Example 71 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class RepresentationToModel method createClientScopes.
// CLIENT SCOPES
private static Map<String, ClientScopeModel> createClientScopes(KeycloakSession session, List<ClientScopeRepresentation> clientScopes, RealmModel realm) {
Map<String, ClientScopeModel> appMap = new HashMap<>();
for (ClientScopeRepresentation resourceRep : clientScopes) {
ClientScopeModel app = createClientScope(session, realm, resourceRep);
appMap.put(app.getName(), app);
}
return appMap;
}
Also used :
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
HashMap(java.util.HashMap)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
ClientScopeModel(org.keycloak.models.ClientScopeModel)
ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString)
Example 72 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class RepresentationToModel method convertDeprecatedClientTemplates.
private static void convertDeprecatedClientTemplates(RealmRepresentation realm) {
if (realm.getClientTemplates() != null) {
logger.warnf("Using deprecated 'clientTemplates' configuration in JSON representation for realm '%s'. It will be removed in future versions", realm.getRealm());
List<ClientScopeRepresentation> clientScopes = new LinkedList<>();
for (ClientTemplateRepresentation template : realm.getClientTemplates()) {
ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
scopeRep.setId(template.getId());
scopeRep.setName(template.getName());
scopeRep.setProtocol(template.getProtocol());
scopeRep.setDescription(template.getDescription());
scopeRep.setAttributes(template.getAttributes());
scopeRep.setProtocolMappers(template.getProtocolMappers());
clientScopes.add(scopeRep);
}
realm.setClientScopes(clientScopes);
}
}
Also used :
ClientTemplateRepresentation(org.keycloak.representations.idm.ClientTemplateRepresentation)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
LinkedList(java.util.LinkedList)
Example 73 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class AudienceProtocolMappersTest method testAudienceResolveNoFullScopeClientScopes.
@Test
public void testAudienceResolveNoFullScopeClientScopes() throws Exception {
// create the mapper using a client scope
ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
clientScope.setName("audience-mapper-test-client-scope");
clientScope.setProtocol("saml");
clientScope.setProtocolMappers(Collections.singletonList(createSamlProtocolMapper(SAMLAudienceResolveProtocolMapper.PROVIDER_ID)));
Response res = adminClient.realm(REALM_NAME).clientScopes().create(clientScope);
Assert.assertEquals(Response.Status.CREATED.getStatusCode(), res.getStatus());
String clientScopeId = ApiUtil.getCreatedId(res);
try {
// add a mapping to the client scope to employee2.employee role (this way employee should be in the audience)
String employee2Id = adminClient.realm(REALM_NAME).clients().findByClientId("http://localhost:8280/employee2/").get(0).getId();
Assert.assertNotNull(employee2Id);
String employeeId = adminClient.realm(REALM_NAME).clients().findByClientId("http://localhost:8280/employee/").get(0).getId();
Assert.assertNotNull(employeeId);
List<RoleRepresentation> availables = adminClient.realm(REALM_NAME).clientScopes().get(clientScopeId).getScopeMappings().clientLevel(employeeId).listAvailable();
Assert.assertThat(availables.size(), greaterThan(0));
adminClient.realm(REALM_NAME).clientScopes().get(clientScopeId).getScopeMappings().clientLevel(employeeId).add(availables);
// remove full scope and add the client scope
try (ClientAttributeUpdater cau = ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_EMPLOYEE_2).setFullScopeAllowed(false).addDefaultClientScope("audience-mapper-test-client-scope").update()) {
this.testExpectedAudiences(SAML_CLIENT_ID_EMPLOYEE_2, "http://localhost:8280/employee/");
}
} finally {
adminClient.realm(REALM_NAME).clientScopes().get(clientScopeId).remove();
}
}
Also used :
Response(javax.ws.rs.core.Response)
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
ClientAttributeUpdater(org.keycloak.testsuite.updaters.ClientAttributeUpdater)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
Test(org.junit.Test)
Example 74 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class UserInfoTest method switchIncludeRolesInUserInfoEndpoint.
private void switchIncludeRolesInUserInfoEndpoint(boolean includeRoles) {
ClientScopesResource clientScopesResource = adminClient.realm("test").clientScopes();
ClientScopeRepresentation rolesClientScope = clientScopesResource.findAll().stream().filter(clientScope -> "roles".equals(clientScope.getName())).findAny().get();
ProtocolMappersResource protocolMappersResource = clientScopesResource.get(rolesClientScope.getId()).getProtocolMappers();
ProtocolMapperRepresentation realmRolesMapper = protocolMappersResource.getMappers().stream().filter(mapper -> "realm roles".equals(mapper.getName())).findAny().get();
realmRolesMapper.getConfig().put(INCLUDE_IN_USERINFO, String.valueOf(includeRoles));
ProtocolMapperRepresentation clientRolesMapper = protocolMappersResource.getMappers().stream().filter(mapper -> "client roles".equals(mapper.getName())).findAny().get();
clientRolesMapper.getConfig().put(INCLUDE_IN_USERINFO, String.valueOf(includeRoles));
protocolMappersResource.update(realmRolesMapper.getId(), realmRolesMapper);
protocolMappersResource.update(clientRolesMapper.getId(), clientRolesMapper);
}
Also used :
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
ClientScopesResource(org.keycloak.admin.client.resource.ClientScopesResource)
ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource)
Example 75 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class DynamicScopesRARParseTest method generatedAuthorizationRequestsShouldMatchRequestedDynamicAndDefaultScopes.
