Search in sources :

Example 91 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class RequiredActionUpdateProfileTest method updateProfileExpiredCookies.

@Test
public void updateProfileExpiredCookies() {
    loginPage.open();
    loginPage.login("john-doh@localhost", "password");
    updateProfilePage.assertCurrent();
    // Expire cookies and assert the page with "back to application" link present
    driver.manage().deleteAllCookies();
    updateProfilePage.update("New first", "New last", "keycloak-user@localhost", "test-user@localhost");
    errorPage.assertCurrent();
    String backToAppLink = errorPage.getBackToApplicationLink();
    ClientRepresentation client = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app").toRepresentation();
    Assert.assertEquals(backToAppLink, client.getBaseUrl());
}
Also used : ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 92 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class AbstractRegCliTest method addTestRealms.

@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    RealmRepresentation realmRepresentation = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
    testRealms.add(realmRepresentation);
    // create admin user account with permissions to manage clients
    UserRepresentation admin = UserBuilder.create().username("user1").password("userpass").enabled(true).build();
    HashMap<String, List<String>> clientRoles = new HashMap<>();
    clientRoles.put("realm-management", Arrays.asList("manage-clients"));
    admin.setClientRoles(clientRoles);
    realmRepresentation.getUsers().add(admin);
    // create client with service account to use Signed JWT credentials with
    ClientRepresentation regClient = ClientBuilder.create().clientId("reg-cli-jwt").attribute(JWTClientAuthenticator.CERTIFICATE_ATTR, "MIICnTCCAYUCBgFXUhpRTTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdyZWctY2xpMB4XDTE2MDkyMjEzMzIxOFoXDTI2MDkyMjEzMzM1OFowEjEQMA4GA1UEAwwHcmVnLWNsaTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMHZn/0Bk1M9oKcTHxzn2cGvBWwO1m6OVLQ8LSVwNIf4ixfGkVIkhI5iEGYND+uD8ame54ZPClTVxMra3JldClLIG+L+ymnbT2vKIhEsVvCROs9PnYxbFALt1dXneLIio2uzF+d7/zQWlmeaWfNunSJT1aHNJDkGgDeUuQa25b0IMqsFjsN8Dg4ATkA97r3wKn4Tp3SE7sTM/B2pmra4atNxGeShVrgihqUiQ/PwDiDGwry64AsexkZnQsCR3bJWBAVUiHef3JWzTfWWN5bfCBG6Mnq1xw7YN+YpV1nR3CGmcKJuLe6aTe7Ps8hYejYiQA7Mp7ZQsoImsVFV5HDOlb0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZl8XvLfKXTPYvq/QyHOg7EDlAdlV3HkmHP9SBAV4BccmHmorMkm5I6I21UA5mfju+0nhbEd0bm0kvJFxIfNU6lJyyVvQx3Gns37KYUOzIV/ocWZuOTBLp5tfIBYbBwfE/s1J4PhpA/3WhBY9JKiLvdJfxECGIgaLs2M0UsylW/7o04+18Od8j/m7crQc7fpe5gJB5m/+hxUDowIjG5CumffX9OHYGDvHBpaUl7QNSGgjP8Bn9ogmIMUBJ7XSYUcohKuk2Cnj6p+GlLuqHbOISUXLVjf0DxhCu6diVxvacKbgAZmyCIO1tGL/UVRxg9GOYdCiC9vHfPuZ8US+ZB0P9g==").authenticatorType(JWTClientAuthenticator.PROVIDER_ID).serviceAccount().build();
    realmRepresentation.getClients().add(regClient);
    // create service account for client reg-cli with permissions to manage clients
    addServiceAccount(realmRepresentation, "reg-cli-jwt");
    // create client to use with user account - enable direct grants
