Search in sources :

Example 46 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class RealmTest method convertKeycloakClientDescription.

@Test
public void convertKeycloakClientDescription() throws IOException {
    ClientRepresentation description = new ClientRepresentation();
    description.setClientId("client-id");
    description.setRedirectUris(Collections.singletonList("http://localhost"));
    ClientRepresentation converted = realm.convertClientDescription(JsonSerialization.writeValueAsString(description));
    assertEquals("client-id", converted.getClientId());
    assertEquals("http://localhost", converted.getRedirectUris().get(0));
}
Also used : ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest) Test(org.junit.Test)

Example 47 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class BrowserFlowTest method testConditionalRoleAuthenticatorWithClientRoleIncludedInCompositeClientRole.

// Check the ConditionalRoleAuthenticator
// Configure a conditional subflow with the required client role "child-client-role-1" from "test-app" client and an OTP authenticator
// "child-client-role-1" is a client role included in composite client role "composite-client-role-1"
// user-with-two-configured-otp has the "composite-client-role-1" role and should be asked for an OTP code
// user-with-one-configured-otp does not have the role. He should not be asked for an OTP code
@Test
@AuthServerContainerExclude(REMOTE)
public void testConditionalRoleAuthenticatorWithClientRoleIncludedInCompositeClientRole() {
    String clientName = "test-app";
    ClientRepresentation testClient = testRealm().clients().findByClientId(clientName).get(0);
    // Create composite-client-role-1
    String compositeClientRoleName = "composite-client-role-1";
    testRealm().clients().get(testClient.getId()).roles().create(RoleBuilder.create().name(compositeClientRoleName).build());
    // Create child-client-role-1
    String childClientRoleName = "child-client-role-1";
    testRealm().clients().get(testClient.getId()).roles().create(RoleBuilder.create().name(childClientRoleName).build());
    // Make child-client-role-1 a member of composite-client-role-1
    testRealm().clients().get(testClient.getId()).roles().get(compositeClientRoleName).addComposites(Collections.singletonList(testRealm().clients().get(testClient.getId()).roles().get(childClientRoleName).toRepresentation()));
    // Add composite-client-role-1 to user "user-with-two-configured-otp"
    UserResource userResource = ApiUtil.findUserByUsernameId(testRealm(), "user-with-two-configured-otp");
    userResource.roles().clientLevel(testClient.getId()).add(Collections.singletonList(testRealm().clients().get(testClient.getId()).roles().get(compositeClientRoleName).toRepresentation()));
    // A browser flow is configured with an OTPForm for users having the role "test-app.child-client-role-1"
    configureBrowserFlowOTPNeedsRole(clientName + "." + childClientRoleName);
    try {
        // user-with-two-configured-otp has been configured with role "test-app.child-client-role-1". He should be asked for an OTP code
        provideUsernamePassword("user-with-two-configured-otp");
        Assert.assertTrue(oneTimeCodePage.isOtpLabelPresent());
        loginTotpPage.assertCurrent();
        loginTotpPage.assertOtpCredentialSelectorAvailability(true);
        // user-with-one-configured-otp doesn't have the role. He should not be asked for an OTP code
        provideUsernamePassword("user-with-one-configured-otp");
        Assert.assertFalse(oneTimeCodePage.isOtpLabelPresent());
        Assert.assertFalse(loginTotpPage.isCurrent());
    } finally {
        testRealm().clients().get(testClient.getId()).roles().deleteRole(childClientRoleName);
        testRealm().clients().get(testClient.getId()).roles().deleteRole(compositeClientRoleName);
        revertFlows("browser - rule");
    }
}
Also used : UserResource(org.keycloak.admin.client.resource.UserResource) Matchers.containsString(org.hamcrest.Matchers.containsString) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) SocialLoginTest(org.keycloak.testsuite.broker.SocialLoginTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)

Example 48 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class MultipleTabsLoginTest method testEmptyBaseUrl.

