libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

changes

Browse source
This commit is contained in:
Bill Burke 2015-02-20 09:22:49 -05:00
parent ebd9bae1ee
commit 20f12ea960
69 changed files with 635 additions and 428 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.2.0.Beta1.xml
View file

@ -1,13 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
<changeSet author="psilva@redhat.com" id="1.2.0.Beta1">
<createTable tableName="PROTOCOL_CLAIM_MAPPING">
<createTable tableName="PROTOCOL_MAPPER">
<column name="ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
<column name="PROTOCOL_CLAIM" type="VARCHAR(255)"/>
<column name="PROTOCOL" type="VARCHAR(255)"/>
<column name="SOURCE" type="VARCHAR(255)"/>
<column name="PROTOCOL_MAPPER_NAME" type="VARCHAR(255)"/>
<column name="SOURCE_ATTRIBUTE" type="VARCHAR(255)"/>
<column name="APPLIED_BY_DEFAULT" type="BOOLEAN(1)"/>
<column name="REALM_ID" type="VARCHAR(36)"/>
@ -63,7 +64,7 @@
<constraints nullable="false"/>
</column>
</createTable>
<createTable tableName="CLIENT_PROTOCOL_CLAIM_MAPPING">
<createTable tableName="CLIENT_PROTOCOL_MAPPER">
<column name="CLIENT_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
@ -75,19 +76,19 @@
<column name="FRONTCHANNEL_LOGOUT" type="BOOLEAN" defaultValueBoolean="false"/>
</addColumn>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_CT" tableName="CLAIM_TYPE"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_PCM" tableName="PROTOCOL_CLAIM_MAPPING"/>
<addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_PCM" tableName="PROTOCOL_MAPPER"/>
<addPrimaryKey columnNames="INTERNAL_ID" constraintName="CONSTRAINT_2B" tableName="IDENTITY_PROVIDER"/>
<addPrimaryKey columnNames="IDENTITY_PROVIDER, USER_ID" constraintName="CONSTRAINT_40" tableName="FEDERATED_IDENTITY"/>
<addPrimaryKey columnNames="IDENTITY_PROVIDER_ID, NAME" constraintName="CONSTRAINT_D" tableName="IDENTITY_PROVIDER_CONFIG"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="IDENTITY_PROVIDER" constraintName="FK2B4EBC52AE5C3B34" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="CLAIM_TYPE" constraintName="FK_CT_REALM" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="PROTOCOL_CLAIM_MAPPING" constraintName="FK_PCM_REALM" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="PROTOCOL_MAPPER" constraintName="FK_PCM_REALM" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="ID" referencedTableName="REALM"/>
<addForeignKeyConstraint baseColumnNames="USER_ID" baseTableName="FEDERATED_IDENTITY" constraintName="FK404288B92EF007A6" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="ID" referencedTableName="USER_ENTITY"/>
<addForeignKeyConstraint baseColumnNames="IDENTITY_PROVIDER_ID" baseTableName="IDENTITY_PROVIDER_CONFIG" constraintName="FKDC4897CF864C4E43" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER"/>
<addForeignKeyConstraint baseColumnNames="INTERNAL_ID" baseTableName="CLIENT_ALLOWED_IDENTITY_PROVIDER" constraintName="FK_7CELWNIBJI49AVXSRTUF6XJ12" referencedColumnNames="INTERNAL_ID" referencedTableName="IDENTITY_PROVIDER"/>
<addUniqueConstraint columnNames="INTERNAL_ID,CLIENT_ID" constraintName="UK_7CAELWNIBJI49AVXSRTUF6XJ12" tableName="CLIENT_ALLOWED_IDENTITY_PROVIDER"/>
<addForeignKeyConstraint baseColumnNames="MAPPING_ID" baseTableName="CLIENT_PROTOCOL_CLAIM_MAPPING" constraintName="FK_CPCM" referencedColumnNames="ID" referencedTableName="PROTOCOL_CLAIM_MAPPING"/>
<addUniqueConstraint columnNames="CLIENT_ID,MAPPING_ID" constraintName="UK_CPCM" tableName="CLIENT_PROTOCOL_CLAIM_MAPPING"/>
<addForeignKeyConstraint baseColumnNames="MAPPING_ID" baseTableName="CLIENT_PROTOCOL_MAPPER" constraintName="FK_CPCM" referencedColumnNames="ID" referencedTableName="PROTOCOL_MAPPER"/>
<addUniqueConstraint columnNames="CLIENT_ID,MAPPING_ID" constraintName="UK_CPCM" tableName="CLIENT_PROTOCOL_MAPPER"/>
<addUniqueConstraint columnNames="PROVIDER_NONIMAL_ID" constraintName="UK_2DAELWNIBJI49AVXSRTUF6XJ33" tableName="IDENTITY_PROVIDER"/>
</changeSet>
</databaseChangeLog>

2
connections/jpa/src/main/resources/META-INF/persistence.xml
View file

@ -19,7 +19,7 @@
<class>org.keycloak.models.jpa.entities.ScopeMappingEntity</class>
<class>org.keycloak.models.jpa.entities.IdentityProviderEntity</class>
<class>org.keycloak.models.jpa.entities.ClaimTypeEntity</class>
<class>org.keycloak.models.jpa.entities.ProtocolClaimMappingEntity</class>
<class>org.keycloak.models.jpa.entities.ProtocolMapperEntity</class>
<!-- JpaUserSessionProvider -->
<class>org.keycloak.models.sessions.jpa.entities.ClientSessionEntity</class>

12
core/src/main/java/org/keycloak/representations/AccessToken.java
View file

@ -64,6 +64,9 @@ public class AccessToken extends IDToken {
}
}
@JsonProperty("client_session")
protected String clientSession;
@JsonProperty("trusted-certs")
protected Set<String> trustedCertificates;
@ -117,12 +120,21 @@ public class AccessToken extends IDToken {
return resourceAccess.get(resource);
}
public String getClientSession() {
return clientSession;
}
public Access addAccess(String service) {
Access token = new Access();
resourceAccess.put(service, token);
return token;
}
public AccessToken clientSession(String session) {
this.clientSession = session;
return this;
}
@Override
public AccessToken id(String id) {
return (AccessToken) super.id(id);

27
core/src/main/java/org/keycloak/representations/IDToken.java
View file

@ -1,8 +1,13 @@
package org.keycloak.representations;
import org.codehaus.jackson.annotate.JsonAnyGetter;
import org.codehaus.jackson.annotate.JsonAnySetter;
import org.codehaus.jackson.annotate.JsonProperty;
import org.codehaus.jackson.annotate.JsonUnwrapped;
import java.util.HashMap;
import java.util.Map;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
@ -18,6 +23,8 @@ public class IDToken extends JsonWebToken {
@JsonUnwrapped
protected UserClaimSet userClaimSet = new UserClaimSet();
protected Map<String, Object> otherClaims = new HashMap<String, Object>();
public String getNonce() {
return nonce;
}
@ -34,6 +41,11 @@ public class IDToken extends JsonWebToken {
this.sessionState = sessionState;
}
/**
* Standardized OpenID Connect claims
*
* @return
*/
public UserClaimSet getUserClaimSet() {
return this.userClaimSet;
}
@ -41,4 +53,19 @@ public class IDToken extends JsonWebToken {
public void setUserClaimSet(UserClaimSet userClaimSet) {
this.userClaimSet = userClaimSet;
}
/**
* This is a map of any other claims and data that might be in the IDToken. Could be custom claims set up by the auth server
*
* @return
*/
@JsonAnyGetter
public Map<String, Object> getOtherClaims() {
return otherClaims;
}
@JsonAnySetter
public void setOtherClaims(Map<String, Object> otherClaims) {
this.otherClaims = otherClaims;
}
}

7
core/src/main/java/org/keycloak/representations/RefreshToken.java
View file

@ -1,5 +1,7 @@
package org.keycloak.representations;
import org.codehaus.jackson.annotate.JsonProperty;
import java.util.HashMap;
import java.util.Map;
@ -8,7 +10,9 @@ import java.util.Map;
* @version $Revision: 1 $
*/
public class RefreshToken extends AccessToken {
public RefreshToken() {
private RefreshToken() {
type("REFRESH");
}
@ -20,6 +24,7 @@ public class RefreshToken extends AccessToken {
*/
public RefreshToken(AccessToken token) {
this();
this.clientSession = token.getClientSession();
this.issuer = token.issuer;
this.subject = token.subject;
this.issuedFor = token.issuedFor;

10
core/src/main/java/org/keycloak/representations/idm/ProtocolClaimMappingRepresentation.java → core/src/main/java/org/keycloak/representations/idm/ProtocolMapperRepresentation.java
View file

@ -4,12 +4,13 @@ package org.keycloak.representations.idm;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ProtocolClaimMappingRepresentation {
public class ProtocolMapperRepresentation {
protected String id;
protected String protocolClaim;
protected String protocol;
protected String source;
protected String sourceAttribute;
protected String protocolMapper;
protected boolean appliedByDefault;
@ -61,4 +62,11 @@ public class ProtocolClaimMappingRepresentation {
this.source = source;
}
public String getProtocolMapper() {
return protocolMapper;
}
public void setProtocolMapper(String protocolMapper) {
this.protocolMapper = protocolMapper;
}
}

6
core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java
View file

@ -64,7 +64,7 @@ public class RealmRepresentation {
protected List<String> eventsListeners;
private List<IdentityProviderRepresentation> identityProviders;
private List<ClaimTypeRepresentation> claimTypes;
private List<ProtocolClaimMappingRepresentation> protocolClaimMappings;
private List<ProtocolMapperRepresentation> protocolClaimMappings;
private Boolean identityFederationEnabled;
public String getId() {
@ -492,11 +492,11 @@ public class RealmRepresentation {
this.claimTypes = claimTypes;
}
public List<ProtocolClaimMappingRepresentation> getProtocolClaimMappings() {
public List<ProtocolMapperRepresentation> getProtocolClaimMappings() {
return protocolClaimMappings;
}
public void setProtocolClaimMappings(List<ProtocolClaimMappingRepresentation> protocolClaimMappings) {
public void setProtocolClaimMappings(List<ProtocolMapperRepresentation> protocolClaimMappings) {
this.protocolClaimMappings = protocolClaimMappings;
}
}

3
core/src/main/java/org/keycloak/util/JsonSerialization.java
View file

@ -30,6 +30,9 @@ public class JsonSerialization {
}
public static String writeValueAsPrettyString(Object obj) throws IOException {
return prettyMapper.writeValueAsString(obj);
}
public static String writeValueAsString(Object obj) throws IOException {
return mapper.writeValueAsString(obj);
}

27
core/src/test/java/org/keycloak/JsonParserTest.java Normal file → Executable file
View file

@ -2,9 +2,16 @@ package org.keycloak;
import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
import java.util.Map;
import org.codehaus.jackson.annotate.JsonAnyGetter;
import org.codehaus.jackson.annotate.JsonAnySetter;
import org.codehaus.jackson.annotate.JsonProperty;
import org.codehaus.jackson.annotate.JsonUnwrapped;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.representations.IDToken;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.util.JsonSerialization;
@ -13,6 +20,26 @@ import org.keycloak.util.JsonSerialization;
*/
public class JsonParserTest {
@Test
public void testUnwrap() throws Exception {
// just experimenting with unwrapped and any properties
IDToken test = new IDToken();
test.getOtherClaims().put("phone_number", "978-666-0000");
test.getOtherClaims().put("email_verified", "true");
Map<String, String> nested = new HashMap<String, String>();
nested.put("foo", "bar");
test.getOtherClaims().put("nested", nested);
String json = JsonSerialization.writeValueAsPrettyString(test);
System.out.println(json);
test = JsonSerialization.readValue(json, IDToken.class);
System.out.println("email_verified property: " + test.getUserClaimSet().getEmailVerified());
System.out.println("property: " + test.getUserClaimSet().getPhoneNumber());
System.out.println("map: " + test.getOtherClaims().get("phone_number"));
Assert.assertNotNull(test.getUserClaimSet().getPhoneNumber());
Assert.assertNull(test.getOtherClaims().get("phone_number"));
}
@Test
public void testParsingSystemProps() throws IOException {
System.setProperty("my.host", "foo");

6
model/api/src/main/java/org/keycloak/models/ClientModel.java
View file

@ -104,7 +104,7 @@ public interface ClientModel {
boolean hasIdentityProvider(String providerId);
Set<ProtocolClaimMappingModel> getProtocolClaimMappings();
void addProtocolClaimMappings(Set<String> mappingIds);
void removeProtocolClaimMappings(Set<String> mappingIds);
Set<ProtocolMapperModel> getProtocolMappers();
void addProtocolMappers(Set<String> mapperIds);
void removeProtocolMappers(Set<String> mapperIds);
}

27
model/api/src/main/java/org/keycloak/models/ProtocolClaimMappingModel.java → model/api/src/main/java/org/keycloak/models/ProtocolMapperModel.java
View file

@ -1,10 +1,15 @@
package org.keycloak.models;
/**
* Specifies a mapping from user data to a protocol claim assertion. If protocolMapper is set, this points
* to a @Provider that will perform the mapping. If you have this set, then no other attributes of this class need to be set.
* If you don't have it set, then this is a simple one to one mapping between the protocolClaim and the sourceAttribute.
* SourceAttribute is the user data, protocolClaim is the name of the data you want to store in the protocols document or token.
*
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ProtocolClaimMappingModel {
public class ProtocolMapperModel {
public static enum Source {
USER_MODEL,
USER_ATTRIBUTE,
@ -13,10 +18,12 @@ public class ProtocolClaimMappingModel {
}
protected String id;
protected String name;
protected String protocolClaim;
protected String protocol;
protected Source source;
protected String sourceAttribute;
protected String protocolMapper;
protected boolean appliedByDefault;
@ -28,6 +35,14 @@ public class ProtocolClaimMappingModel {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getProtocolClaim() {
return protocolClaim;
}
@ -68,12 +83,20 @@ public class ProtocolClaimMappingModel {
this.source = source;
}
public String getProtocolMapper() {
return protocolMapper;
}
public void setProtocolMapper(String protocolMapper) {
this.protocolMapper = protocolMapper;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
ProtocolClaimMappingModel that = (ProtocolClaimMappingModel) o;
ProtocolMapperModel that = (ProtocolMapperModel) o;
if (!id.equals(that.id)) return false;