    regClient = ClientBuilder.create().clientId("reg-cli-jwt-direct").attribute(JWTClientAuthenticator.CERTIFICATE_ATTR, "MIICnTCCAYUCBgFXUhpRTTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdyZWctY2xpMB4XDTE2MDkyMjEzMzIxOFoXDTI2MDkyMjEzMzM1OFowEjEQMA4GA1UEAwwHcmVnLWNsaTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMHZn/0Bk1M9oKcTHxzn2cGvBWwO1m6OVLQ8LSVwNIf4ixfGkVIkhI5iEGYND+uD8ame54ZPClTVxMra3JldClLIG+L+ymnbT2vKIhEsVvCROs9PnYxbFALt1dXneLIio2uzF+d7/zQWlmeaWfNunSJT1aHNJDkGgDeUuQa25b0IMqsFjsN8Dg4ATkA97r3wKn4Tp3SE7sTM/B2pmra4atNxGeShVrgihqUiQ/PwDiDGwry64AsexkZnQsCR3bJWBAVUiHef3JWzTfWWN5bfCBG6Mnq1xw7YN+YpV1nR3CGmcKJuLe6aTe7Ps8hYejYiQA7Mp7ZQsoImsVFV5HDOlb0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZl8XvLfKXTPYvq/QyHOg7EDlAdlV3HkmHP9SBAV4BccmHmorMkm5I6I21UA5mfju+0nhbEd0bm0kvJFxIfNU6lJyyVvQx3Gns37KYUOzIV/ocWZuOTBLp5tfIBYbBwfE/s1J4PhpA/3WhBY9JKiLvdJfxECGIgaLs2M0UsylW/7o04+18Od8j/m7crQc7fpe5gJB5m/+hxUDowIjG5CumffX9OHYGDvHBpaUl7QNSGgjP8Bn9ogmIMUBJ7XSYUcohKuk2Cnj6p+GlLuqHbOISUXLVjf0DxhCu6diVxvacKbgAZmyCIO1tGL/UVRxg9GOYdCiC9vHfPuZ8US+ZB0P9g==").authenticatorType(JWTClientAuthenticator.PROVIDER_ID).directAccessGrants().build();
    realmRepresentation.getClients().add(regClient);
    // create client with service account to use client secret with
    regClient = ClientBuilder.create().clientId("reg-cli-secret").secret("password").authenticatorType(ClientIdAndSecretAuthenticator.PROVIDER_ID).serviceAccount().build();
    realmRepresentation.getClients().add(regClient);
    // create service account for client reg-cli with permissions to manage clients
    addServiceAccount(realmRepresentation, "reg-cli-secret");
    // create client to use with user account - enable direct grants
    regClient = ClientBuilder.create().clientId("reg-cli-secret-direct").secret("password").authenticatorType(ClientIdAndSecretAuthenticator.PROVIDER_ID).directAccessGrants().build();
    realmRepresentation.getClients().add(regClient);
}
Also used : HashMap(java.util.HashMap) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) List(java.util.List) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)

Example 93 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class AbstractRegCliTest method testCRUDWithOnTheFlyAuth.

void testCRUDWithOnTheFlyAuth(String serverUrl, String credentials, String extraOptions, String loginMessage) throws IOException {
    File configFile = getDefaultConfigFilePath();
    long lastModified = configFile.exists() ? configFile.lastModified() : 0;
    // This test assumes it is the only user of any instance of on the system
    KcRegExec exe = execute("create --no-config --server " + serverUrl + " --realm test " + credentials + " " + extraOptions + " -s clientId=test-client -o");
    Assert.assertEquals("exitCode == 0", 0, exe.exitCode());
    Assert.assertEquals("login message", loginMessage, exe.stderrLines().get(0));
    ClientRepresentation client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
    Assert.assertEquals("clientId", "test-client", client.getClientId());
    Assert.assertNotNull("registrationAccessToken not null", client.getRegistrationAccessToken());
    long lastModified2 = configFile.exists() ? configFile.lastModified() : 0;
    Assert.assertEquals("config file not modified", lastModified, lastModified2);
    exe = execute("get test-client --no-config --server " + serverUrl + " --realm test " + credentials + " " + extraOptions);
    assertExitCodeAndStdErrSize(exe, 0, 1);
    ClientRepresentation client2 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
    Assert.assertEquals("clientId", "test-client", client2.getClientId());
    // we did not provide a token, thus no registrationAccessToken is present
    Assert.assertNull("registrationAccessToken is null", client2.getRegistrationAccessToken());
    lastModified2 = configFile.exists() ? configFile.lastModified() : 0;
