Java Code Examples for org.keycloak.models.utils.KeycloakModelUtils#createClient()

The following examples show how to use org.keycloak.models.utils.KeycloakModelUtils#createClient() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: MigrateTo1_2_0.java    From keycloak with Apache License 2.0 6 votes vote down vote up
public void setupBrokerService(RealmModel realm) {
    ClientModel client = realm.getClientByClientId(Constants.BROKER_SERVICE_CLIENT_ID);
    if (client == null) {
        client = KeycloakModelUtils.createClient(realm, Constants.BROKER_SERVICE_CLIENT_ID);
        client.setEnabled(true);
        client.setName("${client_" + Constants.BROKER_SERVICE_CLIENT_ID + "}");
        client.setFullScopeAllowed(false);

        for (String role : Constants.BROKER_SERVICE_ROLES) {
            RoleModel roleModel = client.getRole(role);
            if (roleModel != null) continue;
            roleModel = client.addRole(role);
            roleModel.setDescription("${role_" + role.toLowerCase().replaceAll("_", "-") + "}");
        }
    }
}
 
Example 2
Source File: RealmManager.java    From keycloak with Apache License 2.0 6 votes vote down vote up
protected void setupAdminConsole(RealmModel realm) {
    ClientModel adminConsole = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
    if (adminConsole == null) adminConsole = KeycloakModelUtils.createClient(realm, Constants.ADMIN_CONSOLE_CLIENT_ID);
    adminConsole.setName("${client_" + Constants.ADMIN_CONSOLE_CLIENT_ID + "}");

    adminConsole.setRootUrl(Constants.AUTH_ADMIN_URL_PROP);
    String baseUrl = "/admin/" + realm.getName() + "/console/";
    adminConsole.setBaseUrl(baseUrl);
    adminConsole.addRedirectUri(baseUrl + "*");
    adminConsole.setWebOrigins(Collections.singleton("+"));

    adminConsole.setEnabled(true);
    adminConsole.setAlwaysDisplayInConsole(false);
    adminConsole.setPublicClient(true);
    adminConsole.setFullScopeAllowed(false);
    adminConsole.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);

    adminConsole.setAttribute(OIDCConfigAttributes.PKCE_CODE_CHALLENGE_METHOD, "S256");
}
 
Example 3
Source File: RealmManager.java    From keycloak with Apache License 2.0 6 votes vote down vote up
private void setupRealmAdminManagement(RealmModel realm) {
    if (realm.getName().equals(Config.getAdminRealm())) { return; } // don't need to do this for master realm

    String realmAdminClientId = getRealmAdminClientId(realm);
    ClientModel realmAdminClient = realm.getClientByClientId(realmAdminClientId);
    if (realmAdminClient == null) {
        realmAdminClient = KeycloakModelUtils.createClient(realm, realmAdminClientId);
        realmAdminClient.setName("${client_" + realmAdminClientId + "}");
    }
    RoleModel adminRole = realmAdminClient.addRole(AdminRoles.REALM_ADMIN);
    adminRole.setDescription("${role_" + AdminRoles.REALM_ADMIN + "}");
    realmAdminClient.setBearerOnly(true);
    realmAdminClient.setFullScopeAllowed(false);
    realmAdminClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);

    for (String r : AdminRoles.ALL_REALM_ROLES) {
        addAndSetAdminRole(r, realmAdminClient, adminRole);
    }
    addQueryCompositeRoles(realmAdminClient);
}
 
Example 4
Source File: RealmManager.java    From keycloak with Apache License 2.0 6 votes vote down vote up
public void setupBrokerService(RealmModel realm) {
    ClientModel client = realm.getClientByClientId(Constants.BROKER_SERVICE_CLIENT_ID);
    if (client == null) {
        client = KeycloakModelUtils.createClient(realm, Constants.BROKER_SERVICE_CLIENT_ID);
        client.setEnabled(true);
        client.setAlwaysDisplayInConsole(false);
        client.setName("${client_" + Constants.BROKER_SERVICE_CLIENT_ID + "}");
        client.setFullScopeAllowed(false);
        client.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);

        for (String role : Constants.BROKER_SERVICE_ROLES) {
            RoleModel roleModel = client.addRole(role);
            roleModel.setDescription("${role_"+ role.toLowerCase().replaceAll("_", "-") +"}");
        }
    }
}
 
