Examples with ProtocolMapperRepresentation org.keycloak.representations.idm.ProtocolMapperRepresentation used on opensource projects

Example 31 with ProtocolMapperRepresentation

use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.

the class RepresentationToModel method updateClientProtocolMappers.

public static void updateClientProtocolMappers(ClientRepresentation rep, ClientModel resource) {
    if (rep.getProtocolMappers() != null) {
        Map<String, ProtocolMapperModel> existingProtocolMappers = resource.getProtocolMappersStream().collect(Collectors.toMap(mapper -> generateProtocolNameKey(mapper.getProtocol(), mapper.getName()), Function.identity()));
        for (ProtocolMapperRepresentation protocolMapperRepresentation : rep.getProtocolMappers()) {
            String protocolNameKey = generateProtocolNameKey(protocolMapperRepresentation.getProtocol(), protocolMapperRepresentation.getName());
            ProtocolMapperModel existingMapper = existingProtocolMappers.get(protocolNameKey);
            if (existingMapper != null) {
                ProtocolMapperModel updatedProtocolMapperModel = toModel(protocolMapperRepresentation);
                updatedProtocolMapperModel.setId(existingMapper.getId());
                resource.updateProtocolMapper(updatedProtocolMapperModel);
                existingProtocolMappers.remove(protocolNameKey);
            } else {
                resource.addProtocolMapper(toModel(protocolMapperRepresentation));
            }
        }
        for (Map.Entry<String, ProtocolMapperModel> entryToDelete : existingProtocolMappers.entrySet()) {
            resource.removeProtocolMapper(entryToDelete.getValue());
        }
    }
}

Example 32 with ProtocolMapperRepresentation

use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.

the class RepresentationToModel method convertDeprecatedApplications.

private static void convertDeprecatedApplications(KeycloakSession session, RealmRepresentation realm) {
    if (realm.getApplications() != null || realm.getOauthClients() != null) {
        if (realm.getClients() == null) {
            realm.setClients(new LinkedList<ClientRepresentation>());
        }
        List<ApplicationRepresentation> clients = new LinkedList<>();
        if (realm.getApplications() != null) {
            clients.addAll(realm.getApplications());
        }
        if (realm.getOauthClients() != null) {
            clients.addAll(realm.getOauthClients());
        }
        for (ApplicationRepresentation app : clients) {
            app.setClientId(app.getName());
            app.setName(null);
            if (app instanceof OAuthClientRepresentation) {
                app.setConsentRequired(true);
                app.setFullScopeAllowed(false);
            }
            if (app.getProtocolMappers() == null && app.getClaims() != null) {
                long mask = getClaimsMask(app.getClaims());
                List<ProtocolMapperRepresentation> convertedProtocolMappers = session.getProvider(MigrationProvider.class).getMappersForClaimMask(mask);
                app.setProtocolMappers(convertedProtocolMappers);
                app.setClaims(null);
            }
            realm.getClients().add(app);
        }
    }
    if (realm.getApplicationScopeMappings() != null && realm.getClientScopeMappings() == null) {
        realm.setClientScopeMappings(realm.getApplicationScopeMappings());
    }
    if (realm.getRoles() != null && realm.getRoles().getApplication() != null && realm.getRoles().getClient() == null) {
        realm.getRoles().setClient(realm.getRoles().getApplication());
    }
    if (realm.getUsers() != null) {
        for (UserRepresentation user : realm.getUsers()) {
            if (user.getApplicationRoles() != null && user.getClientRoles() == null) {
                user.setClientRoles(user.getApplicationRoles());
            }
        }
    }
    if (realm.getRoles() != null && realm.getRoles().getRealm() != null) {
        for (RoleRepresentation role : realm.getRoles().getRealm()) {
            if (role.getComposites() != null && role.getComposites().getApplication() != null && role.getComposites().getClient() == null) {
                role.getComposites().setClient(role.getComposites().getApplication());
            }
        }
    }
    if (realm.getRoles() != null && realm.getRoles().getClient() != null) {
        for (Map.Entry<String, List<RoleRepresentation>> clientRoles : realm.getRoles().getClient().entrySet()) {
            for (RoleRepresentation role : clientRoles.getValue()) {
                if (role.getComposites() != null && role.getComposites().getApplication() != null && role.getComposites().getClient() == null) {
                    role.getComposites().setClient(role.getComposites().getApplication());
                }
            }
        }
    }
}

Example 33 with ProtocolMapperRepresentation

use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.

the class RepresentationToModel method createClient.

