Examples with IdentityProviderRepresentation org.keycloak.representations.idm.IdentityProviderRepresentation used on opensource projects

Example 16 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class LDAPSamlIdPInitiatedVaryingLetterCaseTest method setupIdentityProvider.

@Before
public void setupIdentityProvider() {
    // Configure autolink flow
    AuthenticationFlowRepresentation newFlow = new AuthenticationFlowRepresentation();
    newFlow.setAlias(FLOW_AUTO_LINK);
    newFlow.setDescription("Auto-link flow");
    newFlow.setProviderId("basic-flow");
    newFlow.setBuiltIn(false);
    newFlow.setTopLevel(true);
    Creator.Flow amr = Creator.create(testRealm(), newFlow);
    AuthenticationExecutionInfoRepresentation exCreateUser = amr.addExecution(IdpCreateUserIfUniqueAuthenticatorFactory.PROVIDER_ID);
    exCreateUser.setRequirement(Requirement.ALTERNATIVE.name());
    testRealm().flows().updateExecutions(FLOW_AUTO_LINK, exCreateUser);
    AuthenticationExecutionInfoRepresentation exAutoLink = amr.addExecution(IdpAutoLinkAuthenticatorFactory.PROVIDER_ID);
    exAutoLink.setRequirement(Requirement.ALTERNATIVE.name());
    testRealm().flows().updateExecutions(FLOW_AUTO_LINK, exAutoLink);
    getCleanup().addCleanup(amr);
    // Configure identity provider
    IdentityProviderRepresentation idp = KcSamlBrokerConfiguration.INSTANCE.setUpIdentityProvider();
    idp.getConfig().put(SAMLIdentityProviderConfig.NAME_ID_POLICY_FORMAT, JBossSAMLURIConstants.NAMEID_FORMAT_UNSPECIFIED.get());
    idp.setFirstBrokerLoginFlowAlias(FLOW_AUTO_LINK);
    final Creator<IdentityProviderResource> idpCreator = Creator.create(testRealm(), idp);
    IdentityProviderMapperRepresentation samlNameIdMapper = new IdentityProviderMapperRepresentation();
    samlNameIdMapper.setName("username-nameid-mapper");
    idpAlias = idp.getAlias();
    samlNameIdMapper.setIdentityProviderAlias(idpAlias);
    samlNameIdMapper.setIdentityProviderMapper(UsernameTemplateMapper.PROVIDER_ID);
    samlNameIdMapper.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, "IMPORT").put(UsernameTemplateMapper.TEMPLATE, "${NAMEID | lowercase}").put(UsernameTemplateMapper.TARGET, Target.BROKER_ID.name()).build());
    idpCreator.resource().addMapper(samlNameIdMapper);
    getCleanup().addCleanup(idpCreator);
}

Example 17 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class ReAuthenticationTest method loadTestRealm.

private RealmRepresentation loadTestRealm() {
    RealmRepresentation res = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
    res.setBrowserFlow("browser");
    res.setRememberMe(true);
    // Add some sample dummy GitHub, Gitlab & Google social providers to the testing realm. Those are dummy providers for test if they are visible (clickable)
    // on the login pages
    List<IdentityProviderRepresentation> idps = new ArrayList<>();
    for (SocialLoginTest.Provider provider : Arrays.asList(GITHUB, GOOGLE)) {
        SocialLoginTest socialLoginTest = new SocialLoginTest();
        idps.add(socialLoginTest.buildIdp(provider));
    }
    res.setIdentityProviders(idps);
    return res;
}

Example 18 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class BrokerLinkAndTokenExchangeTest method testExternalExchange_extractIdentityFromProfile.

