libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-12069 Add account-console client for new account console

Browse source
This commit is contained in:
stianst 2019-11-19 09:52:31 +01:00 committed by Stan Silvert
parent ebb1883427
commit 3731e36ece
19 changed files with 209 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java
View file

@ -47,6 +47,7 @@ import org.keycloak.migration.migrators.MigrateTo4_2_0;
import org.keycloak.migration.migrators.MigrateTo4_6_0;
import org.keycloak.migration.migrators.MigrateTo6_0_0;
import org.keycloak.migration.migrators.MigrateTo8_0_0;
import org.keycloak.migration.migrators.MigrateTo9_0_0;
import org.keycloak.migration.migrators.Migration;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
@ -84,7 +85,8 @@ public class MigrationModelManager {
new MigrateTo4_2_0(),
new MigrateTo4_6_0(),
new MigrateTo6_0_0(),
new MigrateTo8_0_0()
new MigrateTo8_0_0(),
new MigrateTo9_0_0()
};
public static void migrate(KeycloakSession session) {

89
server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo9_0_0.java Normal file
View file

@ -0,0 +1,89 @@
/*
* Copyright 2019 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.migration.migrators;
import org.jboss.logging.Logger;
import org.keycloak.migration.ModelVersion;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.RealmRepresentation;
import java.util.Collections;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class MigrateTo9_0_0 implements Migration {
public static final ModelVersion VERSION = new ModelVersion("9.0.0");
private static final Logger LOG = Logger.getLogger(MigrateTo9_0_0.class);
@Override
public ModelVersion getVersion() {
return VERSION;
}
@Override
public void migrate(KeycloakSession session) {
session.realms().getRealms().stream().forEach(realm -> addAccountConsoleClient(realm));
}
@Override
public void migrateImport(KeycloakSession session, RealmModel realm, RealmRepresentation rep, boolean skipUserDependent) {
migrateRealmCommon(realm);
}
protected void migrateRealmCommon(RealmModel realm) {
addAccountConsoleClient(realm);
}
protected void addAccountConsoleClient(RealmModel realm) {
if (realm.getClientByClientId(Constants.ACCOUNT_CONSOLE_CLIENT_ID) == null) {
ClientModel client = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_CONSOLE_CLIENT_ID);
client.setName("${client_" + Constants.ACCOUNT_CONSOLE_CLIENT_ID + "}");
client.setEnabled(true);
client.setFullScopeAllowed(false);
client.setPublicClient(true);
client.setDirectAccessGrantsEnabled(false);
client.setRootUrl(Constants.AUTH_BASE_URL_PROP);
String baseUrl = "/realms/" + realm.getName() + "/account/";
client.setBaseUrl(baseUrl);
client.addRedirectUri(baseUrl + "*");
client.setProtocol("openid-connect");
client.addScopeMapping(realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).getRole(AccountRoles.MANAGE_ACCOUNT));
ProtocolMapperModel audienceMapper = new ProtocolMapperModel();
audienceMapper.setName("audience resolve");
audienceMapper.setProtocol("openid-connect");
audienceMapper.setProtocolMapper("oidc-audience-resolve-mapper");
client.addProtocolMapper(audienceMapper);
}
}
}

1
server-spi-private/src/main/java/org/keycloak/models/Constants.java
View file

@ -33,6 +33,7 @@ public final class Constants {
public static final String ADMIN_CLI_CLIENT_ID = "admin-cli";
public static final String ACCOUNT_MANAGEMENT_CLIENT_ID = "account";
public static final String ACCOUNT_CONSOLE_CLIENT_ID = "account-console";
public static final String BROKER_SERVICE_CLIENT_ID = "broker";
public static final String REALM_MANAGEMENT_CLIENT_ID = "realm-management";

54
services/src/main/java/org/keycloak/services/managers/RealmManager.java
View file

