Java Code Examples for org.keycloak.representations.idm.ClientRepresentation#setRedirectUris()
The following examples show how to use
org.keycloak.representations.idm.ClientRepresentation#setRedirectUris() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: UserTest.java From keycloak with Apache License 2.0 | 7 votes |
|
@Test
public void countUsersNotServiceAccount() {
createUsers();
Integer count = realm.users().count();
assertEquals(9, count.intValue());
ClientRepresentation client = new ClientRepresentation();
client.setClientId("test-client");
client.setPublicClient(false);
client.setSecret("secret");
client.setServiceAccountsEnabled(true);
client.setEnabled(true);
client.setRedirectUris(Arrays.asList("http://url"));
getAdminClient().realm(REALM_NAME).clients().create(client);
// KEYCLOAK-5660, should not consider service accounts
assertEquals(9, realm.users().count().intValue());
}
Example 2
| Source File: CustomAuthFlowCookieTest.java From keycloak with Apache License 2.0 | 6 votes |
|
@Before
@Override
public void beforeTest() {
super.beforeTest();
ClientRepresentation testApp = new ClientRepresentation();
testApp.setClientId("test-app");
testApp.setEnabled(true);
testApp.setBaseUrl(APP_ROOT);
testApp.setRedirectUris(Arrays.asList(new String[]{APP_ROOT + "/*"}));
testApp.setAdminUrl(APP_ROOT + "/logout");
testApp.setSecret("password");
Response response = testRealmResource().clients().create(testApp);
assertEquals(201, response.getStatus());
getCleanup().addClientUuid(ApiUtil.getCreatedId(response));
response.close();
}
Example 3
| Source File: KcOidcBrokerConfiguration.java From keycloak with Apache License 2.0 | 6 votes |
|
@Override
public List<ClientRepresentation> createConsumerClients() {
ClientRepresentation client = new ClientRepresentation();
client.setId("broker-app");
client.setClientId("broker-app");
client.setName("broker-app");
client.setSecret("broker-app-secret");
client.setEnabled(true);
client.setDirectAccessGrantsEnabled(true);
client.setRedirectUris(Collections.singletonList(getConsumerRoot() +
"/auth/*"));
client.setBaseUrl(getConsumerRoot() +
"/auth/realms/" + REALM_CONS_NAME + "/app");
return Collections.singletonList(client);
}
Example 4
| Source File: MutualTLSClientTest.java From keycloak with Apache License 2.0 | 6 votes |
|
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
ClientRepresentation properConfiguration = KeycloakModelUtils.createClient(testRealm, CLIENT_ID);
properConfiguration.setServiceAccountsEnabled(Boolean.TRUE);
properConfiguration.setRedirectUris(Arrays.asList("https://localhost:8543/auth/realms/master/app/auth"));
properConfiguration.setClientAuthenticatorType(X509ClientAuthenticator.PROVIDER_ID);
properConfiguration.setAttributes(Collections.singletonMap(X509ClientAuthenticator.ATTR_SUBJECT_DN, "(.*?)(?:$)"));
ClientRepresentation disabledConfiguration = KeycloakModelUtils.createClient(testRealm, DISABLED_CLIENT_ID);
disabledConfiguration.setServiceAccountsEnabled(Boolean.TRUE);
disabledConfiguration.setRedirectUris(Arrays.asList("https://localhost:8543/auth/realms/master/app/auth"));
disabledConfiguration.setClientAuthenticatorType(X509ClientAuthenticator.PROVIDER_ID);
disabledConfiguration.setAttributes(Collections.singletonMap(X509ClientAuthenticator.ATTR_SUBJECT_DN, "(.*?)(?:$)"));
ClientRepresentation exactSubjectDNConfiguration = KeycloakModelUtils.createClient(testRealm, EXACT_SUBJECT_DN_CLIENT_ID);
exactSubjectDNConfiguration.setServiceAccountsEnabled(Boolean.TRUE);
exactSubjectDNConfiguration.setRedirectUris(Arrays.asList("https://localhost:8543/auth/realms/master/app/auth"));
exactSubjectDNConfiguration.setClientAuthenticatorType(X509ClientAuthenticator.PROVIDER_ID);
exactSubjectDNConfiguration.setAttributes(Collections.singletonMap(X509ClientAuthenticator.ATTR_SUBJECT_DN, EXACT_CERTIFICATE_SUBJECT_DN));
}
Example 5
| Source File: ClientTest.java From keycloak with Apache License 2.0 | 6 votes |
|
private ClientRepresentation createAppClient() {
String redirectUri = oauth.getRedirectUri().replace("/master/", "/" + REALM_NAME + "/");
ClientRepresentation client = new ClientRepresentation();