10
model/api/src/main/java/org/keycloak/models/RealmModel.java
View file

@ -230,11 +230,11 @@ public interface RealmModel extends RoleContainerModel {
ClaimTypeModel getClaimType(String name);
void updateClaimType(ClaimTypeModel claimType);
Set<ProtocolClaimMappingModel> getProtocolClaimMappings();
ProtocolClaimMappingModel addProtocolClaimMapping(ProtocolClaimMappingModel model);
void removeProtocolClaimMapping(ProtocolClaimMappingModel mapping);
void updateProtocolClaimMapping(ProtocolClaimMappingModel mapping);
public ProtocolClaimMappingModel getProtocolClaimMappingById(String id);
Set<ProtocolMapperModel> getProtocolMappers();
ProtocolMapperModel addProtocolMapper(ProtocolMapperModel model);
void removeProtocolMapper(ProtocolMapperModel mapping);
void updateProtocolMapper(ProtocolMapperModel mapping);
public ProtocolMapperModel getProtocolMapperById(String id);
}

19
model/api/src/main/java/org/keycloak/models/entities/ProtocolClaimMappingEntity.java → model/api/src/main/java/org/keycloak/models/entities/ProtocolMapperEntity.java
View file

@ -1,17 +1,18 @@
package org.keycloak.models.entities;
import org.keycloak.models.ProtocolClaimMappingModel;
import org.keycloak.models.ProtocolMapperModel;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class ProtocolClaimMappingEntity {
public class ProtocolMapperEntity {
protected String id;
protected String protocolClaim;
protected String protocol;
protected ProtocolClaimMappingModel.Source source;
protected ProtocolMapperModel.Source source;
protected String sourceAttribute;
protected String protocolMapper;
protected boolean appliedByDefault;
public String getId() {
@ -38,11 +39,11 @@ public class ProtocolClaimMappingEntity {
this.protocol = protocol;
}
public ProtocolClaimMappingModel.Source getSource() {
public ProtocolMapperModel.Source getSource() {
return source;
}
public void setSource(ProtocolClaimMappingModel.Source source) {
public void setSource(ProtocolMapperModel.Source source) {
this.source = source;
}
@ -61,4 +62,12 @@ public class ProtocolClaimMappingEntity {
public void setAppliedByDefault(boolean appliedByDefault) {
this.appliedByDefault = appliedByDefault;
}
public String getProtocolMapper() {
return protocolMapper;
}
public void setProtocolMapper(String protocolMapper) {
this.protocolMapper = protocolMapper;
}
}

6
model/api/src/main/java/org/keycloak/models/entities/RealmEntity.java
View file

@ -53,7 +53,7 @@ public class RealmEntity extends AbstractIdentifiableEntity {
private List<UserFederationProviderEntity> userFederationProviders = new ArrayList<UserFederationProviderEntity>();
private List<IdentityProviderEntity> identityProviders = new ArrayList<IdentityProviderEntity>();
private List<ClaimTypeEntity> claimTypes = new ArrayList<ClaimTypeEntity>();
private List<ProtocolClaimMappingEntity> claimMappings = new ArrayList<ProtocolClaimMappingEntity>();
private List<ProtocolMapperEntity> claimMappings = new ArrayList<ProtocolMapperEntity>();
private Map<String, String> browserSecurityHeaders = new HashMap<String, String>();
private Map<String, String> smtpConfig = new HashMap<String, String>();
@ -401,11 +401,11 @@ public class RealmEntity extends AbstractIdentifiableEntity {
this.claimTypes = claimTypes;
}
public List<ProtocolClaimMappingEntity> getClaimMappings() {
public List<ProtocolMapperEntity> getClaimMappings() {
return claimMappings;
}
public void setClaimMappings(List<ProtocolClaimMappingEntity> claimMappings) {
public void setClaimMappings(List<ProtocolMapperEntity> claimMappings) {
this.claimMappings = claimMappings;
}
}

19
model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
View file

@ -8,7 +8,7 @@ import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.ProtocolClaimMappingModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
@ -23,7 +23,7 @@ import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.FederatedIdentityRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.OAuthClientRepresentation;
import org.keycloak.representations.idm.ProtocolClaimMappingRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
@ -157,7 +157,7 @@ public class ModelToRepresentation {
rep.getClaimTypes().add(toRepresentation(claimType));
}
for (ProtocolClaimMappingModel mapping : realm.getProtocolClaimMappings()) {
for (ProtocolMapperModel mapping : realm.getProtocolMappers()) {
rep.getProtocolClaimMappings().add(toRepresentation(mapping));
}
@ -265,9 +265,9 @@ public class ModelToRepresentation {
rep.setAllowedIdentityProviders(applicationModel.getAllowedIdentityProviders());
}
if (!applicationModel.getProtocolClaimMappings().isEmpty()) {
if (!applicationModel.getProtocolMappers().isEmpty()) {
Set<String> mappings = new HashSet<String>();
for (ProtocolClaimMappingModel model : applicationModel.getProtocolClaimMappings()) mappings.add(model.getId());
for (ProtocolMapperModel model : applicationModel.getProtocolMappers()) mappings.add(model.getId());
rep.setProtocolClaimMappings(mappings);
}
@ -300,9 +300,9 @@ public class ModelToRepresentation {
rep.setAllowedIdentityProviders(model.getAllowedIdentityProviders());
}
if (!model.getProtocolClaimMappings().isEmpty()) {
if (!model.getProtocolMappers().isEmpty()) {
Set<String> mappings = new HashSet<String>();
for (ProtocolClaimMappingModel mappingMoel : model.getProtocolClaimMappings()) mappings.add(mappingMoel.getId());
for (ProtocolMapperModel mappingMoel : model.getProtocolMappers()) mappings.add(mappingMoel.getId());
rep.setProtocolClaimMappings(mappings);
}
return rep;
@ -337,13 +337,14 @@ public class ModelToRepresentation {
return providerRep;
}
public static ProtocolClaimMappingRepresentation toRepresentation(ProtocolClaimMappingModel model) {
ProtocolClaimMappingRepresentation rep = new ProtocolClaimMappingRepresentation();
public static ProtocolMapperRepresentation toRepresentation(ProtocolMapperModel model) {
ProtocolMapperRepresentation rep = new ProtocolMapperRepresentation();
rep.setId(model.getId());
rep.setProtocol(model.getProtocol());
rep.setProtocolClaim(model.getProtocolClaim());
rep.setSourceAttribute(model.getSourceAttribute());
rep.setSource(model.getSource().name());
rep.setProtocolMapper(model.getProtocolMapper());
rep.setAppliedByDefault(model.isAppliedByDefault());
return rep;
}

19
model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -13,7 +13,7 @@ import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.ProtocolClaimMappingModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel;
@ -27,7 +27,7 @@ import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.FederatedIdentityRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.OAuthClientRepresentation;
import org.keycloak.representations.idm.ProtocolClaimMappingRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.ScopeMappingRepresentation;
@ -461,7 +461,7 @@ public class RepresentationToModel {
}
if (resourceRep.getProtocolClaimMappings() != null) {
applicationModel.addProtocolClaimMappings(resourceRep.getProtocolClaimMappings());
applicationModel.addProtocolMappers(resourceRep.getProtocolClaimMappings());
}
return applicationModel;
@ -638,7 +638,7 @@ public class RepresentationToModel {
}
if (rep.getProtocolClaimMappings() != null) {
model.addProtocolClaimMappings(rep.getProtocolClaimMappings());
model.addProtocolMappers(rep.getProtocolClaimMappings());
}
}
@ -774,8 +774,8 @@ public class RepresentationToModel {
private static void importProtocolClaimMappings(RealmRepresentation rep, RealmModel newRealm) {
if (rep.getProtocolClaimMappings() != null) {
for (ProtocolClaimMappingRepresentation representation : rep.getProtocolClaimMappings()) {
newRealm.addProtocolClaimMapping(toModel(representation));
for (ProtocolMapperRepresentation representation : rep.getProtocolClaimMappings()) {
newRealm.addProtocolMapper(toModel(representation));
}
}
}
@ -805,14 +805,15 @@ public class RepresentationToModel {
return model;
}
public static ProtocolClaimMappingModel toModel(ProtocolClaimMappingRepresentation rep) {
ProtocolClaimMappingModel model = new ProtocolClaimMappingModel();
public static ProtocolMapperModel toModel(ProtocolMapperRepresentation rep) {
ProtocolMapperModel model = new ProtocolMapperModel();
model.setId(rep.getId());
model.setAppliedByDefault(rep.isAppliedByDefault());
model.setSource(ProtocolClaimMappingModel.Source.valueOf(rep.getSource()));
model.setSource(ProtocolMapperModel.Source.valueOf(rep.getSource()));
model.setSourceAttribute(rep.getSourceAttribute());
model.setProtocol(rep.getProtocol());
model.setProtocolClaim(rep.getProtocolClaim());
model.setProtocolMapper(rep.getProtocolMapper());
return model;
}
}

14
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/ClientAdapter.java vendored
View file

@ -1,7 +1,7 @@
package org.keycloak.models.cache;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ProtocolClaimMappingModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
@ -281,21 +281,21 @@ public abstract class ClientAdapter implements ClientModel {
}
@Override
public Set<ProtocolClaimMappingModel> getProtocolClaimMappings() {
if (updatedClient != null) return updatedClient.getProtocolClaimMappings();
public Set<ProtocolMapperModel> getProtocolMappers() {
if (updatedClient != null) return updatedClient.getProtocolMappers();
return cachedClient.getProtocolClaimMappings(); }
@Override
public void addProtocolClaimMappings(Set<String> mappingIds) {
public void addProtocolMappers(Set<String> mappingIds) {
getDelegateForUpdate();
updatedClient.addProtocolClaimMappings(mappingIds);
updatedClient.addProtocolMappers(mappingIds);
}
@Override
public void removeProtocolClaimMappings(Set<String> mappingIds) {
public void removeProtocolMappers(Set<String> mappingIds) {
getDelegateForUpdate();
updatedClient.removeProtocolClaimMappings(mappingIds);
updatedClient.removeProtocolMappers(mappingIds);
}
}

22
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java vendored
View file

@ -8,7 +8,7 @@ import org.keycloak.models.ClientModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.ProtocolClaimMappingModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
@ -886,34 +886,34 @@ public class RealmAdapter implements RealmModel {
@Override
public Set<ProtocolClaimMappingModel> getProtocolClaimMappings() {
if (updated != null) return updated.getProtocolClaimMappings();
public Set<ProtocolMapperModel> getProtocolMappers() {
if (updated != null) return updated.getProtocolMappers();
return cached.getClaimMappings();
}
@Override
public ProtocolClaimMappingModel addProtocolClaimMapping(ProtocolClaimMappingModel model) {
public ProtocolMapperModel addProtocolMapper(ProtocolMapperModel model) {
getDelegateForUpdate();
return updated.addProtocolClaimMapping(model);
return updated.addProtocolMapper(model);
}
@Override
public void removeProtocolClaimMapping(ProtocolClaimMappingModel mapping) {
public void removeProtocolMapper(ProtocolMapperModel mapping) {
getDelegateForUpdate();
updated.removeProtocolClaimMapping(mapping);
updated.removeProtocolMapper(mapping);
}
@Override
public void updateProtocolClaimMapping(ProtocolClaimMappingModel mapping) {
public void updateProtocolMapper(ProtocolMapperModel mapping) {
getDelegateForUpdate();
updated.updateProtocolClaimMapping(mapping);
updated.updateProtocolMapper(mapping);
}
@Override
public ProtocolClaimMappingModel getProtocolClaimMappingById(String id) {
for (ProtocolClaimMappingModel mapping : cached.getClaimMappings()) {
public ProtocolMapperModel getProtocolMapperById(String id) {
for (ProtocolMapperModel mapping : cached.getClaimMappings()) {
if (mapping.getId().equals(id)) return mapping;
}
return null;

8
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedClient.java vendored
View file

@ -1,7 +1,7 @@
package org.keycloak.models.cache.entities;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ProtocolClaimMappingModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.RoleModel;
@ -36,7 +36,7 @@ public class CachedClient {
protected Set<String> scope = new HashSet<String>();
protected Set<String> webOrigins = new HashSet<String>();
private List<String> allowedIdentityProviders = new ArrayList<String>();
private Set<ProtocolClaimMappingModel> protocolClaimMappings = new HashSet<ProtocolClaimMappingModel>();
private Set<ProtocolMapperModel> protocolClaimMappings = new HashSet<ProtocolMapperModel>();
public CachedClient(RealmCache cache, RealmProvider delegate, RealmModel realm, ClientModel model) {
id = model.getId();
@ -58,7 +58,7 @@ public class CachedClient {
scope.add(role.getId());
}
this.allowedIdentityProviders = model.getAllowedIdentityProviders();
protocolClaimMappings.addAll(model.getProtocolClaimMappings());
protocolClaimMappings.addAll(model.getProtocolMappers());
}
public String getId() {
@ -137,7 +137,7 @@ public class CachedClient {
return this.allowedIdentityProviders.contains(providerId);
}
public Set<ProtocolClaimMappingModel> getProtocolClaimMappings() {
public Set<ProtocolMapperModel> getProtocolClaimMappings() {
return protocolClaimMappings;
}
}

