Java Code Examples for org.keycloak.representations.idm.RealmRepresentation#setAttributes()
The following examples show how to use
org.keycloak.representations.idm.RealmRepresentation#setAttributes() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: SamlReverseProxyTest.java From keycloak with Apache License 2.0 | 6 votes |
|
/**
* KEYCLOAK-12612
*
* Tests sending a SAML {@code AuthnRequest} through a reverse proxy. In this scenario the SAML {@code AuthnRequest}
* has a destination that matches the proxy server, but the request is forwarded to a keycloak server running in a
* different address.
*
* Validation of the destination and subsequent redirection to the login screen only work if the proxy server is configured
* as the {@code frontendUrl} of the realm.
*
* @throws Exception if an error occurs while running the test.
*/
@Test
public void testAuthnRequestWithReverseProxy() throws Exception {
// send an authn request without defining the frontendUrl for the realm - should get a BAD_REQUEST response
Document document = SAML2Request.convert(SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST,
SAML_ASSERTION_CONSUMER_URL_SALES_POST, this.buildSamlProtocolUrl(proxy.getUrl())));
testSendSamlRequest(document, Response.Status.BAD_REQUEST, containsString("Invalid Request"));
// set the frontendUrl pointing to the reverse proxy
RealmRepresentation rep = adminClient.realm(REALM_NAME).toRepresentation();
try {
if (rep.getAttributes() == null) {
rep.setAttributes(new HashMap<>());
}
rep.getAttributes().put("frontendUrl", proxy.getUrl());
adminClient.realm(REALM_NAME).update(rep);
// resend the authn request - should succeed this time
testSendSamlRequest(document, Response.Status.OK, containsString("login"));
} finally {
// restore the state of the realm (unset the frontendUrl)
rep.getAttributes().remove("frontendUrl");
adminClient.realm(REALM_NAME).update(rep);
}
}
Example 2
| Source File: SamlReverseProxyTest.java From keycloak with Apache License 2.0 | 6 votes |
|
/**
* KEYCLOAK-12944
*
* Tests sending a SAML {@code LogoutRequest} through a reverse proxy. In this scenario the SAML {@code LogoutRequest}
* has a destination that matches the proxy server, but the request is forwarded to a keycloak server running in a
* different address.
*
* Validation of the destination and any subsequent redirection only work if the proxy server is configured as the
* {@code frontendUrl} of the realm.
*
* @throws Exception if an error occurs while running the test.
*/
@Test
public void testLogoutRequestWithReverseProxy() throws Exception {
// send a logout request without defining the frontendUrl for the realm - should get a BAD_REQUEST response
Document document = new SAML2LogoutRequestBuilder().destination(
this.buildSamlProtocolUrl(proxy.getUrl()).toString()).issuer(SAML_CLIENT_ID_SALES_POST).buildDocument();
testSendSamlRequest(document, Response.Status.BAD_REQUEST, containsString("Invalid Request"));
// set the frontendUrl pointing to the reverse proxy
RealmRepresentation rep = adminClient.realm(REALM_NAME).toRepresentation();
try {
if (rep.getAttributes() == null) {
rep.setAttributes(new HashMap<>());
}
rep.getAttributes().put("frontendUrl", proxy.getUrl());
adminClient.realm(REALM_NAME).update(rep);
// resend the logout request - should succeed this time (we are actually not logging out anyone, just checking the request is properly validated
testSendSamlRequest(document, Response.Status.OK, containsString("login"));
} finally {
// restore the state of the realm (unset the frontendUrl)
rep.getAttributes().remove("frontendUrl");
adminClient.realm(REALM_NAME).update(rep);
}
}
Example 3
| Source File: KcOidcBrokerFrontendUrlTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
protected BrokerConfiguration getBrokerConfiguration() {
return new KcOidcBrokerConfiguration() {
@Override
public RealmRepresentation createConsumerRealm() {
RealmRepresentation realm = super.createConsumerRealm();
Map<String, String> attributes = new HashMap<>();
attributes.put("frontendUrl", proxy.getUrl());
realm.setAttributes(attributes);
return realm;
}
@Override
public List<ClientRepresentation> createProviderClients() {
List<ClientRepresentation> clients = super.createProviderClients();
List<String> redirectUris = new ArrayList<>();
redirectUris.add(proxy.getUrl() + "/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint/*");
clients.get(0).setRedirectUris(redirectUris);
return clients;
}
};
}
Example 4
| Source File: RealmTest.java From keycloak with Apache License 2.0 | 4 votes |
|
@Test
public void updateRealmAttributes() {
// first change
