diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.6.0.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.6.0.xml
index b50a4f465f..5b0a0da893 100644
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.6.0.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.6.0.xml
@@ -31,7 +31,7 @@
-
+
@@ -47,14 +47,14 @@
-
+
-
-
+
+
\ No newline at end of file
diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.6.1.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.6.1.xml
new file mode 100644
index 0000000000..4e0129eee7
--- /dev/null
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.6.1.xml
@@ -0,0 +1,105 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-master.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-master.xml
index 93c2824a42..2acc0bba74 100755
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-master.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-master.xml
@@ -9,6 +9,6 @@
-
+
diff --git a/distribution/saml-adapters/jetty91-adapter-zip/pom.xml b/distribution/saml-adapters/jetty91-adapter-zip/pom.xml
index 2c15be444a..733aabf157 100755
--- a/distribution/saml-adapters/jetty91-adapter-zip/pom.xml
+++ b/distribution/saml-adapters/jetty91-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
keycloak-parent
org.keycloak
- 1.6.0.Final-SNAPSHOT
+
../../../pom.xml
diff --git a/docbook/auth-server-docs/pom.xml b/docbook/auth-server-docs/pom.xml
index e605049e08..a7c2ddd33f 100755
--- a/docbook/auth-server-docs/pom.xml
+++ b/docbook/auth-server-docs/pom.xml
@@ -2,7 +2,7 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- keycloak-parent
+ keycloak-docbook-parent
org.keycloak
1.7.0.Final-SNAPSHOT
../pom.xml
diff --git a/docbook/auth-server-docs/reference/en/en-US/modules/javascript-adapter.xml b/docbook/auth-server-docs/reference/en/en-US/modules/javascript-adapter.xml
index 33d62dca2d..2036afbd8a 100755
--- a/docbook/auth-server-docs/reference/en/en-US/modules/javascript-adapter.xml
+++ b/docbook/auth-server-docs/reference/en/en-US/modules/javascript-adapter.xml
@@ -210,6 +210,7 @@ new Keycloak({ url: 'http://localhost/auth', realm: 'myrealm', clientId: 'myApp'
prompt - can be set to 'none' to check if the user is logged in already (if not logged in, a login form is not displayed)
loginHint - used to pre-fill the username/email field on the login form
action - if value is 'register' then user is redirected to registration page, otherwise to login page
+ locale - specifies the desired locale for the UI
diff --git a/docbook/saml-adapter-docs/pom.xml b/docbook/saml-adapter-docs/pom.xml
index 63bf70450e..975ac5cd48 100755
--- a/docbook/saml-adapter-docs/pom.xml
+++ b/docbook/saml-adapter-docs/pom.xml
@@ -2,7 +2,7 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- keycloak-parent
+ keycloak-docbook-parent
org.keycloak
1.7.0.Final-SNAPSHOT
../pom.xml
diff --git a/examples/fuse/camel/pom.xml b/examples/fuse/camel/pom.xml
index f0c45d1379..fa17c0e20c 100755
--- a/examples/fuse/camel/pom.xml
+++ b/examples/fuse/camel/pom.xml
@@ -21,6 +21,7 @@
org.eclipse.jetty.security;version="[8.1,10)",
org.eclipse.jetty.util.security;version="[8.1,10)",
+ org.apache.camel;version="[2.12,3)",
org.keycloak.*;version="${project.version}",
*;resolution:=optional
diff --git a/examples/fuse/testrealm.json b/examples/fuse/testrealm.json
index ed112bc874..f7c3754035 100644
--- a/examples/fuse/testrealm.json
+++ b/examples/fuse/testrealm.json
@@ -183,7 +183,6 @@
"enabled": true,
"publicClient": false,
"directGrantsOnly": true,
- "consentRequired": true,
"secret": "password"
}
],
diff --git a/examples/multi-tenant/pom.xml b/examples/multi-tenant/pom.xml
index 1f90cbdf65..da6d022b0b 100755
--- a/examples/multi-tenant/pom.xml
+++ b/examples/multi-tenant/pom.xml
@@ -38,16 +38,19 @@
org.keycloak
keycloak-adapter-core
+ provided
org.keycloak
keycloak-adapter-spi
+ provided
org.keycloak
keycloak-core
+ provided
diff --git a/examples/multi-tenant/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/multi-tenant/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
new file mode 100644
index 0000000000..d371dbd5d2
--- /dev/null
+++ b/examples/multi-tenant/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
@@ -0,0 +1,7 @@
+
+
+
+
+
+
+
diff --git a/examples/pom.xml b/examples/pom.xml
index ec25be9438..6423a7c018 100755
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -14,14 +14,18 @@
pom
+
+
+
+ org.apache.maven.plugins
+ maven-deploy-plugin
+
+ true
+
+
+
+
-
- org.apache.maven.plugins
- maven-deploy-plugin
-
- true
-
-
org.apache.maven.plugins
maven-war-plugin
diff --git a/examples/saml/post-with-encryption/pom.xml b/examples/saml/post-with-encryption/pom.xml
index 0c95d95563..090f6afc0e 100755
--- a/examples/saml/post-with-encryption/pom.xml
+++ b/examples/saml/post-with-encryption/pom.xml
@@ -2,9 +2,13 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
4.0.0
- org.keycloak.examples
+
+ keycloak-examples-saml-parent
+ org.keycloak
+ 1.7.0.Final-SNAPSHOT
+
+
saml-post-encryption
- 1.6.0.Final-SNAPSHOT
war
diff --git a/examples/saml/post-with-signature/pom.xml b/examples/saml/post-with-signature/pom.xml
index 8841ac054c..14db058a9b 100755
--- a/examples/saml/post-with-signature/pom.xml
+++ b/examples/saml/post-with-signature/pom.xml
@@ -2,9 +2,13 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
4.0.0
- org.keycloak.examples
+
+ keycloak-examples-saml-parent
+ org.keycloak
+ 1.7.0.Final-SNAPSHOT
+
+
saml-post-signatures
- 1.6.0.Final-SNAPSHOT
war
diff --git a/examples/saml/redirect-with-signature/pom.xml b/examples/saml/redirect-with-signature/pom.xml
index 55f426b7df..06a4e55d5e 100755
--- a/examples/saml/redirect-with-signature/pom.xml
+++ b/examples/saml/redirect-with-signature/pom.xml
@@ -2,9 +2,13 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
4.0.0
- org.keycloak.examples
+
+ keycloak-examples-saml-parent
+ org.keycloak
+ 1.7.0.Final-SNAPSHOT
+
+
saml-redirect-signatures
- 1.6.0.Final-SNAPSHOT
war
diff --git a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/TotpBean.java b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/TotpBean.java
index b7d4df3df7..419f3213e5 100755
--- a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/TotpBean.java
+++ b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/TotpBean.java
@@ -51,7 +51,7 @@ public class TotpBean {
this.totpSecret = randomString(20);
this.totpSecretEncoded = Base32.encode(totpSecret.getBytes());
- this.keyUri = realm.getOTPPolicy().getKeyURI(realm, this.totpSecret);
+ this.keyUri = realm.getOTPPolicy().getKeyURI(realm, user, this.totpSecret);
}
private static String randomString(int length) {
diff --git a/forms/common-themes/src/main/resources/theme/base/login/login-reset-password.ftl b/forms/common-themes/src/main/resources/theme/base/login/login-reset-password.ftl
index e19a266b9d..404de17ea2 100755
--- a/forms/common-themes/src/main/resources/theme/base/login/login-reset-password.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/login/login-reset-password.ftl
@@ -11,7 +11,7 @@
-
+
diff --git a/forms/common-themes/src/main/resources/theme/base/login/login-totp.ftl b/forms/common-themes/src/main/resources/theme/base/login/login-totp.ftl
index e472fff1ff..3f46b76ba1 100755
--- a/forms/common-themes/src/main/resources/theme/base/login/login-totp.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/login/login-totp.ftl
@@ -12,7 +12,7 @@
-
+
diff --git a/forms/login-api/src/main/java/org/keycloak/login/LoginFormsProvider.java b/forms/login-api/src/main/java/org/keycloak/login/LoginFormsProvider.java
index cb5f2be8cd..fccfce160c 100755
--- a/forms/login-api/src/main/java/org/keycloak/login/LoginFormsProvider.java
+++ b/forms/login-api/src/main/java/org/keycloak/login/LoginFormsProvider.java
@@ -52,6 +52,8 @@ public interface LoginFormsProvider extends Provider {
public LoginFormsProvider setClientSessionCode(String accessCode);
+ public LoginFormsProvider setClientSession(ClientSessionModel clientSession);
+
public LoginFormsProvider setAccessRequest(List realmRolesRequested, MultivaluedMap resourceRolesRequested, List protocolMappers);
public LoginFormsProvider setAccessRequest(String message);
diff --git a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginFormsProvider.java b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginFormsProvider.java
index 7fc1bcddcb..6125d0b83b 100755
--- a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginFormsProvider.java
+++ b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginFormsProvider.java
@@ -47,6 +47,7 @@ import org.keycloak.login.freemarker.model.TotpBean;
import org.keycloak.login.freemarker.model.UrlBean;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
+import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
@@ -138,7 +139,8 @@ public class FreeMarkerLoginFormsProvider implements LoginFormsProvider {
case VERIFY_EMAIL:
try {
UriBuilder builder = Urls.loginActionEmailVerificationBuilder(uriInfo.getBaseUri());
- builder.queryParam("key", accessCode);
+ builder.queryParam(OAuth2Constants.CODE, accessCode);
+ builder.queryParam("key", clientSession.getNote(Constants.VERIFY_EMAIL_KEY));
String link = builder.build(realm.getName()).toString();
long expiration = TimeUnit.SECONDS.toMinutes(realm.getAccessCodeLifespanUserAction());
@@ -531,6 +533,12 @@ public class FreeMarkerLoginFormsProvider implements LoginFormsProvider {
return this;
}
+ @Override
+ public LoginFormsProvider setClientSession(ClientSessionModel clientSession) {
+ this.clientSession = clientSession;
+ return this;
+ }
+
@Override
public LoginFormsProvider setAccessRequest(List realmRolesRequested, MultivaluedMap resourceRolesRequested, List protocolMappersRequested) {
this.realmRolesRequested = realmRolesRequested;
diff --git a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/ClientBean.java b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/ClientBean.java
index f10d031d07..a29271895b 100755
--- a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/ClientBean.java
+++ b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/ClientBean.java
@@ -4,6 +4,7 @@ import org.keycloak.models.ClientModel;
import org.keycloak.services.util.ResolveRelative;
import java.net.URI;
+import java.util.Map;
/**
* @author Bill Burke
@@ -32,4 +33,11 @@ public class ClientBean {
return ResolveRelative.resolveRelativeUri(requestUri, client.getRootUrl(), client.getBaseUrl());
}
+ public Map getAttributes(){
+ return client.getAttributes();
+ }
+
+ public String getAttribute(String key){
+ return client.getAttribute(key);
+ }
}
diff --git a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/TotpBean.java b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/TotpBean.java
index 6f891670c8..6c9def495f 100755
--- a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/TotpBean.java
+++ b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/TotpBean.java
@@ -49,7 +49,7 @@ public class TotpBean {
this.totpSecret = HmacOTP.generateSecret(20);
this.totpSecretEncoded = Base32.encode(totpSecret.getBytes());
- this.keyUri = realm.getOTPPolicy().getKeyURI(realm, this.totpSecret);
+ this.keyUri = realm.getOTPPolicy().getKeyURI(realm, user, this.totpSecret);
}
public boolean isEnabled() {
diff --git a/integration/js/src/main/resources/keycloak.js b/integration/js/src/main/resources/keycloak.js
index d189a361f8..7b378de347 100755
--- a/integration/js/src/main/resources/keycloak.js
+++ b/integration/js/src/main/resources/keycloak.js
@@ -168,6 +168,10 @@
url += '&scope=' + options.scope;
}
+ if (options && options.locale) {
+ url += '&ui_locales=' + options.locale;
+ }
+
return url;
}
diff --git a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java
index 88817acb27..45c73a31cf 100644
--- a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java
+++ b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java
@@ -63,10 +63,8 @@ public class MigrateTo1_6_0 {
KeycloakModelUtils.setupOfflineTokens(realm);
RoleModel role = realm.getRole(Constants.OFFLINE_ACCESS_ROLE);
- // Check if possible to avoid iterating over users
- for (UserModel user : session.userStorage().getUsers(realm, true)) {
- user.grantRole(role);
- }
+ // Bulk grant of offline_access role to all users
+ session.users().grantToAllUsers(realm, role);
}
ClientModel adminConsoleClient = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
diff --git a/model/api/src/main/java/org/keycloak/models/Constants.java b/model/api/src/main/java/org/keycloak/models/Constants.java
index 43bdc7dc68..8977def5c3 100755
--- a/model/api/src/main/java/org/keycloak/models/Constants.java
+++ b/model/api/src/main/java/org/keycloak/models/Constants.java
@@ -22,4 +22,6 @@ public interface Constants {
// 30 days
int DEFAULT_OFFLINE_SESSION_IDLE_TIMEOUT = 2592000;
+
+ public static final String VERIFY_EMAIL_KEY = "VERIFY_EMAIL_KEY";
}
diff --git a/model/api/src/main/java/org/keycloak/models/OTPPolicy.java b/model/api/src/main/java/org/keycloak/models/OTPPolicy.java
index 4ea52ac315..1c6665aead 100755
--- a/model/api/src/main/java/org/keycloak/models/OTPPolicy.java
+++ b/model/api/src/main/java/org/keycloak/models/OTPPolicy.java
@@ -1,8 +1,11 @@
package org.keycloak.models;
+import org.jboss.logging.Logger;
import org.keycloak.models.utils.Base32;
import org.keycloak.models.utils.HmacOTP;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Map;
@@ -12,6 +15,7 @@ import java.util.Map;
*/
public class OTPPolicy {
+ protected static final Logger logger = Logger.getLogger(OTPPolicy.class);