6
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/entities/CachedRealm.java vendored
View file

@ -6,7 +6,7 @@ import org.keycloak.models.ClaimTypeModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.ProtocolClaimMappingModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.RequiredCredentialModel;
@ -71,7 +71,7 @@ public class CachedRealm {
private List<UserFederationProviderModel> userFederationProviders = new ArrayList<UserFederationProviderModel>();
private List<IdentityProviderModel> identityProviders = new ArrayList<IdentityProviderModel>();
private Set<ClaimTypeModel> claimTypes = new HashSet<ClaimTypeModel>();
private Set<ProtocolClaimMappingModel> claimMappings = new HashSet<ProtocolClaimMappingModel>();
private Set<ProtocolMapperModel> claimMappings = new HashSet<ProtocolMapperModel>();
private Map<String, String> browserSecurityHeaders = new HashMap<String, String>();
private Map<String, String> smtpConfig = new HashMap<String, String>();
@ -353,7 +353,7 @@ public class CachedRealm {
return claimTypes;
}
public Set<ProtocolClaimMappingModel> getClaimMappings() {
public Set<ProtocolMapperModel> getClaimMappings() {
return claimMappings;
}
}

32
model/jpa/src/main/java/org/keycloak/models/jpa/ClientAdapter.java
View file

@ -1,13 +1,13 @@
package org.keycloak.models.jpa;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ProtocolClaimMappingModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.jpa.entities.ClientEntity;
import org.keycloak.models.jpa.entities.IdentityProviderEntity;
import org.keycloak.models.jpa.entities.ProtocolClaimMappingEntity;
import org.keycloak.models.jpa.entities.ProtocolMapperEntity;
import org.keycloak.models.jpa.entities.RoleEntity;
import org.keycloak.models.jpa.entities.ScopeMappingEntity;
@ -357,15 +357,15 @@ public abstract class ClientAdapter implements ClientModel {
}
@Override
public Set<ProtocolClaimMappingModel> getProtocolClaimMappings() {
Set<ProtocolClaimMappingModel> mappings = new HashSet<ProtocolClaimMappingModel>();
for (ProtocolClaimMappingEntity entity : this.entity.getProtocolClaimMappings()) {
ProtocolClaimMappingModel mapping = new ProtocolClaimMappingModel();
public Set<ProtocolMapperModel> getProtocolMappers() {
Set<ProtocolMapperModel> mappings = new HashSet<ProtocolMapperModel>();
for (ProtocolMapperEntity entity : this.entity.getProtocolMappers()) {
ProtocolMapperModel mapping = new ProtocolMapperModel();
mapping.setId(entity.getId());
mapping.setProtocol(entity.getProtocol());
mapping.setProtocolClaim(entity.getProtocolClaim());
mapping.setAppliedByDefault(entity.isAppliedByDefault());
mapping.setSource(ProtocolClaimMappingModel.Source.valueOf(entity.getSource()));
mapping.setSource(ProtocolMapperModel.Source.valueOf(entity.getSource()));
mapping.setSourceAttribute(entity.getSourceAttribute());
mappings.add(mapping);
}
@ -373,15 +373,15 @@ public abstract class ClientAdapter implements ClientModel {
}
@Override
public void addProtocolClaimMappings(Set<String> mappings) {
Collection<ProtocolClaimMappingEntity> entities = entity.getProtocolClaimMappings();
public void addProtocolMappers(Set<String> mappings) {
Collection<ProtocolMapperEntity> entities = entity.getProtocolMappers();
Set<String> already = new HashSet<String>();
for (ProtocolClaimMappingEntity rel : entities) {
for (ProtocolMapperEntity rel : entities) {
already.add(rel.getId());
}
for (String providerId : mappings) {
if (!already.contains(providerId)) {
ProtocolClaimMappingEntity mapping = em.find(ProtocolClaimMappingEntity.class, providerId);
ProtocolMapperEntity mapping = em.find(ProtocolMapperEntity.class, providerId);
if (mapping != null) {
entities.add(mapping);
}
@ -391,13 +391,13 @@ public abstract class ClientAdapter implements ClientModel {
}
@Override
public void removeProtocolClaimMappings(Set<String> mappings) {
Collection<ProtocolClaimMappingEntity> entities = entity.getProtocolClaimMappings();
List<ProtocolClaimMappingEntity> remove = new LinkedList<ProtocolClaimMappingEntity>();
for (ProtocolClaimMappingEntity rel : entities) {
public void removeProtocolMappers(Set<String> mappings) {
Collection<ProtocolMapperEntity> entities = entity.getProtocolMappers();
List<ProtocolMapperEntity> remove = new LinkedList<ProtocolMapperEntity>();
for (ProtocolMapperEntity rel : entities) {
if (mappings.contains(rel.getId())) remove.add(rel);
}
for (ProtocolClaimMappingEntity entity : remove) {
for (ProtocolMapperEntity entity : remove) {
entities.remove(entity);
}
em.flush();

45
model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
View file

@ -8,7 +8,7 @@ import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.ProtocolClaimMappingModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredCredentialModel;
import org.keycloak.models.RoleModel;
@ -17,7 +17,7 @@ import org.keycloak.models.jpa.entities.ApplicationEntity;
import org.keycloak.models.jpa.entities.ClaimTypeEntity;
import org.keycloak.models.jpa.entities.IdentityProviderEntity;
import org.keycloak.models.jpa.entities.OAuthClientEntity;
import org.keycloak.models.jpa.entities.ProtocolClaimMappingEntity;
import org.keycloak.models.jpa.entities.ProtocolMapperEntity;
import org.keycloak.models.jpa.entities.RealmAttributeEntity;
import org.keycloak.models.jpa.entities.RealmEntity;
import org.keycloak.models.jpa.entities.RequiredCredentialEntity;
@ -1257,45 +1257,48 @@ public class RealmAdapter implements RealmModel {
}
@Override
public Set<ProtocolClaimMappingModel> getProtocolClaimMappings() {
Set<ProtocolClaimMappingModel> mappings = new HashSet<ProtocolClaimMappingModel>();
for (ProtocolClaimMappingEntity entity : realm.getProtocolClaimMappings()) {
ProtocolClaimMappingModel mapping = new ProtocolClaimMappingModel();
public Set<ProtocolMapperModel> getProtocolMappers() {
Set<ProtocolMapperModel> mappings = new HashSet<ProtocolMapperModel>();
for (ProtocolMapperEntity entity : realm.getProtocolClaimMappings()) {
ProtocolMapperModel mapping = new ProtocolMapperModel();
mapping.setId(entity.getId());
mapping.setProtocol(entity.getProtocol());
mapping.setProtocolClaim(entity.getProtocolClaim());
mapping.setAppliedByDefault(entity.isAppliedByDefault());
mapping.setSource(ProtocolClaimMappingModel.Source.valueOf(entity.getSource()));
mapping.setSource(ProtocolMapperModel.Source.valueOf(entity.getSource()));
mapping.setSourceAttribute(entity.getSourceAttribute());
mapping.setProtocolMapper(entity.getProtocolMapper());
mappings.add(mapping);
}
return mappings;
}
@Override
public ProtocolClaimMappingModel addProtocolClaimMapping(ProtocolClaimMappingModel model) {
public ProtocolMapperModel addProtocolMapper(ProtocolMapperModel model) {
String id = model.getId() == null ? KeycloakModelUtils.generateId() : model.getId();
ProtocolClaimMappingEntity entity = new ProtocolClaimMappingEntity();
ProtocolMapperEntity entity = new ProtocolMapperEntity();
entity.setId(id);
entity.setSourceAttribute(model.getSourceAttribute());
entity.setProtocol(model.getProtocol());
entity.setProtocolClaim(model.getProtocolClaim());
entity.setSource(model.getSource().name());
entity.setProtocolMapper(model.getProtocolMapper());
entity.setAppliedByDefault(model.isAppliedByDefault());
entity.setRealm(realm);
em.persist(entity);
ProtocolClaimMappingModel mapping = new ProtocolClaimMappingModel();
ProtocolMapperModel mapping = new ProtocolMapperModel();
mapping.setId(entity.getId());
mapping.setProtocol(entity.getProtocol());
mapping.setProtocolMapper(entity.getProtocolMapper());
mapping.setProtocolClaim(entity.getProtocolClaim());
mapping.setAppliedByDefault(entity.isAppliedByDefault());
mapping.setSource(ProtocolClaimMappingModel.Source.valueOf(entity.getSource()));
mapping.setSource(ProtocolMapperModel.Source.valueOf(entity.getSource()));
mapping.setSourceAttribute(entity.getSourceAttribute());
return mapping;
}
protected ProtocolClaimMappingEntity getProtocolClaimMapping(String id) {
for (ProtocolClaimMappingEntity entity : realm.getProtocolClaimMappings()) {
protected ProtocolMapperEntity getProtocolClaimMapping(String id) {
for (ProtocolMapperEntity entity : realm.getProtocolClaimMappings()) {
if (entity.getId().equals(id)) {
return entity;
}
@ -1305,8 +1308,8 @@ public class RealmAdapter implements RealmModel {
}
@Override
public void removeProtocolClaimMapping(ProtocolClaimMappingModel mapping) {
ProtocolClaimMappingEntity toDelete = getProtocolClaimMapping(mapping.getId());
public void removeProtocolMapper(ProtocolMapperModel mapping) {
ProtocolMapperEntity toDelete = getProtocolClaimMapping(mapping.getId());
if (toDelete != null) {
realm.getProtocolClaimMappings().remove(toDelete);
em.remove(toDelete);
@ -1315,8 +1318,8 @@ public class RealmAdapter implements RealmModel {
}
@Override
public void updateProtocolClaimMapping(ProtocolClaimMappingModel mapping) {
ProtocolClaimMappingEntity entity = getProtocolClaimMapping(mapping.getId());
public void updateProtocolMapper(ProtocolMapperModel mapping) {
ProtocolMapperEntity entity = getProtocolClaimMapping(mapping.getId());
entity.setProtocol(mapping.getProtocol());
entity.setProtocolClaim(mapping.getProtocolClaim());
entity.setAppliedByDefault(mapping.isAppliedByDefault());
@ -1327,15 +1330,15 @@ public class RealmAdapter implements RealmModel {
}
@Override
public ProtocolClaimMappingModel getProtocolClaimMappingById(String id) {
ProtocolClaimMappingEntity entity = getProtocolClaimMapping(id);
public ProtocolMapperModel getProtocolMapperById(String id) {
ProtocolMapperEntity entity = getProtocolClaimMapping(id);
if (entity == null) return null;
ProtocolClaimMappingModel mapping = new ProtocolClaimMappingModel();
ProtocolMapperModel mapping = new ProtocolMapperModel();
mapping.setId(entity.getId());
mapping.setProtocol(entity.getProtocol());
mapping.setProtocolClaim(entity.getProtocolClaim());
mapping.setAppliedByDefault(entity.isAppliedByDefault());
mapping.setSource(ProtocolClaimMappingModel.Source.valueOf(entity.getSource()));
mapping.setSource(ProtocolMapperModel.Source.valueOf(entity.getSource()));
mapping.setSourceAttribute(entity.getSourceAttribute());
return mapping;
}

12
model/jpa/src/main/java/org/keycloak/models/jpa/entities/ClientEntity.java
View file

@ -78,8 +78,8 @@ public abstract class ClientEntity {
Collection<IdentityProviderEntity> allowedIdentityProviders = new ArrayList<IdentityProviderEntity>();
@OneToMany(cascade ={CascadeType.REMOVE})
@JoinTable(name="CLIENT_PROTOCOL_CLAIM_MAPPING", joinColumns = { @JoinColumn(name="CLIENT_ID")}, inverseJoinColumns = { @JoinColumn(name="MAPPING_ID")})
Collection<ProtocolClaimMappingEntity> protocolClaimMappings = new ArrayList<ProtocolClaimMappingEntity>();
@JoinTable(name="CLIENT_PROTOCOL_MAPPER", joinColumns = { @JoinColumn(name="CLIENT_ID")}, inverseJoinColumns = { @JoinColumn(name="MAPPING_ID")})
Collection<ProtocolMapperEntity> protocolMappers = new ArrayList<ProtocolMapperEntity>();
public RealmEntity getRealm() {
return realm;
@ -201,11 +201,11 @@ public abstract class ClientEntity {
this.allowedIdentityProviders = allowedIdentityProviders;
}
public Collection<ProtocolClaimMappingEntity> getProtocolClaimMappings() {
return protocolClaimMappings;
public Collection<ProtocolMapperEntity> getProtocolMappers() {
return protocolMappers;
}
public void setProtocolClaimMappings(Collection<ProtocolClaimMappingEntity> protocolClaimMappings) {
this.protocolClaimMappings = protocolClaimMappings;
public void setProtocolMappers(Collection<ProtocolMapperEntity> protocolMappers) {
this.protocolMappers = protocolMappers;
}
}

18
model/jpa/src/main/java/org/keycloak/models/jpa/entities/ProtocolClaimMappingEntity.java → model/jpa/src/main/java/org/keycloak/models/jpa/entities/ProtocolMapperEntity.java
View file

