Examples with IdentityProviderRepresentation org.keycloak.representations.idm.IdentityProviderRepresentation used on opensource projects

Example 56 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class SocialLoginTest method addAttributeMapper.

private void addAttributeMapper(String name, String jsonField) {
    IdentityProviderResource identityProvider = adminClient.realm(REALM).identityProviders().get(currentTestProvider.id);
    IdentityProviderRepresentation identityProviderRepresentation = identityProvider.toRepresentation();
    // Add birthday mapper
    IdentityProviderMapperRepresentation mapperRepresentation = new IdentityProviderMapperRepresentation();
    mapperRepresentation.setName(name);
    mapperRepresentation.setIdentityProviderAlias(identityProviderRepresentation.getAlias());
    mapperRepresentation.setIdentityProviderMapper(currentTestProvider.id + "-user-attribute-mapper");
    mapperRepresentation.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, IdentityProviderMapperSyncMode.IMPORT.toString()).put(AbstractJsonUserAttributeMapper.CONF_JSON_FIELD, jsonField).put(AbstractJsonUserAttributeMapper.CONF_USER_ATTRIBUTE, name).build());
    identityProvider.addMapper(mapperRepresentation).close();
}

Example 57 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class SocialLoginTest method testTokenExchange.

protected void testTokenExchange() {
    List<UserRepresentation> users = adminClient.realm(REALM).users().search(null, null, null);
    Assert.assertEquals(1, users.size());
    String username = users.get(0).getUsername();
    checkFeature(501, username);
    Response tokenResp = testingClient.testing().enableFeature(Profile.Feature.TOKEN_EXCHANGE.toString());
    assertEquals(200, tokenResp.getStatus());
    ProfileAssume.assumeFeatureEnabled(Profile.Feature.TOKEN_EXCHANGE);
    Client httpClient = AdminClientUtil.createResteasyClient();
    try {
        AccessTokenResponse tokenResponse = checkFeature(200, username);
        Assert.assertNotNull(tokenResponse);
        String socialToken = tokenResponse.getToken();
        Assert.assertNotNull(socialToken);
        // remove all users
        removeUser();
        users = adminClient.realm(REALM).users().search(null, null, null);
        Assert.assertEquals(0, users.size());
        // now try external exchange where we trust social provider and import the external token.
        Response response = getExchangeUrl(httpClient).request().header(HttpHeaders.AUTHORIZATION, BasicAuthHelper.createHeader(EXCHANGE_CLIENT, "secret")).post(Entity.form(new Form().param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.TOKEN_EXCHANGE_GRANT_TYPE).param(OAuth2Constants.SUBJECT_TOKEN, socialToken).param(OAuth2Constants.SUBJECT_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE).param(OAuth2Constants.SUBJECT_ISSUER, currentTestProvider.id())));
        Assert.assertEquals(200, response.getStatus());
        response.close();
        users = adminClient.realm(REALM).users().search(null, null, null);
        Assert.assertEquals(1, users.size());
        Assert.assertEquals(username, users.get(0).getUsername());
        // remove all users
        removeUser();
        users = adminClient.realm(REALM).users().search(null, null, null);
        Assert.assertEquals(0, users.size());
        // /// Test that we can update social token from session with stored tokens turned off.
        // turn off store token
        IdentityProviderRepresentation idp = adminClient.realm(REALM).identityProviders().get(currentTestProvider.id).toRepresentation();
        idp.setStoreToken(false);
        adminClient.realm(REALM).identityProviders().get(idp.getAlias()).update(idp);
        // first exchange social token to get a user session that should store the social token there
        response = getExchangeUrl(httpClient).request().header(HttpHeaders.AUTHORIZATION, BasicAuthHelper.createHeader(EXCHANGE_CLIENT, "secret")).post(Entity.form(new Form().param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.TOKEN_EXCHANGE_GRANT_TYPE).param(OAuth2Constants.SUBJECT_TOKEN, socialToken).param(OAuth2Constants.SUBJECT_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE).param(OAuth2Constants.SUBJECT_ISSUER, currentTestProvider.id())));
        Assert.assertEquals(200, response.getStatus());
        tokenResponse = response.readEntity(AccessTokenResponse.class);
        String keycloakToken = tokenResponse.getToken();
        response.close();
        // now take keycloak token and make sure it can get back the social token from the user session since stored tokens are off
        response = getExchangeUrl(httpClient).request().header(HttpHeaders.AUTHORIZATION, BasicAuthHelper.createHeader(EXCHANGE_CLIENT, "secret")).post(Entity.form(new Form().param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.TOKEN_EXCHANGE_GRANT_TYPE).param(OAuth2Constants.SUBJECT_TOKEN, keycloakToken).param(OAuth2Constants.SUBJECT_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE).param(OAuth2Constants.REQUESTED_TOKEN_TYPE, OAuth2Constants.ACCESS_TOKEN_TYPE).param(OAuth2Constants.REQUESTED_ISSUER, currentTestProvider.id())));
        Assert.assertEquals(200, response.getStatus());
        tokenResponse = response.readEntity(AccessTokenResponse.class);
        response.close();
        Assert.assertEquals(socialToken, tokenResponse.getToken());
        // turn on store token
        idp = adminClient.realm(REALM).identityProviders().get(currentTestProvider.id).toRepresentation();
        idp.setStoreToken(true);
        adminClient.realm(REALM).identityProviders().get(idp.getAlias()).update(idp);
    } finally {
        httpClient.close();
        tokenResp = testingClient.testing().disableFeature(Profile.Feature.TOKEN_EXCHANGE.toString());
        assertEquals(200, tokenResp.getStatus());
        checkFeature(501, username);
    }
}

