Java Code Examples for org.keycloak.representations.idm.UserRepresentation#singleAttribute()

The following examples show how to use org.keycloak.representations.idm.UserRepresentation#singleAttribute() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: X509DirectGrantTest.java    From keycloak with Apache License 2.0 6 votes vote down vote up
private void loginForceTemporaryAccountLock() throws Exception {
    X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel()
            .setMappingSourceType(ISSUERDN)
            .setRegularExpression("OU=(.*?)(?:,|$)")
            .setUserIdentityMapperType(USER_ATTRIBUTE)
            .setCustomAttributeName("x509_certificate_identity");

    AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", config.getConfig());
    String cfgId = createConfig(directGrantExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);

    UserRepresentation user = testRealm().users().get(userId).toRepresentation();
    Assert.assertNotNull(user);

    user.singleAttribute("x509_certificate_identity", "-");
    this.updateUser(user);

    events.clear();

    oauth.clientId("resource-owner");
    oauth.doGrantAccessTokenRequest("secret", "", "", null);
    oauth.doGrantAccessTokenRequest("secret", "", "", null);
    oauth.doGrantAccessTokenRequest("secret", "", "", null);

    events.clear();
}
 
Example 2
Source File: X509BrowserLoginIssuerDnTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
private String setup(boolean canonicalDnEnabled) throws Exception {
    String issuerDn = canonicalDnEnabled ?
        "1.2.840.113549.1.9.1=#1614636f6e74616374406b6579636c6f616b2e6f7267,cn=keycloak intermediate ca,ou=keycloak,o=red hat,st=ma,c=us" :
        "EMAILADDRESS=contact@keycloak.org, CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US";

    UserRepresentation user = findUser("test-user@localhost");
    user.singleAttribute("x509_certificate_identity", issuerDn);
    updateUser(user);
    return issuerDn;
}
 
Example 3
Source File: X509BrowserLoginSubjectDnTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
private String setup(boolean canonicalDnEnabled) throws Exception {
    String subjectDn = canonicalDnEnabled ?
        "1.2.840.113549.1.9.1=#1613746573742d75736572406c6f63616c686f7374,cn=test-user,ou=keycloak,o=red hat,l=boston,st=ma,c=us" :
        "EMAILADDRESS=test-user@localhost, CN=test-user, OU=Keycloak, O=Red Hat, L=Boston, ST=MA, C=US";

    UserRepresentation user = findUser("test-user@localhost");
    user.singleAttribute("x509_certificate_identity",subjectDn);
    updateUser(user);
    return subjectDn;
}
 
Example 4
Source File: X509DirectGrantTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Test
public void loginFailedOnDuplicateUsers() throws Exception {

    AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", createLoginIssuerDN_OU2CustomAttributeConfig().getConfig());
    String cfgId = createConfig(directGrantExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);

    // Set up the users so that the identity extracted from X509 client cert
    // matches more than a single user to trigger DuplicateModelException.

    UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
    Assert.assertNotNull(user);

    user.singleAttribute("x509_certificate_identity", "Red Hat");
    this.updateUser(user);

    user = testRealm().users().get(userId).toRepresentation();
    Assert.assertNotNull(user);

    user.singleAttribute("x509_certificate_identity", "Red Hat");
    this.updateUser(user);

    events.clear();

    oauth.clientId("resource-owner");
    OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null);

    assertEquals(401, response.getStatusCode());
    assertEquals("invalid_request", response.getError());
    Assert.assertThat(response.getErrorDescription(), containsString("X509 certificate authentication's failed."));
}
 
Example 5
Source File: X509DirectGrantTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Test
public void loginFailedOnInvalidUser() throws Exception {

    AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", createLoginIssuerDN_OU2CustomAttributeConfig().getConfig());
    String cfgId = createConfig(directGrantExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);

    UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
    Assert.assertNotNull(user);

    user.singleAttribute("x509_certificate_identity", "-");
    this.updateUser(user);

    events.clear();

    oauth.clientId("resource-owner");
    OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null);

    events.expectLogin()
            .user((String) null)
            .session((String) null)
            .error(Errors.INVALID_USER_CREDENTIALS)
            .client("resource-owner")
            .removeDetail(Details.CODE_ID)
            .removeDetail(Details.USERNAME)
            .removeDetail(Details.CONSENT)
            .removeDetail(Details.REDIRECT_URI)
            .assertEvent();

    assertEquals(401, response.getStatusCode());
    assertEquals("invalid_grant", response.getError());
    assertEquals("Invalid user credentials", response.getErrorDescription());
}
 
Example 6
Source File: X509BrowserLoginTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Test
public void loginAsUserFromCertSerialnumberAndIssuerDNMappedToUserAttribute() {
    UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
    Assert.assertNotNull(user);

    user.singleAttribute("x509_certificate_serialnumber", "4105");
    user.singleAttribute("x509_issuer_dn", "EMAILADDRESS=contact@keycloak.org, CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US");
    this.updateUser(user);

    events.clear();
    
    x509BrowserLogin(createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SERIALNUMBER_ISSUERDN, "x509_certificate_serialnumber##x509_issuer_dn"),
            userId2, "keycloak", "4105##EMAILADDRESS=contact@keycloak.org, CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US");
}
 
Example 7
Source File: X509BrowserLoginTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Test
public void loginAsUserFromHexCertSerialnumberAndIssuerDNMappedToUserAttribute() {
    UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
    Assert.assertNotNull(user);

    user.singleAttribute("x509_certificate_serialnumber", "1009");
    user.singleAttribute("x509_issuer_dn", "EMAILADDRESS=contact@keycloak.org, CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US");
    this.updateUser(user);

    events.clear();
    
    X509AuthenticatorConfigModel config = createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SERIALNUMBER_ISSUERDN, "x509_certificate_serialnumber##x509_issuer_dn");
    config.setSerialnumberHex(true);
    x509BrowserLogin(config, userId2, "keycloak", "1009##EMAILADDRESS=contact@keycloak.org, CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US");
}
 
Example 8
Source File: X509BrowserLoginTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Test
public void loginAsUserFromCertSHA256MappedToUserAttribute() {

    UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
    Assert.assertNotNull(user);

    user.singleAttribute("x509_cert_sha256thumbprint", "71237a14c118a90cc8406f14d039ed3431c9065f68e535293ee919d4c33b5e15");
    this.updateUser(user);

    events.clear();

    x509BrowserLogin(createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SHA256_THUMBPRINT, "x509_cert_sha256thumbprint"),
            userId2, "keycloak", "71237a14c118a90cc8406f14d039ed3431c9065f68e535293ee919d4c33b5e15");
}
 
Example 9
Source File: X509BrowserLoginTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Test
public void loginAsUserFromCertSerialNumberMappedToUserAttribute() {

    UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
    Assert.assertNotNull(user);

    user.singleAttribute("x509_serial_number", "4105");
    this.updateUser(user);

    events.clear();

    x509BrowserLogin(createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SERIALNUMBER, "x509_serial_number"),
            userId2, "keycloak", "4105");
}
 
Example 10
Source File: X509BrowserLoginTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Test
public void loginAsUserFromHexCertSerialNumberMappedToUserAttribute() {

    UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
    Assert.assertNotNull(user);

    user.singleAttribute("x509_serial_number", "1009");
    this.updateUser(user);

    events.clear();

    X509AuthenticatorConfigModel config = createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SERIALNUMBER, "x509_serial_number");
    config.setSerialnumberHex(true);
    x509BrowserLogin(config, userId2, "keycloak", "1009");
}
 
Example 11
Source File: X509BrowserLoginTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Test
public void loginDuplicateUsersNotAllowed() {

    AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", createLoginIssuerDN_OU2CustomAttributeConfig().getConfig());
    String cfgId = createConfig(browserExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);

    // Set up the users so that the identity extracted from X509 client cert
    // matches more than a single user to trigger DuplicateModelException.

    UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
    Assert.assertNotNull(user);

    user.singleAttribute("x509_certificate_identity", "Red Hat");
    this.updateUser(user);

    user = testRealm().users().get(userId).toRepresentation();
    Assert.assertNotNull(user);

    user.singleAttribute("x509_certificate_identity", "Red Hat");
    this.updateUser(user);

    events.clear();

    loginPage.open();

    Assert.assertThat(loginPage.getError(), containsString("X509 certificate authentication's failed."));

    loginPage.login("test-user@localhost", "password");

    Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
    Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));

    events.expectLogin()
            .user(userId)
            .detail(Details.USERNAME, "test-user@localhost")
            .removeDetail(Details.REDIRECT_URI)
            .assertEvent();
}
 
Example 12
Source File: X509BrowserLoginTest.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Test
public void loginWithX509CertCustomAttributeSuccess() {
    X509AuthenticatorConfigModel config =
            new X509AuthenticatorConfigModel()
                    .setConfirmationPageAllowed(true)
                    .setMappingSourceType(SUBJECTDN)
                    .setRegularExpression("O=(.*?)(?:,|$)")
                    .setCustomAttributeName("x509_certificate_identity")
                    .setUserIdentityMapperType(USER_ATTRIBUTE);
    AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", config.getConfig());
    String cfgId = createConfig(browserExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);

    // Update the attribute used to match the user identity to that
    // extracted from the client certificate
    UserRepresentation user = findUser("test-user@localhost");
    Assert.assertNotNull(user);
    user.singleAttribute("x509_certificate_identity", "Red Hat");
    this.updateUser(user);

    events.clear();

    loginConfirmationPage.open();

    Assert.assertTrue(loginConfirmationPage.getSubjectDistinguishedNameText().startsWith("EMAILADDRESS=test-user@localhost"));
    Assert.assertEquals("test-user@localhost", loginConfirmationPage.getUsernameText());

    loginConfirmationPage.confirm();

    Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
    Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
}
 
Example 13
Source File: AbstractX509AuthenticationTest.java    From keycloak with Apache License 2.0 4 votes vote down vote up
@Before
public void configureFlows() {
    authMgmtResource = adminClient.realms().realm(REALM_NAME).flows();

    AuthenticationFlowRepresentation browserFlow = copyBrowserFlow();
    Assert.assertNotNull(browserFlow);

    AuthenticationFlowRepresentation directGrantFlow = createDirectGrantFlow();
    Assert.assertNotNull(directGrantFlow);

    setBrowserFlow(browserFlow);
    Assert.assertEquals(testRealm().toRepresentation().getBrowserFlow(), browserFlow.getAlias());

    setDirectGrantFlow(directGrantFlow);
    Assert.assertEquals(testRealm().toRepresentation().getDirectGrantFlow(), directGrantFlow.getAlias());
    Assert.assertEquals(0, directGrantFlow.getAuthenticationExecutions().size());

    // Add X509 cert authenticator to the direct grant flow
    directGrantExecution = addAssertExecution(directGrantFlow, ValidateX509CertificateUsernameFactory.PROVIDER_ID, REQUIRED);
    Assert.assertNotNull(directGrantExecution);

    directGrantFlow = authMgmtResource.getFlow(directGrantFlow.getId());
    Assert.assertNotNull(directGrantFlow.getAuthenticationExecutions());
    Assert.assertEquals(1, directGrantFlow.getAuthenticationExecutions().size());

    // Add X509 authenticator to the browser flow
    browserExecution = addAssertExecution(browserFlow, X509ClientCertificateAuthenticatorFactory.PROVIDER_ID, ALTERNATIVE);
    Assert.assertNotNull(browserExecution);

