Search in sources :

Example 11 with OIDCConfigurationRepresentation

use of org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation in project keycloak by keycloak.

the class TLSTest method testTurningTLSOn.

@Test
public void testTurningTLSOn() throws Exception {
    // given
    oauth.baseUrl(AUTH_SERVER_ROOT_WITHOUT_TLS);
    // when
    OIDCConfigurationRepresentation config = oauth.doWellKnownRequest("test");
    // then
    Assert.assertTrue(config.getAuthorizationEndpoint().startsWith(AUTH_SERVER_ROOT_WITHOUT_TLS));
}
Also used : OIDCConfigurationRepresentation(org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 12 with OIDCConfigurationRepresentation

use of org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation in project keycloak by keycloak.

the class OIDCIdentityProviderFactory method parseOIDCConfig.

protected static Map<String, String> parseOIDCConfig(KeycloakSession session, InputStream inputStream) {
    OIDCConfigurationRepresentation rep;
    try {
        rep = JsonSerialization.readValue(inputStream, OIDCConfigurationRepresentation.class);
    } catch (IOException e) {
        throw new RuntimeException("failed to load openid connect metadata", e);
    }
    OIDCIdentityProviderConfig config = new OIDCIdentityProviderConfig();
    config.setIssuer(rep.getIssuer());
    config.setLogoutUrl(rep.getLogoutEndpoint());
    config.setAuthorizationUrl(rep.getAuthorizationEndpoint());
    config.setTokenUrl(rep.getTokenEndpoint());
    config.setUserInfoUrl(rep.getUserinfoEndpoint());
    if (rep.getJwksUri() != null) {
        config.setValidateSignature(true);
        config.setUseJwksUrl(true);
        config.setJwksUrl(rep.getJwksUri());
    }
    return config.getConfig();
}
Also used : IOException(java.io.IOException) OIDCConfigurationRepresentation(org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation)

Example 13 with OIDCConfigurationRepresentation

use of org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation in project keycloak by keycloak.

the class OIDCAdvancedRequestParamsTest method createEncryptedRequestObject.

private String createEncryptedRequestObject(String encAlg) throws IOException, JWEException {
    try (CloseableHttpClient httpClient = HttpClientBuilder.create().build()) {
        OIDCConfigurationRepresentation representation = SimpleHttp.doGet(getAuthServerRoot().toString() + "realms/" + oauth.getRealm() + "/.well-known/openid-configuration", httpClient).asJson(OIDCConfigurationRepresentation.class);
        String jwksUri = representation.getJwksUri();
        JSONWebKeySet jsonWebKeySet = SimpleHttp.doGet(jwksUri, httpClient).asJson(JSONWebKeySet.class);
        Map<String, PublicKey> keysForUse = JWKSUtils.getKeysForUse(jsonWebKeySet, JWK.Use.ENCRYPTION);
        String keyId = null;
        if (keyId == null) {
            KeysMetadataRepresentation.KeyMetadataRepresentation encKey = KeyUtils.getActiveEncKey(testRealm().keys().getKeyMetadata(), org.keycloak.crypto.Algorithm.PS256);
            keyId = encKey.getKid();
        }
        PublicKey decryptionKEK = keysForUse.get(keyId);
        JWE jwe = new JWE().header(new JWEHeader(encAlg, JWEConstants.A256GCM, null)).content(createAndSignRequestObject().getBytes());
        jwe.getKeyStorage().setEncryptionKey(decryptionKEK);
        return jwe.encodeJwe();
    }
}
Also used : KeysMetadataRepresentation(org.keycloak.representations.idm.KeysMetadataRepresentation) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) JWEHeader(org.keycloak.jose.jwe.JWEHeader) JSONWebKeySet(org.keycloak.jose.jwk.JSONWebKeySet) PublicKey(java.security.PublicKey) JWE(org.keycloak.jose.jwe.JWE) OIDCConfigurationRepresentation(org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation)

Example 14 with OIDCConfigurationRepresentation

use of org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation in project keycloak by keycloak.

the class DefaultHostnameTest method assertBackendForcedToFrontendWithMatchingHostname.