client.setClientId("test-app");
client.setAdminUrl(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/app/admin");
client.setRedirectUris(Collections.singletonList(redirectUri));
client.setSecret("secret");
client.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
int notBefore = Time.currentTime() - 60;
client.setNotBefore(notBefore);
Response response = realm.clients().create(client);
String id = ApiUtil.getCreatedId(response);
getCleanup().addClientUuid(id);
response.close();
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), client, ResourceType.CLIENT);
client.setId(id);
return client;
}
Example 6
| Source File: ConsentsTest.java From keycloak with Apache License 2.0 | 6 votes |
|
protected List<ClientRepresentation> createProviderClients() {
ClientRepresentation client = new ClientRepresentation();
client.setId(CLIENT_ID);
client.setName(CLIENT_ID);
client.setSecret(CLIENT_SECRET);
client.setEnabled(true);
client.setConsentRequired(true);
client.setRedirectUris(Collections.singletonList(getAuthRoot() +
"/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint/*"));
client.setAdminUrl(getAuthRoot() +
"/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint");
return Collections.singletonList(client);
}
Example 7
| Source File: AbstractAdapterTest.java From keycloak with Apache License 2.0 | 6 votes |
|
protected void modifyClientRedirectUris(RealmRepresentation realm, String regex, String... replacement) {
if (realm.getClients() != null) {
for (ClientRepresentation client : realm.getClients()) {
List<String> redirectUris = client.getRedirectUris();
if (redirectUris != null) {
List<String> newRedirectUris = new ArrayList<>();
for (String uri : redirectUris) {
for (String uriReplacement : replacement) {
newRedirectUris.add(uri.replaceAll(regex, uriReplacement));
}
}
client.setRedirectUris(newRedirectUris);
}
}
}
}
Example 8
| Source File: OAuth2OnlyTest.java From keycloak with Apache License 2.0 | 6 votes |
|
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
ClientRepresentation client = new ClientRepresentation();
client.setClientId("more-uris-client");
client.setEnabled(true);
client.setRedirectUris(Arrays.asList("http://localhost:8180/auth/realms/master/app/auth", "http://localhost:8180/foo",
"https://localhost:8543/auth/realms/master/app/auth", "https://localhost:8543/foo"));
client.setBaseUrl("http://localhost:8180/auth/realms/master/app/auth");
testRealm.getClients().add(client);
ClientRepresentation testApp = testRealm.getClients().stream()
.filter(cl -> cl.getClientId().equals("test-app"))
.findFirst().get();
testApp.setImplicitFlowEnabled(true);
trimRedirectUris(testApp);
}
Example 9
| Source File: AbstractKeycloakTest.java From keycloak with Apache License 2.0 | 5 votes |
|
public void fixAuthServerHostAndPortForClientRepresentation(ClientRepresentation cr) {
cr.setBaseUrl(removeDefaultPorts(replaceAuthHostWithRealHost(cr.getBaseUrl())));
cr.setAdminUrl(removeDefaultPorts(replaceAuthHostWithRealHost(cr.getAdminUrl())));
if (cr.getRedirectUris() != null && !cr.getRedirectUris().isEmpty()) {
List<String> fixedUrls = new ArrayList<>(cr.getRedirectUris().size());
for (String url : cr.getRedirectUris()) {
fixedUrls.add(removeDefaultPorts(replaceAuthHostWithRealHost(url)));
}
cr.setRedirectUris(fixedUrls);
}
}
Example 10
| Source File: ClientManager.java From keycloak with Apache License 2.0 | 5 votes |
|
public void addRedirectUris(String... redirectUris) {
ClientRepresentation app = clientResource.toRepresentation();
if (app.getRedirectUris() == null) {
app.setRedirectUris(new LinkedList<String>());
}
for (String redirectUri : redirectUris) {
app.getRedirectUris().add(redirectUri);
}
clientResource.update(app);
}
Example 11
| Source File: AbstractAuthorizationSettingsTest.java From keycloak with Apache License 2.0 | 5 votes |
|
private ClientRepresentation createResourceServer() {
ClientRepresentation newClient = createClientRep("oidc-confidetial", OIDC);
createClient(newClient);
newClient.setRedirectUris(TEST_REDIRECT_URIs);
newClient.setAuthorizationServicesEnabled(true);