@ -16,10 +16,10 @@ import javax.persistence.Table;
*/
@Entity
@NamedQueries({
@NamedQuery(name="deleteProtocolClaimMappingsByRealm", query="delete from ProtocolClaimMappingEntity attr where attr.realm = :realm")
@NamedQuery(name="deleteProtocolClaimMappersByRealm", query="delete from ProtocolMapperEntity attr where attr.realm = :realm")
})
@Table(name="PROTOCOL_CLAIM_MAPPING")
public class ProtocolClaimMappingEntity {
@Table(name="PROTOCOL_MAPPER")
public class ProtocolMapperEntity {
@Id
@Column(name="ID", length = 36)
@ -33,6 +33,8 @@ public class ProtocolClaimMappingEntity {
protected String source;
@Column(name = "SOURCE_ATTRIBUTE")
protected String sourceAttribute;
@Column(name = "PROTOCOL_MAPPER_NAME")
protected String protocolMapper;
@Column(name = "APPLIED_BY_DEFAULT")
protected boolean appliedByDefault;
@ -80,6 +82,14 @@ public class ProtocolClaimMappingEntity {
this.sourceAttribute = sourceAttribute;
}
public String getProtocolMapper() {
return protocolMapper;
}
public void setProtocolMapper(String protocolMapper) {
this.protocolMapper = protocolMapper;
}
public boolean isAppliedByDefault() {
return appliedByDefault;
}
@ -101,7 +111,7 @@ public class ProtocolClaimMappingEntity {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
ProtocolClaimMappingEntity that = (ProtocolClaimMappingEntity) o;
ProtocolMapperEntity that = (ProtocolMapperEntity) o;
if (!id.equals(that.id)) return false;

6
model/jpa/src/main/java/org/keycloak/models/jpa/entities/RealmEntity.java
View file

@ -96,7 +96,7 @@ public class RealmEntity {
Collection<ClaimTypeEntity> claimTypes = new ArrayList<ClaimTypeEntity>();
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm")
Collection<ProtocolClaimMappingEntity> protocolClaimMappings = new ArrayList<ProtocolClaimMappingEntity>();
Collection<ProtocolMapperEntity> protocolClaimMappings = new ArrayList<ProtocolMapperEntity>();
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm")
Collection<RequiredCredentialEntity> requiredCredentials = new ArrayList<RequiredCredentialEntity>();
@ -447,11 +447,11 @@ public class RealmEntity {
this.claimTypes = claimTypes;
}
public Collection<ProtocolClaimMappingEntity> getProtocolClaimMappings() {
public Collection<ProtocolMapperEntity> getProtocolClaimMappings() {
return protocolClaimMappings;
}
public void setProtocolClaimMappings(Collection<ProtocolClaimMappingEntity> protocolClaimMappings) {
public void setProtocolClaimMappings(Collection<ProtocolMapperEntity> protocolClaimMappings) {
this.protocolClaimMappings = protocolClaimMappings;
}
}

12
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ClientAdapter.java
View file

@ -4,7 +4,7 @@ import org.keycloak.connections.mongo.api.MongoIdentifiableEntity;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolClaimMappingModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.RoleModel;
@ -293,24 +293,24 @@ public abstract class ClientAdapter<T extends MongoIdentifiableEntity> extends A
}
@Override
public Set<ProtocolClaimMappingModel> getProtocolClaimMappings() {
Set<ProtocolClaimMappingModel> result = new HashSet<ProtocolClaimMappingModel>();
public Set<ProtocolMapperModel> getProtocolMappers() {
Set<ProtocolMapperModel> result = new HashSet<ProtocolMapperModel>();
for (String id : getMongoEntityAsClient().getProtocolClaimMappings()) {
ProtocolClaimMappingModel model = getRealm().getProtocolClaimMappingById(id);
ProtocolMapperModel model = getRealm().getProtocolMapperById(id);
if (model != null) result.add(model);
}
return result;
}
@Override
public void addProtocolClaimMappings(Set<String> mappingIds) {
public void addProtocolMappers(Set<String> mappingIds) {
getMongoEntityAsClient().getProtocolClaimMappings().addAll(mappingIds);
updateMongoEntity();
}
@Override
public void removeProtocolClaimMappings(Set<String> mappingIds) {
public void removeProtocolMappers(Set<String> mappingIds) {
getMongoEntityAsClient().getProtocolClaimMappings().removeAll(mappingIds);
updateMongoEntity();
}

40
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
View file

@ -11,7 +11,7 @@ import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OAuthClientModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.ProtocolClaimMappingModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RealmProvider;
import org.keycloak.models.RequiredCredentialModel;
@ -19,7 +19,7 @@ import org.keycloak.models.RoleModel;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.entities.ClaimTypeEntity;
import org.keycloak.models.entities.IdentityProviderEntity;
import org.keycloak.models.entities.ProtocolClaimMappingEntity;
import org.keycloak.models.entities.ProtocolMapperEntity;
import org.keycloak.models.entities.RequiredCredentialEntity;
import org.keycloak.models.entities.UserFederationProviderEntity;
import org.keycloak.models.mongo.keycloak.entities.MongoApplicationEntity;
@ -787,10 +787,10 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
}
@Override
public Set<ProtocolClaimMappingModel> getProtocolClaimMappings() {
Set<ProtocolClaimMappingModel> result = new HashSet<ProtocolClaimMappingModel>();
for (ProtocolClaimMappingEntity entity : realm.getClaimMappings()) {
ProtocolClaimMappingModel mapping = new ProtocolClaimMappingModel();
public Set<ProtocolMapperModel> getProtocolMappers() {
Set<ProtocolMapperModel> result = new HashSet<ProtocolMapperModel>();
for (ProtocolMapperEntity entity : realm.getClaimMappings()) {
ProtocolMapperModel mapping = new ProtocolMapperModel();
mapping.setId(entity.getId());
mapping.setProtocolClaim(entity.getProtocolClaim());
mapping.setProtocol(entity.getProtocol());
@ -802,8 +802,8 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
}
@Override
public ProtocolClaimMappingModel addProtocolClaimMapping(ProtocolClaimMappingModel model) {
ProtocolClaimMappingEntity entity = new ProtocolClaimMappingEntity();
public ProtocolMapperModel addProtocolMapper(ProtocolMapperModel model) {
ProtocolMapperEntity entity = new ProtocolMapperEntity();
if (model.getId() != null) entity.setId(model.getId());
else entity.setId(KeycloakModelUtils.generateId());
entity.setSourceAttribute(model.getSourceAttribute());
@ -811,21 +811,23 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
entity.setProtocolClaim(model.getProtocolClaim());
entity.setSource(model.getSource());
entity.setAppliedByDefault(model.isAppliedByDefault());
entity.setProtocolMapper(model.getProtocolMapper());
realm.getClaimMappings().add(entity);
updateRealm();
ProtocolClaimMappingModel mapping = new ProtocolClaimMappingModel();
ProtocolMapperModel mapping = new ProtocolMapperModel();
mapping.setId(entity.getId());
mapping.setProtocol(entity.getProtocol());
mapping.setProtocolClaim(entity.getProtocolClaim());
mapping.setAppliedByDefault(entity.isAppliedByDefault());
mapping.setSource(entity.getSource());
mapping.setSourceAttribute(entity.getSourceAttribute());
mapping.setProtocolMapper(entity.getProtocolMapper());
return mapping;
}
@Override
public void removeProtocolClaimMapping(ProtocolClaimMappingModel mapping) {
for (ProtocolClaimMappingEntity entity : realm.getClaimMappings()) {
public void removeProtocolMapper(ProtocolMapperModel mapping) {
for (ProtocolMapperEntity entity : realm.getClaimMappings()) {
if (entity.getId().equals(mapping.getId())) {
realm.getClaimMappings().remove(entity);
updateRealm();
@ -835,8 +837,8 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
}
protected ProtocolClaimMappingEntity getProtocolClaimMapping(String id) {
for (ProtocolClaimMappingEntity entity : realm.getClaimMappings()) {
protected ProtocolMapperEntity getProtocolClaimMapping(String id) {
for (ProtocolMapperEntity entity : realm.getClaimMappings()) {
if (entity.getId().equals(id)) {
return entity;
}
@ -847,28 +849,30 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
@Override
public void updateProtocolClaimMapping(ProtocolClaimMappingModel mapping) {
ProtocolClaimMappingEntity entity = getProtocolClaimMapping(mapping.getId());
public void updateProtocolMapper(ProtocolMapperModel mapping) {
ProtocolMapperEntity entity = getProtocolClaimMapping(mapping.getId());
entity.setProtocol(mapping.getProtocol());
entity.setProtocolClaim(mapping.getProtocolClaim());
entity.setAppliedByDefault(mapping.isAppliedByDefault());
entity.setSource(mapping.getSource());
entity.setSourceAttribute(mapping.getSourceAttribute());
entity.setProtocolMapper(mapping.getProtocolMapper());
updateRealm();
}
@Override
public ProtocolClaimMappingModel getProtocolClaimMappingById(String id) {
ProtocolClaimMappingEntity entity = getProtocolClaimMapping(id);
public ProtocolMapperModel getProtocolMapperById(String id) {
ProtocolMapperEntity entity = getProtocolClaimMapping(id);
if (entity == null) return null;
ProtocolClaimMappingModel mapping = new ProtocolClaimMappingModel();
ProtocolMapperModel mapping = new ProtocolMapperModel();
mapping.setId(entity.getId());
mapping.setProtocol(entity.getProtocol());
mapping.setProtocolClaim(entity.getProtocolClaim());
mapping.setAppliedByDefault(entity.isAppliedByDefault());
mapping.setSource(entity.getSource());
mapping.setSourceAttribute(entity.getSourceAttribute());
mapping.setProtocolMapper(entity.getProtocolMapper());
return mapping;
}

7
saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
View file

@ -17,10 +17,9 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.services.resources.RealmsResource;
import org.keycloak.services.resources.flows.Flows;
import org.keycloak.util.StreamUtil;
@ -215,7 +214,7 @@ public class SamlService {
String redirect = null;
URI redirectUri = requestAbstractType.getAssertionConsumerServiceURL();
if (redirectUri != null && !"null".equals(redirectUri)) { // "null" is for testing purposes
redirect = OpenIDConnectService.verifyRedirectUri(uriInfo, redirectUri.toString(), realm, client);
redirect = OIDCLoginProtocolService.verifyRedirectUri(uriInfo, redirectUri.toString(), realm, client);
} else {
if (bindingType.equals(SamlProtocol.SAML_POST_BINDING)) {
redirect = client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE);
@ -339,7 +338,7 @@ public class SamlService {
}
if (redirectUri != null) {
redirectUri = OpenIDConnectService.verifyRedirectUri(uriInfo, redirectUri, realm, client);
redirectUri = OIDCLoginProtocolService.verifyRedirectUri(uriInfo, redirectUri, realm, client);
if (redirectUri == null) {
return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid redirect uri.");
}

3
services/src/main/java/org/keycloak/protocol/LoginProtocol.java
View file

@ -1,12 +1,9 @@
package org.keycloak.protocol;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.ClientConnection;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.oidc.OpenIDConnect;
import org.keycloak.provider.Provider;
import org.keycloak.services.managers.ClientSessionCode;

4
services/src/main/java/org/keycloak/protocol/LoginProtocolFactory.java
View file

@ -1,14 +1,18 @@
package org.keycloak.protocol;
import org.keycloak.events.EventBuilder;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.services.managers.AuthenticationManager;
import java.util.List;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface LoginProtocolFactory extends ProviderFactory<LoginProtocol> {
//List<ProtocolMapperModel> getDefaultProtocolMappers();
Object createProtocolEndpoint(RealmModel realm, EventBuilder event, AuthenticationManager authManager);
}

13
services/src/main/java/org/keycloak/protocol/ProtocolMapper.java Executable file
View file

@ -0,0 +1,13 @@
package org.keycloak.protocol;
import org.keycloak.provider.Provider;
import org.keycloak.provider.ProviderFactory;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface ProtocolMapper extends Provider, ProviderFactory<ProtocolMapper> {
String getProtocol();
String getDisplayType();
}

27
services/src/main/java/org/keycloak/protocol/ProtocolMapperSpi.java Executable file
View file

@ -0,0 +1,27 @@
package org.keycloak.protocol;
import org.keycloak.provider.Provider;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.provider.Spi;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class ProtocolMapperSpi implements Spi {
@Override
public String getName() {
return "protocol-mapper";
}
@Override
public Class<? extends Provider> getProviderClass() {
return ProtocolMapper.class;
}
@Override
public Class<? extends ProviderFactory> getProviderFactoryClass() {
return ProtocolMapper.class;
}
}

33
services/src/main/java/org/keycloak/protocol/oidc/AbstractOIDCProtocolMapper.java Executable file
View file

@ -0,0 +1,33 @@
package org.keycloak.protocol.oidc;
import org.keycloak.Config;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.ProtocolMapper;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public abstract class AbstractOIDCProtocolMapper implements ProtocolMapper {
@Override
public String getProtocol() {
return OIDCLoginProtocol.LOGIN_PROTOCOL;
}
@Override
public void close() {
}
@Override
public final ProtocolMapper create(KeycloakSession session) {
throw new RuntimeException("UNSUPPORTED METHOD");
}
@Override
public void init(Config.Scope config) {
}
}

17
services/src/main/java/org/keycloak/protocol/oidc/OIDCAccessTokenTransformer.java Executable file
View file

@ -0,0 +1,17 @@
package org.keycloak.protocol.oidc;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.representations.AccessToken;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface OIDCAccessTokenTransformer {
AccessToken transformToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
UserSessionModel userSession, ClientSessionModel clientSession);
}

84
services/src/main/java/org/keycloak/protocol/oidc/OIDCAttributeToTokenMapper.java Executable file
View file

