Example 41 with IdentityProviderRepresentation
use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.
the class KcOidcBrokerPkceTest method getBrokerConfiguration.
@Override
protected BrokerConfiguration getBrokerConfiguration() {
return new KcOidcBrokerConfiguration() {
@Override
public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode syncMode) {
IdentityProviderRepresentation provider = super.setUpIdentityProvider(syncMode);
provider.getConfig().put(OAuth2IdentityProviderConfig.PKCE_ENABLED, "true");
provider.getConfig().put(OAuth2IdentityProviderConfig.PKCE_METHOD, OAuth2Constants.PKCE_METHOD_S256);
return provider;
}
};
}
Also used :
IdentityProviderSyncMode(org.keycloak.models.IdentityProviderSyncMode)
IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation)
Example 42 with IdentityProviderRepresentation
use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.
the class KcSamlBrokerConfiguration method setUpIdentityProvider.
@Override
public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode syncMode) {
IdentityProviderRepresentation idp = createIdentityProvider(IDP_SAML_ALIAS, IDP_SAML_PROVIDER_ID);
idp.setTrustEmail(true);
idp.setAddReadTokenRoleOnCreate(true);
idp.setStoreToken(true);
Map<String, String> config = idp.getConfig();
config.put(IdentityProviderModel.SYNC_MODE, syncMode.toString());
config.put(SINGLE_SIGN_ON_SERVICE_URL, getProviderRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/saml");
config.put(SINGLE_LOGOUT_SERVICE_URL, getProviderRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/saml");
config.put(NAME_ID_POLICY_FORMAT, "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
config.put(FORCE_AUTHN, "false");
config.put(IdentityProviderModel.LOGIN_HINT, String.valueOf(loginHint));
config.put(POST_BINDING_RESPONSE, "true");
config.put(POST_BINDING_AUTHN_REQUEST, "true");
config.put(VALIDATE_SIGNATURE, "false");
config.put(WANT_AUTHN_REQUESTS_SIGNED, "false");
config.put(BACKCHANNEL_SUPPORTED, "false");
return idp;
}
Also used :
IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation)
Example 43 with IdentityProviderRepresentation
use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.
the class KcAdmUpdateTest method testUpdateIDPWithoutInternalId.
@Test
public void testUpdateIDPWithoutInternalId() throws IOException {
final String realm = "test";
final RealmResource realmResource = adminClient.realm(realm);
IdentityProviderRepresentation identityProvider = IdentityProviderBuilder.create().providerId(SAMLIdentityProviderFactory.PROVIDER_ID).alias("idpAlias").displayName("SAML").setAttribute(SAMLIdentityProviderConfig.SINGLE_SIGN_ON_SERVICE_URL, "https://saml.idp/saml").setAttribute(SAMLIdentityProviderConfig.SINGLE_LOGOUT_SERVICE_URL, "https://saml.idp/saml").setAttribute(SAMLIdentityProviderConfig.NAME_ID_POLICY_FORMAT, "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress").setAttribute(SAMLIdentityProviderConfig.POST_BINDING_RESPONSE, "false").setAttribute(SAMLIdentityProviderConfig.POST_BINDING_AUTHN_REQUEST, "false").setAttribute(SAMLIdentityProviderConfig.BACKCHANNEL_SUPPORTED, "false").build();
try (Closeable ipc = new IdentityProviderCreator(realmResource, identityProvider)) {
FileConfigHandler handler = initCustomConfigFile();
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
loginAsUser(configFile.getFile(), serverUrl, realm, "user1", "userpass");
KcAdmExec exe = execute("get identity-provider/instances/idpAlias -r " + realm + " --config " + configFile.getFile());
assertExitCodeAndStdErrSize(exe, 0, 0);
final File idpJson = new File("target/test-classes/cli/idp-keycloak-9167.json");
exe = execute("update identity-provider/instances/idpAlias -r " + realm + " -f " + idpJson.getAbsolutePath() + " --config " + configFile.getFile());
assertExitCodeAndStdErrSize(exe, 0, 0);
}
Assert.assertThat(realmResource.identityProviders().get("idpAlias").toRepresentation().getDisplayName(), is(equalTo("SAML_UPDATED")));
}
}
Also used :
FileConfigHandler(org.keycloak.client.admin.cli.config.FileConfigHandler)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
Closeable(java.io.Closeable)
IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator)
IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation)
KcAdmExec(org.keycloak.testsuite.cli.KcAdmExec)
File(java.io.File)
TempFileResource(org.keycloak.testsuite.util.TempFileResource)
Test(org.junit.Test)
Example 44 with IdentityProviderRepresentation
use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.
the class KcOidcBrokerTest method testReauthenticationSamlBrokerWithOTPRequired.
