Java Code Examples for org.keycloak.representations.idm.RealmRepresentation#setAttributes()
The following examples show how to use
org.keycloak.representations.idm.RealmRepresentation#setAttributes() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SamlReverseProxyTest.java From keycloak with Apache License 2.0 | 6 votes |
/** * KEYCLOAK-12612 * * Tests sending a SAML {@code AuthnRequest} through a reverse proxy. In this scenario the SAML {@code AuthnRequest} * has a destination that matches the proxy server, but the request is forwarded to a keycloak server running in a * different address. * * Validation of the destination and subsequent redirection to the login screen only work if the proxy server is configured * as the {@code frontendUrl} of the realm. * * @throws Exception if an error occurs while running the test. */ @Test public void testAuthnRequestWithReverseProxy() throws Exception { // send an authn request without defining the frontendUrl for the realm - should get a BAD_REQUEST response Document document = SAML2Request.convert(SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, this.buildSamlProtocolUrl(proxy.getUrl()))); testSendSamlRequest(document, Response.Status.BAD_REQUEST, containsString("Invalid Request")); // set the frontendUrl pointing to the reverse proxy RealmRepresentation rep = adminClient.realm(REALM_NAME).toRepresentation(); try { if (rep.getAttributes() == null) { rep.setAttributes(new HashMap<>()); } rep.getAttributes().put("frontendUrl", proxy.getUrl()); adminClient.realm(REALM_NAME).update(rep); // resend the authn request - should succeed this time testSendSamlRequest(document, Response.Status.OK, containsString("login")); } finally { // restore the state of the realm (unset the frontendUrl) rep.getAttributes().remove("frontendUrl"); adminClient.realm(REALM_NAME).update(rep); } }
Example 2
Source File: SamlReverseProxyTest.java From keycloak with Apache License 2.0 | 6 votes |
/** * KEYCLOAK-12944 * * Tests sending a SAML {@code LogoutRequest} through a reverse proxy. In this scenario the SAML {@code LogoutRequest} * has a destination that matches the proxy server, but the request is forwarded to a keycloak server running in a * different address. * * Validation of the destination and any subsequent redirection only work if the proxy server is configured as the * {@code frontendUrl} of the realm. * * @throws Exception if an error occurs while running the test. */ @Test public void testLogoutRequestWithReverseProxy() throws Exception { // send a logout request without defining the frontendUrl for the realm - should get a BAD_REQUEST response Document document = new SAML2LogoutRequestBuilder().destination( this.buildSamlProtocolUrl(proxy.getUrl()).toString()).issuer(SAML_CLIENT_ID_SALES_POST).buildDocument(); testSendSamlRequest(document, Response.Status.BAD_REQUEST, containsString("Invalid Request")); // set the frontendUrl pointing to the reverse proxy RealmRepresentation rep = adminClient.realm(REALM_NAME).toRepresentation(); try { if (rep.getAttributes() == null) { rep.setAttributes(new HashMap<>()); } rep.getAttributes().put("frontendUrl", proxy.getUrl()); adminClient.realm(REALM_NAME).update(rep); // resend the logout request - should succeed this time (we are actually not logging out anyone, just checking the request is properly validated testSendSamlRequest(document, Response.Status.OK, containsString("login")); } finally { // restore the state of the realm (unset the frontendUrl) rep.getAttributes().remove("frontendUrl"); adminClient.realm(REALM_NAME).update(rep); } }
Example 3
Source File: KcOidcBrokerFrontendUrlTest.java From keycloak with Apache License 2.0 | 5 votes |
@Override protected BrokerConfiguration getBrokerConfiguration() { return new KcOidcBrokerConfiguration() { @Override public RealmRepresentation createConsumerRealm() { RealmRepresentation realm = super.createConsumerRealm(); Map<String, String> attributes = new HashMap<>(); attributes.put("frontendUrl", proxy.getUrl()); realm.setAttributes(attributes); return realm; } @Override public List<ClientRepresentation> createProviderClients() { List<ClientRepresentation> clients = super.createProviderClients(); List<String> redirectUris = new ArrayList<>(); redirectUris.add(proxy.getUrl() + "/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint/*"); clients.get(0).setRedirectUris(redirectUris); return clients; } }; }
Example 4
Source File: RealmTest.java From keycloak with Apache License 2.0 | 4 votes |
