Java Code Examples for org.keycloak.representations.idm.UserRepresentation#singleAttribute()
The following examples show how to use
org.keycloak.representations.idm.UserRepresentation#singleAttribute() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: X509DirectGrantTest.java From keycloak with Apache License 2.0 | 6 votes |
|
private void loginForceTemporaryAccountLock() throws Exception {
X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel()
.setMappingSourceType(ISSUERDN)
.setRegularExpression("OU=(.*?)(?:,|$)")
.setUserIdentityMapperType(USER_ATTRIBUTE)
.setCustomAttributeName("x509_certificate_identity");
AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", config.getConfig());
String cfgId = createConfig(directGrantExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
UserRepresentation user = testRealm().users().get(userId).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_certificate_identity", "-");
this.updateUser(user);
events.clear();
oauth.clientId("resource-owner");
oauth.doGrantAccessTokenRequest("secret", "", "", null);
oauth.doGrantAccessTokenRequest("secret", "", "", null);
oauth.doGrantAccessTokenRequest("secret", "", "", null);
events.clear();
}
Example 2
| Source File: X509BrowserLoginIssuerDnTest.java From keycloak with Apache License 2.0 | 5 votes |
|
private String setup(boolean canonicalDnEnabled) throws Exception {
String issuerDn = canonicalDnEnabled ?
"1.2.840.113549.1.9.1=#1614636f6e74616374406b6579636c6f616b2e6f7267,cn=keycloak intermediate ca,ou=keycloak,o=red hat,st=ma,c=us" :
"[email protected], CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US";
UserRepresentation user = findUser("test-user@localhost");
user.singleAttribute("x509_certificate_identity", issuerDn);
updateUser(user);
return issuerDn;
}
Example 3
| Source File: X509BrowserLoginSubjectDnTest.java From keycloak with Apache License 2.0 | 5 votes |
|
private String setup(boolean canonicalDnEnabled) throws Exception {
String subjectDn = canonicalDnEnabled ?
"1.2.840.113549.1.9.1=#1613746573742d75736572406c6f63616c686f7374,cn=test-user,ou=keycloak,o=red hat,l=boston,st=ma,c=us" :
"EMAILADDRESS=test-user@localhost, CN=test-user, OU=Keycloak, O=Red Hat, L=Boston, ST=MA, C=US";
UserRepresentation user = findUser("test-user@localhost");
user.singleAttribute("x509_certificate_identity",subjectDn);
updateUser(user);
return subjectDn;
}
Example 4
| Source File: X509DirectGrantTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Test
public void loginFailedOnDuplicateUsers() throws Exception {
AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", createLoginIssuerDN_OU2CustomAttributeConfig().getConfig());
String cfgId = createConfig(directGrantExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
// Set up the users so that the identity extracted from X509 client cert
// matches more than a single user to trigger DuplicateModelException.
UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_certificate_identity", "Red Hat");
this.updateUser(user);
user = testRealm().users().get(userId).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_certificate_identity", "Red Hat");
this.updateUser(user);
events.clear();
oauth.clientId("resource-owner");
OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null);
assertEquals(401, response.getStatusCode());
assertEquals("invalid_request", response.getError());
Assert.assertThat(response.getErrorDescription(), containsString("X509 certificate authentication's failed."));
}
Example 5
| Source File: X509DirectGrantTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Test
public void loginFailedOnInvalidUser() throws Exception {
AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", createLoginIssuerDN_OU2CustomAttributeConfig().getConfig());
String cfgId = createConfig(directGrantExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_certificate_identity", "-");
this.updateUser(user);
events.clear();
oauth.clientId("resource-owner");
OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null);
events.expectLogin()
.user((String) null)
.session((String) null)
.error(Errors.INVALID_USER_CREDENTIALS)
.client("resource-owner")
.removeDetail(Details.CODE_ID)
.removeDetail(Details.USERNAME)
.removeDetail(Details.CONSENT)
.removeDetail(Details.REDIRECT_URI)
.assertEvent();
assertEquals(401, response.getStatusCode());
assertEquals("invalid_grant", response.getError());
assertEquals("Invalid user credentials", response.getErrorDescription());
}
Example 6
| Source File: X509BrowserLoginTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Test
public void loginAsUserFromCertSerialnumberAndIssuerDNMappedToUserAttribute() {
UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_certificate_serialnumber", "4105");
user.singleAttribute("x509_issuer_dn", "[email protected], CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US");
this.updateUser(user);
events.clear();
x509BrowserLogin(createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SERIALNUMBER_ISSUERDN, "x509_certificate_serialnumber##x509_issuer_dn"),
userId2, "keycloak", "4105##[email protected], CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US");
}
Example 7
| Source File: X509BrowserLoginTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Test
public void loginAsUserFromHexCertSerialnumberAndIssuerDNMappedToUserAttribute() {
UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_certificate_serialnumber", "1009");
user.singleAttribute("x509_issuer_dn", "[email protected], CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US");
this.updateUser(user);
events.clear();
X509AuthenticatorConfigModel config = createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SERIALNUMBER_ISSUERDN, "x509_certificate_serialnumber##x509_issuer_dn");
config.setSerialnumberHex(true);
