Search in sources :

Example 1 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class RepresentationToModel method importAuthenticationFlows.

public static Map<String, String> importAuthenticationFlows(RealmModel newRealm, RealmRepresentation rep) {
    Map<String, String> mappedFlows = new HashMap<>();
    if (rep.getAuthenticationFlows() == null) {
        // assume this is an old version being imported
        DefaultAuthenticationFlows.migrateFlows(newRealm);
    } else {
        for (AuthenticatorConfigRepresentation configRep : rep.getAuthenticatorConfig()) {
            if (configRep.getAlias() == null) {
                // this can happen only during import json files from keycloak 3.4.0 and older
                throw new IllegalStateException("Provided realm contains authenticator config with null alias. " + "It should be resolved by adding alias to the authenticator config before exporting the realm.");
            }
            AuthenticatorConfigModel model = toModel(configRep);
            newRealm.addAuthenticatorConfig(model);
        }
        for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
            AuthenticationFlowModel model = toModel(flowRep);
            // make sure new id is generated for new AuthenticationFlowModel instance
            String previousId = model.getId();
            model.setId(null);
            model = newRealm.addAuthenticationFlow(model);
            // store the mapped ids so that clients can reference the correct flow when importing the authenticationFlowBindingOverrides
            mappedFlows.put(previousId, model.getId());
        }
        for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
            AuthenticationFlowModel model = newRealm.getFlowByAlias(flowRep.getAlias());
            for (AuthenticationExecutionExportRepresentation exeRep : flowRep.getAuthenticationExecutions()) {
                AuthenticationExecutionModel execution = toModel(newRealm, model, exeRep);
                newRealm.addAuthenticatorExecution(execution);
            }
        }
    }
    if (rep.getBrowserFlow() == null) {
        newRealm.setBrowserFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW));
    } else {
        newRealm.setBrowserFlow(newRealm.getFlowByAlias(rep.getBrowserFlow()));
    }
    if (rep.getRegistrationFlow() == null) {
        newRealm.setRegistrationFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.REGISTRATION_FLOW));
    } else {
        newRealm.setRegistrationFlow(newRealm.getFlowByAlias(rep.getRegistrationFlow()));
    }
    if (rep.getDirectGrantFlow() == null) {
        newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.DIRECT_GRANT_FLOW));
    } else {
        newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(rep.getDirectGrantFlow()));
    }
    // reset credentials + client flow needs to be more defensive as they were added later (in 1.5 )
    if (rep.getResetCredentialsFlow() == null) {
        AuthenticationFlowModel resetFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW);
        if (resetFlow == null) {
            DefaultAuthenticationFlows.resetCredentialsFlow(newRealm);
        } else {
            newRealm.setResetCredentialsFlow(resetFlow);
        }
    } else {
        newRealm.setResetCredentialsFlow(newRealm.getFlowByAlias(rep.getResetCredentialsFlow()));
    }
    if (rep.getClientAuthenticationFlow() == null) {
        AuthenticationFlowModel clientFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW);
        if (clientFlow == null) {
            DefaultAuthenticationFlows.clientAuthFlow(newRealm);
        } else {
            newRealm.setClientAuthenticationFlow(clientFlow);
        }
    } else {
        newRealm.setClientAuthenticationFlow(newRealm.getFlowByAlias(rep.getClientAuthenticationFlow()));
    }
    // Added in 1.7
    if (newRealm.getFlowByAlias(DefaultAuthenticationFlows.FIRST_BROKER_LOGIN_FLOW) == null) {
        DefaultAuthenticationFlows.firstBrokerLoginFlow(newRealm, true);
    }
    // Added in 2.2
    String defaultProvider = null;
    if (rep.getIdentityProviders() != null) {
        for (IdentityProviderRepresentation i : rep.getIdentityProviders()) {
            if (i.isEnabled() && i.isAuthenticateByDefault()) {
                defaultProvider = i.getProviderId();
                break;
            }
        }
    }
    // Added in 3.2
    if (rep.getDockerAuthenticationFlow() == null) {
        AuthenticationFlowModel dockerAuthenticationFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.DOCKER_AUTH);
        if (dockerAuthenticationFlow == null) {
            DefaultAuthenticationFlows.dockerAuthenticationFlow(newRealm);
        } else {
            newRealm.setDockerAuthenticationFlow(dockerAuthenticationFlow);
        }
    } else {
        newRealm.setDockerAuthenticationFlow(newRealm.getFlowByAlias(rep.getDockerAuthenticationFlow()));
    }
    DefaultAuthenticationFlows.addIdentityProviderAuthenticator(newRealm, defaultProvider);
    return mappedFlows;
}
Also used : MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) HashMap(java.util.HashMap) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel) ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString) AuthenticationExecutionExportRepresentation(org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation)