// Test backend is forced to frontend if the request hostname matches the frontend
private void assertBackendForcedToFrontendWithMatchingHostname(String realm, String expectedFrontendUrl) throws URISyntaxException {
    String host = new URI(expectedFrontendUrl).getHost();
    // Scheme and port doesn't matter as we force based on hostname only, so using http and bind port as we can't make requests on configured frontend URL since reverse proxy is not available
    oauth.baseUrl("http://" + host + ":" + System.getProperty("auth.server.http.port") + "/auth");
    OIDCConfigurationRepresentation config = oauth.requestHeaders(createRequestHeaders(expectedFrontendUrl)).doWellKnownRequest(realm);
    assertEquals(expectedFrontendUrl + "/realms/" + realm, config.getIssuer());
    assertEquals(expectedFrontendUrl + "/realms/" + realm + "/protocol/openid-connect/auth", config.getAuthorizationEndpoint());
    assertEquals(expectedFrontendUrl + "/realms/" + realm + "/protocol/openid-connect/token", config.getTokenEndpoint());
    assertEquals(expectedFrontendUrl + "/realms/" + realm + "/protocol/openid-connect/userinfo", config.getUserinfoEndpoint());
    assertEquals(expectedFrontendUrl + "/realms/" + realm + "/protocol/openid-connect/logout", config.getLogoutEndpoint());
    assertEquals(expectedFrontendUrl + "/realms/" + realm + "/protocol/openid-connect/certs", config.getJwksUri());
    assertEquals(expectedFrontendUrl + "/realms/" + realm + "/protocol/openid-connect/login-status-iframe.html", config.getCheckSessionIframe());
    assertEquals(expectedFrontendUrl + "/realms/" + realm + "/clients-registrations/openid-connect", config.getRegistrationEndpoint());
    oauth.baseUrl(AUTH_SERVER_ROOT);
}
Also used : URI(java.net.URI) OIDCConfigurationRepresentation(org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation)

Example 15 with OIDCConfigurationRepresentation

use of org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation in project keycloak by keycloak.

the class FixedHostnameTest method assertWellKnown.

private void assertWellKnown(String realm, String expectedBaseUrl) {
    OIDCConfigurationRepresentation config = oauth.doWellKnownRequest(realm);
    assertEquals(expectedBaseUrl + "/auth/realms/" + realm + "/protocol/openid-connect/token", config.getTokenEndpoint());
}
Also used : OIDCConfigurationRepresentation(org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation)

Aggregations

OIDCConfigurationRepresentation (org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation)18 Test (org.junit.Test)8 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)7 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)6 AbstractAdminTest (org.keycloak.testsuite.admin.AbstractAdminTest)6 BrowserFlowTest (org.keycloak.testsuite.forms.BrowserFlowTest)6 LevelOfAssuranceFlowTest (org.keycloak.testsuite.forms.LevelOfAssuranceFlowTest)6 Client (javax.ws.rs.client.Client)5 OAuthClient (org.keycloak.testsuite.util.OAuthClient)5 JSONWebKeySet (org.keycloak.jose.jwk.JSONWebKeySet)4 MTLSEndpointAliases (org.keycloak.protocol.oidc.representations.MTLSEndpointAliases)3 URI (java.net.URI)2 PublicKey (java.security.PublicKey)2 UriBuilder (javax.ws.rs.core.UriBuilder)2 JWE (org.keycloak.jose.jwe.JWE)2 RealmModel (org.keycloak.models.RealmModel)2 KeysMetadataRepresentation (org.keycloak.representations.idm.KeysMetadataRepresentation)2 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)2 RealmsResource (org.keycloak.services.resources.RealmsResource)2 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)2