private static ClientModel createClient(KeycloakSession session, RealmModel realm, ClientRepresentation resourceRep, Map<String, String> mappedFlows) {
    logger.debugv("Create client: {0}", resourceRep.getClientId());
    ClientModel client = resourceRep.getId() != null ? realm.addClient(resourceRep.getId(), resourceRep.getClientId()) : realm.addClient(resourceRep.getClientId());
    if (resourceRep.getName() != null)
        client.setName(resourceRep.getName());
    if (resourceRep.getDescription() != null)
        client.setDescription(resourceRep.getDescription());
    if (resourceRep.isEnabled() != null)
        client.setEnabled(resourceRep.isEnabled());
    if (resourceRep.isAlwaysDisplayInConsole() != null)
        client.setAlwaysDisplayInConsole(resourceRep.isAlwaysDisplayInConsole());
    client.setManagementUrl(resourceRep.getAdminUrl());
    if (resourceRep.isSurrogateAuthRequired() != null)
        client.setSurrogateAuthRequired(resourceRep.isSurrogateAuthRequired());
    if (resourceRep.getRootUrl() != null)
        client.setRootUrl(resourceRep.getRootUrl());
    if (resourceRep.getBaseUrl() != null)
        client.setBaseUrl(resourceRep.getBaseUrl());
    if (resourceRep.isBearerOnly() != null)
        client.setBearerOnly(resourceRep.isBearerOnly());
    if (resourceRep.isConsentRequired() != null)
        client.setConsentRequired(resourceRep.isConsentRequired());
    // Backwards compatibility only
    if (resourceRep.isDirectGrantsOnly() != null) {
        logger.warn("Using deprecated 'directGrantsOnly' configuration in JSON representation. It will be removed in future versions");
        client.setStandardFlowEnabled(!resourceRep.isDirectGrantsOnly());
        client.setDirectAccessGrantsEnabled(resourceRep.isDirectGrantsOnly());
    }
    if (resourceRep.isStandardFlowEnabled() != null)
        client.setStandardFlowEnabled(resourceRep.isStandardFlowEnabled());
    if (resourceRep.isImplicitFlowEnabled() != null)
        client.setImplicitFlowEnabled(resourceRep.isImplicitFlowEnabled());
    if (resourceRep.isDirectAccessGrantsEnabled() != null)
        client.setDirectAccessGrantsEnabled(resourceRep.isDirectAccessGrantsEnabled());
    if (resourceRep.isServiceAccountsEnabled() != null)
        client.setServiceAccountsEnabled(resourceRep.isServiceAccountsEnabled());
    if (resourceRep.isPublicClient() != null)
        client.setPublicClient(resourceRep.isPublicClient());
    if (resourceRep.isFrontchannelLogout() != null)
        client.setFrontchannelLogout(resourceRep.isFrontchannelLogout());
    // set defaults to openid-connect if no protocol specified
    if (resourceRep.getProtocol() != null) {
        client.setProtocol(resourceRep.getProtocol());
    } else {
        client.setProtocol(OIDC);
    }
    if (resourceRep.getNodeReRegistrationTimeout() != null) {
        client.setNodeReRegistrationTimeout(resourceRep.getNodeReRegistrationTimeout());
    } else {
        client.setNodeReRegistrationTimeout(-1);
    }
    if (resourceRep.getNotBefore() != null) {
        client.setNotBefore(resourceRep.getNotBefore());
    }
    if (resourceRep.getClientAuthenticatorType() != null) {
        client.setClientAuthenticatorType(resourceRep.getClientAuthenticatorType());
    } else {
        client.setClientAuthenticatorType(KeycloakModelUtils.getDefaultClientAuthenticatorType());
    }
    client.setSecret(resourceRep.getSecret());
    if (resourceRep.getAttributes() != null) {
        for (Map.Entry<String, String> entry : resourceRep.getAttributes().entrySet()) {
            client.setAttribute(entry.getKey(), entry.getValue());
        }
    }
    if ("saml".equals(resourceRep.getProtocol()) && (resourceRep.getAttributes() == null || !resourceRep.getAttributes().containsKey("saml.artifact.binding.identifier"))) {
        client.setAttribute("saml.artifact.binding.identifier", computeArtifactBindingIdentifierString(resourceRep.getClientId()));
    }
    if (resourceRep.getAuthenticationFlowBindingOverrides() != null) {
        for (Map.Entry<String, String> entry : resourceRep.getAuthenticationFlowBindingOverrides().entrySet()) {