@Test public void updateRealmAttributes() { // first change RealmRepresentation rep = new RealmRepresentation(); List<String> webAuthnPolicyAcceptableAaguids = new ArrayList<>(); webAuthnPolicyAcceptableAaguids.add("aaguid1"); webAuthnPolicyAcceptableAaguids.add("aaguid2"); rep.setAttributes(new HashMap<>()); rep.getAttributes().put("foo1", "bar1"); rep.getAttributes().put("foo2", "bar2"); rep.setWebAuthnPolicyAcceptableAaguids(webAuthnPolicyAcceptableAaguids); rep.setBruteForceProtected(true); rep.setDisplayName("dn1"); realm.update(rep); assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM); rep = realm.toRepresentation(); assertEquals("bar1", rep.getAttributes().get("foo1")); assertEquals("bar2", rep.getAttributes().get("foo2")); assertTrue(rep.isBruteForceProtected()); assertEquals("dn1", rep.getDisplayName()); assertEquals(webAuthnPolicyAcceptableAaguids, rep.getWebAuthnPolicyAcceptableAaguids()); // second change webAuthnPolicyAcceptableAaguids.clear(); rep.setBruteForceProtected(false); rep.setDisplayName("dn2"); rep.getAttributes().put("foo1", "bar11"); rep.getAttributes().remove("foo2"); rep.setWebAuthnPolicyAcceptableAaguids(webAuthnPolicyAcceptableAaguids); realm.update(rep); assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM); rep = realm.toRepresentation(); assertFalse(rep.isBruteForceProtected()); assertEquals("dn2", rep.getDisplayName()); assertEquals("bar11", rep.getAttributes().get("foo1")); assertFalse(rep.getAttributes().containsKey("foo2")); assertTrue(rep.getWebAuthnPolicyAcceptableAaguids().isEmpty()); }
Example 5
Source File: ResetPasswordTest.java From keycloak with Apache License 2.0 | 4 votes |
@Test public void resetPasswordExpiredCodeAndAuthSessionPerActionLifespan() throws IOException, MessagingException, InterruptedException { RealmRepresentation realmRep = testRealm().toRepresentation(); Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes())); realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).build()); testRealm().update(realmRep); try { initiateResetPasswordFromResetPasswordPage("login-test"); events.expectRequiredAction(EventType.SEND_RESET_PASSWORD) .session((String)null) .user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent(); assertEquals(1, greenMail.getReceivedMessages().length); MimeMessage message = greenMail.getReceivedMessages()[0]; String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message).replace("&", "&"); setTimeOffset(70); log.debug("Going to reset password URI."); driver.navigate().to(oauth.AUTH_SERVER_ROOT + "/realms/test/login-actions/reset-credentials"); // This is necessary to delete KC_RESTART cookie that is restricted to /auth/realms/test path log.debug("Removing cookies."); driver.manage().deleteAllCookies(); driver.navigate().to(changePasswordUrl.trim()); errorPage.assertCurrent(); Assert.assertEquals("Action expired.", errorPage.getError()); String backToAppLink = errorPage.getBackToApplicationLink(); Assert.assertTrue(backToAppLink.endsWith("/app/auth")); events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent(); } finally { setTimeOffset(0); realmRep.setAttributes(originalAttributes); testRealm().update(realmRep); } }
Example 6
Source File: ResetPasswordTest.java From keycloak with Apache License 2.0 | 4 votes |
@Test public void resetPasswordExpiredCodeAndAuthSessionPerActionMultipleTimeouts() throws IOException, MessagingException, InterruptedException { RealmRepresentation realmRep = testRealm().toRepresentation(); Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes())); //Make sure that one attribute settings won't affect the other realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).verifyEmailLifespan(300).build()); testRealm().update(realmRep); try { initiateResetPasswordFromResetPasswordPage("login-test"); events.expectRequiredAction(EventType.SEND_RESET_PASSWORD) .session((String)null) .user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent(); assertEquals(1, greenMail.getReceivedMessages().length); MimeMessage message = greenMail.getReceivedMessages()[0]; String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message).replace("&", "&"); setTimeOffset(70); log.debug("Going to reset password URI."); driver.navigate().to(oauth.AUTH_SERVER_ROOT + "/realms/test/login-actions/reset-credentials"); // This is necessary to delete KC_RESTART cookie that is restricted to /auth/realms/test path log.debug("Removing cookies."); driver.manage().deleteAllCookies(); driver.navigate().to(changePasswordUrl.trim()); errorPage.assertCurrent(); Assert.assertEquals("Action expired.", errorPage.getError()); String backToAppLink = errorPage.getBackToApplicationLink(); Assert.assertTrue(backToAppLink.endsWith("/app/auth")); events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent(); } finally { setTimeOffset(0); realmRep.setAttributes(originalAttributes); testRealm().update(realmRep); } }
