use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class RequiredActionUpdateProfileTest method updateProfileExpiredCookies.
@Test
public void updateProfileExpiredCookies() {
loginPage.open();
loginPage.login("john-doh@localhost", "password");
updateProfilePage.assertCurrent();
// Expire cookies and assert the page with "back to application" link present
driver.manage().deleteAllCookies();
updateProfilePage.update("New first", "New last", "keycloak-user@localhost", "test-user@localhost");
errorPage.assertCurrent();
String backToAppLink = errorPage.getBackToApplicationLink();
ClientRepresentation client = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app").toRepresentation();
Assert.assertEquals(backToAppLink, client.getBaseUrl());
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class AbstractRegCliTest method addTestRealms.
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
RealmRepresentation realmRepresentation = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
testRealms.add(realmRepresentation);
// create admin user account with permissions to manage clients
UserRepresentation admin = UserBuilder.create().username("user1").password("userpass").enabled(true).build();
HashMap<String, List<String>> clientRoles = new HashMap<>();
clientRoles.put("realm-management", Arrays.asList("manage-clients"));
admin.setClientRoles(clientRoles);
realmRepresentation.getUsers().add(admin);
// create client with service account to use Signed JWT credentials with
ClientRepresentation regClient = ClientBuilder.create().clientId("reg-cli-jwt").attribute(JWTClientAuthenticator.CERTIFICATE_ATTR, "MIICnTCCAYUCBgFXUhpRTTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdyZWctY2xpMB4XDTE2MDkyMjEzMzIxOFoXDTI2MDkyMjEzMzM1OFowEjEQMA4GA1UEAwwHcmVnLWNsaTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMHZn/0Bk1M9oKcTHxzn2cGvBWwO1m6OVLQ8LSVwNIf4ixfGkVIkhI5iEGYND+uD8ame54ZPClTVxMra3JldClLIG+L+ymnbT2vKIhEsVvCROs9PnYxbFALt1dXneLIio2uzF+d7/zQWlmeaWfNunSJT1aHNJDkGgDeUuQa25b0IMqsFjsN8Dg4ATkA97r3wKn4Tp3SE7sTM/B2pmra4atNxGeShVrgihqUiQ/PwDiDGwry64AsexkZnQsCR3bJWBAVUiHef3JWzTfWWN5bfCBG6Mnq1xw7YN+YpV1nR3CGmcKJuLe6aTe7Ps8hYejYiQA7Mp7ZQsoImsVFV5HDOlb0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZl8XvLfKXTPYvq/QyHOg7EDlAdlV3HkmHP9SBAV4BccmHmorMkm5I6I21UA5mfju+0nhbEd0bm0kvJFxIfNU6lJyyVvQx3Gns37KYUOzIV/ocWZuOTBLp5tfIBYbBwfE/s1J4PhpA/3WhBY9JKiLvdJfxECGIgaLs2M0UsylW/7o04+18Od8j/m7crQc7fpe5gJB5m/+hxUDowIjG5CumffX9OHYGDvHBpaUl7QNSGgjP8Bn9ogmIMUBJ7XSYUcohKuk2Cnj6p+GlLuqHbOISUXLVjf0DxhCu6diVxvacKbgAZmyCIO1tGL/UVRxg9GOYdCiC9vHfPuZ8US+ZB0P9g==").authenticatorType(JWTClientAuthenticator.PROVIDER_ID).serviceAccount().build();
realmRepresentation.getClients().add(regClient);
// create service account for client reg-cli with permissions to manage clients
addServiceAccount(realmRepresentation, "reg-cli-jwt");
// create client to use with user account - enable direct grants
regClient = ClientBuilder.create().clientId("reg-cli-jwt-direct").attribute(JWTClientAuthenticator.CERTIFICATE_ATTR, "MIICnTCCAYUCBgFXUhpRTTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdyZWctY2xpMB4XDTE2MDkyMjEzMzIxOFoXDTI2MDkyMjEzMzM1OFowEjEQMA4GA1UEAwwHcmVnLWNsaTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMHZn/0Bk1M9oKcTHxzn2cGvBWwO1m6OVLQ8LSVwNIf4ixfGkVIkhI5iEGYND+uD8ame54ZPClTVxMra3JldClLIG+L+ymnbT2vKIhEsVvCROs9PnYxbFALt1dXneLIio2uzF+d7/zQWlmeaWfNunSJT1aHNJDkGgDeUuQa25b0IMqsFjsN8Dg4ATkA97r3wKn4Tp3SE7sTM/B2pmra4atNxGeShVrgihqUiQ/PwDiDGwry64AsexkZnQsCR3bJWBAVUiHef3JWzTfWWN5bfCBG6Mnq1xw7YN+YpV1nR3CGmcKJuLe6aTe7Ps8hYejYiQA7Mp7ZQsoImsVFV5HDOlb0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZl8XvLfKXTPYvq/QyHOg7EDlAdlV3HkmHP9SBAV4BccmHmorMkm5I6I21UA5mfju+0nhbEd0bm0kvJFxIfNU6lJyyVvQx3Gns37KYUOzIV/ocWZuOTBLp5tfIBYbBwfE/s1J4PhpA/3WhBY9JKiLvdJfxECGIgaLs2M0UsylW/7o04+18Od8j/m7crQc7fpe5gJB5m/+hxUDowIjG5CumffX9OHYGDvHBpaUl7QNSGgjP8Bn9ogmIMUBJ7XSYUcohKuk2Cnj6p+GlLuqHbOISUXLVjf0DxhCu6diVxvacKbgAZmyCIO1tGL/UVRxg9GOYdCiC9vHfPuZ8US+ZB0P9g==").authenticatorType(JWTClientAuthenticator.PROVIDER_ID).directAccessGrants().build();
