Java Code Examples for org.keycloak.models.ClientModel#setProtocol()
The following examples show how to use
org.keycloak.models.ClientModel#setProtocol() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ClientModelTest.java From keycloak with Apache License 2.0 | 6 votes |
private ClientModel setUpClient(RealmModel realm) { ClientModel client = realm.addClient("application"); client.setName("Application"); client.setDescription("Description"); client.setBaseUrl("http://base"); client.setManagementUrl("http://management"); client.setClientId("app-name"); client.setProtocol("openid-connect"); client.addRole("role-1"); client.addRole("role-2"); client.addRole("role-3"); client.addDefaultRole("role-1"); client.addDefaultRole("role-2"); client.addRedirectUri("redirect-1"); client.addRedirectUri("redirect-2"); client.addWebOrigin("origin-1"); client.addWebOrigin("origin-2"); client.registerNode("node1", 10); client.registerNode("10.20.30.40", 50); client.addProtocolMapper(AddressMapper.createAddressMapper()); client.updateClient(); return client; }
Example 2
Source File: RealmManager.java From keycloak with Apache License 2.0 | 6 votes |
protected void setupAdminConsole(RealmModel realm) { ClientModel adminConsole = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID); if (adminConsole == null) adminConsole = KeycloakModelUtils.createClient(realm, Constants.ADMIN_CONSOLE_CLIENT_ID); adminConsole.setName("${client_" + Constants.ADMIN_CONSOLE_CLIENT_ID + "}"); adminConsole.setRootUrl(Constants.AUTH_ADMIN_URL_PROP); String baseUrl = "/admin/" + realm.getName() + "/console/"; adminConsole.setBaseUrl(baseUrl); adminConsole.addRedirectUri(baseUrl + "*"); adminConsole.setWebOrigins(Collections.singleton("+")); adminConsole.setEnabled(true); adminConsole.setAlwaysDisplayInConsole(false); adminConsole.setPublicClient(true); adminConsole.setFullScopeAllowed(false); adminConsole.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); adminConsole.setAttribute(OIDCConfigAttributes.PKCE_CODE_CHALLENGE_METHOD, "S256"); }
Example 3
Source File: RealmManager.java From keycloak with Apache License 2.0 | 6 votes |
private void setupRealmAdminManagement(RealmModel realm) { if (realm.getName().equals(Config.getAdminRealm())) { return; } // don't need to do this for master realm String realmAdminClientId = getRealmAdminClientId(realm); ClientModel realmAdminClient = realm.getClientByClientId(realmAdminClientId); if (realmAdminClient == null) { realmAdminClient = KeycloakModelUtils.createClient(realm, realmAdminClientId); realmAdminClient.setName("${client_" + realmAdminClientId + "}"); } RoleModel adminRole = realmAdminClient.addRole(AdminRoles.REALM_ADMIN); adminRole.setDescription("${role_" + AdminRoles.REALM_ADMIN + "}"); realmAdminClient.setBearerOnly(true); realmAdminClient.setFullScopeAllowed(false); realmAdminClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); for (String r : AdminRoles.ALL_REALM_ROLES) { addAndSetAdminRole(r, realmAdminClient, adminRole); } addQueryCompositeRoles(realmAdminClient); }
Example 4
Source File: RealmManager.java From keycloak with Apache License 2.0 | 6 votes |
public void setupBrokerService(RealmModel realm) { ClientModel client = realm.getClientByClientId(Constants.BROKER_SERVICE_CLIENT_ID); if (client == null) { client = KeycloakModelUtils.createClient(realm, Constants.BROKER_SERVICE_CLIENT_ID); client.setEnabled(true); client.setAlwaysDisplayInConsole(false); client.setName("${client_" + Constants.BROKER_SERVICE_CLIENT_ID + "}"); client.setFullScopeAllowed(false); client.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); for (String role : Constants.BROKER_SERVICE_ROLES) { RoleModel roleModel = client.addRole(role); roleModel.setDescription("${role_"+ role.toLowerCase().replaceAll("_", "-") +"}"); } } }
Example 5
Source File: MigrateTo9_0_0.java From keycloak with Apache License 2.0 | 5 votes |
