Java Code Examples for org.keycloak.representations.idm.ClientRepresentation#setServiceAccountsEnabled()

@Test
public void countUsersNotServiceAccount() {
    createUsers();

    Integer count = realm.users().count();
    assertEquals(9, count.intValue());

    ClientRepresentation client = new ClientRepresentation();

    client.setClientId("test-client");
    client.setPublicClient(false);
    client.setSecret("secret");
    client.setServiceAccountsEnabled(true);
    client.setEnabled(true);
    client.setRedirectUris(Arrays.asList("http://url"));

    getAdminClient().realm(REALM_NAME).clients().create(client);

    // KEYCLOAK-5660, should not consider service accounts
    assertEquals(9, realm.users().count().intValue());
}
 

private void configTestRealmForTokenIntrospection(RealmRepresentation testRealm) {
    ClientRepresentation confApp = KeycloakModelUtils.createClient(testRealm, "confidential-cli");
    confApp.setSecret("secret1");
    confApp.setServiceAccountsEnabled(Boolean.TRUE);

    ClientRepresentation pubApp = KeycloakModelUtils.createClient(testRealm, "public-cli");
    pubApp.setPublicClient(Boolean.TRUE);

    UserRepresentation user = new UserRepresentation();
    user.setUsername("no-permissions");
    CredentialRepresentation credential = new CredentialRepresentation();
    credential.setType("password");
    credential.setValue("password");
    List<CredentialRepresentation> creds = new ArrayList<>();
    creds.add(credential);
    user.setCredentials(creds);
    user.setEnabled(Boolean.TRUE);
    List<String> realmRoles = new ArrayList<>();
    realmRoles.add("user");
    user.setRealmRoles(realmRoles);
    testRealm.getUsers().add(user);
}
 

protected void enableAuthorizationServices(boolean enable) {
    ClientRepresentation resourceServer = getResourceServer();

    resourceServer.setAuthorizationServicesEnabled(enable);
    resourceServer.setServiceAccountsEnabled(true);
    resourceServer.setPublicClient(false);
    resourceServer.setSecret("secret");

    getClientResource().update(resourceServer);

    if (enable) {
        AuthorizationResource authorization = getClientResource().authorization();
        ResourceServerRepresentation settings = authorization.exportSettings();
        settings.setAllowRemoteResourceManagement(true);
        authorization.update(settings);
    }
}
 

@Before
public void createClientWithServiceAccount() {
    ClientRepresentation client = new ClientRepresentation();
    client.setClientId(CLIENT_SERVICE_ACCOUNT);
    client.setName(CLIENT_SERVICE_ACCOUNT);
    client.setRootUrl("http://localhost/foo");
    client.setProtocol("openid-connect");
    client.setPublicClient(false);
    client.setSecret("secret");
    client.setServiceAccountsEnabled(true);
    try (Response resp = testRealmResource().clients().create(client)) {
        String id = ApiUtil.getCreatedId(resp);
        UserRepresentation serviceAccountUser = testRealmResource().clients().get(id).getServiceAccountUser();
        assertNotNull(serviceAccountUser);
    }
}
 

@Test
public void withServiceAccount() throws ClientRegistrationException {
    authManageClients();
    ClientRepresentation clientRep = buildClient();
    clientRep.setServiceAccountsEnabled(true);

    ClientRepresentation rep = registerClient(clientRep);

    UserRepresentation serviceAccountUser = adminClient.realm("test").clients().get(rep.getId()).getServiceAccountUser();

    assertNotNull(serviceAccountUser);

    deleteClient(rep);

    try {
        adminClient.realm("test").users().get(serviceAccountUser.getId()).toRepresentation();
        fail("Expected NotFoundException");
    } catch (NotFoundException e) {
    }
}
 

@Override
public void configureTestRealm(RealmRepresentation testRealm) {
   ClientRepresentation properConfiguration = KeycloakModelUtils.createClient(testRealm, CLIENT_ID);
   properConfiguration.setServiceAccountsEnabled(Boolean.TRUE);
   properConfiguration.setRedirectUris(Arrays.asList("https://localhost:8543/auth/realms/master/app/auth"));
   properConfiguration.setClientAuthenticatorType(X509ClientAuthenticator.PROVIDER_ID);
   properConfiguration.setAttributes(Collections.singletonMap(X509ClientAuthenticator.ATTR_SUBJECT_DN, "(.*?)(?:$)"));

