Java Code Examples for org.keycloak.representations.idm.ClientRepresentation#setProtocol()

public static ClientRepresentation createClientRep(String clientId, String protocol) {
    ClientRepresentation client = new ClientRepresentation();
    client.setClientId(clientId);
    client.setEnabled(true);
    client.setProtocol(protocol);

    client.setDirectAccessGrantsEnabled(true);
    client.setFullScopeAllowed(true);
    client.setPublicClient(true);
    client.setStandardFlowEnabled(true);

    if (protocol.equals(SAML)) {
        client.setAttributes(getSAMLAttributes());
    }
    return client;
}
 

@Test
public void testOIDCEndpointGetWithSamlClient() {
    ClientsResource clientsResource = adminClient.realm(TEST).clients();
    ClientRepresentation samlClient = clientsResource.findByClientId("saml-client").get(0);

    reg.auth(Auth.client("saml-client", "secret"));

    // change client to saml
    samlClient.setProtocol("saml");
    clientsResource.get(samlClient.getId()).update(samlClient);

    assertGetFail(samlClient.getClientId(), 400, Errors.INVALID_CLIENT);

    // revert client
    samlClient.setProtocol("openid-connect");
    clientsResource.get(samlClient.getId()).update(samlClient);
}
 

private ClientRepresentation createAppClient() {
    String redirectUri = oauth.getRedirectUri().replace("/master/", "/" + REALM_NAME + "/");

    ClientRepresentation client = new ClientRepresentation();
    client.setClientId("test-app");
    client.setAdminUrl(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/app/admin");
    client.setRedirectUris(Collections.singletonList(redirectUri));
    client.setSecret("secret");
    client.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);

    int notBefore = Time.currentTime() - 60;
    client.setNotBefore(notBefore);

    Response response = realm.clients().create(client);
    String id = ApiUtil.getCreatedId(response);
    getCleanup().addClientUuid(id);
    response.close();

    assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), client, ResourceType.CLIENT);

    client.setId(id);
    return client;
}
 

@Test
public void testOIDCEndpointCreateWithSamlClient() throws Exception {
    ClientsResource clientsResource = adminClient.realm(TEST).clients();
    ClientRepresentation samlClient = clientsResource.findByClientId("saml-client").get(0);
    String samlClientServiceId = clientsResource.get(samlClient.getId()).getServiceAccountUser().getId();

    String realmManagementId = clientsResource.findByClientId("realm-management").get(0).getId();
    RoleRepresentation role = clientsResource.get(realmManagementId).roles().get("create-client").toRepresentation();

    adminClient.realm(TEST).users().get(samlClientServiceId).roles().clientLevel(realmManagementId).add(Arrays.asList(role));

    String accessToken = oauth.clientId("saml-client").doClientCredentialsGrantAccessTokenRequest("secret").getAccessToken();
    reg.auth(Auth.token(accessToken));

    // change client to saml
    samlClient.setProtocol("saml");
    clientsResource.get(samlClient.getId()).update(samlClient);

    OIDCClientRepresentation client = createRep();
    assertCreateFail(client, 400, Errors.INVALID_CLIENT);

    // revert client
    samlClient.setProtocol("openid-connect");
    clientsResource.get(samlClient.getId()).update(samlClient);
}
 

@Before
public void createClientWithServiceAccount() {
    ClientRepresentation client = new ClientRepresentation();
    client.setClientId(CLIENT_SERVICE_ACCOUNT);
    client.setName(CLIENT_SERVICE_ACCOUNT);
    client.setRootUrl("http://localhost/foo");
    client.setProtocol("openid-connect");
    client.setPublicClient(false);
    client.setSecret("secret");
    client.setServiceAccountsEnabled(true);
    try (Response resp = testRealmResource().clients().create(client)) {
        String id = ApiUtil.getCreatedId(resp);
        UserRepresentation serviceAccountUser = testRealmResource().clients().get(id).getServiceAccountUser();
        assertNotNull(serviceAccountUser);
    }
}
 