protected void addAccountConsoleClient(RealmModel realm) { if (realm.getClientByClientId(Constants.ACCOUNT_CONSOLE_CLIENT_ID) == null) { ClientModel client = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_CONSOLE_CLIENT_ID); client.setName("${client_" + Constants.ACCOUNT_CONSOLE_CLIENT_ID + "}"); client.setEnabled(true); client.setFullScopeAllowed(false); client.setPublicClient(true); client.setDirectAccessGrantsEnabled(false); client.setRootUrl(Constants.AUTH_BASE_URL_PROP); String baseUrl = "/realms/" + realm.getName() + "/account/"; client.setBaseUrl(baseUrl); client.addRedirectUri(baseUrl + "*"); client.setProtocol("openid-connect"); RoleModel role = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).getRole(AccountRoles.MANAGE_ACCOUNT); if (role != null) client.addScopeMapping(role); ProtocolMapperModel audienceMapper = new ProtocolMapperModel(); audienceMapper.setName("audience resolve"); audienceMapper.setProtocol("openid-connect"); audienceMapper.setProtocolMapper("oidc-audience-resolve-mapper"); client.addProtocolMapper(audienceMapper); } }
Example 6
Source File: ClientTokenExchangeSAML2Test.java From keycloak with Apache License 2.0 | 5 votes |
private static void addDirectExchanger(KeycloakSession session) { RealmModel realm = session.realms().getRealmByName(TEST); RoleModel exampleRole = realm.addRole("example"); AdminPermissionManagement management = AdminPermissions.management(session, realm); ClientModel directExchanger = realm.addClient("direct-exchanger"); directExchanger.setName("direct-exchanger"); directExchanger.setClientId("direct-exchanger"); directExchanger.setPublicClient(false); directExchanger.setDirectAccessGrantsEnabled(true); directExchanger.setEnabled(true); directExchanger.setSecret("secret"); directExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); directExchanger.setFullScopeAllowed(false); // permission for client to client exchange to "target" client management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_SIGNED_TARGET), true); management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_ENCRYPTED_TARGET), true); management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_SIGNED_AND_ENCRYPTED_TARGET), true); management.clients().setPermissionsEnabled(realm.getClientByClientId(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET), true); ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation(); clientImpersonateRep.setName("clientImpersonatorsDirect"); clientImpersonateRep.addClient(directExchanger.getId()); ResourceServer server = management.realmResourceServer(); Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server); management.users().setPermissionsEnabled(true); management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy); management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE); UserModel impersonatedUser = session.users().addUser(realm, "impersonated-user"); impersonatedUser.setEnabled(true); session.userCredentialManager().updateCredential(realm, impersonatedUser, UserCredentialModel.password("password")); impersonatedUser.grantRole(exampleRole); }
Example 7
Source File: BrokerLinkAndTokenExchangeTest.java From keycloak with Apache License 2.0 | 5 votes |
public static void setupRealm(KeycloakSession session) { RealmModel realm = session.realms().getRealmByName(CHILD_IDP); ClientModel client = realm.getClientByClientId(ClientApp.DEPLOYMENT_NAME); IdentityProviderModel idp = realm.getIdentityProviderByAlias(PARENT_IDP); Assert.assertNotNull(idp); ClientModel directExchanger = realm.addClient("direct-exchanger"); directExchanger.setClientId("direct-exchanger"); directExchanger.setPublicClient(false); directExchanger.setDirectAccessGrantsEnabled(true); directExchanger.setEnabled(true); directExchanger.setSecret("secret"); directExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); directExchanger.setFullScopeAllowed(false); AdminPermissionManagement management = AdminPermissions.management(session, realm); management.idps().setPermissionsEnabled(idp, true); ClientPolicyRepresentation clientRep = new ClientPolicyRepresentation(); clientRep.setName("toIdp"); clientRep.addClient(client.getId()); clientRep.addClient(directExchanger.getId()); ResourceServer server = management.realmResourceServer(); Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server); management.idps().exchangeToPermission(idp).addAssociatedPolicy(clientPolicy); // permission for user impersonation for a client ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation(); clientImpersonateRep.setName("clientImpersonators"); clientImpersonateRep.addClient(directExchanger.getId()); server = management.realmResourceServer(); Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server); management.users().setPermissionsEnabled(true); management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy); management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE); }