            if (entry.getValue() == null || entry.getValue().trim().equals("")) {
                continue;
            } else {
                String flowId = entry.getValue();
                // check if flow id was mapped when the flows were imported
                if (mappedFlows != null && mappedFlows.containsKey(flowId)) {
                    flowId = mappedFlows.get(flowId);
                }
                if (client.getRealm().getAuthenticationFlowById(flowId) == null) {
                    throw new RuntimeException("Unable to resolve auth flow binding override for: " + entry.getKey());
                }
                client.setAuthenticationFlowBindingOverride(entry.getKey(), flowId);
            }
        }
    }
    if (resourceRep.getRedirectUris() != null) {
        for (String redirectUri : resourceRep.getRedirectUris()) {
            client.addRedirectUri(redirectUri);
        }
    }
    if (resourceRep.getWebOrigins() != null) {
        for (String webOrigin : resourceRep.getWebOrigins()) {
            logger.debugv("Client: {0} webOrigin: {1}", resourceRep.getClientId(), webOrigin);
            client.addWebOrigin(webOrigin);
        }
    } else {
        // add origins from redirect uris
        if (resourceRep.getRedirectUris() != null) {
            Set<String> origins = new HashSet<String>();
            for (String redirectUri : resourceRep.getRedirectUris()) {
                logger.debugv("add redirect-uri to origin: {0}", redirectUri);
                if (redirectUri.startsWith("http")) {
                    String origin = UriUtils.getOrigin(redirectUri);
                    logger.debugv("adding default client origin: {0}", origin);
                    origins.add(origin);
                }
            }
            if (origins.size() > 0) {
                client.setWebOrigins(origins);
            }
        }
    }
    if (resourceRep.getRegisteredNodes() != null) {
        for (Map.Entry<String, Integer> entry : resourceRep.getRegisteredNodes().entrySet()) {
            client.registerNode(entry.getKey(), entry.getValue());
        }
    }
    if (resourceRep.getProtocolMappers() != null) {
        // first, remove all default/built in mappers
        client.getProtocolMappersStream().collect(Collectors.toList()).forEach(client::removeProtocolMapper);
        for (ProtocolMapperRepresentation mapper : resourceRep.getProtocolMappers()) {
            client.addProtocolMapper(toModel(mapper));
        }
        MigrationUtils.updateProtocolMappers(client);
    }
    if (resourceRep.getClientTemplate() != null) {
        String clientTemplateName = KeycloakModelUtils.convertClientScopeName(resourceRep.getClientTemplate());
        addClientScopeToClient(realm, client, clientTemplateName, true);
    }
    if (resourceRep.getDefaultClientScopes() != null || resourceRep.getOptionalClientScopes() != null) {
        // First remove all default/built in client scopes
        for (ClientScopeModel clientScope : client.getClientScopes(true).values()) {
            client.removeClientScope(clientScope);
        }
        // First remove all default/built in client scopes
        for (ClientScopeModel clientScope : client.getClientScopes(false).values()) {
            client.removeClientScope(clientScope);
        }
    }
    if (resourceRep.getDefaultClientScopes() != null) {
        for (String clientScopeName : resourceRep.getDefaultClientScopes()) {
            addClientScopeToClient(realm, client, clientScopeName, true);
        }
    }
    if (resourceRep.getOptionalClientScopes() != null) {
        for (String clientScopeName : resourceRep.getOptionalClientScopes()) {
            addClientScopeToClient(realm, client, clientScopeName, false);
        }
    }
    if (resourceRep.isFullScopeAllowed() != null) {
        client.setFullScopeAllowed(resourceRep.isFullScopeAllowed());
    } else {
        client.setFullScopeAllowed(!client.isConsentRequired());
    }
    client.updateClient();
    resourceRep.setId(client.getId());
    return client;
}