RealmRepresentation rep = new RealmRepresentation();
List<String> webAuthnPolicyAcceptableAaguids = new ArrayList<>();
webAuthnPolicyAcceptableAaguids.add("aaguid1");
webAuthnPolicyAcceptableAaguids.add("aaguid2");
rep.setAttributes(new HashMap<>());
rep.getAttributes().put("foo1", "bar1");
rep.getAttributes().put("foo2", "bar2");
rep.setWebAuthnPolicyAcceptableAaguids(webAuthnPolicyAcceptableAaguids);
rep.setBruteForceProtected(true);
rep.setDisplayName("dn1");
realm.update(rep);
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
rep = realm.toRepresentation();
assertEquals("bar1", rep.getAttributes().get("foo1"));
assertEquals("bar2", rep.getAttributes().get("foo2"));
assertTrue(rep.isBruteForceProtected());
assertEquals("dn1", rep.getDisplayName());
assertEquals(webAuthnPolicyAcceptableAaguids, rep.getWebAuthnPolicyAcceptableAaguids());
// second change
webAuthnPolicyAcceptableAaguids.clear();
rep.setBruteForceProtected(false);
rep.setDisplayName("dn2");
rep.getAttributes().put("foo1", "bar11");
rep.getAttributes().remove("foo2");
rep.setWebAuthnPolicyAcceptableAaguids(webAuthnPolicyAcceptableAaguids);
realm.update(rep);
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
rep = realm.toRepresentation();
assertFalse(rep.isBruteForceProtected());
assertEquals("dn2", rep.getDisplayName());
assertEquals("bar11", rep.getAttributes().get("foo1"));
assertFalse(rep.getAttributes().containsKey("foo2"));
assertTrue(rep.getWebAuthnPolicyAcceptableAaguids().isEmpty());
}
Example 5
| Source File: ResetPasswordTest.java From keycloak with Apache License 2.0 | 4 votes |
|
@Test
public void resetPasswordExpiredCodeAndAuthSessionPerActionLifespan() throws IOException, MessagingException, InterruptedException {
RealmRepresentation realmRep = testRealm().toRepresentation();
Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes()));
realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).build());
testRealm().update(realmRep);
try {
initiateResetPasswordFromResetPasswordPage("login-test");
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD)
.session((String)null)
.user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "[email protected]").assertEvent();
assertEquals(1, greenMail.getReceivedMessages().length);
MimeMessage message = greenMail.getReceivedMessages()[0];
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message).replace("&", "&");
setTimeOffset(70);
log.debug("Going to reset password URI.");
driver.navigate().to(oauth.AUTH_SERVER_ROOT + "/realms/test/login-actions/reset-credentials"); // This is necessary to delete KC_RESTART cookie that is restricted to /auth/realms/test path
log.debug("Removing cookies.");
driver.manage().deleteAllCookies();
driver.navigate().to(changePasswordUrl.trim());
errorPage.assertCurrent();
Assert.assertEquals("Action expired.", errorPage.getError());
String backToAppLink = errorPage.getBackToApplicationLink();
Assert.assertTrue(backToAppLink.endsWith("/app/auth"));
events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent();
} finally {
setTimeOffset(0);
realmRep.setAttributes(originalAttributes);
testRealm().update(realmRep);
}
}
Example 6
| Source File: ResetPasswordTest.java From keycloak with Apache License 2.0 | 4 votes |
|
@Test
public void resetPasswordExpiredCodeAndAuthSessionPerActionMultipleTimeouts() throws IOException, MessagingException, InterruptedException {
RealmRepresentation realmRep = testRealm().toRepresentation();
Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes()));
//Make sure that one attribute settings won't affect the other
realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).verifyEmailLifespan(300).build());
testRealm().update(realmRep);
try {
initiateResetPasswordFromResetPasswordPage("login-test");
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD)
.session((String)null)
.user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "[email protected]").assertEvent();
assertEquals(1, greenMail.getReceivedMessages().length);
MimeMessage message = greenMail.getReceivedMessages()[0];
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message).replace("&", "&");
setTimeOffset(70);
log.debug("Going to reset password URI.");
driver.navigate().to(oauth.AUTH_SERVER_ROOT + "/realms/test/login-actions/reset-credentials"); // This is necessary to delete KC_RESTART cookie that is restricted to /auth/realms/test path
log.debug("Removing cookies.");
driver.manage().deleteAllCookies();
driver.navigate().to(changePasswordUrl.trim());
errorPage.assertCurrent();
Assert.assertEquals("Action expired.", errorPage.getError());
