Search in sources :

Example 6 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class BrokerLinkAndTokenExchangeTest method addChildUser.

public void addChildUser() {
    RealmResource realm = adminClient.realms().realm(CHILD_IDP);
    UserRepresentation user = new UserRepresentation();
    user.setUsername("child");
    user.setEnabled(true);
    childUserId = createUserAndResetPasswordWithAdminClient(realm, user, "password");
    UserRepresentation user2 = new UserRepresentation();
    user2.setUsername("child2");
    user2.setEnabled(true);
    String user2Id = createUserAndResetPasswordWithAdminClient(realm, user2, "password");
    // have to add a role as undertow default auth manager doesn't like "*". todo we can remove this eventually as undertow fixes this in later versions
    realm.roles().create(new RoleRepresentation("user", null, false));
    RoleRepresentation role = realm.roles().get("user").toRepresentation();
    List<RoleRepresentation> roles = new LinkedList<>();
    roles.add(role);
    realm.users().get(childUserId).roles().realmLevel().add(roles);
    realm.users().get(user2Id).roles().realmLevel().add(roles);
    ClientRepresentation brokerService = realm.clients().findByClientId(Constants.BROKER_SERVICE_CLIENT_ID).get(0);
    role = realm.clients().get(brokerService.getId()).roles().get(Constants.READ_TOKEN_ROLE).toRepresentation();
    roles.clear();
    roles.add(role);
    realm.users().get(childUserId).roles().clientLevel(brokerService.getId()).add(roles);
    realm.users().get(user2Id).roles().clientLevel(brokerService.getId()).add(roles);
}
Also used : RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) LinkedList(java.util.LinkedList) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)

Example 7 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class DemoServletsAdapterTest method testClientNotAuthenticatedInClientSecretJwtByAuthnMethodOutOfSync.

@Test
public void testClientNotAuthenticatedInClientSecretJwtByAuthnMethodOutOfSync() {
    // JWS Client Assertion in client_secret_jwt
    // http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
    String targetClientId = "client-secret-jwt-secure-portal";
    String expectedErrorString = "invalid_client_credentials";
    ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), targetClientId);
    ClientRepresentation client = clientResource.toRepresentation();
    client.setClientAuthenticatorType("client-secret");
    clientResource.update(client);
    expectResultOfClientNotAuthenticatedInClientSecretJwt(targetClientId, expectedErrorString);
}
Also used : ClientResource(org.keycloak.admin.client.resource.ClientResource) Matchers.containsString(org.hamcrest.Matchers.containsString) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test) AbstractServletsAdapterTest(org.keycloak.testsuite.adapter.AbstractServletsAdapterTest)

Example 8 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class DemoServletsAdapterTest method grantServerBasedApp.

@Test
public void grantServerBasedApp() {
    ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), "customer-portal");
    ClientRepresentation client = clientResource.toRepresentation();
    client.setConsentRequired(true);
    clientResource.update(client);
    RealmRepresentation realm = testRealmResource().toRepresentation();
    realm.setEventsEnabled(true);
    realm.setEnabledEventTypes(Arrays.asList("REVOKE_GRANT", "LOGIN"));
    realm.setEventsListeners(Arrays.asList("jboss-logging", "event-queue"));
    testRealmResource().update(realm);
    customerPortal.navigateTo();
    loginPage.form().login("bburke@redhat.com", "password");
    assertTrue(oAuthGrantPage.isCurrent());
    oAuthGrantPage.accept();
    waitForPageToLoad();
    assertLogged();
    String userId = ApiUtil.findUserByUsername(testRealmResource(), "bburke@redhat.com").getId();
    assertEvents.expectLogin().realm(realm.getId()).client("customer-portal").user(userId).detail(Details.USERNAME, "bburke@redhat.com").detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).detail(Details.REDIRECT_URI, org.hamcrest.Matchers.anyOf(org.hamcrest.Matchers.equalTo(customerPortal.getInjectedUrl().toString()), org.hamcrest.Matchers.equalTo(customerPortal.getInjectedUrl().toString() + "/"))).removeDetail(Details.CODE_ID).assertEvent();
    assertEvents.expectCodeToToken(null, null).realm(realm.getId()).client("customer-portal").user(userId).session(AssertEvents.isUUID()).removeDetail(Details.CODE_ID).assertEvent();
    applicationsPage.navigateTo();
    applicationsPage.revokeGrantForApplication("customer-portal");
    customerPortal.navigateTo();
    assertTrue(oAuthGrantPage.isCurrent());
    assertEvents.expect(EventType.REVOKE_GRANT).realm(realm.getId()).client("account").user(userId).detail(Details.REVOKED_CLIENT, "customer-portal").assertEvent();
    assertEvents.assertEmpty();
    // Revert consent
    client = clientResource.toRepresentation();
    client.setConsentRequired(false);
    clientResource.update(client);
}
Also used : RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) Matchers.containsString(org.hamcrest.Matchers.containsString) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test) AbstractServletsAdapterTest(org.keycloak.testsuite.adapter.AbstractServletsAdapterTest)