@ -42,6 +42,7 @@ import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
import org.keycloak.protocol.oidc.mappers.AudienceResolveProtocolMapper;
import org.keycloak.representations.idm.ApplicationRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ClientScopeRepresentation;
@ -401,29 +402,54 @@ public class RealmManager {
private void setupAccountManagement(RealmModel realm) {
ClientModel client = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
if (client == null) {
client = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
client.setName("${client_" + Constants.ACCOUNT_MANAGEMENT_CLIENT_ID + "}");
client.setEnabled(true);
client.setFullScopeAllowed(false);
ClientModel accountClient = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
if (accountClient == null) {
accountClient = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
accountClient.setName("${client_" + Constants.ACCOUNT_MANAGEMENT_CLIENT_ID + "}");
accountClient.setEnabled(true);
accountClient.setFullScopeAllowed(false);
client.setRootUrl(Constants.AUTH_BASE_URL_PROP);
accountClient.setRootUrl(Constants.AUTH_BASE_URL_PROP);
String baseUrl = "/realms/" + realm.getName() + "/account/";
client.setBaseUrl(baseUrl);
client.addRedirectUri(baseUrl + "*");
accountClient.setBaseUrl(baseUrl);
accountClient.addRedirectUri(baseUrl + "*");
client.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
accountClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
for (String role : AccountRoles.ALL) {
client.addDefaultRole(role);
RoleModel roleModel = client.getRole(role);
accountClient.addDefaultRole(role);
RoleModel roleModel = accountClient.getRole(role);
roleModel.setDescription("${role_" + role + "}");
}
RoleModel manageAccountLinks = client.addRole(AccountRoles.MANAGE_ACCOUNT_LINKS);
RoleModel manageAccountLinks = accountClient.addRole(AccountRoles.MANAGE_ACCOUNT_LINKS);
manageAccountLinks.setDescription("${role_" + AccountRoles.MANAGE_ACCOUNT_LINKS + "}");
RoleModel manageAccount = client.getRole(AccountRoles.MANAGE_ACCOUNT);
RoleModel manageAccount = accountClient.getRole(AccountRoles.MANAGE_ACCOUNT);
manageAccount.addCompositeRole(manageAccountLinks);
ClientModel accountConsoleClient = realm.getClientByClientId(Constants.ACCOUNT_CONSOLE_CLIENT_ID);
if (accountConsoleClient == null) {
accountConsoleClient = KeycloakModelUtils.createClient(realm, Constants.ACCOUNT_CONSOLE_CLIENT_ID);
accountConsoleClient.setName("${client_" + Constants.ACCOUNT_CONSOLE_CLIENT_ID + "}");
accountConsoleClient.setEnabled(true);
accountConsoleClient.setFullScopeAllowed(false);
accountConsoleClient.setPublicClient(true);
accountConsoleClient.setDirectAccessGrantsEnabled(false);
accountConsoleClient.setRootUrl(Constants.AUTH_BASE_URL_PROP);
accountConsoleClient.setBaseUrl(baseUrl);
accountConsoleClient.addRedirectUri(baseUrl + "*");
accountConsoleClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
accountConsoleClient.addScopeMapping(accountClient.getRole(AccountRoles.MANAGE_ACCOUNT));
ProtocolMapperModel audienceMapper = new ProtocolMapperModel();
audienceMapper.setName(OIDCLoginProtocolFactory.AUDIENCE_RESOLVE);
audienceMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
audienceMapper.setProtocolMapper(AudienceResolveProtocolMapper.PROVIDER_ID);
accountConsoleClient.addProtocolMapper(audienceMapper);
}
}
}

21
services/src/main/java/org/keycloak/services/resources/account/AccountConsole.java
View file