String backToAppLink = errorPage.getBackToApplicationLink();
Assert.assertTrue(backToAppLink.endsWith("/app/auth"));
events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent();
} finally {
setTimeOffset(0);
realmRep.setAttributes(originalAttributes);
testRealm().update(realmRep);
}
}
Example 7
| Source File: ResetPasswordTest.java From keycloak with Apache License 2.0 | 4 votes |
|
@Test
public void resetPasswordExpiredCodeForgotPasswordFlowPerActionLifespan() throws IOException, MessagingException, InterruptedException {
RealmRepresentation realmRep = testRealm().toRepresentation();
Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes()));
realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).build());
testRealm().update(realmRep);
try {
// Redirect directly to KC "forgot password" endpoint instead of "authenticate" endpoint
String loginUrl = oauth.getLoginFormUrl();
String forgotPasswordUrl = loginUrl.replace("/auth?", "/forgot-credentials?"); // Workaround, but works
driver.navigate().to(forgotPasswordUrl);
resetPasswordPage.assertCurrent();
resetPasswordPage.changePassword("login-test");
loginPage.assertCurrent();
assertEquals("You should receive an email shortly with further instructions.", loginPage.getSuccessMessage());
expectedMessagesCount++;
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD)
.session((String)null)
.user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "[email protected]").assertEvent();
assertEquals(1, greenMail.getReceivedMessages().length);
MimeMessage message = greenMail.getReceivedMessages()[0];
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
setTimeOffset(70);
driver.navigate().to(changePasswordUrl.trim());
resetPasswordPage.assertCurrent();
assertEquals("Action expired. Please start again.", loginPage.getError());
events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent();
} finally {
setTimeOffset(0);
realmRep.setAttributes(originalAttributes);
testRealm().update(realmRep);
}
}
Example 8
| Source File: ResetPasswordTest.java From keycloak with Apache License 2.0 | 4 votes |
|
@Test
public void resetPasswordExpiredCodeForgotPasswordFlowPerActionMultipleTimeouts() throws IOException, MessagingException, InterruptedException {
RealmRepresentation realmRep = testRealm().toRepresentation();
Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes()));
//Make sure that one attribute settings won't affect the other
realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).verifyEmailLifespan(300).build());
testRealm().update(realmRep);
try {
// Redirect directly to KC "forgot password" endpoint instead of "authenticate" endpoint
String loginUrl = oauth.getLoginFormUrl();
String forgotPasswordUrl = loginUrl.replace("/auth?", "/forgot-credentials?"); // Workaround, but works
driver.navigate().to(forgotPasswordUrl);
resetPasswordPage.assertCurrent();
resetPasswordPage.changePassword("login-test");
loginPage.assertCurrent();
assertEquals("You should receive an email shortly with further instructions.", loginPage.getSuccessMessage());
expectedMessagesCount++;
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD)
.session((String)null)
.user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "[email protected]").assertEvent();
assertEquals(1, greenMail.getReceivedMessages().length);
MimeMessage message = greenMail.getReceivedMessages()[0];
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
setTimeOffset(70);
driver.navigate().to(changePasswordUrl.trim());
resetPasswordPage.assertCurrent();
assertEquals("Action expired. Please start again.", loginPage.getError());
events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent();
} finally {
setTimeOffset(0);
realmRep.setAttributes(originalAttributes);
testRealm().update(realmRep);
}
}
Example 9
| Source File: RequiredActionEmailVerificationTest.java From keycloak with Apache License 2.0 | 4 votes |
|
@Test
public void verifyEmailExpiredCodedPerActionLifespan() throws IOException, MessagingException {
RealmRepresentation realmRep = testRealm().toRepresentation();
Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes()));
realmRep.setAttributes(UserActionTokenBuilder.create().verifyEmailLifespan(60).build());
testRealm().update(realmRep);
loginPage.open();
loginPage.login("test-user@localhost", "password");
verifyEmailPage.assertCurrent();
Assert.assertEquals(1, greenMail.getReceivedMessages().length);
MimeMessage message = greenMail.getLastReceivedMessage();
String verificationUrl = getPasswordResetEmailLink(message);
events.poll();
try {
setTimeOffset(70);
driver.navigate().to(verificationUrl.trim());
loginPage.assertCurrent();