protected String type;
protected String algorithm;
@@ -90,10 +94,17 @@ public class OTPPolicy {
this.period = period;
}
- public String getKeyURI(RealmModel realm, String secret) {
+ public String getKeyURI(RealmModel realm, UserModel user, String secret) {
- String uri = "otpauth://" + type + "/" + realm.getName() + "?secret=" + Base32.encode(secret.getBytes()) + "&digits=" + digits + "&algorithm=" + algToKeyUriAlg.get(algorithm);
- if (type.equals(UserCredentialModel.HOTP)) {
+ String uri = null;
+ uri = "otpauth://" + type + "/" + realm.getName() + ":" + user.getUsername() + "?secret=" +
+ Base32.encode(secret.getBytes()) + "&digits=" + digits + "&algorithm=" + algToKeyUriAlg.get(algorithm);
+ try {
+ uri += "&issuer=" + URLEncoder.encode(realm.getName(), "UTF-8");
+ } catch (UnsupportedEncodingException e) {
+ logger.debug("Failed to add issuer parameter to OTP URI becasue UTF-8 is not supported.");
+ }
+ if (type.equals(UserCredentialModel.HOTP)) {
uri += "&counter=" + initialCounter;
}
if (type.equals(UserCredentialModel.TOTP)) {
diff --git a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
index b0ffba4752..d75ed95136 100755
--- a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
+++ b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
@@ -343,6 +343,12 @@ public class UserFederationManager implements UserProvider {
return session.userStorage().getFederatedIdentity(user, socialProvider, realm);
}
+ @Override
+ public void grantToAllUsers(RealmModel realm, RoleModel role) {
+ // not federation-aware for now
+ session.userStorage().grantToAllUsers(realm, role);
+ }
+
@Override
public void preRemove(RealmModel realm) {
for (UserFederationProviderModel federation : realm.getUserFederationProviders()) {
diff --git a/model/api/src/main/java/org/keycloak/models/UserProvider.java b/model/api/src/main/java/org/keycloak/models/UserProvider.java
index 2ad5c55f8a..962bc772c0 100755
--- a/model/api/src/main/java/org/keycloak/models/UserProvider.java
+++ b/model/api/src/main/java/org/keycloak/models/UserProvider.java
@@ -47,6 +47,8 @@ public interface UserProvider extends Provider {
Set getFederatedIdentities(UserModel user, RealmModel realm);
FederatedIdentityModel getFederatedIdentity(UserModel user, String socialProvider, RealmModel realm);
+ void grantToAllUsers(RealmModel realm, RoleModel role);
+
void preRemove(RealmModel realm);
void preRemove(RealmModel realm, UserFederationProviderModel link);
diff --git a/model/api/src/main/java/org/keycloak/models/utils/PostMigrationEvent.java b/model/api/src/main/java/org/keycloak/models/utils/PostMigrationEvent.java
new file mode 100644
index 0000000000..513836f3ba
--- /dev/null
+++ b/model/api/src/main/java/org/keycloak/models/utils/PostMigrationEvent.java
@@ -0,0 +1,11 @@
+package org.keycloak.models.utils;
+
+import org.keycloak.provider.ProviderEvent;
+
+/**
+ * Executed at startup after model migration is finished
+ *
+ * @author Marek Posolda
+ */
+public class PostMigrationEvent implements ProviderEvent {
+}
diff --git a/model/file/src/main/java/org/keycloak/models/file/FileUserProvider.java b/model/file/src/main/java/org/keycloak/models/file/FileUserProvider.java
index 6540c37684..e4b29d3dbf 100755
--- a/model/file/src/main/java/org/keycloak/models/file/FileUserProvider.java
+++ b/model/file/src/main/java/org/keycloak/models/file/FileUserProvider.java
@@ -438,6 +438,13 @@ public class FileUserProvider implements UserProvider {
return this.addUser(realm, KeycloakModelUtils.generateId(), username.toLowerCase(), true, true);
}
+ @Override
+ public void grantToAllUsers(RealmModel realm, RoleModel role) {
+ for (UserModel user : inMemoryModel.getUsers(realm.getId())) {
+ user.grantRole(role);
+ }
+ }
+
@Override
public void preRemove(RealmModel realm) {
// Nothing to do here? Federation links are attached to users, which are removed by InMemoryModel
diff --git a/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheUserProvider.java b/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheUserProvider.java
index 3ea488d4b9..44260a13ae 100755
--- a/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheUserProvider.java
+++ b/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheUserProvider.java
@@ -313,6 +313,12 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
return getDelegate().validCredentials(realm, input);
}
+ @Override
+ public void grantToAllUsers(RealmModel realm, RoleModel role) {
+ realmInvalidations.add(realm.getId()); // easier to just invalidate whole realm
+ getDelegate().grantToAllUsers(realm, role);
+ }
+
@Override
public void preRemove(RealmModel realm) {
realmInvalidations.add(realm.getId());
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java
index b643bb6d0c..5f8ce7f815 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java
@@ -148,7 +148,13 @@ public class JpaUserProvider implements UserProvider {
}
}
-
+ @Override
+ public void grantToAllUsers(RealmModel realm, RoleModel role) {
+ int num = em.createNamedQuery("grantRoleToAllUsers")
+ .setParameter("realmId", realm.getId())
+ .setParameter("roleId", role.getId())
+ .executeUpdate();
+ }
@Override
public void preRemove(RealmModel realm) {
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserRoleMappingEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserRoleMappingEntity.java
index 1ce81e8297..45dfc3de95 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserRoleMappingEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserRoleMappingEntity.java
@@ -23,7 +23,8 @@ import java.io.Serializable;
@NamedQuery(name="deleteUserRoleMappingsByRealm", query="delete from UserRoleMappingEntity mapping where mapping.user IN (select u from UserEntity u where u.realmId=:realmId)"),
@NamedQuery(name="deleteUserRoleMappingsByRealmAndLink", query="delete from UserRoleMappingEntity mapping where mapping.user IN (select u from UserEntity u where u.realmId=:realmId and u.federationLink=:link)"),
@NamedQuery(name="deleteUserRoleMappingsByRole", query="delete from UserRoleMappingEntity m where m.roleId = :roleId"),
- @NamedQuery(name="deleteUserRoleMappingsByUser", query="delete from UserRoleMappingEntity m where m.user = :user")
+ @NamedQuery(name="deleteUserRoleMappingsByUser", query="delete from UserRoleMappingEntity m where m.user = :user"),
+ @NamedQuery(name="grantRoleToAllUsers", query="insert into UserRoleMappingEntity (roleId, user) select role.id, user from RoleEntity role, UserEntity user where role.id = :roleId AND role.realm.id = :realmId AND user.realmId = :realmId")
})
@Table(name="USER_ROLE_MAPPING")
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/session/JpaUserSessionPersisterProvider.java b/model/jpa/src/main/java/org/keycloak/models/jpa/session/JpaUserSessionPersisterProvider.java
index 6fc2960b84..5fa648ed36 100644
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/session/JpaUserSessionPersisterProvider.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/session/JpaUserSessionPersisterProvider.java
@@ -188,32 +188,32 @@ public class JpaUserSessionPersisterProvider implements UserSessionPersisterProv
userSessionIds.add(entity.getUserSessionId());
}
- TypedQuery query2 = em.createNamedQuery("findClientSessionsByUserSessions", PersistentClientSessionEntity.class);
- query2.setParameter("userSessionIds", userSessionIds);
- query2.setParameter("offline", offlineStr);
- List clientSessions = query2.getResultList();
+ if (!userSessionIds.isEmpty()) {
+ TypedQuery query2 = em.createNamedQuery("findClientSessionsByUserSessions", PersistentClientSessionEntity.class);
+ query2.setParameter("userSessionIds", userSessionIds);
+ query2.setParameter("offline", offlineStr);
+ List clientSessions = query2.getResultList();
- // Assume both userSessions and clientSessions ordered by userSessionId
- int j=0;
- for (UserSessionModel ss : result) {
- PersistentUserSessionAdapter userSession = (PersistentUserSessionAdapter) ss;
- List currentClientSessions = userSession.getClientSessions(); // This is empty now and we want to fill it
+ // Assume both userSessions and clientSessions ordered by userSessionId
+ int j = 0;
+ for (UserSessionModel ss : result) {
+ PersistentUserSessionAdapter userSession = (PersistentUserSessionAdapter) ss;
+ List currentClientSessions = userSession.getClientSessions(); // This is empty now and we want to fill it
- boolean next = true;
- while (next && j
+
+
+ org.keycloak.testsuite
+ integration-arquillian-servers
+ 1.7.0.Final-SNAPSHOT
+
+ 4.0.0
+
+ integration-arquillian-migration-servers
+ pom
+ Migration Servers
+
+
+
+ migration-kc16
+
+ wildfly_kc16
+
+
+
+ migration-kc15
+
+ wildfly_kc15
+
+
+
+ migration-kc14
+
+ wildfly_kc14
+
+
+
+ migration-kc13
+
+ wildfly_kc13
+
+
+
+ migration-kc12
+
+ wildfly_kc12
+
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-enforcer-plugin
+
+ true
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-deploy-plugin
+
+ true
+
+
+
+ org.apache.maven.plugins
+ maven-enforcer-plugin
+
+
+ enforce-properties
+
+ enforce
+
+
+
+
+ jdbc.mvn.groupId
+
+
+ jdbc.mvn.artifactId
+
+
+ jdbc.mvn.version
+
+
+ keycloak.connectionsJpa.url
+
+
+ keycloak.connectionsJpa.user
+
+
+ keycloak.connectionsJpa.password
+
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-dependency-plugin
+
+
+ unpack-server
+ generate-resources
+
+ unpack
+
+
+
+
+ org.keycloak
+ keycloak-server-dist
+ ${server.version}
+ zip
+ ${project.build.directory}/unpacked
+
+
+
+
+
+ jdbc-driver
+ process-resources
+
+ copy
+
+
+
+
+ ${jdbc.mvn.groupId}
+ ${jdbc.mvn.artifactId}
+ ${jdbc.mvn.version}
+ jar
+
+
+ ${jdbc.mvn.driver.deployment.dir}
+ true
+
+
+
+
+
+ org.codehaus.mojo
+ xml-maven-plugin
+
+
+ configure-wildfly-datasource
+ process-resources
+
+ transform
+
+
+
+
+
+ ${keycloak.server.home}/modules/system/layers/base/com/h2database/h2/main
+ src/main/xslt/module.xsl
+
+ module.xml
+
+ ${jdbc.mvn.driver.deployment.dir}
+
+
+ database
+ ${jdbc.mvn.artifactId}
+
+
+ version
+ ${jdbc.mvn.version}
+
+
+
+
+
+ ${keycloak.server.home}/standalone/configuration
+ src/main/xslt/datasource.xsl
+
+ standalone.xml
+
+ ${keycloak.server.home}/standalone/configuration
+
+
+ jdbc.url
+ ${keycloak.connectionsJpa.url}
+
+
+ driver
+ ${jdbc.mvn.artifactId}
+
+
+ username
+ ${keycloak.connectionsJpa.user}
+
+
+ password
+ ${keycloak.connectionsJpa.password}
+
+
+
+
+
+ ${keycloak.server.home}/standalone/configuration
+ src/main/xslt/add-dialect-logger.xsl
+
+ standalone.xml
+
+ ${keycloak.server.home}/standalone/configuration
+
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-assembly-plugin
+
+
+ create-zip
+ package
+
+ single
+
+
+
+ assembly.xml
+
+ false
+
+
+
+
+
+
+
+
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc12/assembly.xml b/testsuite/integration-arquillian/servers/migration/wildfly_kc12/assembly.xml
similarity index 100%
rename from testsuite/integration-arquillian/servers/wildfly_kc12/assembly.xml
rename to testsuite/integration-arquillian/servers/migration/wildfly_kc12/assembly.xml
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc12/pom.xml b/testsuite/integration-arquillian/servers/migration/wildfly_kc12/pom.xml
new file mode 100644
index 0000000000..132b1af4e0
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc12/pom.xml
@@ -0,0 +1,44 @@
+
+
+
+ org.keycloak.testsuite
+ integration-arquillian-migration-servers
+ 1.7.0.Final-SNAPSHOT
+
+ 4.0.0
+
+ integration-arquillian-server-wildfly-kc12
+ pom
+ Keycloak 1.2.0.Final on Wildfly
+
+
+ 1.2.0.Final
+ ${project.build.directory}/unpacked/keycloak-${server.version}
+ ${keycloak.server.home}/modules/system/layers/base/com/${jdbc.mvn.artifactId}/main
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-enforcer-plugin
+
+ false
+
+
+
+ org.apache.maven.plugins
+ maven-dependency-plugin
+
+
+ org.codehaus.mojo
+ xml-maven-plugin
+
+
+ org.apache.maven.plugins
+ maven-assembly-plugin
+
+
+
+
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc12/src/main/xslt/add-dialect-logger.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc12/src/main/xslt/add-dialect-logger.xsl
similarity index 100%
rename from testsuite/integration-arquillian/servers/wildfly_kc12/src/main/xslt/add-dialect-logger.xsl
rename to testsuite/integration-arquillian/servers/migration/wildfly_kc12/src/main/xslt/add-dialect-logger.xsl
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc12/src/main/xslt/datasource.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc12/src/main/xslt/datasource.xsl
similarity index 100%
rename from testsuite/integration-arquillian/servers/wildfly_kc12/src/main/xslt/datasource.xsl
rename to testsuite/integration-arquillian/servers/migration/wildfly_kc12/src/main/xslt/datasource.xsl
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc12/src/main/xslt/module.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc12/src/main/xslt/module.xsl
similarity index 100%
rename from testsuite/integration-arquillian/servers/wildfly_kc12/src/main/xslt/module.xsl
rename to testsuite/integration-arquillian/servers/migration/wildfly_kc12/src/main/xslt/module.xsl
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc13/assembly.xml b/testsuite/integration-arquillian/servers/migration/wildfly_kc13/assembly.xml
similarity index 100%
rename from testsuite/integration-arquillian/servers/wildfly_kc13/assembly.xml
rename to testsuite/integration-arquillian/servers/migration/wildfly_kc13/assembly.xml
