Java Code Examples for org.keycloak.models.ClientModel#addRedirectUri()
The following examples show how to use
org.keycloak.models.ClientModel#addRedirectUri() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: FineGrainAdminUnitTest.java From keycloak with Apache License 2.0 | 6 votes |
|
private static void setupTokenExchange(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("master");
ClientModel client = session.realms().getClientByClientId("kcinit", realm);
if (client != null) {
return;
}
ClientModel kcinit = realm.addClient("kcinit");
kcinit.setEnabled(true);
kcinit.addRedirectUri("http://localhost:*");
kcinit.setPublicClient(false);
kcinit.setSecret("password");
kcinit.setDirectAccessGrantsEnabled(true);
// permission for client to client exchange to "target" client
ClientModel adminCli = realm.getClientByClientId(ConfigUtil.DEFAULT_CLIENT);
AdminPermissionManagement management = AdminPermissions.management(session, realm);
management.clients().setPermissionsEnabled(adminCli, true);
ClientPolicyRepresentation clientRep = new ClientPolicyRepresentation();
clientRep.setName("to");
clientRep.addClient(kcinit.getId());
ResourceServer server = management.realmResourceServer();
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server);
management.clients().exchangeToPermission(adminCli).addAssociatedPolicy(clientPolicy);
}
Example 2
| Source File: ClientModelTest.java From keycloak with Apache License 2.0 | 6 votes |
|
private ClientModel setUpClient(RealmModel realm) {
ClientModel client = realm.addClient("application");
client.setName("Application");
client.setDescription("Description");
client.setBaseUrl("http://base");
client.setManagementUrl("http://management");
client.setClientId("app-name");
client.setProtocol("openid-connect");
client.addRole("role-1");
client.addRole("role-2");
client.addRole("role-3");
client.addDefaultRole("role-1");
client.addDefaultRole("role-2");
client.addRedirectUri("redirect-1");
client.addRedirectUri("redirect-2");
client.addWebOrigin("origin-1");
client.addWebOrigin("origin-2");
client.registerNode("node1", 10);
client.registerNode("10.20.30.40", 50);
client.addProtocolMapper(AddressMapper.createAddressMapper());
client.updateClient();
return client;
}
Example 3
| Source File: RealmManager.java From keycloak with Apache License 2.0 | 6 votes |
|
protected void setupAdminConsole(RealmModel realm) {
ClientModel adminConsole = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
if (adminConsole == null) adminConsole = KeycloakModelUtils.createClient(realm, Constants.ADMIN_CONSOLE_CLIENT_ID);
adminConsole.setName("${client_" + Constants.ADMIN_CONSOLE_CLIENT_ID + "}");
adminConsole.setRootUrl(Constants.AUTH_ADMIN_URL_PROP);
String baseUrl = "/admin/" + realm.getName() + "/console/";
adminConsole.setBaseUrl(baseUrl);
adminConsole.addRedirectUri(baseUrl + "*");
adminConsole.setWebOrigins(Collections.singleton("+"));
adminConsole.setEnabled(true);
adminConsole.setAlwaysDisplayInConsole(false);
adminConsole.setPublicClient(true);
adminConsole.setFullScopeAllowed(false);
adminConsole.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
adminConsole.setAttribute(OIDCConfigAttributes.PKCE_CODE_CHALLENGE_METHOD, "S256");
}
Example 4
| Source File: CASLoginProtocolFactory.java From keycloak-protocol-cas with Apache License 2.0 | 5 votes |
|
@Override
public void setupClientDefaults(ClientRepresentation rep, ClientModel newClient) {
if (rep.getRootUrl() != null && (rep.getRedirectUris() == null || rep.getRedirectUris().isEmpty())) {
String root = rep.getRootUrl();
if (root.endsWith("/")) root = root + "*";
else root = root + "/*";
newClient.addRedirectUri(root);
}
if (rep.getAdminUrl() == null && rep.getRootUrl() != null) {
newClient.setManagementUrl(rep.getRootUrl());
}
}
Example 5
| Source File: MigrateTo9_0_0.java From keycloak with Apache License 2.0 | 5 votes |
|
protected void addAccountConsoleClient(RealmModel realm) {
if (realm.getClientByClientId(Constants.ACCOUNT_CONSOLE_CLIENT_ID) == null) {
ClientModel client = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_CONSOLE_CLIENT_ID);
client.setName("${client_" + Constants.ACCOUNT_CONSOLE_CLIENT_ID + "}");
client.setEnabled(true);
client.setFullScopeAllowed(false);
client.setPublicClient(true);
client.setDirectAccessGrantsEnabled(false);
client.setRootUrl(Constants.AUTH_BASE_URL_PROP);
String baseUrl = "/realms/" + realm.getName() + "/account/";
client.setBaseUrl(baseUrl);
client.addRedirectUri(baseUrl + "*");
client.setProtocol("openid-connect");
RoleModel role = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).getRole(AccountRoles.MANAGE_ACCOUNT);
if (role != null) client.addScopeMapping(role);
ProtocolMapperModel audienceMapper = new ProtocolMapperModel();
audienceMapper.setName("audience resolve");
audienceMapper.setProtocol("openid-connect");