assertEquals("Action expired. Please start again.", loginPage.getError());
events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR)
.error(Errors.EXPIRED_CODE)
.client((String)null)
.user(testUserId)
.session((String)null)
.clearDetails()
.detail(Details.ACTION, VerifyEmailActionToken.TOKEN_TYPE)
.assertEvent();
} finally {
setTimeOffset(0);
realmRep.setAttributes(originalAttributes);
testRealm().update(realmRep);
}
}
Example 10
| Source File: RequiredActionEmailVerificationTest.java From keycloak with Apache License 2.0 | 4 votes |
|
@Test
public void verifyEmailExpiredCodedPerActionMultipleTimeouts() throws IOException, MessagingException {
RealmRepresentation realmRep = testRealm().toRepresentation();
Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes()));
//Make sure that one attribute settings won't affect the other
realmRep.setAttributes(UserActionTokenBuilder.create().verifyEmailLifespan(60).resetCredentialsLifespan(300).build());
testRealm().update(realmRep);
loginPage.open();
loginPage.login("test-user@localhost", "password");
verifyEmailPage.assertCurrent();
Assert.assertEquals(1, greenMail.getReceivedMessages().length);
MimeMessage message = greenMail.getLastReceivedMessage();
String verificationUrl = getPasswordResetEmailLink(message);
events.poll();
try {
setTimeOffset(70);
driver.navigate().to(verificationUrl.trim());
loginPage.assertCurrent();
assertEquals("Action expired. Please start again.", loginPage.getError());
events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR)
.error(Errors.EXPIRED_CODE)
.client((String)null)
.user(testUserId)
.session((String)null)
.clearDetails()
.detail(Details.ACTION, VerifyEmailActionToken.TOKEN_TYPE)
.assertEvent();
} finally {
setTimeOffset(0);
realmRep.setAttributes(originalAttributes);
testRealm().update(realmRep);
}
}
Example 11
| Source File: ResetPasswordTest.java From keycloak with Apache License 2.0 | 3 votes |
|
@Test
public void resetPasswordExpiredCodeShortPerActionLifespan() throws IOException, MessagingException, InterruptedException {
RealmRepresentation realmRep = testRealm().toRepresentation();
Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes()));
realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).build());
testRealm().update(realmRep);
try {
initiateResetPasswordFromResetPasswordPage("login-test");
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD)
.session((String)null)
.user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "[email protected]").assertEvent();
assertEquals(1, greenMail.getReceivedMessages().length);
MimeMessage message = greenMail.getReceivedMessages()[0];
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
setTimeOffset(70);
driver.navigate().to(changePasswordUrl.trim());
loginPage.assertCurrent();
assertEquals("Action expired. Please start again.", loginPage.getError());
events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent();
} finally {
setTimeOffset(0);
realmRep.setAttributes(originalAttributes);
testRealm().update(realmRep);
}
}
Example 12
| Source File: ResetPasswordTest.java From keycloak with Apache License 2.0 | 3 votes |
|
@Test
public void resetPasswordExpiredCodeShortPerActionMultipleTimeouts() throws IOException, MessagingException, InterruptedException {
RealmRepresentation realmRep = testRealm().toRepresentation();
Map<String, String> originalAttributes = Collections.unmodifiableMap(new HashMap<>(realmRep.getAttributes()));
//Make sure that one attribute settings won't affect the other
realmRep.setAttributes(UserActionTokenBuilder.create().resetCredentialsLifespan(60).verifyEmailLifespan(300).build());
testRealm().update(realmRep);
try {
initiateResetPasswordFromResetPasswordPage("login-test");
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD)
.session((String)null)
.user(userId).detail(Details.USERNAME, "login-test").detail(Details.EMAIL, "[email protected]").assertEvent();
assertEquals(1, greenMail.getReceivedMessages().length);
MimeMessage message = greenMail.getReceivedMessages()[0];
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
setTimeOffset(70);
driver.navigate().to(changePasswordUrl.trim());
loginPage.assertCurrent();
assertEquals("Action expired. Please start again.", loginPage.getError());
events.expectRequiredAction(EventType.EXECUTE_ACTION_TOKEN_ERROR).error("expired_code").client((String) null).user(userId).session((String) null).clearDetails().detail(Details.ACTION, ResetCredentialsActionToken.TOKEN_TYPE).assertEvent();
} finally {
setTimeOffset(0);
realmRep.setAttributes(originalAttributes);
testRealm().update(realmRep);
}
}