Example 5
Source File: MigrateTo9_0_0.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected void addAccountConsoleClient(RealmModel realm) {
    if (realm.getClientByClientId(Constants.ACCOUNT_CONSOLE_CLIENT_ID) == null) {
        ClientModel client = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_CONSOLE_CLIENT_ID);
        client.setName("${client_" + Constants.ACCOUNT_CONSOLE_CLIENT_ID + "}");
        client.setEnabled(true);
        client.setFullScopeAllowed(false);
        client.setPublicClient(true);
        client.setDirectAccessGrantsEnabled(false);

        client.setRootUrl(Constants.AUTH_BASE_URL_PROP);
        String baseUrl = "/realms/" + realm.getName() + "/account/";
        client.setBaseUrl(baseUrl);
        client.addRedirectUri(baseUrl + "*");

        client.setProtocol("openid-connect");

        RoleModel role = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).getRole(AccountRoles.MANAGE_ACCOUNT);
        if (role != null) client.addScopeMapping(role);

        ProtocolMapperModel audienceMapper = new ProtocolMapperModel();
        audienceMapper.setName("audience resolve");
        audienceMapper.setProtocol("openid-connect");
        audienceMapper.setProtocolMapper("oidc-audience-resolve-mapper");

        client.addProtocolMapper(audienceMapper);
    }
}
 
Example 6
Source File: RealmManager.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public void setupAdminCli(RealmModel realm) {
    ClientModel adminCli = realm.getClientByClientId(Constants.ADMIN_CLI_CLIENT_ID);
    if (adminCli == null) {
        adminCli = KeycloakModelUtils.createClient(realm, Constants.ADMIN_CLI_CLIENT_ID);
        adminCli.setName("${client_" + Constants.ADMIN_CLI_CLIENT_ID + "}");
        adminCli.setEnabled(true);
        adminCli.setAlwaysDisplayInConsole(false);
        adminCli.setPublicClient(true);
        adminCli.setFullScopeAllowed(false);
        adminCli.setStandardFlowEnabled(false);
        adminCli.setDirectAccessGrantsEnabled(true);
        adminCli.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    }

}
 
Example 7
Source File: RealmManager.java    From keycloak with Apache License 2.0 5 votes vote down vote up
private void createMasterAdminManagement(RealmModel realm) {
    RealmModel adminRealm;
    RoleModel adminRole;

    if (realm.getName().equals(Config.getAdminRealm())) {
        adminRealm = realm;

        adminRole = realm.addRole(AdminRoles.ADMIN);

        RoleModel createRealmRole = realm.addRole(AdminRoles.CREATE_REALM);
        adminRole.addCompositeRole(createRealmRole);
        createRealmRole.setDescription("${role_" + AdminRoles.CREATE_REALM + "}");
    } else {
        adminRealm = model.getRealm(Config.getAdminRealm());
        adminRole = adminRealm.getRole(AdminRoles.ADMIN);
    }
    adminRole.setDescription("${role_"+AdminRoles.ADMIN+"}");

    ClientModel realmAdminApp = KeycloakModelUtils.createClient(adminRealm, KeycloakModelUtils.getMasterRealmAdminApplicationClientId(realm.getName()));
    // No localized name for now
    realmAdminApp.setName(realm.getName() + " Realm");
    realmAdminApp.setBearerOnly(true);
    realm.setMasterAdminClient(realmAdminApp);

    for (String r : AdminRoles.ALL_REALM_ROLES) {
        RoleModel role = realmAdminApp.addRole(r);
        role.setDescription("${role_"+r+"}");
        adminRole.addCompositeRole(role);
    }
    addQueryCompositeRoles(realmAdminApp);
}
 