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc13/pom.xml b/testsuite/integration-arquillian/servers/migration/wildfly_kc13/pom.xml
new file mode 100644
index 0000000000..5d7bb1cc2c
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc13/pom.xml
@@ -0,0 +1,45 @@
+
+
+
+ org.keycloak.testsuite
+ integration-arquillian-migration-servers
+ 1.7.0.Final-SNAPSHOT
+
+ 4.0.0
+
+ integration-arquillian-server-wildfly-kc13
+ pom
+ Keycloak 1.3.1.Final on Wildfly
+
+
+ 1.3.1.Final
+ ${project.build.directory}/unpacked/keycloak-${server.version}
+ ${keycloak.server.home}/modules/system/layers/base/com/${jdbc.mvn.artifactId}/main
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-enforcer-plugin
+
+ false
+
+
+
+ org.apache.maven.plugins
+ maven-dependency-plugin
+
+
+ org.codehaus.mojo
+ xml-maven-plugin
+
+
+ org.apache.maven.plugins
+ maven-assembly-plugin
+
+
+
+
+
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc13/src/main/xslt/add-dialect-logger.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc13/src/main/xslt/add-dialect-logger.xsl
similarity index 100%
rename from testsuite/integration-arquillian/servers/wildfly_kc13/src/main/xslt/add-dialect-logger.xsl
rename to testsuite/integration-arquillian/servers/migration/wildfly_kc13/src/main/xslt/add-dialect-logger.xsl
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc13/src/main/xslt/datasource.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc13/src/main/xslt/datasource.xsl
similarity index 100%
rename from testsuite/integration-arquillian/servers/wildfly_kc13/src/main/xslt/datasource.xsl
rename to testsuite/integration-arquillian/servers/migration/wildfly_kc13/src/main/xslt/datasource.xsl
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc13/src/main/xslt/module.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc13/src/main/xslt/module.xsl
similarity index 100%
rename from testsuite/integration-arquillian/servers/wildfly_kc13/src/main/xslt/module.xsl
rename to testsuite/integration-arquillian/servers/migration/wildfly_kc13/src/main/xslt/module.xsl
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc14/assembly.xml b/testsuite/integration-arquillian/servers/migration/wildfly_kc14/assembly.xml
similarity index 100%
rename from testsuite/integration-arquillian/servers/wildfly_kc14/assembly.xml
rename to testsuite/integration-arquillian/servers/migration/wildfly_kc14/assembly.xml
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc14/pom.xml b/testsuite/integration-arquillian/servers/migration/wildfly_kc14/pom.xml
new file mode 100644
index 0000000000..85dcff31ee
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc14/pom.xml
@@ -0,0 +1,44 @@
+
+
+
+ org.keycloak.testsuite
+ integration-arquillian-migration-servers
+ 1.7.0.Final-SNAPSHOT
+
+ 4.0.0
+
+ integration-arquillian-server-wildfly-kc14
+ pom
+ Keycloak 1.4.0.Final on Wildfly
+
+
+ 1.4.0.Final
+ ${project.build.directory}/unpacked/keycloak-${server.version}
+ ${keycloak.server.home}/modules/system/layers/base/com/${jdbc.mvn.artifactId}/main
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-enforcer-plugin
+
+ false
+
+
+
+ org.apache.maven.plugins
+ maven-dependency-plugin
+
+
+ org.codehaus.mojo
+ xml-maven-plugin
+
+
+ org.apache.maven.plugins
+ maven-assembly-plugin
+
+
+
+
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc14/src/main/xslt/add-dialect-logger.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc14/src/main/xslt/add-dialect-logger.xsl
similarity index 100%
rename from testsuite/integration-arquillian/servers/wildfly_kc14/src/main/xslt/add-dialect-logger.xsl
rename to testsuite/integration-arquillian/servers/migration/wildfly_kc14/src/main/xslt/add-dialect-logger.xsl
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc14/src/main/xslt/datasource.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc14/src/main/xslt/datasource.xsl
similarity index 100%
rename from testsuite/integration-arquillian/servers/wildfly_kc14/src/main/xslt/datasource.xsl
rename to testsuite/integration-arquillian/servers/migration/wildfly_kc14/src/main/xslt/datasource.xsl
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc14/src/main/xslt/module.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc14/src/main/xslt/module.xsl
similarity index 100%
rename from testsuite/integration-arquillian/servers/wildfly_kc14/src/main/xslt/module.xsl
rename to testsuite/integration-arquillian/servers/migration/wildfly_kc14/src/main/xslt/module.xsl
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc15/assembly.xml b/testsuite/integration-arquillian/servers/migration/wildfly_kc15/assembly.xml
similarity index 100%
rename from testsuite/integration-arquillian/servers/wildfly_kc15/assembly.xml
rename to testsuite/integration-arquillian/servers/migration/wildfly_kc15/assembly.xml
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc15/pom.xml b/testsuite/integration-arquillian/servers/migration/wildfly_kc15/pom.xml
new file mode 100644
index 0000000000..802f50aad9
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc15/pom.xml
@@ -0,0 +1,44 @@
+
+
+
+ org.keycloak.testsuite
+ integration-arquillian-migration-servers
+ 1.7.0.Final-SNAPSHOT
+
+ 4.0.0
+
+ integration-arquillian-server-wildfly-kc15
+ pom
+ Keycloak 1.5.1.Final on Wildfly
+
+
+ 1.5.1.Final
+ ${project.build.directory}/unpacked/keycloak-${server.version}
+ ${keycloak.server.home}/modules/system/layers/base/com/${jdbc.mvn.artifactId}/main
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-enforcer-plugin
+
+ false
+
+
+
+ org.apache.maven.plugins
+ maven-dependency-plugin
+
+
+ org.codehaus.mojo
+ xml-maven-plugin
+
+
+ org.apache.maven.plugins
+ maven-assembly-plugin
+
+
+
+
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc15/src/main/xslt/add-dialect-logger.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc15/src/main/xslt/add-dialect-logger.xsl
similarity index 100%
rename from testsuite/integration-arquillian/servers/wildfly_kc15/src/main/xslt/add-dialect-logger.xsl
rename to testsuite/integration-arquillian/servers/migration/wildfly_kc15/src/main/xslt/add-dialect-logger.xsl
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc15/src/main/xslt/datasource.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc15/src/main/xslt/datasource.xsl
similarity index 100%
rename from testsuite/integration-arquillian/servers/wildfly_kc15/src/main/xslt/datasource.xsl
rename to testsuite/integration-arquillian/servers/migration/wildfly_kc15/src/main/xslt/datasource.xsl
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc15/src/main/xslt/module.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc15/src/main/xslt/module.xsl
similarity index 100%
rename from testsuite/integration-arquillian/servers/wildfly_kc15/src/main/xslt/module.xsl
rename to testsuite/integration-arquillian/servers/migration/wildfly_kc15/src/main/xslt/module.xsl
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc16/assembly.xml b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/assembly.xml
new file mode 100644
index 0000000000..0a990ecb58
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/assembly.xml
@@ -0,0 +1,29 @@
+
+
+ auth-server-wildfly-kc16
+
+
+ zip
+
+
+ false
+
+
+
+ ${keycloak.server.home}
+ keycloak-1.6.1.Final
+
+ **/*.sh
+
+
+
+ ${keycloak.server.home}
+ keycloak-1.6.1.Final
+
+ **/*.sh
+
+ 0755
+
+
+
+
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc16/pom.xml b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/pom.xml
new file mode 100644
index 0000000000..5e27a3a81a
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/pom.xml
@@ -0,0 +1,44 @@
+
+
+
+ org.keycloak.testsuite
+ integration-arquillian-migration-servers
+ 1.7.0.Final-SNAPSHOT
+
+ 4.0.0
+
+ integration-arquillian-server-wildfly-kc16
+ pom
+ Keycloak 1.6.1.Final on Wildfly
+
+
+ 1.6.1.Final
+ ${project.build.directory}/unpacked/keycloak-${server.version}
+ ${keycloak.server.home}/modules/system/layers/base/com/${jdbc.mvn.artifactId}/main
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-enforcer-plugin
+
+ false
+
+
+
+ org.apache.maven.plugins
+ maven-dependency-plugin
+
+
+ org.codehaus.mojo
+ xml-maven-plugin
+
+
+ org.apache.maven.plugins
+ maven-assembly-plugin
+
+
+
+
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/add-dialect-logger.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/add-dialect-logger.xsl
new file mode 100644
index 0000000000..b5dc8c4e02
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/add-dialect-logger.xsl
@@ -0,0 +1,28 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/datasource.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/datasource.xsl
new file mode 100644
index 0000000000..c06899fd74
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/datasource.xsl
@@ -0,0 +1,94 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/module.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/module.xsl
new file mode 100644
index 0000000000..88ac56b86c
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/module.xsl
@@ -0,0 +1,33 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/servers/pom.xml b/testsuite/integration-arquillian/servers/pom.xml
index aadfe4e5d9..71758113e0 100644
--- a/testsuite/integration-arquillian/servers/pom.xml
+++ b/testsuite/integration-arquillian/servers/pom.xml
@@ -12,6 +12,10 @@
pom
Servers
+
+ migration
+
+
auth-server-wildfly
@@ -26,30 +30,6 @@
eap6
-
- migration-kc15
-
- wildfly_kc15
-
-
-
- migration-kc14
-
- wildfly_kc14
-
-
-
- migration-kc13
-
- wildfly_kc13
-
-
-
- migration-kc12
-
- wildfly_kc12
-
-
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc12/pom.xml b/testsuite/integration-arquillian/servers/wildfly_kc12/pom.xml
deleted file mode 100644
index 295e8cc59d..0000000000
--- a/testsuite/integration-arquillian/servers/wildfly_kc12/pom.xml
+++ /dev/null
@@ -1,199 +0,0 @@
-
-
-
- org.keycloak.testsuite
- integration-arquillian-servers
- 1.7.0.Final-SNAPSHOT
-
- 4.0.0
-
- integration-arquillian-server-wildfly-kc12
- pom
- Keycloak 1.2.0.Final on Wildfly
-
-
- ${project.build.directory}/unpacked/keycloak-1.2.0.Final
- ${keycloak.server.home}/modules/system/layers/base/com/${jdbc.mvn.artifactId}/main
-
-
-
-
-
- org.apache.maven.plugins
- maven-deploy-plugin
-
- true
-
-
-
- org.apache.maven.plugins
- maven-enforcer-plugin
- 1.4
-
-
- enforce-properties
-
- enforce
-
-
-
-
- jdbc.mvn.groupId
-
-
- jdbc.mvn.artifactId
-
-
- jdbc.mvn.version
-
-
- keycloak.connectionsJpa.url
-
-
- keycloak.connectionsJpa.user
-
-
- keycloak.connectionsJpa.password
-
-
-
-
-
-
-
- org.apache.maven.plugins
- maven-dependency-plugin
-
-
- unpack-server
- generate-resources
-
- unpack
-
-
-
-
- org.keycloak
- keycloak-server-dist
- 1.2.0.Final
- zip
- ${project.build.directory}/unpacked
-
-
-
-
-
- jdbc-driver
- process-resources
-
- copy
-
-
-
-
- ${jdbc.mvn.groupId}
- ${jdbc.mvn.artifactId}
- ${jdbc.mvn.version}
- jar
-
-
- ${jdbc.mvn.driver.deployment.dir}
- true
-
-
-
-
-
- org.codehaus.mojo
- xml-maven-plugin
-
-
- configure-wildfly-datasource
- process-resources
-
- transform
-
-
-
-
-
- ${keycloak.server.home}/modules/system/layers/base/com/h2database/h2/main
- src/main/xslt/module.xsl
-
- module.xml
-
- ${jdbc.mvn.driver.deployment.dir}
-
-
- database
- ${jdbc.mvn.artifactId}
-
-
- version
- ${jdbc.mvn.version}
-
-
-
-
-
- ${keycloak.server.home}/standalone/configuration
- src/main/xslt/datasource.xsl
-
- standalone.xml
-
- ${keycloak.server.home}/standalone/configuration
-
-
- jdbc.url
- ${keycloak.connectionsJpa.url}
-
-
- driver
- ${jdbc.mvn.artifactId}
-
-
- username
- ${keycloak.connectionsJpa.user}
-
-
- password
- ${keycloak.connectionsJpa.password}
-
-
-
-
-
- ${keycloak.server.home}/standalone/configuration
- src/main/xslt/add-dialect-logger.xsl
-
- standalone.xml
-
- ${keycloak.server.home}/standalone/configuration
-
-
-
-
-
-
-
- maven-assembly-plugin
-
-
- create-zip
- package
-
- single
-
-
-
- assembly.xml
-
- false
-
-
-
-
-
-
-
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc13/pom.xml b/testsuite/integration-arquillian/servers/wildfly_kc13/pom.xml
deleted file mode 100644
index 26f1047450..0000000000
--- a/testsuite/integration-arquillian/servers/wildfly_kc13/pom.xml
+++ /dev/null
@@ -1,199 +0,0 @@
-
-
-
- org.keycloak.testsuite
- integration-arquillian-servers
- 1.7.0.Final-SNAPSHOT
-
- 4.0.0
-
- integration-arquillian-server-wildfly-kc13
- pom
- Keycloak 1.3.1.Final on Wildfly
-
-
- ${project.build.directory}/unpacked/keycloak-1.3.1.Final
- ${keycloak.server.home}/modules/system/layers/base/com/${jdbc.mvn.artifactId}/main
-
-
-
-
-
- org.apache.maven.plugins
- maven-deploy-plugin
-
- true
-
-
-
- org.apache.maven.plugins
- maven-enforcer-plugin
- 1.4
-
-
- enforce-properties
-
- enforce
-
-
-
-
- jdbc.mvn.groupId
-
-
- jdbc.mvn.artifactId
-
-
- jdbc.mvn.version
-
-
- keycloak.connectionsJpa.url
-
-
- keycloak.connectionsJpa.user
-
-
- keycloak.connectionsJpa.password
-
-
-
-
-
-
-
- org.apache.maven.plugins
- maven-dependency-plugin
-
-
- unpack-server
- generate-resources
-
- unpack
-
-
-
-
- org.keycloak
- keycloak-server-dist
- 1.3.1.Final
- zip
- ${project.build.directory}/unpacked
-
-
-
-
-
- jdbc-driver
- process-resources
-
- copy
-
-
-
-
- ${jdbc.mvn.groupId}
- ${jdbc.mvn.artifactId}
- ${jdbc.mvn.version}
- jar
-
-
- ${jdbc.mvn.driver.deployment.dir}
- true
-
-
-
-
-
- org.codehaus.mojo
- xml-maven-plugin
-
-
- configure-wildfly-datasource
- process-resources
-
- transform
-
-
-
-
-
- ${keycloak.server.home}/modules/system/layers/base/com/h2database/h2/main
- src/main/xslt/module.xsl
