Example 41 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class ClientScopeTest method testCreateDynamicScopeWithFeatureDisabledAndNonEmptyDynamicScopeRegexp.
@Test
@DisableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void testCreateDynamicScopeWithFeatureDisabledAndNonEmptyDynamicScopeRegexp() {
ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
scopeRep.setName("non-dynamic-scope-def3");
scopeRep.setProtocol("openid-connect");
scopeRep.setAttributes(new HashMap<String, String>() {
{
put(ClientScopeModel.IS_DYNAMIC_SCOPE, "false");
put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "not-empty");
}
});
handleExpectedCreateFailure(scopeRep, 400, "Unexpected value \"not-empty\" for attribute dynamic.scope.regexp in ClientScope");
}
Also used :
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature)
Test(org.junit.Test)
Example 42 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class ClientScopeTest method testUpdateScopeScope.
@Test
public void testUpdateScopeScope() {
// Test creating
ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
scopeRep.setName("scope1");
scopeRep.setDescription("scope1-desc");
scopeRep.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Map<String, String> attrs = new HashMap<>();
attrs.put("someAttr", "someAttrValue");
attrs.put("emptyAttr", "");
scopeRep.setAttributes(attrs);
String scope1Id = createClientScope(scopeRep);
// Assert created attributes
scopeRep = clientScopes().get(scope1Id).toRepresentation();
Assert.assertEquals("scope1", scopeRep.getName());
Assert.assertEquals("scope1-desc", scopeRep.getDescription());
Assert.assertEquals("someAttrValue", scopeRep.getAttributes().get("someAttr"));
assertTrue(ObjectUtil.isBlank(scopeRep.getAttributes().get("emptyAttr")));
Assert.assertEquals(OIDCLoginProtocol.LOGIN_PROTOCOL, scopeRep.getProtocol());
// Test updating
scopeRep.setName("scope1-updated");
scopeRep.setDescription("scope1-desc-updated");
scopeRep.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
// Test update attribute to some non-blank value
scopeRep.getAttributes().put("emptyAttr", "someValue");
clientScopes().get(scope1Id).update(scopeRep);
assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientScopeResourcePath(scope1Id), scopeRep, ResourceType.CLIENT_SCOPE);
// Assert updated attributes
scopeRep = clientScopes().get(scope1Id).toRepresentation();
Assert.assertEquals("scope1-updated", scopeRep.getName());
Assert.assertEquals("scope1-desc-updated", scopeRep.getDescription());
Assert.assertEquals(SamlProtocol.LOGIN_PROTOCOL, scopeRep.getProtocol());
Assert.assertEquals("someAttrValue", scopeRep.getAttributes().get("someAttr"));
Assert.assertEquals("someValue", scopeRep.getAttributes().get("emptyAttr"));
// Remove scope1
clientScopes().get(scope1Id).remove();
}
Also used :
HashMap(java.util.HashMap)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
Test(org.junit.Test)
Example 43 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class ClientScopeTest method testUpdateProtocolMappers.
// KEYCLOAK-5863
@Test
public void testUpdateProtocolMappers() {
ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
scopeRep.setName("testUpdateProtocolMappers");
scopeRep.setProtocol("openid-connect");
String scopeId = createClientScope(scopeRep);
ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
mapper.setName("test");
mapper.setProtocol("openid-connect");
mapper.setProtocolMapper("oidc-usermodel-attribute-mapper");
Map<String, String> m = new HashMap<>();
m.put("user.attribute", "test");
m.put("claim.name", "");
m.put("jsonType.label", "");
mapper.setConfig(m);
ProtocolMappersResource protocolMappers = clientScopes().get(scopeId).getProtocolMappers();
Response response = protocolMappers.createMapper(mapper);
String mapperId = ApiUtil.getCreatedId(response);
mapper = protocolMappers.getMapperById(mapperId);
mapper.getConfig().put("claim.name", "claim");
protocolMappers.update(mapperId, mapper);
List<ProtocolMapperRepresentation> mappers = protocolMappers.getMappers();
assertEquals(1, mappers.size());
assertEquals(2, mappers.get(0).getConfig().size());
assertEquals("test", mappers.get(0).getConfig().get("user.attribute"));
assertEquals("claim", mappers.get(0).getConfig().get("claim.name"));
clientScopes().get(scopeId).remove();
}
Also used :
Response(javax.ws.rs.core.Response)
HashMap(java.util.HashMap)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource)
Test(org.junit.Test)
Example 44 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class ClientScopeTest method testScopes.