Example 2 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class IdentityProviderResource method getIdentityProvider.

/**
 * Get the identity provider
 *
 * @return
 */
@GET
@NoCache
@Produces(MediaType.APPLICATION_JSON)
public IdentityProviderRepresentation getIdentityProvider() {
    this.auth.realm().requireViewIdentityProviders();
    if (identityProviderModel == null) {
        throw new javax.ws.rs.NotFoundException();
    }
    IdentityProviderRepresentation rep = ModelToRepresentation.toRepresentation(realm, this.identityProviderModel);
    return StripSecretsUtils.strip(rep);
}
Also used : IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) NotFoundException(javax.ws.rs.NotFoundException) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) NoCache(org.jboss.resteasy.annotations.cache.NoCache)

Example 3 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class IdentityProviderTest method testSamlExportSignatureOn.

@Test
public void testSamlExportSignatureOn() throws URISyntaxException, IOException, ConfigurationException, ParsingException, ProcessingException {
    // Use import-config to convert IDPSSODescriptor file into key value pairs
    // to use when creating a SAML Identity Provider
    MultipartFormDataOutput form = new MultipartFormDataOutput();
    form.addFormData("providerId", "saml", MediaType.TEXT_PLAIN_TYPE);
    URL idpMeta = getClass().getClassLoader().getResource("admin-test/saml-idp-metadata.xml");
    byte[] content = Files.readAllBytes(Paths.get(idpMeta.toURI()));
    String body = new String(content, Charset.forName("utf-8"));
    form.addFormData("file", body, MediaType.APPLICATION_XML_TYPE, "saml-idp-metadata.xml");
    Map<String, String> result = realm.identityProviders().importFrom(form);
    // Explicitly enable SP Metadata Signature
    result.put(SAMLIdentityProviderConfig.SIGN_SP_METADATA, "true");
    // Create new SAML identity provider using configuration retrieved from import-config
    IdentityProviderRepresentation idpRep = createRep("saml", "saml", true, result);
    create(idpRep);
    // Perform export, and make sure some of the values are like they're supposed to be
    Response response = realm.identityProviders().get("saml").export("xml");
    Assert.assertEquals(200, response.getStatus());
    body = response.readEntity(String.class);
    response.close();
    Document document = DocumentUtil.getDocument(body);
    Element signatureElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), XMLDSIG_NSURI.get(), "Signature");
    Assert.assertNotNull(signatureElement);
}
Also used : Response(javax.ws.rs.core.Response) Element(org.w3c.dom.Element) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) Matchers.containsString(org.hamcrest.Matchers.containsString) Document(org.w3c.dom.Document) URL(java.net.URL) MultipartFormDataOutput(org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput) Test(org.junit.Test)

Example 4 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class IdentityProviderTest method testCreateWithBasicAuth.

