Examples with IdentityProviderRepresentation org.keycloak.representations.idm.IdentityProviderRepresentation used on opensource projects

Example 31 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class IdentityProviderTest method failUpdateInvalidUrl.

@Test
public void failUpdateInvalidUrl() throws Exception {
    try (RealmAttributeUpdater rau = new RealmAttributeUpdater(realm).updateWith(r -> r.setSslRequired(SslRequired.ALL.name())).update()) {
        IdentityProviderRepresentation representation = createRep(UUID.randomUUID().toString(), "oidc");
        representation.getConfig().put("clientId", "clientId");
        representation.getConfig().put("clientSecret", "some secret value");
        try (Response response = realm.identityProviders().create(representation)) {
            assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
        }
        IdentityProviderResource resource = this.realm.identityProviders().get(representation.getAlias());
        representation = resource.toRepresentation();
        OIDCIdentityProviderConfigRep oidcConfig = new OIDCIdentityProviderConfigRep(representation);
        oidcConfig.setAuthorizationUrl("invalid://test");
        try {
            resource.update(representation);
            fail("Invalid URL");
        } catch (Exception e) {
            assertTrue(e instanceof ClientErrorException);
            Response response = ClientErrorException.class.cast(e).getResponse();
            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
            ErrorRepresentation error = ((ClientErrorException) e).getResponse().readEntity(ErrorRepresentation.class);
            assertEquals("The url [authorization_url] is malformed", error.getErrorMessage());
        }
        oidcConfig.setAuthorizationUrl(null);
        oidcConfig.setTokenUrl("http://test");
        try {
            resource.update(representation);
            fail("Invalid URL");
        } catch (Exception e) {
            assertTrue(e instanceof ClientErrorException);
            Response response = ClientErrorException.class.cast(e).getResponse();
            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
            ErrorRepresentation error = ((ClientErrorException) e).getResponse().readEntity(ErrorRepresentation.class);
            assertEquals("The url [token_url] requires secure connections", error.getErrorMessage());
        }
        oidcConfig.setAuthorizationUrl(null);
        oidcConfig.setTokenUrl(null);
        oidcConfig.setJwksUrl("http://test");
        try {
            resource.update(representation);
            fail("Invalid URL");
        } catch (Exception e) {
            assertTrue(e instanceof ClientErrorException);
            Response response = ClientErrorException.class.cast(e).getResponse();
            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
            ErrorRepresentation error = ((ClientErrorException) e).getResponse().readEntity(ErrorRepresentation.class);
            assertEquals("The url [jwks_url] requires secure connections", error.getErrorMessage());
        }
        oidcConfig.setAuthorizationUrl(null);
        oidcConfig.setTokenUrl(null);
        oidcConfig.setJwksUrl(null);
        oidcConfig.setLogoutUrl("http://test");
        try {
            resource.update(representation);
            fail("Invalid URL");
        } catch (Exception e) {
            assertTrue(e instanceof ClientErrorException);
            Response response = ClientErrorException.class.cast(e).getResponse();
            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
            ErrorRepresentation error = ((ClientErrorException) e).getResponse().readEntity(ErrorRepresentation.class);
            assertEquals("The url [logout_url] requires secure connections", error.getErrorMessage());
        }
        oidcConfig.setAuthorizationUrl(null);
        oidcConfig.setTokenUrl(null);
        oidcConfig.setJwksUrl(null);
        oidcConfig.setLogoutUrl(null);
        oidcConfig.setUserInfoUrl("http://localhost");
        try {
            resource.update(representation);
            fail("Invalid URL");
        } catch (Exception e) {
            assertTrue(e instanceof ClientErrorException);
            Response response = ClientErrorException.class.cast(e).getResponse();
            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
            ErrorRepresentation error = ((ClientErrorException) e).getResponse().readEntity(ErrorRepresentation.class);
            assertEquals("The url [userinfo_url] requires secure connections", error.getErrorMessage());
        }
        rau.updateWith(r -> r.setSslRequired(SslRequired.EXTERNAL.name())).update();
        resource.update(representation);
    }
}

Example 32 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class KcSamlIdPInitiatedSsoTest method testProviderTransientIdpInitiatedLogin.