realmRepresentation.getClients().add(regClient);
// create client with service account to use client secret with
regClient = ClientBuilder.create().clientId("reg-cli-secret").secret("password").authenticatorType(ClientIdAndSecretAuthenticator.PROVIDER_ID).serviceAccount().build();
realmRepresentation.getClients().add(regClient);
// create service account for client reg-cli with permissions to manage clients
addServiceAccount(realmRepresentation, "reg-cli-secret");
// create client to use with user account - enable direct grants
regClient = ClientBuilder.create().clientId("reg-cli-secret-direct").secret("password").authenticatorType(ClientIdAndSecretAuthenticator.PROVIDER_ID).directAccessGrants().build();
realmRepresentation.getClients().add(regClient);
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class AbstractRegCliTest method testCRUDWithOnTheFlyAuth.
void testCRUDWithOnTheFlyAuth(String serverUrl, String credentials, String extraOptions, String loginMessage) throws IOException {
File configFile = getDefaultConfigFilePath();
long lastModified = configFile.exists() ? configFile.lastModified() : 0;
// This test assumes it is the only user of any instance of on the system
KcRegExec exe = execute("create --no-config --server " + serverUrl + " --realm test " + credentials + " " + extraOptions + " -s clientId=test-client -o");
Assert.assertEquals("exitCode == 0", 0, exe.exitCode());
Assert.assertEquals("login message", loginMessage, exe.stderrLines().get(0));
ClientRepresentation client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertEquals("clientId", "test-client", client.getClientId());
Assert.assertNotNull("registrationAccessToken not null", client.getRegistrationAccessToken());
long lastModified2 = configFile.exists() ? configFile.lastModified() : 0;
Assert.assertEquals("config file not modified", lastModified, lastModified2);
exe = execute("get test-client --no-config --server " + serverUrl + " --realm test " + credentials + " " + extraOptions);
assertExitCodeAndStdErrSize(exe, 0, 1);
ClientRepresentation client2 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertEquals("clientId", "test-client", client2.getClientId());
// we did not provide a token, thus no registrationAccessToken is present
Assert.assertNull("registrationAccessToken is null", client2.getRegistrationAccessToken());
lastModified2 = configFile.exists() ? configFile.lastModified() : 0;
Assert.assertEquals("config file not modified", lastModified, lastModified2);
// the token works even though an intermediary invocation was performed,
// because the previous invocation didn't use a registration access token
exe = execute("get test-client --no-config --server " + serverUrl + " --realm test " + extraOptions + " -t " + client.getRegistrationAccessToken());
assertExitCodeAndStdErrSize(exe, 0, 0);
ClientRepresentation client3 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertEquals("clientId", "test-client", client3.getClientId());
Assert.assertEquals("registrationAccessToken in returned json is different than one returned by create", client.getRegistrationAccessToken(), client3.getRegistrationAccessToken());
lastModified2 = configFile.exists() ? configFile.lastModified() : 0;
Assert.assertEquals("config file not modified", lastModified, lastModified2);
exe = execute("update test-client --no-config --server " + serverUrl + " --realm test " + credentials + " " + extraOptions + " -s enabled=false -o");
assertExitCodeAndStdErrSize(exe, 0, 1);
