthorizationEndpoint());
                    realmInfoUrl = config.getIssuer();
                    tokenUrl = config.getTokenEndpoint();
                    logoutUrl = KeycloakUriBuilder.fromUri(config.getLogoutEndpoint());
                    accountUrl = KeycloakUriBuilder.fromUri(config.getIssuer()).path("/account").build().toString();
                    registerNodeUrl = authUrlBuilder.clone().path(ServiceUrlConstants.CLIENTS_MANAGEMENT_REGISTER_NODE_PATH).build(getRealm()).toString();
                    unregisterNodeUrl = authUrlBuilder.clone().path(ServiceUrlConstants.CLIENTS_MANAGEMENT_UNREGISTER_NODE_PATH).build(getRealm()).toString();
                    jwksUrl = config.getJwksUri();
                    log.infov("Loaded URLs from {0}", discoveryUrl);
                } catch (Exception e) {
                    log.warnv(e, "Failed to load URLs from {0}", discoveryUrl);
                }
            }
        }
    }
}

Example 2 with OIDCConfigurationRepresentation

use of org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation in project keycloak by keycloak.

the class OIDCWellKnownProviderTest method testDefaultProviderCustomizations.

@Test
@AuthServerContainerExclude(REMOTE)
public void testDefaultProviderCustomizations() throws IOException {
    Client client = AdminClientUtil.createResteasyClient();
    try {
        OIDCConfigurationRepresentation oidcConfig = getOIDCDiscoveryRepresentation(client, OAuthClient.AUTH_SERVER_ROOT);
        // Assert that CustomOIDCWellKnownProvider was used as a prioritized provider over default OIDCWellKnownProvider
        MTLSEndpointAliases mtlsEndpointAliases = oidcConfig.getMtlsEndpointAliases();
        Assert.assertEquals("https://placeholder-host-set-by-testsuite-provider/registration", mtlsEndpointAliases.getRegistrationEndpoint());
        Assert.assertEquals("bar", oidcConfig.getOtherClaims().get("foo"));
        // Assert some configuration was overriden
        Assert.assertEquals("some-new-property-value", oidcConfig.getOtherClaims().get("some-new-property"));
        Assert.assertEquals("nested-value", ((Map) oidcConfig.getOtherClaims().get("some-new-property-compound")).get("nested1"));
        Assert.assertNames(oidcConfig.getIntrospectionEndpointAuthMethodsSupported(), "private_key_jwt", "client_secret_jwt", "tls_client_auth", "custom_nonexisting_authenticator");
        // Exact names already tested in OIDC
        assertScopesSupportedMatchesWithRealm(oidcConfig);
        // Temporarily disable client scopes
        getTestingClient().testing().setSystemPropertyOnServer(CustomOIDCWellKnownProviderFactory.INCLUDE_CLIENT_SCOPES, "false");
        oidcConfig = getOIDCDiscoveryRepresentation(client, OAuthClient.AUTH_SERVER_ROOT);
        Assert.assertNull(oidcConfig.getScopesSupported());
    } finally {
        getTestingClient().testing().setSystemPropertyOnServer(CustomOIDCWellKnownProviderFactory.INCLUDE_CLIENT_SCOPES, null);
        client.close();
    }
}

Example 3 with OIDCConfigurationRepresentation

use of org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation in project keycloak by keycloak.

the class OIDCWellKnownProviderTest method testHttpDiscovery.

@Test
public void testHttpDiscovery() {
    Client client = AdminClientUtil.createResteasyClient();
    try {
        OIDCConfigurationRepresentation oidcConfig = getOIDCDiscoveryRepresentation(client, "http://localhost:8180/auth");
        Assert.assertNotNull(oidcConfig.getJwksUri());
        // Token Revocation
        Assert.assertNotNull(oidcConfig.getRevocationEndpoint());
        Assert.assertNotNull(oidcConfig.getRevocationEndpointAuthMethodsSupported());
        Assert.assertNotNull(oidcConfig.getRevocationEndpointAuthSigningAlgValuesSupported());
    } finally {
        client.close();
    }
}

Example 4 with OIDCConfigurationRepresentation

use of org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation in project keycloak by keycloak.

the class OIDCWellKnownProviderTest method certs.

@Test
public void certs() throws IOException {
    TokenSignatureUtil.registerKeyProvider(Algorithm.ES256, adminClient, testContext);
    OIDCConfigurationRepresentation representation = SimpleHttp.doGet(getAuthServerRoot().toString() + "realms/test/.well-known/openid-configuration", client).asJson(OIDCConfigurationRepresentation.class);
    String jwksUri = representation.getJwksUri();
    JSONWebKeySet jsonWebKeySet = SimpleHttp.doGet(jwksUri, client).asJson(JSONWebKeySet.class);
    assertEquals(2, jsonWebKeySet.getKeys().length);
}

Example 5 with OIDCConfigurationRepresentation

use of org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation in project keycloak by keycloak.

the class OIDCAdvancedRequestParamsTest method assertRequestObjectEncryption.

private void assertRequestObjectEncryption(JWEHeader jweHeader) throws Exception {
    TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject requestObject = new TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject();
    requestObject.id(KeycloakModelUtils.generateId());
    requestObject.iat(Long.valueOf(Time.currentTime()));
    requestObject.exp(requestObject.getIat() + Long.valueOf(300));
    requestObject.nbf(requestObject.getIat());
    requestObject.setClientId(oauth.getClientId());
    requestObject.setResponseType("code");
    requestObject.setRedirectUriParam(oauth.getRedirectUri());
    requestObject.setScope("openid");
    byte[] contentBytes = JsonSerialization.writeValueAsBytes(requestObject);
    try (CloseableHttpClient httpClient = HttpClientBuilder.create().build()) {
        OIDCConfigurationRepresentation representation = SimpleHttp.doGet(getAuthServerRoot().toString() + "realms/" + oauth.getRealm() + "/.well-known/openid-configuration", httpClient).asJson(OIDCConfigurationRepresentation.class);
        String jwksUri = representation.getJwksUri();
        JSONWebKeySet jsonWebKeySet = SimpleHttp.doGet(jwksUri, httpClient).asJson(JSONWebKeySet.class);
        Map<String, PublicKey> keysForUse = JWKSUtils.getKeysForUse(jsonWebKeySet, JWK.Use.ENCRYPTION);
        String keyId = jweHeader.getKeyId();
        if (keyId == null) {
            KeysMetadataRepresentation.KeyMetadataRepresentation encKey = KeyUtils.getActiveEncKey(testRealm().keys().getKeyMetadata(), org.keycloak.crypto.Algorithm.PS256);
            keyId = encKey.getKid();
        }
        PublicKey decryptionKEK = keysForUse.get(keyId);
        JWE jwe = new JWE().header(jweHeader).content(contentBytes);
        jwe.getKeyStorage().setEncryptionKey(decryptionKEK);
        oauth = oauth.request(jwe.encodeJwe());
        oauth.doLogin("test-user@localhost", "password");
        events.expectLogin().assertEvent();
    }
}