clientSettingsPage.form().setAccessType(ClientSettingsForm.OidcAccessType.CONFIDENTIAL);
clientSettingsPage.form().setRedirectUris(TEST_REDIRECT_URIs);
clientSettingsPage.form().setAuthorizationSettingsEnabled(true);
clientSettingsPage.form().save();
assertAlertSuccess();
ClientRepresentation found = findClientByClientId(newClient.getClientId());
assertNotNull("Client " + newClient.getClientId() + " was not found.", found);
newClient.setPublicClient(false);
newClient.setServiceAccountsEnabled(true);
assertClientSettingsEqual(newClient, found);
assertTrue(clientSettingsPage.tabs().getTabs().findElement(By.linkText("Authorization")).isDisplayed());
clientSettingsPage.setId(found.getId());
clientSettingsPage.navigateTo();
authorizationPage.setId(found.getId());
clientSettingsPage.tabs().authorization();
assertTrue(authorizationPage.isCurrent());
newClient.setId(found.getId());
return newClient;
}
Example 12
| Source File: AbstractKeycloakTest.java From keycloak with Apache License 2.0 | 5 votes |
|
private void modifyRedirectUrls(ClientRepresentation cr) {
if (cr.getRedirectUris() != null && cr.getRedirectUris().size() > 0) {
List<String> redirectUrls = cr.getRedirectUris();
List<String> fixedRedirectUrls = new ArrayList<>(redirectUrls.size());
for (String url : redirectUrls) {
fixedRedirectUrls.add(replaceHttpValuesWithHttps(url));
}
cr.setRedirectUris(fixedRedirectUrls);
}
}
Example 13
| Source File: ReferrerTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
super.addTestRealms(testRealms);
RealmRepresentation testRealm = testRealms.get(0);
ClientRepresentation testClient = new ClientRepresentation();
testClient.setClientId(FAKE_CLIENT_ID);
testClient.setName(LOCALE_CLIENT_NAME);
testClient.setRedirectUris(Collections.singletonList(getFakeClientUrl()));
testClient.setEnabled(true);
testRealm.setClients(Collections.singletonList(testClient));
testRealm.setAccountTheme(LOCALIZED_THEME_PREVIEW); // using localized custom theme for the fake client localized name
}
Example 14
| Source File: RealmTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Test
public void convertKeycloakClientDescription() throws IOException {
ClientRepresentation description = new ClientRepresentation();
description.setClientId("client-id");
description.setRedirectUris(Collections.singletonList("http://localhost"));
ClientRepresentation converted = realm.convertClientDescription(JsonSerialization.writeValueAsString(description));
assertEquals("client-id", converted.getClientId());
assertEquals("http://localhost", converted.getRedirectUris().get(0));
}
Example 15
| Source File: KeycloakDevModeRealmResourceManager.java From quarkus with Apache License 2.0 | 5 votes |
|
private static ClientRepresentation createClient(String clientId) {
ClientRepresentation client = new ClientRepresentation();
client.setClientId(clientId);
client.setPublicClient(true);
client.setDirectAccessGrantsEnabled(true);
client.setEnabled(true);
client.setRedirectUris(Arrays.asList("*"));
return client;
}
Example 16
| Source File: BrokerTestTools.java From keycloak with Apache License 2.0 | 5 votes |
|
public static void createKcOidcBroker(Keycloak adminClient, String childRealm, String idpRealm, String alias, boolean linkOnly) {
IdentityProviderRepresentation idp = createIdentityProvider(alias, IDP_OIDC_PROVIDER_ID);
idp.setLinkOnly(linkOnly);
idp.setStoreToken(true);
Map<String, String> config = idp.getConfig();
config.put("clientId", childRealm);
config.put("clientSecret", childRealm);
config.put("authorizationUrl", getProviderRoot() + "/auth/realms/" + idpRealm + "/protocol/openid-connect/auth");
config.put("tokenUrl", getProviderRoot() + "/auth/realms/" + idpRealm + "/protocol/openid-connect/token");
config.put("logoutUrl", getProviderRoot() + "/auth/realms/" + idpRealm + "/protocol/openid-connect/logout");
config.put("userInfoUrl", getProviderRoot() + "/auth/realms/" + idpRealm + "/protocol/openid-connect/userinfo");
config.put("backchannelSupported", "true");
adminClient.realm(childRealm).identityProviders().create(idp);
ClientRepresentation client = new ClientRepresentation();