ClientRepresentation client4 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertEquals("clientId", "test-client", client4.getClientId());
Assert.assertFalse("enabled", client4.isEnabled());
Assert.assertNull("registrationAccessToken in null", client4.getRegistrationAccessToken());
lastModified2 = configFile.exists() ? configFile.lastModified() : 0;
Assert.assertEquals("config file not modified", lastModified, lastModified2);
exe = execute("update test-client --no-config --server " + serverUrl + " --realm test " + extraOptions + " -s enabled=true -o -t " + client3.getRegistrationAccessToken());
assertExitCodeAndStdErrSize(exe, 0, 0);
ClientRepresentation client5 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertEquals("clientId", "test-client", client5.getClientId());
Assert.assertTrue("enabled", client5.isEnabled());
Assert.assertNotEquals("registrationAccessToken in returned json is different than one returned by get", client3.getRegistrationAccessToken(), client5.getRegistrationAccessToken());
lastModified2 = configFile.exists() ? configFile.lastModified() : 0;
Assert.assertEquals("config file not modified", lastModified, lastModified2);
exe = execute("delete test-client --no-config --server " + serverUrl + " --realm test " + credentials + " " + extraOptions);
assertExitCodeAndStreamSizes(exe, 0, 0, 1);
lastModified2 = configFile.exists() ? configFile.lastModified() : 0;
Assert.assertEquals("config file not modified", lastModified, lastModified2);
// subsequent delete should fail
exe = execute("delete test-client --no-config --server " + serverUrl + " --realm test " + credentials + " " + extraOptions);
assertExitCodeAndStreamSizes(exe, 1, 0, 2);
Assert.assertEquals("error message", "Client not found [invalid_request]", exe.stderrLines().get(1));
lastModified2 = configFile.exists() ? configFile.lastModified() : 0;
Assert.assertEquals("config file not modified", lastModified, lastModified2);
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class KcRegCreateTest method testCreateWithAuthorizationServices.
@Test
public void testCreateWithAuthorizationServices() throws IOException {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
FileConfigHandler handler = initCustomConfigFile();
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
KcRegExec exe = execute("config credentials -x --config '" + configFile.getName() + "' --insecure --server " + oauth.AUTH_SERVER_ROOT + " --realm master --user admin --password admin");
assertExitCodeAndStreamSizes(exe, 0, 0, 3);
String token = issueInitialAccessToken("test");
exe = execute("create --config '" + configFile.getName() + "' --insecure --server " + oauth.AUTH_SERVER_ROOT + " --realm test -s clientId=authz-client -s authorizationServicesEnabled=true -t " + token);
assertExitCodeAndStreamSizes(exe, 0, 0, 3);
RealmResource realm = adminClient.realm("test");
ClientsResource clients = realm.clients();
ClientRepresentation clientRep = clients.findByClientId("authz-client").get(0);
ClientResource client = clients.get(clientRep.getId());
clientRep = client.toRepresentation();
Assert.assertTrue(clientRep.getAuthorizationServicesEnabled());
ResourceServerRepresentation settings = client.authorization().getSettings();
Assert.assertEquals(PolicyEnforcementMode.ENFORCING, settings.getPolicyEnforcementMode());
Assert.assertTrue(settings.isAllowRemoteResourceManagement());
List<RoleRepresentation> roles = client.roles().list();
Assert.assertEquals(1, roles.size());
Assert.assertEquals("uma_protection", roles.get(0).getName());
// create using oidc endpoint - autodetect format
String content = " {\n" + " \"redirect_uris\" : [ \"http://localhost:8980/myapp/*\" ],\n" + " \"grant_types\" : [ \"authorization_code\", \"client_credentials\", \"refresh_token\", \"" + OAuth2Constants.UMA_GRANT_TYPE + "\" ],\n" + " \"response_types\" : [ \"code\", \"none\" ],\n" + " \"client_name\" : \"My Reg Authz\",\n" + " \"client_uri\" : \"http://localhost:8980/myapp\"\n" + " }";