    Assert.assertEquals("config file not modified", lastModified, lastModified2);
    // the token works even though an intermediary invocation was performed,
    // because the previous invocation didn't use a registration access token
    exe = execute("get test-client --no-config --server " + serverUrl + " --realm test " + extraOptions + " -t " + client.getRegistrationAccessToken());
    assertExitCodeAndStdErrSize(exe, 0, 0);
    ClientRepresentation client3 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
    Assert.assertEquals("clientId", "test-client", client3.getClientId());
    Assert.assertEquals("registrationAccessToken in returned json is different than one returned by create", client.getRegistrationAccessToken(), client3.getRegistrationAccessToken());
    lastModified2 = configFile.exists() ? configFile.lastModified() : 0;
    Assert.assertEquals("config file not modified", lastModified, lastModified2);
    exe = execute("update test-client --no-config --server " + serverUrl + " --realm test " + credentials + " " + extraOptions + " -s enabled=false -o");
    assertExitCodeAndStdErrSize(exe, 0, 1);
    ClientRepresentation client4 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
    Assert.assertEquals("clientId", "test-client", client4.getClientId());
    Assert.assertFalse("enabled", client4.isEnabled());
    Assert.assertNull("registrationAccessToken in null", client4.getRegistrationAccessToken());
    lastModified2 = configFile.exists() ? configFile.lastModified() : 0;
    Assert.assertEquals("config file not modified", lastModified, lastModified2);
    exe = execute("update test-client --no-config --server " + serverUrl + " --realm test " + extraOptions + " -s enabled=true -o -t " + client3.getRegistrationAccessToken());
    assertExitCodeAndStdErrSize(exe, 0, 0);
    ClientRepresentation client5 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
    Assert.assertEquals("clientId", "test-client", client5.getClientId());
    Assert.assertTrue("enabled", client5.isEnabled());
    Assert.assertNotEquals("registrationAccessToken in returned json is different than one returned by get", client3.getRegistrationAccessToken(), client5.getRegistrationAccessToken());
    lastModified2 = configFile.exists() ? configFile.lastModified() : 0;
    Assert.assertEquals("config file not modified", lastModified, lastModified2);
    exe = execute("delete test-client --no-config --server " + serverUrl + " --realm test " + credentials + " " + extraOptions);
    assertExitCodeAndStreamSizes(exe, 0, 0, 1);
    lastModified2 = configFile.exists() ? configFile.lastModified() : 0;
    Assert.assertEquals("config file not modified", lastModified, lastModified2);
    // subsequent delete should fail
    exe = execute("delete test-client --no-config --server " + serverUrl + " --realm test " + credentials + " " + extraOptions);
    assertExitCodeAndStreamSizes(exe, 1, 0, 2);
    Assert.assertEquals("error message", "Client not found [invalid_request]", exe.stderrLines().get(1));
    lastModified2 = configFile.exists() ? configFile.lastModified() : 0;
    Assert.assertEquals("config file not modified", lastModified, lastModified2);
}
Also used : KcRegExec(org.keycloak.testsuite.cli.KcRegExec) File(java.io.File) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)

Example 94 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class KcRegCreateTest method testCreateWithAuthorizationServices.