@Test
public void testProviderTransientIdpInitiatedLogin() throws Exception {
    IdentityProviderResource idp = adminClient.realm(REALM_CONS_NAME).identityProviders().get("saml-leaf");
    IdentityProviderRepresentation rep = idp.toRepresentation();
    rep.getConfig().put(SAMLIdentityProviderConfig.NAME_ID_POLICY_FORMAT, JBossSAMLURIConstants.NAMEID_FORMAT_TRANSIENT.get());
    rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_TYPE, SamlPrincipalType.ATTRIBUTE.name());
    rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_ATTRIBUTE, X500SAMLProfileConstants.UID.get());
    idp.update(rep);
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().navigateTo(getSamlIdpInitiatedUrl(REALM_PROV_NAME, "samlbroker")).login().user(PROVIDER_REALM_USER_NAME, PROVIDER_REALM_USER_PASSWORD).build().processSamlResponse(Binding.POST).transformObject(ob -> {
        assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        assertThat(resp.getDestination(), is(getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales")));
        assertAudience(resp, getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales"));
        NameIDType nameId = new NameIDType();
        nameId.setFormat(URI.create(JBossSAMLURIConstants.NAMEID_FORMAT_TRANSIENT.get()));
        nameId.setValue("subjectId1");
        resp.getAssertions().get(0).getAssertion().getSubject().getSubType().addBaseID(nameId);
        Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
        AttributeStatementType attributeType = (AttributeStatementType) statements.stream().filter(statement -> statement instanceof AttributeStatementType).findFirst().orElse(new AttributeStatementType());
        AttributeType attr = new AttributeType(X500SAMLProfileConstants.UID.get());
        attr.addAttributeValue(PROVIDER_REALM_USER_NAME);
        attributeType.addAttribute(new AttributeStatementType.ASTChoiceType(attr));
        resp.getAssertions().get(0).getAssertion().addStatement(attributeType);
        return ob;
    }).build().navigateTo(getSamlIdpInitiatedUrl(REALM_PROV_NAME, "samlbroker-2")).login().sso(true).build().processSamlResponse(Binding.POST).transformObject(ob -> {
        assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        assertThat(resp.getDestination(), is(getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales2")));
        assertAudience(resp, getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales2"));
        NameIDType nameId = new NameIDType();
        nameId.setFormat(URI.create(JBossSAMLURIConstants.NAMEID_FORMAT_TRANSIENT.get()));
        nameId.setValue("subjectId2");
        resp.getAssertions().get(0).getAssertion().getSubject().getSubType().addBaseID(nameId);
        Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
        AttributeStatementType attributeType = (AttributeStatementType) statements.stream().filter(statement -> statement instanceof AttributeStatementType).findFirst().orElse(new AttributeStatementType());
        AttributeType attr = new AttributeType(X500SAMLProfileConstants.UID.get());
        attr.addAttributeValue(PROVIDER_REALM_USER_NAME);
        attributeType.addAttribute(new AttributeStatementType.ASTChoiceType(attr));
        resp.getAssertions().get(0).getAssertion().addStatement(attributeType);
        return ob;
    }).build().updateProfile().username(CONSUMER_CHOSEN_USERNAME).email("test@localhost").firstName("Firstname").lastName("Lastname").build().followOneRedirect().getSamlResponse(Binding.POST);
    assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    ResponseType resp = (ResponseType) samlResponse.getSamlObject();
    assertThat(resp.getDestination(), is(urlRealmConsumer + "/app/auth2/saml"));
    assertAudience(resp, urlRealmConsumer + "/app/auth2");
    UsersResource users = adminClient.realm(REALM_CONS_NAME).users();
    List<UserRepresentation> userList = users.search(CONSUMER_CHOSEN_USERNAME);
    assertEquals(1, userList.size());
    String id = userList.get(0).getId();
    FederatedIdentityRepresentation fed = users.get(id).getFederatedIdentity().get(0);
    assertThat(fed.getUserId(), is(PROVIDER_REALM_USER_NAME));
    assertThat(fed.getUserName(), is(PROVIDER_REALM_USER_NAME));
    // check that no user with sent subject-id was sent
    userList = users.search("subjectId1");
    assertTrue(userList.isEmpty());
    userList = users.search("subjectId2");
    assertTrue(userList.isEmpty());
}

Example 33 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class KcSamlIdPInitiatedSsoTest method testProviderIdpInitiatedLoginWithPrincipalAttribute.

