Java Code Examples for org.keycloak.representations.idm.UserRepresentation#singleAttribute()
The following examples show how to use
org.keycloak.representations.idm.UserRepresentation#singleAttribute() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: X509DirectGrantTest.java From keycloak with Apache License 2.0 | 6 votes |
private void loginForceTemporaryAccountLock() throws Exception { X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel() .setMappingSourceType(ISSUERDN) .setRegularExpression("OU=(.*?)(?:,|$)") .setUserIdentityMapperType(USER_ATTRIBUTE) .setCustomAttributeName("x509_certificate_identity"); AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", config.getConfig()); String cfgId = createConfig(directGrantExecution.getId(), cfg); Assert.assertNotNull(cfgId); UserRepresentation user = testRealm().users().get(userId).toRepresentation(); Assert.assertNotNull(user); user.singleAttribute("x509_certificate_identity", "-"); this.updateUser(user); events.clear(); oauth.clientId("resource-owner"); oauth.doGrantAccessTokenRequest("secret", "", "", null); oauth.doGrantAccessTokenRequest("secret", "", "", null); oauth.doGrantAccessTokenRequest("secret", "", "", null); events.clear(); }
Example 2
Source File: X509BrowserLoginIssuerDnTest.java From keycloak with Apache License 2.0 | 5 votes |
private String setup(boolean canonicalDnEnabled) throws Exception { String issuerDn = canonicalDnEnabled ? "1.2.840.113549.1.9.1=#1614636f6e74616374406b6579636c6f616b2e6f7267,cn=keycloak intermediate ca,ou=keycloak,o=red hat,st=ma,c=us" : "[email protected], CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US"; UserRepresentation user = findUser("test-user@localhost"); user.singleAttribute("x509_certificate_identity", issuerDn); updateUser(user); return issuerDn; }
Example 3
Source File: X509BrowserLoginSubjectDnTest.java From keycloak with Apache License 2.0 | 5 votes |
private String setup(boolean canonicalDnEnabled) throws Exception { String subjectDn = canonicalDnEnabled ? "1.2.840.113549.1.9.1=#1613746573742d75736572406c6f63616c686f7374,cn=test-user,ou=keycloak,o=red hat,l=boston,st=ma,c=us" : "EMAILADDRESS=test-user@localhost, CN=test-user, OU=Keycloak, O=Red Hat, L=Boston, ST=MA, C=US"; UserRepresentation user = findUser("test-user@localhost"); user.singleAttribute("x509_certificate_identity",subjectDn); updateUser(user); return subjectDn; }
Example 4
Source File: X509DirectGrantTest.java From keycloak with Apache License 2.0 | 5 votes |
@Test public void loginFailedOnDuplicateUsers() throws Exception { AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", createLoginIssuerDN_OU2CustomAttributeConfig().getConfig()); String cfgId = createConfig(directGrantExecution.getId(), cfg); Assert.assertNotNull(cfgId); // Set up the users so that the identity extracted from X509 client cert // matches more than a single user to trigger DuplicateModelException. UserRepresentation user = testRealm().users().get(userId2).toRepresentation(); Assert.assertNotNull(user); user.singleAttribute("x509_certificate_identity", "Red Hat"); this.updateUser(user); user = testRealm().users().get(userId).toRepresentation(); Assert.assertNotNull(user); user.singleAttribute("x509_certificate_identity", "Red Hat"); this.updateUser(user); events.clear(); oauth.clientId("resource-owner"); OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null); assertEquals(401, response.getStatusCode()); assertEquals("invalid_request", response.getError()); Assert.assertThat(response.getErrorDescription(), containsString("X509 certificate authentication's failed.")); }
Example 5
Source File: X509DirectGrantTest.java From keycloak with Apache License 2.0 | 5 votes |