@Test
public void testCreateWithAuthorizationServices() throws IOException {
    ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
    FileConfigHandler handler = initCustomConfigFile();
    try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
        KcRegExec exe = execute("config credentials -x --config '" + configFile.getName() + "' --insecure --server " + oauth.AUTH_SERVER_ROOT + " --realm master --user admin --password admin");
        assertExitCodeAndStreamSizes(exe, 0, 0, 3);
        String token = issueInitialAccessToken("test");
        exe = execute("create --config '" + configFile.getName() + "' --insecure --server " + oauth.AUTH_SERVER_ROOT + " --realm test -s clientId=authz-client -s authorizationServicesEnabled=true -t " + token);
        assertExitCodeAndStreamSizes(exe, 0, 0, 3);
        RealmResource realm = adminClient.realm("test");
        ClientsResource clients = realm.clients();
        ClientRepresentation clientRep = clients.findByClientId("authz-client").get(0);
        ClientResource client = clients.get(clientRep.getId());
        clientRep = client.toRepresentation();
        Assert.assertTrue(clientRep.getAuthorizationServicesEnabled());
        ResourceServerRepresentation settings = client.authorization().getSettings();
        Assert.assertEquals(PolicyEnforcementMode.ENFORCING, settings.getPolicyEnforcementMode());
        Assert.assertTrue(settings.isAllowRemoteResourceManagement());
        List<RoleRepresentation> roles = client.roles().list();
        Assert.assertEquals(1, roles.size());
        Assert.assertEquals("uma_protection", roles.get(0).getName());
        // create using oidc endpoint - autodetect format
        String content = "        {\n" + "            \"redirect_uris\" : [ \"http://localhost:8980/myapp/*\" ],\n" + "            \"grant_types\" : [ \"authorization_code\", \"client_credentials\", \"refresh_token\", \"" + OAuth2Constants.UMA_GRANT_TYPE + "\" ],\n" + "            \"response_types\" : [ \"code\", \"none\" ],\n" + "            \"client_name\" : \"My Reg Authz\",\n" + "            \"client_uri\" : \"http://localhost:8980/myapp\"\n" + "        }";
        try (TempFileResource tmpFile = new TempFileResource(initTempFile(".json", content))) {
            exe = execute("create --insecure --config '" + configFile.getName() + "' -s 'client_name=My Reg Authz' --realm test -t " + token + " -s 'redirect_uris=[\"http://localhost:8980/myapp5/*\"]' -s client_uri=http://localhost:8980/myapp5" + " -o -f - < '" + tmpFile.getName() + "'");
            assertExitCodeAndStdErrSize(exe, 0, 2);
            OIDCClientRepresentation oidcClient = JsonSerialization.readValue(exe.stdout(), OIDCClientRepresentation.class);
            Assert.assertNotNull("clientId", oidcClient.getClientId());
            Assert.assertEquals("redirect_uris", Arrays.asList("http://localhost:8980/myapp5/*"), oidcClient.getRedirectUris());
            Assert.assertThat("grant_types", oidcClient.getGrantTypes(), Matchers.containsInAnyOrder("authorization_code", "client_credentials", "refresh_token", OAuth2Constants.UMA_GRANT_TYPE));
            Assert.assertEquals("response_types", Arrays.asList("code", "none"), oidcClient.getResponseTypes());
            Assert.assertEquals("client_name", "My Reg Authz", oidcClient.getClientName());
            Assert.assertEquals("client_uri", "http://localhost:8980/myapp5", oidcClient.getClientUri());
            client = clients.get(oidcClient.getClientId());
            clientRep = client.toRepresentation();
            Assert.assertTrue(clientRep.getAuthorizationServicesEnabled());
            settings = client.authorization().getSettings();
            Assert.assertEquals(PolicyEnforcementMode.ENFORCING, settings.getPolicyEnforcementMode());
            Assert.assertTrue(settings.isAllowRemoteResourceManagement());
            roles = client.roles().list();
            Assert.assertEquals(1, roles.size());
            Assert.assertEquals("uma_protection", roles.get(0).getName());
            UserRepresentation serviceAccount = realm.users().search(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + clientRep.getClientId()).get(0);
            Assert.assertNotNull(serviceAccount);
            List<RoleRepresentation> serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(clientRep.getId()).listAll();
            Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
        }
    }
