Search in sources :

Example 56 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class UserInfoTest method testNotBeforeTokens.

@Test
public void testNotBeforeTokens() {
    Client client = AdminClientUtil.createResteasyClient();
    try {
        AccessTokenResponse accessTokenResponse = executeGrantAccessTokenRequest(client);
        int time = Time.currentTime() + 60;
        RealmResource realm = adminClient.realm("test");
        RealmRepresentation rep = realm.toRepresentation();
        rep.setNotBefore(time);
        realm.update(rep);
        Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getToken());
        assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
        response.close();
        events.expect(EventType.USER_INFO_REQUEST_ERROR).error(Errors.INVALID_TOKEN).user(Matchers.nullValue(String.class)).session(Matchers.nullValue(String.class)).detail(Details.AUTH_METHOD, Details.VALIDATE_ACCESS_TOKEN).client((String) null).assertEvent();
        events.clear();
        rep.setNotBefore(0);
        realm.update(rep);
        // do the same with client's notBefore
        ClientResource clientResource = realm.clients().get(realm.clients().findByClientId("test-app").get(0).getId());
        ClientRepresentation clientRep = clientResource.toRepresentation();
        clientRep.setNotBefore(time);
        clientResource.update(clientRep);
        response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getToken());
        assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
        response.close();
        events.expect(EventType.USER_INFO_REQUEST_ERROR).error(Errors.INVALID_TOKEN).user(Matchers.nullValue(String.class)).session(Matchers.nullValue(String.class)).detail(Details.AUTH_METHOD, Details.VALIDATE_ACCESS_TOKEN).client((String) null).assertEvent();
        clientRep.setNotBefore(0);
        clientResource.update(clientRep);
    } finally {
        client.close();
    }
}
Also used : AccessTokenResponse(org.keycloak.representations.AccessTokenResponse) Response(javax.ws.rs.core.Response) RealmResource(org.keycloak.admin.client.resource.RealmResource) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) OAuthClient(org.keycloak.testsuite.util.OAuthClient) Client(javax.ws.rs.client.Client) AccessTokenResponse(org.keycloak.representations.AccessTokenResponse) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 57 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class UserInfoTest method testUserInfoRequestWithSamlClient.

@Test
public void testUserInfoRequestWithSamlClient() throws Exception {
    // obtain an access token
    String accessToken = oauth.doGrantAccessTokenRequest("test", "test-user@localhost", "password", null, "saml-client", "secret").getAccessToken();
    // change client's protocol
    ClientRepresentation samlClient = adminClient.realm("test").clients().findByClientId("saml-client").get(0);
    samlClient.setProtocol("saml");
    adminClient.realm("test").clients().get(samlClient.getId()).update(samlClient);
    Client client = AdminClientUtil.createResteasyClient();
    try {
        events.clear();
        Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessToken);
        response.close();
        assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
        events.expect(EventType.USER_INFO_REQUEST).error(Errors.INVALID_CLIENT).client((String) null).user(Matchers.nullValue(String.class)).session(Matchers.nullValue(String.class)).detail(Details.AUTH_METHOD, Details.VALIDATE_ACCESS_TOKEN).assertEvent();
    } finally {
        client.close();
    }
}
Also used : AccessTokenResponse(org.keycloak.representations.AccessTokenResponse) Response(javax.ws.rs.core.Response) OAuthClient(org.keycloak.testsuite.util.OAuthClient) Client(javax.ws.rs.client.Client) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 58 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class UserInfoTest method testSuccess_dotsInClientId.