// KEYCLOAK-7969
@Test
public void testProviderIdpInitiatedLoginWithPrincipalAttribute() throws Exception {
    IdentityProviderResource idp = adminClient.realm(REALM_CONS_NAME).identityProviders().get("saml-leaf");
    IdentityProviderRepresentation rep = idp.toRepresentation();
    rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_TYPE, SamlPrincipalType.ATTRIBUTE.name());
    rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_ATTRIBUTE, X500SAMLProfileConstants.UID.get());
    idp.update(rep);
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().navigateTo(getSamlIdpInitiatedUrl(REALM_PROV_NAME, "samlbroker")).login().user(PROVIDER_REALM_USER_NAME, PROVIDER_REALM_USER_PASSWORD).build().processSamlResponse(Binding.POST).transformObject(ob -> {
        assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        assertThat(resp.getDestination(), is(getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales")));
        assertAudience(resp, getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales"));
        Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
        AttributeStatementType attributeType = (AttributeStatementType) statements.stream().filter(statement -> statement instanceof AttributeStatementType).findFirst().orElse(new AttributeStatementType());
        AttributeType attr = new AttributeType(X500SAMLProfileConstants.UID.get());
        attr.addAttributeValue(PROVIDER_REALM_USER_NAME);
        attributeType.addAttribute(new AttributeStatementType.ASTChoiceType(attr));
        resp.getAssertions().get(0).getAssertion().addStatement(attributeType);
        return ob;
    }).build().updateProfile().username(CONSUMER_CHOSEN_USERNAME).email("test@localhost").firstName("Firstname").lastName("Lastname").build().followOneRedirect().getSamlResponse(Binding.POST);
    assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    ResponseType resp = (ResponseType) samlResponse.getSamlObject();
    assertThat(resp.getDestination(), is(urlRealmConsumer + "/app/auth"));
    assertAudience(resp, urlRealmConsumer + "/app/auth");
    UsersResource users = adminClient.realm(REALM_CONS_NAME).users();
    String id = users.search(CONSUMER_CHOSEN_USERNAME).get(0).getId();
    FederatedIdentityRepresentation fed = users.get(id).getFederatedIdentity().get(0);
    assertThat(fed.getUserId(), is(PROVIDER_REALM_USER_NAME));
    assertThat(fed.getUserName(), is(PROVIDER_REALM_USER_NAME));
}

Example 34 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class KcOidcBrokerVaultConfiguration method setUpIdentityProvider.

@Override
public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode syncMode) {
    IdentityProviderRepresentation idpRep = super.setUpIdentityProvider(syncMode);
    idpRep.getConfig().put("clientSecret", VAULT_CLIENT_SECRET);
    return idpRep;
}

Example 35 with IdentityProviderRepresentation

use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.

the class KcOidcFirstBrokerLoginTest method testLinkAccountByReauthenticationWithDifferentBroker.

/**
 * Tests that duplication is detected and user wants to link federatedIdentity with existing account. He will confirm link by reauthentication
 * with different broker already linked to his account
 */
@Test
public void testLinkAccountByReauthenticationWithDifferentBroker() {
    KcSamlBrokerConfiguration samlBrokerConfig = KcSamlBrokerConfiguration.INSTANCE;
    ClientRepresentation samlClient = samlBrokerConfig.createProviderClients().get(0);
    IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider();
    RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
    try {
        updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
        adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
        consumerRealm.identityProviders().create(samlBroker);
        driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
        logInWithBroker(samlBrokerConfig);
        waitForAccountManagementTitle();
        accountUpdateProfilePage.assertCurrent();
        logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
        logInWithBroker(bc);
        waitForPage(driver, "account already exists", false);
        assertTrue(idpConfirmLinkPage.isCurrent());
        assertEquals("User with email user@localhost.com already exists. How do you want to continue?", idpConfirmLinkPage.getMessage());
        idpConfirmLinkPage.clickLinkAccount();
        assertEquals("Authenticate to link your account with " + bc.getIDPAlias(), loginPage.getInfoMessage());
        try {
            this.loginPage.findSocialButton(bc.getIDPAlias());
            org.junit.Assert.fail("Not expected to see social button with " + samlBrokerConfig.getIDPAlias());
        } catch (NoSuchElementException expected) {
        }
        log.debug("Clicking social " + samlBrokerConfig.getIDPAlias());
        loginPage.clickSocial(samlBrokerConfig.getIDPAlias());
        waitForAccountManagementTitle();
        accountUpdateProfilePage.assertCurrent();
        assertNumFederatedIdentities(consumerRealm.users().search(samlBrokerConfig.getUserLogin()).get(0).getId(), 2);
    } finally {
        updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
        removeUserByUsername(consumerRealm, "consumer");
    }
}