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) FileConfigHandler(org.keycloak.client.registration.cli.config.FileConfigHandler) Arrays(java.util.Arrays) Profile(org.keycloak.common.Profile) AUTH_SERVER_SSL_REQUIRED(org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) KcRegExec.execute(org.keycloak.testsuite.cli.KcRegExec.execute) TempFileResource(org.keycloak.testsuite.util.TempFileResource) Assume(org.junit.Assume) PolicyEnforcementMode(org.keycloak.representations.idm.authorization.PolicyEnforcementMode) ClientResource(org.keycloak.admin.client.resource.ClientResource) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ProfileAssume(org.keycloak.testsuite.ProfileAssume) Before(org.junit.Before) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) Matchers(org.hamcrest.Matchers) Test(org.junit.Test) IOException(java.io.IOException) File(java.io.File) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) KcRegExec(org.keycloak.testsuite.cli.KcRegExec) JsonSerialization(org.keycloak.util.JsonSerialization) ServiceAccountConstants(org.keycloak.common.constants.ServiceAccountConstants) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) List(java.util.List) Assert(org.junit.Assert) OAuth2Constants(org.keycloak.OAuth2Constants) ConfigData(org.keycloak.client.registration.cli.config.ConfigData) ResourceServerRepresentation(org.keycloak.representations.idm.authorization.ResourceServerRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) KcRegExec(org.keycloak.testsuite.cli.KcRegExec) TempFileResource(org.keycloak.testsuite.util.TempFileResource) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) FileConfigHandler(org.keycloak.client.registration.cli.config.FileConfigHandler) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) ClientResource(org.keycloak.admin.client.resource.ClientResource) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 95 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class KcRegCreateTest method testCreateThoroughly.

@Test
public void testCreateThoroughly() throws IOException {
    FileConfigHandler handler = initCustomConfigFile();
    try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
        // set initial access token in config
        String token = issueInitialAccessToken("test");
        final String realm = "test";
        KcRegExec exe = execute("config initial-token -x --config '" + configFile.getName() + "' --insecure --server " + oauth.AUTH_SERVER_ROOT + " --realm " + realm + " " + token);
        assertExitCodeAndStreamSizes(exe, 0, 0, 0);
        // check that current server, realm, and initial token are saved in the file
        ConfigData config = handler.loadConfig();
        Assert.assertEquals("Config serverUrl", oauth.AUTH_SERVER_ROOT, config.getServerUrl());
        Assert.assertEquals("Config realm", realm, config.getRealm());
        Assert.assertEquals("Config initial access token", token, config.ensureRealmConfigData(oauth.AUTH_SERVER_ROOT, realm).getInitialToken());
        // create configuration from file using stdin redirect ... output an object
        String content = "{\n" + "        \"clientId\": \"my_client\",\n" + "        \"enabled\": true,\n" + "        \"redirectUris\": [\"http://localhost:8980/myapp/*\"],\n" + "        \"serviceAccountsEnabled\": true,\n" + "        \"name\": \"My Client App\",\n" + "        \"implicitFlowEnabled\": false,\n" + "        \"publicClient\": true,\n" + "        \"protocol\": \"openid-connect\",\n" + "        \"webOrigins\": [\"http://localhost:8980/myapp\"],\n" + "        \"consentRequired\": false,\n" + "        \"baseUrl\": \"http://localhost:8980/myapp\",\n" + "        \"rootUrl\": \"http://localhost:8980/myapp\",\n" + "        \"bearerOnly\": true,\n" + "        \"standardFlowEnabled\": true\n" + "}";
        try (TempFileResource tmpFile = new TempFileResource(initTempFile(".json", content))) {
            exe = execute("create --insecure --config '" + configFile.getName() + "' -o -f - < '" + tmpFile.getName() + "'");
            assertExitCodeAndStdErrSize(exe, 0, 2);
            ClientRepresentation client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
            Assert.assertNotNull("id", client.getId());
            Assert.assertEquals("clientId", "my_client", client.getClientId());
            Assert.assertEquals("enabled", true, client.isEnabled());
            Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8980/myapp/*"), client.getRedirectUris());
            Assert.assertEquals("serviceAccountsEnabled", true, client.isServiceAccountsEnabled());
            Assert.assertEquals("name", "My Client App", client.getName());
            Assert.assertEquals("implicitFlowEnabled", false, client.isImplicitFlowEnabled());