@ -86,7 +86,12 @@ public class AccountConsole {
URI baseUri = session.getContext().getUri().getBaseUri();
map.put("authUrl", session.getContext().getUri(UrlType.FRONTEND).getBaseUri().toString());
String authServerBaseUrl = baseUri.toString();
if (authServerBaseUrl.endsWith("/")) {
authServerBaseUrl = authServerBaseUrl.substring(0, authServerBaseUrl.length() - 1);
}
map.put("authUrl", authServerBaseUrl);
map.put("baseUrl", session.getContext().getUri(UrlType.FRONTEND).getBaseUriBuilder().replacePath("/realms/" + realm.getName() + "/account").build().toString());
map.put("realm", realm);
map.put("resourceUrl", Urls.themeRoot(baseUri).getPath() + "/account/" + theme.getName());
@ -170,20 +175,6 @@ public class AccountConsole {
return Response.status(302).location(session.getContext().getUri().getRequestUriBuilder().path("../").build()).build();
}
@GET
@Path("keycloak.json")
@Produces(MediaType.APPLICATION_JSON)
@NoCache
public ClientManager.InstallationAdapterConfig getConfig() {
ClientModel accountClient = realm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
if (accountClient == null) {
throw new javax.ws.rs.NotFoundException("Account console client not found");
}
RealmManager realmMgr = new RealmManager(session);
URI baseUri = session.getContext().getUri().getBaseUri();
return new ClientManager(realmMgr).toInstallationRepresentation(realm, accountClient, baseUri);
}
// TODO: took this code from elsewhere - refactor
private String[] getReferrer() {
String referrer = session.getContext().getUri().getQueryParameters().getFirst("referrer");

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountFormServiceTest.java
View file

@ -1110,7 +1110,7 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
Map<String, AccountApplicationsPage.AppEntry> apps = applicationsPage.getApplications();
Assert.assertThat(apps.keySet(), containsInAnyOrder(
/* "root-url-client", */ "Account", "test-app", "test-app-scope", "third-party", "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant"));
/* "root-url-client", */ "Account", "Account Console", "test-app", "test-app-scope", "third-party", "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant"));
rsu.add(testRealm().roles().get("user").toRepresentation())
.update();
@ -1118,7 +1118,7 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
driver.navigate().refresh();
apps = applicationsPage.getApplications();
Assert.assertThat(apps.keySet(), containsInAnyOrder(
"root-url-client", "Account", "test-app", "test-app-scope", "third-party", "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant"));
"root-url-client", "Account", "Account Console", "test-app", "test-app-scope", "third-party", "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant"));
}
}
@ -1136,7 +1136,7 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
Map<String, AccountApplicationsPage.AppEntry> apps = applicationsPage.getApplications();
Assert.assertThat(apps.keySet(), containsInAnyOrder(
"root-url-client", "Account", "test-app", "test-app-scope", "third-party", "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant"));
"root-url-client", "Account", "Account Console", "test-app", "test-app-scope", "third-party", "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant"));
}
}
@ -1150,7 +1150,7 @@ public class AccountFormServiceTest extends AbstractTestRealmKeycloakTest {
applicationsPage.assertCurrent();
Map<String, AccountApplicationsPage.AppEntry> apps = applicationsPage.getApplications();
Assert.assertThat(apps.keySet(), containsInAnyOrder("root-url-client", "Account", "Broker", "test-app", "test-app-scope", "third-party", "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant"));
Assert.assertThat(apps.keySet(), containsInAnyOrder("root-url-client", "Account", "Account Console", "Broker", "test-app", "test-app-scope", "third-party", "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant"));
AccountApplicationsPage.AppEntry accountEntry = apps.get("Account");
Assert.assertThat(accountEntry.getRolesAvailable(), containsInAnyOrder(

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
View file

@ -66,7 +66,7 @@ public class ClientTest extends AbstractAdminTest {
@Test
public void getClients() {
Assert.assertNames(realm.clients().findAll(), "account", "realm-management", "security-admin-console", "broker", Constants.ADMIN_CLI_CLIENT_ID);
Assert.assertNames(realm.clients().findAll(), "account", "account-console", "realm-management", "security-admin-console", "broker", Constants.ADMIN_CLI_CLIENT_ID);
}
private ClientRepresentation createClient() {
@ -93,7 +93,7 @@ public class ClientTest extends AbstractAdminTest {
String id = createClient().getId();
assertNotNull(realm.clients().get(id));
Assert.assertNames(realm.clients().findAll(), "account", "realm-management", "security-admin-console", "broker", "my-app", Constants.ADMIN_CLI_CLIENT_ID);
Assert.assertNames(realm.clients().findAll(), "account", "account-console", "realm-management", "security-admin-console", "broker", "my-app", Constants.ADMIN_CLI_CLIENT_ID);
}
@Test