client.setClientId(childRealm);
client.setName(childRealm);
client.setSecret(childRealm);
client.setEnabled(true);
client.setRedirectUris(Collections.singletonList(getConsumerRoot() +
"/auth/realms/" + childRealm + "/broker/" + idpRealm + "/endpoint/*"));
client.setAdminUrl(getConsumerRoot() +
"/auth/realms/" + childRealm + "/broker/" + idpRealm + "/endpoint");
adminClient.realm(idpRealm).clients().create(client);
}
Example 17
| Source File: KcSamlBrokerConfiguration.java From keycloak with Apache License 2.0 | 4 votes |
|
private ClientRepresentation createProviderClient(String clientId) {
ClientRepresentation client = new ClientRepresentation();
client.setClientId(clientId);
client.setEnabled(true);
client.setProtocol(IDP_SAML_PROVIDER_ID);
client.setRedirectUris(Collections.singletonList(
getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint"
));
Map<String, String> attributes = new HashMap<>();
attributes.put(SamlConfigAttributes.SAML_AUTHNSTATEMENT, "true");
attributes.put(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE,
getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
attributes.put(SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE,
getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
attributes.put(SamlConfigAttributes.SAML_FORCE_NAME_ID_FORMAT_ATTRIBUTE, "true");
attributes.put(SamlConfigAttributes.SAML_NAME_ID_FORMAT_ATTRIBUTE, "username");
attributes.put(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, "false");
attributes.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "false");
attributes.put(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false");
attributes.put(SamlConfigAttributes.SAML_ENCRYPT, "false");
client.setAttributes(attributes);
ProtocolMapperRepresentation emailMapper = new ProtocolMapperRepresentation();
emailMapper.setName("email");
emailMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
emailMapper.setProtocolMapper(UserPropertyAttributeStatementMapper.PROVIDER_ID);
Map<String, String> emailMapperConfig = emailMapper.getConfig();
emailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "email");
emailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "urn:oid:1.2.840.113549.1.9.1");
emailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
emailMapperConfig.put(AttributeStatementHelper.FRIENDLY_NAME, "email");
ProtocolMapperRepresentation dottedAttrMapper = new ProtocolMapperRepresentation();
dottedAttrMapper.setName("email - dotted");
dottedAttrMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
dottedAttrMapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);
Map<String, String> dottedEmailMapperConfig = dottedAttrMapper.getConfig();
dottedEmailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "dotted.email");
dottedEmailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "dotted.email");
dottedEmailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
ProtocolMapperRepresentation nestedAttrMapper = new ProtocolMapperRepresentation();
nestedAttrMapper.setName("email - nested");
nestedAttrMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
nestedAttrMapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);
Map<String, String> nestedEmailMapperConfig = nestedAttrMapper.getConfig();
nestedEmailMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, "nested.email");
nestedEmailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "nested.email");
nestedEmailMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
ProtocolMapperRepresentation userAttrMapper = new ProtocolMapperRepresentation();
userAttrMapper.setName("attribute - name");
userAttrMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
userAttrMapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);
Map<String, String> userAttrMapperConfig = userAttrMapper.getConfig();
userAttrMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME);
userAttrMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME);
userAttrMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, AttributeStatementHelper.BASIC);
userAttrMapperConfig.put(AttributeStatementHelper.FRIENDLY_NAME, "");
