Examples with ClientRepresentation org.keycloak.representations.idm.ClientRepresentation used on opensource projects

Search in sources :

Example 76 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class ParTest method testFailureParInvalidPkceSetting.

// PAR invalid PKCE setting
@Test
public void testFailureParInvalidPkceSetting() throws Exception {
    // create client dynamically
    String clientId = createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
        clientRep.setRequirePushedAuthorizationRequests(Boolean.TRUE);
        clientRep.setRedirectUris(new ArrayList<String>(Arrays.asList(CLIENT_REDIRECT_URI)));
    });
    OIDCClientRepresentation oidcCRep = getClientDynamically(clientId);
    String clientSecret = oidcCRep.getClientSecret();
    assertEquals(Boolean.TRUE, oidcCRep.getRequirePushedAuthorizationRequests());
    assertTrue(oidcCRep.getRedirectUris().contains(CLIENT_REDIRECT_URI));
    updateClientByAdmin(clientId, (ClientRepresentation cRep) -> {
        OIDCAdvancedConfigWrapper.fromClientRepresentation(cRep).setPkceCodeChallengeMethod("S256");
    });
    // Pushed Authorization Request
    oauth.clientId(clientId);
    oauth.redirectUri(CLIENT_REDIRECT_URI);
    ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
    assertEquals(400, pResp.getStatusCode());
    assertEquals(OAuthErrorException.INVALID_REQUEST, pResp.getError());
    assertEquals("Missing parameter: code_challenge_method", pResp.getErrorDescription());
}
Also used : ParResponse(org.keycloak.testsuite.util.OAuthClient.ParResponse) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AbstractClientPoliciesTest(org.keycloak.testsuite.client.AbstractClientPoliciesTest) Test(org.junit.Test)

Example 77 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class EntityDescriptorDescriptionConverter method loadEntityDescriptors.