Example 8
Source File: SocialLoginTest.java From keycloak with Apache License 2.0 | 5 votes |
public static void setupClientExchangePermissions(KeycloakSession session) { RealmModel realm = session.realms().getRealmByName(REALM); ClientModel client = session.realms().getClientByClientId(EXCHANGE_CLIENT, realm); // lazy init if (client != null) return; client = realm.addClient(EXCHANGE_CLIENT); client.setSecret("secret"); client.setPublicClient(false); client.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); client.setEnabled(true); client.setDirectAccessGrantsEnabled(true); ClientPolicyRepresentation clientPolicyRep = new ClientPolicyRepresentation(); clientPolicyRep.setName("client-policy"); clientPolicyRep.addClient(client.getId()); AdminPermissionManagement management = AdminPermissions.management(session, realm); management.users().setPermissionsEnabled(true); ResourceServer server = management.realmResourceServer(); Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientPolicyRep, server); management.users().adminImpersonatingPermission().addAssociatedPolicy(clientPolicy); management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE); for (IdentityProviderModel idp : realm.getIdentityProviders()) { management.idps().setPermissionsEnabled(idp, true); management.idps().exchangeToPermission(idp).addAssociatedPolicy(clientPolicy); } }
Example 9
Source File: RealmManager.java From keycloak with Apache License 2.0 | 5 votes |
public void setupAdminCli(RealmModel realm) { ClientModel adminCli = realm.getClientByClientId(Constants.ADMIN_CLI_CLIENT_ID); if (adminCli == null) { adminCli = KeycloakModelUtils.createClient(realm, Constants.ADMIN_CLI_CLIENT_ID); adminCli.setName("${client_" + Constants.ADMIN_CLI_CLIENT_ID + "}"); adminCli.setEnabled(true); adminCli.setAlwaysDisplayInConsole(false); adminCli.setPublicClient(true); adminCli.setFullScopeAllowed(false); adminCli.setStandardFlowEnabled(false); adminCli.setDirectAccessGrantsEnabled(true); adminCli.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); } }
Example 10
Source File: ClientTokenExchangeSAML2Test.java From keycloak with Apache License 2.0 | 4 votes |
private static void addTargetClients(KeycloakSession session) { RealmModel realm = session.realms().getRealmByName(TEST); // Create SAML 2.0 target clients ClientModel samlSignedTarget = realm.addClient(SAML_SIGNED_TARGET); samlSignedTarget.setClientId(SAML_SIGNED_TARGET); samlSignedTarget.setEnabled(true); samlSignedTarget.setProtocol(SamlProtocol.LOGIN_PROTOCOL); samlSignedTarget.setFullScopeAllowed(true); samlSignedTarget.setAttribute(SamlConfigAttributes.SAML_AUTHNSTATEMENT, "true"); samlSignedTarget.setAttribute(SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE, SAML_SIGNED_TARGET + "endpoint"); samlSignedTarget.setAttribute(SamlConfigAttributes.SAML_NAME_ID_FORMAT_ATTRIBUTE, "username"); samlSignedTarget.setAttribute(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, "true"); samlSignedTarget.setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "true"); samlSignedTarget.setAttribute(SamlConfigAttributes.SAML_ENCRYPT, "false"); ClientModel samlEncryptedTarget = realm.addClient(SAML_ENCRYPTED_TARGET); samlEncryptedTarget.setClientId(SAML_ENCRYPTED_TARGET); samlEncryptedTarget.setEnabled(true); samlEncryptedTarget.setProtocol(SamlProtocol.LOGIN_PROTOCOL); samlEncryptedTarget.setFullScopeAllowed(true); samlEncryptedTarget.setAttribute(SamlConfigAttributes.SAML_AUTHNSTATEMENT, "true"); samlEncryptedTarget.setAttribute(SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE, SAML_ENCRYPTED_TARGET + "endpoint"); samlEncryptedTarget.setAttribute(SamlConfigAttributes.SAML_NAME_ID_FORMAT_ATTRIBUTE, "username"); samlEncryptedTarget.setAttribute(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, "false"); samlEncryptedTarget.setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "true"); samlEncryptedTarget.setAttribute(SamlConfigAttributes.SAML_ENCRYPT, "true"); samlEncryptedTarget.setAttribute(SamlConfigAttributes.SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE, ENCRYPTION_CERTIFICATE); samlEncryptedTarget.setAttribute(SamlConfigAttributes.SAML_ASSERTION_LIFESPAN, "30"); ClientModel samlSignedAndEncryptedTarget = realm.addClient(SAML_SIGNED_AND_ENCRYPTED_TARGET); samlSignedAndEncryptedTarget.setClientId(SAML_SIGNED_AND_ENCRYPTED_TARGET); samlSignedAndEncryptedTarget.setEnabled(true); samlSignedAndEncryptedTarget.setProtocol(SamlProtocol.LOGIN_PROTOCOL); samlSignedAndEncryptedTarget.setFullScopeAllowed(true); samlSignedAndEncryptedTarget.setAttribute(SamlConfigAttributes.SAML_AUTHNSTATEMENT, "true"); samlSignedAndEncryptedTarget.setAttribute(SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE, SAML_SIGNED_AND_ENCRYPTED_TARGET + "endpoint"); samlSignedAndEncryptedTarget.setAttribute(SamlConfigAttributes.SAML_NAME_ID_FORMAT_ATTRIBUTE, "username"); samlSignedAndEncryptedTarget.setAttribute(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, "true"); samlSignedAndEncryptedTarget.setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "true"); samlSignedAndEncryptedTarget.setAttribute(SamlConfigAttributes.SAML_ENCRYPT, "true"); samlSignedAndEncryptedTarget.setAttribute(SamlConfigAttributes.SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE, ENCRYPTION_CERTIFICATE); ClientModel samlUnsignedAndUnencryptedTarget = realm.addClient(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET); samlUnsignedAndUnencryptedTarget.setClientId(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET); samlUnsignedAndUnencryptedTarget.setEnabled(true); samlUnsignedAndUnencryptedTarget.setProtocol(SamlProtocol.LOGIN_PROTOCOL); samlUnsignedAndUnencryptedTarget.setFullScopeAllowed(true); samlUnsignedAndUnencryptedTarget.setAttribute(SamlConfigAttributes.SAML_AUTHNSTATEMENT, "true"); samlUnsignedAndUnencryptedTarget.setAttribute(SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE, SAML_UNSIGNED_AND_UNENCRYPTED_TARGET + "endpoint"); samlUnsignedAndUnencryptedTarget.setAttribute(SamlConfigAttributes.SAML_NAME_ID_FORMAT_ATTRIBUTE, "username"); samlUnsignedAndUnencryptedTarget.setAttribute(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, "false"); samlUnsignedAndUnencryptedTarget.setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "true"); samlUnsignedAndUnencryptedTarget.setAttribute(SamlConfigAttributes.SAML_ENCRYPT, "false"); }
Example 11
Source File: ClientTokenExchangeTest.java From keycloak with Apache License 2.0 | 4 votes |
public static void setupRealm(KeycloakSession session) { addDirectExchanger(session); RealmModel realm = session.realms().getRealmByName(TEST); RoleModel exampleRole = realm.getRole("example"); AdminPermissionManagement management = AdminPermissions.management(session, realm); ClientModel target = realm.getClientByClientId("target"); assertNotNull(target); RoleModel impersonateRole = management.getRealmManagementClient().getRole(ImpersonationConstants.IMPERSONATION_ROLE); ClientModel clientExchanger = realm.addClient("client-exchanger"); clientExchanger.setClientId("client-exchanger"); clientExchanger.setPublicClient(false); clientExchanger.setDirectAccessGrantsEnabled(true); clientExchanger.setEnabled(true); clientExchanger.setSecret("secret"); clientExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); clientExchanger.setFullScopeAllowed(false); clientExchanger.addScopeMapping(impersonateRole); clientExchanger.addProtocolMapper(UserSessionNoteMapper.createUserSessionNoteMapper(IMPERSONATOR_ID)); clientExchanger.addProtocolMapper(UserSessionNoteMapper.createUserSessionNoteMapper(IMPERSONATOR_USERNAME)); ClientModel illegal = realm.addClient("illegal"); illegal.setClientId("illegal"); illegal.setPublicClient(false); illegal.setDirectAccessGrantsEnabled(true); illegal.setEnabled(true); illegal.setSecret("secret"); illegal.