Example 58 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class SocialLoginTest method buildIdp.

public IdentityProviderRepresentation buildIdp(Provider provider) {
    IdentityProviderRepresentation idp = IdentityProviderBuilder.create().alias(provider.id()).providerId(provider.id()).build();
    idp.setEnabled(true);
    idp.setStoreToken(true);
    idp.getConfig().put("clientId", getConfig(provider, "clientId"));
    idp.getConfig().put("clientSecret", getConfig(provider, "clientSecret"));
    if (provider == GOOGLE_HOSTED_DOMAIN) {
        final String hostedDomain = getConfig(provider, "hostedDomain");
        if (hostedDomain == null) {
            throw new IllegalArgumentException("'hostedDomain' for Google IdP must be specified");
        }
        idp.getConfig().put("hostedDomain", hostedDomain);
    }
    if (provider == GOOGLE_NON_MATCHING_HOSTED_DOMAIN) {
        idp.getConfig().put("hostedDomain", "non-matching-hosted-domain");
    }
    if (provider == STACKOVERFLOW) {
        idp.getConfig().put("key", getConfig(provider, "clientKey"));
    }
    if (provider == OPENSHIFT || provider == OPENSHIFT4 || provider == OPENSHIFT4_KUBE_ADMIN) {
        idp.getConfig().put("baseUrl", getConfig(provider, "baseUrl"));
    }
    if (provider == PAYPAL) {
        idp.getConfig().put("sandbox", getConfig(provider, "sandbox"));
    }
    if (provider == FACEBOOK_INCLUDE_BIRTHDAY) {
        idp.getConfig().put("defaultScope", "public_profile,email,user_birthday");
        idp.getConfig().put("fetchedFields", "birthday");
    }
    return idp;
}

Example 59 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class KcOidcFirstBrokerLoginTest method testFilterMultipleBrokerWhenReauthenticating.