@Test public void loginFailedOnInvalidUser() throws Exception { AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", createLoginIssuerDN_OU2CustomAttributeConfig().getConfig()); String cfgId = createConfig(directGrantExecution.getId(), cfg); Assert.assertNotNull(cfgId); UserRepresentation user = testRealm().users().get(userId2).toRepresentation(); Assert.assertNotNull(user); user.singleAttribute("x509_certificate_identity", "-"); this.updateUser(user); events.clear(); oauth.clientId("resource-owner"); OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null); events.expectLogin() .user((String) null) .session((String) null) .error(Errors.INVALID_USER_CREDENTIALS) .client("resource-owner") .removeDetail(Details.CODE_ID) .removeDetail(Details.USERNAME) .removeDetail(Details.CONSENT) .removeDetail(Details.REDIRECT_URI) .assertEvent(); assertEquals(401, response.getStatusCode()); assertEquals("invalid_grant", response.getError()); assertEquals("Invalid user credentials", response.getErrorDescription()); }
Example 6
Source File: X509BrowserLoginTest.java From keycloak with Apache License 2.0 | 5 votes |
@Test public void loginAsUserFromCertSerialnumberAndIssuerDNMappedToUserAttribute() { UserRepresentation user = testRealm().users().get(userId2).toRepresentation(); Assert.assertNotNull(user); user.singleAttribute("x509_certificate_serialnumber", "4105"); user.singleAttribute("x509_issuer_dn", "[email protected], CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US"); this.updateUser(user); events.clear(); x509BrowserLogin(createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SERIALNUMBER_ISSUERDN, "x509_certificate_serialnumber##x509_issuer_dn"), userId2, "keycloak", "4105##[email protected], CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US"); }
Example 7
Source File: X509BrowserLoginTest.java From keycloak with Apache License 2.0 | 5 votes |
@Test public void loginAsUserFromHexCertSerialnumberAndIssuerDNMappedToUserAttribute() { UserRepresentation user = testRealm().users().get(userId2).toRepresentation(); Assert.assertNotNull(user); user.singleAttribute("x509_certificate_serialnumber", "1009"); user.singleAttribute("x509_issuer_dn", "[email protected], CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US"); this.updateUser(user); events.clear(); X509AuthenticatorConfigModel config = createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SERIALNUMBER_ISSUERDN, "x509_certificate_serialnumber##x509_issuer_dn"); config.setSerialnumberHex(true); x509BrowserLogin(config, userId2, "keycloak", "1009##[email protected], CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US"); }
Example 8
Source File: X509BrowserLoginTest.java From keycloak with Apache License 2.0 | 5 votes |
@Test public void loginAsUserFromCertSHA256MappedToUserAttribute() { UserRepresentation user = testRealm().users().get(userId2).toRepresentation(); Assert.assertNotNull(user); user.singleAttribute("x509_cert_sha256thumbprint", "71237a14c118a90cc8406f14d039ed3431c9065f68e535293ee919d4c33b5e15"); this.updateUser(user); events.clear(); x509BrowserLogin(createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SHA256_THUMBPRINT, "x509_cert_sha256thumbprint"), userId2, "keycloak", "71237a14c118a90cc8406f14d039ed3431c9065f68e535293ee919d4c33b5e15"); }
Example 9
Source File: X509BrowserLoginTest.java From keycloak with Apache License 2.0 | 5 votes |
@Test public void loginAsUserFromCertSerialNumberMappedToUserAttribute() { UserRepresentation user = testRealm().users().get(userId2).toRepresentation(); Assert.assertNotNull(user); user.singleAttribute("x509_serial_number", "4105"); this.updateUser(user); events.clear(); x509BrowserLogin(createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SERIALNUMBER, "x509_serial_number"), userId2, "keycloak", "4105"); }
Example 10
Source File: X509BrowserLoginTest.java From keycloak with Apache License 2.0 | 5 votes |