   ClientRepresentation disabledConfiguration = KeycloakModelUtils.createClient(testRealm, DISABLED_CLIENT_ID);
   disabledConfiguration.setServiceAccountsEnabled(Boolean.TRUE);
   disabledConfiguration.setRedirectUris(Arrays.asList("https://localhost:8543/auth/realms/master/app/auth"));
   disabledConfiguration.setClientAuthenticatorType(X509ClientAuthenticator.PROVIDER_ID);
   disabledConfiguration.setAttributes(Collections.singletonMap(X509ClientAuthenticator.ATTR_SUBJECT_DN, "(.*?)(?:$)"));

   ClientRepresentation exactSubjectDNConfiguration = KeycloakModelUtils.createClient(testRealm, EXACT_SUBJECT_DN_CLIENT_ID);
   exactSubjectDNConfiguration.setServiceAccountsEnabled(Boolean.TRUE);
   exactSubjectDNConfiguration.setRedirectUris(Arrays.asList("https://localhost:8543/auth/realms/master/app/auth"));
   exactSubjectDNConfiguration.setClientAuthenticatorType(X509ClientAuthenticator.PROVIDER_ID);
   exactSubjectDNConfiguration.setAttributes(Collections.singletonMap(X509ClientAuthenticator.ATTR_SUBJECT_DN, EXACT_CERTIFICATE_SUBJECT_DN));
}
 

@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    RealmRepresentation realmRepresentation = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
    RealmBuilder realm = RealmBuilder.edit(realmRepresentation).testEventListener();
    RealmRepresentation testRealm = realm.build();
    testRealms.add(testRealm);

    ClientRepresentation samlApp = KeycloakModelUtils.createClient(testRealm, "saml-client");
    samlApp.setSecret("secret");
    samlApp.setServiceAccountsEnabled(true);
    samlApp.setDirectAccessGrantsEnabled(true);
}
 

protected String createOidcConfidentialClientWithAuthz(String name) {
    ClientRepresentation clientRep = createOidcClientRep(name);
    clientRep.setBearerOnly(Boolean.FALSE);
    clientRep.setPublicClient(Boolean.FALSE);
    clientRep.setAuthorizationServicesEnabled(Boolean.TRUE);
    clientRep.setServiceAccountsEnabled(Boolean.TRUE);
    String id = createClient(clientRep);
    assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.clientResourcePath(id), ResourceType.AUTHORIZATION_RESOURCE_SERVER);
    return id;
}
 

private void addClients(boolean withServiceAccounts) throws IOException {
    List<ClientRepresentation> clients = new ArrayList<>();
    List<UserRepresentation> serviceAccounts = new ArrayList<>();

    for (int i = 0; i < NUM_ENTITIES; i++) {
        ClientRepresentation client = new ClientRepresentation();
        client.setClientId(CLIENT_PREFIX + i);
        client.setName(CLIENT_PREFIX + i);
        clients.add(client);
        if (withServiceAccounts) {
            client.setServiceAccountsEnabled(true);
            client.setBearerOnly(false);
            client.setPublicClient(false);
            client.setAuthorizationSettings(resourceServerSampleSettings);
            client.setAuthorizationServicesEnabled(true);
            // create the user service account
            UserRepresentation serviceAccount = new UserRepresentation();
            serviceAccount.setUsername(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + client.getClientId());
            serviceAccount.setEnabled(true);
            serviceAccount.setEmail(serviceAccount.getUsername() + "@placeholder.org");
            serviceAccount.setServiceAccountClientId(client.getClientId());
            serviceAccounts.add(serviceAccount);
        }
    }

    if (withServiceAccounts) {
        if (piRep.getUsers() == null) {
            piRep.setUsers(new ArrayList<>());
        }
        piRep.getUsers().addAll(serviceAccounts);
    }
    piRep.setClients(clients);
}
 

