Java Code Examples for org.keycloak.representations.idm.ClientRepresentation#setServiceAccountsEnabled()

The following examples show how to use org.keycloak.representations.idm.ClientRepresentation#setServiceAccountsEnabled() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: UserTest.java    From keycloak with Apache License 2.0 7 votes vote down vote up 
@Test
public void countUsersNotServiceAccount() {
    createUsers();

    Integer count = realm.users().count();
    assertEquals(9, count.intValue());

    ClientRepresentation client = new ClientRepresentation();

    client.setClientId("test-client");
    client.setPublicClient(false);
    client.setSecret("secret");
    client.setServiceAccountsEnabled(true);
    client.setEnabled(true);
    client.setRedirectUris(Arrays.asList("http://url"));

    getAdminClient().realm(REALM_NAME).clients().create(client);

    // KEYCLOAK-5660, should not consider service accounts
    assertEquals(9, realm.users().count().intValue());
}
Example 2
Source File: HoKTest.java    From keycloak with Apache License 2.0 6 votes vote down vote up 
private void configTestRealmForTokenIntrospection(RealmRepresentation testRealm) {
    ClientRepresentation confApp = KeycloakModelUtils.createClient(testRealm, "confidential-cli");
    confApp.setSecret("secret1");
    confApp.setServiceAccountsEnabled(Boolean.TRUE);

    ClientRepresentation pubApp = KeycloakModelUtils.createClient(testRealm, "public-cli");
    pubApp.setPublicClient(Boolean.TRUE);

    UserRepresentation user = new UserRepresentation();
    user.setUsername("no-permissions");
    CredentialRepresentation credential = new CredentialRepresentation();
    credential.setType("password");
    credential.setValue("password");
    List<CredentialRepresentation> creds = new ArrayList<>();
    creds.add(credential);
    user.setCredentials(creds);
    user.setEnabled(Boolean.TRUE);
    List<String> realmRoles = new ArrayList<>();
    realmRoles.add("user");
    user.setRealmRoles(realmRoles);
    testRealm.getUsers().add(user);
}
Example 3
Source File: AbstractAuthorizationTest.java    From keycloak with Apache License 2.0 6 votes vote down vote up 
protected void enableAuthorizationServices(boolean enable) {
    ClientRepresentation resourceServer = getResourceServer();

    resourceServer.setAuthorizationServicesEnabled(enable);
    resourceServer.setServiceAccountsEnabled(true);
    resourceServer.setPublicClient(false);
    resourceServer.setSecret("secret");

    getClientResource().update(resourceServer);

    if (enable) {
        AuthorizationResource authorization = getClientResource().authorization();
        ResourceServerRepresentation settings = authorization.exportSettings();
        settings.setAllowRemoteResourceManagement(true);
        authorization.update(settings);
    }
}
Example 4
Source File: PartialImportTest.java    From keycloak with Apache License 2.0 6 votes vote down vote up 
@Before
public void createClientWithServiceAccount() {
    ClientRepresentation client = new ClientRepresentation();
    client.setClientId(CLIENT_SERVICE_ACCOUNT);
    client.setName(CLIENT_SERVICE_ACCOUNT);
    client.setRootUrl("http://localhost/foo");
    client.setProtocol("openid-connect");
    client.setPublicClient(false);
    client.setSecret("secret");
    client.setServiceAccountsEnabled(true);
    try (Response resp = testRealmResource().clients().create(client)) {
        String id = ApiUtil.getCreatedId(resp);
        UserRepresentation serviceAccountUser = testRealmResource().clients().get(id).getServiceAccountUser();
        assertNotNull(serviceAccountUser);
    }
}
Example 5
Source File: ClientRegistrationTest.java    From keycloak with Apache License 2.0 6 votes vote down vote up 
@Test
public void withServiceAccount() throws ClientRegistrationException {
    authManageClients();
    ClientRepresentation clientRep = buildClient();
    clientRep.setServiceAccountsEnabled(true);

    ClientRepresentation rep = registerClient(clientRep);