Example 7
Source File: ResetPasswordTest.java From keycloak with Apache License 2.0 | 4 votes |
@Test public void resetPasswordExpiredCodeForgotPasswordFlowPerActionLifespan() throws IOException, MessagingException, InterruptedException { RealmRepresentation realmRep = testRealm().toRepresentation(); Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes())); realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).build()); testRealm().update(realmRep); try { // Redirect directly to KC "forgot password" endpoint instead of "authenticate" endpoint String loginUrl = oauth.getLoginFormUrl(); String forgotPasswordUrl = loginUrl.replace("/auth?", "/forgot-credentials?"); // Workaround, but works driver.navigate().to(forgotPasswordUrl); resetPasswordPage.assertCurrent(); resetPasswordPage.changePassword("login-test"); loginPage.assertCurrent(); assertEquals("You should receive an email shortly with further instructions.", loginPage.getSuccessMessage()); expectedMessagesCount++; events.expectRequiredAction(EventType.SEND_RESET_PASSWORD) .session((String)null) .user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent(); assertEquals(1, greenMail.getReceivedMessages().length); MimeMessage message = greenMail.getReceivedMessages()[0]; String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message); setTimeOffset(70); driver.navigate().to(changePasswordUrl.trim()); resetPasswordPage.assertCurrent(); assertEquals("Action expired. Please start again.", loginPage.getError()); events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent(); } finally { setTimeOffset(0); realmRep.setAttributes(originalAttributes); testRealm().update(realmRep); } }
Example 8
Source File: ResetPasswordTest.java From keycloak with Apache License 2.0 | 4 votes |
@Test public void resetPasswordExpiredCodeForgotPasswordFlowPerActionMultipleTimeouts() throws IOException, MessagingException, InterruptedException { RealmRepresentation realmRep = testRealm().toRepresentation(); Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes())); //Make sure that one attribute settings won't affect the other realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).verifyEmailLifespan(300).build()); testRealm().update(realmRep); try { // Redirect directly to KC "forgot password" endpoint instead of "authenticate" endpoint String loginUrl = oauth.getLoginFormUrl(); String forgotPasswordUrl = loginUrl.replace("/auth?", "/forgot-credentials?"); // Workaround, but works driver.navigate().to(forgotPasswordUrl); resetPasswordPage.assertCurrent(); resetPasswordPage.changePassword("login-test"); loginPage.assertCurrent(); assertEquals("You should receive an email shortly with further instructions.", loginPage.getSuccessMessage()); expectedMessagesCount++; events.expectRequiredAction(EventType.SEND_RESET_PASSWORD) .session((String)null) .user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent(); assertEquals(1, greenMail.getReceivedMessages().length); MimeMessage message = greenMail.getReceivedMessages()[0]; String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message); setTimeOffset(70); driver.navigate().to(changePasswordUrl.trim()); resetPasswordPage.assertCurrent(); assertEquals("Action expired. Please start again.", loginPage.getError()); events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent(); } finally { setTimeOffset(0); realmRep.setAttributes(originalAttributes); testRealm().update(realmRep); } }
Example 9
Source File: RequiredActionEmailVerificationTest.java From keycloak with Apache License 2.0 | 4 votes |