            Assert.assertEquals("publicClient", true, client.isPublicClient());
            // note there is no server-side check if protocol is supported
            Assert.assertEquals("protocol", "openid-connect", client.getProtocol());
            Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp"), client.getWebOrigins());
            Assert.assertEquals("consentRequired", false, client.isConsentRequired());
            Assert.assertEquals("baseUrl", "http://localhost:8980/myapp", client.getBaseUrl());
            Assert.assertEquals("rootUrl", "http://localhost:8980/myapp", client.getRootUrl());
            Assert.assertEquals("bearerOnly", true, client.isStandardFlowEnabled());
            Assert.assertNull("mappers are null", client.getProtocolMappers());
            // create configuration from file as a template and override clientId and other attributes ... output an object
            exe = execute("create --insecure --config '" + configFile.getName() + "' -o -f '" + tmpFile.getName() + "' -s clientId=my_client2 -s enabled=false -s 'redirectUris=[\"http://localhost:8980/myapp2/*\"]'" + " -s 'name=My Client App II' -s protocol=openid-connect -s 'webOrigins=[\"http://localhost:8980/myapp2\"]'" + " -s baseUrl=http://localhost:8980/myapp2 -s rootUrl=http://localhost:8980/myapp2");
            assertExitCodeAndStdErrSize(exe, 0, 2);
            ClientRepresentation client2 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
            Assert.assertNotNull("id", client2.getId());
            Assert.assertEquals("clientId", "my_client2", client2.getClientId());
            Assert.assertEquals("enabled", false, client2.isEnabled());
            Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8980/myapp2/*"), client2.getRedirectUris());
            Assert.assertEquals("serviceAccountsEnabled", true, client2.isServiceAccountsEnabled());
            Assert.assertEquals("name", "My Client App II", client2.getName());
            Assert.assertEquals("implicitFlowEnabled", false, client2.isImplicitFlowEnabled());
            Assert.assertEquals("publicClient", true, client2.isPublicClient());
            Assert.assertEquals("protocol", "openid-connect", client2.getProtocol());
            Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp2"), client2.getWebOrigins());
            Assert.assertEquals("consentRequired", false, client2.isConsentRequired());
            Assert.assertEquals("baseUrl", "http://localhost:8980/myapp2", client2.getBaseUrl());
            Assert.assertEquals("rootUrl", "http://localhost:8980/myapp2", client2.getRootUrl());
            Assert.assertEquals("bearerOnly", true, client2.isStandardFlowEnabled());
            Assert.assertNull("mappers are null", client2.getProtocolMappers());
            // check that using an invalid attribute key is not ignored
            exe = execute("create --config '" + configFile.getName() + "' -o -f '" + tmpFile.getName() + "' -s client_id=my_client3");
            assertExitCodeAndStreamSizes(exe, 1, 0, 1);
            Assert.assertEquals("Failed to set attribute 'client_id' on document type 'default'", exe.stderrLines().get(0));
        }
        // simple create, output an id
        exe = execute("create --insecure --config '" + configFile.getName() + "' -i -s clientId=my_client3");
        assertExitCodeAndStreamSizes(exe, 0, 1, 2);
        Assert.assertEquals("only clientId returned", "my_client3", exe.stdoutLines().get(0));
        // simple create, default output
        exe = execute("create --insecure --config '" + configFile.getName() + "' -s clientId=my_client4");
        assertExitCodeAndStreamSizes(exe, 0, 0, 3);
        Assert.assertEquals("only clientId returned", "Registered new client with client_id 'my_client4'", exe.stderrLines().get(2));
        // create using oidc endpoint - autodetect format
        content = "        {\n" + "            \"redirect_uris\" : [ \"http://localhost:8980/myapp/*\" ],\n" + "            \"grant_types\" : [ \"authorization_code\", \"client_credentials\", \"refresh_token\" ],\n" + "            \"response_types\" : [ \"code\", \"none\" ],\n" + "            \"client_name\" : \"My Client App\",\n" + "            \"client_uri\" : \"http://localhost:8980/myapp\"\n" + "        }";
        try (TempFileResource tmpFile = new TempFileResource(initTempFile(".json", content))) {
            exe = execute("create --insecure --config '" + configFile.getName() + "' -s 'client_name=My Client App V' " + " -s 'redirect_uris=[\"http://localhost:8980/myapp5/*\"]' -s client_uri=http://localhost:8980/myapp5" + " -o -f - < '" + tmpFile.getName() + "'");