Example 9 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class SAMLServletAdapterTest method spMetadataValidation.

@Test
public void spMetadataValidation() throws Exception {
    ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST_SIG);
    ClientRepresentation representation = clientResource.toRepresentation();
    Client client = AdminClientUtil.createResteasyClient();
    WebTarget target = client.target(authServerPage.toString() + "/admin/realms/" + SAMLSERVLETDEMO + "/clients/" + representation.getId() + "/installation/providers/saml-sp-descriptor");
    try (Response response = target.request().header(HttpHeaders.AUTHORIZATION, "Bearer " + adminClient.tokenManager().getAccessToken().getToken()).get()) {
        String stringResponse = response.readEntity(String.class);
        validateXMLWithSchema(stringResponse, "/adapter-test/keycloak-saml/metadata-schema/saml-schema-metadata-2.0.xsd");
        Object descriptor = SAMLParser.getInstance().parse(new ByteArrayInputStream(stringResponse.getBytes(GeneralConstants.SAML_CHARSET)));
        assertThat(descriptor, instanceOf(EntityDescriptorType.class));
    }
}
Also used : Response(javax.ws.rs.core.Response) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) ByteArrayInputStream(java.io.ByteArrayInputStream) ClientResource(org.keycloak.admin.client.resource.ClientResource) WebTarget(javax.ws.rs.client.WebTarget) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) SamlClient(org.keycloak.testsuite.util.SamlClient) Client(javax.ws.rs.client.Client) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 10 with ClientRepresentation

use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.

the class SAMLServletAdapterTest method salesMetadataTest.

@Test
public void salesMetadataTest() throws Exception {
    Document doc = IOUtil.loadXML(SAMLServletAdapterTest.class.getResourceAsStream("/adapter-test/keycloak-saml/sp-metadata.xml"));
    IOUtil.modifyDocElementAttribute(doc, "SingleLogoutService", "Location", "8080", System.getProperty("app.server.http.port", null));
    IOUtil.modifyDocElementAttribute(doc, "AssertionConsumerService", "Location", "8080", System.getProperty("app.server.http.port", null));
    ClientRepresentation clientRep = testRealmResource().convertClientDescription(IOUtil.documentToString(doc));
    clientRep.setAdminUrl(ServerURLs.getAppServerContextRoot() + "/sales-metadata/saml");
    try (Response response = testRealmResource().clients().create(clientRep)) {
        Assert.assertEquals(201, response.getStatus());
    }
    testSuccessfulAndUnauthorizedLogin(salesMetadataServletPage, testRealmSAMLPostLoginPage);
}
Also used : Response(javax.ws.rs.core.Response) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) Document(org.w3c.dom.Document) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Aggregations

ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)576 Test (org.junit.Test)359 ClientResource (org.keycloak.admin.client.resource.ClientResource)189 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)139 OAuthClient (org.keycloak.testsuite.util.OAuthClient)101 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)61 Response (javax.ws.rs.core.Response)59 Matchers.containsString (org.hamcrest.Matchers.containsString)58 RealmResource (org.keycloak.admin.client.resource.RealmResource)58 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)58 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)53 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)43 AuthenticationRequestAcknowledgement (org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement)41 ClientsResource (org.keycloak.admin.client.resource.ClientsResource)38 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)38 ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)37 ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)37 ClientProfileBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)37 ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)37 HashMap (java.util.HashMap)33