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); illegal.setFullScopeAllowed(false); ClientModel legal = realm.addClient("legal"); legal.setClientId("legal"); legal.setPublicClient(false); legal.setDirectAccessGrantsEnabled(true); legal.setEnabled(true); legal.setSecret("secret"); legal.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); legal.setFullScopeAllowed(false); ClientModel directLegal = realm.addClient("direct-legal"); directLegal.setClientId("direct-legal"); directLegal.setPublicClient(false); directLegal.setDirectAccessGrantsEnabled(true); directLegal.setEnabled(true); directLegal.setSecret("secret"); directLegal.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); directLegal.setFullScopeAllowed(false); ClientModel directPublic = realm.addClient("direct-public"); directPublic.setClientId("direct-public"); directPublic.setPublicClient(true); directPublic.setDirectAccessGrantsEnabled(true); directPublic.setEnabled(true); directPublic.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); directPublic.setFullScopeAllowed(false); ClientModel directNoSecret = realm.addClient("direct-no-secret"); directNoSecret.setClientId("direct-no-secret"); directNoSecret.setPublicClient(false); directNoSecret.setDirectAccessGrantsEnabled(true); directNoSecret.setEnabled(true); directNoSecret.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); directNoSecret.setFullScopeAllowed(false); // permission for client to client exchange to "target" client ClientPolicyRepresentation clientRep = new ClientPolicyRepresentation(); clientRep.setName("to"); clientRep.addClient(clientExchanger.getId()); clientRep.addClient(legal.getId()); clientRep.addClient(directLegal.getId()); ResourceServer server = management.realmResourceServer(); Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientRep, server); management.clients().exchangeToPermission(target).addAssociatedPolicy(clientPolicy); // permission for user impersonation for a client ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation(); clientImpersonateRep.setName("clientImpersonators"); clientImpersonateRep.addClient(directLegal.getId()); clientImpersonateRep.addClient(directPublic.getId()); clientImpersonateRep.addClient(directNoSecret.getId()); server = management.realmResourceServer(); Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server); management.users().setPermissionsEnabled(true); management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy); management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE); UserModel user = session.users().addUser(realm, "user"); user.setEnabled(true); session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password("password")); user.grantRole(exampleRole); user.grantRole(impersonateRole); UserModel bad = session.users().addUser(realm, "bad-impersonator"); bad.setEnabled(true); session.userCredentialManager().updateCredential(realm, bad, UserCredentialModel.password("password")); }
Example 12
Source File: ClientTokenExchangeTest.java From keycloak with Apache License 2.0 | 4 votes |
private static void addDirectExchanger(KeycloakSession session) { RealmModel realm = session.realms().getRealmByName(TEST); RoleModel exampleRole = realm.addRole("example"); AdminPermissionManagement management = AdminPermissions.management(session, realm); ClientModel target = realm.addClient("target"); target.setName("target"); target.setClientId("target"); target.setDirectAccessGrantsEnabled(true); target.setEnabled(true); target.setSecret("secret"); target.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); target.setFullScopeAllowed(false); target.addScopeMapping(exampleRole); ClientModel directExchanger = realm.addClient("direct-exchanger"); directExchanger.setName("direct-exchanger"); directExchanger.setClientId("direct-exchanger"); directExchanger.setPublicClient(false); directExchanger.setDirectAccessGrantsEnabled(true); directExchanger.setEnabled(true); directExchanger.setSecret("secret"); directExchanger.