x509BrowserLogin(config, userId2, "keycloak", "1009##[email protected], CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US");
}
Example 8
| Source File: X509BrowserLoginTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Test
public void loginAsUserFromCertSHA256MappedToUserAttribute() {
UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_cert_sha256thumbprint", "71237a14c118a90cc8406f14d039ed3431c9065f68e535293ee919d4c33b5e15");
this.updateUser(user);
events.clear();
x509BrowserLogin(createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SHA256_THUMBPRINT, "x509_cert_sha256thumbprint"),
userId2, "keycloak", "71237a14c118a90cc8406f14d039ed3431c9065f68e535293ee919d4c33b5e15");
}
Example 9
| Source File: X509BrowserLoginTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Test
public void loginAsUserFromCertSerialNumberMappedToUserAttribute() {
UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_serial_number", "4105");
this.updateUser(user);
events.clear();
x509BrowserLogin(createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SERIALNUMBER, "x509_serial_number"),
userId2, "keycloak", "4105");
}
Example 10
| Source File: X509BrowserLoginTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Test
public void loginAsUserFromHexCertSerialNumberMappedToUserAttribute() {
UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_serial_number", "1009");
this.updateUser(user);
events.clear();
X509AuthenticatorConfigModel config = createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SERIALNUMBER, "x509_serial_number");
config.setSerialnumberHex(true);
x509BrowserLogin(config, userId2, "keycloak", "1009");
}
Example 11
| Source File: X509BrowserLoginTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Test
public void loginDuplicateUsersNotAllowed() {
AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", createLoginIssuerDN_OU2CustomAttributeConfig().getConfig());
String cfgId = createConfig(browserExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
// Set up the users so that the identity extracted from X509 client cert
// matches more than a single user to trigger DuplicateModelException.
UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_certificate_identity", "Red Hat");
this.updateUser(user);
user = testRealm().users().get(userId).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_certificate_identity", "Red Hat");
this.updateUser(user);
events.clear();
loginPage.open();
Assert.assertThat(loginPage.getError(), containsString("X509 certificate authentication's failed."));
loginPage.login("test-user@localhost", "password");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
events.expectLogin()
.user(userId)
.detail(Details.USERNAME, "test-user@localhost")
.removeDetail(Details.REDIRECT_URI)
.assertEvent();
}
Example 12
| Source File: X509BrowserLoginTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Test
public void loginWithX509CertCustomAttributeSuccess() {
X509AuthenticatorConfigModel config =
new X509AuthenticatorConfigModel()
.setConfirmationPageAllowed(true)
.setMappingSourceType(SUBJECTDN)
.setRegularExpression("O=(.*?)(?:,|$)")
.setCustomAttributeName("x509_certificate_identity")
.setUserIdentityMapperType(USER_ATTRIBUTE);
AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", config.getConfig());
String cfgId = createConfig(browserExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
// Update the attribute used to match the user identity to that
// extracted from the client certificate
UserRepresentation user = findUser("test-user@localhost");
Assert.assertNotNull(user);
user.singleAttribute("x509_certificate_identity", "Red Hat");
this.updateUser(user);
events.clear();
loginConfirmationPage.open();
Assert.assertTrue(loginConfirmationPage.getSubjectDistinguishedNameText().startsWith("EMAILADDRESS=test-user@localhost"));
Assert.assertEquals("test-user@localhost", loginConfirmationPage.getUsernameText());
loginConfirmationPage.confirm();
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
}
Example 13
| Source File: AbstractX509AuthenticationTest.java From keycloak with Apache License 2.0 | 4 votes |
|
@Before
public void configureFlows() {
authMgmtResource = adminClient.realms().realm(REALM_NAME).flows();
AuthenticationFlowRepresentation browserFlow = copyBrowserFlow();
Assert.assertNotNull(browserFlow);
AuthenticationFlowRepresentation directGrantFlow = createDirectGrantFlow();
Assert.assertNotNull(directGrantFlow);
setBrowserFlow(browserFlow);
Assert.assertEquals(testRealm().toRepresentation().getBrowserFlow(), browserFlow.getAlias());
setDirectGrantFlow(directGrantFlow);
Assert.assertEquals(testRealm().toRepresentation().getDirectGrantFlow(), directGrantFlow.getAlias());
Assert.assertEquals(0, directGrantFlow.getAuthenticationExecutions().size());
// Add X509 cert authenticator to the direct grant flow
directGrantExecution = addAssertExecution(directGrantFlow, ValidateX509CertificateUsernameFactory.PROVIDER_ID, REQUIRED);
Assert.assertNotNull(directGrantExecution);
directGrantFlow = authMgmtResource.getFlow(directGrantFlow.getId());
Assert.assertNotNull(directGrantFlow.getAuthenticationExecutions());
Assert.assertEquals(1, directGrantFlow.getAuthenticationExecutions().size());
// Add X509 authenticator to the browser flow
browserExecution = addAssertExecution(browserFlow, X509ClientCertificateAuthenticatorFactory.PROVIDER_ID, ALTERNATIVE);
Assert.assertNotNull(browserExecution);
// Raise the priority of the authenticator to position it right before
// the Username/password authentication
// TODO find a better, more explicit way to specify the position
// of authenticator within the flow relative to other authenticators
authMgmtResource.raisePriority(browserExecution.getId());
// TODO raising the priority didn't generate the event?
//assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authRaiseExecutionPath(exec.getId()));
UserRepresentation user = findUser("test-user@localhost");
userId = user.getId();
user.singleAttribute("x509_certificate_identity","-");
user.singleAttribute("alternative_email", "test-user-altmail@localhost");
user.singleAttribute("upn", "test_upn_name@localhost");
updateUser(user);
}
Example 14
| Source File: UserTest.java From keycloak with Apache License 2.0 | 4 votes |
|
@Test
public void attributes() {
UserRepresentation user1 = new UserRepresentation();
user1.setUsername("user1");
user1.singleAttribute("attr1", "value1user1");
user1.singleAttribute("attr2", "value2user1");
String user1Id = createUser(user1);
UserRepresentation user2 = new UserRepresentation();
user2.setUsername("user2");
user2.singleAttribute("attr1", "value1user2");
List<String> vals = new ArrayList<>();
vals.add("value2user2");
vals.add("value2user2_2");
user2.getAttributes().put("attr2", vals);
String user2Id = createUser(user2);
user1 = realm.users().get(user1Id).toRepresentation();
assertEquals(2, user1.getAttributes().size());
assertAttributeValue("value1user1", user1.getAttributes().get("attr1"));
assertAttributeValue("value2user1", user1.getAttributes().get("attr2"));
user2 = realm.users().get(user2Id).toRepresentation();
assertEquals(2, user2.getAttributes().size());
assertAttributeValue("value1user2", user2.getAttributes().get("attr1"));
vals = user2.getAttributes().get("attr2");
assertEquals(2, vals.size());
assertTrue(vals.contains("value2user2") && vals.contains("value2user2_2"));
user1.singleAttribute("attr1", "value3user1");
user1.singleAttribute("attr3", "value4user1");
updateUser(realm.users().get(user1Id), user1);
user1 = realm.users().get(user1Id).toRepresentation();
assertEquals(3, user1.getAttributes().size());
assertAttributeValue("value3user1", user1.getAttributes().get("attr1"));
assertAttributeValue("value2user1", user1.getAttributes().get("attr2"));
assertAttributeValue("value4user1", user1.getAttributes().get("attr3"));
user1.getAttributes().remove("attr1");
updateUser(realm.users().get(user1Id), user1);
user1 = realm.users().get(user1Id).toRepresentation();
assertEquals(2, user1.getAttributes().size());
assertAttributeValue("value2user1", user1.getAttributes().get("attr2"));
assertAttributeValue("value4user1", user1.getAttributes().get("attr3"));
user1.getAttributes().clear();
updateUser(realm.users().get(user1Id), user1);
user1 = realm.users().get(user1Id).toRepresentation();
assertNull(user1.getAttributes());
}
Example 15
| Source File: EmailTest.java From keycloak with Apache License 2.0 | 4 votes |
|
private void changeUserLocale(String locale) {
UserRepresentation user = findUser("login-test");
user.singleAttribute(UserModel.LOCALE, locale);
ApiUtil.findUserByUsernameId(testRealm(), "login-test").update(user);
}
Example 16
| Source File: X509BrowserLoginTest.java From keycloak with Apache License 2.0 | 3 votes |
|
@Test
public void loginAsUserFromCertIssuerDNMappedToUserAttribute() {
UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_certificate_identity", "Red Hat");
this.updateUser(user);
events.clear();
x509BrowserLogin(createLoginIssuerDN_OU2CustomAttributeConfig(), userId2, "keycloak", "Red Hat");
}