@Test public void verifyEmailExpiredCodedPerActionLifespan() throws IOException, MessagingException { RealmRepresentation realmRep = testRealm().toRepresentation(); Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes())); realmRep.setAttributes(UserActionTokenBuilder.create().verifyEmailLifespan(60).build()); testRealm().update(realmRep); loginPage.open(); loginPage.login("test-user@localhost", "password"); verifyEmailPage.assertCurrent(); Assert.assertEquals(1, greenMail.getReceivedMessages().length); MimeMessage message = greenMail.getLastReceivedMessage(); String verificationUrl = getPasswordResetEmailLink(message); events.poll(); try { setTimeOffset(70); driver.navigate().to(verificationUrl.trim()); loginPage.assertCurrent(); assertEquals("Action expired. Please start again.", loginPage.getError()); events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR) .error(Errors.EXPIRED_CODE) .client((String)null) .user(testUserId) .session((String)null) .clearDetails() .detail(Details.ACTION, VerifyEmailActionToken.TOKEN_TYPE) .assertEvent(); } finally { setTimeOffset(0); realmRep.setAttributes(originalAttributes); testRealm().update(realmRep); } }
Example 10
Source File: RequiredActionEmailVerificationTest.java From keycloak with Apache License 2.0 | 4 votes |
@Test public void verifyEmailExpiredCodedPerActionMultipleTimeouts() throws IOException, MessagingException { RealmRepresentation realmRep = testRealm().toRepresentation(); Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes())); //Make sure that one attribute settings won't affect the other realmRep.setAttributes(UserActionTokenBuilder.create().verifyEmailLifespan(60).resetCredentialsLifespan(300).build()); testRealm().update(realmRep); loginPage.open(); loginPage.login("test-user@localhost", "password"); verifyEmailPage.assertCurrent(); Assert.assertEquals(1, greenMail.getReceivedMessages().length); MimeMessage message = greenMail.getLastReceivedMessage(); String verificationUrl = getPasswordResetEmailLink(message); events.poll(); try { setTimeOffset(70); driver.navigate().to(verificationUrl.trim()); loginPage.assertCurrent(); assertEquals("Action expired. Please start again.", loginPage.getError()); events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR) .error(Errors.EXPIRED_CODE) .client((String)null) .user(testUserId) .session((String)null) .clearDetails() .detail(Details.ACTION, VerifyEmailActionToken.TOKEN_TYPE) .assertEvent(); } finally { setTimeOffset(0); realmRep.setAttributes(originalAttributes); testRealm().update(realmRep); } }
Example 11
Source File: ResetPasswordTest.java From keycloak with Apache License 2.0 | 3 votes |
@Test public void resetPasswordExpiredCodeShortPerActionLifespan() throws IOException, MessagingException, InterruptedException { RealmRepresentation realmRep = testRealm().toRepresentation(); Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes())); realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).build()); testRealm().update(realmRep); try { initiateResetPasswordFromResetPasswordPage("login-test"); events.expectRequiredAction(EventType.SEND_RESET_PASSWORD) .session((String)null) .user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent(); assertEquals(1, greenMail.getReceivedMessages().length); MimeMessage message = greenMail.getReceivedMessages()[0]; String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message); setTimeOffset(70); driver.navigate().to(changePasswordUrl.trim()); loginPage.assertCurrent(); assertEquals("Action expired. Please start again.", loginPage.getError()); events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent(); } finally { setTimeOffset(0); realmRep.setAttributes(originalAttributes); testRealm().update(realmRep); } }
Example 12
Source File: ResetPasswordTest.java From keycloak with Apache License 2.0 | 3 votes |
@Test public void resetPasswordExpiredCodeShortPerActionMultipleTimeouts() throws IOException, MessagingException, InterruptedException { RealmRepresentation realmRep = testRealm().toRepresentation(); Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes())); //Make sure that one attribute settings won't affect the other realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).verifyEmailLifespan(300).build()); testRealm().update(realmRep); try { initiateResetPasswordFromResetPasswordPage("login-test"); events.expectRequiredAction(EventType.SEND_RESET_PASSWORD) .session((String)null) .user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "login@test.com").assertEvent(); assertEquals(1, greenMail.getReceivedMessages().length); MimeMessage message = greenMail.getReceivedMessages()[0]; String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message); setTimeOffset(70); driver.navigate().to(changePasswordUrl.trim()); loginPage.assertCurrent(); assertEquals("Action expired. Please start again.", loginPage.getError()); events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent(); } finally { setTimeOffset(0); realmRep.setAttributes(originalAttributes); testRealm().update(realmRep); } }