-
- module.xml
-
- ${jdbc.mvn.driver.deployment.dir}
-
-
- database
- ${jdbc.mvn.artifactId}
-
-
- version
- ${jdbc.mvn.version}
-
-
-
-
-
- ${keycloak.server.home}/standalone/configuration
- src/main/xslt/datasource.xsl
-
- standalone.xml
-
- ${keycloak.server.home}/standalone/configuration
-
-
- jdbc.url
- ${keycloak.connectionsJpa.url}
-
-
- driver
- ${jdbc.mvn.artifactId}
-
-
- username
- ${keycloak.connectionsJpa.user}
-
-
- password
- ${keycloak.connectionsJpa.password}
-
-
-
-
-
- ${keycloak.server.home}/standalone/configuration
- src/main/xslt/add-dialect-logger.xsl
-
- standalone.xml
-
- ${keycloak.server.home}/standalone/configuration
-
-
-
-
-
-
-
- maven-assembly-plugin
-
-
- create-zip
- package
-
- single
-
-
-
- assembly.xml
-
- false
-
-
-
-
-
-
-
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc14/pom.xml b/testsuite/integration-arquillian/servers/wildfly_kc14/pom.xml
deleted file mode 100644
index 4eaf9036f7..0000000000
--- a/testsuite/integration-arquillian/servers/wildfly_kc14/pom.xml
+++ /dev/null
@@ -1,199 +0,0 @@
-
-
-
- org.keycloak.testsuite
- integration-arquillian-servers
- 1.7.0.Final-SNAPSHOT
-
- 4.0.0
-
- integration-arquillian-server-wildfly-kc14
- pom
- Keycloak 1.4.0.Final on Wildfly
-
-
- ${project.build.directory}/unpacked/keycloak-1.4.0.Final
- ${keycloak.server.home}/modules/system/layers/base/com/${jdbc.mvn.artifactId}/main
-
-
-
-
-
- org.apache.maven.plugins
- maven-deploy-plugin
-
- true
-
-
-
- org.apache.maven.plugins
- maven-enforcer-plugin
- 1.4
-
-
- enforce-properties
-
- enforce
-
-
-
-
- jdbc.mvn.groupId
-
-
- jdbc.mvn.artifactId
-
-
- jdbc.mvn.version
-
-
- keycloak.connectionsJpa.url
-
-
- keycloak.connectionsJpa.user
-
-
- keycloak.connectionsJpa.password
-
-
-
-
-
-
-
- org.apache.maven.plugins
- maven-dependency-plugin
-
-
- unpack-server
- generate-resources
-
- unpack
-
-
-
-
- org.keycloak
- keycloak-server-dist
- 1.4.0.Final
- zip
- ${project.build.directory}/unpacked
-
-
-
-
-
- jdbc-driver
- process-resources
-
- copy
-
-
-
-
- ${jdbc.mvn.groupId}
- ${jdbc.mvn.artifactId}
- ${jdbc.mvn.version}
- jar
-
-
- ${jdbc.mvn.driver.deployment.dir}
- true
-
-
-
-
-
- org.codehaus.mojo
- xml-maven-plugin
-
-
- configure-wildfly-datasource
- process-resources
-
- transform
-
-
-
-
-
- ${keycloak.server.home}/modules/system/layers/base/com/h2database/h2/main
- src/main/xslt/module.xsl
-
- module.xml
-
- ${jdbc.mvn.driver.deployment.dir}
-
-
- database
- ${jdbc.mvn.artifactId}
-
-
- version
- ${jdbc.mvn.version}
-
-
-
-
-
- ${keycloak.server.home}/standalone/configuration
- src/main/xslt/datasource.xsl
-
- standalone.xml
-
- ${keycloak.server.home}/standalone/configuration
-
-
- jdbc.url
- ${keycloak.connectionsJpa.url}
-
-
- driver
- ${jdbc.mvn.artifactId}
-
-
- username
- ${keycloak.connectionsJpa.user}
-
-
- password
- ${keycloak.connectionsJpa.password}
-
-
-
-
-
- ${keycloak.server.home}/standalone/configuration
- src/main/xslt/add-dialect-logger.xsl
-
- standalone.xml
-
- ${keycloak.server.home}/standalone/configuration
-
-
-
-
-
-
-
- maven-assembly-plugin
-
-
- create-zip
- package
-
- single
-
-
-
- assembly.xml
-
- false
-
-
-
-
-
-
-
diff --git a/testsuite/integration-arquillian/servers/wildfly_kc15/pom.xml b/testsuite/integration-arquillian/servers/wildfly_kc15/pom.xml
deleted file mode 100644
index ebe450210c..0000000000
--- a/testsuite/integration-arquillian/servers/wildfly_kc15/pom.xml
+++ /dev/null
@@ -1,199 +0,0 @@
-
-
-
- org.keycloak.testsuite
- integration-arquillian-servers
- 1.7.0.Final-SNAPSHOT
-
- 4.0.0
-
- integration-arquillian-server-wildfly-kc15
- pom
- Keycloak 1.5.1.Final on Wildfly
-
-
- ${project.build.directory}/unpacked/keycloak-1.5.1.Final
- ${keycloak.server.home}/modules/system/layers/base/com/${jdbc.mvn.artifactId}/main
-
-
-
-
-
- org.apache.maven.plugins
- maven-deploy-plugin
-
- true
-
-
-
- org.apache.maven.plugins
- maven-enforcer-plugin
- 1.4
-
-
- enforce-properties
-
- enforce
-
-
-
-
- jdbc.mvn.groupId
-
-
- jdbc.mvn.artifactId
-
-
- jdbc.mvn.version
-
-
- keycloak.connectionsJpa.url
-
-
- keycloak.connectionsJpa.user
-
-
- keycloak.connectionsJpa.password
-
-
-
-
-
-
-
- org.apache.maven.plugins
- maven-dependency-plugin
-
-
- unpack-server
- generate-resources
-
- unpack
-
-
-
-
- org.keycloak
- keycloak-server-dist
- 1.5.1.Final
- zip
- ${project.build.directory}/unpacked
-
-
-
-
-
- jdbc-driver
- process-resources
-
- copy
-
-
-
-
- ${jdbc.mvn.groupId}
- ${jdbc.mvn.artifactId}
- ${jdbc.mvn.version}
- jar
-
-
- ${jdbc.mvn.driver.deployment.dir}
- true
-
-
-
-
-
- org.codehaus.mojo
- xml-maven-plugin
-
-
- configure-wildfly-datasource
- process-resources
-
- transform
-
-
-
-
-
- ${keycloak.server.home}/modules/system/layers/base/com/h2database/h2/main
- src/main/xslt/module.xsl
-
- module.xml
-
- ${jdbc.mvn.driver.deployment.dir}
-
-
- database
- ${jdbc.mvn.artifactId}
-
-
- version
- ${jdbc.mvn.version}
-
-
-
-
-
- ${keycloak.server.home}/standalone/configuration
- src/main/xslt/datasource.xsl
-
- standalone.xml
-
- ${keycloak.server.home}/standalone/configuration
-
-
- jdbc.url
- ${keycloak.connectionsJpa.url}
-
-
- driver
- ${jdbc.mvn.artifactId}
-
-
- username
- ${keycloak.connectionsJpa.user}
-
-
- password
- ${keycloak.connectionsJpa.password}
-
-
-
-
-
- ${keycloak.server.home}/standalone/configuration
- src/main/xslt/add-dialect-logger.xsl
-
- standalone.xml
-
- ${keycloak.server.home}/standalone/configuration
-
-
-
-
-
-
-
- maven-assembly-plugin
-
-
- create-zip
- package
-
- single
-
-
-
- assembly.xml
-
- false
-
-
-
-
-
-
-
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/ContainersTestEnricher.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/ContainersTestEnricher.java
index 257fb55689..67271089d4 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/ContainersTestEnricher.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/ContainersTestEnricher.java
@@ -1,7 +1,13 @@
package org.keycloak.testsuite.arquillian;
+import java.io.File;
+import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
+import java.util.LinkedList;
+import org.apache.commons.io.FileUtils;
+import org.jboss.arquillian.container.spi.Container;
+import org.jboss.arquillian.container.spi.ContainerRegistry;
import org.jboss.arquillian.container.spi.event.StartSuiteContainers;
import org.jboss.arquillian.container.spi.event.StopSuiteContainers;
import org.jboss.arquillian.container.test.api.ContainerController;
@@ -33,13 +39,16 @@ import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
public class ContainersTestEnricher {
protected final Logger log = Logger.getLogger(this.getClass());
-
+
@Inject
private Instance containerController;
+ @Inject
+ private Instance containerRegistry;
+
@Inject
private Event stopSuiteContainers;
-
+
private String appServerQualifier;
private static final String AUTH_SERVER_CONTAINER_PROPERTY = "auth.server.container";
@@ -62,24 +71,77 @@ public class ContainersTestEnricher {
private InstanceProducer oauthClient;
private ContainerController controller;
+ private LinkedList containers;
private final boolean migrationTests = System.getProperty("migration", "false").equals("true");
private boolean alreadyStopped = false;
+ private boolean init = false;
+ private void init() {
+ if (!init) {
+ containers = new LinkedList(containerRegistry.get().getContainers());
+ }
+ init = true;
+ }
+
+ /*
+ * non-javadoc
+ *
+ * Before starting suite containers. Initialization of containers is done
+ * (only once during class life cycle)
+ */
public void startSuiteContainers(@Observes(precedence = 1) StartSuiteContainers event) {
+ init();
if (migrationTests) {
- log.info("\n### Starting keycloak with previous version ###\n");
+ log.info("\n\n### Starting keycloak " + System.getProperty("version", "- previous") + " ###\n");
}
}
- public void stopMigrationContainer(@Observes AfterStart event) {
+ /*
+ * non-javadoc
+ *
+ * After start container. Server logs are checked (in case jboss based container).
+ * In case of migration scenario: previous container is stopped.
+ */
+ public void afterStart(@Observes AfterStart event) throws IOException {
+ if (System.getProperty("check.server.log", "true").equals("true")) {
+ checkServerLog();
+ }
+
if (migrationTests && !alreadyStopped) {
- log.info("\n### Stopping keycloak with previous version ###\n");
+ log.info("\n\n### Stopping keycloak " + System.getProperty("version", "- previous") + " ###\n");
stopSuiteContainers.fire(new StopSuiteContainers());
+ log.info("\n\n### Starting keycloak current version ###\n");
}
alreadyStopped = true;
}
-
+
+ /*
+ * non-javadoc
+ *
+ * check server logs (in case jboss based container) whether there are no ERRORs or SEVEREs
+ */
+ private void checkServerLog() throws IOException {
+ Container container = containers.removeFirst();
+ if (!container.getName().equals("auth-server-undertow")) {
+ String jbossHomePath = container.getContainerConfiguration().getContainerProperties().get("jbossHome");
+ log.debug("jbossHome: " + jbossHomePath + "\n");
+
+ String serverLogContent = FileUtils.readFileToString(new File(jbossHomePath + "/standalone/log/server.log"));
+
+ boolean containsError
+ = serverLogContent.contains("ERROR")
+ || serverLogContent.contains("SEVERE")
+ || serverLogContent.contains("Exception ");
+ //There is expected string "Exception" in server log: Adding provider
+ //singleton org.keycloak.services.resources.ModelExceptionMapper
+
+ if (containsError) {
+ throw new RuntimeException(container.getName() + ": Server log contains ERROR.");
+ }
+ }
+ }
+
public void beforeSuite(@Observes BeforeSuite event) {
suiteContext.set(new SuiteContext());
}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KeycloakArquillianExtension.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KeycloakArquillianExtension.java
index 73583cf489..a987a16371 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KeycloakArquillianExtension.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KeycloakArquillianExtension.java
@@ -10,6 +10,7 @@ import org.jboss.arquillian.graphene.location.CustomizableURLResourceProvider;
import org.jboss.arquillian.test.spi.enricher.resource.ResourceProvider;
import org.jboss.arquillian.test.spi.execution.TestExecutionDecider;
import org.keycloak.testsuite.arquillian.jira.JiraTestExecutionDecider;
+import org.keycloak.testsuite.arquillian.migration.MigrationTestExecutionDecider;
import org.keycloak.testsuite.arquillian.undertow.CustomUndertowContainer;
/**
@@ -36,7 +37,8 @@ public class KeycloakArquillianExtension implements LoadableExtension {
.service(DeployableContainer.class, CustomUndertowContainer.class);
builder
- .service(TestExecutionDecider.class, JiraTestExecutionDecider.class);
+ .service(TestExecutionDecider.class, JiraTestExecutionDecider.class)
+ .service(TestExecutionDecider.class, MigrationTestExecutionDecider.class);
builder
.override(ResourceProvider.class, URLResourceProvider.class, URLProvider.class)
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JBossJiraParser.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JBossJiraParser.java
index ea606b88b4..adf513db30 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JBossJiraParser.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JBossJiraParser.java
@@ -22,17 +22,17 @@ public class JBossJiraParser {
private static final String JBOSS_TRACKER_REST_URL = "https://issues.jboss.org/rest/api/latest/issue/";
public static boolean isIssueClosed(String issueId) {
- Status issueStatus;
- try {
- issueStatus = getIssueStatus(issueId);
- } catch(Exception e) {
- issueStatus = Status.CLOSED; //let the test run in case there is no connection
- }
+ Status issueStatus;
+ try {
+ issueStatus = getIssueStatus(issueId);
+ } catch (Exception e) {
+ issueStatus = Status.CLOSED; //let the test run in case there is no connection
+ }
return issueStatus == Status.CLOSED || issueStatus == Status.RESOLVED;
}
private static Status getIssueStatus(String issueId) throws Exception {
- Client client = ClientBuilder.newClient();
+ Client client = ClientBuilder.newClient();
WebTarget target = client.target(JBOSS_TRACKER_REST_URL);
String json = target.path(issueId).request().accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
JsonObject jsonObject = new Gson().fromJson(json, JsonElement.class).getAsJsonObject();
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/Jira.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/Jira.java
index 961ae82eae..52b69b5553 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/Jira.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/Jira.java
@@ -24,5 +24,5 @@ import java.lang.annotation.Target;
public @interface Jira {
String value();
- boolean enabled() default true;
+ boolean enabled() default true;
}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JiraTestExecutionDecider.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JiraTestExecutionDecider.java
index fa3c571a67..0ce98c5435 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JiraTestExecutionDecider.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JiraTestExecutionDecider.java
@@ -19,43 +19,43 @@ import static org.keycloak.testsuite.arquillian.jira.JBossJiraParser.isIssueClos
*/
public class JiraTestExecutionDecider implements TestExecutionDecider {
- private static Map cache = new HashMap();
+ private static Map cache = new HashMap<>();
- @Override
- public ExecutionDecision decide(Method method) {