@Before
public void createClientForClientRoles() {
    ClientRepresentation client = new ClientRepresentation();
    client.setClientId(CLIENT_ROLES_CLIENT);
    client.setName(CLIENT_ROLES_CLIENT);
    client.setProtocol("openid-connect");
    try (Response resp = testRealmResource().clients().create(client)) {

        // for some reason, findAll() will later fail unless readEntity is called here
        resp.readEntity(String.class);
        //testRealmResource().clients().findAll();
    }
}
 

@Override
public void configureTestRealm(RealmRepresentation testRealm) {
    ClientRepresentation confApp = KeycloakModelUtils.createClient(testRealm, "confidential-cli");
    confApp.setSecret("secret1");
    confApp.setServiceAccountsEnabled(Boolean.TRUE);

    ClientRepresentation pubApp = KeycloakModelUtils.createClient(testRealm, "public-cli");
    pubApp.setPublicClient(Boolean.TRUE);

    ClientRepresentation samlApp = KeycloakModelUtils.createClient(testRealm, "saml-client");
    samlApp.setSecret("secret2");
    samlApp.setServiceAccountsEnabled(Boolean.TRUE);
    samlApp.setProtocol("saml");

    UserRepresentation user = new UserRepresentation();
    user.setUsername("no-permissions");
    CredentialRepresentation credential = new CredentialRepresentation();
    credential.setType("password");
    credential.setValue("password");
    List<CredentialRepresentation> creds = new ArrayList<>();
    creds.add(credential);
    user.setCredentials(creds);
    user.setEnabled(Boolean.TRUE);
    List<String> realmRoles = new ArrayList<>();
    realmRoles.add("user");
    user.setRealmRoles(realmRoles);
    testRealm.getUsers().add(user);
}
 

@Test
public void testCreateRealmCreateClientWithMaster() throws Exception {
    ClientRepresentation rep = new ClientRepresentation();
    rep.setName("fullScopedClient");
    rep.setClientId("fullScopedClient");
    rep.setFullScopeAllowed(true);
    rep.setSecret("618268aa-51e6-4e64-93c4-3c0bc65b8171");
    rep.setProtocol("openid-connect");
    rep.setPublicClient(false);
    rep.setEnabled(true);
    adminClient.realm("master").clients().create(rep);

    RealmRepresentation newRealm=new RealmRepresentation();
    newRealm.setRealm("anotherRealm");
    newRealm.setId("anotherRealm");
    newRealm.setEnabled(true);
    adminClient.realms().create(newRealm);

    try {
        ClientRepresentation newClient = new ClientRepresentation();

        newClient.setName("newClient");
        newClient.setClientId("newClient");
        newClient.setFullScopeAllowed(true);
        newClient.setSecret("secret");
        newClient.setProtocol("openid-connect");
        newClient.setPublicClient(false);
        newClient.setEnabled(true);
        Response response = adminClient.realm("anotherRealm").clients().create(newClient);
        Assert.assertEquals(201, response.getStatus());
    } finally {
        adminClient.realm("anotherRealm").remove();

    }
}
 

public static void configureDockerRegistryClient(final RealmRepresentation dockerRealm, final String clientId) {
    final ClientRepresentation dockerClient = new ClientRepresentation();
    dockerClient.setClientId(clientId);
    dockerClient.setProtocol(DockerAuthV2Protocol.LOGIN_PROTOCOL);
    dockerClient.setEnabled(true);

    final List<ClientRepresentation> clients = Optional.ofNullable(dockerRealm.getClients()).orElse(new ArrayList<>());
    clients.add(dockerClient);
    dockerRealm.setClients(clients);
}
 

protected String createSamlClient(String name) {
    ClientRepresentation clientRep = new ClientRepresentation();
    clientRep.setClientId(name);
    clientRep.setName(name);
    clientRep.setProtocol("saml");
    return createClient(clientRep);
}
 

protected ClientRepresentation createOidcClientRep(String name) {
    ClientRepresentation clientRep = new ClientRepresentation();
    clientRep.setClientId(name);
    clientRep.setName(name);
    clientRep.setProtocol("openid-connect");
    return clientRep;
}
 