Example 34 with ProtocolMapperRepresentation

use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.

the class ClientTest method updateClientWithProtocolMapper.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void updateClientWithProtocolMapper() {
    ClientRepresentation rep = new ClientRepresentation();
    rep.setClientId("my-app");
    ProtocolMapperRepresentation fooMapper = new ProtocolMapperRepresentation();
    fooMapper.setName("foo");
    fooMapper.setProtocol("openid-connect");
    fooMapper.setProtocolMapper("oidc-hardcoded-claim-mapper");
    rep.setProtocolMappers(Collections.singletonList(fooMapper));
    Response response = realm.clients().create(rep);
    response.close();
    String id = ApiUtil.getCreatedId(response);
    getCleanup().addClientUuid(id);
    ClientResource clientResource = realm.clients().get(id);
    assertNotNull(clientResource);
    ClientRepresentation client = clientResource.toRepresentation();
    List<ProtocolMapperRepresentation> protocolMappers = client.getProtocolMappers();
    assertEquals(1, protocolMappers.size());
    ProtocolMapperRepresentation mapper = protocolMappers.get(0);
    assertEquals("foo", mapper.getName());
    ClientRepresentation newClient = new ClientRepresentation();
    newClient.setId(client.getId());
    newClient.setClientId(client.getClientId());
    ProtocolMapperRepresentation barMapper = new ProtocolMapperRepresentation();
    barMapper.setName("bar");
    barMapper.setProtocol("openid-connect");
    barMapper.setProtocolMapper("oidc-hardcoded-role-mapper");
    protocolMappers.add(barMapper);
    newClient.setProtocolMappers(protocolMappers);
    realm.clients().get(client.getId()).update(newClient);
    ClientRepresentation storedClient = realm.clients().get(client.getId()).toRepresentation();
    assertClient(client, storedClient);
}

Example 35 with ProtocolMapperRepresentation

use of org.keycloak.representations.idm.ProtocolMapperRepresentation in project keycloak by keycloak.

the class PermissionsTest method clientScopes.

@Test
public void clientScopes() {
    invoke((RealmResource realm) -> {
        realm.clientScopes().findAll();
    }, Resource.CLIENT, false, true);
    invoke((RealmResource realm, AtomicReference<Response> response) -> {
        ClientScopeRepresentation scope = new ClientScopeRepresentation();
        scope.setName("scope");
        response.set(realm.clientScopes().create(scope));
    }, Resource.CLIENT, true);
    ClientScopeRepresentation scope = adminClient.realms().realm(REALM_NAME).clientScopes().findAll().get(0);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).toRepresentation();
    }, Resource.CLIENT, false);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).update(scope);
    }, Resource.CLIENT, true);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).remove();
        realm.clientScopes().create(scope);
    }, Resource.CLIENT, true);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).getProtocolMappers().getMappers();
    }, Resource.CLIENT, false, true);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).getProtocolMappers().getMappersPerProtocol("nosuch");
    }, Resource.CLIENT, false, true);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).getProtocolMappers().getMapperById("nosuch");
    }, Resource.CLIENT, false, true);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).getProtocolMappers().update("nosuch", new ProtocolMapperRepresentation());
    }, Resource.CLIENT, true);
    invoke((RealmResource realm, AtomicReference<Response> response) -> {
        response.set(realm.clientScopes().get(scope.getId()).getProtocolMappers().createMapper(new ProtocolMapperRepresentation()));
    }, Resource.CLIENT, true);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).getProtocolMappers().createMapper(Collections.<ProtocolMapperRepresentation>emptyList());
    }, Resource.CLIENT, true);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).getProtocolMappers().delete("nosuch");
    }, Resource.CLIENT, true);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).getScopeMappings().getAll();
    }, Resource.CLIENT, false);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).getScopeMappings().realmLevel().listAll();
    }, Resource.CLIENT, false);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).getScopeMappings().realmLevel().listAvailable();
    }, Resource.CLIENT, false);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).getScopeMappings().realmLevel().listEffective();
    }, Resource.CLIENT, false);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).getScopeMappings().realmLevel().add(Collections.<RoleRepresentation>emptyList());
    }, Resource.CLIENT, true);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).getScopeMappings().realmLevel().remove(Collections.<RoleRepresentation>emptyList());
    }, Resource.CLIENT, true);
    ClientRepresentation realmAccessClient = adminClient.realms().realm(REALM_NAME).clients().findByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID).get(0);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).getScopeMappings().clientLevel(realmAccessClient.getId()).listAll();
    }, Resource.CLIENT, false);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).getScopeMappings().clientLevel(realmAccessClient.getId()).listAvailable();
    }, Resource.CLIENT, false);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).getScopeMappings().clientLevel(realmAccessClient.getId()).listEffective();
    }, Resource.CLIENT, false);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).getScopeMappings().clientLevel(realmAccessClient.getId()).add(Collections.<RoleRepresentation>emptyList());
    }, Resource.CLIENT, true);
    invoke((RealmResource realm) -> {
        realm.clientScopes().get(scope.getId()).getScopeMappings().clientLevel(realmAccessClient.getId()).remove(Collections.<RoleRepresentation>emptyList());
    }, Resource.CLIENT, true);
    // this should throw forbidden as "query-users" role isn't enough
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            clients.get(AdminRoles.QUERY_USERS).realm(REALM_NAME).clientScopes().findAll();
        }
    }, clients.get(AdminRoles.QUERY_USERS), false);
}