try (TempFileResource tmpFile = new TempFileResource(initTempFile(".json", content))) {
exe = execute("create --insecure --config '" + configFile.getName() + "' -s 'client_name=My Reg Authz' --realm test -t " + token + " -s 'redirect_uris=[\"http://localhost:8980/myapp5/*\"]' -s client_uri=http://localhost:8980/myapp5" + " -o -f - < '" + tmpFile.getName() + "'");
assertExitCodeAndStdErrSize(exe, 0, 2);
OIDCClientRepresentation oidcClient = JsonSerialization.readValue(exe.stdout(), OIDCClientRepresentation.class);
Assert.assertNotNull("clientId", oidcClient.getClientId());
Assert.assertEquals("redirect_uris", Arrays.asList("http://localhost:8980/myapp5/*"), oidcClient.getRedirectUris());
Assert.assertThat("grant_types", oidcClient.getGrantTypes(), Matchers.containsInAnyOrder("authorization_code", "client_credentials", "refresh_token", OAuth2Constants.UMA_GRANT_TYPE));
Assert.assertEquals("response_types", Arrays.asList("code", "none"), oidcClient.getResponseTypes());
Assert.assertEquals("client_name", "My Reg Authz", oidcClient.getClientName());
Assert.assertEquals("client_uri", "http://localhost:8980/myapp5", oidcClient.getClientUri());
client = clients.get(oidcClient.getClientId());
clientRep = client.toRepresentation();
Assert.assertTrue(clientRep.getAuthorizationServicesEnabled());
settings = client.authorization().getSettings();
Assert.assertEquals(PolicyEnforcementMode.ENFORCING, settings.getPolicyEnforcementMode());
Assert.assertTrue(settings.isAllowRemoteResourceManagement());
roles = client.roles().list();
Assert.assertEquals(1, roles.size());
Assert.assertEquals("uma_protection", roles.get(0).getName());
UserRepresentation serviceAccount = realm.users().search(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + clientRep.getClientId()).get(0);
Assert.assertNotNull(serviceAccount);
List<RoleRepresentation> serviceAccountRoles = realm.users().get(serviceAccount.getId()).roles().clientLevel(clientRep.getId()).listAll();
Assert.assertTrue(serviceAccountRoles.stream().anyMatch(roleRepresentation -> "uma_protection".equals(roleRepresentation.getName())));
}
}
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class KcRegCreateTest method testCreateThoroughly.
@Test
public void testCreateThoroughly() throws IOException {
FileConfigHandler handler = initCustomConfigFile();
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
// set initial access token in config
String token = issueInitialAccessToken("test");
final String realm = "test";
KcRegExec exe = execute("config initial-token -x --config '" + configFile.getName() + "' --insecure --server " + oauth.AUTH_SERVER_ROOT + " --realm " + realm + " " + token);
assertExitCodeAndStreamSizes(exe, 0, 0, 0);
// check that current server, realm, and initial token are saved in the file
ConfigData config = handler.loadConfig();
Assert.assertEquals("Config serverUrl", oauth.AUTH_SERVER_ROOT, config.getServerUrl());
Assert.assertEquals("Config realm", realm, config.getRealm());
Assert.assertEquals("Config initial access token", token, config.ensureRealmConfigData(oauth.AUTH_SERVER_ROOT, realm).getInitialToken());
// create configuration from file using stdin redirect ... output an object
String content = "{\n" + " \"clientId\": \"my_client\",\n" + " \"enabled\": true,\n" + " \"redirectUris\": [\"http://localhost:8980/myapp/*\"],\n" + " \"serviceAccountsEnabled\": true,\n" + " \"name\": \"My Client App\",\n" + " \"implicitFlowEnabled\": false,\n" + " \"publicClient\": true,\n" + " \"protocol\": \"openid-connect\",\n" + " \"webOrigins\": [\"http://localhost:8980/myapp\"],\n" + " \"consentRequired\": false,\n" + " \"baseUrl\": \"http://localhost:8980/myapp\",\n" + " \"rootUrl\": \"http://localhost:8980/myapp\",\n" + " \"bearerOnly\": true,\n" + " \"standardFlowEnabled\": true\n" + "}";
try (TempFileResource tmpFile = new TempFileResource(initTempFile(".json", content))) {
exe = execute("create --insecure --config '" + configFile.getName() + "' -o -f - < '" + tmpFile.getName() + "'");
assertExitCodeAndStdErrSize(exe, 0, 2);
ClientRepresentation client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertNotNull("id", client.getId());
Assert.assertEquals("clientId", "my_client", client.getClientId());
Assert.assertEquals("enabled", true, client.isEnabled());
Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8980/myapp/*"), client.getRedirectUris());
Assert.assertEquals("serviceAccountsEnabled", true, client.isServiceAccountsEnabled());
Assert.assertEquals("name", "My Client App", client.getName());
Assert.assertEquals("implicitFlowEnabled", false, client.isImplicitFlowEnabled());
Assert.assertEquals("publicClient", true, client.isPublicClient());
// note there is no server-side check if protocol is supported
Assert.assertEquals("protocol", "openid-connect", client.getProtocol());
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp"), client.getWebOrigins());
Assert.assertEquals("consentRequired", false, client.isConsentRequired());
Assert.assertEquals("baseUrl", "http://localhost:8980/myapp", client.getBaseUrl());
Assert.assertEquals("rootUrl", "http://localhost:8980/myapp", client.getRootUrl());
Assert.assertEquals("bearerOnly", true, client.isStandardFlowEnabled());
Assert.assertNull("mappers are null", client.getProtocolMappers());
// create configuration from file as a template and override clientId and other attributes ... output an object
exe = execute("create --insecure --config '" + configFile.getName() + "' -o -f '" + tmpFile.getName() + "' -s clientId=my_client2 -s enabled=false -s 'redirectUris=[\"http://localhost:8980/myapp2/*\"]'" + " -s 'name=My Client App II' -s protocol=openid-connect -s 'webOrigins=[\"http://localhost:8980/myapp2\"]'" + " -s baseUrl=http://localhost:8980/myapp2 -s rootUrl=http://localhost:8980/myapp2");
assertExitCodeAndStdErrSize(exe, 0, 2);
ClientRepresentation client2 = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertNotNull("id", client2.getId());
Assert.assertEquals("clientId", "my_client2", client2.getClientId());
Assert.assertEquals("enabled", false, client2.isEnabled());
Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8980/myapp2/*"), client2.getRedirectUris());
Assert.assertEquals("serviceAccountsEnabled", true, client2.isServiceAccountsEnabled());
Assert.assertEquals("name", "My Client App II", client2.getName());
Assert.assertEquals("implicitFlowEnabled", false, client2.isImplicitFlowEnabled());
Assert.assertEquals("publicClient", true, client2.isPublicClient());
Assert.assertEquals("protocol", "openid-connect", client2.getProtocol());
Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp2"), client2.getWebOrigins());
Assert.assertEquals("consentRequired", false, client2.isConsentRequired());
Assert.assertEquals("baseUrl", "http://localhost:8980/myapp2", client2.getBaseUrl());
Assert.assertEquals("rootUrl", "http://localhost:8980/myapp2", client2.getRootUrl());
Assert.assertEquals("bearerOnly", true, client2.isStandardFlowEnabled());
Assert.assertNull("mappers are null", client2.getProtocolMappers());
// check that using an invalid attribute key is not ignored
exe = execute("create --config '" + configFile.getName() + "' -o -f '" + tmpFile.getName() + "' -s client_id=my_client3");
assertExitCodeAndStreamSizes(exe, 1, 0, 1);
Assert.assertEquals("Failed to set attribute 'client_id' on document type 'default'", exe.stderrLines().get(0));
}
// simple create, output an id
exe = execute("create --insecure --config '" + configFile.getName() + "' -i -s clientId=my_client3");
