use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class BrokerLinkAndTokenExchangeTest method addChildUser.
public void addChildUser() {
RealmResource realm = adminClient.realms().realm(CHILD_IDP);
UserRepresentation user = new UserRepresentation();
user.setUsername("child");
user.setEnabled(true);
childUserId = createUserAndResetPasswordWithAdminClient(realm, user, "password");
UserRepresentation user2 = new UserRepresentation();
user2.setUsername("child2");
user2.setEnabled(true);
String user2Id = createUserAndResetPasswordWithAdminClient(realm, user2, "password");
// have to add a role as undertow default auth manager doesn't like "*". todo we can remove this eventually as undertow fixes this in later versions
realm.roles().create(new RoleRepresentation("user", null, false));
RoleRepresentation role = realm.roles().get("user").toRepresentation();
List<RoleRepresentation> roles = new LinkedList<>();
roles.add(role);
realm.users().get(childUserId).roles().realmLevel().add(roles);
realm.users().get(user2Id).roles().realmLevel().add(roles);
ClientRepresentation brokerService = realm.clients().findByClientId(Constants.BROKER_SERVICE_CLIENT_ID).get(0);
role = realm.clients().get(brokerService.getId()).roles().get(Constants.READ_TOKEN_ROLE).toRepresentation();
roles.clear();
roles.add(role);
realm.users().get(childUserId).roles().clientLevel(brokerService.getId()).add(roles);
realm.users().get(user2Id).roles().clientLevel(brokerService.getId()).add(roles);
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class DemoServletsAdapterTest method testClientNotAuthenticatedInClientSecretJwtByAuthnMethodOutOfSync.
@Test
public void testClientNotAuthenticatedInClientSecretJwtByAuthnMethodOutOfSync() {
// JWS Client Assertion in client_secret_jwt
// http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
String targetClientId = "client-secret-jwt-secure-portal";
String expectedErrorString = "invalid_client_credentials";
ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), targetClientId);
ClientRepresentation client = clientResource.toRepresentation();
client.setClientAuthenticatorType("client-secret");
clientResource.update(client);
expectResultOfClientNotAuthenticatedInClientSecretJwt(targetClientId, expectedErrorString);
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class DemoServletsAdapterTest method grantServerBasedApp.
@Test
public void grantServerBasedApp() {
ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), "customer-portal");
ClientRepresentation client = clientResource.toRepresentation();
client.setConsentRequired(true);
clientResource.update(client);
RealmRepresentation realm = testRealmResource().toRepresentation();
realm.setEventsEnabled(true);
realm.setEnabledEventTypes(Arrays.asList("REVOKE_GRANT", "LOGIN"));
realm.setEventsListeners(Arrays.asList("jboss-logging", "event-queue"));
testRealmResource().update(realm);
customerPortal.navigateTo();
loginPage.form().login("bburke@redhat.com", "password");
assertTrue(oAuthGrantPage.isCurrent());
oAuthGrantPage.accept();
waitForPageToLoad();
assertLogged();
String userId = ApiUtil.findUserByUsername(testRealmResource(), "bburke@redhat.com").getId();
assertEvents.expectLogin().realm(realm.getId()).client("customer-portal").user(userId).detail(Details.USERNAME, "bburke@redhat.com").detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).detail(Details.REDIRECT_URI, org.hamcrest.Matchers.anyOf(org.hamcrest.Matchers.equalTo(customerPortal.getInjectedUrl().toString()), org.hamcrest.Matchers.equalTo(customerPortal.getInjectedUrl().toString() + "/"))).removeDetail(Details.CODE_ID).assertEvent();
assertEvents.expectCodeToToken(null, null).realm(realm.getId()).client("customer-portal").user(userId).session(AssertEvents.isUUID()).removeDetail(Details.CODE_ID).assertEvent();
applicationsPage.navigateTo();
applicationsPage.revokeGrantForApplication("customer-portal");
customerPortal.navigateTo();
assertTrue(oAuthGrantPage.isCurrent());
assertEvents.expect(EventType.REVOKE_GRANT).realm(realm.getId()).client("account").user(userId).detail(Details.REVOKED_CLIENT, "customer-portal").assertEvent();
assertEvents.assertEmpty();
// Revert consent
client = clientResource.toRepresentation();
client.setConsentRequired(false);
clientResource.update(client);
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class SAMLServletAdapterTest method spMetadataValidation.
@Test
public void spMetadataValidation() throws Exception {
ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST_SIG);
ClientRepresentation representation = clientResource.toRepresentation();
Client client = AdminClientUtil.createResteasyClient();
WebTarget target = client.target(authServerPage.toString() + "/admin/realms/" + SAMLSERVLETDEMO + "/clients/" + representation.getId() + "/installation/providers/saml-sp-descriptor");
try (Response response = target.request().header(HttpHeaders.AUTHORIZATION, "Bearer " + adminClient.tokenManager().getAccessToken().getToken()).get()) {
String stringResponse = response.readEntity(String.class);
validateXMLWithSchema(stringResponse, "/adapter-test/keycloak-saml/metadata-schema/saml-schema-metadata-2.0.xsd");
Object descriptor = SAMLParser.getInstance().parse(new ByteArrayInputStream(stringResponse.getBytes(GeneralConstants.SAML_CHARSET)));
assertThat(descriptor, instanceOf(EntityDescriptorType.class));
}
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class SAMLServletAdapterTest method salesMetadataTest.
@Test
public void salesMetadataTest() throws Exception {
Document doc = IOUtil.loadXML(SAMLServletAdapterTest.class.getResourceAsStream("/adapter-test/keycloak-saml/sp-metadata.xml"));
IOUtil.modifyDocElementAttribute(doc, "SingleLogoutService", "Location", "8080", System.getProperty("app.server.http.port", null));
IOUtil.modifyDocElementAttribute(doc, "AssertionConsumerService", "Location", "8080", System.getProperty("app.server.http.port", null));
ClientRepresentation clientRep = testRealmResource().convertClientDescription(IOUtil.documentToString(doc));
clientRep.setAdminUrl(ServerURLs.getAppServerContextRoot() + "/sales-metadata/saml");
try (Response response = testRealmResource().clients().create(clientRep)) {
Assert.assertEquals(201, response.getStatus());
}
testSuccessfulAndUnauthorizedLogin(salesMetadataServletPage, testRealmSAMLPostLoginPage);
}
Aggregations