- Jira jiraAnnotation = method.getAnnotation(Jira.class);
- if (jiraAnnotation != null && jiraAnnotation.enabled()) {
- boolean executeTest = true;
- String[] issueIds = getIssuesId(jiraAnnotation.value());
- for (String issueId : issueIds) {
- if (cache.containsKey(issueId)) {
- executeTest = cache.get(issueId);
- } else {
- if (isIssueClosed(issueId)) {
- cache.put(issueId, true);
- } else {
- executeTest = false;
- cache.put(issueId, false);
- }
- }
- }
+ @Override
+ public ExecutionDecision decide(Method method) {
+ Jira jiraAnnotation = method.getAnnotation(Jira.class);
+ if (jiraAnnotation != null && jiraAnnotation.enabled()) {
+ boolean executeTest = true;
+ String[] issueIds = getIssuesId(jiraAnnotation.value());
+ for (String issueId : issueIds) {
+ if (cache.containsKey(issueId)) {
+ executeTest = cache.get(issueId);
+ } else {
+ if (isIssueClosed(issueId)) {
+ cache.put(issueId, true);
+ } else {
+ executeTest = false;
+ cache.put(issueId, false);
+ }
+ }
+ }
- if (executeTest) {
- return ExecutionDecision.execute();
- } else {
- return ExecutionDecision.dontExecute("Issue is still opened, therefore skipping the test " + method.getName());
- }
- }
- return ExecutionDecision.execute();
- }
+ if (executeTest) {
+ return ExecutionDecision.execute();
+ } else {
+ return ExecutionDecision.dontExecute("Issue is still opened, therefore skipping the test " + method.getName());
+ }
+ }
+ return ExecutionDecision.execute();
+ }
- private String[] getIssuesId(String value) {
- return value.replaceAll("\\s+", "").split(",");
- }
+ private String[] getIssuesId(String value) {
+ return value.replaceAll("\\s+", "").split(",");
+ }
- @Override
- public int precedence() {
- return 0;
- }
+ @Override
+ public int precedence() {
+ return 0;
+ }
}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/migration/Migration.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/migration/Migration.java
new file mode 100644
index 0000000000..791e588711
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/migration/Migration.java
@@ -0,0 +1,39 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.keycloak.testsuite.arquillian.migration;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+import java.lang.annotation.Target;
+
+/**
+ *
+ * @author Vlastislav Ramik
+ */
+@Documented
+@Retention(RUNTIME)
+@Target({ElementType.METHOD})
+public @interface Migration {
+ String versionFrom();
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/migration/MigrationTestExecutionDecider.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/migration/MigrationTestExecutionDecider.java
new file mode 100644
index 0000000000..bfac24ba65
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/migration/MigrationTestExecutionDecider.java
@@ -0,0 +1,61 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.keycloak.testsuite.arquillian.migration;
+
+import java.lang.reflect.Method;
+import org.jboss.arquillian.test.spi.execution.ExecutionDecision;
+import org.jboss.arquillian.test.spi.execution.TestExecutionDecider;
+
+/**
+ * @author Vlastislav Ramik
+ */
+public class MigrationTestExecutionDecider implements TestExecutionDecider {
+
+ @Override
+ public ExecutionDecision decide(Method method) {
+
+ boolean migrationTest = "true".equals(System.getProperty("migration", "false"));
+ Migration migrationAnnotation = method.getAnnotation(Migration.class);
+
+ if (migrationTest && migrationAnnotation != null) {
+ String versionFrom = migrationAnnotation.versionFrom();
+ String version = System.getProperty("version");
+
+
+ if (version.equals(versionFrom)) {
+ return ExecutionDecision.execute();
+ } else {
+ return ExecutionDecision.dontExecute(method.getName() + "doesn't fit with migration version.");
+ }
+ }
+ if ((migrationTest && migrationAnnotation == null) || (!migrationTest && migrationAnnotation != null)) {
+ return ExecutionDecision.dontExecute("Migration test and no migration annotation or no migration test and migration annotation");
+ }
+ return ExecutionDecision.execute();
+ }
+
+ @Override
+ public int precedence() {
+ return 1;
+ }
+
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java
index 99c5d670ce..8ed6dcdd16 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java
@@ -86,6 +86,7 @@ public abstract class AbstractKeycloakTest {
driverSettings();
if (!suiteContext.isAdminPasswordUpdated()) {
+ log.debug("updating admin password");
updateMasterAdminPassword();
suiteContext.setAdminPasswordUpdated(true);
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java
new file mode 100644
index 0000000000..41c174007a
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java
@@ -0,0 +1,90 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.keycloak.testsuite.migration;
+
+import java.util.List;
+import static org.junit.Assert.*;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.keycloak.admin.client.resource.ClientsResource;
+import org.keycloak.admin.client.resource.RealmResource;
+import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.testsuite.AbstractKeycloakTest;
+import org.keycloak.testsuite.arquillian.migration.Migration;
+
+/**
+ * @author Vlastislav Ramik
+ */
+public class MigrationTest extends AbstractKeycloakTest {
+
+ @Override
+ public void addTestRealms(List testRealms) {
+ log.info("Adding no test realms for migration test. Test realm should be migrated from previous vesrion.");
+ }
+
+ @Test
+ @Migration(versionFrom = "1.6.1.Final")
+ public void migration16Test() {
+ RealmResource realmResource = adminClient.realms().realm("Migration");
+ RealmRepresentation realmRep = realmResource.toRepresentation();
+ assertEquals("Migration", realmRep.getRealm());
+
+ List realmRoles = realmResource.roles().list();
+ assertEquals(1, realmRoles.size());
+ assertEquals("offline_access", realmRoles.get(0).getName());
+
+ for (ClientRepresentation client : realmResource.clients().findAll()) {
+ final String clientId = client.getClientId();
+ switch (clientId) {
+ case "realm-management":
+ assertEquals(13, realmResource.clients().get(client.getId()).roles().list().size());
+ break;
+ case "security-admin-console":
+ assertEquals(0, realmResource.clients().get(client.getId()).roles().list().size());
+ break;
+ case "broker":
+ assertEquals(1, realmResource.clients().get(client.getId()).roles().list().size());
+ break;
+ case "account":
+ assertEquals(2, realmResource.clients().get(client.getId()).roles().list().size());
+ break;
+ default:
+ fail("Migrated realm contains unexpected client " + clientId);
+ break;
+ }
+ }
+ }
+
+ @Test
+ @Migration(versionFrom = "1.5.1.Final")
+ @Ignore
+ public void migration15Test() {
+ for (RealmRepresentation realm : adminClient.realms().findAll()) {
+ System.out.println(realm.getRealm());
+ }
+
+ //TODO
+ }
+
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
index 1b6df1d5e1..ad3f6265a3 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
@@ -21,12 +21,39 @@
+
+
+ ${migration.kc16}
+ org.jboss.as.arquillian.container.managed.ManagedDeployableContainer
+ ${keycloak.migration.home}
+
+ -Dkeycloak.migration.action=import
+ -Dkeycloak.migration.provider=singleFile
+ -Dkeycloak.migration.file=${keycloak.migration.file}
+ -Dkeycloak.migration.strategy=OVERWRITE_EXISTING
+ -Dkeycloak.migration.realmName=Migration
+ -Djboss.socket.binding.port-offset=${auth.server.port.offset}
+ -Xms64m -Xmx512m -XX:MaxPermSize=256m
+
+ ${auth.server.management.port}
+ ${startup.timeout.sec}
+
+
+
${migration.kc15}
org.jboss.as.arquillian.container.managed.ManagedDeployableContainer
- ${keycloak-1.5.1.Final.home}
- -Djboss.socket.binding.port-offset=${auth.server.port.offset} -Xms64m -Xmx512m -XX:MaxPermSize=256m
+ ${keycloak.migration.home}
+
+ -Dkeycloak.migration.action=import
+ -Dkeycloak.migration.provider=singleFile
+ -Dkeycloak.migration.file=${keycloak.migration.file}
+ -Dkeycloak.migration.strategy=OVERWRITE_EXISTING
+ -Dkeycloak.migration.realmName=Migration
+ -Djboss.socket.binding.port-offset=${auth.server.port.offset}
+ -Xms64m -Xmx512m -XX:MaxPermSize=256m
+
${auth.server.management.port}
${startup.timeout.sec}
@@ -36,7 +63,7 @@
${migration.kc14}
org.jboss.as.arquillian.container.managed.ManagedDeployableContainer
- ${keycloak-1.4.0.Final.home}
+ ${keycloak.migration.home}
-Djboss.socket.binding.port-offset=${auth.server.port.offset} -Xms64m -Xmx512m -XX:MaxPermSize=256m
${auth.server.management.port}
${startup.timeout.sec}
@@ -47,7 +74,7 @@
${migration.kc13}
org.jboss.as.arquillian.container.managed.ManagedDeployableContainer
- ${keycloak-1.3.1.Final.home}
+ ${keycloak.migration.home}
-Djboss.socket.binding.port-offset=${auth.server.port.offset} -Xms64m -Xmx512m -XX:MaxPermSize=256m
${auth.server.management.port}
${startup.timeout.sec}
@@ -58,7 +85,7 @@
${migration.kc12}
org.jboss.as.arquillian.container.managed.ManagedDeployableContainer
- ${keycloak-1.2.0.Final.home}
+ ${keycloak.migration.homee}
-Djboss.socket.binding.port-offset=${auth.server.port.offset} -Xms64m -Xmx512m -XX:MaxPermSize=256m
${auth.server.management.port}
${startup.timeout.sec}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-15.json b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-15.json
new file mode 100644
index 0000000000..86e4606f94
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-15.json
@@ -0,0 +1,751 @@
+{
+ "id" : "9c3a9824-cc8b-46f6-8922-cd576a92850f",
+ "realm" : "Migration",
+ "notBefore" : 0,
+ "accessTokenLifespan" : 300,
+ "ssoSessionIdleTimeout" : 1800,
+ "ssoSessionMaxLifespan" : 36000,
+ "accessCodeLifespan" : 60,
+ "accessCodeLifespanUserAction" : 300,
+ "accessCodeLifespanLogin" : 1800,
+ "enabled" : true,
+ "sslRequired" : "external",
+ "registrationAllowed" : false,
+ "registrationEmailAsUsername" : false,
+ "rememberMe" : false,
+ "verifyEmail" : false,
+ "resetPasswordAllowed" : false,
+ "editUsernameAllowed" : false,
+ "bruteForceProtected" : false,
+ "maxFailureWaitSeconds" : 900,
+ "minimumQuickLoginWaitSeconds" : 60,
+ "waitIncrementSeconds" : 60,
+ "quickLoginCheckMilliSeconds" : 1000,
+ "maxDeltaTimeSeconds" : 43200,
+ "failureFactor" : 30,
+ "privateKey" : "MIIEpAIBAAKCAQEA29+/bYOEg+RFlDgKjX0nv+UMkV8X06E1XvRobuQjXKOV613VJIa1F/nGabXthkM3tC7DadJ5y1tBwhF+bJzMA4w38zNfJdjEp3DRND6ypUn0SJZrSw6l3u3w+s5uemgTWUZk463Xr3HbDxtnG+4t5GuHA2Oq6O2OLniVZKbDTpgF1HxzCBQiAxi2jNJm3tMlTdN6D/nV3Rwp2T1250T3ldkM3TDK/Nlup3oOejy+qRGEmh+omuABOOJ8icCULZ5S2AbiqfojP5ZN3WEpyCqcQvsdop4IawUbTDyy9BCE2K5CCZ6ZgQaSnpJZGUy91crPJXnI4tlg5Mh88l8aSrBLsQIDAQABAoIBAA5J7SPNzzfPBuKJ/c2SG5ox5W4xEthS+qfwFDVYqB+mFeEU2PwlsPEc71MBWq1GAwG3pEVlQzr+9DgLcP7X9b4pR52LchyAiM8k2sOda3ioZLKu68wV6JujNOznq3BTASblFztgmcqyCH1j14COKvdUMZL70CiQ/5NvjK3c1IZv5d/S9B7Qhd2o/6cO51xIodE87Lc4Pghq8cQ/AJJUJokyFtjkCpTNAYxcZgyiEMNbyjrbNMMEpiuspZ50eRbi7SOKOg6mSjwuTeK0cQ57JDuMhE/iyaMwh98uqSTccqeKS672z+7QCu89ce1YZMnWtjfwKEiIcTWB71pvy2gGwgECgYEA9Afv+5Zop4j1kmZvQcdr+UpW3Ia91nNelvlkMYPMrsC24xwrGhO9Hx76VxdBFCzDuYBIyOzbPLV7kFojSKmcWB6hb/S/j6eMd46ZetycrfH5sRpJHmqJpGZiARrWTLsFRNDwi2jwEl2qt3wkq/IBvuzNt9bwbnsajgRVSVWUBtECgYEA5qh+hl1f8R6KcrUro9kSSxjmlqzSIeAYNJ0VJkr2ZjRd984xTRSnUcuVJnbfNgfmywCB9s7QGgcMrs9BejKuP1bq2hnjjA1WOvz0Dq1FRw3wqYSZWHtVO2h/QDaKIcGjQ/PyWAyrOTBaL+bzKrNO66L7CQK63A4/Gj7QivFA7uECgYEAmYW81pyDbpLdW6MR72IUbZr1Fnu2RooCQhzXiccPKAmZhTudaiRs4H1OpSe+C4E2CSfJoo5QRtstx1zNwdLixxVOHu7s7OVNm5GcwQy1jUEkAuU0huwjd8fpdCR8GX23DNod2rbEAennktOJBpuTuZekvDl+vSK5TAsx1JcAL2ECgYB7rPTKjt6Wps2NW98eZ5ILejqJp/iz+TiBXYitk5wyiPmpmYGN1vkwPnymty5QBkSVrJwC/jlO+2CtiquNHgeYJr6eWytLOQt3bZJfHED9LFhSTKr8aoT06b7xa0z9dJpaIT9cPs7AR1DURn0z9Bjo9+aqmjAfNfRX2j5vgZRTgQKBgQC7+9bt4yZ0MAxJYTMVqU/LnyjPuDrgXZJYw5ZYO6r5xF0mdovE9+lY6I8OeAUg428Zk8mxMYeqOFUHF8nVBxofHrZbXR2eJxJLRO8f2GPRFYanA9MNe1Jc0WV5bi1gF+ifC0j//W1kGxCHJX1OeMSV/h8r3OaIHEwuu30ZLHFxRg==",
+ "publicKey" : "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29+/bYOEg+RFlDgKjX0nv+UMkV8X06E1XvRobuQjXKOV613VJIa1F/nGabXthkM3tC7DadJ5y1tBwhF+bJzMA4w38zNfJdjEp3DRND6ypUn0SJZrSw6l3u3w+s5uemgTWUZk463Xr3HbDxtnG+4t5GuHA2Oq6O2OLniVZKbDTpgF1HxzCBQiAxi2jNJm3tMlTdN6D/nV3Rwp2T1250T3ldkM3TDK/Nlup3oOejy+qRGEmh+omuABOOJ8icCULZ5S2AbiqfojP5ZN3WEpyCqcQvsdop4IawUbTDyy9BCE2K5CCZ6ZgQaSnpJZGUy91crPJXnI4tlg5Mh88l8aSrBLsQIDAQAB",
+ "certificate" : "MIICoTCCAYkCBgFQs81zNDANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlNaWdyYXRpb24wHhcNMTUxMDI5MTMzMTM3WhcNMjUxMDI5MTMzMzE3WjAUMRIwEAYDVQQDDAlNaWdyYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb379tg4SD5EWUOAqNfSe/5QyRXxfToTVe9Ghu5CNco5XrXdUkhrUX+cZpte2GQze0LsNp0nnLW0HCEX5snMwDjDfzM18l2MSncNE0PrKlSfRIlmtLDqXe7fD6zm56aBNZRmTjrdevcdsPG2cb7i3ka4cDY6ro7Y4ueJVkpsNOmAXUfHMIFCIDGLaM0mbe0yVN03oP+dXdHCnZPXbnRPeV2QzdMMr82W6neg56PL6pEYSaH6ia4AE44nyJwJQtnlLYBuKp+iM/lk3dYSnIKpxC+x2inghrBRtMPLL0EITYrkIJnpmBBpKeklkZTL3Vys8lecji2WDkyHzyXxpKsEuxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALaDK+wutEjdgY3Ux06Amp0k5qK16dz4jn+QKjdKPB1yThfzY1pisuyCUXPBlkn1OjB5ZvYl6ouwdNXgB8aeblbHZoyXh9ODeywi1xZd7pGxNXSfx0UzRk/YEEy0DAi9pxTyRYxiZ6/XJalS9PembTQvj+mVKqg1SDv7dyv4byvndEYSaUISrtGGrM3bb68PW4zInD793PJYWDSVxmEPOYtdgBJv4HAhPIJhjw15EOGlPv5QxW9P76OgISCutHaEe3UDP+TzIBBxYQFb1ZXA6ob3TFga78mFAkY4g98gEC11QSvZqhaRtLAz6PEisHRV+xDJVROgQ4Qew4qKgwE0gGE=",
+ "codeSecret" : "32f8634c-2be2-4d4d-8118-f4f7fee80b9f",
+ "roles" : {
+ "client" : {
+ "realm-management" : [ {
+ "id" : "dad7b3a4-b533-47c8-aba5-32e6429865a2",
+ "name" : "manage-identity-providers",
+ "description" : "${role_manage-identity-providers}",
+ "composite" : false
+ }, {
+ "id" : "a1dd3971-3906-4f4a-b4cd-3a198d2d7150",
+ "name" : "view-users",
+ "description" : "${role_view-users}",