@Test
public void testRemoveClientScopeInUse() {
    // Add client scope
    ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
    scopeRep.setName("foo-scope");
    String scopeId = createClientScope(scopeRep);

    // Add client with the clientScope
    ClientRepresentation clientRep = new ClientRepresentation();
    clientRep.setClientId("bar-client");
    clientRep.setName("bar-client");
    clientRep.setProtocol("openid-connect");
    clientRep.setDefaultClientScopes(Collections.singletonList("foo-scope"));
    String clientDbId = createClient(clientRep);

    // Can't remove clientScope
    try {
        clientScopes().get(scopeId).remove();
        Assert.fail("Not expected to successfully remove clientScope in use");
    } catch (BadRequestException bre) {
        ErrorRepresentation error = bre.getResponse().readEntity(ErrorRepresentation.class);
        Assert.assertEquals("Cannot remove client scope, it is currently in use", error.getErrorMessage());
        assertAdminEvents.assertEmpty();
    }

    // Remove client
    removeClient(clientDbId);

    // Can remove clientScope now
    removeClientScope(scopeId);
}
 

private void setupTestAppAndUser() {
    testingClient.testApp().clearAdminActions();

    String redirectUri = oauth.getRedirectUri().replace("/master/", "/" + REALM_NAME + "/");

    ClientRepresentation client = new ClientRepresentation();
    client.setClientId("test-app");
    client.setAdminUrl(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/app/admin");
    client.setRedirectUris(Collections.singletonList(redirectUri));
    client.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    client.setSecret("secret");
    Response resp = realm.clients().create(client);
    String clientDbId = ApiUtil.getCreatedId(resp);
    getCleanup().addClientUuid(clientDbId);
    resp.close();
    assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(clientDbId), client, ResourceType.CLIENT);

    oauth.realm(REALM_NAME);
    oauth.redirectUri(redirectUri);

    UserRepresentation userRep = UserBuilder.create().username("testuser").build();
    Response response = realm.users().create(userRep);
    String userId = ApiUtil.getCreatedId(response);
    response.close();
    getCleanup().addUserId(userId);
    assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId), userRep, ResourceType.USER);

    realm.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());
    assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResetPasswordPath(userId), ResourceType.USER);

    testingClient.testApp().clearAdminActions();
}
 

/**
 * KEYCLOAK-2716
 * @throws Exception
 */
@Test
public void testClientRemoveWithClientRoleGroupMapping() throws Exception {
    RealmResource realm = adminClient.realms().realm("test");

    ClientRepresentation client = new ClientRepresentation();
    client.setClientId("foo");
    client.setRootUrl("http://foo");
    client.setProtocol("openid-connect");
    Response response = realm.clients().create(client);
    response.close();
    String clientUuid = ApiUtil.getCreatedId(response);
    assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.clientResourcePath(clientUuid), client, ResourceType.CLIENT);
    client = realm.clients().findByClientId("foo").get(0);

    RoleRepresentation role = new RoleRepresentation();
    role.setName("foo-role");
    realm.clients().get(client.getId()).roles().create(role);
    assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(clientUuid, "foo-role"), role, ResourceType.CLIENT_ROLE);
    role = realm.clients().get(client.getId()).roles().get("foo-role").toRepresentation();

    GroupRepresentation group = new GroupRepresentation();
    group.setName("2716");
    group = createGroup(realm, group);

    List<RoleRepresentation> list = new LinkedList<>();
    list.add(role);
    realm.groups().group(group.getId()).roles().clientLevel(client.getId()).add(list);
    assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupRolesClientRolesPath(group.getId(), clientUuid), list, ResourceType.CLIENT_ROLE_MAPPING);

    realm.clients().get(client.getId()).remove();
    assertAdminEvents.assertEvent("test", OperationType.DELETE, AdminEventPaths.clientResourcePath(clientUuid), ResourceType.CLIENT);
}
 