ProtocolMapperRepresentation userFriendlyAttrMapper = new ProtocolMapperRepresentation();
userFriendlyAttrMapper.setName("attribute - friendly name");
userFriendlyAttrMapper.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
userFriendlyAttrMapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);
Map<String, String> userFriendlyAttrMapperConfig = userFriendlyAttrMapper.getConfig();
userFriendlyAttrMapperConfig.put(ProtocolMapperUtils.USER_ATTRIBUTE, AbstractUserAttributeMapperTest.ATTRIBUTE_TO_MAP_FRIENDLY_NAME);
userFriendlyAttrMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "urn:oid:1.2.3.4.5.6.7");
userFriendlyAttrMapperConfig.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, AttributeStatementHelper.BASIC);
userFriendlyAttrMapperConfig.put(AttributeStatementHelper.FRIENDLY_NAME, AbstractUserAttributeMapperTest.ATTRIBUTE_TO_MAP_FRIENDLY_NAME);
client.setProtocolMappers(Arrays.asList(emailMapper, dottedAttrMapper, nestedAttrMapper, userAttrMapper, userFriendlyAttrMapper));
return client;
}
Example 18
| Source File: OAuth2OnlyTest.java From keycloak with Apache License 2.0 | 4 votes |
|
private final void trimRedirectUris(ClientRepresentation testApp) {
List<String> filteredUris = testApp.getRedirectUris().stream()
.filter(uri -> AUTH_SERVER_SSL_REQUIRED ? uri.startsWith("https://") : uri.startsWith("http://"))
.collect(Collectors.toList());
testApp.setRedirectUris(filteredUris);
}
Example 19
| Source File: UserTest.java From keycloak with Apache License 2.0 | 4 votes |
|
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void sendResetPasswordEmailWithRedirect() throws IOException {
UserRepresentation userRep = new UserRepresentation();
userRep.setEnabled(true);
userRep.setUsername("user1");
userRep.setEmail("[email protected]");
String id = createUser(userRep);
UserResource user = realm.users().get(id);
ClientRepresentation client = new ClientRepresentation();
client.setClientId("myclient");
client.setRedirectUris(new LinkedList<>());
client.getRedirectUris().add("http://myclient.com/*");
client.setName("myclient");
client.setEnabled(true);
Response response = realm.clients().create(client);
String createdId = ApiUtil.getCreatedId(response);
assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(createdId), client, ResourceType.CLIENT);
List<String> actions = new LinkedList<>();
actions.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
try {
// test that an invalid redirect uri is rejected.
user.executeActionsEmail("myclient", "http://unregistered-uri.com/", actions);
fail("Expected failure");
} catch (ClientErrorException e) {
assertEquals(400, e.getResponse().getStatus());
ErrorRepresentation error = e.getResponse().readEntity(ErrorRepresentation.class);
Assert.assertEquals("Invalid redirect uri.", error.getErrorMessage());
}
user.executeActionsEmail("myclient", "http://myclient.com/home.html", actions);
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(id) + "/execute-actions-email", ResourceType.USER);
Assert.assertEquals(1, greenMail.getReceivedMessages().length);
MimeMessage message = greenMail.getReceivedMessages()[0];
String link = MailUtils.getPasswordResetEmailLink(message);
driver.navigate().to(link);
proceedPage.assertCurrent();
Assert.assertThat(proceedPage.getInfo(), Matchers.containsString("Update Password"));
proceedPage.clickProceedLink();
passwordUpdatePage.assertCurrent();
passwordUpdatePage.changePassword("new-pass", "new-pass");
assertEquals("Your account has been updated.", driver.findElement(By.id("kc-page-title")).getText());
String pageSource = driver.getPageSource();
// check to make sure the back link is set.
Assert.assertTrue(pageSource.contains("http://myclient.com/home.html"));
driver.navigate().to(link);
assertEquals("We are sorry...", PageUtils.getPageTitle(driver));
}
Example 20
| Source File: ClientRegistrationTester.java From keycloak with Apache License 2.0 | 4 votes |
|
private static ClientRepresentation createRep1() {
ClientRepresentation rep = new ClientRepresentation();
rep.setRedirectUris(Arrays.asList("http://localhost:8080/app"));
rep.setDefaultRoles(new String[] { "foo-role" });
return rep;
}