private static ClientRepresentation loadEntityDescriptors(InputStream is) {
    Object metadata;
    try {
        metadata = SAMLParser.getInstance().parse(is);
    } catch (ParsingException e) {
        throw new RuntimeException(e);
    }
    EntitiesDescriptorType entities;
    if (EntitiesDescriptorType.class.isInstance(metadata)) {
        entities = (EntitiesDescriptorType) metadata;
    } else {
        entities = new EntitiesDescriptorType();
        entities.addEntityDescriptor(metadata);
    }
    if (entities.getEntityDescriptor().size() != 1) {
        throw new RuntimeException("Expected one entity descriptor");
    }
    EntityDescriptorType entity = (EntityDescriptorType) entities.getEntityDescriptor().get(0);
    String entityId = entity.getEntityID();
    ClientRepresentation app = new ClientRepresentation();
    app.setClientId(entityId);
    Map<String, String> attributes = new HashMap<>();
    app.setAttributes(attributes);
    List<String> redirectUris = new LinkedList<>();
    app.setRedirectUris(redirectUris);
    app.setFullScopeAllowed(true);
    app.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    // default to true
    attributes.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
    // default to false
    attributes.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE_KEYINFO_EXT, SamlProtocol.ATTRIBUTE_FALSE_VALUE);
    attributes.put(SamlConfigAttributes.SAML_SIGNATURE_ALGORITHM, SignatureAlgorithm.RSA_SHA256.toString());
    attributes.put(SamlConfigAttributes.SAML_AUTHNSTATEMENT, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
    SPSSODescriptorType spDescriptorType = getSPDescriptor(entity);
    if (spDescriptorType.isWantAssertionsSigned()) {
        attributes.put(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
    }
    String logoutPost = getLogoutLocation(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
    if (logoutPost != null)
        attributes.put(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE, logoutPost);
    String logoutRedirect = getLogoutLocation(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get());
    if (logoutRedirect != null)
        attributes.put(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE, logoutRedirect);
    String assertionConsumerServicePostBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
    if (assertionConsumerServicePostBinding != null) {
        attributes.put(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE, assertionConsumerServicePostBinding);
        redirectUris.add(assertionConsumerServicePostBinding);
    }
    String assertionConsumerServiceRedirectBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get());
    if (assertionConsumerServiceRedirectBinding != null) {
        attributes.put(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE, assertionConsumerServiceRedirectBinding);
        redirectUris.add(assertionConsumerServiceRedirectBinding);
    }
    String assertionConsumerServiceSoapBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_SOAP_BINDING.get());
    if (assertionConsumerServiceSoapBinding != null) {
        redirectUris.add(assertionConsumerServiceSoapBinding);
    }
    String assertionConsumerServicePaosBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_PAOS_BINDING.get());
    if (assertionConsumerServicePaosBinding != null) {
        redirectUris.add(assertionConsumerServicePaosBinding);
    }
    String assertionConsumerServiceArtifactBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.get());
    if (assertionConsumerServiceArtifactBinding != null) {
        attributes.put(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_ARTIFACT_ATTRIBUTE, assertionConsumerServiceArtifactBinding);
        redirectUris.add(assertionConsumerServiceArtifactBinding);
    }
    String artifactResolutionService = getArtifactResolutionService(spDescriptorType);
    if (artifactResolutionService != null) {
        attributes.put(SamlProtocol.SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE, artifactResolutionService);
    }
    if (spDescriptorType.getNameIDFormat() != null) {
        for (String format : spDescriptorType.getNameIDFormat()) {
            String attribute = SamlClient.samlNameIDFormatToClientAttribute(format);
            if (attribute != null) {
                attributes.put(SamlConfigAttributes.SAML_NAME_ID_FORMAT_ATTRIBUTE, attribute);
                break;
            }
        }
    }
    if (spDescriptorType.getExtensions() != null && spDescriptorType.getExtensions().getUIInfo() != null) {
        if (!spDescriptorType.getExtensions().getUIInfo().getLogo().isEmpty()) {
            attributes.put(ClientModel.LOGO_URI, spDescriptorType.getExtensions().getUIInfo().getLogo().get(0).getValue().toString());
        }
        if (!spDescriptorType.getExtensions().getUIInfo().getPrivacyStatementURL().isEmpty()) {
            attributes.put(ClientModel.POLICY_URI, spDescriptorType.getExtensions().getUIInfo().getPrivacyStatementURL().stream().filter(dn -> "en".equals(dn.getLang())).findFirst().orElse(spDescriptorType.getExtensions().getUIInfo().getPrivacyStatementURL().get(0)).getValue().toString());
        }
    }
    app.setProtocolMappers(spDescriptorType.getAttributeConsumingService().stream().flatMap(att -> att.getRequestedAttribute().stream()).map(attr -> {
        ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
        mapper.setName(attr.getName());
        mapper.setProtocol("saml");
        mapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);
        Map<String, String> config = new HashMap<>();
        config.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, attr.getName());
        if (attr.getFriendlyName() != null)
            config.put(AttributeStatementHelper.FRIENDLY_NAME, attr.getFriendlyName());
        if (attr.getNameFormat() != null)
            config.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, getSAMLNameFormat(attr.getNameFormat()));
        mapper.setConfig(config);
        return mapper;
    }).collect(Collectors.toList()));
    for (KeyDescriptorType keyDescriptor : spDescriptorType.getKeyDescriptor()) {
        X509Certificate cert = null;
        try {
            cert = SAMLMetadataUtil.getCertificate(keyDescriptor);
        } catch (ConfigurationException e) {
            throw new RuntimeException(e);
        } catch (ProcessingException e) {
            throw new RuntimeException(e);
        }
        String certPem = KeycloakModelUtils.getPemFromCertificate(cert);
        if (keyDescriptor.getUse() == KeyTypes.SIGNING) {
            attributes.put(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
            attributes.put(SamlConfigAttributes.SAML_SIGNING_CERTIFICATE_ATTRIBUTE, certPem);
        } else if (keyDescriptor.getUse() == KeyTypes.ENCRYPTION) {
            attributes.put(SamlConfigAttributes.SAML_ENCRYPT, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
            attributes.put(SamlConfigAttributes.SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE, certPem);
        }
    }
    return app;
}
Also used : ClientModel(org.keycloak.models.ClientModel) AttributeStatementHelper(org.keycloak.protocol.saml.mappers.AttributeStatementHelper) UserAttributeStatementMapper(org.keycloak.protocol.saml.mappers.UserAttributeStatementMapper) SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser) X509Certificate(java.security.cert.X509Certificate) EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType) KeycloakModelUtils(org.keycloak.models.utils.KeycloakModelUtils) HashMap(java.util.HashMap) Config(org.keycloak.Config) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) ByteArrayInputStream(java.io.ByteArrayInputStream) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType) Map(java.util.Map) SignatureAlgorithm(org.keycloak.saml.SignatureAlgorithm) LinkedList(java.util.LinkedList) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) ClientDescriptionConverterFactory(org.keycloak.exportimport.ClientDescriptionConverterFactory) KeyTypes(org.keycloak.dom.saml.v2.metadata.KeyTypes) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) ClientDescriptionConverter(org.keycloak.exportimport.ClientDescriptionConverter) KeycloakSession(org.keycloak.models.KeycloakSession) EDTDescriptorChoiceType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType.EDTDescriptorChoiceType) EntitiesDescriptorType(org.keycloak.dom.saml.v2.metadata.EntitiesDescriptorType) Collectors(java.util.stream.Collectors) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Objects(java.util.Objects) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) List(java.util.List) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType) SAMLMetadataUtil(org.keycloak.saml.processing.core.saml.v2.util.SAMLMetadataUtil) InputStream(java.io.InputStream) EntitiesDescriptorType(org.keycloak.dom.saml.v2.metadata.EntitiesDescriptorType) HashMap(java.util.HashMap) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) LinkedList(java.util.LinkedList) X509Certificate(java.security.cert.X509Certificate) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)

Example 78 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class ClientAttributeUpdater method forClient.