@ -0,0 +1,84 @@
package org.keycloak.protocol.oidc;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.representations.AccessToken;
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Map;
/**
* Mappings user data to an ID Token claim. Source can be from UserModel.getAttributes(), a get method on UserModel, UserSession.getNote
* or ClientSession.getNote. Claim can be a full qualified nested object name, i.e. "address.country". This will create a nested
* json object within the toke claim.
*
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class OIDCAttributeToTokenMapper extends AbstractOIDCProtocolMapper implements OIDCAccessTokenTransformer {
@Override
public String getId() {
return "oidc-attribute-claim-mapper";
}
@Override
public String getDisplayType() {
return "Attribute Claim Mapper";
}
@Override
public AccessToken transformToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session,
UserSessionModel userSession, ClientSessionModel clientSession) {
String attributeValue = null;
UserModel user = userSession.getUser();
switch (mappingModel.getSource()) {
case USER_ATTRIBUTE:
attributeValue = user.getAttribute(mappingModel.getSourceAttribute());
break;
case USER_SESSION_NOTE:
attributeValue = userSession.getNote(mappingModel.getSourceAttribute());
break;
case CLIENT_SESSION_NOTE:
attributeValue = clientSession.getNote(mappingModel.getSourceAttribute());
break;
case USER_MODEL:
attributeValue = getUserModelValue(user, mappingModel);
break;
}
if (attributeValue == null) return token;
String[] split = mappingModel.getProtocolClaim().split(".");
Map<String, Object> jsonObject = token.getOtherClaims();
for (int i = 0; i < split.length; i++) {
if (i == split.length - 1) {
jsonObject.put(split[i], attributeValue);
} else {
Map<String, Object> nested = (Map<String, Object>)jsonObject.get(split[i]);
if (nested == null) {
nested = new HashMap<String, Object>();
jsonObject.put(split[i], nested);
jsonObject = nested;
}
}
}
return token;
}
protected String getUserModelValue(UserModel user, ProtocolMapperModel model) {
String sourceAttribute = model.getSourceAttribute();
if (sourceAttribute == null) return null;
String methodName = "get" + Character.toUpperCase(sourceAttribute.charAt(0)) + sourceAttribute.substring(1);
try {
Method method = UserModel.class.getMethod(methodName);
Object val = method.invoke(user);
if (val != null) return val.toString();
} catch (Exception ignore) {
}
return null;
}
}

22
services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnect.java → services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocol.java
View file

@ -41,7 +41,7 @@ import javax.ws.rs.core.UriInfo;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class OpenIDConnect implements LoginProtocol {
public class OIDCLoginProtocol implements LoginProtocol {
public static final String LOGIN_PROTOCOL = "openid-connect";
public static final String STATE_PARAM = "state";
@ -51,7 +51,7 @@ public class OpenIDConnect implements LoginProtocol {
public static final String CLIENT_ID_PARAM = "client_id";
public static final String PROMPT_PARAM = "prompt";
public static final String LOGIN_HINT_PARAM = "login_hint";
private static final Logger log = Logger.getLogger(OpenIDConnect.class);
private static final Logger log = Logger.getLogger(OIDCLoginProtocol.class);
protected KeycloakSession session;
@ -59,29 +59,29 @@ public class OpenIDConnect implements LoginProtocol {
protected UriInfo uriInfo;
public OpenIDConnect(KeycloakSession session, RealmModel realm, UriInfo uriInfo) {
public OIDCLoginProtocol(KeycloakSession session, RealmModel realm, UriInfo uriInfo) {
this.session = session;
this.realm = realm;
this.uriInfo = uriInfo;
}
public OpenIDConnect() {
public OIDCLoginProtocol() {
}
@Override
public OpenIDConnect setSession(KeycloakSession session) {
public OIDCLoginProtocol setSession(KeycloakSession session) {
this.session = session;
return this;
}
@Override
public OpenIDConnect setRealm(RealmModel realm) {
public OIDCLoginProtocol setRealm(RealmModel realm) {
this.realm = realm;
return this;
}
@Override
public OpenIDConnect setUriInfo(UriInfo uriInfo) {
public OIDCLoginProtocol setUriInfo(UriInfo uriInfo) {
this.uriInfo = uriInfo;
return this;
}
@ -89,7 +89,7 @@ public class OpenIDConnect implements LoginProtocol {
@Override
public Response cancelLogin(ClientSessionModel clientSession) {
String redirect = clientSession.getRedirectUri();
String state = clientSession.getNote(OpenIDConnect.STATE_PARAM);
String state = clientSession.getNote(OIDCLoginProtocol.STATE_PARAM);
UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam(OAuth2Constants.ERROR, "access_denied");
if (state != null) {
redirectUri.queryParam(OAuth2Constants.STATE, state);
@ -101,7 +101,7 @@ public class OpenIDConnect implements LoginProtocol {
public Response authenticated(UserSessionModel userSession, ClientSessionCode accessCode) {
ClientSessionModel clientSession = accessCode.getClientSession();
String redirect = clientSession.getRedirectUri();
String state = clientSession.getNote(OpenIDConnect.STATE_PARAM);
String state = clientSession.getNote(OIDCLoginProtocol.STATE_PARAM);
accessCode.setAction(ClientSessionModel.Action.CODE_TO_TOKEN);
UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam(OAuth2Constants.CODE, accessCode.getCode());
log.debugv("redirectAccessCode: state: {0}", state);
@ -114,7 +114,7 @@ public class OpenIDConnect implements LoginProtocol {
public Response consentDenied(ClientSessionModel clientSession) {
String redirect = clientSession.getRedirectUri();
String state = clientSession.getNote(OpenIDConnect.STATE_PARAM);
String state = clientSession.getNote(OIDCLoginProtocol.STATE_PARAM);
UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam(OAuth2Constants.ERROR, "access_denied");
if (state != null)
redirectUri.queryParam(OAuth2Constants.STATE, state);
@ -125,7 +125,7 @@ public class OpenIDConnect implements LoginProtocol {
public Response invalidSessionError(ClientSessionModel clientSession) {
String redirect = clientSession.getRedirectUri();
String state = clientSession.getNote(OpenIDConnect.STATE_PARAM);
String state = clientSession.getNote(OIDCLoginProtocol.STATE_PARAM);
UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam(OAuth2Constants.ERROR, "access_denied");
if (state != null) {
redirectUri.queryParam(OAuth2Constants.STATE, state);

6
services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectFactory.java → services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolFactory.java
View file

@ -12,10 +12,10 @@ import org.keycloak.services.managers.AuthenticationManager;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class OpenIDConnectFactory implements LoginProtocolFactory {
public class OIDCLoginProtocolFactory implements LoginProtocolFactory {
@Override
public LoginProtocol create(KeycloakSession session) {
return new OpenIDConnect().setSession(session);
return new OIDCLoginProtocol().setSession(session);
}
@Override
@ -25,7 +25,7 @@ public class OpenIDConnectFactory implements LoginProtocolFactory {
@Override
public Object createProtocolEndpoint(RealmModel realm, EventBuilder event, AuthenticationManager authManager) {
return new OpenIDConnectService(realm, event, authManager);
return new OIDCLoginProtocolService(realm, event, authManager);
}
@Override

74
services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java → services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java
View file

@ -84,9 +84,9 @@ import static org.keycloak.constants.AdapterConstants.K_IDP_HINT;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class OpenIDConnectService {
public class OIDCLoginProtocolService {
protected static final Logger logger = Logger.getLogger(OpenIDConnectService.class);
protected static final Logger logger = Logger.getLogger(OIDCLoginProtocolService.class);
protected RealmModel realm;
protected TokenManager tokenManager;
@ -115,7 +115,7 @@ public class OpenIDConnectService {
protected ResourceContext resourceContext;
*/
public OpenIDConnectService(RealmModel realm, EventBuilder event, AuthenticationManager authManager) {
public OIDCLoginProtocolService(RealmModel realm, EventBuilder event, AuthenticationManager authManager) {
this.realm = realm;
this.tokenManager = new TokenManager();
this.event = event;
@ -128,7 +128,7 @@ public class OpenIDConnectService {
}
public static UriBuilder tokenServiceBaseUrl(UriBuilder baseUriBuilder) {
return baseUriBuilder.path(RealmsResource.class).path("{realm}/protocol/" + OpenIDConnect.LOGIN_PROTOCOL);
return baseUriBuilder.path(RealmsResource.class).path("{realm}/protocol/" + OIDCLoginProtocol.LOGIN_PROTOCOL);
}
public static UriBuilder accessCodeToTokenUrl(UriInfo uriInfo) {
@ -139,12 +139,12 @@ public class OpenIDConnectService {
public static UriBuilder accessCodeToTokenUrl(UriBuilder baseUriBuilder) {
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
return uriBuilder.path(OpenIDConnectService.class, "accessCodeToToken");
return uriBuilder.path(OIDCLoginProtocolService.class, "accessCodeToToken");
}
public static UriBuilder validateAccessTokenUrl(UriBuilder baseUriBuilder) {
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
return uriBuilder.path(OpenIDConnectService.class, "validateAccessToken");
return uriBuilder.path(OIDCLoginProtocolService.class, "validateAccessToken");
}
public static UriBuilder grantAccessTokenUrl(UriInfo uriInfo) {
@ -155,7 +155,7 @@ public class OpenIDConnectService {
public static UriBuilder grantAccessTokenUrl(UriBuilder baseUriBuilder) {
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
return uriBuilder.path(OpenIDConnectService.class, "grantAccessToken");
return uriBuilder.path(OIDCLoginProtocolService.class, "grantAccessToken");
}
public static UriBuilder loginPageUrl(UriInfo uriInfo) {
@ -165,7 +165,7 @@ public class OpenIDConnectService {
public static UriBuilder loginPageUrl(UriBuilder baseUriBuilder) {
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
return uriBuilder.path(OpenIDConnectService.class, "loginPage");
return uriBuilder.path(OIDCLoginProtocolService.class, "loginPage");
}
public static UriBuilder logoutUrl(UriInfo uriInfo) {
@ -175,12 +175,12 @@ public class OpenIDConnectService {
public static UriBuilder logoutUrl(UriBuilder baseUriBuilder) {
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
return uriBuilder.path(OpenIDConnectService.class, "logout");
return uriBuilder.path(OIDCLoginProtocolService.class, "logout");
}
public static UriBuilder refreshUrl(UriBuilder baseUriBuilder) {
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
return uriBuilder.path(OpenIDConnectService.class, "refreshAccessToken");
return uriBuilder.path(OIDCLoginProtocolService.class, "refreshAccessToken");
}
/**
@ -201,7 +201,7 @@ public class OpenIDConnectService {
ClientModel client = realm.findClient(client_id);
if (client == null) {
throw new NotFoundException("could not find client: " + client_id);
throw new NotFoundException("could not find client");
}
InputStream is = getClass().getClassLoader().getResourceAsStream("login-status-iframe.html");
@ -215,7 +215,7 @@ public class OpenIDConnectService {
}
}
for (String r : OpenIDConnectService.resolveValidRedirects(uriInfo, client.getRedirectUris())) {
for (String r : OIDCLoginProtocolService.resolveValidRedirects(uriInfo, client.getRedirectUris())) {
int i = r.indexOf('/', 8);
if (i != -1) {
r = r.substring(0, i);
@ -334,12 +334,12 @@ public class OpenIDConnectService {
event.session(userSession);
ClientSessionModel clientSession = sessions.createClientSession(realm, client);
clientSession.setAuthMethod(OpenIDConnect.LOGIN_PROTOCOL);
clientSession.setAuthMethod(OIDCLoginProtocol.LOGIN_PROTOCOL);
TokenManager.attachClientSession(userSession, clientSession);
AccessTokenResponse res = tokenManager.responseBuilder(realm, client, event)
.generateAccessToken(scope, client, user, userSession)
.generateAccessToken(scope, client, user, userSession, clientSession)
.generateRefreshToken()
.generateIDToken()
.build();
@ -608,7 +608,7 @@ public class OpenIDConnectService {
ClientModel client = authorizeClient(authorizationHeader, formData, event);
String redirectUri = clientSession.getNote(OpenIDConnect.REDIRECT_URI_PARAM);
String redirectUri = clientSession.getNote(OIDCLoginProtocol.REDIRECT_URI_PARAM);
if (redirectUri != null && !redirectUri.equals(formData.getFirst(OAuth2Constants.REDIRECT_URI))) {
Map<String, String> res = new HashMap<String, String>();
res.put(OAuth2Constants.ERROR, "invalid_grant");
@ -667,7 +667,7 @@ public class OpenIDConnectService {
clientSession.setNote(AdapterConstants.APPLICATION_SESSION_HOST, adapterSessionHost);
}
AccessToken token = tokenManager.createClientAccessToken(accessCode.getRequestedRoles(), realm, client, user, userSession);
AccessToken token = tokenManager.createClientAccessToken(accessCode.getRequestedRoles(), realm, client, user, userSession, clientSession);
try {
tokenManager.verifyAccess(token, realm, client, user);
@ -817,16 +817,16 @@ public class OpenIDConnectService {
return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid redirect_uri.");
}
clientSession = session.sessions().createClientSession(realm, client);
clientSession.setAuthMethod(OpenIDConnect.LOGIN_PROTOCOL);
clientSession.setAuthMethod(OIDCLoginProtocol.LOGIN_PROTOCOL);
clientSession.setRedirectUri(redirect);
clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE);
clientSession.setNote(ClientSessionCode.ACTION_KEY, KeycloakModelUtils.generateCodeSecret());
clientSession.setNote(OpenIDConnect.STATE_PARAM, state);
clientSession.setNote(OpenIDConnect.REDIRECT_URI_PARAM, redirectUriParam);
if (scopeParam != null) clientSession.setNote(OpenIDConnect.SCOPE_PARAM, scopeParam);
if (responseType != null) clientSession.setNote(OpenIDConnect.RESPONSE_TYPE_PARAM, responseType);
if (loginHint != null) clientSession.setNote(OpenIDConnect.LOGIN_HINT_PARAM, loginHint);
if (prompt != null) clientSession.setNote(OpenIDConnect.PROMPT_PARAM, prompt);
clientSession.setNote(OIDCLoginProtocol.STATE_PARAM, state);
clientSession.setNote(OIDCLoginProtocol.REDIRECT_URI_PARAM, redirectUriParam);
if (scopeParam != null) clientSession.setNote(OIDCLoginProtocol.SCOPE_PARAM, scopeParam);
if (responseType != null) clientSession.setNote(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, responseType);
if (loginHint != null) clientSession.setNote(OIDCLoginProtocol.LOGIN_HINT_PARAM, loginHint);
if (prompt != null) clientSession.setNote(OIDCLoginProtocol.PROMPT_PARAM, prompt);
return null;
}
}
@ -847,13 +847,13 @@ public class OpenIDConnectService {
*/
@Path("login")
@GET
public Response loginPage(@QueryParam(OpenIDConnect.RESPONSE_TYPE_PARAM) String responseType,
@QueryParam(OpenIDConnect.REDIRECT_URI_PARAM) String redirect,
@QueryParam(OpenIDConnect.CLIENT_ID_PARAM) String clientId,
@QueryParam(OpenIDConnect.SCOPE_PARAM) String scopeParam,
@QueryParam(OpenIDConnect.STATE_PARAM) String state,
@QueryParam(OpenIDConnect.PROMPT_PARAM) String prompt,
@QueryParam(OpenIDConnect.LOGIN_HINT_PARAM) String loginHint,
public Response loginPage(@QueryParam(OIDCLoginProtocol.RESPONSE_TYPE_PARAM) String responseType,
@QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String redirect,
@QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String clientId,
@QueryParam(OIDCLoginProtocol.SCOPE_PARAM) String scopeParam,
@QueryParam(OIDCLoginProtocol.STATE_PARAM) String state,
@QueryParam(OIDCLoginProtocol.PROMPT_PARAM) String prompt,
@QueryParam(OIDCLoginProtocol.LOGIN_HINT_PARAM) String loginHint,
@QueryParam(K_IDP_HINT) String idpHint) {
event.event(EventType.LOGIN);
FrontPageInitializer pageInitializer = new FrontPageInitializer();
@ -884,7 +884,7 @@ public class OpenIDConnectService {
if (response != null) return response;
if (prompt != null && prompt.equals("none")) {
OpenIDConnect oauth = new OpenIDConnect(session, realm, uriInfo);
OIDCLoginProtocol oauth = new OIDCLoginProtocol(session, realm, uriInfo);
return oauth.cancelLogin(clientSession);
}
@ -941,11 +941,11 @@ public class OpenIDConnectService {
*/
@Path("registrations")
@GET
public Response registerPage(@QueryParam(OpenIDConnect.RESPONSE_TYPE_PARAM) String responseType,
@QueryParam(OpenIDConnect.REDIRECT_URI_PARAM) String redirect,
@QueryParam(OpenIDConnect.CLIENT_ID_PARAM) String clientId,
@QueryParam(OpenIDConnect.SCOPE_PARAM) String scopeParam,
@QueryParam(OpenIDConnect.STATE_PARAM) String state) {
public Response registerPage(@QueryParam(OIDCLoginProtocol.RESPONSE_TYPE_PARAM) String responseType,
@QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String redirect,
@QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String clientId,
@QueryParam(OIDCLoginProtocol.SCOPE_PARAM) String scopeParam,
@QueryParam(OIDCLoginProtocol.STATE_PARAM) String state) {
event.event(EventType.REGISTER);
if (!realm.isRegistrationAllowed()) {
event.error(Errors.REGISTRATION_DISABLED);
@ -979,7 +979,7 @@ public class OpenIDConnectService {
@Path("logout")
@GET
@NoCache
public Response logout(final @QueryParam(OpenIDConnect.REDIRECT_URI_PARAM) String redirectUri) {
public Response logout(final @QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String redirectUri) {
event.event(EventType.LOGOUT);
if (redirectUri != null) {
event.detail(Details.REDIRECT_URI, redirectUri);

