Java Code Examples for org.keycloak.models.ClientModel#addProtocolMapper()

The following examples show how to use org.keycloak.models.ClientModel#addProtocolMapper() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ClientModelTest.java    From keycloak with Apache License 2.0 6 votes vote down vote up
private ClientModel setUpClient(RealmModel realm) {
    ClientModel client = realm.addClient("application");
    client.setName("Application");
    client.setDescription("Description");
    client.setBaseUrl("http://base");
    client.setManagementUrl("http://management");
    client.setClientId("app-name");
    client.setProtocol("openid-connect");
    client.addRole("role-1");
    client.addRole("role-2");
    client.addRole("role-3");
    client.addDefaultRole("role-1");
    client.addDefaultRole("role-2");
    client.addRedirectUri("redirect-1");
    client.addRedirectUri("redirect-2");
    client.addWebOrigin("origin-1");
    client.addWebOrigin("origin-2");
    client.registerNode("node1", 10);
    client.registerNode("10.20.30.40", 50);
    client.addProtocolMapper(AddressMapper.createAddressMapper());
    client.updateClient();
    return client;
}
 
Example 2
Source File: MigrateTo9_0_0.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected void addAccountConsoleClient(RealmModel realm) {
    if (realm.getClientByClientId(Constants.ACCOUNT_CONSOLE_CLIENT_ID) == null) {
        ClientModel client = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_CONSOLE_CLIENT_ID);
        client.setName("${client_" + Constants.ACCOUNT_CONSOLE_CLIENT_ID + "}");
        client.setEnabled(true);
        client.setFullScopeAllowed(false);
        client.setPublicClient(true);
        client.setDirectAccessGrantsEnabled(false);

        client.setRootUrl(Constants.AUTH_BASE_URL_PROP);
        String baseUrl = "/realms/" + realm.getName() + "/account/";
        client.setBaseUrl(baseUrl);
        client.addRedirectUri(baseUrl + "*");

        client.setProtocol("openid-connect");

        RoleModel role = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).getRole(AccountRoles.MANAGE_ACCOUNT);
        if (role != null) client.addScopeMapping(role);

        ProtocolMapperModel audienceMapper = new ProtocolMapperModel();
        audienceMapper.setName("audience resolve");
        audienceMapper.setProtocol("openid-connect");
        audienceMapper.setProtocolMapper("oidc-audience-resolve-mapper");

        client.addProtocolMapper(audienceMapper);
    }
}
 
Example 3
Source File: RepresentationToModel.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static void updateClientProtocolMappers(ClientRepresentation rep, ClientModel resource) {

        if (rep.getProtocolMappers() != null) {
            Map<String,ProtocolMapperModel> existingProtocolMappers = new HashMap<>();
            for (ProtocolMapperModel existingProtocolMapper : resource.getProtocolMappers()) {
                existingProtocolMappers.put(generateProtocolNameKey(existingProtocolMapper.getProtocol(), existingProtocolMapper.getName()), existingProtocolMapper);
            }

            for (ProtocolMapperRepresentation protocolMapperRepresentation : rep.getProtocolMappers()) {
                String protocolNameKey = generateProtocolNameKey(protocolMapperRepresentation.getProtocol(), protocolMapperRepresentation.getName());
                ProtocolMapperModel existingMapper = existingProtocolMappers.get(protocolNameKey);
                    if (existingMapper != null) {
                        ProtocolMapperModel updatedProtocolMapperModel = toModel(protocolMapperRepresentation);
                        updatedProtocolMapperModel.setId(existingMapper.getId());
                        resource.updateProtocolMapper(updatedProtocolMapperModel);

                        existingProtocolMappers.remove(protocolNameKey);

                } else {
                    resource.addProtocolMapper(toModel(protocolMapperRepresentation));
                }
            }

            for (Map.Entry<String, ProtocolMapperModel> entryToDelete : existingProtocolMappers.entrySet()) {
                resource.removeProtocolMapper(entryToDelete.getValue());
            }
        }
    }
 
Example 4
Source File: RealmManager.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected void setupAdminConsoleLocaleMapper(RealmModel realm) {
    ClientModel adminConsole = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
    ProtocolMapperModel localeMapper = adminConsole.getProtocolMapperByName(OIDCLoginProtocol.LOGIN_PROTOCOL, OIDCLoginProtocolFactory.LOCALE);

    if (localeMapper == null) {
        localeMapper = ProtocolMapperUtils.findLocaleMapper(session);
        if (localeMapper != null) {
            adminConsole.addProtocolMapper(localeMapper);
        }
    }
}
 