+ "composite" : false
+ }, {
+ "id" : "6c2d766f-cfa5-4cae-b1ca-81f1f9f242c8",
+ "name" : "view-clients",
+ "description" : "${role_view-clients}",
+ "composite" : false
+ }, {
+ "id" : "60bb5b3e-8067-43fe-803e-a7e367967c7c",
+ "name" : "manage-realm",
+ "description" : "${role_manage-realm}",
+ "composite" : false
+ }, {
+ "id" : "c55cb35a-2602-47a6-a628-fc5a55341426",
+ "name" : "manage-users",
+ "description" : "${role_manage-users}",
+ "composite" : false
+ }, {
+ "id" : "4dc834d0-766b-45aa-ab3b-b7b976baa65d",
+ "name" : "realm-admin",
+ "description" : "${role_realm-admin}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "view-users", "manage-identity-providers", "view-clients", "manage-realm", "manage-users", "impersonation", "view-realm", "view-events", "manage-clients", "manage-events", "view-identity-providers" ]
+ }
+ }
+ }, {
+ "id" : "d444a98f-ab5e-4857-9300-496e04e498f5",
+ "name" : "impersonation",
+ "description" : "${role_impersonation}",
+ "composite" : false
+ }, {
+ "id" : "2f6f1407-f334-434f-becf-771e3ebb5625",
+ "name" : "view-realm",
+ "description" : "${role_view-realm}",
+ "composite" : false
+ }, {
+ "id" : "a40d3211-5244-4d92-80c0-0d3215580250",
+ "name" : "manage-events",
+ "description" : "${role_manage-events}",
+ "composite" : false
+ }, {
+ "id" : "d11c407e-504f-4923-b243-e794afa0247e",
+ "name" : "view-events",
+ "description" : "${role_view-events}",
+ "composite" : false
+ }, {
+ "id" : "3ef6ace4-4e87-4c30-a8b3-1f0df25868c6",
+ "name" : "manage-clients",
+ "description" : "${role_manage-clients}",
+ "composite" : false
+ }, {
+ "id" : "fa2a4972-b8d0-452e-8e13-d2cf7eaac7aa",
+ "name" : "view-identity-providers",
+ "description" : "${role_view-identity-providers}",
+ "composite" : false
+ } ],
+ "security-admin-console" : [ ],
+ "broker" : [ {
+ "id" : "1bc5aeb4-1df1-4402-8195-e2a72f6dca30",
+ "name" : "read-token",
+ "description" : "${role_read-token}",
+ "composite" : false
+ } ],
+ "account" : [ {
+ "id" : "71b5b5ff-b372-41a1-a427-7883fa64a8c7",
+ "name" : "manage-account",
+ "description" : "${role_manage-account}",
+ "composite" : false
+ }, {
+ "id" : "04daa556-8aeb-43ba-99c6-b393ec2a32d4",
+ "name" : "view-profile",
+ "description" : "${role_view-profile}",
+ "composite" : false
+ } ]
+ }
+ },
+ "requiredCredentials" : [ "password" ],
+ "otpPolicyType" : "totp",
+ "otpPolicyAlgorithm" : "HmacSHA1",
+ "otpPolicyInitialCounter" : 0,
+ "otpPolicyDigits" : 6,
+ "otpPolicyLookAheadWindow" : 1,
+ "otpPolicyPeriod" : 30,
+ "clientScopeMappings" : {
+ "realm-management" : [ {
+ "client" : "security-admin-console",
+ "roles" : [ "realm-admin" ]
+ } ]
+ },
+ "clients" : [ {
+ "id" : "ba27336f-3f89-471d-98d2-b8856bd6dbf1",
+ "clientId" : "realm-management",
+ "name" : "${client_realm-management}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "26aee4e9-8eec-421b-90a9-238538f5897a",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "serviceAccountsEnabled" : false,
+ "directGrantsOnly" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "5d56eba1-724e-4904-a8f8-86ca264a82cf",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${familyName}",
+ "config" : {
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "18a30786-89f9-4744-8f36-4de811a591ae",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${email}",
+ "config" : {
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "4d1c4456-0c0d-49b9-bfba-c2c83645aeb2",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${username}",
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "1a19db43-2346-4a24-b6f0-1b8d7fc1353e",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ }, {
+ "id" : "a18612f0-9eb3-4d81-af0c-b0749b83fbd3",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${givenName}",
+ "config" : {
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "70c26044-c7fc-4090-98e1-670fef006e25",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ } ]
+ }, {
+ "id" : "3fdddd5e-0022-4f6d-8fdf-212266db7fd4",
+ "clientId" : "security-admin-console",
+ "name" : "${client_security-admin-console}",
+ "baseUrl" : "/auth/admin/Migration/console/index.html",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "38ce8135-738d-4103-85ac-c3470ac8824d",
+ "redirectUris" : [ "/auth/admin/Migration/console/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "serviceAccountsEnabled" : false,
+ "directGrantsOnly" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "be58fe30-b767-4566-9192-a4fa81fafa2c",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ }, {
+ "id" : "c97523fd-fd4f-48d7-8937-bd434fa374fd",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${givenName}",
+ "config" : {
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "2323a85d-2686-46d4-bea8-e36524920f2e",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${email}",
+ "config" : {
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "56f8a80e-9e99-4add-b918-b864ca3f6f5c",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${username}",
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "f9f51e8d-d5af-456c-be5a-3019fb8c0910",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${familyName}",
+ "config" : {
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "3d8fbb0c-9058-4dde-b675-ca77a153ceb8",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ } ]
+ }, {
+ "id" : "068fcf1a-7048-43df-b3dd-e6c484e8b051",
+ "clientId" : "broker",
+ "name" : "${client_broker}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "041b50a6-54b5-4cff-84ef-1b7c388d3395",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "serviceAccountsEnabled" : false,
+ "directGrantsOnly" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "57c6f779-c96b-4f03-b268-354af2a8731e",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${email}",
+ "config" : {
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "f17a7b9f-9363-44bd-8320-df36f22ca712",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${givenName}",
+ "config" : {
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "ec1bf022-9e98-4f29-9bf0-f0a49bd844ad",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ }, {
+ "id" : "0d54c616-326b-4fe7-bbfa-af9a28304dc5",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${username}",
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "89ce95b9-a268-4306-a1ad-86066d0cdd03",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${familyName}",
+ "config" : {
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "8236274d-af69-4fc4-8804-a02d4af66157",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ } ]
+ }, {
+ "id" : "717b9e58-87ed-402d-a8f8-a37fd5e7c951",
+ "clientId" : "account",
+ "name" : "${client_account}",
+ "baseUrl" : "/auth/realms/Migration/account",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "9ea62eb5-5478-454a-a479-4012f8967f9c",
+ "defaultRoles" : [ "view-profile", "manage-account" ],
+ "redirectUris" : [ "/auth/realms/Migration/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "serviceAccountsEnabled" : false,
+ "directGrantsOnly" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "bfb4a165-2a55-4e4b-9b13-05e68822f5d6",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${familyName}",
+ "config" : {
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "c505e313-d478-4b1d-94df-c2c9b6036a95",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ }, {
+ "id" : "12fc43f0-19b7-4b4a-b50a-40b6fc344ede",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${email}",
+ "config" : {
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "250f3bf3-2655-4482-a814-3adcc7cef5a4",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ }, {
+ "id" : "6cf70d19-6a9e-4abf-8917-38b87bac15d6",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${username}",
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "6cdeae21-ca97-4723-b880-d5aa35fa77b0",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${givenName}",
+ "config" : {
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "Claim JSON Type" : "String"
+ }
+ } ]
+ } ],
+ "browserSecurityHeaders" : {
+ "contentSecurityPolicy" : "frame-src 'self'",
+ "xFrameOptions" : "SAMEORIGIN"
+ },
+ "smtpServer" : { },
+ "eventsEnabled" : false,
+ "eventsListeners" : [ "jboss-logging" ],
+ "enabledEventTypes" : [ ],
+ "adminEventsEnabled" : false,
+ "adminEventsDetailsEnabled" : false,
+ "identityFederationEnabled" : false,
+ "internationalizationEnabled" : false,
+ "supportedLocales" : [ ],
+ "authenticationFlows" : [ {
+ "alias" : "registration form",
+ "description" : "registration form",
+ "providerId" : "form-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-user-creation",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ }, {
+ "authenticator" : "registration-profile-action",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 40
+ }, {
+ "authenticator" : "registration-password-action",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 50
+ }, {
+ "authenticator" : "registration-recaptcha-action",
+ "autheticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "userSetupAllowed" : false,
+ "priority" : 60
+ } ]
+ }, {
+ "alias" : "direct grant",
+ "description" : "OpenID Connect Resource Owner Grant",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "direct-grant-validate-username",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "direct-grant-validate-password",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ }, {
+ "authenticator" : "direct-grant-validate-otp",
+ "autheticatorFlow" : false,
+ "requirement" : "OPTIONAL",
+ "userSetupAllowed" : false,
+ "priority" : 30
+ } ]
+ }, {
+ "alias" : "reset credentials",
+ "description" : "Reset credentials for a user if they forgot their password or something",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "reset-credentials-choose-user",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "reset-credential-email",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ }, {
+ "authenticator" : "reset-password",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 30
+ }, {
+ "authenticator" : "reset-otp",
+ "autheticatorFlow" : false,
+ "requirement" : "OPTIONAL",
+ "userSetupAllowed" : false,
+ "priority" : 40
+ } ]
+ }, {
+ "alias" : "forms",
+ "description" : "Username, password, otp and other auth forms.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-username-password-form",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "auth-otp-form",
+ "autheticatorFlow" : false,
+ "requirement" : "OPTIONAL",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ } ]
+ }, {
+ "alias" : "clients",
+ "description" : "Base authentication for clients",
+ "providerId" : "client-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "client-secret",
+ "autheticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "client-jwt",
+ "autheticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ } ]
+ }, {
+ "alias" : "browser",
+ "description" : "browser based authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-cookie",
+ "autheticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "auth-spnego",
+ "autheticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ }, {
+ "flowAlias" : "forms",
+ "autheticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "userSetupAllowed" : false,
+ "priority" : 30
+ } ]
+ }, {
+ "alias" : "registration",
+ "description" : "registration flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-page-form",
+ "flowAlias" : "registration form",
+ "autheticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ } ]
+ } ],
+ "authenticatorConfig" : [ ],
+ "requiredActions" : [ {
+ "alias" : "CONFIGURE_TOTP",
+ "name" : "Configure Totp",
+ "providerId" : "CONFIGURE_TOTP",
+ "enabled" : true,
+ "defaultAction" : false,
+ "config" : { }
+ }, {
+ "alias" : "VERIFY_EMAIL",
+ "name" : "Verify Email",
+ "providerId" : "VERIFY_EMAIL",
+ "enabled" : true,
+ "defaultAction" : false,
+ "config" : { }
+ }, {
+ "alias" : "terms_and_conditions",
+ "name" : "Terms and Conditions",
+ "providerId" : "terms_and_conditions",
+ "enabled" : false,
+ "defaultAction" : false,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PASSWORD",
+ "name" : "Update Password",
+ "providerId" : "UPDATE_PASSWORD",
+ "enabled" : true,
+ "defaultAction" : false,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PROFILE",
+ "name" : "Update Profile",
+ "providerId" : "UPDATE_PROFILE",
+ "enabled" : true,
+ "defaultAction" : false,
+ "config" : { }
+ } ],
+ "browserFlow" : "browser",
+ "registrationFlow" : "registration",
+ "directGrantFlow" : "direct grant",
+ "resetCredentialsFlow" : "reset credentials",
+ "clientAuthenticationFlow" : "clients"
+}
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-16.json b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-16.json
new file mode 100644
index 0000000000..3719d043f0
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-16.json
@@ -0,0 +1,796 @@
+{
+ "id" : "Migration",
+ "realm" : "Migration",
+ "notBefore" : 0,
+ "revokeRefreshToken" : false,
+ "accessTokenLifespan" : 300,
+ "ssoSessionIdleTimeout" : 1800,
+ "ssoSessionMaxLifespan" : 36000,
+ "offlineSessionIdleTimeout" : 2592000,
+ "accessCodeLifespan" : 60,
+ "accessCodeLifespanUserAction" : 300,
+ "accessCodeLifespanLogin" : 1800,
+ "enabled" : true,
+ "sslRequired" : "external",
+ "registrationAllowed" : false,
+ "registrationEmailAsUsername" : false,
+ "rememberMe" : false,
+ "verifyEmail" : false,
+ "resetPasswordAllowed" : false,
+ "editUsernameAllowed" : false,