/**
 * KEYCLOAK-14577, see also KEYCLOAK-10932
 */
@Test
public void testExternalExchange_extractIdentityFromProfile() throws Exception {
    RealmResource childRealm = adminClient.realms().realm(CHILD_IDP);
    String accessToken = oauth.doGrantAccessTokenRequest(PARENT_IDP, PARENT3_USERNAME, "password", null, PARENT_CLIENT, "password").getAccessToken();
    Assert.assertEquals(0, adminClient.realm(CHILD_IDP).getClientSessionStats().size());
    Client httpClient = AdminClientUtil.createResteasyClient();
    try {
        WebTarget exchangeUrl = childTokenExchangeWebTarget(httpClient);
        IdentityProviderRepresentation rep = adminClient.realm(CHILD_IDP).identityProviders().get(PARENT_IDP).toRepresentation();
        rep.getConfig().put(OIDCIdentityProviderConfig.VALIDATE_SIGNATURE, String.valueOf(false));
        adminClient.realm(CHILD_IDP).identityProviders().get(PARENT_IDP).update(rep);
        AccessToken token;
        try (Response response = exchangeUrl.request().header(HttpHeaders.AUTHORIZATION, BasicAuthHelper.createHeader(ClientApp.DEPLOYMENT_NAME, "password")).post(Entity.form(new Form().param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.TOKEN_EXCHANGE_GRANT_TYPE).param(OAuth2Constants.SUBJECT_TOKEN, accessToken).param(OAuth2Constants.SUBJECT_TOKEN_TYPE, OAuth2Constants.JWT_TOKEN_TYPE).param(OAuth2Constants.SUBJECT_ISSUER, PARENT_IDP).param(OAuth2Constants.SCOPE, OAuth2Constants.SCOPE_OPENID)))) {
            Assert.assertEquals(200, response.getStatus());
            AccessTokenResponse tokenResponse = response.readEntity(AccessTokenResponse.class);
            JWSInput jws = new JWSInput(tokenResponse.getToken());
            token = jws.readJsonContent(AccessToken.class);
        }
        Assert.assertNotNull(token);
        Assert.assertNotNull(token.getSubject());
        Assert.assertEquals(PARENT3_USERNAME, token.getPreferredUsername());
        Assert.assertEquals("first name", token.getGivenName());
        Assert.assertEquals("last name", token.getFamilyName());
        Assert.assertEquals("email", token.getEmail());
        // cleanup remove the user
        childRealm.users().get(token.getSubject()).remove();
    } finally {
        httpClient.close();
    }
}

Example 19 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class ClientInitiatedAccountLinkTest method testLinkOnlyProvider.

@Test
public void testLinkOnlyProvider() throws Exception {
    RealmResource realm = adminClient.realms().realm(CHILD_IDP);
    IdentityProviderRepresentation rep = realm.identityProviders().get(PARENT_IDP).toRepresentation();
    rep.setLinkOnly(true);
    realm.identityProviders().get(PARENT_IDP).update(rep);
    try {
        List<FederatedIdentityRepresentation> links = realm.users().get(childUserId).getFederatedIdentity();
        Assert.assertTrue(links.isEmpty());
        UriBuilder linkBuilder = UriBuilder.fromUri(appPage.getInjectedUrl().toString()).path("link");
        String linkUrl = linkBuilder.clone().queryParam("realm", CHILD_IDP).queryParam("provider", PARENT_IDP).build().toString();
        navigateTo(linkUrl);
        Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
        // should not be on login page.  This is what we are testing
        Assert.assertFalse(driver.getPageSource().contains(PARENT_IDP));
        // now test that we can still link.
        loginPage.login("child", "password");
        Assert.assertTrue(loginPage.isCurrent(PARENT_IDP));
        loginPage.login(PARENT_USERNAME, "password");
        System.out.println("After linking: " + driver.getCurrentUrl());
        System.out.println(driver.getPageSource());
        Assert.assertTrue(driver.getCurrentUrl().startsWith(linkBuilder.toTemplate()));
        Assert.assertTrue(driver.getPageSource().contains("Account Linked"));
        links = realm.users().get(childUserId).getFederatedIdentity();
        Assert.assertFalse(links.isEmpty());
        realm.users().get(childUserId).removeFederatedIdentity(PARENT_IDP);
        links = realm.users().get(childUserId).getFederatedIdentity();
        Assert.assertTrue(links.isEmpty());
        logoutAll();
        System.out.println("testing link-only attack");
        navigateTo(linkUrl);
        Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
        System.out.println("login page uri is: " + driver.getCurrentUrl());
        // ok, now scrape the code from page
        String pageSource = driver.getPageSource();
        String action = ActionURIUtils.getActionURIFromPageSource(pageSource);
        System.out.println("action uri: " + action);
        Map<String, String> queryParams = ActionURIUtils.parseQueryParamsFromActionURI(action);
        System.out.println("query params: " + queryParams);
        // now try and use the code to login to remote link-only idp
        String uri = "/auth/realms/child/broker/parent-idp/login";
        uri = UriBuilder.fromUri(getAuthServerContextRoot()).path(uri).queryParam(LoginActionsService.SESSION_CODE, queryParams.get(LoginActionsService.SESSION_CODE)).queryParam(Constants.CLIENT_ID, queryParams.get(Constants.CLIENT_ID)).queryParam(Constants.TAB_ID, queryParams.get(Constants.TAB_ID)).build().toString();
        System.out.println("hack uri: " + uri);
        navigateTo(uri);
        Assert.assertTrue(driver.getPageSource().contains("Could not send authentication request to identity provider."));
    } finally {
        rep.setLinkOnly(false);
        realm.identityProviders().get(PARENT_IDP).update(rep);
    }
}

Example 20 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class OidcClaimToRoleMapperTest method createClaimToRoleMapper.

private void createClaimToRoleMapper(String claimValue) {
    IdentityProviderRepresentation idp = setupIdentityProvider();
    createClaimToRoleMapper(idp, claimValue, IdentityProviderMapperSyncMode.IMPORT);
}