Example 5
Source File: CASLoginProtocolFactory.java    From keycloak-protocol-cas with Apache License 2.0 4 votes vote down vote up
@Override
protected void addDefaults(ClientModel client) {
    for (ProtocolMapperModel model : defaultBuiltins) client.addProtocolMapper(model);
}
 
Example 6
Source File: ClientTokenExchangeTest.java    From keycloak with Apache License 2.0 4 votes vote down vote up
public static void setupRealm(KeycloakSession session) {
    addDirectExchanger(session);

    RealmModel realm = session.realms().getRealmByName(TEST);
    RoleModel exampleRole = realm.getRole("example");

    AdminPermissionManagement management = AdminPermissions.management(session, realm);
    ClientModel target = realm.getClientByClientId("target");
    assertNotNull(target);

    RoleModel impersonateRole = management.getRealmManagementClient().getRole(ImpersonationConstants.IMPERSONATION_ROLE);

    ClientModel clientExchanger = realm.addClient("client-exchanger");
    clientExchanger.setClientId("client-exchanger");
    clientExchanger.setPublicClient(false);
    clientExchanger.setDirectAccessGrantsEnabled(true);
    clientExchanger.setEnabled(true);
    clientExchanger.setSecret("secret");
    clientExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    clientExchanger.setFullScopeAllowed(false);
    clientExchanger.addScopeMapping(impersonateRole);
    clientExchanger.addProtocolMapper(UserSessionNoteMapper.createUserSessionNoteMapper(IMPERSONATOR_ID));
    clientExchanger.addProtocolMapper(UserSessionNoteMapper.createUserSessionNoteMapper(IMPERSONATOR_USERNAME));

    ClientModel illegal = realm.addClient("illegal");
    illegal.setClientId("illegal");
    illegal.setPublicClient(false);
    illegal.setDirectAccessGrantsEnabled(true);
    illegal.setEnabled(true);
    illegal.setSecret("secret");
    illegal.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    illegal.setFullScopeAllowed(false);

    ClientModel legal = realm.addClient("legal");
    legal.setClientId("legal");
    legal.setPublicClient(false);
    legal.setDirectAccessGrantsEnabled(true);
    legal.setEnabled(true);
    legal.setSecret("secret");
    legal.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    legal.setFullScopeAllowed(false);

    ClientModel directLegal = realm.addClient("direct-legal");
    directLegal.setClientId("direct-legal");
    directLegal.setPublicClient(false);
    directLegal.setDirectAccessGrantsEnabled(true);
    directLegal.setEnabled(true);
    directLegal.setSecret("secret");
    directLegal.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    directLegal.setFullScopeAllowed(false);

    ClientModel directPublic = realm.addClient("direct-public");
    directPublic.setClientId("direct-public");
    directPublic.setPublicClient(true);
    directPublic.setDirectAccessGrantsEnabled(true);
    directPublic.setEnabled(true);
    directPublic.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    directPublic.setFullScopeAllowed(false);

    ClientModel directNoSecret = realm.addClient("direct-no-secret");
    directNoSecret.setClientId("direct-no-secret");
    directNoSecret.setPublicClient(false);
    directNoSecret.setDirectAccessGrantsEnabled(true);
    directNoSecret.setEnabled(true);
    directNoSecret.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    directNoSecret.setFullScopeAllowed(false);

    // permission for client to client exchange to "target" client
    ClientPolicyRepresentation clientRep = new ClientPolicyRepresentation();
    clientRep.setName("to");
    clientRep.addClient(clientExchanger.getId());
    clientRep.addClient(legal.getId());
    clientRep.addClient(directLegal.getId());

    ResourceServer server = management.realmResourceServer();
    Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server);
    management.clients().exchangeToPermission(target).addAssociatedPolicy(clientPolicy);

    // permission for user impersonation for a client

    ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation();
    clientImpersonateRep.setName("clientImpersonators");
    clientImpersonateRep.addClient(directLegal.getId());
    clientImpersonateRep.addClient(directPublic.getId());
    clientImpersonateRep.addClient(directNoSecret.getId());
    server = management.realmResourceServer();
    Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server);
    management.users().setPermissionsEnabled(true);
    management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy);
    management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);