audienceMapper.setProtocolMapper("oidc-audience-resolve-mapper");
client.addProtocolMapper(audienceMapper);
}
}
Example 6
| Source File: OIDCLoginProtocolFactory.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
public void setupClientDefaults(ClientRepresentation rep, ClientModel newClient) {
if (rep.getRootUrl() != null && (rep.getRedirectUris() == null || rep.getRedirectUris().isEmpty())) {
String root = rep.getRootUrl();
if (root.endsWith("/")) root = root + "*";
else root = root + "/*";
newClient.addRedirectUri(root);
Set<String> origins = new HashSet<String>();
String origin = UriUtils.getOrigin(root);
logger.debugv("adding default client origin: {0}" , origin);
origins.add(origin);
newClient.setWebOrigins(origins);
}
if (rep.isBearerOnly() == null
&& rep.isPublicClient() == null) {
newClient.setPublicClient(true);
}
if (rep.isBearerOnly() == null) newClient.setBearerOnly(false);
if (rep.getAdminUrl() == null && rep.getRootUrl() != null) {
newClient.setManagementUrl(rep.getRootUrl());
}
// Backwards compatibility only
if (rep.isDirectGrantsOnly() != null) {
ServicesLogger.LOGGER.usingDeprecatedDirectGrantsOnly();
newClient.setStandardFlowEnabled(!rep.isDirectGrantsOnly());
newClient.setDirectAccessGrantsEnabled(rep.isDirectGrantsOnly());
} else {
if (rep.isStandardFlowEnabled() == null) newClient.setStandardFlowEnabled(true);
if (rep.isDirectAccessGrantsEnabled() == null) newClient.setDirectAccessGrantsEnabled(true);
}
if (rep.isImplicitFlowEnabled() == null) newClient.setImplicitFlowEnabled(false);
if (rep.isPublicClient() == null) newClient.setPublicClient(true);
if (rep.isFrontchannelLogout() == null) newClient.setFrontchannelLogout(false);
}
Example 7
| Source File: RealmManager.java From keycloak with Apache License 2.0 | 4 votes |
|
private void setupAccountManagement(RealmModel realm) {
ClientModel accountClient = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
if (accountClient == null) {
accountClient = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
accountClient.setName("${client_" + Constants.ACCOUNT_MANAGEMENT_CLIENT_ID + "}");
accountClient.setEnabled(true);
accountClient.setAlwaysDisplayInConsole(false);
accountClient.setFullScopeAllowed(false);
accountClient.setRootUrl(Constants.AUTH_BASE_URL_PROP);
String baseUrl = "/realms/" + realm.getName() + "/account/";
accountClient.setBaseUrl(baseUrl);
accountClient.addRedirectUri(baseUrl + "*");
accountClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
for (String role : AccountRoles.ALL) {
accountClient.addDefaultRole(role);
RoleModel roleModel = accountClient.getRole(role);
roleModel.setDescription("${role_" + role + "}");
}
RoleModel manageAccountLinks = accountClient.addRole(AccountRoles.MANAGE_ACCOUNT_LINKS);
manageAccountLinks.setDescription("${role_" + AccountRoles.MANAGE_ACCOUNT_LINKS + "}");
RoleModel manageAccount = accountClient.getRole(AccountRoles.MANAGE_ACCOUNT);
manageAccount.addCompositeRole(manageAccountLinks);
RoleModel viewAppRole = accountClient.addRole(AccountRoles.VIEW_APPLICATIONS);
viewAppRole.setDescription("${role_" + AccountRoles.VIEW_APPLICATIONS + "}");
RoleModel viewConsentRole = accountClient.addRole(AccountRoles.VIEW_CONSENT);
viewConsentRole.setDescription("${role_" + AccountRoles.VIEW_CONSENT + "}");
RoleModel manageConsentRole = accountClient.addRole(AccountRoles.MANAGE_CONSENT);
manageConsentRole.setDescription("${role_" + AccountRoles.MANAGE_CONSENT + "}");
manageConsentRole.addCompositeRole(viewConsentRole);
ClientModel accountConsoleClient = realm.getClientByClientId(Constants.ACCOUNT_CONSOLE_CLIENT_ID);
if (accountConsoleClient == null) {
accountConsoleClient = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_CONSOLE_CLIENT_ID);
accountConsoleClient.setName("${client_" + Constants.ACCOUNT_CONSOLE_CLIENT_ID + "}");
accountConsoleClient.setEnabled(true);
accountConsoleClient.setAlwaysDisplayInConsole(false);
accountConsoleClient.setFullScopeAllowed(false);
accountConsoleClient.setPublicClient(true);
accountConsoleClient.setDirectAccessGrantsEnabled(false);
accountConsoleClient.setRootUrl(Constants.AUTH_BASE_URL_PROP);
accountConsoleClient.setBaseUrl(baseUrl);
accountConsoleClient.addRedirectUri(baseUrl + "*");
accountConsoleClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
accountConsoleClient.addScopeMapping(accountClient.getRole(AccountRoles.MANAGE_ACCOUNT));
ProtocolMapperModel audienceMapper = new ProtocolMapperModel();
audienceMapper.setName(OIDCLoginProtocolFactory.AUDIENCE_RESOLVE);
audienceMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
audienceMapper.setProtocolMapper(AudienceResolveProtocolMapper.PROVIDER_ID);
accountConsoleClient.addProtocolMapper(audienceMapper);
accountConsoleClient.setAttribute(OIDCConfigAttributes.PKCE_CODE_CHALLENGE_METHOD, "S256");
}
}
}