/**
* Refers to in old test suite: PostBrokerFlowTest#testBrokerReauthentication_samlBrokerWithOTPRequired
*/
@Test
public void testReauthenticationSamlBrokerWithOTPRequired() throws Exception {
KcSamlBrokerConfiguration samlBrokerConfig = KcSamlBrokerConfiguration.INSTANCE;
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients().get(0);
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider();
RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
try {
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
consumerRealm.identityProviders().create(samlBroker);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
testingClient.server(bc.consumerRealmName()).run(configurePostBrokerLoginWithOTP(samlBrokerConfig.getIDPAlias()));
logInWithBroker(samlBrokerConfig);
totpPage.assertCurrent();
String totpSecret = totpPage.getTotpSecret();
totpPage.configure(totp.generateTOTP(totpSecret));
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "account already exists", false);
idpConfirmLinkPage.assertCurrent();
idpConfirmLinkPage.clickLinkAccount();
loginPage.clickSocial(samlBrokerConfig.getIDPAlias());
waitForPage(driver, "sign in to", true);
log.debug("Logging in");
loginTotpPage.login(totp.generateTOTP(totpSecret));
assertNumFederatedIdentities(consumerRealm.users().search(samlBrokerConfig.getUserLogin()).get(0).getId(), 2);
} finally {
updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
removeUserByUsername(consumerRealm, "consumer");
}
}
Also used :
RealmResource(org.keycloak.admin.client.resource.RealmResource)
IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Test(org.junit.Test)
Example 45 with IdentityProviderRepresentation
use of org.keycloak.representations.idm.IdentityProviderRepresentation in project keycloak by keycloak.
the class BackchannelLogoutTest method postBackchannelLogoutWithSessionIdMultipleOpenSessionDifferentIdentityProvider.
@Test
public void postBackchannelLogoutWithSessionIdMultipleOpenSessionDifferentIdentityProvider() throws Exception {
IdentityProviderRepresentation identityProvider2 = addSecondIdentityProviderToConsumerRealm();
String brokerClientIdProviderRealm = getClientId(nbc.providerRealmName(), BROKER_CLIENT_ID);
logInAsUserInIDPForFirstTime();
String userIdConsumerRealm = getUserIdConsumerRealm();
adminClient.realm(nbc.consumerRealmName()).users().get(userIdConsumerRealm).resetPassword(CredentialBuilder.create().password(USER_PASSWORD_CONSUMER_REALM).build());
String sessionId1ProviderRealm = assertProviderLoginEventIdpClient(userIdProviderRealm);
String sessionId1ConsumerRealm = assertConsumerLoginEventAccountManagement(userIdConsumerRealm);
assertActiveSessionInClient(nbc.consumerRealmName(), accountClientIdConsumerRealm, userIdConsumerRealm, sessionId1ConsumerRealm);
OAuthClient oauth2 = loginWithSecondBrowser(identityProvider2.getDisplayName());
linkUsers(oauth2);
String sessionId2ProviderRealm = assertProviderLoginEventIdpClient(userIdProviderRealm);
String sessionId2ConsumerRealm = assertConsumerLoginEventAccountManagement(userIdConsumerRealm);
assertActiveSessionInClient(nbc.consumerRealmName(), accountClientIdConsumerRealm, userIdConsumerRealm, sessionId2ConsumerRealm);
String logoutTokenEncoded = getLogoutTokenEncodedAndSigned(userIdProviderRealm, sessionId1ProviderRealm);
oauth.realm(nbc.consumerRealmName());
try (CloseableHttpResponse response = oauth.doBackchannelLogout(logoutTokenEncoded)) {
assertThat(response, Matchers.statusCodeIsHC(Response.Status.OK));
}
assertConsumerLogoutEvent(sessionId1ConsumerRealm, userIdConsumerRealm);
assertNoSessionsInClient(nbc.consumerRealmName(), accountClientIdConsumerRealm, userIdConsumerRealm, sessionId1ConsumerRealm);
assertActiveSessionInClient(nbc.consumerRealmName(), accountClientIdConsumerRealm, userIdConsumerRealm, sessionId2ConsumerRealm);
assertActiveSessionInClient(nbc.providerRealmName(), brokerClientIdProviderRealm, userIdProviderRealm, sessionId1ProviderRealm);
assertActiveSessionInClient(nbc.providerRealmName(), brokerClientIdProviderRealm, userIdProviderRealm, sessionId2ProviderRealm);
}
Also used :
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
AbstractNestedBrokerTest(org.keycloak.testsuite.broker.AbstractNestedBrokerTest)
Test(org.junit.Test)
Aggregations
IdentityProviderRepresentation (org.keycloak.representations.idm.IdentityProviderRepresentation)91
Test (org.junit.Test)45
IdentityProviderResource (org.keycloak.admin.client.resource.IdentityProviderResource)23
RealmResource (org.keycloak.admin.client.resource.RealmResource)22
UserRepresentation (org.keycloak.representations.idm.UserRepresentation)17
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)16
Response (javax.ws.rs.core.Response)15
Matchers.containsString (org.hamcrest.Matchers.containsString)10
List (java.util.List)9
MultipartFormDataOutput (org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput)8
URL (java.net.URL)7
IdentityProviderMapperRepresentation (org.keycloak.representations.idm.IdentityProviderMapperRepresentation)7
OAuthClient (org.keycloak.testsuite.util.OAuthClient)7
IOException (java.io.IOException)6
URI (java.net.URI)6
Map (java.util.Map)6
Matchers.hasSize (org.hamcrest.Matchers.hasSize)6
Matchers.is (org.hamcrest.Matchers.is)6
SAMLIdentityProviderConfig (org.keycloak.broker.saml.SAMLIdentityProviderConfig)6
AttributeType (org.keycloak.dom.saml.v2.assertion.AttributeType)6