@Test
public void generatedAuthorizationRequestsShouldMatchRequestedDynamicAndDefaultScopes() {
Response response = createScope("dynamic-scope", true);
String scopeId = ApiUtil.getCreatedId(response);
getCleanup().addClientScopeId(scopeId);
response.close();
ClientResource testApp = ApiUtil.findClientByClientId(testRealm(), "test-app");
ClientRepresentation testAppRep = testApp.toRepresentation();
testApp.update(testAppRep);
testApp.addOptionalClientScope(scopeId);
List<ClientScopeRepresentation> defScopes = testApp.getDefaultClientScopes();
oauth.openLoginForm();
oauth.scope("openid dynamic-scope:param");
oauth.doLogin("rar-test", "password");
events.expectLogin().user(userId).assertEvent();
AuthorizationRequestContextHolder contextHolder = fetchAuthorizationRequestContextHolder(userId);
List<AuthorizationRequestContextHolder.AuthorizationRequestHolder> authorizationRequestHolders = contextHolder.getAuthorizationRequestHolders().stream().filter(authorizationRequestHolder -> authorizationRequestHolder.getSource().equals(AuthorizationRequestSource.SCOPE)).collect(Collectors.toList());
assertEquals(defScopes.size(), authorizationRequestHolders.size() - 1);
Assert.assertFalse(authorizationRequestHolders.stream().map(AuthorizationRequestContextHolder.AuthorizationRequestHolder::getAuthorizationDetails).allMatch(rep -> rep.getType().equalsIgnoreCase(AuthorizationDetailsJSONRepresentation.STATIC_SCOPE_RAR_TYPE)));
Optional<AuthorizationRequestContextHolder.AuthorizationRequestHolder> authorizationRequestContextHolderOpt = authorizationRequestHolders.stream().filter(authorizationRequestHolder -> authorizationRequestHolder.getAuthorizationDetails().getType().equalsIgnoreCase(AuthorizationDetailsJSONRepresentation.DYNAMIC_SCOPE_RAR_TYPE)).findAny();
Assert.assertTrue(authorizationRequestContextHolderOpt.isPresent());
AuthorizationRequestContextHolder.AuthorizationRequestHolder authorizationRequestHolder = authorizationRequestContextHolderOpt.get();
Assert.assertTrue(authorizationRequestHolder.getAuthorizationDetails().getScopeNameFromCustomData().equalsIgnoreCase("dynamic-scope:param"));
Assert.assertTrue(authorizationRequestHolder.getAuthorizationDetails().getCustomData().get("scope_parameter").equals("param"));
testApp.removeOptionalClientScope(scopeId);
}
Also used :
Response(javax.ws.rs.core.Response)
ClientScopeModel(org.keycloak.models.ClientScopeModel)
Profile(org.keycloak.common.Profile)
AuthorizationDetailsJSONRepresentation(org.keycloak.representations.AuthorizationDetailsJSONRepresentation)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
Test(org.junit.Test)
HashMap(java.util.HashMap)
Collectors(java.util.stream.Collectors)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
List(java.util.List)
Ignore(org.junit.Ignore)
EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature)
Response(javax.ws.rs.core.Response)
AuthorizationRequestSource(org.keycloak.rar.AuthorizationRequestSource)
OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol)
Optional(java.util.Optional)
Assert(org.junit.Assert)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
Assert.assertEquals(org.junit.Assert.assertEquals)
ApiUtil(org.keycloak.testsuite.admin.ApiUtil)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Test(org.junit.Test)
Aggregations
ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)75
Test (org.junit.Test)62
Response (javax.ws.rs.core.Response)27
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)27
ClientResource (org.keycloak.admin.client.resource.ClientResource)25
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)16
RealmResource (org.keycloak.admin.client.resource.RealmResource)15
EnableFeature (org.keycloak.testsuite.arquillian.annotation.EnableFeature)13
ConsentRepresentation (org.keycloak.representations.account.ConsentRepresentation)11
ConsentScopeRepresentation (org.keycloak.representations.account.ConsentScopeRepresentation)11
ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)11
AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)11
TokenUtil (org.keycloak.testsuite.util.TokenUtil)11
HashMap (java.util.HashMap)10
RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)10
OAuthClient (org.keycloak.testsuite.util.OAuthClient)10
List (java.util.List)8
ClientScopeResource (org.keycloak.admin.client.resource.ClientScopeResource)6
SimpleHttp (org.keycloak.broker.provider.util.SimpleHttp)6
AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)6
