Example 6 with AdapterConfig
use of org.keycloak.representations.adapters.config.AdapterConfig in project keycloak by keycloak.
the class AdapterInstallationConfigTest method getConfigPublicClient.
@Test
public void getConfigPublicClient() throws ClientRegistrationException {
reg.auth(null);
AdapterConfig config = reg.getAdapterConfig(clientPublic.getClientId());
assertNotNull(config);
assertEquals("test", config.getRealm());
assertEquals(0, config.getCredentials().size());
assertEquals(clientPublic.getClientId(), config.getResource());
if (AUTH_SERVER_SSL_REQUIRED)
assertEquals(SslRequired.EXTERNAL.name().toLowerCase(), config.getSslRequired());
}
Also used :
AdapterConfig(org.keycloak.representations.adapters.config.AdapterConfig)
Test(org.junit.Test)
Example 7 with AdapterConfig
use of org.keycloak.representations.adapters.config.AdapterConfig in project dolphin-platform by canoo.
the class DolphinKeycloakConfigResolver method resolve.
public KeycloakDeployment resolve(final HttpFacade.Request request) {
Assert.requireNonNull(request, "request");
final String realmName = Optional.ofNullable(request.getHeader(REALM_NAME_HEADER)).orElse(configuration.getRealmName());
final String applicationName = Optional.ofNullable(request.getHeader(APPLICATION_NAME_HEADER)).orElse(configuration.getApplicationName());
final String authEndPoint = configuration.getAuthEndpoint();
final boolean cors = configuration.isCors();
Optional.ofNullable(realmName).orElseThrow(() -> new SecurityException("Realm name for security check is not configured!"));
Optional.ofNullable(applicationName).orElseThrow(() -> new SecurityException("Application name for security check is not configured!"));
Optional.ofNullable(authEndPoint).orElseThrow(() -> new SecurityException("Auth endpoint for security check is not configured!"));
LOG.debug("Defined Keycloak AdapterConfig for request against realm '" + realmName + "' and app '" + applicationName + "'");
final AdapterConfig adapterConfig = new AdapterConfig();
LOG.debug("Checking if realm '" + realmName + "' is allowed");
if (isRealmAllowed(realmName)) {
adapterConfig.setRealm(realmName);
} else {
if (LOG.isDebugEnabled()) {
final String allowedRealms = configuration.getRealmNames().stream().reduce("", (a, b) -> a + "," + b);
LOG.debug("Realm '" + realmName + "' is not allowed! Allowed realms are {}", allowedRealms);
}
throw new SecurityException("Access Denied! The given realm is not in the allowed realms.");
}
adapterConfig.setResource(applicationName);
adapterConfig.setAuthServerUrl(authEndPoint);
adapterConfig.setCors(cors);
Optional.ofNullable(request.getHeader(BEARER_ONLY_HEADER)).ifPresent(v -> adapterConfig.setBearerOnly(true));
return KeycloakDeploymentBuilder.build(adapterConfig);
}
Also used :
AdapterConfig(org.keycloak.representations.adapters.config.AdapterConfig)
SecurityException(com.canoo.platform.server.security.SecurityException)
Example 8 with AdapterConfig
use of org.keycloak.representations.adapters.config.AdapterConfig in project openremote by openremote.
the class KeycloakIdentityProvider method createKeycloakDeploymentCache.
protected LoadingCache<KeycloakRealmClient, KeycloakDeployment> createKeycloakDeploymentCache() {
CacheLoader<KeycloakRealmClient, KeycloakDeployment> loader = new CacheLoader<KeycloakRealmClient, KeycloakDeployment>() {
public KeycloakDeployment load(KeycloakRealmClient keycloakRealmClient) {
LOG.fine("Loading adapter config for client '" + keycloakRealmClient.clientId + "' in realm '" + keycloakRealmClient.realm + "'");
// KeycloakResource keycloak = getKeycloak();
KeycloakResource keycloak = getTarget(httpClient, keycloakServiceUri.build(), null, null, null).proxy(KeycloakResource.class);
// Can't get adapter for client in another realm
AdapterConfig adapterConfig = keycloak.getAdapterConfig(// keycloakRealmClient.clientId
keycloakRealmClient.realm, // keycloakRealmClient.clientId
KEYCLOAK_CLIENT_ID);
// The auth-server-url in the adapter config must be reachable by this manager it will be the frontend URL by default
adapterConfig.setAuthServerUrl(keycloakServiceUri.clone().build().toString());
return KeycloakDeploymentBuilder.build(adapterConfig);
}
};
// TODO configurable? Or replace all of this with Observable.cache()?
return CacheBuilder.newBuilder().maximumSize(500).expireAfterWrite(10, MINUTES).build(loader);
}
Also used :
KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment)
AdapterConfig(org.keycloak.representations.adapters.config.AdapterConfig)
CacheLoader(com.google.common.cache.CacheLoader)
Example 9 with AdapterConfig
use of org.keycloak.representations.adapters.config.AdapterConfig in project keycloak by keycloak.
the class SubsystemParsingTestCase method testJsonFromRedirectRewriteRuleConfiguration.
/**
* Tests a subsystem configuration that contains a {@code redirect-rewrite-rule}, checking that the resulting JSON
* can be properly used to create an {@link AdapterConfig}.