@Test public void loginAsUserFromHexCertSerialNumberMappedToUserAttribute() { UserRepresentation user = testRealm().users().get(userId2).toRepresentation(); Assert.assertNotNull(user); user.singleAttribute("x509_serial_number", "1009"); this.updateUser(user); events.clear(); X509AuthenticatorConfigModel config = createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SERIALNUMBER, "x509_serial_number"); config.setSerialnumberHex(true); x509BrowserLogin(config, userId2, "keycloak", "1009"); }
Example 11
Source File: X509BrowserLoginTest.java From keycloak with Apache License 2.0 | 5 votes |
@Test public void loginDuplicateUsersNotAllowed() { AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", createLoginIssuerDN_OU2CustomAttributeConfig().getConfig()); String cfgId = createConfig(browserExecution.getId(), cfg); Assert.assertNotNull(cfgId); // Set up the users so that the identity extracted from X509 client cert // matches more than a single user to trigger DuplicateModelException. UserRepresentation user = testRealm().users().get(userId2).toRepresentation(); Assert.assertNotNull(user); user.singleAttribute("x509_certificate_identity", "Red Hat"); this.updateUser(user); user = testRealm().users().get(userId).toRepresentation(); Assert.assertNotNull(user); user.singleAttribute("x509_certificate_identity", "Red Hat"); this.updateUser(user); events.clear(); loginPage.open(); Assert.assertThat(loginPage.getError(), containsString("X509 certificate authentication's failed.")); loginPage.login("test-user@localhost", "password"); Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); events.expectLogin() .user(userId) .detail(Details.USERNAME, "test-user@localhost") .removeDetail(Details.REDIRECT_URI) .assertEvent(); }
Example 12
Source File: X509BrowserLoginTest.java From keycloak with Apache License 2.0 | 5 votes |
@Test public void loginWithX509CertCustomAttributeSuccess() { X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel() .setConfirmationPageAllowed(true) .setMappingSourceType(SUBJECTDN) .setRegularExpression("O=(.*?)(?:,|$)") .setCustomAttributeName("x509_certificate_identity") .setUserIdentityMapperType(USER_ATTRIBUTE); AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", config.getConfig()); String cfgId = createConfig(browserExecution.getId(), cfg); Assert.assertNotNull(cfgId); // Update the attribute used to match the user identity to that // extracted from the client certificate UserRepresentation user = findUser("test-user@localhost"); Assert.assertNotNull(user); user.singleAttribute("x509_certificate_identity", "Red Hat"); this.updateUser(user); events.clear(); loginConfirmationPage.open(); Assert.assertTrue(loginConfirmationPage.getSubjectDistinguishedNameText().startsWith("EMAILADDRESS=test-user@localhost")); Assert.assertEquals("test-user@localhost", loginConfirmationPage.getUsernameText()); loginConfirmationPage.confirm(); Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); }
Example 13
Source File: AbstractX509AuthenticationTest.java From keycloak with Apache License 2.0 | 4 votes |
@Before public void configureFlows() { authMgmtResource = adminClient.realms().realm(REALM_NAME).flows(); AuthenticationFlowRepresentation browserFlow = copyBrowserFlow(); Assert.assertNotNull(browserFlow); AuthenticationFlowRepresentation directGrantFlow = createDirectGrantFlow(); Assert.assertNotNull(directGrantFlow); setBrowserFlow(browserFlow); Assert.assertEquals(testRealm().toRepresentation().getBrowserFlow(), browserFlow.getAlias()); setDirectGrantFlow(directGrantFlow); Assert.assertEquals(testRealm().toRepresentation().getDirectGrantFlow(), directGrantFlow.getAlias()); Assert.assertEquals(0, directGrantFlow.getAuthenticationExecutions().size()); // Add X509 cert authenticator to the direct grant flow directGrantExecution = addAssertExecution(directGrantFlow, ValidateX509CertificateUsernameFactory.PROVIDER_ID, REQUIRED); Assert.assertNotNull(directGrantExecution); directGrantFlow = authMgmtResource.getFlow(directGrantFlow.getId()); Assert.assertNotNull(directGrantFlow.getAuthenticationExecutions()); Assert.assertEquals(1, directGrantFlow.getAuthenticationExecutions().size()); // Add