53
services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
View file

@ -13,6 +13,7 @@ import org.keycloak.models.ClaimMask;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
@ -85,11 +86,25 @@ public class TokenManager {
throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Stale refresh token");
}
ClientSessionModel clientSession = null;
for (ClientSessionModel clientSessionModel : userSession.getClientSessions()) {
if (clientSessionModel.getId().equals(refreshToken.getClientSession())) {
clientSession = clientSessionModel;
break;
}
}
if (clientSession == null) {
throw new OAuthErrorException(OAuthErrorException.INVALID_GRANT, "Client session not active", "Client session not active");
}
verifyAccess(refreshToken, realm, client, user);
AccessToken accessToken = initToken(realm, client, user, userSession);
AccessToken accessToken = initToken(realm, client, user, userSession, clientSession);
accessToken.setRealmAccess(refreshToken.getRealmAccess());
accessToken.setResourceAccess(refreshToken.getResourceAccess());
accessToken = transformToken(accessToken, realm, client, user, userSession, clientSession);
userSession.setLastSessionRefresh(currentTime);
@ -117,11 +132,12 @@ public class TokenManager {
return refreshToken;
}
public AccessToken createClientAccessToken(Set<RoleModel> requestedRoles, RealmModel realm, ClientModel client, UserModel user, UserSessionModel session) {
AccessToken token = initToken(realm, client, user, session);
public AccessToken createClientAccessToken(Set<RoleModel> requestedRoles, RealmModel realm, ClientModel client, UserModel user, UserSessionModel session, ClientSessionModel clientSession) {
AccessToken token = initToken(realm, client, user, session, clientSession);
for (RoleModel role : requestedRoles) {
addComposites(token, role);
}
token = transformToken(token, realm, client, user, session, clientSession);
return token;
}
@ -234,28 +250,25 @@ public class TokenManager {
if (user.getLastName() != null) fullName.append(user.getLastName());
claimSet.setName(fullName.toString());
}
Set<ProtocolMapperModel> mappings = model.getProtocolMappers();
for (ProtocolMapperModel mapping : mappings) {
if (!mapping.getProtocol().equals(OIDCLoginProtocol.LOGIN_PROTOCOL)) continue;
}
}
protected IDToken initIDToken(RealmModel realm, ClientModel claimer, UserModel client, UserModel user) {
IDToken token = new IDToken();
token.id(KeycloakModelUtils.generateId());
token.subject(user.getId());
token.audience(claimer.getClientId());
token.issuedNow();
token.issuedFor(client.getUsername());
token.issuer(realm.getName());
if (realm.getAccessTokenLifespan() > 0) {
token.expiration(Time.currentTime() + realm.getAccessTokenLifespan());
}
protected AccessToken transformToken(AccessToken token, RealmModel realm, ClientModel client, UserModel user,
UserSessionModel session, ClientSessionModel clientSession) {
UserClaimSet claimSet = token.getUserClaimSet();
initClaims(claimSet, claimer, user);
initClaims(claimSet, client, user);
return token;
}
protected AccessToken initToken(RealmModel realm, ClientModel client, UserModel user, UserSessionModel session) {
protected AccessToken initToken(RealmModel realm, ClientModel client, UserModel user, UserSessionModel session, ClientSessionModel clientSession) {
AccessToken token = new AccessToken();
if (clientSession != null) token.clientSession(clientSession.getId());
token.id(KeycloakModelUtils.generateId());
token.subject(user.getId());
token.audience(client.getClientId());
@ -272,8 +285,6 @@ public class TokenManager {
if (allowedOrigins != null) {
token.setAllowedOrigins(allowedOrigins);
}
UserClaimSet claimSet = token.getUserClaimSet();
initClaims(claimSet, client, user);
return token;
}
@ -339,9 +350,9 @@ public class TokenManager {
return this;
}
public AccessTokenResponseBuilder generateAccessToken(String scopeParam, ClientModel client, UserModel user, UserSessionModel session) {
public AccessTokenResponseBuilder generateAccessToken(String scopeParam, ClientModel client, UserModel user, UserSessionModel session, ClientSessionModel clientSession) {
Set<RoleModel> requestedRoles = getAccess(scopeParam, client, user);
accessToken = createClientAccessToken(requestedRoles, realm, client, user, session);
accessToken = createClientAccessToken(requestedRoles, realm, client, user, session, clientSession);
return this;
}

4
services/src/main/java/org/keycloak/protocol/oidc/UserInfoService.java Normal file → Executable file
View file

@ -68,10 +68,10 @@ public class UserInfoService {
private final TokenManager tokenManager;
private final AppAuthManager appAuthManager;
private final OpenIDConnectService openIdConnectService;
private final OIDCLoginProtocolService openIdConnectService;
private final RealmModel realmModel;
public UserInfoService(OpenIDConnectService openIDConnectService) {
public UserInfoService(OIDCLoginProtocolService openIDConnectService) {
this.realmModel = openIDConnectService.getRealm();
if (this.realmModel == null) {

1
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -18,7 +18,6 @@ import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionProvider;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.protocol.oidc.OpenIDConnect;
import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;

12
services/src/main/java/org/keycloak/services/resources/AccountService.java
View file

@ -48,8 +48,8 @@ import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.protocol.oidc.OpenIDConnect;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.ForbiddenException;
@ -681,7 +681,7 @@ public class AccountService {
ClientSessionCode clientSessionCode = new ClientSessionCode(realm, clientSession);
clientSessionCode.setAction(ClientSessionModel.Action.AUTHENTICATE);
clientSession.setRedirectUri(redirectUri);
clientSession.setNote(OpenIDConnect.STATE_PARAM, UUID.randomUUID().toString());
clientSession.setNote(OIDCLoginProtocol.STATE_PARAM, UUID.randomUUID().toString());
return Response.temporaryRedirect(
Urls.identityProviderAuthnRequest(this.uriInfo.getBaseUri(), providerId, realm.getName(), clientSessionCode.getCode()))
@ -769,7 +769,7 @@ public class AccountService {
private Response login(String path) {
OAuthRedirect oauth = new OAuthRedirect();
String authUrl = OpenIDConnectService.loginPageUrl(uriInfo).build(realm.getName()).toString();
String authUrl = OIDCLoginProtocolService.loginPageUrl(uriInfo).build(realm.getName()).toString();
oauth.setAuthUrl(authUrl);
oauth.setClientId(Constants.ACCOUNT_MANAGEMENT_APP);
@ -822,7 +822,7 @@ public class AccountService {
ApplicationModel application = realm.getApplicationByName(referrer);
if (application != null) {
if (referrerUri != null) {
referrerUri = OpenIDConnectService.verifyRedirectUri(uriInfo, referrerUri, realm, application);
referrerUri = OIDCLoginProtocolService.verifyRedirectUri(uriInfo, referrerUri, realm, application);
} else {
referrerUri = ResolveRelative.resolveRelativeUri(uriInfo.getRequestUri(), application.getBaseUrl());
}
@ -833,7 +833,7 @@ public class AccountService {
} else if (referrerUri != null) {
ClientModel client = realm.getOAuthClient(referrer);
if (client != null) {
referrerUri = OpenIDConnectService.verifyRedirectUri(uriInfo, referrerUri, realm, application);
referrerUri = OIDCLoginProtocolService.verifyRedirectUri(uriInfo, referrerUri, realm, application);
if (referrerUri != null) {
return new String[]{referrer, referrerUri};

4
services/src/main/java/org/keycloak/services/resources/ClientsManagementService.java
View file

@ -30,7 +30,7 @@ import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.services.ForbiddenException;
import org.keycloak.util.Time;
@ -154,7 +154,7 @@ public class ClientsManagementService {
}
protected ApplicationModel authorizeApplication(String authorizationHeader, MultivaluedMap<String, String> formData) {
ClientModel client = OpenIDConnectService.authorizeClientBase(authorizationHeader, formData, event, realm);
ClientModel client = OIDCLoginProtocolService.authorizeClientBase(authorizationHeader, formData, event, realm);
if (client.isPublicClient()) {
Map<String, String> error = new HashMap<String, String>();

6
services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
View file

@ -44,7 +44,7 @@ import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.representations.PasswordToken;
import org.keycloak.representations.idm.CredentialRepresentation;
@ -119,7 +119,7 @@ public class LoginActionsService {
public static UriBuilder processLoginUrl(UriBuilder baseUriBuilder) {
UriBuilder uriBuilder = loginActionsBaseUrl(baseUriBuilder);
return uriBuilder.path(OpenIDConnectService.class, "processLogin");
return uriBuilder.path(OIDCLoginProtocolService.class, "processLogin");
}
public static UriBuilder processOAuthUrl(UriInfo uriInfo) {
@ -129,7 +129,7 @@ public class LoginActionsService {
public static UriBuilder processOAuthUrl(UriBuilder baseUriBuilder) {
UriBuilder uriBuilder = loginActionsBaseUrl(baseUriBuilder);
return uriBuilder.path(OpenIDConnectService.class, "processOAuth");
return uriBuilder.path(OIDCLoginProtocolService.class, "processOAuth");
}
public LoginActionsService(RealmModel realm, AuthenticationManager authManager, EventBuilder event) {

4
services/src/main/java/org/keycloak/services/resources/PublicRealmResource.java
View file

@ -5,7 +5,7 @@ import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.idm.PublishedRealmRepresentation;
import org.keycloak.services.resources.admin.AdminRoot;
@ -68,7 +68,7 @@ public class PublicRealmResource {
public static PublishedRealmRepresentation realmRep(RealmModel realm, UriInfo uriInfo) {
PublishedRealmRepresentation rep = new PublishedRealmRepresentation();
rep.setRealm(realm.getName());
rep.setTokenServiceUrl(OpenIDConnectService.tokenServiceBaseUrl(uriInfo).build(realm.getName()).toString());
rep.setTokenServiceUrl(OIDCLoginProtocolService.tokenServiceBaseUrl(uriInfo).build(realm.getName()).toString());
rep.setAccountServiceUrl(AccountService.accountServiceBaseUrl(uriInfo).build(realm.getName()).toString());
rep.setAdminApiUrl(uriInfo.getBaseUriBuilder().path(AdminRoot.class).build().toString());
rep.setPublicKeyPem(realm.getPublicKeyPem());

