Search in sources :

Example 1 with ClientPolicyExecutorConfigurationRepresentation

use of org.keycloak.representations.idm.ClientPolicyExecutorConfigurationRepresentation in project keycloak by keycloak.

the class ClientPoliciesTest method testSecureLogoutExecutor.

@Test
public void testSecureLogoutExecutor() throws Exception {
    // register profiles
    String json = (new ClientProfilesBuilder()).addProfile((new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Logout Test").addExecutor(SecureLogoutExecutorFactory.PROVIDER_ID, null).toRepresentation()).toString();
    updateProfiles(json);
    // register policies
    json = (new ClientPoliciesBuilder()).addPolicy((new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Logout Policy", Boolean.TRUE).addCondition(AnyClientConditionFactory.PROVIDER_ID, createAnyClientConditionConfig()).addProfile(PROFILE_NAME).toRepresentation()).toString();
    updatePolicies(json);
    String clientId = generateSuffixedName(CLIENT_NAME);
    String clientSecret = "secret";
    try {
        createClientByAdmin(clientId, (ClientRepresentation clientRep) -> {
            clientRep.setSecret(clientSecret);
            clientRep.setStandardFlowEnabled(Boolean.TRUE);
            clientRep.setImplicitFlowEnabled(Boolean.TRUE);
            clientRep.setPublicClient(Boolean.FALSE);
            clientRep.setFrontchannelLogout(true);
        });
    } catch (ClientPolicyException cpe) {
        assertEquals("Front-channel logout is not allowed for this client", cpe.getErrorDetail());
    }
    String cid = createClientByAdmin(clientId, (ClientRepresentation clientRep) -> {
        clientRep.setSecret(clientSecret);
        clientRep.setStandardFlowEnabled(Boolean.TRUE);
        clientRep.setImplicitFlowEnabled(Boolean.TRUE);
        clientRep.setPublicClient(Boolean.FALSE);
    });
    ClientResource clientResource = adminClient.realm(REALM_NAME).clients().get(cid);
    ClientRepresentation clientRep = clientResource.toRepresentation();
    clientRep.setFrontchannelLogout(true);
    try {
        clientResource.update(clientRep);
    } catch (BadRequestException bre) {
        assertEquals("Front-channel logout is not allowed for this client", bre.getResponse().readEntity(OAuth2ErrorRepresentation.class).getErrorDescription());
    }
    ClientPolicyExecutorConfigurationRepresentation config = new ClientPolicyExecutorConfigurationRepresentation();
    config.setConfigAsMap(SecureLogoutExecutorFactory.ALLOW_FRONT_CHANNEL_LOGOUT, Boolean.TRUE.booleanValue());
    json = (new ClientProfilesBuilder()).addProfile((new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Logout Test").addExecutor(SecureLogoutExecutorFactory.PROVIDER_ID, config).toRepresentation()).toString();
    updateProfiles(json);
    OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setFrontChannelLogoutUrl(oauth.getRedirectUri());
    clientResource.update(clientRep);
    config.setConfigAsMap(SecureLogoutExecutorFactory.ALLOW_FRONT_CHANNEL_LOGOUT, Boolean.FALSE.toString());
    json = (new ClientProfilesBuilder()).addProfile((new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Logout Test").addExecutor(SecureLogoutExecutorFactory.PROVIDER_ID, config).toRepresentation()).toString();
    updateProfiles(json);
    successfulLogin(clientId, clientSecret);
    oauth.openLogout();
    assertTrue(driver.getPageSource().contains("Front-channel logout is not allowed for this client"));
}
Also used : ClientProfileBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder) ClientProfilesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder) ClientPoliciesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder) ClientPolicyBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder) ClientResource(org.keycloak.admin.client.resource.ClientResource) BadRequestException(javax.ws.rs.BadRequestException) OAuth2ErrorRepresentation(org.keycloak.representations.idm.OAuth2ErrorRepresentation) ClientPolicyExecutorConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorConfigurationRepresentation) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException) Test(org.junit.Test)

Example 2 with ClientPolicyExecutorConfigurationRepresentation

use of org.keycloak.representations.idm.ClientPolicyExecutorConfigurationRepresentation in project keycloak by keycloak.

the class ClientPoliciesUtil method getExecutorProvider.

private static ClientPolicyExecutorProvider getExecutorProvider(KeycloakSession session, RealmModel realm, String providerId, JsonNode config) {
    ComponentModel componentModel = new JsonConfigComponentModel(ClientPolicyExecutorProvider.class, realm.getId(), providerId, config);
    ClientPolicyExecutorProvider executorProvider = session.getComponentProvider(ClientPolicyExecutorProvider.class, componentModel.getId(), sessionFactory -> componentModel);
    if (executorProvider == null) {
        // condition's provider not found. just skip it.
        throw new IllegalStateException("Executor with provider ID " + providerId + " not found");
    }
    ClientPolicyExecutorConfigurationRepresentation configuration = (ClientPolicyExecutorConfigurationRepresentation) JsonSerialization.mapper.convertValue(config, executorProvider.getExecutorConfigurationClass());
    executorProvider.setupConfiguration(configuration);
    return executorProvider;
}
Also used : ClientPolicyExecutorProvider(org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider) ComponentModel(org.keycloak.component.ComponentModel) JsonConfigComponentModel(org.keycloak.component.JsonConfigComponentModel) ClientPolicyExecutorConfigurationRepresentation(org.keycloak.representations.idm.ClientPolicyExecutorConfigurationRepresentation) JsonConfigComponentModel(org.keycloak.component.JsonConfigComponentModel)

Aggregations

ClientPolicyExecutorConfigurationRepresentation (org.keycloak.representations.idm.ClientPolicyExecutorConfigurationRepresentation)2 BadRequestException (javax.ws.rs.BadRequestException)1 Test (org.junit.Test)1 ClientResource (org.keycloak.admin.client.resource.ClientResource)1 ComponentModel (org.keycloak.component.ComponentModel)1 JsonConfigComponentModel (org.keycloak.component.JsonConfigComponentModel)1 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)1 OAuth2ErrorRepresentation (org.keycloak.representations.idm.OAuth2ErrorRepresentation)1 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)1 ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)1 ClientPolicyExecutorProvider (org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider)1 ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)1 ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)1 ClientProfileBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)1 ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)1