Example 8
Source File: RealmManager.java    From keycloak with Apache License 2.0 4 votes vote down vote up
private void setupAccountManagement(RealmModel realm) {
    ClientModel accountClient = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
    if (accountClient == null) {
        accountClient = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
        accountClient.setName("${client_" + Constants.ACCOUNT_MANAGEMENT_CLIENT_ID + "}");
        accountClient.setEnabled(true);
        accountClient.setAlwaysDisplayInConsole(false);
        accountClient.setFullScopeAllowed(false);

        accountClient.setRootUrl(Constants.AUTH_BASE_URL_PROP);
        String baseUrl = "/realms/" + realm.getName() + "/account/";
        accountClient.setBaseUrl(baseUrl);
        accountClient.addRedirectUri(baseUrl + "*");

        accountClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);

        for (String role : AccountRoles.ALL) {
            accountClient.addDefaultRole(role);
            RoleModel roleModel = accountClient.getRole(role);
            roleModel.setDescription("${role_" + role + "}");
        }
        RoleModel manageAccountLinks = accountClient.addRole(AccountRoles.MANAGE_ACCOUNT_LINKS);
        manageAccountLinks.setDescription("${role_" + AccountRoles.MANAGE_ACCOUNT_LINKS + "}");
        RoleModel manageAccount = accountClient.getRole(AccountRoles.MANAGE_ACCOUNT);
        manageAccount.addCompositeRole(manageAccountLinks);
        RoleModel viewAppRole = accountClient.addRole(AccountRoles.VIEW_APPLICATIONS);
        viewAppRole.setDescription("${role_" + AccountRoles.VIEW_APPLICATIONS + "}");
        RoleModel viewConsentRole = accountClient.addRole(AccountRoles.VIEW_CONSENT);
        viewConsentRole.setDescription("${role_" + AccountRoles.VIEW_CONSENT + "}");
        RoleModel manageConsentRole = accountClient.addRole(AccountRoles.MANAGE_CONSENT);
        manageConsentRole.setDescription("${role_" + AccountRoles.MANAGE_CONSENT + "}");
        manageConsentRole.addCompositeRole(viewConsentRole);

        ClientModel accountConsoleClient = realm.getClientByClientId(Constants.ACCOUNT_CONSOLE_CLIENT_ID);
        if (accountConsoleClient == null) {
            accountConsoleClient = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_CONSOLE_CLIENT_ID);
            accountConsoleClient.setName("${client_" + Constants.ACCOUNT_CONSOLE_CLIENT_ID + "}");
            accountConsoleClient.setEnabled(true);
            accountConsoleClient.setAlwaysDisplayInConsole(false);
            accountConsoleClient.setFullScopeAllowed(false);
            accountConsoleClient.setPublicClient(true);
            accountConsoleClient.setDirectAccessGrantsEnabled(false);

            accountConsoleClient.setRootUrl(Constants.AUTH_BASE_URL_PROP);
            accountConsoleClient.setBaseUrl(baseUrl);
            accountConsoleClient.addRedirectUri(baseUrl + "*");

            accountConsoleClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);

            accountConsoleClient.addScopeMapping(accountClient.getRole(AccountRoles.MANAGE_ACCOUNT));

            ProtocolMapperModel audienceMapper = new ProtocolMapperModel();
            audienceMapper.setName(OIDCLoginProtocolFactory.AUDIENCE_RESOLVE);
            audienceMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
            audienceMapper.setProtocolMapper(AudienceResolveProtocolMapper.PROVIDER_ID);

            accountConsoleClient.addProtocolMapper(audienceMapper);

            accountConsoleClient.setAttribute(OIDCConfigAttributes.PKCE_CODE_CHALLENGE_METHOD, "S256");
        }
    }
}