10
services/src/main/java/org/keycloak/services/resources/RealmsResource.java
View file

@ -11,8 +11,8 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.LoginProtocolFactory;
import org.keycloak.protocol.oidc.OpenIDConnect;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.BruteForceProtector;
import org.keycloak.services.managers.EventsManager;
@ -91,8 +91,8 @@ public class RealmsResource {
EventBuilder event = new EventsManager(realm, session, clientConnection).createEventBuilder();
AuthenticationManager authManager = new AuthenticationManager(protector);
LoginProtocolFactory factory = (LoginProtocolFactory)session.getKeycloakSessionFactory().getProviderFactory(LoginProtocol.class, OpenIDConnect.LOGIN_PROTOCOL);
OpenIDConnectService endpoint = (OpenIDConnectService)factory.createProtocolEndpoint(realm, event, authManager);
LoginProtocolFactory factory = (LoginProtocolFactory)session.getKeycloakSessionFactory().getProviderFactory(LoginProtocol.class, OIDCLoginProtocol.LOGIN_PROTOCOL);
OIDCLoginProtocolService endpoint = (OIDCLoginProtocolService)factory.createProtocolEndpoint(realm, event, authManager);
ResteasyProviderFactory.getInstance().injectProperties(endpoint);
return endpoint.getLoginStatusIframe(client_id, origin);
@ -149,7 +149,7 @@ public class RealmsResource {
protected RealmModel locateRealm(String name, RealmManager realmManager) {
RealmModel realm = realmManager.getRealmByName(name);
if (realm == null) {
throw new NotFoundException("Realm " + name + " does not exist");
throw new NotFoundException("Realm does not exist");
}
return realm;
}

4
services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java
View file

@ -18,7 +18,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.ApplicationManager;
import org.keycloak.services.managers.AuthenticationManager;
@ -252,7 +252,7 @@ public class AdminConsole {
URI redirect = AdminRoot.adminConsoleUrl(uriInfo).path("index.html").build(realm.getName());
return Response.status(302).location(
OpenIDConnectService.logoutUrl(uriInfo).queryParam("redirect_uri", redirect.toString()).build(realm.getName())
OIDCLoginProtocolService.logoutUrl(uriInfo).queryParam("redirect_uri", redirect.toString()).build(realm.getName())
).build();
}

10
services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
View file

@ -23,8 +23,8 @@ import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.protocol.oidc.OpenIDConnect;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.representations.idm.ApplicationMappingsRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
@ -690,7 +690,7 @@ public class UsersResource {
@Path("{username}/reset-password-email")
@PUT
@Consumes("application/json")
public Response resetPasswordEmail(@PathParam("username") String username, @QueryParam(OpenIDConnect.REDIRECT_URI_PARAM) String redirectUri, @QueryParam(OpenIDConnect.CLIENT_ID_PARAM) String clientId) {
public Response resetPasswordEmail(@PathParam("username") String username, @QueryParam(OIDCLoginProtocol.REDIRECT_URI_PARAM) String redirectUri, @QueryParam(OIDCLoginProtocol.CLIENT_ID_PARAM) String clientId) {
auth.requireManage();
UserModel user = session.users().getUserByUsername(username, realm);
@ -721,7 +721,7 @@ public class UsersResource {
String redirect;
if(redirectUri != null){
redirect = OpenIDConnectService.verifyRedirectUri(uriInfo,redirectUri,realm,client);
redirect = OIDCLoginProtocolService.verifyRedirectUri(uriInfo, redirectUri, realm, client);
if(redirect == null){
return Flows.errors().error("Invalid redirect uri.", Response.Status.BAD_REQUEST);
}
@ -733,7 +733,7 @@ public class UsersResource {
UserSessionModel userSession = session.sessions().createUserSession(realm, user, username, clientConnection.getRemoteAddr(), "form", false);
//audit.session(userSession);
ClientSessionModel clientSession = session.sessions().createClientSession(realm, client);
clientSession.setAuthMethod(OpenIDConnect.LOGIN_PROTOCOL);
clientSession.setAuthMethod(OIDCLoginProtocol.LOGIN_PROTOCOL);
clientSession.setRedirectUri(redirect);
clientSession.setUserSession(userSession);
ClientSessionCode accessCode = new ClientSessionCode(realm, clientSession);

10
services/src/main/java/org/keycloak/services/resources/flows/Urls.java
View file

@ -22,8 +22,8 @@
package org.keycloak.services.resources.flows;
import org.keycloak.OAuth2Constants;
import org.keycloak.protocol.oidc.OpenIDConnect;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.services.resources.AccountService;
import org.keycloak.services.resources.IdentityBrokerService;
import org.keycloak.services.resources.LoginActionsService;
@ -170,7 +170,7 @@ public class Urls {
}
private static UriBuilder realmLogout(URI baseUri) {
return tokenBase(baseUri).path(OpenIDConnectService.class, "logout");
return tokenBase(baseUri).path(OIDCLoginProtocolService.class, "logout");
}
public static URI realmRegisterAction(URI baseUri, String realmId) {
@ -182,7 +182,7 @@ public class Urls {
}
public static URI realmInstalledAppUrnCallback(URI baseUri, String realmId) {
return tokenBase(baseUri).path(OpenIDConnectService.class, "installedAppUrnCallback").build(realmId);
return tokenBase(baseUri).path(OIDCLoginProtocolService.class, "installedAppUrnCallback").build(realmId);
}
public static URI realmOauthAction(URI baseUri, String realmId) {
@ -198,7 +198,7 @@ public class Urls {
}
private static UriBuilder tokenBase(URI baseUri) {
return realmBase(baseUri).path("{realm}/protocol/" + OpenIDConnect.LOGIN_PROTOCOL);
return realmBase(baseUri).path("{realm}/protocol/" + OIDCLoginProtocol.LOGIN_PROTOCOL);
}
private static UriBuilder themeBase(URI baseUri) {

2
services/src/main/resources/META-INF/services/org.keycloak.protocol.LoginProtocolFactory
View file

@ -1 +1 @@
org.keycloak.protocol.oidc.OpenIDConnectFactory
org.keycloak.protocol.oidc.OIDCLoginProtocolFactory

1
services/src/main/resources/META-INF/services/org.keycloak.protocol.ProtocolMapper Executable file
View file

@ -0,0 +1 @@
org.keycloak.protocol.oidc.OIDCAttributeToTokenMapper

14
testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
View file

@ -37,7 +37,7 @@ import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.util.BasicAuthHelper;
@ -278,7 +278,7 @@ public class OAuthClient {
}
public void openLogout() {
UriBuilder b = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(baseUrl));
UriBuilder b = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(baseUrl));
if (redirectUri != null) {
b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
}
@ -290,7 +290,7 @@ public class OAuthClient {
}
public String getLoginFormUrl() {
UriBuilder b = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri(baseUrl));
UriBuilder b = OIDCLoginProtocolService.loginPageUrl(UriBuilder.fromUri(baseUrl));
if (responseType != null) {
b.queryParam(OAuth2Constants.RESPONSE_TYPE, responseType);
}
@ -307,12 +307,12 @@ public class OAuthClient {
}
public String getAccessTokenUrl() {
UriBuilder b = OpenIDConnectService.accessCodeToTokenUrl(UriBuilder.fromUri(baseUrl));
UriBuilder b = OIDCLoginProtocolService.accessCodeToTokenUrl(UriBuilder.fromUri(baseUrl));
return b.build(realm).toString();
}
public String getLogoutUrl(String redirectUri, String sessionState) {
UriBuilder b = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(baseUrl));
UriBuilder b = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(baseUrl));
if (redirectUri != null) {
b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
}
@ -323,12 +323,12 @@ public class OAuthClient {
}
public String getResourceOwnerPasswordCredentialGrantUrl() {
UriBuilder b = OpenIDConnectService.grantAccessTokenUrl(UriBuilder.fromUri(baseUrl));
UriBuilder b = OIDCLoginProtocolService.grantAccessTokenUrl(UriBuilder.fromUri(baseUrl));
return b.build(realm).toString();
}
public String getRefreshTokenUrl() {
UriBuilder b = OpenIDConnectService.refreshUrl(UriBuilder.fromUri(baseUrl));
UriBuilder b = OIDCLoginProtocolService.refreshUrl(UriBuilder.fromUri(baseUrl));
return b.build(realm).toString();
}

35
testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
View file

@ -21,51 +21,16 @@
*/
package org.keycloak.testsuite.adapter;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.Config;
import org.keycloak.OAuth2Constants;
import org.keycloak.Version;
import org.keycloak.constants.AdapterConstants;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.services.resources.admin.AdminRoot;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.keycloak.testutils.KeycloakServer;
import org.keycloak.util.BasicAuthHelper;
import org.openqa.selenium.WebDriver;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.GenericType;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import java.net.URI;
import java.net.URL;
import java.security.PublicKey;
import java.util.Map;
import java.util.concurrent.atomic.AtomicInteger;
/**
* Tests Undertow Adapter

22
testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTestStrategy.java
View file

@ -22,7 +22,6 @@
package org.keycloak.testsuite.adapter;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExternalResource;
import org.keycloak.Config;
@ -36,16 +35,13 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.services.resources.admin.AdminRoot;
import org.keycloak.services.resources.admin.ApplicationsResource;
import org.keycloak.services.resources.admin.RealmAdminResource;
import org.keycloak.services.resources.admin.RealmsAdminResource;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
@ -96,7 +92,7 @@ public class AdapterTestStrategy extends ExternalResource {
@WebResource
protected InputPage inputPage;
protected String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri(AUTH_SERVER_URL)).build("demo").toString();
protected String LOGIN_URL = OIDCLoginProtocolService.loginPageUrl(UriBuilder.fromUri(AUTH_SERVER_URL)).build("demo").toString();
public AdapterTestStrategy(String AUTH_SERVER_URL, String APP_SERVER_BASE_URL, AbstractKeycloakRule keycloakRule) {
this.AUTH_SERVER_URL = AUTH_SERVER_URL;
@ -143,7 +139,7 @@ public class AdapterTestStrategy extends ExternalResource {
TokenManager tm = new TokenManager();
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, "admin", null, "form", false);
AccessToken token = tm.createClientAccessToken(TokenManager.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession);
AccessToken token = tm.createClientAccessToken(TokenManager.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession, null);
return tm.encodeToken(adminRealm, token);
} finally {
keycloakRule.stopSession(session, true);
@ -168,7 +164,7 @@ public class AdapterTestStrategy extends ExternalResource {
// test logout
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
.queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/customer-portal").build("demo").toString();
driver.navigate().to(logoutUri);
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
@ -231,7 +227,7 @@ public class AdapterTestStrategy extends ExternalResource {
// test logout
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
.queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/customer-portal").build("demo").toString();
driver.navigate().to(logoutUri);
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
@ -424,7 +420,7 @@ public class AdapterTestStrategy extends ExternalResource {
public void testBadUser() throws Exception {
Client client = ClientBuilder.newClient();
UriBuilder builder = UriBuilder.fromUri(AUTH_SERVER_URL);
URI uri = OpenIDConnectService.grantAccessTokenUrl(builder).build("demo");
URI uri = OIDCLoginProtocolService.grantAccessTokenUrl(builder).build("demo");
WebTarget target = client.target(uri);
String header = BasicAuthHelper.createHeader("customer-portal", "password");
Form form = new Form();
@ -477,7 +473,7 @@ public class AdapterTestStrategy extends ExternalResource {
// test logout
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
.queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/secure-portal").build("demo").toString();
driver.navigate().to(logoutUri);
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
@ -503,7 +499,7 @@ public class AdapterTestStrategy extends ExternalResource {
loginAndCheckSession(browser2.driver, browser2.loginPage);
// Logout in browser1
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
.queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/session-portal").build("demo").toString();
browser1.driver.navigate().to(logoutUri);
Assert.assertTrue(browser1.driver.getCurrentUrl().startsWith(LOGIN_URL));
@ -548,7 +544,7 @@ public class AdapterTestStrategy extends ExternalResource {
loginAndCheckSession(driver, loginPage);
// Logout
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
.queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/session-portal").build("demo").toString();
driver.navigate().to(logoutUri);

4
testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/CookieTokenStoreAdapterTest.java Normal file → Executable file
View file

@ -11,7 +11,7 @@ import org.junit.Test;
import org.keycloak.constants.AdapterConstants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.OAuthClient;
@ -31,7 +31,7 @@ import org.openqa.selenium.WebDriver;
*/
public class CookieTokenStoreAdapterTest {
public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
public static final String LOGIN_URL = OIDCLoginProtocolService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
@ClassRule
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {

4
testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/MultiTenancyTest.java Normal file → Executable file
View file

@ -23,7 +23,7 @@ import org.junit.Rule;
import org.junit.Test;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.pages.LoginPage;
@ -126,7 +126,7 @@ public class MultiTenancyTest {
}
private void doTenantRequests(String tenant, boolean logout) {
String tenantLoginUrl = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build(tenant).toString();
String tenantLoginUrl = OIDCLoginProtocolService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build(tenant).toString();
driver.navigate().to("http://localhost:8081/multi-tenant?realm="+tenant);
System.out.println("Current url: " + driver.getCurrentUrl());

8
testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/RelativeUriAdapterTest.java
View file