11
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
View file

@ -70,8 +70,10 @@ import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.ws.rs.BadRequestException;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.junit.Assert.*;
import org.keycloak.events.EventType;
import org.keycloak.events.log.JBossLoggingEventListenerProviderFactory;
@ -153,6 +155,9 @@ public class RealmTest extends AbstractAdminTest {
Assert.assertNames(adminClient.realms().findAll(), "master", AuthRealm.TEST, REALM_NAME, "new-realm");
List<String> clients = adminClient.realms().realm("new-realm").clients().findAll().stream().map(ClientRepresentation::getClientId).collect(Collectors.toList());
assertThat(clients, containsInAnyOrder("account", "account-console", "admin-cli", "broker", "realm-management", "security-admin-console"));
adminClient.realms().realm("new-realm").remove();
Assert.assertNames(adminClient.realms().findAll(), "master", AuthRealm.TEST, REALM_NAME);
@ -663,7 +668,7 @@ public class RealmTest extends AbstractAdminTest {
GlobalRequestResult globalRequestResult = realm.pushRevocation();
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "push-revocation", globalRequestResult, ResourceType.REALM);
assertThat(globalRequestResult.getSuccessRequests(), Matchers.containsInAnyOrder(oauth.AUTH_SERVER_ROOT + "/realms/master/app/admin"));
assertThat(globalRequestResult.getSuccessRequests(), containsInAnyOrder(oauth.AUTH_SERVER_ROOT + "/realms/master/app/admin"));
assertNull(globalRequestResult.getFailedRequests());
PushNotBeforeAction adminPushNotBefore = testingClient.testApp().getAdminPushNotBefore();
@ -685,8 +690,8 @@ public class RealmTest extends AbstractAdminTest {
GlobalRequestResult globalRequestResult = realm.pushRevocation();
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, "push-revocation", globalRequestResult, ResourceType.REALM);
assertThat(globalRequestResult.getSuccessRequests(), Matchers.containsInAnyOrder(oauth.AUTH_SERVER_ROOT + "/realms/master/app/admin"));
assertThat(globalRequestResult.getFailedRequests(), Matchers.containsInAnyOrder(oauth.AUTH_SERVER_ROOT + "/realms/master/saml-app/saml"));
assertThat(globalRequestResult.getSuccessRequests(), containsInAnyOrder(oauth.AUTH_SERVER_ROOT + "/realms/master/app/admin"));
assertThat(globalRequestResult.getFailedRequests(), containsInAnyOrder(oauth.AUTH_SERVER_ROOT + "/realms/master/saml-app/saml"));
PushNotBeforeAction adminPushNotBefore = testingClient.testApp().getAdminPushNotBefore();
assertEquals(time, adminPushNotBefore.getNotBefore());

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/exportimport/ExportImportUtil.java
View file

@ -110,7 +110,7 @@ public class ExportImportUtil {
Assert.assertEquals(0, userRsc.getFederatedIdentity().size());
List<ClientRepresentation> resources = realmRsc.clients().findAll();
Assert.assertEquals(9, resources.size());
Assert.assertEquals(10, resources.size());
// Test applications imported
ClientRepresentation application = ApiUtil.findClientByClientId(realmRsc, "Application").toRepresentation();
@ -121,7 +121,7 @@ public class ExportImportUtil {
Assert.assertNotNull(otherApp);
Assert.assertNull(nonExisting);
List<ClientRepresentation> clients = realmRsc.clients().findAll();
Assert.assertEquals(9, clients.size());
Assert.assertEquals(10, clients.size());
Assert.assertTrue(hasClient(clients, application));
Assert.assertTrue(hasClient(clients, otherApp));
Assert.assertTrue(hasClient(clients, accountApp));

40
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/AbstractMigrationTest.java
View file