// KEYCLOAK-12161
@Test
public void testEmptyBaseUrl() throws Exception {
    String clientUuid = KeycloakModelUtils.generateId();
    ClientRepresentation emptyBaseclient = ClientBuilder.create().clientId("empty-baseurl-client").id(clientUuid).enabled(true).baseUrl("").addRedirectUri("*").secret("password").build();
    testRealm().clients().create(emptyBaseclient);
    getCleanup().addClientUuid(clientUuid);
    oauth.clientId("empty-baseurl-client");
    oauth.openLoginForm();
    loginPage.assertCurrent();
    loginPage.login("login-test", "password");
    updatePasswordPage.assertCurrent();
    String tab1Url = driver.getCurrentUrl();
    // Simulate login in different browser tab tab2. I will be on loginPage again.
    oauth.openLoginForm();
    loginPage.assertCurrent();
    // Login in tab2
    loginPage.login("login-test", "password");
    updatePasswordPage.assertCurrent();
    updatePasswordPage.changePassword("password", "password");
    updateProfilePage.update("John", "Doe3", "john@doe3.com");
    appPage.assertCurrent();
    // Try to go back to tab 1. We should have ALREADY_LOGGED_IN info page
    driver.navigate().to(tab1Url);
    infoPage.assertCurrent();
    Assert.assertEquals("You are already logged in.", infoPage.getInfo());
    try {
        infoPage.clickBackToApplicationLink();
        fail();
    } catch (NoSuchElementException ex) {
    }
}
Also used : NoSuchElementException(org.openqa.selenium.NoSuchElementException) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 49 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class LoginTest method loginSuccessfulWithDynamicScope.

@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void loginSuccessfulWithDynamicScope() {
    ProfileAssume.assumeFeatureEnabled(DYNAMIC_SCOPES);
    ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
    clientScope.setName("dynamic");
    clientScope.setAttributes(new HashMap<String, String>() {

        {
            put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
            put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "dynamic:*");
        }
    });
    clientScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    Response response = testRealm().clientScopes().create(clientScope);
    String scopeId = ApiUtil.getCreatedId(response);
    getCleanup().addClientScopeId(scopeId);
    response.close();
    ClientResource testApp = ApiUtil.findClientByClientId(testRealm(), "test-app");
    ClientRepresentation testAppRep = testApp.toRepresentation();
    testApp.update(testAppRep);
    testApp.addOptionalClientScope(scopeId);
    oauth.scope("dynamic:scope");
    oauth.doLogin("login@test.com", "password");
    events.expectLogin().user(userId).assertEvent();
}
Also used : Response(javax.ws.rs.core.Response) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) Matchers.containsString(org.hamcrest.Matchers.containsString) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature)

Example 50 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class LoginTest method loginExpiredCodeAndExpiredCookies.

@Test
public void loginExpiredCodeAndExpiredCookies() {
    loginPage.open();
    driver.manage().deleteAllCookies();
    // Cookies are expired including KC_RESTART. No way to continue login. Error page must be shown with the "back to application" link
    loginPage.login("login@test.com", "password");
    errorPage.assertCurrent();
    String link = errorPage.getBackToApplicationLink();
    ClientRepresentation thirdParty = findClientByClientId(adminClient.realm("test"), "third-party").toRepresentation();
    Assert.assertNotNull(link, thirdParty.getBaseUrl());
}
Also used : Matchers.containsString(org.hamcrest.Matchers.containsString) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Aggregations

ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)576 Test (org.junit.Test)359 ClientResource (org.keycloak.admin.client.resource.ClientResource)189 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)139 OAuthClient (org.keycloak.testsuite.util.OAuthClient)101 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)61 Response (javax.ws.rs.core.Response)59 Matchers.containsString (org.hamcrest.Matchers.containsString)58 RealmResource (org.keycloak.admin.client.resource.RealmResource)58 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)58 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)53 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)43 AuthenticationRequestAcknowledgement (org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement)41 ClientsResource (org.keycloak.admin.client.resource.ClientsResource)38 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)38 ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)37 ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)37 ClientProfileBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)37 ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)37 HashMap (java.util.HashMap)33