@Test
public void testScopes() {
RoleRepresentation realmCompositeRole = createRealmRole("realm-composite");
RoleRepresentation realmChildRole = createRealmRole("realm-child");
testRealmResource().roles().get("realm-composite").addComposites(Collections.singletonList(realmChildRole));
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("realm-composite"), Collections.singletonList(realmChildRole), ResourceType.REALM_ROLE);
// create client scope
ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
scopeRep.setName("bar-scope");
String scopeId = createClientScope(scopeRep);
// update with some scopes
String accountMgmtId = testRealmResource().clients().findByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).get(0).getId();
RoleRepresentation viewAccountRoleRep = testRealmResource().clients().get(accountMgmtId).roles().get(AccountRoles.VIEW_PROFILE).toRepresentation();
RoleMappingResource scopesResource = clientScopes().get(scopeId).getScopeMappings();
scopesResource.realmLevel().add(Collections.singletonList(realmCompositeRole));
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientScopeRoleMappingsRealmLevelPath(scopeId), Collections.singletonList(realmCompositeRole), ResourceType.REALM_SCOPE_MAPPING);
scopesResource.clientLevel(accountMgmtId).add(Collections.singletonList(viewAccountRoleRep));
assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientScopeRoleMappingsClientLevelPath(scopeId, accountMgmtId), Collections.singletonList(viewAccountRoleRep), ResourceType.CLIENT_SCOPE_MAPPING);
// test that scopes are available (also through composite role)
List<RoleRepresentation> allRealm = scopesResource.realmLevel().listAll();
List<RoleRepresentation> availableRealm = scopesResource.realmLevel().listAvailable();
List<RoleRepresentation> effectiveRealm = scopesResource.realmLevel().listEffective();
List<RoleRepresentation> accountRoles = scopesResource.clientLevel(accountMgmtId).listAll();
assertNames(allRealm, "realm-composite");
assertNames(availableRealm, "realm-child", Constants.OFFLINE_ACCESS_ROLE, Constants.AUTHZ_UMA_AUTHORIZATION, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
assertNames(effectiveRealm, "realm-composite", "realm-child");
assertNames(accountRoles, AccountRoles.VIEW_PROFILE);
MappingsRepresentation mappingsRep = clientScopes().get(scopeId).getScopeMappings().getAll();
assertNames(mappingsRep.getRealmMappings(), "realm-composite");
assertNames(mappingsRep.getClientMappings().get(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).getMappings(), AccountRoles.VIEW_PROFILE);
// remove scopes
scopesResource.realmLevel().remove(Collections.singletonList(realmCompositeRole));
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientScopeRoleMappingsRealmLevelPath(scopeId), Collections.singletonList(realmCompositeRole), ResourceType.REALM_SCOPE_MAPPING);
scopesResource.clientLevel(accountMgmtId).remove(Collections.singletonList(viewAccountRoleRep));
assertAdminEvents.assertEvent(getRealmId(), OperationType.DELETE, AdminEventPaths.clientScopeRoleMappingsClientLevelPath(scopeId, accountMgmtId), Collections.singletonList(viewAccountRoleRep), ResourceType.CLIENT_SCOPE_MAPPING);
// assert scopes are removed
allRealm = scopesResource.realmLevel().listAll();
availableRealm = scopesResource.realmLevel().listAvailable();
effectiveRealm = scopesResource.realmLevel().listEffective();
accountRoles = scopesResource.clientLevel(accountMgmtId).listAll();
assertNames(allRealm);
assertNames(availableRealm, "realm-composite", "realm-child", Constants.OFFLINE_ACCESS_ROLE, Constants.AUTHZ_UMA_AUTHORIZATION, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-test");
assertNames(effectiveRealm);
assertNames(accountRoles);
// remove scope
removeClientScope(scopeId);
}
Also used :
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
MappingsRepresentation(org.keycloak.representations.idm.MappingsRepresentation)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
RoleMappingResource(org.keycloak.admin.client.resource.RoleMappingResource)
Test(org.junit.Test)
Example 45 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class AbstractBasePhotozExampleAdapterTest method setManageAlbumScopeRequired.
protected void setManageAlbumScopeRequired() {
ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
clientScope.setName("manage-albums");
clientScope.setProtocol("openid-connect");
ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
mapper.setName("manage-albums");
mapper.setProtocol("openid-connect");
mapper.setProtocolMapper(UserClientRoleMappingMapper.PROVIDER_ID);
Map<String, String> config = new HashMap<>();
config.put("access.token.claim", "true");
config.put("id.token.claim", "true");
config.put("userinfo.token.claim", "true");
config.put(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID, "photoz-restful-api");
mapper.setConfig(config);
clientScope.setProtocolMappers(Arrays.asList(mapper));
RealmResource realmResource = realmsResouce().realm(REALM_NAME);
ClientScopesResource clientScopes = realmResource.clientScopes();
Response resp = clientScopes.create(clientScope);
Assert.assertEquals(201, resp.getStatus());
resp.close();
String clientScopeId = ApiUtil.getCreatedId(resp);
ClientResource resourceServer = getClientResource(RESOURCE_SERVER_ID);
clientScopes.get(clientScopeId).getScopeMappings().clientLevel(resourceServer.toRepresentation().getId()).add(Arrays.asList(resourceServer.roles().get("manage-albums").toRepresentation()));
ClientResource html5ClientApp = getClientResource("photoz-html5-client");
html5ClientApp.addOptionalClientScope(clientScopeId);
html5ClientApp.getScopeMappings().realmLevel().add(Arrays.asList(realmResource.roles().get("user").toRepresentation(), realmResource.roles().get("admin").toRepresentation()));
ClientRepresentation clientRep = html5ClientApp.toRepresentation();
clientRep.setFullScopeAllowed(false);
html5ClientApp.update(clientRep);
}
Also used :
Response(javax.ws.rs.core.Response)
HashMap(java.util.HashMap)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
ClientScopesResource(org.keycloak.admin.client.resource.ClientScopesResource)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Aggregations
ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)75
Test (org.junit.Test)62
Response (javax.ws.rs.core.Response)27
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)27
ClientResource (org.keycloak.admin.client.resource.ClientResource)25
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)16
RealmResource (org.keycloak.admin.client.resource.RealmResource)15
EnableFeature (org.keycloak.testsuite.arquillian.annotation.EnableFeature)13
ConsentRepresentation (org.keycloak.representations.account.ConsentRepresentation)11
ConsentScopeRepresentation (org.keycloak.representations.account.ConsentScopeRepresentation)11
ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)11
AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)11
TokenUtil (org.keycloak.testsuite.util.TokenUtil)11
HashMap (java.util.HashMap)10
RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)10
OAuthClient (org.keycloak.testsuite.util.OAuthClient)10
List (java.util.List)8
ClientScopeResource (org.keycloak.admin.client.resource.ClientScopeResource)6
SimpleHttp (org.keycloak.broker.provider.util.SimpleHttp)6
AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)6