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); directExchanger.setFullScopeAllowed(false); // permission for client to client exchange to "target" client management.clients().setPermissionsEnabled(target, true); ClientPolicyRepresentation clientImpersonateRep = new ClientPolicyRepresentation(); clientImpersonateRep.setName("clientImpersonatorsDirect"); clientImpersonateRep.addClient(directExchanger.getId()); ResourceServer server = management.realmResourceServer(); Policy clientImpersonatePolicy = management.authz().getStoreFactory().getPolicyStore().create(clientImpersonateRep, server); management.users().setPermissionsEnabled(true); management.users().adminImpersonatingPermission().addAssociatedPolicy(clientImpersonatePolicy); management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE); UserModel impersonatedUser = session.users().addUser(realm, "impersonated-user"); impersonatedUser.setEnabled(true); session.userCredentialManager().updateCredential(realm, impersonatedUser, UserCredentialModel.password("password")); impersonatedUser.grantRole(exampleRole); }
Example 13
Source File: RealmManager.java From keycloak with Apache License 2.0 | 4 votes |
private void setupAccountManagement(RealmModel realm) { ClientModel accountClient = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID); if (accountClient == null) { accountClient = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_MANAGEMENT_CLIENT_ID); accountClient.setName("${client_" + Constants.ACCOUNT_MANAGEMENT_CLIENT_ID + "}"); accountClient.setEnabled(true); accountClient.setAlwaysDisplayInConsole(false); accountClient.setFullScopeAllowed(false); accountClient.setRootUrl(Constants.AUTH_BASE_URL_PROP); String baseUrl = "/realms/" + realm.getName() + "/account/"; accountClient.setBaseUrl(baseUrl); accountClient.addRedirectUri(baseUrl + "*"); accountClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); for (String role : AccountRoles.ALL) { accountClient.addDefaultRole(role); RoleModel roleModel = accountClient.getRole(role); roleModel.setDescription("${role_" + role + "}"); } RoleModel manageAccountLinks = accountClient.addRole(AccountRoles.MANAGE_ACCOUNT_LINKS); manageAccountLinks.setDescription("${role_" + AccountRoles.MANAGE_ACCOUNT_LINKS + "}"); RoleModel manageAccount = accountClient.getRole(AccountRoles.MANAGE_ACCOUNT); manageAccount.addCompositeRole(manageAccountLinks); RoleModel viewAppRole = accountClient.addRole(AccountRoles.VIEW_APPLICATIONS); viewAppRole.setDescription("${role_" + AccountRoles.VIEW_APPLICATIONS + "}"); RoleModel viewConsentRole = accountClient.addRole(AccountRoles.VIEW_CONSENT); viewConsentRole.setDescription("${role_" + AccountRoles.VIEW_CONSENT + "}"); RoleModel manageConsentRole = accountClient.addRole(AccountRoles.MANAGE_CONSENT); manageConsentRole.setDescription("${role_" + AccountRoles.MANAGE_CONSENT + "}"); manageConsentRole.addCompositeRole(viewConsentRole); ClientModel accountConsoleClient = realm.getClientByClientId(Constants.ACCOUNT_CONSOLE_CLIENT_ID); if (accountConsoleClient == null) { accountConsoleClient = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_CONSOLE_CLIENT_ID); accountConsoleClient.setName("${client_" + Constants.ACCOUNT_CONSOLE_CLIENT_ID + "}"); accountConsoleClient.setEnabled(true); accountConsoleClient.setAlwaysDisplayInConsole(false); accountConsoleClient.setFullScopeAllowed(false); accountConsoleClient.setPublicClient(true); accountConsoleClient.setDirectAccessGrantsEnabled(false); accountConsoleClient.setRootUrl(Constants.AUTH_BASE_URL_PROP); accountConsoleClient.setBaseUrl(baseUrl); accountConsoleClient.addRedirectUri(baseUrl + "*"); accountConsoleClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); accountConsoleClient.addScopeMapping(accountClient.getRole(AccountRoles.MANAGE_ACCOUNT)); ProtocolMapperModel audienceMapper = new ProtocolMapperModel(); audienceMapper.setName(OIDCLoginProtocolFactory.AUDIENCE_RESOLVE); audienceMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); audienceMapper.setProtocolMapper(AudienceResolveProtocolMapper.PROVIDER_ID); accountConsoleClient.addProtocolMapper(audienceMapper); accountConsoleClient.setAttribute(OIDCConfigAttributes.PKCE_CODE_CHALLENGE_METHOD, "S256"); } } }