@Test
public void testFilterMultipleBrokerWhenReauthenticating() {
    KcSamlBrokerConfiguration samlBrokerConfig = KcSamlBrokerConfiguration.INSTANCE;
    ClientRepresentation samlClient = samlBrokerConfig.createProviderClients().get(0);
    IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider();
    RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
    // create another oidc broker
    KcOidcBrokerConfiguration oidcBrokerConfig = KcOidcBrokerConfiguration.INSTANCE;
    ClientRepresentation oidcClient = oidcBrokerConfig.createProviderClients().get(0);
    IdentityProviderRepresentation oidcBroker = oidcBrokerConfig.setUpIdentityProvider();
    oidcBroker.setAlias("kc-oidc-idp2");
    oidcBroker.setDisplayName("kc-oidc-idp2");
    try {
        updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
        adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
        adminClient.realm(bc.providerRealmName()).clients().create(oidcClient);
        consumerRealm.identityProviders().create(samlBroker);
        consumerRealm.identityProviders().create(oidcBroker);
        driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
        logInWithBroker(samlBrokerConfig);
        waitForAccountManagementTitle();
        accountUpdateProfilePage.assertCurrent();
        logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
        logInWithBroker(bc);
        waitForPage(driver, "account already exists", false);
        assertTrue(idpConfirmLinkPage.isCurrent());
        assertEquals("User with email user@localhost.com already exists. How do you want to continue?", idpConfirmLinkPage.getMessage());
        idpConfirmLinkPage.clickLinkAccount();
        assertEquals("Authenticate to link your account with " + bc.getIDPAlias(), loginPage.getInfoMessage());
        // There have to be two idp showed on login page
        // kc-saml-idp and kc-oidc-idp2 must be present but not kc-oidc-idp
        this.loginPage.findSocialButton(samlBroker.getAlias());
        this.loginPage.findSocialButton(oidcBroker.getAlias());
        try {
            this.loginPage.findSocialButton(bc.getIDPAlias());
            org.junit.Assert.fail("Not expected to see social button with " + bc.getIDPAlias());
        } catch (NoSuchElementException expected) {
        }
        log.debug("Clicking social " + samlBrokerConfig.getIDPAlias());
        loginPage.clickSocial(samlBrokerConfig.getIDPAlias());
        waitForAccountManagementTitle();
        accountUpdateProfilePage.assertCurrent();
        assertNumFederatedIdentities(consumerRealm.users().search(samlBrokerConfig.getUserLogin()).get(0).getId(), 2);
    } finally {
        updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
        removeUserByUsername(consumerRealm, "consumer");
    }
}

Example 60 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class KcOidcFirstBrokerLoginTest method testLoginWithDifferentBrokerWhenUpdatingProfile.

/**
 * Refers to in old test suite: OIDCFirstBrokerLoginTest#testMoreIdpAndBackButtonWhenLinkingAccount
 */
@Test
public void testLoginWithDifferentBrokerWhenUpdatingProfile() {
    KcSamlBrokerConfiguration samlBrokerConfig = KcSamlBrokerConfiguration.INSTANCE;
    ClientRepresentation samlClient = samlBrokerConfig.createProviderClients().get(0);
    IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider();
    RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
    try {
        updateExecutions(AbstractBrokerTest::enableUpdateProfileOnFirstLogin);
        adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
        consumerRealm.identityProviders().create(samlBroker);
        driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
        logInWithBroker(samlBrokerConfig);
        waitForPage(driver, "update account information", false);
        updateAccountInformationPage.updateAccountInformation("FirstName", "LastName");
        logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
        logInWithBroker(bc);
        // User doesn't want to continue linking account. He rather wants to revert and try the other broker. Click browser "back" 3 times now
        driver.navigate().back();
        driver.navigate().back();
        // User is federated after log in with the original broker
        log.debug("Clicking social " + samlBrokerConfig.getIDPAlias());
        loginPage.clickSocial(samlBrokerConfig.getIDPAlias());
        waitForAccountManagementTitle();
        accountUpdateProfilePage.assertCurrent();
        assertNumFederatedIdentities(consumerRealm.users().search(samlBrokerConfig.getUserLogin()).get(0).getId(), 1);
    } finally {
        updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
        removeUserByUsername(consumerRealm, "consumer");
    }
}