@Test
public void testCreateWithBasicAuth() {
    IdentityProviderRepresentation newIdentityProvider = createRep("new-identity-provider", "oidc");
    newIdentityProvider.getConfig().put(IdentityProviderModel.SYNC_MODE, "IMPORT");
    newIdentityProvider.getConfig().put("clientId", "clientId");
    newIdentityProvider.getConfig().put("clientSecret", "some secret value");
    newIdentityProvider.getConfig().put("clientAuthMethod", OIDCLoginProtocol.CLIENT_SECRET_BASIC);
    create(newIdentityProvider);
    IdentityProviderResource identityProviderResource = realm.identityProviders().get("new-identity-provider");
    assertNotNull(identityProviderResource);
    IdentityProviderRepresentation representation = identityProviderResource.toRepresentation();
    assertNotNull(representation);
    assertNotNull(representation.getInternalId());
    assertEquals("new-identity-provider", representation.getAlias());
    assertEquals("oidc", representation.getProviderId());
    assertEquals("IMPORT", representation.getConfig().get(IdentityProviderMapperModel.SYNC_MODE));
    assertEquals("clientId", representation.getConfig().get("clientId"));
    assertEquals(ComponentRepresentation.SECRET_VALUE, representation.getConfig().get("clientSecret"));
    assertEquals(OIDCLoginProtocol.CLIENT_SECRET_BASIC, representation.getConfig().get("clientAuthMethod"));
    assertTrue(representation.isEnabled());
    assertFalse(representation.isStoreToken());
    assertFalse(representation.isTrustEmail());
    assertEquals("some secret value", testingClient.testing("admin-client-test").getIdentityProviderConfig("new-identity-provider").get("clientSecret"));
    IdentityProviderRepresentation rep = realm.identityProviders().findAll().stream().filter(i -> i.getAlias().equals("new-identity-provider")).findFirst().get();
    assertEquals(ComponentRepresentation.SECRET_VALUE, rep.getConfig().get("clientSecret"));
}
Also used : IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) Test(org.junit.Test)

Example 5 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class IdentityProviderTest method testCreate.

@Test
public void testCreate() {
    IdentityProviderRepresentation newIdentityProvider = createRep("new-identity-provider", "oidc");
    newIdentityProvider.getConfig().put(IdentityProviderModel.SYNC_MODE, "IMPORT");
    newIdentityProvider.getConfig().put("clientId", "clientId");
    newIdentityProvider.getConfig().put("clientSecret", "some secret value");
    create(newIdentityProvider);
    IdentityProviderResource identityProviderResource = realm.identityProviders().get("new-identity-provider");
    assertNotNull(identityProviderResource);
    IdentityProviderRepresentation representation = identityProviderResource.toRepresentation();
    assertNotNull(representation);
    assertNotNull(representation.getInternalId());
    assertEquals("new-identity-provider", representation.getAlias());
    assertEquals("oidc", representation.getProviderId());
    assertEquals("IMPORT", representation.getConfig().get(IdentityProviderMapperModel.SYNC_MODE));
    assertEquals("clientId", representation.getConfig().get("clientId"));
    assertEquals(ComponentRepresentation.SECRET_VALUE, representation.getConfig().get("clientSecret"));
    assertTrue(representation.isEnabled());
    assertFalse(representation.isStoreToken());
    assertFalse(representation.isTrustEmail());
    assertEquals("some secret value", testingClient.testing("admin-client-test").getIdentityProviderConfig("new-identity-provider").get("clientSecret"));
    IdentityProviderRepresentation rep = realm.identityProviders().findAll().stream().filter(i -> i.getAlias().equals("new-identity-provider")).findFirst().get();
    assertEquals(ComponentRepresentation.SECRET_VALUE, rep.getConfig().get("clientSecret"));
}
Also used : IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) Test(org.junit.Test)

Aggregations

IdentityProviderRepresentation (org.keycloak.representations.idm.IdentityProviderRepresentation)91 Test (org.junit.Test)45 IdentityProviderResource (org.keycloak.admin.client.resource.IdentityProviderResource)23 RealmResource (org.keycloak.admin.client.resource.RealmResource)22 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)17 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)16 Response (javax.ws.rs.core.Response)15 Matchers.containsString (org.hamcrest.Matchers.containsString)10 List (java.util.List)9 MultipartFormDataOutput (org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput)8 URL (java.net.URL)7 IdentityProviderMapperRepresentation (org.keycloak.representations.idm.IdentityProviderMapperRepresentation)7 OAuthClient (org.keycloak.testsuite.util.OAuthClient)7 IOException (java.io.IOException)6 URI (java.net.URI)6 Map (java.util.Map)6 Matchers.hasSize (org.hamcrest.Matchers.hasSize)6 Matchers.is (org.hamcrest.Matchers.is)6 SAMLIdentityProviderConfig (org.keycloak.broker.saml.SAMLIdentityProviderConfig)6 AttributeType (org.keycloak.dom.saml.v2.assertion.AttributeType)6