Examples with IdentityProviderRepresentation org.keycloak.representations.idm.IdentityProviderRepresentation used on opensource projects

Example 46 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class ClientInitiatedAccountLinkTest method testLinkOnlyProvider.

@Test
public void testLinkOnlyProvider() throws Exception {
    RealmResource realm = adminClient.realms().realm(CHILD_IDP);
    IdentityProviderRepresentation rep = realm.identityProviders().get(PARENT_IDP).toRepresentation();
    rep.setLinkOnly(true);
    realm.identityProviders().get(PARENT_IDP).update(rep);
    try {
        List<FederatedIdentityRepresentation> links = realm.users().get(childUserId).getFederatedIdentity();
        Assert.assertTrue(links.isEmpty());
        UriBuilder linkBuilder = UriBuilder.fromUri(appPage.getInjectedUrl().toString()).path("link");
        String linkUrl = linkBuilder.clone().queryParam("realm", CHILD_IDP).queryParam("provider", PARENT_IDP).build().toString();
        navigateTo(linkUrl);
        Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
        // should not be on login page.  This is what we are testing
        Assert.assertFalse(driver.getPageSource().contains(PARENT_IDP));
        // now test that we can still link.
        loginPage.login("child", "password");
        Assert.assertTrue(loginPage.isCurrent(PARENT_IDP));
        loginPage.login(PARENT_USERNAME, "password");
        System.out.println("After linking: " + driver.getCurrentUrl());
        System.out.println(driver.getPageSource());
        Assert.assertTrue(driver.getCurrentUrl().startsWith(linkBuilder.toTemplate()));
        Assert.assertTrue(driver.getPageSource().contains("Account Linked"));
        links = realm.users().get(childUserId).getFederatedIdentity();
        Assert.assertFalse(links.isEmpty());
        realm.users().get(childUserId).removeFederatedIdentity(PARENT_IDP);
        links = realm.users().get(childUserId).getFederatedIdentity();
        Assert.assertTrue(links.isEmpty());
        logoutAll();
        System.out.println("testing link-only attack");
        navigateTo(linkUrl);
        Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
        System.out.println("login page uri is: " + driver.getCurrentUrl());
        // ok, now scrape the code from page
        String pageSource = driver.getPageSource();
        String action = ActionURIUtils.getActionURIFromPageSource(pageSource);
        System.out.println("action uri: " + action);
        Map<String, String> queryParams = ActionURIUtils.parseQueryParamsFromActionURI(action);
        System.out.println("query params: " + queryParams);
        // now try and use the code to login to remote link-only idp
        String uri = "/auth/realms/child/broker/parent-idp/login";
        uri = UriBuilder.fromUri(getAuthServerContextRoot()).path(uri).queryParam(LoginActionsService.SESSION_CODE, queryParams.get(LoginActionsService.SESSION_CODE)).queryParam(Constants.CLIENT_ID, queryParams.get(Constants.CLIENT_ID)).queryParam(Constants.TAB_ID, queryParams.get(Constants.TAB_ID)).build().toString();
        System.out.println("hack uri: " + uri);
        navigateTo(uri);
        Assert.assertTrue(driver.getPageSource().contains("Could not send authentication request to identity provider."));
    } finally {
        rep.setLinkOnly(false);
        realm.identityProviders().get(PARENT_IDP).update(rep);
    }
}

Example 47 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class OidcClaimToRoleMapperTest method createClaimToRoleMapper.

private void createClaimToRoleMapper(String claimValue) {
    IdentityProviderRepresentation idp = setupIdentityProvider();
    createClaimToRoleMapper(idp, claimValue, IdentityProviderMapperSyncMode.IMPORT);
}

Example 48 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class PartialImportTest method addProviders.

private void addProviders() {
    List<IdentityProviderRepresentation> providers = new ArrayList<>();
    for (String alias : IDP_ALIASES) {
        IdentityProviderRepresentation idpRep = new IdentityProviderRepresentation();
        idpRep.setAlias(alias);
        idpRep.setProviderId(alias);
        idpRep.setEnabled(true);
        idpRep.setAuthenticateByDefault(false);
        idpRep.setFirstBrokerLoginFlowAlias("first broker login");
        Map<String, String> config = new HashMap<>();
        config.put("clientSecret", "secret");
        config.put("clientId", alias);
        idpRep.setConfig(config);
        providers.add(idpRep);
    }
    piRep.setIdentityProviders(providers);
}

Example 49 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class PartialImportTest method testAddProviders.

@Test
public void testAddProviders() {
    setFail();
    addProviders();
    PartialImportResults results = doImport();
    assertEquals(IDP_ALIASES.length, results.getAdded());
    for (PartialImportResult result : results.getResults()) {
        String id = result.getId();
        IdentityProviderResource idpRsc = testRealmResource().identityProviders().get(id);
        IdentityProviderRepresentation idp = idpRsc.toRepresentation();
        Map<String, String> config = idp.getConfig();
        assertTrue(Arrays.asList(IDP_ALIASES).contains(config.get("clientId")));
    }
}

Example 50 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class PartialExportTest method checkSecretsAreMasked.

private void checkSecretsAreMasked(RealmRepresentation rep) {
    // Client secret
    for (ClientRepresentation client : rep.getClients()) {
        if (Boolean.FALSE.equals(client.isPublicClient()) && Boolean.FALSE.equals(client.isBearerOnly())) {
            Assert.assertEquals("Client secret masked", ComponentRepresentation.SECRET_VALUE, client.getSecret());
        }
    }
    // IdentityProvider clientSecret
    for (IdentityProviderRepresentation idp : rep.getIdentityProviders()) {
        Assert.assertEquals("IdentityProvider clientSecret masked", ComponentRepresentation.SECRET_VALUE, idp.getConfig().get("clientSecret"));
    }
    // smtpServer password
    Assert.assertEquals("SMTP password masked", ComponentRepresentation.SECRET_VALUE, rep.getSmtpServer().get("password"));
    // components rsa KeyProvider privateKey
    MultivaluedHashMap<String, ComponentExportRepresentation> components = rep.getComponents();
    List<ComponentExportRepresentation> keys = components.get("org.keycloak.keys.KeyProvider");
    Assert.assertNotNull("Keys not null", keys);
    Assert.assertTrue("At least one key returned", keys.size() > 0);
    boolean found = false;
    for (ComponentExportRepresentation component : keys) {
        if ("rsa".equals(component.getProviderId())) {
            Assert.assertEquals("RSA KeyProvider privateKey masked", ComponentRepresentation.SECRET_VALUE, component.getConfig().getFirst("privateKey"));
            found = true;
        }
    }
    Assert.assertTrue("Found rsa private key", found);
    // components ldap UserStorageProvider bindCredential
    List<ComponentExportRepresentation> userStorage = components.get("org.keycloak.storage.UserStorageProvider");
    Assert.assertNotNull("UserStorageProvider not null", userStorage);
    Assert.assertTrue("At least one UserStorageProvider returned", userStorage.size() > 0);
    found = false;
    for (ComponentExportRepresentation component : userStorage) {
        if ("ldap".equals(component.getProviderId())) {
            Assert.assertEquals("LDAP provider bindCredential masked", ComponentRepresentation.SECRET_VALUE, component.getConfig().getFirst("bindCredential"));
            found = true;
        }
    }
    Assert.assertTrue("Found ldap bindCredential", found);
}