    UserRepresentation serviceAccountUser = adminClient.realm("test").clients().get(rep.getId()).getServiceAccountUser();

    assertNotNull(serviceAccountUser);

    deleteClient(rep);

    try {
        adminClient.realm("test").users().get(serviceAccountUser.getId()).toRepresentation();
        fail("Expected NotFoundException");
    } catch (NotFoundException e) {
    }
}
Example 6
Source File: MutualTLSClientTest.java    From keycloak with Apache License 2.0 6 votes vote down vote up 
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
   ClientRepresentation properConfiguration = KeycloakModelUtils.createClient(testRealm, CLIENT_ID);
   properConfiguration.setServiceAccountsEnabled(Boolean.TRUE);
   properConfiguration.setRedirectUris(Arrays.asList("https://localhost:8543/auth/realms/master/app/auth"));
   properConfiguration.setClientAuthenticatorType(X509ClientAuthenticator.PROVIDER_ID);
   properConfiguration.setAttributes(Collections.singletonMap(X509ClientAuthenticator.ATTR_SUBJECT_DN, "(.*?)(?:$)"));

   ClientRepresentation disabledConfiguration = KeycloakModelUtils.createClient(testRealm, DISABLED_CLIENT_ID);
   disabledConfiguration.setServiceAccountsEnabled(Boolean.TRUE);
   disabledConfiguration.setRedirectUris(Arrays.asList("https://localhost:8543/auth/realms/master/app/auth"));
   disabledConfiguration.setClientAuthenticatorType(X509ClientAuthenticator.PROVIDER_ID);
   disabledConfiguration.setAttributes(Collections.singletonMap(X509ClientAuthenticator.ATTR_SUBJECT_DN, "(.*?)(?:$)"));

   ClientRepresentation exactSubjectDNConfiguration = KeycloakModelUtils.createClient(testRealm, EXACT_SUBJECT_DN_CLIENT_ID);
   exactSubjectDNConfiguration.setServiceAccountsEnabled(Boolean.TRUE);
   exactSubjectDNConfiguration.setRedirectUris(Arrays.asList("https://localhost:8543/auth/realms/master/app/auth"));
   exactSubjectDNConfiguration.setClientAuthenticatorType(X509ClientAuthenticator.PROVIDER_ID);
   exactSubjectDNConfiguration.setAttributes(Collections.singletonMap(X509ClientAuthenticator.ATTR_SUBJECT_DN, EXACT_CERTIFICATE_SUBJECT_DN));
}
Example 7
Source File: UserInfoTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    RealmRepresentation realmRepresentation = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
    RealmBuilder realm = RealmBuilder.edit(realmRepresentation).testEventListener();
    RealmRepresentation testRealm = realm.build();
    testRealms.add(testRealm);

    ClientRepresentation samlApp = KeycloakModelUtils.createClient(testRealm, "saml-client");
    samlApp.setSecret("secret");
    samlApp.setServiceAccountsEnabled(true);
    samlApp.setDirectAccessGrantsEnabled(true);
}
Example 8
Source File: AbstractClientTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
protected String createOidcConfidentialClientWithAuthz(String name) {
    ClientRepresentation clientRep = createOidcClientRep(name);
    clientRep.setBearerOnly(Boolean.FALSE);
    clientRep.setPublicClient(Boolean.FALSE);
    clientRep.setAuthorizationServicesEnabled(Boolean.TRUE);
    clientRep.setServiceAccountsEnabled(Boolean.TRUE);
    String id = createClient(clientRep);
    assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientResourcePath(id), ResourceType.AUTHORIZATION_RESOURCE_SERVER);
    return id;
}
Example 9
Source File: PartialImportTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
private void addClients(boolean withServiceAccounts) throws IOException {
    List<ClientRepresentation> clients = new ArrayList<>();
    List<UserRepresentation> serviceAccounts = new ArrayList<>();

    for (int i = 0; i < NUM_ENTITIES; i++) {
        ClientRepresentation client = new ClientRepresentation();
        client.setClientId(CLIENT_PREFIX + i);
        client.setName(CLIENT_PREFIX + i);
        clients.add(client);
        if (withServiceAccounts) {
            client.setServiceAccountsEnabled(true);
            client.setBearerOnly(false);
            client.setPublicClient(false);
            client.setAuthorizationSettings(resourceServerSampleSettings);
            client.setAuthorizationServicesEnabled(true);
            // create the user service account
            UserRepresentation serviceAccount = new UserRepresentation();
            serviceAccount.setUsername(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + client.getClientId());
            serviceAccount.setEnabled(true);
            serviceAccount.setEmail(serviceAccount.getUsername() + "@placeholder.org");
            serviceAccount.setServiceAccountClientId(client.getClientId());
            serviceAccounts.add(serviceAccount);
        }
    }

    if (withServiceAccounts) {
        if (piRep.getUsers() == null) {
            piRep.setUsers(new ArrayList<>());
        }
        piRep.getUsers().addAll(serviceAccounts);
    }
    piRep.setClients(clients);
}
Example 10
Source File: TokenIntrospectionTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
    ClientRepresentation confApp = KeycloakModelUtils.createClient(testRealm, "confidential-cli");
    confApp.setSecret("secret1");
    confApp.setServiceAccountsEnabled(Boolean.TRUE);