    // Raise the priority of the authenticator to position it right before
    // the Username/password authentication
    // TODO find a better, more explicit way to specify the position
    // of authenticator within the flow relative to other authenticators
    authMgmtResource.raisePriority(browserExecution.getId());
    // TODO raising the priority didn't generate the event?
    //assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authRaiseExecutionPath(exec.getId()));

    UserRepresentation user = findUser("test-user@localhost");
    userId = user.getId();

    user.singleAttribute("x509_certificate_identity","-");
    user.singleAttribute("alternative_email", "test-user-altmail@localhost");
    user.singleAttribute("upn", "test_upn_name@localhost");
    updateUser(user);
}
 
Example 14
Source File: UserTest.java    From keycloak with Apache License 2.0 4 votes vote down vote up
@Test
public void attributes() {
    UserRepresentation user1 = new UserRepresentation();
    user1.setUsername("user1");
    user1.singleAttribute("attr1", "value1user1");
    user1.singleAttribute("attr2", "value2user1");

    String user1Id = createUser(user1);

    UserRepresentation user2 = new UserRepresentation();
    user2.setUsername("user2");
    user2.singleAttribute("attr1", "value1user2");
    List<String> vals = new ArrayList<>();
    vals.add("value2user2");
    vals.add("value2user2_2");
    user2.getAttributes().put("attr2", vals);

    String user2Id = createUser(user2);

    user1 = realm.users().get(user1Id).toRepresentation();
    assertEquals(2, user1.getAttributes().size());
    assertAttributeValue("value1user1", user1.getAttributes().get("attr1"));
    assertAttributeValue("value2user1", user1.getAttributes().get("attr2"));

    user2 = realm.users().get(user2Id).toRepresentation();
    assertEquals(2, user2.getAttributes().size());
    assertAttributeValue("value1user2", user2.getAttributes().get("attr1"));
    vals = user2.getAttributes().get("attr2");
    assertEquals(2, vals.size());
    assertTrue(vals.contains("value2user2") && vals.contains("value2user2_2"));

    user1.singleAttribute("attr1", "value3user1");
    user1.singleAttribute("attr3", "value4user1");

    updateUser(realm.users().get(user1Id), user1);

    user1 = realm.users().get(user1Id).toRepresentation();
    assertEquals(3, user1.getAttributes().size());
    assertAttributeValue("value3user1", user1.getAttributes().get("attr1"));
    assertAttributeValue("value2user1", user1.getAttributes().get("attr2"));
    assertAttributeValue("value4user1", user1.getAttributes().get("attr3"));

    user1.getAttributes().remove("attr1");
    updateUser(realm.users().get(user1Id), user1);

    user1 = realm.users().get(user1Id).toRepresentation();
    assertEquals(2, user1.getAttributes().size());
    assertAttributeValue("value2user1", user1.getAttributes().get("attr2"));
    assertAttributeValue("value4user1", user1.getAttributes().get("attr3"));

    user1.getAttributes().clear();
    updateUser(realm.users().get(user1Id), user1);

    user1 = realm.users().get(user1Id).toRepresentation();
    assertNull(user1.getAttributes());
}
 
Example 15
Source File: EmailTest.java    From keycloak with Apache License 2.0 4 votes vote down vote up
private void changeUserLocale(String locale) {
    UserRepresentation user = findUser("login-test");
    user.singleAttribute(UserModel.LOCALE, locale);
    ApiUtil.findUserByUsernameId(testRealm(), "login-test").update(user);
}
 
Example 16
Source File: X509BrowserLoginTest.java    From keycloak with Apache License 2.0 3 votes vote down vote up
@Test
public void loginAsUserFromCertIssuerDNMappedToUserAttribute() {

    UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
    Assert.assertNotNull(user);

    user.singleAttribute("x509_certificate_identity", "Red Hat");
    this.updateUser(user);

    events.clear();

    x509BrowserLogin(createLoginIssuerDN_OU2CustomAttributeConfig(), userId2, "keycloak", "Red Hat");
}