+ "bruteForceProtected" : false,
+ "maxFailureWaitSeconds" : 900,
+ "minimumQuickLoginWaitSeconds" : 60,
+ "waitIncrementSeconds" : 60,
+ "quickLoginCheckMilliSeconds" : 1000,
+ "maxDeltaTimeSeconds" : 43200,
+ "failureFactor" : 30,
+ "privateKey" : "MIIEowIBAAKCAQEAg/XlZqOYbYHyzHjWKwCD35JKloSyBBaIQgQbUjmWSBLw6xyNLSSvI45lmhoxcJTjxeZ+LKudfcoDVcLah1kYmTiS5YtNROeqmdWTkekdsAW8PYQJ0ScpatJ3jQ6xpe2E/AQWel5h6HI07O/r1mc3JDCXSe5zKdV9C0aGZpQSU2jWkVmP1cc2EZg5bVD1v057CUpKAX3qkloXpRedq6tMgwRSurhgnWDt93xWcv/+zz1Rw400batHmAm8Xa792jfZhSjvxtv9Q83Eb9jqi+c3BnxC3hucUDc6ivm8UgKYha054IOVbG8wDtmhZF8LlvLpjPk9iHuygS0zRnRuCo1+pQIDAQABAoIBACx5B8oSooFthS2CH/O4JbmIbRjTOceE7IELL0YD4HED6SvjoHSxY1EhYX6RC05871K3/pgBcn99QKh7lfh9f3vMBD3WN8FcLjPQNf67yOSU2j8FK+XQQ/YbXm0soZRhOytQGV8+RdL4AnxD04CboorQ0Xv6H9feelj9eLhDePWg5qEGHZJA6zGYiOUBALAL+SXoL59LWWLEM48TQWM0yGCA3mQM0iWCclbLNM1ls5gwMxSDdJeKC/3qlB6egGqPtXCEJdQXYqt3do8UUnxdQEkRGlJx14cSoH7fmZyZjLsEBcQT5uoAHI7/NMVN1DoFgwMTsq/MAATh3ngHqSl6J2ECgYEA3Ati3EaI0Vb8KzdjwZVgk9/KKnGLcswOl+cfU+lL9Vv5W4lVht3zvNAO8mUjtTSpjCF7LlY2lD9JEsv4cA9T3v2L7ZjkBiD6S/YYnEZYGAOjJb+LniRLqSVgN3beUgSiG/zzwuJm92J3dIcqMIPi4gdLMJ7KAv9qgbOddAy4b3kCgYEAmYXlqAu+Vgyjj3wzfgeXKzYkUfbEXUzsdugpW2gCvKi2/lJwmzORfsvSL88CxKZvzbEb1AJOrW+aPUbO0vPWo07ztphPKed+Gydp2G837f24eGZpBpxG6ATIa5MjtCHgX5guTMA3sJCFyLdMacRmlkmZEwbk7e9QxCp9HOmFoY0CgYB5u1LVya+nIBghUGM/lQP4yrVtBaO/vmPUZWhPY6FB+7/XhAJsuh09N10NfCZk+N1TSLJ8z/UhzmD+pRir5c7gbiQbLZn4SgYuP9cdnUze/CQlnfH/atTwnly8UmZruWR1V1sDVXzhHvg23w/YBx5dLOvL2gyn2+VwG43fxanDAQKBgFpFqWzOuvTOKb7NQVnyDKmUBHdNqtlRyhmBGhBtcG6OpkuVHjGkeQEdyFHkX7RSSZuhcMORN8IzxXYSlLrmNmeAnT3ZAXOac0R0QIDLpQ+ECVyCm28PpYH4jgDzXCMnaE/NpCvtOtHPqVsErSHkIo5saF4Px71A4zT15uuBRNphAoGBAMXV0eqeZOr/iHGIie3Ol0atZuB9b/BgLJBTFsCbFoVLdMAah4i2MXDm3vOUWlPf2VFL1LcKXYQ1GZ79We5LqG5w1CLA5WNt93U3yyl3/V5w02My5dVhz9BD4kWhZcvih+uVuHBxeI8Q8AvU63qqT4punQW4SSAHC+9e3U62aNc+",
+ "publicKey" : "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/XlZqOYbYHyzHjWKwCD35JKloSyBBaIQgQbUjmWSBLw6xyNLSSvI45lmhoxcJTjxeZ+LKudfcoDVcLah1kYmTiS5YtNROeqmdWTkekdsAW8PYQJ0ScpatJ3jQ6xpe2E/AQWel5h6HI07O/r1mc3JDCXSe5zKdV9C0aGZpQSU2jWkVmP1cc2EZg5bVD1v057CUpKAX3qkloXpRedq6tMgwRSurhgnWDt93xWcv/+zz1Rw400batHmAm8Xa792jfZhSjvxtv9Q83Eb9jqi+c3BnxC3hucUDc6ivm8UgKYha054IOVbG8wDtmhZF8LlvLpjPk9iHuygS0zRnRuCo1+pQIDAQAB",
+ "certificate" : "MIICoTCCAYkCBgFQs9TiPDANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlNaWdyYXRpb24wHhcNMTUxMDI5MTMzOTQ0WhcNMjUxMDI5MTM0MTI0WjAUMRIwEAYDVQQDDAlNaWdyYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCD9eVmo5htgfLMeNYrAIPfkkqWhLIEFohCBBtSOZZIEvDrHI0tJK8jjmWaGjFwlOPF5n4sq519ygNVwtqHWRiZOJLli01E56qZ1ZOR6R2wBbw9hAnRJylq0neNDrGl7YT8BBZ6XmHocjTs7+vWZzckMJdJ7nMp1X0LRoZmlBJTaNaRWY/VxzYRmDltUPW/TnsJSkoBfeqSWhelF52rq0yDBFK6uGCdYO33fFZy//7PPVHDjTRtq0eYCbxdrv3aN9mFKO/G2/1DzcRv2OqL5zcGfELeG5xQNzqK+bxSApiFrTngg5VsbzAO2aFkXwuW8umM+T2Ie7KBLTNGdG4KjX6lAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIOonQw/DIwSDU2oFyoaZ7VfFcT6Uh3QXfLB4ZYDek4m6Y8onrtqzuGo2Z2tcokV9PPkBAQtefSxIqx4COC9OeDBy1DeY04AkpprywLuOzCL/OBCV9QwiMkuBYYC5JJCIyTuo3qYxkuDA/iwDdH7vNDGohE6TDYmrC3Yp3lsLaHZ1lG52Df3qL8wo3/PdwzCOmyRGfm3vscTY+PqVCYcfxg9nPkoU3FwUJDAshjMxRw7/aafG8OmQ2EeYH4HV/FsULFrwoVF0Up8TkqAhmdJJ+vaGqaHHXQyiIPTMCdrkE58jAvtpbX0XCEDiNXT9qORhmjKP8Xq13XOQTfI5DRo8Qc=",
+ "codeSecret" : "56227bc5-edb9-419c-a019-d61a7c6ffb74",
+ "roles" : {
+ "realm" : [ {
+ "id" : "c4aae789-de76-4130-a06b-a28113ada698",
+ "name" : "offline_access",
+ "description" : "${role_offline-access}",
+ "scopeParamRequired" : true,
+ "composite" : false
+ } ],
+ "client" : {
+ "realm-management" : [ {
+ "id" : "22345bd8-afee-44c3-9958-a134e729aaa7",
+ "name" : "view-identity-providers",
+ "description" : "${role_view-identity-providers}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "6c6bb910-a769-4e92-b009-db4b9ab32c67",
+ "name" : "manage-events",
+ "description" : "${role_manage-events}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "5327bf34-5a16-4f36-bb15-100a25aac33e",
+ "name" : "view-realm",
+ "description" : "${role_view-realm}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "3c52d428-e3e5-40b3-92d4-ab6195b7dce5",
+ "name" : "create-client",
+ "description" : "${role_create-client}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "9999e081-5321-4c19-a8ac-27cea3bbde3a",
+ "name" : "impersonation",
+ "description" : "${role_impersonation}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "7c857cf1-b66e-4935-8749-580062d4719a",
+ "name" : "manage-identity-providers",
+ "description" : "${role_manage-identity-providers}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "549d2e65-d347-4221-bde0-65fff6580fc2",
+ "name" : "view-events",
+ "description" : "${role_view-events}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "aa1676b8-a92a-4c99-b266-54858129942d",
+ "name" : "view-users",
+ "description" : "${role_view-users}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "6c9a78fa-0e37-48bf-a9b5-2062312b0f33",
+ "name" : "manage-clients",
+ "description" : "${role_manage-clients}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "d38072d6-66fe-4102-8d4d-b5e8e2721e43",
+ "name" : "manage-realm",
+ "description" : "${role_manage-realm}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "a85da016-830e-42dd-8318-3cc8c28d3382",
+ "name" : "manage-users",
+ "description" : "${role_manage-users}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "0ab22444-1235-4391-ac10-571b33065177",
+ "name" : "realm-admin",
+ "description" : "${role_realm-admin}",
+ "scopeParamRequired" : false,
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "view-identity-providers", "manage-clients", "manage-events", "view-realm", "manage-realm", "manage-users", "create-client", "impersonation", "view-events", "manage-identity-providers", "view-clients", "view-users" ]
+ }
+ }
+ }, {
+ "id" : "442fcc9e-46af-495a-9cdf-64d32dabc808",
+ "name" : "view-clients",
+ "description" : "${role_view-clients}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ } ],
+ "security-admin-console" : [ ],
+ "broker" : [ {
+ "id" : "8d46836e-eb6c-4cf5-97fe-8b1b24a69e10",
+ "name" : "read-token",
+ "description" : "${role_read-token}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ } ],
+ "account" : [ {
+ "id" : "40799d46-6574-4d45-a157-33cc15e3e2f1",
+ "name" : "manage-account",
+ "description" : "${role_manage-account}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "d6056197-e9a3-4922-8b1b-ce6e99a71a43",
+ "name" : "view-profile",
+ "description" : "${role_view-profile}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ } ]
+ }
+ },
+ "defaultRoles" : [ "offline_access" ],
+ "requiredCredentials" : [ "password" ],
+ "otpPolicyType" : "totp",
+ "otpPolicyAlgorithm" : "HmacSHA1",
+ "otpPolicyInitialCounter" : 0,
+ "otpPolicyDigits" : 6,
+ "otpPolicyLookAheadWindow" : 1,
+ "otpPolicyPeriod" : 30,
+ "clientScopeMappings" : {
+ "realm-management" : [ {
+ "client" : "security-admin-console",
+ "roles" : [ "realm-admin" ]
+ } ]
+ },
+ "clients" : [ {
+ "id" : "cdf6e789-79b9-41ad-b4a3-f02abd2aeab6",
+ "clientId" : "realm-management",
+ "name" : "${client_realm-management}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "c51e802e-e33b-431e-8e74-c2ebd4ba6abf",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "serviceAccountsEnabled" : false,
+ "directGrantsOnly" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "cfaff5c8-a0e3-42af-8dcd-f7ae6000a240",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${email}",
+ "config" : {
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "5a68a544-0373-4cf3-9978-aed944df478f",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ }, {
+ "id" : "41c006db-88d6-42a6-addd-8efb535f1a7d",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ }, {
+ "id" : "d6fd0e72-aa1e-417d-b28b-ec31946dc6fd",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${username}",
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "d8692a7a-366d-407d-abc1-a6f45742c47c",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${givenName}",
+ "config" : {
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "54f4844b-aaa5-4260-b2aa-5dc446c8b978",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${familyName}",
+ "config" : {
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "7776fa56-ab87-4638-b42b-cc9537ab2fc2",
+ "clientId" : "security-admin-console",
+ "name" : "${client_security-admin-console}",
+ "baseUrl" : "/auth/admin/Migration/console/index.html",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "5e0673fa-921d-4415-9d92-3a4197d87e46",
+ "redirectUris" : [ "/auth/admin/Migration/console/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "serviceAccountsEnabled" : false,
+ "directGrantsOnly" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "9ed45252-c571-44fe-ac5f-b30cea378ff1",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "consentText" : "${locale}",
+ "config" : {
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "d1b5694e-e9e2-4d56-9019-bc658cdcded8",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${email}",
+ "config" : {
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "497fee7a-23b4-4345-a872-63444a8b1a27",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ }, {
+ "id" : "57881d46-deca-421e-a4c5-e023e747f68e",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${username}",
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "9cfe7043-ba2b-49e2-8a1b-f1b23fcb5eb5",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${familyName}",
+ "config" : {
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "c37a3c4a-8999-4111-ae2a-98954a5a8674",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ }, {
+ "id" : "a7917c74-f18a-43a0-a787-7afc7b45a247",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${givenName}",
+ "config" : {
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "e7faae41-f5e8-4571-b280-5bbe0d5bcb12",
+ "clientId" : "broker",
+ "name" : "${client_broker}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "b2a1f1ff-5157-4240-9354-69a6deb13ccb",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "serviceAccountsEnabled" : false,
+ "directGrantsOnly" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "b843f1fd-da0a-4d49-b367-3fb39f11383b",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${familyName}",
+ "config" : {
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "3b18c534-1e0a-474c-adf8-e9fbc33c05e8",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ }, {
+ "id" : "b7e9db64-52f6-4aba-9437-deefab06abee",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ }, {
+ "id" : "2da52efa-e9d9-4b68-a296-0310059b7df2",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${username}",
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "2d2df25d-26d1-4e7c-a85a-c485ab2cc0fe",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${givenName}",
+ "config" : {
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "d096910d-13ac-43a7-bad8-4d1bbfd34171",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${email}",
+ "config" : {
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "a2864762-7cc1-4784-a540-439e611f29ba",
+ "clientId" : "account",
+ "name" : "${client_account}",
+ "baseUrl" : "/auth/realms/Migration/account",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "68cbd7a8-3b48-4751-a396-df7ab39a2fdf",
+ "defaultRoles" : [ "view-profile", "manage-account" ],
+ "redirectUris" : [ "/auth/realms/Migration/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "serviceAccountsEnabled" : false,
+ "directGrantsOnly" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "ed2c87d0-299a-40ac-a11c-df7af41bb365",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${email}",
+ "config" : {
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "80bc8d1f-3cb8-4362-890c-68d1a5c7263d",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${givenName}",
+ "config" : {
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "af93478f-176d-4be4-be5d-78a65dd88717",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${username}",
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "b6c1704d-39fc-4b63-8f70-74561849654f",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${familyName}",
+ "config" : {
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "928dbc26-41a1-4342-ba92-c230a85e830c",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ }, {
+ "id" : "03a967ab-ed2b-402f-ae2f-10729084376c",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ } ]
+ } ],
+ "browserSecurityHeaders" : {
+ "contentSecurityPolicy" : "frame-src 'self'",
+ "xFrameOptions" : "SAMEORIGIN"
+ },
+ "smtpServer" : { },
+ "eventsEnabled" : false,
+ "eventsListeners" : [ "jboss-logging" ],
+ "enabledEventTypes" : [ ],
+ "adminEventsEnabled" : false,
+ "adminEventsDetailsEnabled" : false,
+ "identityFederationEnabled" : false,
+ "internationalizationEnabled" : false,
+ "supportedLocales" : [ ],
+ "authenticationFlows" : [ {
+ "alias" : "reset credentials",
+ "description" : "Reset credentials for a user if they forgot their password or something",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "reset-credentials-choose-user",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "reset-credential-email",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ }, {
+ "authenticator" : "reset-password",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 30
+ }, {
+ "authenticator" : "reset-otp",
+ "autheticatorFlow" : false,
+ "requirement" : "OPTIONAL",
+ "userSetupAllowed" : false,