assertExitCodeAndStreamSizes(exe, 0, 1, 2);
Assert.assertEquals("only clientId returned", "my_client3", exe.stdoutLines().get(0));
// simple create, default output
exe = execute("create --insecure --config '" + configFile.getName() + "' -s clientId=my_client4");
assertExitCodeAndStreamSizes(exe, 0, 0, 3);
Assert.assertEquals("only clientId returned", "Registered new client with client_id 'my_client4'", exe.stderrLines().get(2));
// create using oidc endpoint - autodetect format
content = " {\n" + " \"redirect_uris\" : [ \"http://localhost:8980/myapp/*\" ],\n" + " \"grant_types\" : [ \"authorization_code\", \"client_credentials\", \"refresh_token\" ],\n" + " \"response_types\" : [ \"code\", \"none\" ],\n" + " \"client_name\" : \"My Client App\",\n" + " \"client_uri\" : \"http://localhost:8980/myapp\"\n" + " }";
try (TempFileResource tmpFile = new TempFileResource(initTempFile(".json", content))) {
exe = execute("create --insecure --config '" + configFile.getName() + "' -s 'client_name=My Client App V' " + " -s 'redirect_uris=[\"http://localhost:8980/myapp5/*\"]' -s client_uri=http://localhost:8980/myapp5" + " -o -f - < '" + tmpFile.getName() + "'");
assertExitCodeAndStdErrSize(exe, 0, 2);
OIDCClientRepresentation client = JsonSerialization.readValue(exe.stdout(), OIDCClientRepresentation.class);
Assert.assertNotNull("clientId", client.getClientId());
Assert.assertEquals("redirect_uris", Arrays.asList("http://localhost:8980/myapp5/*"), client.getRedirectUris());
Assert.assertEquals("grant_types", Arrays.asList("authorization_code", "client_credentials", "refresh_token"), client.getGrantTypes());
Assert.assertEquals("response_types", Arrays.asList("code", "none"), client.getResponseTypes());
Assert.assertEquals("client_name", "My Client App V", client.getClientName());
Assert.assertEquals("client_uri", "http://localhost:8980/myapp5", client.getClientUri());
// try use incompatible endpoint override
exe = execute("create --config '" + configFile.getName() + "' -e default -f '" + tmpFile.getName() + "'");
assertExitCodeAndStreamSizes(exe, 1, 0, 1);
Assert.assertEquals("Error message", "Attribute 'redirect_uris' not supported on document type 'default'", exe.stderrLines().get(0));
}
// test create saml formated xml - format autodetection
File samlSpMetaFile = new File(System.getProperty("user.dir") + "/src/test/resources/cli/kcreg/saml-sp-metadata.xml");
Assert.assertTrue("saml-sp-metadata.xml exists", samlSpMetaFile.isFile());
exe = execute("create --insecure --config '" + configFile.getName() + "' -o -f - < '" + samlSpMetaFile.getAbsolutePath() + "'");
assertExitCodeAndStdErrSize(exe, 0, 2);
ClientRepresentation client = JsonSerialization.readValue(exe.stdout(), ClientRepresentation.class);
Assert.assertNotNull("id", client.getId());
Assert.assertEquals("clientId", "http://localhost:8080/sales-post-enc/", client.getClientId());
Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8081/sales-post-enc/saml"), client.getRedirectUris());
Assert.assertEquals("attributes.saml_name_id_format", "username", client.getAttributes().get("saml_name_id_format"));
Assert.assertEquals("attributes.saml_assertion_consumer_url_post", "http://localhost:8081/sales-post-enc/saml", client.getAttributes().get("saml_assertion_consumer_url_post"));
Assert.assertEquals("attributes.saml.signature.algorithm", "RSA_SHA256", client.getAttributes().get("saml.signature.algorithm"));
// delete initial token
exe = execute("config initial-token --config '" + configFile.getName() + "' --insecure --server " + serverUrl + " --realm " + realm + " --delete");
assertExitCodeAndStreamSizes(exe, 0, 0, 0);
config = handler.loadConfig();
Assert.assertNull("initial token == null", config.ensureRealmConfigData(serverUrl, realm).getInitialToken());
}
}
Aggregations