X509 authenticator to the browser flow browserExecution = addAssertExecution(browserFlow, X509ClientCertificateAuthenticatorFactory.PROVIDER_ID, ALTERNATIVE); Assert.assertNotNull(browserExecution); // Raise the priority of the authenticator to position it right before // the Username/password authentication // TODO find a better, more explicit way to specify the position // of authenticator within the flow relative to other authenticators authMgmtResource.raisePriority(browserExecution.getId()); // TODO raising the priority didn't generate the event? //assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authRaiseExecutionPath(exec.getId())); UserRepresentation user = findUser("test-user@localhost"); userId = user.getId(); user.singleAttribute("x509_certificate_identity","-"); user.singleAttribute("alternative_email", "test-user-altmail@localhost"); user.singleAttribute("upn", "test_upn_name@localhost"); updateUser(user); }
Example 14
Source File: UserTest.java From keycloak with Apache License 2.0 | 4 votes |
@Test public void attributes() { UserRepresentation user1 = new UserRepresentation(); user1.setUsername("user1"); user1.singleAttribute("attr1", "value1user1"); user1.singleAttribute("attr2", "value2user1"); String user1Id = createUser(user1); UserRepresentation user2 = new UserRepresentation(); user2.setUsername("user2"); user2.singleAttribute("attr1", "value1user2"); List<String> vals = new ArrayList<>(); vals.add("value2user2"); vals.add("value2user2_2"); user2.getAttributes().put("attr2", vals); String user2Id = createUser(user2); user1 = realm.users().get(user1Id).toRepresentation(); assertEquals(2, user1.getAttributes().size()); assertAttributeValue("value1user1", user1.getAttributes().get("attr1")); assertAttributeValue("value2user1", user1.getAttributes().get("attr2")); user2 = realm.users().get(user2Id).toRepresentation(); assertEquals(2, user2.getAttributes().size()); assertAttributeValue("value1user2", user2.getAttributes().get("attr1")); vals = user2.getAttributes().get("attr2"); assertEquals(2, vals.size()); assertTrue(vals.contains("value2user2") && vals.contains("value2user2_2")); user1.singleAttribute("attr1", "value3user1"); user1.singleAttribute("attr3", "value4user1"); updateUser(realm.users().get(user1Id), user1); user1 = realm.users().get(user1Id).toRepresentation(); assertEquals(3, user1.getAttributes().size()); assertAttributeValue("value3user1", user1.getAttributes().get("attr1")); assertAttributeValue("value2user1", user1.getAttributes().get("attr2")); assertAttributeValue("value4user1", user1.getAttributes().get("attr3")); user1.getAttributes().remove("attr1"); updateUser(realm.users().get(user1Id), user1); user1 = realm.users().get(user1Id).toRepresentation(); assertEquals(2, user1.getAttributes().size()); assertAttributeValue("value2user1", user1.getAttributes().get("attr2")); assertAttributeValue("value4user1", user1.getAttributes().get("attr3")); user1.getAttributes().clear(); updateUser(realm.users().get(user1Id), user1); user1 = realm.users().get(user1Id).toRepresentation(); assertNull(user1.getAttributes()); }
Example 15
Source File: EmailTest.java From keycloak with Apache License 2.0 | 4 votes |
private void changeUserLocale(String locale) { UserRepresentation user = findUser("login-test"); user.singleAttribute(UserModel.LOCALE, locale); ApiUtil.findUserByUsernameId(testRealm(), "login-test").update(user); }
Example 16
Source File: X509BrowserLoginTest.java From keycloak with Apache License 2.0 | 3 votes |
@Test public void loginAsUserFromCertIssuerDNMappedToUserAttribute() { UserRepresentation user = testRealm().users().get(userId2).toRepresentation(); Assert.assertNotNull(user); user.singleAttribute("x509_certificate_identity", "Red Hat"); this.updateUser(user); events.clear(); x509BrowserLogin(createLoginIssuerDN_OU2CustomAttributeConfig(), userId2, "keycloak", "Red Hat"); }