+ "priority" : 40
+ } ]
+ }, {
+ "alias" : "clients",
+ "description" : "Base authentication for clients",
+ "providerId" : "client-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "client-secret",
+ "autheticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "client-jwt",
+ "autheticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ } ]
+ }, {
+ "alias" : "registration form",
+ "description" : "registration form",
+ "providerId" : "form-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-user-creation",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ }, {
+ "authenticator" : "registration-profile-action",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 40
+ }, {
+ "authenticator" : "registration-password-action",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 50
+ }, {
+ "authenticator" : "registration-recaptcha-action",
+ "autheticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "userSetupAllowed" : false,
+ "priority" : 60
+ } ]
+ }, {
+ "alias" : "direct grant",
+ "description" : "OpenID Connect Resource Owner Grant",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "direct-grant-validate-username",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "direct-grant-validate-password",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ }, {
+ "authenticator" : "direct-grant-validate-otp",
+ "autheticatorFlow" : false,
+ "requirement" : "OPTIONAL",
+ "userSetupAllowed" : false,
+ "priority" : 30
+ } ]
+ }, {
+ "alias" : "registration",
+ "description" : "registration flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-page-form",
+ "flowAlias" : "registration form",
+ "autheticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ } ]
+ }, {
+ "alias" : "browser",
+ "description" : "browser based authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-cookie",
+ "autheticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "auth-spnego",
+ "autheticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ }, {
+ "flowAlias" : "forms",
+ "autheticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "userSetupAllowed" : false,
+ "priority" : 30
+ } ]
+ }, {
+ "alias" : "forms",
+ "description" : "Username, password, otp and other auth forms.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-username-password-form",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "auth-otp-form",
+ "autheticatorFlow" : false,
+ "requirement" : "OPTIONAL",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ } ]
+ } ],
+ "authenticatorConfig" : [ ],
+ "requiredActions" : [ {
+ "alias" : "terms_and_conditions",
+ "name" : "Terms and Conditions",
+ "providerId" : "terms_and_conditions",
+ "enabled" : false,
+ "defaultAction" : false,
+ "config" : { }
+ }, {
+ "alias" : "CONFIGURE_TOTP",
+ "name" : "Configure Totp",
+ "providerId" : "CONFIGURE_TOTP",
+ "enabled" : true,
+ "defaultAction" : false,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PASSWORD",
+ "name" : "Update Password",
+ "providerId" : "UPDATE_PASSWORD",
+ "enabled" : true,
+ "defaultAction" : false,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PROFILE",
+ "name" : "Update Profile",
+ "providerId" : "UPDATE_PROFILE",
+ "enabled" : true,
+ "defaultAction" : false,
+ "config" : { }
+ }, {
+ "alias" : "VERIFY_EMAIL",
+ "name" : "Verify Email",
+ "providerId" : "VERIFY_EMAIL",
+ "enabled" : true,
+ "defaultAction" : false,
+ "config" : { }
+ } ],
+ "browserFlow" : "browser",
+ "registrationFlow" : "registration",
+ "directGrantFlow" : "direct grant",
+ "resetCredentialsFlow" : "reset credentials",
+ "clientAuthenticationFlow" : "clients"
+}
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/pom.xml b/testsuite/integration-arquillian/tests/pom.xml
index 2c9f13f5f0..074a08a1de 100644
--- a/testsuite/integration-arquillian/tests/pom.xml
+++ b/testsuite/integration-arquillian/tests/pom.xml
@@ -36,6 +36,7 @@
2.1.0.Alpha2
8.2.0.Final
2.1.1
+ true
@@ -96,6 +97,32 @@
false
+
+ org.apache.maven.plugins
+ maven-dependency-plugin
+
+
+ unpack-previous
+ generate-test-resources
+
+ unpack
+
+
+ ${skip.unpack.previous}
+
+
+ org.keycloak.testsuite
+ ${server.artifactId}
+ ${project.version}
+ zip
+
+
+ ${containers.home}
+ true
+
+
+
+
@@ -333,7 +360,7 @@
auth-server-wildfly
${containers.home}/keycloak-${project.version}
- 150
+ 300
@@ -348,7 +375,6 @@
org.apache.maven.plugins
maven-dependency-plugin
- 2.10
unpack
@@ -393,7 +419,7 @@
auth-server-eap6
${containers.home}/keycloak-${project.version}
- 150
+ 300
@@ -409,7 +435,6 @@
org.apache.maven.plugins
maven-dependency-plugin
- 2.10
unpack
@@ -452,39 +477,43 @@
- migration-kc15
+ migration-kc16
- ${containers.home}/keycloak-1.5.1.Final
+ false
+ 1.6.1.Final
+ integration-arquillian-server-wildfly-kc16
org.apache.maven.plugins
- maven-dependency-plugin
- 2.10
-
-
- unpack-previous
- generate-test-resources
-
- unpack
-
-
-
-
- org.keycloak.testsuite
- integration-arquillian-server-wildfly-kc15
- ${project.version}
- zip
-
-
- ${containers.home}
- true
-
-
-
+ maven-surefire-plugin
+
+
+ true
+ true
+ ${containers.home}/keycloak-${server.version}
+ src/test/resources/migration-test/migration-realm-16.json
+ ${server.version}
+
+
+
+
+
+
+
+
+ migration-kc15
+
+ false
+ 1.5.1.Final
+ integration-arquillian-server-wildfly-kc15
+
+
+
+
org.apache.maven.plugins
maven-surefire-plugin
@@ -492,7 +521,9 @@
true
true
- ${keycloak-1.5.1.Final.home}
+ ${containers.home}/keycloak-${server.version}
+ src/test/resources/migration-test/migration-realm-15.json
+ ${server.version}
@@ -504,37 +535,13 @@
migration-kc14
- ${containers.home}/keycloak-1.4.0.Final
+ false
+ 1.4.0.Final
+ integration-arquillian-server-wildfly-kc14
-
- org.apache.maven.plugins
- maven-dependency-plugin
- 2.10
-
-
- unpack-previous
- generate-test-resources
-
- unpack
-
-
-
-
- org.keycloak.testsuite
- integration-arquillian-server-wildfly-kc14
- ${project.version}
- zip
-
-
- ${containers.home}
- true
-
-
-
-
org.apache.maven.plugins
maven-surefire-plugin
@@ -542,7 +549,7 @@
true
true
- ${keycloak-1.4.0.Final.home}
+ ${containers.home}/keycloak-${server.version}
@@ -554,37 +561,13 @@
migration-kc13
- ${containers.home}/keycloak-1.3.1.Final
+ false
+ 1.3.1.Final
+ integration-arquillian-server-wildfly-kc13
-
- org.apache.maven.plugins
- maven-dependency-plugin
- 2.10
-
-
- unpack-previous
- generate-test-resources
-
- unpack
-
-
-
-
- org.keycloak.testsuite
- integration-arquillian-server-wildfly-kc13
- ${project.version}
- zip
-
-
- ${containers.home}
- true
-
-
-
-
org.apache.maven.plugins
maven-surefire-plugin
@@ -592,7 +575,7 @@
true
true
- ${keycloak-1.3.1.Final.home}
+ ${containers.home}/keycloak-${server.version}
@@ -604,37 +587,13 @@
migration-kc12
- ${containers.home}/keycloak-1.2.0.Final
+ false
+ 1.2.0.Final
+ integration-arquillian-server-wildfly-kc12
-
- org.apache.maven.plugins
- maven-dependency-plugin
- 2.10
-
-
- unpack-previous
- generate-test-resources
-
- unpack
-
-
-
-
- org.keycloak.testsuite
- integration-arquillian-server-wildfly-kc12
- ${project.version}
- zip
-
-
- ${containers.home}
- true
-
-
-
-
org.apache.maven.plugins
maven-surefire-plugin
@@ -642,7 +601,7 @@
true
true
- ${keycloak-1.2.0.Final.home}
+ ${containers.home}/keycloak-${server.version}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
index a9c0c58373..c7f075f4d6 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
@@ -26,7 +26,9 @@ import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
+import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.events.Details;
+import org.keycloak.events.Errors;
import org.keycloak.events.Event;
import org.keycloak.events.EventType;
import org.keycloak.models.RealmModel;
@@ -130,7 +132,7 @@ public class RequiredActionEmailVerificationTest {
String mailCodeId = sendEvent.getDetails().get(Details.CODE_ID);
- Assert.assertEquals(mailCodeId, verificationUrl.split("key=")[1].split("\\.")[1]);
+ Assert.assertEquals(mailCodeId, verificationUrl.split("code=")[1].split("\\&")[0].split("\\.")[1]);
driver.navigate().to(verificationUrl.trim());
@@ -223,7 +225,7 @@ public class RequiredActionEmailVerificationTest {
String mailCodeId = sendEvent.getDetails().get(Details.CODE_ID);
- Assert.assertEquals(mailCodeId, verificationUrl.split("key=")[1].split("\\.")[1]);
+ Assert.assertEquals(mailCodeId, verificationUrl.split("code=")[1].split("\\&")[0].split("\\.")[1]);
driver.manage().deleteAllCookies();
@@ -238,6 +240,42 @@ public class RequiredActionEmailVerificationTest {
assertTrue(loginPage.isCurrent());
}
+
+
+ @Test
+ public void verifyInvalidKeyOrCode() throws IOException, MessagingException {
+ loginPage.open();
+ loginPage.login("test-user@localhost", "password");
+
+ Assert.assertTrue(verifyEmailPage.isCurrent());
+ String resendEmailLink = verifyEmailPage.getResendEmailLink();
+ String keyInsteadCodeURL = resendEmailLink.replace("code=", "key=");
+
+ AssertEvents.ExpectedEvent emailEvent = events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL).detail("email", "test-user@localhost");
+ Event sendEvent = emailEvent.assertEvent();
+ String sessionId = sendEvent.getSessionId();
+ String mailCodeId = sendEvent.getDetails().get(Details.CODE_ID);
+
+ driver.navigate().to(keyInsteadCodeURL);
+
+ events.expectRequiredAction(EventType.VERIFY_EMAIL_ERROR)
+ .error(Errors.INVALID_CODE)
+ .client((String)null)
+ .user((String)null)
+ .session((String)null)
+ .clearDetails()
+ .assertEvent();
+
+ String badKeyURL = KeycloakUriBuilder.fromUri(resendEmailLink).queryParam("key", "foo").build().toString();
+ driver.navigate().to(badKeyURL);
+
+ events.expectRequiredAction(EventType.VERIFY_EMAIL_ERROR)
+ .error(Errors.INVALID_USER_CREDENTIALS)
+ .session(sessionId)
+ .detail("email", "test-user@localhost")
+ .detail(Details.CODE_ID, mailCodeId)
+ .assertEvent();
+ }
private String getPasswordResetEmailLink(MimeMessage message) throws IOException, MessagingException {
Multipart multipart = (Multipart) message.getContent();
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserModelTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserModelTest.java
index 258dd3cbd7..66018552c5 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserModelTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserModelTest.java
@@ -5,6 +5,7 @@ import org.junit.Test;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
+import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserModel.RequiredAction;
import org.keycloak.services.managers.ClientManager;
@@ -283,6 +284,36 @@ public class UserModelTest extends AbstractModelTest {
Assert.assertNull(session.users().getUserByUsername("user1", realm));
}
+ @Test
+ public void testGrantToAll() {
+ RealmModel realm1 = realmManager.createRealm("realm1");
+ RoleModel role1 = realm1.addRole("role1");
+ UserModel user1 = realmManager.getSession().users().addUser(realm1, "user1");
+ UserModel user2 = realmManager.getSession().users().addUser(realm1, "user2");
+
+ RealmModel realm2 = realmManager.createRealm("realm2");
+ UserModel realm2User1 = realmManager.getSession().users().addUser(realm2, "user1");
+
+ commit();
+
+ realm1 = realmManager.getRealmByName("realm1");
+ role1 = realm1.getRole("role1");
+ realmManager.getSession().users().grantToAllUsers(realm1, role1);
+
+ commit();
+
+ realm1 = realmManager.getRealmByName("realm1");
+ role1 = realm1.getRole("role1");
+ user1 = realmManager.getSession().users().getUserByUsername("user1", realm1);
+ user2 = realmManager.getSession().users().getUserByUsername("user2", realm1);
+ Assert.assertTrue(user1.hasRole(role1));
+ Assert.assertTrue(user2.hasRole(role1));
+
+ realm2 = realmManager.getRealmByName("realm2");
+ realm2User1 = realmManager.getSession().users().getUserByUsername("user1", realm2);
+ Assert.assertFalse(realm2User1.hasRole(role1));
+ }
+
public static void assertEquals(UserModel expected, UserModel actual) {
Assert.assertEquals(expected.getUsername(), actual.getUsername());
Assert.assertEquals(expected.getCreatedTimestamp(), actual.getCreatedTimestamp());
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionPersisterProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionPersisterProviderTest.java
index 8a6fc9dcb0..cbc8284c22 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionPersisterProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionPersisterProviderTest.java
@@ -290,6 +290,14 @@ public class UserSessionPersisterProviderTest {
realmMgr.removeRealm(realmMgr.getRealm("foo"));
}
+ // KEYCLOAK-1999
+ @Test
+ public void testNoSessions() {
+ UserSessionPersisterProvider persister = session.getProvider(UserSessionPersisterProvider.class);
+ List sessions = persister.loadUserSessions(0, 1, true);
+ Assert.assertEquals(0, sessions.size());
+ }
+
private ClientSessionModel createClientSession(ClientModel client, UserSessionModel userSession, String redirect, String state, Set roles, Set protocolMappers) {
ClientSessionModel clientSession = session.sessions().createClientSession(realm, client);
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/VerifyEmailPage.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/VerifyEmailPage.java
index cfcfbb4fdb..9968ce1087 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/VerifyEmailPage.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/VerifyEmailPage.java
@@ -50,4 +50,8 @@ public class VerifyEmailPage extends AbstractPage {
resendEmailLink.click();
}
+ public String getResendEmailLink() {
+ return resendEmailLink.getAttribute("href");
+ }
+
}