@Override
public void configureTestRealm(RealmRepresentation testRealm) {
    // Create service client with some client role
    ClientRepresentation client1 = new ClientRepresentation();
    client1.setClientId("service-client");
    client1.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    client1.setBearerOnly(true);
    client1.setBaseUrl("http://foo/service-client");
    testRealm.getClients().add(client1);

    RoleRepresentation role1 = new RoleRepresentation();
    role1.setName("role1");
    testRealm.getRoles().getClient().put("service-client", Arrays.asList(role1));

    // Disable FullScopeAllowed for the 'test-app' client
    ClientRepresentation testApp = testRealm.getClients().stream().filter((ClientRepresentation client) -> {
        return "test-app".equals(client.getClientId());
    }).findFirst().get();

    testApp.setFullScopeAllowed(false);

    // Create sample user
    UserRepresentation user = UserBuilder.create()
            .id(userId)
            .username("john")
            .enabled(true)
            .email("[email protected]")
            .firstName("John")
            .lastName("Doe")
            .password("password")
            .role("account", "manage-account")
            .role("account", "view-profile")
            .role("service-client", "role1")
            .build();
    testRealm.getUsers().add(user);
}
 

@Test
public void testUserInfoRequestWithSamlClient() throws Exception {
    // obtain an access token
    String accessToken = oauth.doGrantAccessTokenRequest("test", "test-user@localhost", "password", null, "saml-client", "secret").getAccessToken();

    // change client's protocol
    ClientRepresentation samlClient = adminClient.realm("test").clients().findByClientId("saml-client").get(0);
    samlClient.setProtocol("saml");
    adminClient.realm("test").clients().get(samlClient.getId()).update(samlClient);

    Client client = ClientBuilder.newClient();
    try {
        events.clear();
        Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessToken);
        response.close();

        assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
        events.expect(EventType.USER_INFO_REQUEST)
                .error(Errors.INVALID_CLIENT)
                .client((String) null)
                .user(Matchers.nullValue(String.class))
                .session(Matchers.nullValue(String.class))
                .detail(Details.AUTH_METHOD, Details.VALIDATE_ACCESS_TOKEN)
                .assertEvent();
    } finally {
        client.close();
    }
}
 

@Test
public void testCreateRealmCreateClient() throws Exception {
    ClientRepresentation rep = new ClientRepresentation();
    rep.setName("fullScopedClient");
    rep.setClientId("fullScopedClient");
    rep.setFullScopeAllowed(true);
    rep.setSecret("618268aa-51e6-4e64-93c4-3c0bc65b8171");
    rep.setProtocol("openid-connect");
    rep.setPublicClient(false);
    rep.setEnabled(true);
    adminClient.realm("master").clients().create(rep);

    Keycloak realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(),
            "master", "admin", "admin", "fullScopedClient", "618268aa-51e6-4e64-93c4-3c0bc65b8171");
    try {
        RealmRepresentation newRealm=new RealmRepresentation();
        newRealm.setRealm("anotherRealm");
        newRealm.setId("anotherRealm");
        newRealm.setEnabled(true);
        realmClient.realms().create(newRealm);

        ClientRepresentation newClient = new ClientRepresentation();

        newClient.setName("newClient");
        newClient.setClientId("newClient");
        newClient.setFullScopeAllowed(true);
        newClient.setSecret("secret");
        newClient.setProtocol("openid-connect");
        newClient.setPublicClient(false);
        newClient.setEnabled(true);
        Response response = realmClient.realm("anotherRealm").clients().create(newClient);
        Assert.assertEquals(403, response.getStatus());

        realmClient.close();
        realmClient = AdminClientUtil.createAdminClient(suiteContext.isAdapterCompatTesting(),
                "master", "admin", "admin", "fullScopedClient", "618268aa-51e6-4e64-93c4-3c0bc65b8171");
        response = realmClient.realm("anotherRealm").clients().create(newClient);
        Assert.assertEquals(201, response.getStatus());
    } finally {
        adminClient.realm("anotherRealm").remove();
        realmClient.close();
    }