// KEYCLOAK-8838
@Test
public void testSuccess_dotsInClientId() throws Exception {
    // Create client with dot in the name
    ClientRepresentation clientRep = org.keycloak.testsuite.util.ClientBuilder.create().clientId("my.foo.client").addRedirectUri("http://foo.host").secret("password").directAccessGrants().build();
    RealmResource realm = adminClient.realm("test");
    Response resp = realm.clients().create(clientRep);
    String clientUUID = ApiUtil.getCreatedId(resp);
    resp.close();
    getCleanup().addClientUuid(clientUUID);
    // Create role with dot in the name
    realm.clients().get(clientUUID).roles().create(RoleBuilder.create().name("my.foo.role").build());
    // Assign role to the user
    RoleRepresentation fooRole = realm.clients().get(clientUUID).roles().get("my.foo.role").toRepresentation();
    UserResource userResource = ApiUtil.findUserByUsernameId(realm, "test-user@localhost");
    userResource.roles().clientLevel(clientUUID).add(Collections.singletonList(fooRole));
    // Login to the new client
    OAuthClient.AccessTokenResponse accessTokenResponse = oauth.clientId("my.foo.client").doGrantAccessTokenRequest("password", "test-user@localhost", "password");
    AccessToken accessToken = oauth.verifyToken(accessTokenResponse.getAccessToken());
    Assert.assertNames(accessToken.getResourceAccess("my.foo.client").getRoles(), "my.foo.role");
    events.clear();
    // Send UserInfo request and ensure it is correct
    Client client = AdminClientUtil.createResteasyClient();
    try {
        Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getAccessToken());
        testSuccessfulUserInfoResponse(response, "my.foo.client");
    } finally {
        client.close();
    }
}
Also used : AccessTokenResponse(org.keycloak.representations.AccessTokenResponse) Response(javax.ws.rs.core.Response) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) OAuthClient(org.keycloak.testsuite.util.OAuthClient) RealmResource(org.keycloak.admin.client.resource.RealmResource) AccessToken(org.keycloak.representations.AccessToken) UserResource(org.keycloak.admin.client.resource.UserResource) OAuthClient(org.keycloak.testsuite.util.OAuthClient) Client(javax.ws.rs.client.Client) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 59 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class UserInfoTest method addTestRealms.

@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    RealmRepresentation realmRepresentation = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
    RealmBuilder realm = RealmBuilder.edit(realmRepresentation).testEventListener();
    RealmRepresentation testRealm = realm.build();
    testRealms.add(testRealm);
    ClientRepresentation samlApp = KeycloakModelUtils.createClient(testRealm, "saml-client");
    samlApp.setSecret("secret");
    samlApp.setServiceAccountsEnabled(true);
    samlApp.setDirectAccessGrantsEnabled(true);
}
Also used : RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) RealmBuilder(org.keycloak.testsuite.util.RealmBuilder) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)

Example 60 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class TokenIntrospectionTest method configureTestRealm.

@Override
public void configureTestRealm(RealmRepresentation testRealm) {
    ClientRepresentation confApp = KeycloakModelUtils.createClient(testRealm, "confidential-cli");
    confApp.setSecret("secret1");
    confApp.setServiceAccountsEnabled(Boolean.TRUE);
    ClientRepresentation pubApp = KeycloakModelUtils.createClient(testRealm, "public-cli");
    pubApp.setPublicClient(Boolean.TRUE);
    ClientRepresentation samlApp = KeycloakModelUtils.createClient(testRealm, "saml-client");
    samlApp.setSecret("secret2");
    samlApp.setServiceAccountsEnabled(Boolean.TRUE);
    samlApp.setProtocol("saml");
    UserRepresentation user = new UserRepresentation();
    user.setUsername("no-permissions");
    CredentialRepresentation credential = new CredentialRepresentation();
    credential.setType("password");
    credential.setValue("password");
    List<CredentialRepresentation> creds = new ArrayList<>();
    creds.add(credential);
    user.setCredentials(creds);
    user.setEnabled(Boolean.TRUE);
    List<String> realmRoles = new ArrayList<>();
    realmRoles.add("user");
    user.setRealmRoles(realmRoles);
    testRealm.getUsers().add(user);
}
Also used : CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) ArrayList(java.util.ArrayList) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation)

Aggregations

ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)576 Test (org.junit.Test)359 ClientResource (org.keycloak.admin.client.resource.ClientResource)189 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)139 OAuthClient (org.keycloak.testsuite.util.OAuthClient)101 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)61 Response (javax.ws.rs.core.Response)59 Matchers.containsString (org.hamcrest.Matchers.containsString)58 RealmResource (org.keycloak.admin.client.resource.RealmResource)58 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)58 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)53 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)43 AuthenticationRequestAcknowledgement (org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement)41 ClientsResource (org.keycloak.admin.client.resource.ClientsResource)38 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)38 ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)37 ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)37 ClientProfileBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)37 ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)37 HashMap (java.util.HashMap)33