*
* Added as part of the fix for {@code KEYCLOAK-18302}.
*/
@Test
public void testJsonFromRedirectRewriteRuleConfiguration() {
KeycloakAdapterConfigService service = KeycloakAdapterConfigService.getInstance();
// add a secure deployment with a redirect-rewrite-rule
PathAddress addr = PathAddress.pathAddress(PathElement.pathElement("subsystem", "keycloak"), PathElement.pathElement("secure-deployment", "foo"));
ModelNode deploymentOp = new ModelNode();
deploymentOp.get(ModelDescriptionConstants.OP_ADDR).set(addr.toModelNode());
ModelNode deployment = new ModelNode();
deployment.get("realm").set("demo");
deployment.get("resource").set("customer-portal");
service.addSecureDeployment(deploymentOp, deployment, false);
this.addRedirectRewriteRule(addr, service, "^/wsmaster/api/(.*)$", "api/$1");
// get the subsystem config as JSON
String jsonConfig = service.getJSON("foo");
// attempt to create an adapter config instance from the subsystem JSON config
AdapterConfig config = KeycloakDeploymentBuilder.loadAdapterConfig(new ByteArrayInputStream(jsonConfig.getBytes()));
Assert.assertNotNull(config);
// assert that the config has the configured rule
Map<String, String> redirectRewriteRules = config.getRedirectRewriteRules();
Assert.assertNotNull(redirectRewriteRules);
Map.Entry<String, String> entry = redirectRewriteRules.entrySet().iterator().next();
Assert.assertEquals("^/wsmaster/api/(.*)$", entry.getKey());
Assert.assertEquals("api/$1", entry.getValue());
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
PathAddress(org.jboss.as.controller.PathAddress)
AdapterConfig(org.keycloak.representations.adapters.config.AdapterConfig)
ModelNode(org.jboss.dmr.ModelNode)
Map(java.util.Map)
AbstractSubsystemBaseTest(org.jboss.as.subsystem.test.AbstractSubsystemBaseTest)
Test(org.junit.Test)
Example 10 with AdapterConfig
use of org.keycloak.representations.adapters.config.AdapterConfig in project shinyproxy by openanalytics.
the class KeycloakAuthenticationBackend method adapterDeploymentContext.
@Bean
@ConditionalOnProperty(name = "shiny.proxy.authentication", havingValue = "keycloak")
protected AdapterDeploymentContext adapterDeploymentContext() throws Exception {
AdapterConfig cfg = new AdapterConfig();
cfg.setRealm(environment.getProperty("shiny.proxy.keycloak.realm"));
cfg.setAuthServerUrl(environment.getProperty("shiny.proxy.keycloak.auth-server-url"));
cfg.setResource(environment.getProperty("shiny.proxy.keycloak.resource"));
Map<String, Object> credentials = new HashMap<>();
credentials.put("secret", environment.getProperty("shiny.proxy.keycloak.credentials-secret"));
cfg.setCredentials(credentials);
KeycloakDeployment dep = KeycloakDeploymentBuilder.build(cfg);
AdapterDeploymentContextFactoryBean factoryBean = new AdapterDeploymentContextFactoryBean(new KeycloakConfigResolver() {
@Override
public KeycloakDeployment resolve(Request facade) {
return dep;
}
});
factoryBean.afterPropertiesSet();
return factoryBean.getObject();
}
Also used :
HashMap(java.util.HashMap)
KeycloakConfigResolver(org.keycloak.adapters.KeycloakConfigResolver)
AdapterConfig(org.keycloak.representations.adapters.config.AdapterConfig)
KeycloakDeployment(org.keycloak.adapters.KeycloakDeployment)
Request(org.keycloak.adapters.spi.HttpFacade.Request)
AdapterDeploymentContextFactoryBean(org.keycloak.adapters.springsecurity.AdapterDeploymentContextFactoryBean)
AdapterDeploymentContextFactoryBean(org.keycloak.adapters.springsecurity.AdapterDeploymentContextFactoryBean)
Bean(org.springframework.context.annotation.Bean)
ConditionalOnProperty(org.springframework.boot.autoconfigure.condition.ConditionalOnProperty)
Aggregations
AdapterConfig (org.keycloak.representations.adapters.config.AdapterConfig)13
Test (org.junit.Test)7
IOException (java.io.IOException)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
File (java.io.File)2
PathAddress (org.jboss.as.controller.PathAddress)2
AbstractSubsystemBaseTest (org.jboss.as.subsystem.test.AbstractSubsystemBaseTest)2
ModelNode (org.jboss.dmr.ModelNode)2
StringAsset (org.jboss.shrinkwrap.api.asset.StringAsset)2
WebArchive (org.jboss.shrinkwrap.api.spec.WebArchive)2
KeycloakDeployment (org.keycloak.adapters.KeycloakDeployment)2
SecurityException (com.canoo.platform.server.security.SecurityException)1
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
CacheLoader (com.google.common.cache.CacheLoader)1
InputStream (java.io.InputStream)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
KeycloakConfigResolver (org.keycloak.adapters.KeycloakConfigResolver)1
Request (org.keycloak.adapters.spi.HttpFacade.Request)1
AdapterDeploymentContextFactoryBean (org.keycloak.adapters.springsecurity.AdapterDeploymentContextFactoryBean)1