@ -32,7 +32,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.RealmRepresentation;
@ -66,7 +66,7 @@ import java.util.Map;
*/
public class RelativeUriAdapterTest {
public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
public static final String LOGIN_URL = OIDCLoginProtocolService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
public static PublicKey realmPublicKey;
@ClassRule
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule(){
@ -87,7 +87,7 @@ public class RelativeUriAdapterTest {
TokenManager tm = new TokenManager();
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, "user", null, "form", false);
AccessToken token = tm.createClientAccessToken(tm.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession);
AccessToken token = tm.createClientAccessToken(tm.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession, null);
adminToken = tm.encodeToken(adminRealm, token);
}
@ -147,7 +147,7 @@ public class RelativeUriAdapterTest {
// test logout
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
.queryParam(OAuth2Constants.REDIRECT_URI, "/customer-portal").build("demo").toString();
driver.navigate().to(logoutUri);
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));

2
testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminAPITest.java
View file

@ -79,7 +79,7 @@ public class AdminAPITest {
TokenManager tm = new TokenManager();
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, "admin", null, "form", false);
AccessToken token = tm.createClientAccessToken(tm.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession);
AccessToken token = tm.createClientAccessToken(tm.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession, null);
return tm.encodeToken(adminRealm, token);
} finally {
keycloakRule.stopSession(session, true);

8
testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionProviderTest.java
View file

@ -11,7 +11,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.UsernameLoginFailureModel;
import org.keycloak.protocol.oidc.OpenIDConnect;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.services.managers.UserManager;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.util.Time;
@ -97,7 +97,7 @@ public class UserSessionProviderTest {
assertEquals(realm.findClient("test-app").getClientId(), session1.getClient().getClientId());
assertEquals(sessions[0].getId(), session1.getUserSession().getId());
assertEquals("http://redirect", session1.getRedirectUri());
assertEquals("state", session1.getNote(OpenIDConnect.STATE_PARAM));
assertEquals("state", session1.getNote(OIDCLoginProtocol.STATE_PARAM));
assertEquals(2, session1.getRoles().size());
assertTrue(session1.getRoles().contains("one"));
assertTrue(session1.getRoles().contains("two"));
@ -311,7 +311,7 @@ public class UserSessionProviderTest {
clientSession.setUserSession(userSession);
clientSession.setRedirectUri("http://redirect");
clientSession.setRoles(new HashSet<String>());
clientSession.setNote(OpenIDConnect.STATE_PARAM, "state");
clientSession.setNote(OIDCLoginProtocol.STATE_PARAM, "state");
clientSession.setTimestamp(userSession.getStarted());
}
} finally {
@ -404,7 +404,7 @@ public class UserSessionProviderTest {
ClientSessionModel clientSession = session.sessions().createClientSession(realm, client);
if (userSession != null) clientSession.setUserSession(userSession);
clientSession.setRedirectUri(redirect);
if (state != null) clientSession.setNote(OpenIDConnect.STATE_PARAM, state);
if (state != null) clientSession.setNote(OIDCLoginProtocol.STATE_PARAM, state);
if (roles != null) clientSession.setRoles(roles);
return clientSession;
}

10
testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
View file

@ -36,7 +36,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.AccessToken;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.AssertEvents;
@ -323,10 +323,10 @@ public class AccessTokenTest {
public void testValidateAccessToken() throws Exception {
Client client = ClientBuilder.newClient();
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
URI grantUri = OpenIDConnectService.grantAccessTokenUrl(builder).build("test");
URI grantUri = OIDCLoginProtocolService.grantAccessTokenUrl(builder).build("test");
WebTarget grantTarget = client.target(grantUri);
builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
URI validateUri = OpenIDConnectService.validateAccessTokenUrl(builder).build("test");
URI validateUri = OIDCLoginProtocolService.validateAccessTokenUrl(builder).build("test");
WebTarget validateTarget = client.target(validateUri);
{
@ -354,7 +354,7 @@ public class AccessTokenTest {
}
{
builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
URI logoutUri = OpenIDConnectService.logoutUrl(builder).build("test");
URI logoutUri = OIDCLoginProtocolService.logoutUrl(builder).build("test");
String header = BasicAuthHelper.createHeader("test-app", "password");
Form form = new Form();
form.param("refresh_token", tokenResponse.getRefreshToken());
@ -380,7 +380,7 @@ public class AccessTokenTest {
public void testGrantAccessToken() throws Exception {
Client client = ClientBuilder.newClient();
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
URI grantUri = OpenIDConnectService.grantAccessTokenUrl(builder).build("test");
URI grantUri = OIDCLoginProtocolService.grantAccessTokenUrl(builder).build("test");
WebTarget grantTarget = client.target(grantUri);
{ // test checkSsl

8
testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
View file

@ -34,7 +34,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.services.managers.RealmManager;
@ -97,7 +97,7 @@ public class RefreshTokenTest {
public void nullRefreshToken() throws Exception {
Client client = ClientBuilder.newClient();
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
URI uri = OpenIDConnectService.refreshUrl(builder).build("test");
URI uri = OIDCLoginProtocolService.refreshUrl(builder).build("test");
WebTarget target = client.target(uri);
org.keycloak.representations.AccessTokenResponse tokenResponse = null;
@ -389,10 +389,10 @@ public class RefreshTokenTest {
public void testCheckSsl() throws Exception {
Client client = ClientBuilder.newClient();
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
URI grantUri = OpenIDConnectService.grantAccessTokenUrl(builder).build("test");
URI grantUri = OIDCLoginProtocolService.grantAccessTokenUrl(builder).build("test");
WebTarget grantTarget = client.target(grantUri);
builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
URI uri = OpenIDConnectService.refreshUrl(builder).build("test");
URI uri = OIDCLoginProtocolService.refreshUrl(builder).build("test");
WebTarget refreshTarget = client.target(uri);
String refreshToken = null;

8
testsuite/integration/src/test/java/org/keycloak/testsuite/oidc/UserInfoTest.java
View file

@ -25,7 +25,7 @@ import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.UserInfo;
import org.keycloak.testsuite.rule.KeycloakRule;
@ -68,7 +68,7 @@ public class UserInfoTest {
public void testSuccessfulUserInfoRequest() throws Exception {
Client client = ClientBuilder.newClient();
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
URI grantUri = OpenIDConnectService.grantAccessTokenUrl(builder).build("test");
URI grantUri = OIDCLoginProtocolService.grantAccessTokenUrl(builder).build("test");
WebTarget grantTarget = client.target(grantUri);
AccessTokenResponse accessTokenResponse = executeGrantAccessTokenRequest(grantTarget);
Response response = executeUserInfoRequest(accessTokenResponse.getToken());
@ -117,8 +117,8 @@ public class UserInfoTest {
private Response executeUserInfoRequest(String accessToken) {
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
UriBuilder uriBuilder = OpenIDConnectService.tokenServiceBaseUrl(builder);
URI userInfoUri = uriBuilder.path(OpenIDConnectService.class, "issueUserInfo").build("test");
UriBuilder uriBuilder = OIDCLoginProtocolService.tokenServiceBaseUrl(builder);
URI userInfoUri = uriBuilder.path(OIDCLoginProtocolService.class, "issueUserInfo").build("test");
Client client = ClientBuilder.newClient();
WebTarget userInfoTarget = client.target(userInfoUri);

6
testsuite/integration/src/test/java/org/keycloak/testsuite/perf/AccessTokenPerfTest.java
View file

@ -34,7 +34,7 @@ import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.adapters.HttpClientBuilder;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.services.resources.LoginActionsService;
import org.keycloak.testsuite.Constants;
import org.keycloak.testsuite.OAuthClient;
@ -136,7 +136,7 @@ public class AccessTokenPerfTest {
}
public String getLoginFormUrl(String state) {
UriBuilder b = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri(baseUrl));
UriBuilder b = OIDCLoginProtocolService.loginPageUrl(UriBuilder.fromUri(baseUrl));
if (responseType != null) {
b.queryParam(OAuth2Constants.RESPONSE_TYPE, responseType);
}
@ -204,7 +204,7 @@ public class AccessTokenPerfTest {
String authorization = BasicAuthHelper.createHeader(clientId, "password");
String res = client.target(OpenIDConnectService.accessCodeToTokenUrl(UriBuilder.fromUri(baseUrl)).build(realm)).request()
String res = client.target(OIDCLoginProtocolService.accessCodeToTokenUrl(UriBuilder.fromUri(baseUrl)).build(realm)).request()
.header(HttpHeaders.AUTHORIZATION, authorization)
.post(Entity.form(form), String.class);
count.incrementAndGet();

2
testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlBindingTest.java
View file

@ -247,7 +247,7 @@ public class SamlBindingTest {
TokenManager tm = new TokenManager();
UserModel admin = session.users().getUserByUsername("admin", adminRealm);
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, "admin", null, "form", false);
AccessToken token = tm.createClientAccessToken(tm.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession);
AccessToken token = tm.createClientAccessToken(tm.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession, null);
return tm.encodeToken(adminRealm, token);
} finally {
keycloakRule.stopSession(session, true);

12
testsuite/performance-web/src/main/java/org/keycloak/testsuite/performance/web/OAuthClient.java
View file

@ -16,7 +16,7 @@ import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.util.BasicAuthHelper;
@ -199,7 +199,7 @@ public class OAuthClient {
}
public String getLoginFormUrl() {
UriBuilder b = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri(baseUrl));
UriBuilder b = OIDCLoginProtocolService.loginPageUrl(UriBuilder.fromUri(baseUrl));
if (responseType != null) {
b.queryParam(OAuth2Constants.RESPONSE_TYPE, responseType);
}
@ -216,12 +216,12 @@ public class OAuthClient {
}
public String getAccessTokenUrl() {
UriBuilder b = OpenIDConnectService.accessCodeToTokenUrl(UriBuilder.fromUri(baseUrl));
UriBuilder b = OIDCLoginProtocolService.accessCodeToTokenUrl(UriBuilder.fromUri(baseUrl));
return b.build(realm).toString();
}
public String getLogoutUrl(String redirectUri, String sessionState) {
UriBuilder b = OpenIDConnectService.logoutUrl(UriBuilder.fromUri(baseUrl));
UriBuilder b = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(baseUrl));
if (redirectUri != null) {
b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
}
@ -232,12 +232,12 @@ public class OAuthClient {
}
public String getResourceOwnerPasswordCredentialGrantUrl() {
UriBuilder b = OpenIDConnectService.grantAccessTokenUrl(UriBuilder.fromUri(baseUrl));
UriBuilder b = OIDCLoginProtocolService.grantAccessTokenUrl(UriBuilder.fromUri(baseUrl));
return b.build(realm).toString();
}
public String getRefreshTokenUrl() {
UriBuilder b = OpenIDConnectService.refreshUrl(UriBuilder.fromUri(baseUrl));
UriBuilder b = OIDCLoginProtocolService.refreshUrl(UriBuilder.fromUri(baseUrl));
return b.build(realm).toString();
}

24
testsuite/proxy/src/test/java/org/keycloak/testsuite/ProxyTest.java
View file

@ -22,15 +22,6 @@
package org.keycloak.testsuite;
import io.undertow.Undertow;
import io.undertow.io.IoCallback;
import io.undertow.security.api.SecurityContext;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.ResponseCodeHandler;
import io.undertow.server.handlers.proxy.ProxyHandler;
import io.undertow.server.handlers.proxy.SimpleProxyClientProvider;
import io.undertow.util.Headers;
import io.undertow.util.HttpString;
import org.apache.catalina.startup.Tomcat;
import org.junit.AfterClass;
import org.junit.Assert;
@ -39,16 +30,11 @@ import org.junit.ClassRule;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.OAuth2Constants;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.undertow.AbstractUndertowRequestAuthenticator;
import org.keycloak.adapters.undertow.UndertowHttpFacade;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.proxy.ProxyServerBuilder;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.pages.LoginPage;
@ -72,15 +58,13 @@ import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URI;
import java.net.URL;
import java.security.Principal;
import java.util.Enumeration;
import java.util.regex.Matcher;
@Ignore
public class ProxyTest {
static String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
static String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8080/customer-portal").build("demo").toString();
@ClassRule
@ -204,7 +188,7 @@ public class ProxyTest {
@WebResource
protected LoginPage loginPage;
public static final String LOGIN_URL = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
public static final String LOGIN_URL = OIDCLoginProtocolService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
@Test
public void testHttp() throws Exception {
@ -261,7 +245,7 @@ public class ProxyTest {
// test logout
String logoutUri = OpenIDConnectService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri("http://localhost:8081/auth"))
.queryParam(OAuth2Constants.REDIRECT_URI, baseUrl + "/customer-portal/users").build("demo").toString();
driver.navigate().to(logoutUri);
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));

19
testsuite/tomcat6/src/test/java/org/keycloak/testsuite/TomcatTest.java
View file

@ -22,37 +22,18 @@
package org.keycloak.testsuite;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.OAuth2Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.adapter.AdapterTestStrategy;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.keycloak.testutils.KeycloakServer;
import org.openqa.selenium.WebDriver;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.UriBuilder;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.net.URL;
import java.security.Principal;
import java.util.regex.Matcher;
/**

19
testsuite/tomcat7/src/test/java/org/keycloak/testsuite/Tomcat7Test.java
View file

@ -23,37 +23,18 @@ package org.keycloak.testsuite;
import org.apache.catalina.startup.Tomcat;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.OAuth2Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.adapter.AdapterTestStrategy;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.keycloak.testutils.KeycloakServer;
import org.openqa.selenium.WebDriver;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.UriBuilder;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.net.URL;
import java.security.Principal;
import java.util.regex.Matcher;
/**

19
testsuite/tomcat8/src/test/java/org/keycloak/testsuite/TomcatTest.java
View file

@ -23,37 +23,18 @@ package org.keycloak.testsuite;
import org.apache.catalina.startup.Tomcat;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.OAuth2Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.OpenIDConnectService;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.adapter.AdapterTestStrategy;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.keycloak.testutils.KeycloakServer;
import org.openqa.selenium.WebDriver;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.UriBuilder;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.net.URL;
import java.security.Principal;
import java.util.regex.Matcher;
/**