@ -28,6 +28,7 @@ import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.common.constants.KerberosConstants;
import org.keycloak.component.PrioritizedComponentModel;
import org.keycloak.keys.KeyProvider;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.ClientModel;
@ -75,9 +76,11 @@ import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
@ -116,7 +119,7 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest {
protected void testMigratedMigrationData(boolean supportsAuthzService) {
assertNames(migrationRealm.roles().list(), "offline_access", "uma_authorization", "migration-test-realm-role");
List<String> expectedClientIds = new ArrayList<>(Arrays.asList("account", "admin-cli", "broker", "migration-test-client", "realm-management", "security-admin-console"));
List<String> expectedClientIds = new ArrayList<>(Arrays.asList("account", "account-console", "admin-cli", "broker", "migration-test-client", "realm-management", "security-admin-console"));
if (supportsAuthzService) {
expectedClientIds.add("authz-servlet");
@ -132,7 +135,7 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest {
protected void testMigratedMasterData() {
assertNames(masterRealm.roles().list(), "offline_access", "uma_authorization", "create-realm", "master-test-realm-role", "admin");
assertNames(masterRealm.clients().findAll(), "admin-cli", "security-admin-console", "broker", "account",
assertNames(masterRealm.clients().findAll(), "admin-cli", "security-admin-console", "broker", "account", "account-console",
"master-realm", "master-test-client", "Migration-realm", "Migration2-realm");
String id = masterRealm.clients().findByClientId("master-test-client").get(0).getId();
assertNames(masterRealm.clients().get(id).roles().list(), "master-test-client-role");
@ -270,6 +273,11 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest {
testResourceTag();
}
protected void testMigrationTo9_0_0() {
testAccountConsoleClient(masterRealm);
testAccountConsoleClient(migrationRealm);
}
private void testAdminClientUrls(RealmResource realm) {
ClientRepresentation adminConsoleClient = realm.clients().findByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID).get(0);
@ -292,6 +300,29 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest {
assertEquals(1, accountConsoleClient.getRedirectUris().size());
}
private void testAccountConsoleClient(RealmResource realm) {
ClientRepresentation accountConsoleClient = realm.clients().findByClientId(Constants.ACCOUNT_CONSOLE_CLIENT_ID).get(0);
assertEquals(Constants.AUTH_BASE_URL_PROP, accountConsoleClient.getRootUrl());
assertEquals("/realms/" + realm.toRepresentation().getRealm() + "/account/", accountConsoleClient.getBaseUrl());
assertTrue(accountConsoleClient.isPublicClient());
assertFalse(accountConsoleClient.isFullScopeAllowed());
assertTrue(accountConsoleClient.isStandardFlowEnabled());
assertFalse(accountConsoleClient.isDirectAccessGrantsEnabled());
ClientResource clientResource = realm.clients().get(accountConsoleClient.getId());
MappingsRepresentation scopes = clientResource.getScopeMappings().getAll();
assertNull(scopes.getRealmMappings());
assertEquals(1, scopes.getClientMappings().size());
assertEquals(1, scopes.getClientMappings().get(ACCOUNT_MANAGEMENT_CLIENT_ID).getMappings().size());
assertEquals(MANAGE_ACCOUNT, scopes.getClientMappings().get(ACCOUNT_MANAGEMENT_CLIENT_ID).getMappings().get(0).getName());
List<ProtocolMapperRepresentation> mappers = clientResource.getProtocolMappers().getMappers();
assertEquals(1, mappers.size());
assertEquals("oidc-audience-resolve-mapper", mappers.get(0).getProtocolMapper());
}
private void testDecisionStrategySetOnResourceServer() {
ClientsResource clients = migrationRealm.clients();
ClientRepresentation clientRepresentation = clients.findByClientId("authz-servlet").get(0);
@ -431,7 +462,7 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest {
ClientsResource clients = migrationRealm.clients();
ClientRepresentation clientRepresentation = clients.findByClientId("authz-servlet").get(0);
ResourceRepresentation resource = clients.get(clientRepresentation.getId()).authorization().resources().findByName("Protected Resource").get(0);
org.junit.Assert.assertThat(resource.getUris(), Matchers.containsInAnyOrder("/*"));
org.junit.Assert.assertThat(resource.getUris(), containsInAnyOrder("/*"));
}
protected void testAuthorizationServices(RealmResource... realms) {
@ -741,6 +772,9 @@ public abstract class AbstractMigrationTest extends AbstractKeycloakTest {
protected void testMigrationTo8_x() {
testMigrationTo8_0_0();
}
protected void testMigrationTo9_x() {
testMigrationTo9_0_0();
}
protected void testMigrationTo7_x(boolean supportedAuthzServices) {
if (supportedAuthzServices) {