@Override
public void configureTestRealm(RealmRepresentation testRealm) {
    ClientRepresentation confApp = KeycloakModelUtils.createClient(testRealm, "confidential-cli");
    confApp.setSecret("secret1");
    confApp.setServiceAccountsEnabled(Boolean.TRUE);

    ClientRepresentation pubApp = KeycloakModelUtils.createClient(testRealm, "public-cli");
    pubApp.setPublicClient(Boolean.TRUE);

    ClientRepresentation samlApp = KeycloakModelUtils.createClient(testRealm, "saml-client");
    samlApp.setSecret("secret2");
    samlApp.setServiceAccountsEnabled(Boolean.TRUE);
    samlApp.setProtocol("saml");

    UserRepresentation user = new UserRepresentation();
    user.setUsername("no-permissions");
    CredentialRepresentation credential = new CredentialRepresentation();
    credential.setType("password");
    credential.setValue("password");
    List<CredentialRepresentation> creds = new ArrayList<>();
    creds.add(credential);
    user.setCredentials(creds);
    user.setEnabled(Boolean.TRUE);
    List<String> realmRoles = new ArrayList<>();
    realmRoles.add("user");
    user.setRealmRoles(realmRoles);
    testRealm.getUsers().add(user);
}
 

@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    super.addTestRealms(testRealms);
    RealmRepresentation testRealm = testRealms.get(0);
    testRealm.setPrivateKey(PRIVATE_KEY);
    testRealm.setPublicKey(PUBLIC_KEY);

    ClientRepresentation samlApp = KeycloakModelUtils.createClient(testRealm, "saml-client");
    samlApp.setSecret("secret");
    samlApp.setServiceAccountsEnabled(true);
    samlApp.setDirectAccessGrantsEnabled(true);
}
 

@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    super.addTestRealms(testRealms);
    RealmRepresentation testRealm = testRealms.get(0);

    ClientRepresentation samlApp = KeycloakModelUtils.createClient(testRealm, "oidc-client");
    samlApp.setSecret("secret");
    samlApp.setServiceAccountsEnabled(true);
    samlApp.setDirectAccessGrantsEnabled(true);
}
 

@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
    RealmRepresentation realm = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
    testRealms.add(realm);

    ClientRepresentation confApp = KeycloakModelUtils.createClient(realm, "confidential-cli");
    confApp.setSecret("secret1");
    confApp.setServiceAccountsEnabled(Boolean.TRUE);
}
 

private ClientRepresentation createResourceServer() {
    ClientRepresentation newClient = createClientRep("oidc-confidetial", OIDC);

    createClient(newClient);

    newClient.setRedirectUris(TEST_REDIRECT_URIs);
    newClient.setAuthorizationServicesEnabled(true);

    clientSettingsPage.form().setAccessType(ClientSettingsForm.OidcAccessType.CONFIDENTIAL);
    clientSettingsPage.form().setRedirectUris(TEST_REDIRECT_URIs);
    clientSettingsPage.form().setAuthorizationSettingsEnabled(true);
    clientSettingsPage.form().save();
    assertAlertSuccess();

    ClientRepresentation found = findClientByClientId(newClient.getClientId());
    assertNotNull("Client " + newClient.getClientId() + " was not found.", found);

    newClient.setPublicClient(false);
    newClient.setServiceAccountsEnabled(true);

    assertClientSettingsEqual(newClient, found);
    assertTrue(clientSettingsPage.tabs().getTabs().findElement(By.linkText("Authorization")).isDisplayed());

    clientSettingsPage.setId(found.getId());
    clientSettingsPage.navigateTo();
    authorizationPage.setId(found.getId());

    clientSettingsPage.tabs().authorization();
    assertTrue(authorizationPage.isCurrent());

    newClient.setId(found.getId());

    return newClient;
}
 

public void setServiceAccountsEnabled(Boolean enabled) {
    ClientRepresentation app = clientResource.toRepresentation();
    app.setServiceAccountsEnabled(enabled);
    clientResource.update(app);
}