    UserModel user = session.users().addUser(realm, "user");
    user.setEnabled(true);
    session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password("password"));
    user.grantRole(exampleRole);
    user.grantRole(impersonateRole);

    UserModel bad = session.users().addUser(realm, "bad-impersonator");
    bad.setEnabled(true);
    session.userCredentialManager().updateCredential(realm, bad, UserCredentialModel.password("password"));
}
 
Example 7
Source File: RealmManager.java    From keycloak with Apache License 2.0 4 votes vote down vote up
private void setupAccountManagement(RealmModel realm) {
    ClientModel accountClient = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
    if (accountClient == null) {
        accountClient = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
        accountClient.setName("${client_" + Constants.ACCOUNT_MANAGEMENT_CLIENT_ID + "}");
        accountClient.setEnabled(true);
        accountClient.setAlwaysDisplayInConsole(false);
        accountClient.setFullScopeAllowed(false);

        accountClient.setRootUrl(Constants.AUTH_BASE_URL_PROP);
        String baseUrl = "/realms/" + realm.getName() + "/account/";
        accountClient.setBaseUrl(baseUrl);
        accountClient.addRedirectUri(baseUrl + "*");

        accountClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);

        for (String role : AccountRoles.ALL) {
            accountClient.addDefaultRole(role);
            RoleModel roleModel = accountClient.getRole(role);
            roleModel.setDescription("${role_" + role + "}");
        }
        RoleModel manageAccountLinks = accountClient.addRole(AccountRoles.MANAGE_ACCOUNT_LINKS);
        manageAccountLinks.setDescription("${role_" + AccountRoles.MANAGE_ACCOUNT_LINKS + "}");
        RoleModel manageAccount = accountClient.getRole(AccountRoles.MANAGE_ACCOUNT);
        manageAccount.addCompositeRole(manageAccountLinks);
        RoleModel viewAppRole = accountClient.addRole(AccountRoles.VIEW_APPLICATIONS);
        viewAppRole.setDescription("${role_" + AccountRoles.VIEW_APPLICATIONS + "}");
        RoleModel viewConsentRole = accountClient.addRole(AccountRoles.VIEW_CONSENT);
        viewConsentRole.setDescription("${role_" + AccountRoles.VIEW_CONSENT + "}");
        RoleModel manageConsentRole = accountClient.addRole(AccountRoles.MANAGE_CONSENT);
        manageConsentRole.setDescription("${role_" + AccountRoles.MANAGE_CONSENT + "}");
        manageConsentRole.addCompositeRole(viewConsentRole);

        ClientModel accountConsoleClient = realm.getClientByClientId(Constants.ACCOUNT_CONSOLE_CLIENT_ID);
        if (accountConsoleClient == null) {
            accountConsoleClient = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_CONSOLE_CLIENT_ID);
            accountConsoleClient.setName("${client_" + Constants.ACCOUNT_CONSOLE_CLIENT_ID + "}");
            accountConsoleClient.setEnabled(true);
            accountConsoleClient.setAlwaysDisplayInConsole(false);
            accountConsoleClient.setFullScopeAllowed(false);
            accountConsoleClient.setPublicClient(true);
            accountConsoleClient.setDirectAccessGrantsEnabled(false);

            accountConsoleClient.setRootUrl(Constants.AUTH_BASE_URL_PROP);
            accountConsoleClient.setBaseUrl(baseUrl);
            accountConsoleClient.addRedirectUri(baseUrl + "*");

            accountConsoleClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);

            accountConsoleClient.addScopeMapping(accountClient.getRole(AccountRoles.MANAGE_ACCOUNT));

            ProtocolMapperModel audienceMapper = new ProtocolMapperModel();
            audienceMapper.setName(OIDCLoginProtocolFactory.AUDIENCE_RESOLVE);
            audienceMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
            audienceMapper.setProtocolMapper(AudienceResolveProtocolMapper.PROVIDER_ID);

            accountConsoleClient.addProtocolMapper(audienceMapper);

            accountConsoleClient.setAttribute(OIDCConfigAttributes.PKCE_CODE_CHALLENGE_METHOD, "S256");
        }
    }
}