    ClientRepresentation pubApp = KeycloakModelUtils.createClient(testRealm, "public-cli");
    pubApp.setPublicClient(Boolean.TRUE);

    ClientRepresentation samlApp = KeycloakModelUtils.createClient(testRealm, "saml-client");
    samlApp.setSecret("secret2");
    samlApp.setServiceAccountsEnabled(Boolean.TRUE);
    samlApp.setProtocol("saml");

    UserRepresentation user = new UserRepresentation();
    user.setUsername("no-permissions");
    CredentialRepresentation credential = new CredentialRepresentation();
    credential.setType("password");
    credential.setValue("password");
    List<CredentialRepresentation> creds = new ArrayList<>();
    creds.add(credential);
    user.setCredentials(creds);
    user.setEnabled(Boolean.TRUE);
    List<String> realmRoles = new ArrayList<>();
    realmRoles.add("user");
    user.setRealmRoles(realmRoles);
    testRealm.getUsers().add(user);
}
Example 11
Source File: OIDCClientRegistrationTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    super.addTestRealms(testRealms);
    RealmRepresentation testRealm = testRealms.get(0);
    testRealm.setPrivateKey(PRIVATE_KEY);
    testRealm.setPublicKey(PUBLIC_KEY);

    ClientRepresentation samlApp = KeycloakModelUtils.createClient(testRealm, "saml-client");
    samlApp.setSecret("secret");
    samlApp.setServiceAccountsEnabled(true);
    samlApp.setDirectAccessGrantsEnabled(true);
}
Example 12
Source File: SAMLClientRegistrationTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    super.addTestRealms(testRealms);
    RealmRepresentation testRealm = testRealms.get(0);

    ClientRepresentation samlApp = KeycloakModelUtils.createClient(testRealm, "oidc-client");
    samlApp.setSecret("secret");
    samlApp.setServiceAccountsEnabled(true);
    samlApp.setDirectAccessGrantsEnabled(true);
}
Example 13
Source File: KeyRotationTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    RealmRepresentation realm = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
    testRealms.add(realm);

    ClientRepresentation confApp = KeycloakModelUtils.createClient(realm, "confidential-cli");
    confApp.setSecret("secret1");
    confApp.setServiceAccountsEnabled(Boolean.TRUE);
}
Example 14
Source File: AbstractAuthorizationSettingsTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up 
private ClientRepresentation createResourceServer() {
    ClientRepresentation newClient = createClientRep("oidc-confidetial", OIDC);

    createClient(newClient);

    newClient.setRedirectUris(TEST_REDIRECT_URIs);
    newClient.setAuthorizationServicesEnabled(true);

    clientSettingsPage.form().setAccessType(ClientSettingsForm.OidcAccessType.CONFIDENTIAL);
    clientSettingsPage.form().setRedirectUris(TEST_REDIRECT_URIs);
    clientSettingsPage.form().setAuthorizationSettingsEnabled(true);
    clientSettingsPage.form().save();
    assertAlertSuccess();

    ClientRepresentation found = findClientByClientId(newClient.getClientId());
    assertNotNull("Client " + newClient.getClientId() + " was not found.", found);

    newClient.setPublicClient(false);
    newClient.setServiceAccountsEnabled(true);

    assertClientSettingsEqual(newClient, found);
    assertTrue(clientSettingsPage.tabs().getTabs().findElement(By.linkText("Authorization")).isDisplayed());

    clientSettingsPage.setId(found.getId());
    clientSettingsPage.navigateTo();
    authorizationPage.setId(found.getId());

    clientSettingsPage.tabs().authorization();
    assertTrue(authorizationPage.isCurrent());

    newClient.setId(found.getId());

    return newClient;
}
Example 15
Source File: ClientManager.java    From keycloak with Apache License 2.0 4 votes vote down vote up 
public void setServiceAccountsEnabled(Boolean enabled) {
    ClientRepresentation app = clientResource.toRepresentation();
    app.setServiceAccountsEnabled(enabled);
    clientResource.update(app);
}