            assertExitCodeAndStdErrSize(exe, 0, 2);
            OIDCClientRepresentation client = JsonSerialization.readValue(exe.stdout(), OIDCClientRepresentation.class);
            Assert.assertNotNull("clientId", client.getClientId());
            Assert.assertEquals("redirect_uris", Arrays.asList("http://localhost:8980/myapp5/*"), client.getRedirectUris());
            Assert.assertEquals("grant_types", Arrays.asList("authorization_code", "client_credentials", "refresh_token"), client.getGrantTypes());
            Assert.assertEquals("response_types", Arrays.asList("code", "none"), client.getResponseTypes());
            Assert.assertEquals("client_name", "My Client App V", client.getClientName());
            Assert.assertEquals("client_uri", "http://localhost:8980/myapp5", client.getClientUri());
            // try use incompatible endpoint override
            exe = execute("create --config '" + configFile.getName() + "' -e default -f '" + tmpFile.getName() + "'");
            assertExitCodeAndStreamSizes(exe, 1, 0, 1);
            Assert.assertEquals("Error message", "Attribute 'redirect_uris' not supported on document type 'default'", exe.stderrLines().get(0));
        }
        // test create saml formated xml - format autodetection
        File samlSpMetaFile = new File(System.getProperty("user.dir") + "/src/test/resources/cli/kcreg/saml-sp-metadata.xml");
        Assert.assertTrue("saml-sp-metadata.xml exists", samlSpMetaFile.isFile());
        exe = execute("create --insecure --config '" + configFile.getName() + "' -o -f - < '" + samlSpMetaFile.getAbsolutePath() + "'");
        assertExitCodeAndStdErrSize(exe, 0, 2);
        ClientRepresentation client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
        Assert.assertNotNull("id", client.getId());
        Assert.assertEquals("clientId", "http://localhost:8080/sales-post-enc/", client.getClientId());
        Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8081/sales-post-enc/saml"), client.getRedirectUris());
        Assert.assertEquals("attributes.saml_name_id_format", "username", client.getAttributes().get("saml_name_id_format"));
        Assert.assertEquals("attributes.saml_assertion_consumer_url_post", "http://localhost:8081/sales-post-enc/saml", client.getAttributes().get("saml_assertion_consumer_url_post"));
        Assert.assertEquals("attributes.saml.signature.algorithm", "RSA_SHA256", client.getAttributes().get("saml.signature.algorithm"));
        // delete initial token
        exe = execute("config initial-token --config '" + configFile.getName() + "' --insecure --server " + serverUrl + " --realm " + realm + " --delete");
        assertExitCodeAndStreamSizes(exe, 0, 0, 0);
        config = handler.loadConfig();
        Assert.assertNull("initial token == null", config.ensureRealmConfigData(serverUrl, realm).getInitialToken());
    }
}
Also used : FileConfigHandler(org.keycloak.client.registration.cli.config.FileConfigHandler) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ConfigData(org.keycloak.client.registration.cli.config.ConfigData) KcRegExec(org.keycloak.testsuite.cli.KcRegExec) File(java.io.File) TempFileResource(org.keycloak.testsuite.util.TempFileResource) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Aggregations

ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)576 Test (org.junit.Test)359 ClientResource (org.keycloak.admin.client.resource.ClientResource)189 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)139 OAuthClient (org.keycloak.testsuite.util.OAuthClient)101 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)61 Response (javax.ws.rs.core.Response)59 Matchers.containsString (org.hamcrest.Matchers.containsString)58 RealmResource (org.keycloak.admin.client.resource.RealmResource)58 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)58 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)53 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)43 AuthenticationRequestAcknowledgement (org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement)41 ClientsResource (org.keycloak.admin.client.resource.ClientsResource)38 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)38 ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)37 ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)37 ClientProfileBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)37 ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)37 HashMap (java.util.HashMap)33