1
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport198MigrationTest.java
View file

@ -77,6 +77,7 @@ public class JsonFileImport198MigrationTest extends AbstractJsonFileImportMigrat
testMigrationTo6_x();
testMigrationTo7_x(false);
testMigrationTo8_x();
testMigrationTo9_x();
}
@Override

1
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport255MigrationTest.java
View file

@ -70,6 +70,7 @@ public class JsonFileImport255MigrationTest extends AbstractJsonFileImportMigrat
testMigrationTo6_x();
testMigrationTo7_x(true);
testMigrationTo8_x();
testMigrationTo9_x();
}
}

1
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport343MigrationTest.java
View file

@ -69,6 +69,7 @@ public class JsonFileImport343MigrationTest extends AbstractJsonFileImportMigrat
testMigrationTo6_x();
testMigrationTo7_x(true);
testMigrationTo8_x();
testMigrationTo9_x();
}
}

1
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/JsonFileImport483MigrationTest.java
View file

@ -63,6 +63,7 @@ public class JsonFileImport483MigrationTest extends AbstractJsonFileImportMigrat
testMigrationTo6_x();
testMigrationTo7_x(true);
testMigrationTo8_x();
testMigrationTo9_x();
}
}

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java
View file

@ -73,6 +73,7 @@ public class MigrationTest extends AbstractMigrationTest {
testMigrationTo6_x();
testMigrationTo7_x(true);
testMigrationTo8_x();
testMigrationTo9_x();
}
@Test
@ -84,6 +85,7 @@ public class MigrationTest extends AbstractMigrationTest {
testMigrationTo6_x();
testMigrationTo7_x(true);
testMigrationTo8_x();
testMigrationTo9_x();
}
@Test
@ -96,6 +98,7 @@ public class MigrationTest extends AbstractMigrationTest {
testMigrationTo6_x();
testMigrationTo7_x(true);
testMigrationTo8_x();
testMigrationTo9_x();
}
@Test
@ -109,6 +112,7 @@ public class MigrationTest extends AbstractMigrationTest {
testMigrationTo6_x();
testMigrationTo7_x(false);
testMigrationTo8_x();
testMigrationTo9_x();
}
}

1
themes/src/main/resources/theme/base/account/messages/messages_en.properties
View file

@ -84,6 +84,7 @@ role_read-token=Read token
role_offline-access=Offline access
role_uma_authorization=Obtain permissions
client_account=Account
client_account-console=Account Console
client_security-admin-console=Security Admin Console
client_admin-cli=Admin CLI
client_realm-management=Realm Management

1
themes/src/main/resources/theme/base/login/messages/messages_en.properties
View file

@ -150,6 +150,7 @@ role_manage-account-links=Manage account links
role_read-token=Read token
role_offline-access=Offline access
client_account=Account
client_account-console=Account Console
client_security-admin-console=Security Admin Console
client_admin-cli=Admin CLI
client_realm-management=Realm Management

6
themes/src/main/resources/theme/keycloak-preview/account/index.ftl
View file

@ -86,7 +86,11 @@
<body>
<script>
var keycloak = Keycloak('${authUrl}/realms/${realm.name}/account/keycloak.json');
var keycloak = Keycloak({
authServerUrl: authUrl,
realm: realm,
clientId: 'account-console'
});
keycloak.init({onLoad: 'check-sso'}).success(function(authenticated) {
toggleReact();
if (!keycloak.authenticated) {

3
themes/src/main/resources/theme/keycloak-preview/account/resources/app/keycloak-service/keycloak.service.ts
View file

@ -76,7 +76,8 @@ export class KeycloakService {
}
public authServerUrl(): string | undefined {
return KeycloakService.keycloakAuth.authServerUrl;
const authServerUrl = KeycloakService.keycloakAuth.authServerUrl;
return authServerUrl!.charAt(authServerUrl!.length - 1) === '/' ? authServerUrl : authServerUrl + '/';
}
public realm(): string | undefined {