}
 

private ClientRepresentation createProviderClient(String clientId) {
    ClientRepresentation client = new ClientRepresentation();

    client.setClientId(clientId);
    client.setEnabled(true);
    client.setProtocol(IDP_SAML_PROVIDER_ID);
    client.setRedirectUris(Collections.singletonList(
            getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint"
    ));

    Map<String, String> attributes = new HashMap<>();

    attributes.put(SamlConfigAttributes.SAML_AUTHNSTATEMENT, "true");
    attributes.put(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE,
            getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
    attributes.put(SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE,
            getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
    attributes.put(SamlConfigAttributes.SAML_FORCE_NAME_ID_FORMAT_ATTRIBUTE, "true");
    attributes.put(SamlConfigAttributes.SAML_NAME_ID_FORMAT_ATTRIBUTE, "username");
    attributes.put(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, "false");
    attributes.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "false");
    attributes.put(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false");
    attributes.put(SamlConfigAttributes.SAML_ENCRYPT, "false");

    client.setAttributes(attributes);

    ProtocolMapperRepresentation emailMapper = new ProtocolMapperRepresentation();
    emailMapper.setName("email");
    emailMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    emailMapper.setProtocolMapper(UserPropertyAttributeStatementMapper.PROVIDER_ID);

    Map<String, String> emailMapperConfig = emailMapper.getConfig();
    emailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "email");
    emailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "urn:oid:1.2.840.113549.1.9.1");
    emailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
    emailMapperConfig.put(AttributeStatementHelper.FRIENDLY_NAME, "email");

    ProtocolMapperRepresentation dottedAttrMapper = new ProtocolMapperRepresentation();
    dottedAttrMapper.setName("email - dotted");
    dottedAttrMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    dottedAttrMapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);

    Map<String, String> dottedEmailMapperConfig = dottedAttrMapper.getConfig();
    dottedEmailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "dotted.email");
    dottedEmailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "dotted.email");
    dottedEmailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");

    ProtocolMapperRepresentation nestedAttrMapper = new ProtocolMapperRepresentation();
    nestedAttrMapper.setName("email - nested");
    nestedAttrMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    nestedAttrMapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);

    Map<String, String> nestedEmailMapperConfig = nestedAttrMapper.getConfig();
    nestedEmailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "nested.email");
    nestedEmailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "nested.email");
    nestedEmailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");

    ProtocolMapperRepresentation userAttrMapper = new ProtocolMapperRepresentation();
    userAttrMapper.setName("attribute - name");
    userAttrMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    userAttrMapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);

    Map<String, String> userAttrMapperConfig = userAttrMapper.getConfig();
    userAttrMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME);
    userAttrMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME);
    userAttrMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, AttributeStatementHelper.BASIC);
    userAttrMapperConfig.put(AttributeStatementHelper.FRIENDLY_NAME, "");

    ProtocolMapperRepresentation userFriendlyAttrMapper = new ProtocolMapperRepresentation();
    userFriendlyAttrMapper.setName("attribute - friendly name");
    userFriendlyAttrMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    userFriendlyAttrMapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);

    Map<String, String> userFriendlyAttrMapperConfig = userFriendlyAttrMapper.getConfig();
    userFriendlyAttrMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, AbstractUserAttributeMapperTest.ATTRIBUTE_TO_MAP_FRIENDLY_NAME);
    userFriendlyAttrMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "urn:oid:1.2.3.4.5.6.7");
    userFriendlyAttrMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, AttributeStatementHelper.BASIC);
    userFriendlyAttrMapperConfig.put(AttributeStatementHelper.FRIENDLY_NAME, AbstractUserAttributeMapperTest.ATTRIBUTE_TO_MAP_FRIENDLY_NAME);

    client.setProtocolMappers(Arrays.asList(emailMapper, dottedAttrMapper, nestedAttrMapper, userAttrMapper, userFriendlyAttrMapper));

    return client;
}