/**
 * Creates a {@ClientAttributeUpdater} for the given client. The client must exist.
 * @param adminClient
 * @param realm
 * @param clientId
 * @return
 */
public static ClientAttributeUpdater forClient(Keycloak adminClient, String realm, String clientId) {
    RealmResource realmRes = adminClient.realm(realm);
    ClientsResource clients = realmRes.clients();
    List<ClientRepresentation> foundClients = clients.findByClientId(clientId);
    assertThat(foundClients, hasSize(1));
    ClientResource clientRes = clients.get(foundClients.get(0).getId());
    return new ClientAttributeUpdater(clientRes, realmRes);
}
Also used : RealmResource(org.keycloak.admin.client.resource.RealmResource) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) ClientResource(org.keycloak.admin.client.resource.ClientResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)

Example 79 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class BrokerLinkAndTokenExchangeTest method addChildUser.

public void addChildUser() {
    RealmResource realm = adminClient.realms().realm(CHILD_IDP);
    UserRepresentation user = new UserRepresentation();
    user.setUsername("child");
    user.setEnabled(true);
    childUserId = createUserAndResetPasswordWithAdminClient(realm, user, "password");
    UserRepresentation user2 = new UserRepresentation();
    user2.setUsername("child2");
    user2.setEnabled(true);
    String user2Id = createUserAndResetPasswordWithAdminClient(realm, user2, "password");
    // have to add a role as undertow default auth manager doesn't like "*". todo we can remove this eventually as undertow fixes this in later versions
    realm.roles().create(new RoleRepresentation("user", null, false));
    RoleRepresentation role = realm.roles().get("user").toRepresentation();
    List<RoleRepresentation> roles = new LinkedList<>();
    roles.add(role);
    realm.users().get(childUserId).roles().realmLevel().add(roles);
    realm.users().get(user2Id).roles().realmLevel().add(roles);
    ClientRepresentation brokerService = realm.clients().findByClientId(Constants.BROKER_SERVICE_CLIENT_ID).get(0);
    role = realm.clients().get(brokerService.getId()).roles().get(Constants.READ_TOKEN_ROLE).toRepresentation();
    roles.clear();
    roles.add(role);
    realm.users().get(childUserId).roles().clientLevel(brokerService.getId()).add(roles);
    realm.users().get(user2Id).roles().clientLevel(brokerService.getId()).add(roles);
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) LinkedList(java.util.LinkedList) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)

Example 80 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class DemoServletsAdapterTest method testClientNotAuthenticatedInClientSecretJwtByAuthnMethodOutOfSync.

@Test
public void testClientNotAuthenticatedInClientSecretJwtByAuthnMethodOutOfSync() {
    // JWS Client Assertion in client_secret_jwt
    // http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
    String targetClientId = "client-secret-jwt-secure-portal";
    String expectedErrorString = "invalid_client_credentials";
    ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), targetClientId);
    ClientRepresentation client = clientResource.toRepresentation();
    client.setClientAuthenticatorType("client-secret");
    clientResource.update(client);
    expectResultOfClientNotAuthenticatedInClientSecretJwt(targetClientId, expectedErrorString);
}
Also used : ClientResource(org.keycloak.admin.client.resource.ClientResource) Matchers.containsString(org.hamcrest.Matchers.containsString) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test) AbstractServletsAdapterTest(org.keycloak.testsuite.adapter.AbstractServletsAdapterTest)

Aggregations

ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)576 Test (org.junit.Test)359 ClientResource (org.keycloak.admin.client.resource.ClientResource)189 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)139 OAuthClient (org.keycloak.testsuite.util.OAuthClient)101 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)61 Response (javax.ws.rs.core.Response)59 Matchers.containsString (org.hamcrest.Matchers.containsString)58 RealmResource (org.keycloak.admin.client.resource.RealmResource)58 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)58 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)53 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)43 AuthenticationRequestAcknowledgement (org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement)41 ClientsResource (org.keycloak.admin.client.resource.ClientsResource)38 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)38 ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)37 ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)37 ClientProfileBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)37 ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)37 HashMap (java.util.HashMap)33
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial