diff --git a/model/infinispan/src/main/java/org/keycloak/keys/infinispan/InfinispanPublicKeyStorageProvider.java b/model/infinispan/src/main/java/org/keycloak/keys/infinispan/InfinispanPublicKeyStorageProvider.java index 52d47dffe3..edfd392c6c 100644 --- a/model/infinispan/src/main/java/org/keycloak/keys/infinispan/InfinispanPublicKeyStorageProvider.java +++ b/model/infinispan/src/main/java/org/keycloak/keys/infinispan/InfinispanPublicKeyStorageProvider.java @@ -19,6 +19,7 @@ package org.keycloak.keys.infinispan; import java.security.PublicKey; import java.util.Collections; +import java.util.HashSet; import java.util.Map; import java.util.Set; import java.util.concurrent.Callable; @@ -32,6 +33,7 @@ import org.keycloak.common.util.Time; import org.keycloak.keys.PublicKeyLoader; import org.keycloak.keys.PublicKeyStorageProvider; import org.keycloak.models.KeycloakSession; +import org.keycloak.models.KeycloakTransaction; import org.keycloak.models.cache.infinispan.ClearCacheEvent; import org.keycloak.models.cache.infinispan.InfinispanCacheRealmProviderFactory; @@ -51,13 +53,17 @@ public class InfinispanPublicKeyStorageProvider implements PublicKeyStorageProvi private final int minTimeBetweenRequests ; + private Set invalidations = new HashSet<>(); + public InfinispanPublicKeyStorageProvider(KeycloakSession session, Cache keys, Map> tasksInProgress, int minTimeBetweenRequests) { this.session = session; this.keys = keys; this.tasksInProgress = tasksInProgress; this.minTimeBetweenRequests = minTimeBetweenRequests; + session.getTransactionManager().enlistAfterCompletion(getAfterTransaction()); } + @Override public void clearCache() { keys.clear(); @@ -65,6 +71,56 @@ public class InfinispanPublicKeyStorageProvider implements PublicKeyStorageProvi cluster.notify(InfinispanPublicKeyStorageProviderFactory.KEYS_CLEAR_CACHE_EVENTS, new ClearCacheEvent(), true); } + + void addInvalidation(String cacheKey) { + this.invalidations.add(cacheKey); + } + + + protected KeycloakTransaction getAfterTransaction() { + return new KeycloakTransaction() { + + @Override + public void begin() { + } + + @Override + public void commit() { + runInvalidations(); + } + + @Override + public void rollback() { + runInvalidations(); + } + + @Override + public void setRollbackOnly() { + } + + @Override + public boolean getRollbackOnly() { + return false; + } + + @Override + public boolean isActive() { + return true; + } + }; + } + + + protected void runInvalidations() { + ClusterProvider cluster = session.getProvider(ClusterProvider.class); + + for (String cacheKey : invalidations) { + keys.remove(cacheKey); + cluster.notify(cacheKey, PublicKeyStorageInvalidationEvent.create(cacheKey), true); + } + } + + @Override public PublicKey getPublicKey(String modelKey, String kid, PublicKeyLoader loader) { // Check if key is in cache diff --git a/model/infinispan/src/main/java/org/keycloak/keys/infinispan/InfinispanPublicKeyStorageProviderFactory.java b/model/infinispan/src/main/java/org/keycloak/keys/infinispan/InfinispanPublicKeyStorageProviderFactory.java index 8f2e321b0e..42a73fca17 100644 --- a/model/infinispan/src/main/java/org/keycloak/keys/infinispan/InfinispanPublicKeyStorageProviderFactory.java +++ b/model/infinispan/src/main/java/org/keycloak/keys/infinispan/InfinispanPublicKeyStorageProviderFactory.java @@ -30,9 +30,14 @@ import org.keycloak.connections.infinispan.InfinispanConnectionProvider; import org.keycloak.keys.PublicKeyStorageProvider; import org.keycloak.keys.PublicKeyStorageSpi; import org.keycloak.keys.PublicKeyStorageProviderFactory; +import org.keycloak.keys.PublicKeyStorageUtils; +import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; +import org.keycloak.models.RealmModel; import org.keycloak.models.cache.infinispan.events.InvalidationEvent; +import org.keycloak.provider.ProviderEvent; +import org.keycloak.provider.ProviderEventListener; /** * @author Marek Posolda @@ -45,7 +50,7 @@ public class InfinispanPublicKeyStorageProviderFactory implements PublicKeyStora public static final String KEYS_CLEAR_CACHE_EVENTS = "KEYS_CLEAR_CACHE_EVENTS"; - private Cache keysCache; + private volatile Cache keysCache; private final Map> tasksInProgress = new ConcurrentHashMap<>(); @@ -64,6 +69,15 @@ public class InfinispanPublicKeyStorageProviderFactory implements PublicKeyStora this.keysCache = session.getProvider(InfinispanConnectionProvider.class).getCache(InfinispanConnectionProvider.KEYS_CACHE_NAME); ClusterProvider cluster = session.getProvider(ClusterProvider.class); + cluster.registerListener(ClusterProvider.ALL, (ClusterEvent event) -> { + + if (event instanceof PublicKeyStorageInvalidationEvent) { + PublicKeyStorageInvalidationEvent invalidationEvent = (PublicKeyStorageInvalidationEvent) event; + keysCache.remove(invalidationEvent.getCacheKey()); + } + + }); + cluster.registerListener(KEYS_CLEAR_CACHE_EVENTS, (ClusterEvent event) -> { keysCache.clear(); @@ -82,6 +96,55 @@ public class InfinispanPublicKeyStorageProviderFactory implements PublicKeyStora @Override public void postInit(KeycloakSessionFactory factory) { + factory.register(new ProviderEventListener() { + + @Override + public void onEvent(ProviderEvent event) { + if (keysCache == null) { + return; + } + + SessionAndKeyHolder cacheKey = getCacheKeyToInvalidate(event); + if (cacheKey != null) { + log.debugf("Invalidating %s from keysCache", cacheKey); + InfinispanPublicKeyStorageProvider provider = (InfinispanPublicKeyStorageProvider) cacheKey.session.getProvider(PublicKeyStorageProvider.class, getId()); + provider.addInvalidation(cacheKey.cacheKey); + } + } + + }); + } + + private SessionAndKeyHolder getCacheKeyToInvalidate(ProviderEvent event) { + if (event instanceof RealmModel.ClientUpdatedEvent) { + RealmModel.ClientUpdatedEvent eventt = (RealmModel.ClientUpdatedEvent) event; + String cacheKey = PublicKeyStorageUtils.getClientModelCacheKey(eventt.getUpdatedClient().getRealm().getId(), eventt.getUpdatedClient().getId()); + return new SessionAndKeyHolder(eventt.getKeycloakSession(), cacheKey); + } else if (event instanceof RealmModel.ClientRemovedEvent) { + RealmModel.ClientRemovedEvent eventt = (RealmModel.ClientRemovedEvent) event; + String cacheKey = PublicKeyStorageUtils.getClientModelCacheKey(eventt.getClient().getRealm().getId(), eventt.getClient().getId()); + return new SessionAndKeyHolder(eventt.getKeycloakSession(), cacheKey); + } else if (event instanceof RealmModel.IdentityProviderUpdatedEvent) { + RealmModel.IdentityProviderUpdatedEvent eventt = (RealmModel.IdentityProviderUpdatedEvent) event; + String cacheKey = PublicKeyStorageUtils.getIdpModelCacheKey(eventt.getRealm().getId(), eventt.getUpdatedIdentityProvider().getInternalId()); + return new SessionAndKeyHolder(eventt.getKeycloakSession(), cacheKey); + } else if (event instanceof RealmModel.IdentityProviderRemovedEvent) { + RealmModel.IdentityProviderRemovedEvent eventt = (RealmModel.IdentityProviderRemovedEvent) event; + String cacheKey = PublicKeyStorageUtils.getIdpModelCacheKey(eventt.getRealm().getId(), eventt.getRemovedIdentityProvider().getInternalId()); + return new SessionAndKeyHolder(eventt.getKeycloakSession(), cacheKey); + } else { + return null; + } + } + + private class SessionAndKeyHolder { + private final KeycloakSession session; + private final String cacheKey; + + public SessionAndKeyHolder(KeycloakSession session, String cacheKey) { + this.session = session; + this.cacheKey = cacheKey; + } } diff --git a/model/infinispan/src/main/java/org/keycloak/keys/infinispan/PublicKeyStorageInvalidationEvent.java b/model/infinispan/src/main/java/org/keycloak/keys/infinispan/PublicKeyStorageInvalidationEvent.java new file mode 100644 index 0000000000..1afcf42308 --- /dev/null +++ b/model/infinispan/src/main/java/org/keycloak/keys/infinispan/PublicKeyStorageInvalidationEvent.java @@ -0,0 +1,48 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.keys.infinispan; + +import org.keycloak.models.cache.infinispan.events.InvalidationEvent; + +/** + * @author Marek Posolda + */ +public class PublicKeyStorageInvalidationEvent extends InvalidationEvent { + + private String cacheKey; + + public static PublicKeyStorageInvalidationEvent create(String cacheKey) { + PublicKeyStorageInvalidationEvent event = new PublicKeyStorageInvalidationEvent(); + event.cacheKey = cacheKey; + return event; + } + + @Override + public String getId() { + return cacheKey; + } + + public String getCacheKey() { + return cacheKey; + } + + @Override + public String toString() { + return "PublicKeyStorageInvalidationEvent [ " + cacheKey + " ]"; + } +} diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java index b3f58b4f1f..830da5fbe5 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java @@ -960,23 +960,7 @@ public class RealmAdapter implements RealmModel, JpaModel { List identityProviders = new ArrayList(); for (IdentityProviderEntity entity: entities) { - IdentityProviderModel identityProviderModel = new IdentityProviderModel(); - identityProviderModel.setProviderId(entity.getProviderId()); - identityProviderModel.setAlias(entity.getAlias()); - identityProviderModel.setDisplayName(entity.getDisplayName()); - - identityProviderModel.setInternalId(entity.getInternalId()); - Map config = entity.getConfig(); - Map copy = new HashMap<>(); - copy.putAll(config); - identityProviderModel.setConfig(copy); - identityProviderModel.setEnabled(entity.isEnabled()); - identityProviderModel.setTrustEmail(entity.isTrustEmail()); - identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault()); - identityProviderModel.setFirstBrokerLoginFlowId(entity.getFirstBrokerLoginFlowId()); - identityProviderModel.setPostBrokerLoginFlowId(entity.getPostBrokerLoginFlowId()); - identityProviderModel.setStoreToken(entity.isStoreToken()); - identityProviderModel.setAddReadTokenRoleOnCreate(entity.isAddReadTokenRoleOnCreate()); + IdentityProviderModel identityProviderModel = entityToModel(entity); identityProviders.add(identityProviderModel); } @@ -984,6 +968,27 @@ public class RealmAdapter implements RealmModel, JpaModel { return Collections.unmodifiableList(identityProviders); } + private IdentityProviderModel entityToModel(IdentityProviderEntity entity) { + IdentityProviderModel identityProviderModel = new IdentityProviderModel(); + identityProviderModel.setProviderId(entity.getProviderId()); + identityProviderModel.setAlias(entity.getAlias()); + identityProviderModel.setDisplayName(entity.getDisplayName()); + + identityProviderModel.setInternalId(entity.getInternalId()); + Map config = entity.getConfig(); + Map copy = new HashMap<>(); + copy.putAll(config); + identityProviderModel.setConfig(copy); + identityProviderModel.setEnabled(entity.isEnabled()); + identityProviderModel.setTrustEmail(entity.isTrustEmail()); + identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault()); + identityProviderModel.setFirstBrokerLoginFlowId(entity.getFirstBrokerLoginFlowId()); + identityProviderModel.setPostBrokerLoginFlowId(entity.getPostBrokerLoginFlowId()); + identityProviderModel.setStoreToken(entity.isStoreToken()); + identityProviderModel.setAddReadTokenRoleOnCreate(entity.isAddReadTokenRoleOnCreate()); + return identityProviderModel; + } + @Override public IdentityProviderModel getIdentityProviderByAlias(String alias) { for (IdentityProviderModel identityProviderModel : getIdentityProviders()) { @@ -1024,8 +1029,28 @@ public class RealmAdapter implements RealmModel, JpaModel { public void removeIdentityProviderByAlias(String alias) { for (IdentityProviderEntity entity : realm.getIdentityProviders()) { if (entity.getAlias().equals(alias)) { + em.remove(entity); em.flush(); + + session.getKeycloakSessionFactory().publish(new RealmModel.IdentityProviderRemovedEvent() { + + @Override + public RealmModel getRealm() { + return RealmAdapter.this; + } + + @Override + public IdentityProviderModel getRemovedIdentityProvider() { + return entityToModel(entity); + } + + @Override + public KeycloakSession getKeycloakSession() { + return session; + } + }); + } } } @@ -1048,6 +1073,24 @@ public class RealmAdapter implements RealmModel, JpaModel { } em.flush(); + + session.getKeycloakSessionFactory().publish(new RealmModel.IdentityProviderUpdatedEvent() { + + @Override + public RealmModel getRealm() { + return RealmAdapter.this; + } + + @Override + public IdentityProviderModel getUpdatedIdentityProvider() { + return identityProvider; + } + + @Override + public KeycloakSession getKeycloakSession() { + return session; + } + }); } @Override diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java index d581710fbc..429d389dac 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java @@ -775,23 +775,7 @@ public class RealmAdapter extends AbstractMongoAdapter impleme List identityProviders = new ArrayList(); for (IdentityProviderEntity entity: entities) { - IdentityProviderModel identityProviderModel = new IdentityProviderModel(); - - identityProviderModel.setProviderId(entity.getProviderId()); - identityProviderModel.setAlias(entity.getAlias()); - identityProviderModel.setDisplayName(entity.getDisplayName()); - identityProviderModel.setInternalId(entity.getInternalId()); - Map config = entity.getConfig(); - Map copy = new HashMap<>(); - copy.putAll(config); - identityProviderModel.setConfig(copy); - identityProviderModel.setEnabled(entity.isEnabled()); - identityProviderModel.setTrustEmail(entity.isTrustEmail()); - identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault()); - identityProviderModel.setFirstBrokerLoginFlowId(entity.getFirstBrokerLoginFlowId()); - identityProviderModel.setPostBrokerLoginFlowId(entity.getPostBrokerLoginFlowId()); - identityProviderModel.setStoreToken(entity.isStoreToken()); - identityProviderModel.setAddReadTokenRoleOnCreate(entity.isAddReadTokenRoleOnCreate()); + IdentityProviderModel identityProviderModel = entityToModel(entity); identityProviders.add(identityProviderModel); } @@ -799,6 +783,27 @@ public class RealmAdapter extends AbstractMongoAdapter impleme return Collections.unmodifiableList(identityProviders); } + private IdentityProviderModel entityToModel(IdentityProviderEntity entity) { + IdentityProviderModel identityProviderModel = new IdentityProviderModel(); + + identityProviderModel.setProviderId(entity.getProviderId()); + identityProviderModel.setAlias(entity.getAlias()); + identityProviderModel.setDisplayName(entity.getDisplayName()); + identityProviderModel.setInternalId(entity.getInternalId()); + Map config = entity.getConfig(); + Map copy = new HashMap<>(); + copy.putAll(config); + identityProviderModel.setConfig(copy); + identityProviderModel.setEnabled(entity.isEnabled()); + identityProviderModel.setTrustEmail(entity.isTrustEmail()); + identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault()); + identityProviderModel.setFirstBrokerLoginFlowId(entity.getFirstBrokerLoginFlowId()); + identityProviderModel.setPostBrokerLoginFlowId(entity.getPostBrokerLoginFlowId()); + identityProviderModel.setStoreToken(entity.isStoreToken()); + identityProviderModel.setAddReadTokenRoleOnCreate(entity.isAddReadTokenRoleOnCreate()); + return identityProviderModel; + } + @Override public IdentityProviderModel getIdentityProviderByAlias(String alias) { for (IdentityProviderModel identityProviderModel : getIdentityProviders()) { @@ -837,6 +842,25 @@ public class RealmAdapter extends AbstractMongoAdapter impleme if (entity.getAlias().equals(alias)) { realm.getIdentityProviders().remove(entity); updateRealm(); + + session.getKeycloakSessionFactory().publish(new RealmModel.IdentityProviderRemovedEvent() { + + @Override + public RealmModel getRealm() { + return RealmAdapter.this; + } + + @Override + public IdentityProviderModel getRemovedIdentityProvider() { + return entityToModel(entity); + } + + @Override + public KeycloakSession getKeycloakSession() { + return session; + } + }); + break; } } @@ -860,6 +884,24 @@ public class RealmAdapter extends AbstractMongoAdapter impleme } updateRealm(); + + session.getKeycloakSessionFactory().publish(new RealmModel.IdentityProviderUpdatedEvent() { + + @Override + public RealmModel getRealm() { + return RealmAdapter.this; + } + + @Override + public IdentityProviderModel getUpdatedIdentityProvider() { + return identityProvider; + } + + @Override + public KeycloakSession getKeycloakSession() { + return session; + } + }); } @Override diff --git a/server-spi-private/src/main/java/org/keycloak/keys/PublicKeyStorageUtils.java b/server-spi-private/src/main/java/org/keycloak/keys/PublicKeyStorageUtils.java new file mode 100644 index 0000000000..52eb7db513 --- /dev/null +++ b/server-spi-private/src/main/java/org/keycloak/keys/PublicKeyStorageUtils.java @@ -0,0 +1,33 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.keys; + +/** + * @author Marek Posolda + */ +public class PublicKeyStorageUtils { + + public static String getClientModelCacheKey(String realmId, String clientUuid) { + return realmId + "::client::" + clientUuid; + } + + public static String getIdpModelCacheKey(String realmId, String idpInternalId) { + return realmId + "::idp::" + idpInternalId; + } + +} diff --git a/server-spi/src/main/java/org/keycloak/models/RealmModel.java b/server-spi/src/main/java/org/keycloak/models/RealmModel.java index 4409b9d88d..3149f50308 100755 --- a/server-spi/src/main/java/org/keycloak/models/RealmModel.java +++ b/server-spi/src/main/java/org/keycloak/models/RealmModel.java @@ -67,6 +67,18 @@ public interface RealmModel extends RoleContainerModel { KeycloakSession getKeycloakSession(); } + interface IdentityProviderUpdatedEvent extends ProviderEvent { + RealmModel getRealm(); + IdentityProviderModel getUpdatedIdentityProvider(); + KeycloakSession getKeycloakSession(); + } + + interface IdentityProviderRemovedEvent extends ProviderEvent { + RealmModel getRealm(); + IdentityProviderModel getRemovedIdentityProvider(); + KeycloakSession getKeycloakSession(); + } + String getId(); String getName(); diff --git a/services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java b/services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java index 0ef527629d..951d03ae8c 100755 --- a/services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java +++ b/services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java @@ -66,6 +66,7 @@ import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.QueryParam; +import javax.ws.rs.PathParam; import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; @@ -92,6 +93,7 @@ public class SAMLEndpoint { public static final String SAML_FEDERATED_SUBJECT_NAMEFORMAT = "SAML_FEDERATED_SUBJECT_NAMEFORMAT"; public static final String SAML_LOGIN_RESPONSE = "SAML_LOGIN_RESPONSE"; public static final String SAML_ASSERTION = "SAML_ASSERTION"; + public static final String SAML_IDP_INITIATED_CLIENT_ID = "SAML_IDP_INITIATED_CLIENT_ID"; public static final String SAML_AUTHN_STATEMENT = "SAML_AUTHN_STATEMENT"; protected RealmModel realm; protected EventBuilder event; @@ -130,7 +132,7 @@ public class SAMLEndpoint { public Response redirectBinding(@QueryParam(GeneralConstants.SAML_REQUEST_KEY) String samlRequest, @QueryParam(GeneralConstants.SAML_RESPONSE_KEY) String samlResponse, @QueryParam(GeneralConstants.RELAY_STATE) String relayState) { - return new RedirectBinding().execute(samlRequest, samlResponse, relayState); + return new RedirectBinding().execute(samlRequest, samlResponse, relayState, null); } @@ -141,7 +143,29 @@ public class SAMLEndpoint { public Response postBinding(@FormParam(GeneralConstants.SAML_REQUEST_KEY) String samlRequest, @FormParam(GeneralConstants.SAML_RESPONSE_KEY) String samlResponse, @FormParam(GeneralConstants.RELAY_STATE) String relayState) { - return new PostBinding().execute(samlRequest, samlResponse, relayState); + return new PostBinding().execute(samlRequest, samlResponse, relayState, null); + } + + @Path("clients/{client_id}") + @GET + public Response redirectBinding(@QueryParam(GeneralConstants.SAML_REQUEST_KEY) String samlRequest, + @QueryParam(GeneralConstants.SAML_RESPONSE_KEY) String samlResponse, + @QueryParam(GeneralConstants.RELAY_STATE) String relayState, + @PathParam("client_id") String clientId) { + return new RedirectBinding().execute(samlRequest, samlResponse, relayState, clientId); + } + + + /** + */ + @Path("clients/{client_id}") + @POST + @Consumes(MediaType.APPLICATION_FORM_URLENCODED) + public Response postBinding(@FormParam(GeneralConstants.SAML_REQUEST_KEY) String samlRequest, + @FormParam(GeneralConstants.SAML_RESPONSE_KEY) String samlResponse, + @FormParam(GeneralConstants.RELAY_STATE) String relayState, + @PathParam("client_id") String clientId) { + return new PostBinding().execute(samlRequest, samlResponse, relayState, clientId); } protected abstract class Binding { @@ -194,12 +218,12 @@ public class SAMLEndpoint { return new HardcodedKeyLocator(keys); } - public Response execute(String samlRequest, String samlResponse, String relayState) { + public Response execute(String samlRequest, String samlResponse, String relayState, String clientId) { event = new EventBuilder(realm, session, clientConnection); Response response = basicChecks(samlRequest, samlResponse); if (response != null) return response; if (samlRequest != null) return handleSamlRequest(samlRequest, relayState); - else return handleSamlResponse(samlResponse, relayState); + else return handleSamlResponse(samlResponse, relayState, clientId); } protected Response handleSamlRequest(String samlRequest, String relayState) { @@ -304,7 +328,7 @@ public class SAMLEndpoint { private String getEntityId(UriInfo uriInfo, RealmModel realm) { return UriBuilder.fromUri(uriInfo.getBaseUri()).path("realms").path(realm.getName()).build().toString(); } - protected Response handleLoginResponse(String samlResponse, SAMLDocumentHolder holder, ResponseType responseType, String relayState) { + protected Response handleLoginResponse(String samlResponse, SAMLDocumentHolder holder, ResponseType responseType, String relayState, String clientId) { try { KeyManager.ActiveKey keys = session.keys().getActiveKey(realm); @@ -316,6 +340,9 @@ public class SAMLEndpoint { BrokeredIdentityContext identity = new BrokeredIdentityContext(subjectNameID.getValue()); identity.getContextData().put(SAML_LOGIN_RESPONSE, responseType); identity.getContextData().put(SAML_ASSERTION, assertion); + if (clientId != null && ! clientId.trim().isEmpty()) { + identity.getContextData().put(SAML_IDP_INITIATED_CLIENT_ID, clientId); + } identity.setUsername(subjectNameID.getValue()); @@ -369,7 +396,7 @@ public class SAMLEndpoint { - public Response handleSamlResponse(String samlResponse, String relayState) { + public Response handleSamlResponse(String samlResponse, String relayState, String clientId) { SAMLDocumentHolder holder = extractResponseDocument(samlResponse); StatusResponseType statusResponse = (StatusResponseType)holder.getSamlObject(); // validate destination @@ -390,7 +417,7 @@ public class SAMLEndpoint { } } if (statusResponse instanceof ResponseType) { - return handleLoginResponse(samlResponse, holder, (ResponseType)statusResponse, relayState); + return handleLoginResponse(samlResponse, holder, (ResponseType)statusResponse, relayState, clientId); } else { // todo need to check that it is actually a LogoutResponse diff --git a/services/src/main/java/org/keycloak/keys/loader/PublicKeyStorageManager.java b/services/src/main/java/org/keycloak/keys/loader/PublicKeyStorageManager.java index 811dacf185..d4507e9761 100644 --- a/services/src/main/java/org/keycloak/keys/loader/PublicKeyStorageManager.java +++ b/services/src/main/java/org/keycloak/keys/loader/PublicKeyStorageManager.java @@ -22,6 +22,7 @@ import java.security.PublicKey; import org.keycloak.broker.oidc.OIDCIdentityProviderConfig; import org.keycloak.jose.jws.JWSInput; import org.keycloak.keys.PublicKeyStorageProvider; +import org.keycloak.keys.PublicKeyStorageUtils; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; @@ -36,27 +37,20 @@ public class PublicKeyStorageManager { PublicKeyStorageProvider keyStorage = session.getProvider(PublicKeyStorageProvider.class); - String modelKey = getModelKey(client); + String modelKey = PublicKeyStorageUtils.getClientModelCacheKey(client.getRealm().getId(), client.getId()); ClientPublicKeyLoader loader = new ClientPublicKeyLoader(session, client); return keyStorage.getPublicKey(modelKey, kid, loader); } - private static String getModelKey(ClientModel client) { - return client.getRealm().getId() + "::client::" + client.getId(); - } - public static PublicKey getIdentityProviderPublicKey(KeycloakSession session, RealmModel realm, OIDCIdentityProviderConfig idpConfig, JWSInput input) { String kid = input.getHeader().getKeyId(); PublicKeyStorageProvider keyStorage = session.getProvider(PublicKeyStorageProvider.class); - String modelKey = getModelKey(realm, idpConfig); + String modelKey = PublicKeyStorageUtils.getIdpModelCacheKey(realm.getId(), idpConfig.getInternalId()); OIDCIdentityProviderPublicKeyLoader loader = new OIDCIdentityProviderPublicKeyLoader(session, idpConfig); return keyStorage.getPublicKey(modelKey, kid, loader); } - private static String getModelKey(RealmModel realm, OIDCIdentityProviderConfig idpConfig) { - return realm.getId() + "::idp::" + idpConfig.getInternalId(); - } } diff --git a/services/src/main/java/org/keycloak/protocol/saml/SamlService.java b/services/src/main/java/org/keycloak/protocol/saml/SamlService.java index 14c550396b..c404ef8eee 100755 --- a/services/src/main/java/org/keycloak/protocol/saml/SamlService.java +++ b/services/src/main/java/org/keycloak/protocol/saml/SamlService.java @@ -611,12 +611,29 @@ public class SamlService extends AuthorizationEndpointBase { return ErrorPage.error(session, Messages.INVALID_REDIRECT_URI); } + ClientSessionModel clientSession = createClientSessionForIdpInitiatedSso(this.session, this.realm, client, relayState); + + return newBrowserAuthentication(clientSession, false, false); + } + + /** + * Creates a client session object for SAML IdP-initiated SSO session. + * The session takes the parameters from from client definition, + * namely binding type and redirect URL. + * + * @param session KC session + * @param realm Realm to create client session in + * @param client Client to create client session for + * @param relayState Optional relay state - free field as per SAML specification + * @return + */ + public static ClientSessionModel createClientSessionForIdpInitiatedSso(KeycloakSession session, RealmModel realm, ClientModel client, String relayState) { String bindingType = SamlProtocol.SAML_POST_BINDING; if (client.getManagementUrl() == null && client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE) == null && client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE) != null) { bindingType = SamlProtocol.SAML_REDIRECT_BINDING; } - String redirect = null; + String redirect; if (bindingType.equals(SamlProtocol.SAML_REDIRECT_BINDING)) { redirect = client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE); } else { @@ -640,8 +657,7 @@ public class SamlService extends AuthorizationEndpointBase { clientSession.setNote(GeneralConstants.RELAY_STATE, relayState); } - return newBrowserAuthentication(clientSession, false, false); - + return clientSession; } @POST diff --git a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java index a8c4cc4040..b1f4587e28 100755 --- a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java +++ b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java @@ -19,6 +19,7 @@ package org.keycloak.services.resources; import org.jboss.logging.Logger; import org.jboss.resteasy.spi.HttpRequest; import org.jboss.resteasy.spi.ResteasyProviderFactory; + import org.keycloak.OAuth2Constants; import org.keycloak.authentication.AuthenticationProcessor; import org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator; @@ -30,6 +31,7 @@ import org.keycloak.broker.provider.IdentityBrokerException; import org.keycloak.broker.provider.IdentityProvider; import org.keycloak.broker.provider.IdentityProviderFactory; import org.keycloak.broker.provider.IdentityProviderMapper; +import org.keycloak.broker.saml.SAMLEndpoint; import org.keycloak.broker.social.SocialIdentityProvider; import org.keycloak.common.ClientConnection; import org.keycloak.common.util.ObjectUtil; @@ -54,8 +56,11 @@ import org.keycloak.models.UserModel; import org.keycloak.models.UserSessionModel; import org.keycloak.models.utils.FormMessage; import org.keycloak.protocol.oidc.TokenManager; +import org.keycloak.protocol.saml.SamlProtocol; +import org.keycloak.protocol.saml.SamlService; import org.keycloak.provider.ProviderFactory; import org.keycloak.representations.AccessToken; +import org.keycloak.saml.common.constants.GeneralConstants; import org.keycloak.services.ErrorPage; import org.keycloak.services.ErrorResponse; import org.keycloak.services.ServicesLogger; @@ -87,6 +92,8 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Objects; +import java.util.Optional; import java.util.Set; import static org.keycloak.models.AccountRoles.MANAGE_ACCOUNT; @@ -255,7 +262,12 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal public Response authenticated(BrokeredIdentityContext context) { IdentityProviderModel identityProviderConfig = context.getIdpConfig(); - ParsedCodeContext parsedCode = parseClientSessionCode(context.getCode()); + final ParsedCodeContext parsedCode; + if (context.getContextData().get(SAMLEndpoint.SAML_IDP_INITIATED_CLIENT_ID) != null) { + parsedCode = samlIdpInitiatedSSO((String) context.getContextData().get(SAMLEndpoint.SAML_IDP_INITIATED_CLIENT_ID)); + } else { + parsedCode = parseClientSessionCode(context.getCode()); + } if (parsedCode.response != null) { return parsedCode.response; } @@ -696,6 +708,53 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal return ParsedCodeContext.response(staleCodeError); } + /** + * If there is a client whose SAML IDP-initiated SSO URL name is set to the + * given {@code clientUrlName}, creates a fresh client session for that + * client and returns a {@link ParsedCodeContext} object with that session. + * Otherwise returns "client not found" response. + * + * @param clientUrlName + * @return see description + */ + private ParsedCodeContext samlIdpInitiatedSSO(final String clientUrlName) { + event.event(EventType.LOGIN); + CacheControlUtil.noBackButtonCacheControlHeader(); + Optional oClient = this.realmModel.getClients().stream() + .filter(c -> Objects.equals(c.getAttribute(SamlProtocol.SAML_IDP_INITIATED_SSO_URL_NAME), clientUrlName)) + .findFirst(); + + if (! oClient.isPresent()) { + event.error(Errors.CLIENT_NOT_FOUND); + return ParsedCodeContext.response(redirectToErrorPage(Messages.CLIENT_NOT_FOUND)); + } + + ClientSessionModel clientSession = SamlService.createClientSessionForIdpInitiatedSso(session, realmModel, oClient.get(), null); + + return ParsedCodeContext.clientSessionCode(new ClientSessionCode(session, this.realmModel, clientSession)); + } + + /** + * Returns {@code true} if the client session is defined for the given code + * in the current session and for the current realm. + * Does not check the session validity. To obtain client session if + * and only if it exists and is valid, use {@link ClientSessionCode#parse}. + * + * @param code + * @return + */ + protected boolean isClientSessionRegistered(String code) { + if (code == null) { + return false; + } + + try { + return ClientSessionCode.getClientSession(code, this.session, this.realmModel) != null; + } catch (RuntimeException e) { + return false; + } + } + private Response checkAccountManagementFailedLinking(ClientSessionModel clientSession, String error, Object... parameters) { if (clientSession.getUserSession() != null && clientSession.getClient() != null && clientSession.getClient().getClientId().equals(ACCOUNT_MANAGEMENT_CLIENT_ID)) { diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestingOIDCEndpointsApplicationResource.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestingOIDCEndpointsApplicationResource.java index cf0f55e9a2..fd35cafe46 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestingOIDCEndpointsApplicationResource.java +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestingOIDCEndpointsApplicationResource.java @@ -35,6 +35,8 @@ import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; + +import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; @@ -63,13 +65,20 @@ public class TestingOIDCEndpointsApplicationResource { @NoCache public Map generateKeys() { try { - KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); - generator.initialize(2048); - clientData.setSigningKeyPair(generator.generateKeyPair()); - } catch (NoSuchAlgorithmException e) { + KeyPair keyPair = KeyUtils.generateRsaKeyPair(2048); + clientData.setSigningKeyPair(keyPair); + } catch (Exception e) { throw new BadRequestException("Error generating signing keypair", e); } + return getKeysAsPem(); + } + + + @GET + @Produces(MediaType.APPLICATION_JSON) + @Path("/get-keys-as-pem") + public Map getKeysAsPem() { String privateKeyPem = PemUtils.encodeKey(clientData.getSigningKeyPair().getPrivate()); String publicKeyPem = PemUtils.encodeKey(clientData.getSigningKeyPair().getPublic()); diff --git a/testsuite/integration-arquillian/test-apps/app-profile-jee/README.md b/testsuite/integration-arquillian/test-apps/app-profile-jee/README.md new file mode 100644 index 0000000000..71bb42fbdd --- /dev/null +++ b/testsuite/integration-arquillian/test-apps/app-profile-jee/README.md @@ -0,0 +1,10 @@ +You need to create a client in Keycloak. The configuration options when creating the client should be: + +* Client ID: You choose +* Access Type: confidential +* Root URL: Root URL for where you're hosting the application (for example http://localhost:8080) +* Valie Redirect URIs: /app-profile-jee/* +* Base URL: /app-profile-jee/ +* Admin URL: /app-profile-jee/ + +Then, build the WAR with Maven and install as per the Adapter configuration for your server as described in the Keycloak documentation. \ No newline at end of file diff --git a/testsuite/integration-arquillian/test-apps/app-profile-jee/pom.xml b/testsuite/integration-arquillian/test-apps/app-profile-jee/pom.xml new file mode 100644 index 0000000000..d9d031a0f8 --- /dev/null +++ b/testsuite/integration-arquillian/test-apps/app-profile-jee/pom.xml @@ -0,0 +1,56 @@ + + 4.0.0 + + + org.keycloak.testsuite + integration-arquillian-test-apps + 2.4.1.Final-SNAPSHOT + + + keycloak-test-app-profile-jee + + Keycloak Test App Profile JEE + + + war + + + + + + + org.jboss.spec.javax.servlet + jboss-servlet-api_3.0_spec + provided + + + org.keycloak + keycloak-core + provided + + + org.keycloak + keycloak-adapter-core + provided + + + org.keycloak + keycloak-adapter-spi + provided + + + + + app-profile-jee + + + org.wildfly.plugins + wildfly-maven-plugin + + false + + + + + diff --git a/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/java/org/keycloak/quickstart/profilejee/Controller.java b/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/java/org/keycloak/quickstart/profilejee/Controller.java new file mode 100644 index 0000000000..2f863b913d --- /dev/null +++ b/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/java/org/keycloak/quickstart/profilejee/Controller.java @@ -0,0 +1,77 @@ +/* + * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors + * as indicated by the @author tags. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ +package org.keycloak.quickstart.profilejee; + +import java.io.IOException; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import org.keycloak.KeycloakSecurityContext; +import org.keycloak.adapters.AdapterDeploymentContext; +import org.keycloak.adapters.KeycloakDeployment; +import org.keycloak.common.util.KeycloakUriBuilder; +import org.keycloak.constants.ServiceUrlConstants; +import org.keycloak.representations.IDToken; +import org.keycloak.util.JsonSerialization; + +/** + * Controller simplifies access to the server environment from the JSP. + * + * @author Stan Silvert ssilvert@redhat.com (C) 2015 Red Hat Inc. + */ +public class Controller { + + public void handleLogout(HttpServletRequest req) throws ServletException { + if (req.getParameter("logout") != null) { + req.logout(); + } + } + + public boolean isLoggedIn(HttpServletRequest req) { + return getSession(req) != null; + } + + public boolean showToken(HttpServletRequest req) { + return req.getParameter("showToken") != null; + } + + public IDToken getIDToken(HttpServletRequest req) { + return getSession(req).getIdToken(); + } + + public String getAccountUri(HttpServletRequest req) { + KeycloakSecurityContext session = getSession(req); + String baseUrl = getAuthServerBaseUrl(req); + String realm = session.getRealm(); + return KeycloakUriBuilder.fromUri(baseUrl).path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH) + .queryParam("referrer", "app-profile-jee").build(realm).toString(); + + } + + private String getAuthServerBaseUrl(HttpServletRequest req) { + AdapterDeploymentContext deploymentContext = (AdapterDeploymentContext) req.getServletContext().getAttribute(AdapterDeploymentContext.class.getName()); + KeycloakDeployment deployment = deploymentContext.resolveDeployment(null); + return deployment.getAuthServerBaseUrl(); + } + + public String getTokenString(HttpServletRequest req) throws IOException { + return JsonSerialization.writeValueAsPrettyString(getIDToken(req)); + } + + private KeycloakSecurityContext getSession(HttpServletRequest req) { + return (KeycloakSecurityContext) req.getAttribute(KeycloakSecurityContext.class.getName()); + } +} diff --git a/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/webapp/WEB-INF/keycloak.json b/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/webapp/WEB-INF/keycloak.json new file mode 100644 index 0000000000..311f66dd7e --- /dev/null +++ b/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/webapp/WEB-INF/keycloak.json @@ -0,0 +1,10 @@ +{ + "realm": "Test", + "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", + "auth-server-url": "/auth", + "ssl-required": "external", + "resource": "app-profile-jee", + "credentials": { + "secret": "4f36f31a-be9d-4f92-b982-425301bac5df" + } +} \ No newline at end of file diff --git a/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/webapp/WEB-INF/web.xml b/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/webapp/WEB-INF/web.xml new file mode 100644 index 0000000000..c04428279b --- /dev/null +++ b/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,42 @@ + + + + + app-profile-jee + + + + /profile.jsp + + + user + + + + + KEYCLOAK + + + + user + + + diff --git a/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/webapp/index.jsp b/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/webapp/index.jsp new file mode 100644 index 0000000000..beab97258c --- /dev/null +++ b/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/webapp/index.jsp @@ -0,0 +1,47 @@ +<%-- + * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors + * as indicated by the @author tags. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. +--%> + +<%@page contentType="text/html" pageEncoding="ISO-8859-1"%> +<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> + + + + + Keycloak Example App + + + + + + <% controller.handleLogout(request); %> + + + + + + +
+
+ +
+ +
+
Please login
+
+
+ + diff --git a/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/webapp/profile.jsp b/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/webapp/profile.jsp new file mode 100644 index 0000000000..0b74a945bc --- /dev/null +++ b/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/webapp/profile.jsp @@ -0,0 +1,79 @@ +<%-- + * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors + * as indicated by the @author tags. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. +--%> + +<%@page contentType="text/html" pageEncoding="ISO-8859-1"%> +<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> + + + + + Keycloak Example App + + + + + + + + + +
+
+ + + + + + + + +
+ + +
+
${tokenString}
+ +
+ + + +
+
+ + + + + + + + + + + + + + + + + +
First name${idToken.givenName}
Last name${idToken.familyName}
Username${idToken.preferredUsername}
Email${idToken.email}
+
+
+ +
+ + diff --git a/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/webapp/styles.css b/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/webapp/styles.css new file mode 100644 index 0000000000..815abe4b8c --- /dev/null +++ b/testsuite/integration-arquillian/test-apps/app-profile-jee/src/main/webapp/styles.css @@ -0,0 +1,101 @@ + +body { + background-color: #333; + font-family: sans-serif; + font-size: 30px; +} + +button { + font-family: sans-serif; + font-size: 30px; + width: 200px; + + background-color: #0085cf; + background-image: linear-gradient(to bottom, #00a8e1 0%, #0085cf 100%); + background-repeat: repeat-x; + + border: 2px solid #ccc; + color: #fff; + -webkit-border-radius: 30px; + + text-transform: uppercase; + + -webkit-box-shadow: 2px 2px 10px 0px rgba(0,0,0,0.5); + -moz-box-shadow: 2px 2px 10px 0px rgba(0,0,0,0.5); + box-shadow: 2px 2px 10px 0px rgba(0,0,0,0.5); +} + +button:hover { + background-color: #006ba6; + background-image: none; + -webkit-box-shadow: none; + -moz-box-shadow: none; + box-shadow: none; +} + +hr { + border: none; + background-color: #eee; + height: 10px; +} + +.menu { + padding: 10px; + margin-bottom: 10px; +} + +.content { + background-color: #eee; + border: 1px solid #ccc; + padding: 10px; + -webkit-border-radius: 10px; + + -webkit-box-shadow: 2px 2px 10px 0px rgba(0,0,0,0.5); + -moz-box-shadow: 2px 2px 10px 0px rgba(0,0,0,0.5); + box-shadow: 2px 2px 10px 0px rgba(0,0,0,0.5); +} + +.content .message { + padding: 10px; + background-color: #fff; + border: 1px solid #ccc; + font-size: 40px; + -webkit-border-radius: 10px; +} + +#token .content .message { + font-size: 20px; + overflow: scroll; + padding: 5px; + white-space: pre; + text-transform: none; +} + +.wrapper { + position: absolute; + left: 10px; + top: 10px; + bottom: 10px; + right: 10px; +} + +.error { + color: #a21e22; +} + +table { + width: 100%; +} + +tr.even { + background-color: #eee; +} + +td { + padding: 5px; +} + +td.label { + font-weight: bold; + width: 250px; +} diff --git a/testsuite/integration-arquillian/test-apps/js-console/src/main/webapp/index.html b/testsuite/integration-arquillian/test-apps/js-console/src/main/webapp/index.html index 1c2b61d95d..65540f13f3 100755 --- a/testsuite/integration-arquillian/test-apps/js-console/src/main/webapp/index.html +++ b/testsuite/integration-arquillian/test-apps/js-console/src/main/webapp/index.html @@ -43,6 +43,7 @@ + @@ -215,6 +216,30 @@ TimeSkew:
req.send(); } + function cert() { + var url = 'http://localhost:8180/auth/realms/example/protocol/openid-connect/certs'; + if (window.location.href.indexOf("8543") > -1) { + url = url.replace("8180","8543"); + url = url.replace("http","https"); + } + var req = new XMLHttpRequest(); + req.open('GET', url, true); + req.setRequestHeader('Accept', 'application/json'); + req.setRequestHeader('Authorization', 'Bearer ' + keycloak.token); + req.onreadystatechange = function () { + if (req.readyState == 4) { + if (req.status == 200) { + output('Success'); + } else if (req.status == 403) { + output('Forbidden'); + } else if (req.status == 401) { + output('Unauthorized'); + } + } + }; + req.send(); + } + var keycloak; function keycloakInit() { diff --git a/testsuite/integration-arquillian/test-apps/pom.xml b/testsuite/integration-arquillian/test-apps/pom.xml index 2acbdb0211..4d74389265 100644 --- a/testsuite/integration-arquillian/test-apps/pom.xml +++ b/testsuite/integration-arquillian/test-apps/pom.xml @@ -22,6 +22,7 @@ hello-world-authz-service servlet-authz servlets + app-profile-jee @@ -35,4 +36,4 @@ - \ No newline at end of file + diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/JSConsoleTestApp.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/JSConsoleTestApp.java index 4822c4befa..069481f929 100755 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/JSConsoleTestApp.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/JSConsoleTestApp.java @@ -77,6 +77,8 @@ public class JSConsoleTestApp extends AbstractPageWithInjectedUrl { private WebElement createBearerRequest; @FindBy(xpath = "//button[text() = 'Bearer to keycloak']") private WebElement createBearerRequestToKeycloakButton; + @FindBy(xpath = "//button[text() = 'Cert request']") + private WebElement certRequestButton; @FindBy(xpath = "//button[text() = 'refresh timeSkew']") private WebElement refreshTimeSkewButton; @@ -178,4 +180,8 @@ public class JSConsoleTestApp extends AbstractPageWithInjectedUrl { public void refreshTimeSkew() { refreshTimeSkewButton.click(); } + + public void sendCertRequest() { + certRequestButton.click(); + } } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/ProductPortalSubsystem.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/ProductPortalSubsystem.java new file mode 100644 index 0000000000..f46c736612 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/ProductPortalSubsystem.java @@ -0,0 +1,43 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.adapter.page; + +import org.jboss.arquillian.container.test.api.OperateOnDeployment; +import org.jboss.arquillian.test.api.ArquillianResource; +import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl; + +import java.net.URL; + +/** + * + * @author tkyjovsk + */ +public class ProductPortalSubsystem extends AbstractPageWithInjectedUrl { + + public static final String DEPLOYMENT_NAME = "product-portal-subsystem"; + + @ArquillianResource + @OperateOnDeployment(DEPLOYMENT_NAME) + private URL url; + + @Override + public URL getInjectedUrl() { + return url; + } + +} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestOIDCEndpointsApplicationResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestOIDCEndpointsApplicationResource.java index 9c4f324967..f8d8e9828f 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestOIDCEndpointsApplicationResource.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestOIDCEndpointsApplicationResource.java @@ -37,6 +37,11 @@ public interface TestOIDCEndpointsApplicationResource { @Path("/generate-keys") Map generateKeys(); + @GET + @Produces(MediaType.APPLICATION_JSON) + @Path("/get-keys-as-pem") + Map getKeysAsPem(); + @GET @Produces(MediaType.APPLICATION_JSON) diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/WaitUtils.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/WaitUtils.java index ea4725a2c4..216e2cae83 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/WaitUtils.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/WaitUtils.java @@ -74,19 +74,21 @@ public final class WaitUtils { } public static void pause(long millis) { - log.info("Wait: " + millis + "ms"); - try { - Thread.sleep(millis); - } catch (InterruptedException ex) { - Logger.getLogger(WaitUtils.class.getName()).log(Level.SEVERE, null, ex); - Thread.currentThread().interrupt(); + if (millis > 0) { + log.info("Wait: " + millis + "ms"); + try { + Thread.sleep(millis); + } catch (InterruptedException ex) { + Logger.getLogger(WaitUtils.class.getName()).log(Level.SEVERE, null, ex); + Thread.currentThread().interrupt(); + } } } /** * Waits for page to finish any pending redirects, REST API requests etc. - * Because Keycloak's Admin Console is a single-page application, we need to take extra steps to ensure - * the page is fully loaded + * Because Keycloak's Admin Console is a single-page application, we need to + * take extra steps to ensure the page is fully loaded * * @param driver */ @@ -99,12 +101,11 @@ public final class WaitUtils { // Checks if the document is ready and asks AngularJS, if present, whether there are any REST API requests // in progress wait.until(javaScriptThrowsNoExceptions( - "if (document.readyState !== 'complete' " + - "|| (typeof angular !== 'undefined' && angular.element(document.body).injector().get('$http').pendingRequests.length !== 0)) {" + - "throw \"Not ready\";" + - "}")); - } - catch (TimeoutException e) { + "if (document.readyState !== 'complete' " + + "|| (typeof angular !== 'undefined' && angular.element(document.body).injector().get('$http').pendingRequests.length !== 0)) {" + + "throw \"Not ready\";" + + "}")); + } catch (TimeoutException e) { // Sometimes, for no obvious reason, the browser/JS doesn't set document.readyState to 'complete' correctly // but that's no reason to let the test fail; after the timeout the page is surely fully loaded log.warn("waitForPageToLoad time exceeded!"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractJSConsoleExampleAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractJSConsoleExampleAdapterTest.java index e36bc36b60..179bb0fef5 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractJSConsoleExampleAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractJSConsoleExampleAdapterTest.java @@ -189,6 +189,15 @@ public abstract class AbstractJSConsoleExampleAdapterTest extends AbstractExampl waitUntilElement(jsConsoleTestAppPage.getOutputElement()).text().contains("\"username\": \"user\""); } + @Test + public void testCertEndpoint() { + logInAndInit("standard"); + waitUntilElement(jsConsoleTestAppPage.getOutputElement()).text().contains("Init Success (Authenticated)"); + + jsConsoleTestAppPage.sendCertRequest(); + waitUntilElement(jsConsoleTestAppPage.getOutputElement()).text().contains("Success"); + } + @Test public void grantBrowserBasedApp() { testRealmPage.setAuthRealm(EXAMPLE); @@ -322,6 +331,16 @@ public abstract class AbstractJSConsoleExampleAdapterTest extends AbstractExampl waitUntilElement(jsConsoleTestAppPage.getEventsElement()).text().contains("Access token expired"); } + @Test + public void implicitFlowCertEndpoint() { + setImplicitFlowForClient(); + logInAndInit("implicit"); + waitUntilElement(jsConsoleTestAppPage.getOutputElement()).text().contains("Init Success (Authenticated)"); + + jsConsoleTestAppPage.sendCertRequest(); + waitUntilElement(jsConsoleTestAppPage.getOutputElement()).text().contains("Success"); + } + @Test public void testBearerRequest() { jsConsoleTestAppPage.navigateTo(); @@ -406,6 +425,7 @@ public abstract class AbstractJSConsoleExampleAdapterTest extends AbstractExampl jsConsoleTestAppPage.setFlow(flow); jsConsoleTestAppPage.init(); jsConsoleTestAppPage.logIn(); + waitUntilElement(By.xpath("//body")).is().present(); testRealmLoginPage.form().login(user, "password"); jsConsoleTestAppPage.setFlow(flow); jsConsoleTestAppPage.init(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoFilterServletAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoFilterServletAdapterTest.java index fed5ab7ff5..0ad81d501b 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoFilterServletAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoFilterServletAdapterTest.java @@ -13,13 +13,6 @@ import org.keycloak.testsuite.arquillian.annotation.UseServletFilter; public abstract class AbstractDemoFilterServletAdapterTest extends AbstractDemoServletsAdapterTest { - @Test - @Override - @Ignore - public void testCustomerPortalWithSubsystemSettings() { - - } - @Test @Override @Ignore diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java index ed2191d251..a7e5992012 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java @@ -14,7 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.keycloak.testsuite.adapter.servlet; import org.apache.commons.io.FileUtils; @@ -32,7 +31,6 @@ import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.common.util.Time; import org.keycloak.constants.AdapterConstants; import org.keycloak.keys.KeyProvider; -import org.keycloak.models.Constants; import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper; import org.keycloak.protocol.oidc.OIDCLoginProtocol; import org.keycloak.protocol.oidc.OIDCLoginProtocolService; @@ -48,7 +46,6 @@ import org.keycloak.testsuite.adapter.page.BasicAuth; import org.keycloak.testsuite.adapter.page.CustomerDb; import org.keycloak.testsuite.adapter.page.CustomerDbErrorPage; import org.keycloak.testsuite.adapter.page.CustomerPortal; -import org.keycloak.testsuite.adapter.page.CustomerPortalSubsystem; import org.keycloak.testsuite.adapter.page.InputPortal; import org.keycloak.testsuite.adapter.page.ProductPortal; import org.keycloak.testsuite.adapter.page.SecurePortal; @@ -58,7 +55,6 @@ import org.keycloak.testsuite.auth.page.account.Applications; import org.keycloak.testsuite.auth.page.login.OAuthGrant; import org.keycloak.testsuite.console.page.events.Config; import org.keycloak.testsuite.console.page.events.LoginEvents; -import org.keycloak.testsuite.util.URLAssert; import org.keycloak.testsuite.util.URLUtils; import org.keycloak.util.BasicAuthHelper; import org.openqa.selenium.By; @@ -86,7 +82,6 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; import org.keycloak.testsuite.adapter.page.CustomerPortalNoConf; import static org.keycloak.testsuite.auth.page.AuthRealm.DEMO; @@ -107,8 +102,6 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd @Page private CustomerPortalNoConf customerPortalNoConf; @Page - private CustomerPortalSubsystem customerPortalSubsystem; - @Page private SecurePortal securePortal; @Page private CustomerDb customerDb; @@ -135,17 +128,12 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd protected static WebArchive customerPortal() { return servletDeployment(CustomerPortal.DEPLOYMENT_NAME, CustomerServlet.class, ErrorServlet.class); } - + @Deployment(name = CustomerPortalNoConf.DEPLOYMENT_NAME) protected static WebArchive customerPortalNoConf() { return servletDeployment(CustomerPortalNoConf.DEPLOYMENT_NAME, CustomerServletNoConf.class, ErrorServlet.class); } - @Deployment(name = CustomerPortalSubsystem.DEPLOYMENT_NAME) - protected static WebArchive customerPortalSubsystem() { - return servletDeployment(CustomerPortalSubsystem.DEPLOYMENT_NAME, CustomerServlet.class, ErrorServlet.class); - } - @Deployment(name = SecurePortal.DEPLOYMENT_NAME) protected static WebArchive securePortal() { return servletDeployment(SecurePortal.DEPLOYMENT_NAME, CallAuthenticatedServlet.class); @@ -197,14 +185,6 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd driver.manage().deleteAllCookies(); } - @Test - public void testCustomerPortalWithSubsystemSettings() { - customerPortalSubsystem.navigateTo(); - assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); - testRealmLoginPage.form().login("bburke@redhat.com", "password"); - assertTrue(driver.getPageSource().contains("Bill Burke") && driver.getPageSource().contains("Stian Thorgersen")); - } - @Test public void testSavedPostRequest() throws InterruptedException { // test login to customer-portal which does a bearer request to customer-db @@ -843,7 +823,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd log.info("Checking app server log on app-server: \"" + System.getProperty("app.server") + "\" is not supported."); } } - + @Test public void testWithoutKeycloakConf() { customerPortalNoConf.navigateTo(); @@ -851,5 +831,4 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd assertTrue(pageSource.contains("Forbidden") || pageSource.contains("HTTP Status 401")); } - } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractJBossOIDCServletsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractJBossOIDCServletsAdapterTest.java new file mode 100644 index 0000000000..ad94cd15a7 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractJBossOIDCServletsAdapterTest.java @@ -0,0 +1,48 @@ +package org.keycloak.testsuite.adapter.servlet; + +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.graphene.page.Page; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import static org.junit.Assert.assertTrue; +import org.junit.Test; +import org.keycloak.testsuite.adapter.page.CustomerPortalSubsystem; +import org.keycloak.testsuite.adapter.page.ProductPortalSubsystem; +import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlEquals; +import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLoginUrlOf; + +/** + * OIDC adapter test specific for JBoss-based containers. + * @author tkyjovsk + */ +public abstract class AbstractJBossOIDCServletsAdapterTest extends AbstractDemoServletsAdapterTest { + + @Page + private CustomerPortalSubsystem customerPortalSubsystem; + + @Page + private ProductPortalSubsystem productPortalSubsystem; + + @Deployment(name = CustomerPortalSubsystem.DEPLOYMENT_NAME) + protected static WebArchive customerPortalSubsystem() { + return servletDeployment(CustomerPortalSubsystem.DEPLOYMENT_NAME, CustomerServlet.class, ErrorServlet.class); + } + + @Deployment(name = ProductPortalSubsystem.DEPLOYMENT_NAME) + protected static WebArchive productPortalSubsystem() { + return servletDeployment(ProductPortalSubsystem.DEPLOYMENT_NAME, ProductServlet.class); + } + + @Test + public void testSecureDeployments() { + customerPortalSubsystem.navigateTo(); + assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); + testRealmLoginPage.form().login("bburke@redhat.com", "password"); + assertTrue(driver.getPageSource().contains("Bill Burke") && driver.getPageSource().contains("Stian Thorgersen")); + + productPortalSubsystem.navigateTo(); + assertCurrentUrlEquals(productPortalSubsystem); + String pageSource = driver.getPageSource(); + assertTrue(pageSource.contains("iPhone") && pageSource.contains("iPad")); + } + +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLFilterServletAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLFilterServletAdapterTest.java index 5adfb94ce0..f2ba5aee8d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLFilterServletAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLFilterServletAdapterTest.java @@ -29,6 +29,9 @@ public abstract class AbstractSAMLFilterServletAdapterTest extends AbstractSAMLS salesPostSigPersistentServletPage.checkRoles(true); salesPostSigTransientServletPage.checkRoles(true); salesPostAssertionAndResponseSigPage.checkRoles(true); + employeeSigPostNoIdpKeyServletPage.checkRoles(true); + employeeSigRedirNoIdpKeyServletPage.checkRoles(true); + employeeSigRedirOptNoIdpKeyServletPage.checkRoles(true); //using endpoint instead of query param because we are not able to put query param to IDP initiated login employee2ServletPage.navigateTo(); @@ -54,6 +57,9 @@ public abstract class AbstractSAMLFilterServletAdapterTest extends AbstractSAMLS salesPostSigEmailServletPage.checkRoles(false); salesPostSigPersistentServletPage.checkRoles(false); salesPostSigTransientServletPage.checkRoles(false); + employeeSigPostNoIdpKeyServletPage.checkRoles(false); + employeeSigRedirNoIdpKeyServletPage.checkRoles(false); + employeeSigRedirOptNoIdpKeyServletPage.checkRoles(false); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java index 5e6b30d4a3..9bdc40ed4c 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java @@ -28,6 +28,8 @@ import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.connections.infinispan.InfinispanConnectionProvider; import org.keycloak.keys.KeyProvider; +import org.keycloak.keys.PublicKeyStorageUtils; +import org.keycloak.keys.loader.PublicKeyStorageManager; import org.keycloak.protocol.oidc.OIDCLoginProtocolService; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ComponentRepresentation; @@ -107,15 +109,7 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest { @Test public void testSignatureVerificationJwksUrl() throws Exception { // Configure OIDC identity provider with JWKS URL - IdentityProviderRepresentation idpRep = getIdentityProvider(); - OIDCIdentityProviderConfigRep cfg = new OIDCIdentityProviderConfigRep(idpRep); - cfg.setValidateSignature(true); - cfg.setUseJwksUrl(true); - - UriBuilder b = OIDCLoginProtocolService.certsUrl(UriBuilder.fromUri(OAuthClient.AUTH_SERVER_ROOT)); - String jwksUrl = b.build(bc.providerRealmName()).toString(); - cfg.setJwksUrl(jwksUrl); - updateIdentityProvider(idpRep); + updateIdentityProviderWithJwksUrl(); // Check that user is able to login logInAsUserInIDPForFirstTime(); @@ -139,6 +133,19 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest { assertLoggedInAccountManagement(); } + // Configure OIDC identity provider with JWKS URL and validateSignature=true + private void updateIdentityProviderWithJwksUrl() { + IdentityProviderRepresentation idpRep = getIdentityProvider(); + OIDCIdentityProviderConfigRep cfg = new OIDCIdentityProviderConfigRep(idpRep); + cfg.setValidateSignature(true); + cfg.setUseJwksUrl(true); + + UriBuilder b = OIDCLoginProtocolService.certsUrl(UriBuilder.fromUri(OAuthClient.AUTH_SERVER_ROOT)); + String jwksUrl = b.build(bc.providerRealmName()).toString(); + cfg.setJwksUrl(jwksUrl); + updateIdentityProvider(idpRep); + } + @Test public void testSignatureVerificationHardcodedPublicKey() throws Exception { @@ -178,23 +185,17 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest { @Test public void testClearKeysCache() throws Exception { // Configure OIDC identity provider with JWKS URL - IdentityProviderRepresentation idpRep = getIdentityProvider(); - OIDCIdentityProviderConfigRep cfg = new OIDCIdentityProviderConfigRep(idpRep); - cfg.setValidateSignature(true); - cfg.setUseJwksUrl(true); - - UriBuilder b = OIDCLoginProtocolService.certsUrl(UriBuilder.fromUri(OAuthClient.AUTH_SERVER_ROOT)); - String jwksUrl = b.build(bc.providerRealmName()).toString(); - cfg.setJwksUrl(jwksUrl); - updateIdentityProvider(idpRep); + updateIdentityProviderWithJwksUrl(); // Check that user is able to login logInAsUserInIDPForFirstTime(); assertLoggedInAccountManagement(); + logoutFromRealm(bc.consumerRealmName()); // Check that key is cached - String expectedCacheKey = consumerRealm().toRepresentation().getId() + "::idp::" + idpRep.getInternalId(); + IdentityProviderRepresentation idpRep = getIdentityProvider(); + String expectedCacheKey = PublicKeyStorageUtils.getIdpModelCacheKey(consumerRealm().toRepresentation().getId(), idpRep.getInternalId()); TestingCacheResource cache = testingClient.testing(bc.consumerRealmName()).cache(InfinispanConnectionProvider.KEYS_CACHE_NAME); Assert.assertTrue(cache.contains(expectedCacheKey)); @@ -205,6 +206,40 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest { } + // Test that when I update identityProvier, then the record in publicKey cache is cleared and it's not possible to authenticate with it anymore + @Test + public void testPublicKeyCacheInvalidatedWhenProviderUpdated() throws Exception { + // Configure OIDC identity provider with JWKS URL + updateIdentityProviderWithJwksUrl(); + + // Check that user is able to login + logInAsUserInIDPForFirstTime(); + assertLoggedInAccountManagement(); + + logoutFromRealm(bc.consumerRealmName()); + + // Check that key is cached + IdentityProviderRepresentation idpRep = getIdentityProvider(); + String expectedCacheKey = PublicKeyStorageUtils.getIdpModelCacheKey(consumerRealm().toRepresentation().getId(), idpRep.getInternalId()); + TestingCacheResource cache = testingClient.testing(bc.consumerRealmName()).cache(InfinispanConnectionProvider.KEYS_CACHE_NAME); + Assert.assertTrue(cache.contains(expectedCacheKey)); + + // Update identityProvider to some bad JWKS_URL + OIDCIdentityProviderConfigRep cfg = new OIDCIdentityProviderConfigRep(idpRep); + cfg.setJwksUrl("http://localhost:43214/non-existent"); + updateIdentityProvider(idpRep); + + // Check that key is not cached anymore + Assert.assertFalse(cache.contains(expectedCacheKey)); + + // Check that user is not able to login with IDP + setTimeOffset(20); + logInAsUserInIDP(); + assertErrorPage("Unexpected error when authenticating with identity provider"); + } + + + private void rotateKeys() { String activeKid = providerRealm().keys().getKeyMetadata().getActive().get("RSA"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java new file mode 100644 index 0000000000..4bb367fce8 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java @@ -0,0 +1,132 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ +package org.keycloak.testsuite.broker; + +import org.keycloak.admin.client.resource.UsersResource; +import org.keycloak.common.util.StreamUtil; +import org.keycloak.common.util.StringPropertyReplacer; +import org.keycloak.representations.idm.ClientRepresentation; +import org.keycloak.representations.idm.IdentityProviderRepresentation; +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.testsuite.AbstractKeycloakTest; +import org.keycloak.testsuite.Assert; +import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest; +import org.keycloak.testsuite.adapter.page.SalesPostServlet; +import org.keycloak.testsuite.adapter.servlet.SendUsernameServlet; +import org.keycloak.testsuite.pages.LoginPage; +import org.keycloak.testsuite.pages.UpdateAccountInformationPage; +import org.keycloak.testsuite.util.IOUtil; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Properties; +import java.util.logging.Level; +import java.util.logging.Logger; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.graphene.page.Page; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.Test; +import org.openqa.selenium.WebDriver; +import org.openqa.selenium.support.ui.ExpectedCondition; +import org.openqa.selenium.support.ui.WebDriverWait; + +import static org.keycloak.testsuite.broker.BrokerTestConstants.*; +import static org.hamcrest.Matchers.*; + +/** + * + * @author hmlnarik + */ +public class KcSamlIdPInitiatedSsoTest extends AbstractKeycloakTest { + + private static final String PROVIDER_REALM_USER_NAME = "test"; + private static final String PROVIDER_REALM_USER_PASSWORD = "test"; + + @Page + protected LoginPage accountLoginPage; + + @Page + protected UpdateAccountInformationPage updateAccountInformationPage; + + protected String getAuthRoot() { + return suiteContext.getAuthServerInfo().getContextRoot().toString(); + } + + private RealmRepresentation loadFromClasspath(String fileName, Properties properties) { + InputStream is = KcSamlIdPInitiatedSsoTest.class.getResourceAsStream(fileName); + try { + String template = StreamUtil.readString(is); + String realmString = StringPropertyReplacer.replaceProperties(template, properties); + return IOUtil.loadRealm(new ByteArrayInputStream(realmString.getBytes("UTF-8"))); + } catch (IOException ex) { + throw new RuntimeException(ex); + } + } + + @Override + public void addTestRealms(List testRealms) { + Properties p = new Properties(); + p.put("name.realm.provider", REALM_PROV_NAME); + p.put("name.realm.consumer", REALM_CONS_NAME); + p.put("url.realm.provider", getAuthRoot() + "/auth/realms/" + REALM_PROV_NAME); + p.put("url.realm.consumer", getAuthRoot() + "/auth/realms/" + REALM_CONS_NAME); + + testRealms.add(loadFromClasspath("kc3731-provider-realm.json", p)); + testRealms.add(loadFromClasspath("kc3731-broker-realm.json", p)); + } + + @Test + public void testProviderIdpInitiatedLogin() { + driver.navigate().to(getSamlIdpInitiatedUrl(REALM_PROV_NAME, "samlbroker")); + + waitForPage("log in to"); + + Assert.assertThat("Driver should be on the provider realm page right now", + driver.getCurrentUrl(), containsString("/auth/realms/" + REALM_PROV_NAME + "/")); + + log.debug("Logging in"); + accountLoginPage.login(PROVIDER_REALM_USER_NAME, PROVIDER_REALM_USER_PASSWORD); + + waitForPage("update account information"); + + Assert.assertTrue(updateAccountInformationPage.isCurrent()); + Assert.assertThat("We must be on consumer realm right now", + driver.getCurrentUrl(), containsString("/auth/realms/" + REALM_CONS_NAME + "/")); + + log.debug("Updating info on updateAccount page"); + updateAccountInformationPage.updateAccountInformation("mytest", "test@localhost", "Firstname", "Lastname"); + + UsersResource consumerUsers = adminClient.realm(REALM_CONS_NAME).users(); + + int userCount = consumerUsers.count(); + Assert.assertTrue("There must be at least one user", userCount > 0); + + List users = consumerUsers.search("", 0, userCount); + + boolean isUserFound = users.stream().anyMatch(user -> user.getUsername().equals("mytest") && user.getEmail().equals("test@localhost")); + Assert.assertTrue("There must be user " + "mytest" + " in realm " + REALM_CONS_NAME, isUserFound); + + Assert.assertThat(driver.findElement(org.openqa.selenium.By.tagName("form")).getAttribute("action"), containsString("http://localhost:18080/sales-post-enc/")); + } + + private String getSamlIdpInitiatedUrl(String realmName, String samlIdpInitiatedSsoUrlName) { + return getAuthRoot() + "/auth/realms/" + realmName + "/protocol/saml/clients/" + samlIdpInitiatedSsoUrlName; + } + + private void waitForPage(final String title) { + WebDriverWait wait = new WebDriverWait(driver, 5); + + ExpectedCondition condition = (WebDriver input) -> input.getTitle().toLowerCase().contains(title); + + wait.until(condition); + } + +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java index c72bdbaebe..f2f8c6d0fc 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java @@ -57,6 +57,7 @@ public abstract class AbstractClientRegistrationTest extends AbstractKeycloakTes public void addTestRealms(List testRealms) { RealmRepresentation rep = new RealmRepresentation(); rep.setEnabled(true); + rep.setId(REALM_NAME); rep.setRealm(REALM_NAME); rep.setUsers(new LinkedList()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java index 5a86d59c31..74432a83da 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java @@ -18,6 +18,7 @@ package org.keycloak.testsuite.client; import java.security.KeyPair; +import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.util.Collections; @@ -40,9 +41,14 @@ import org.keycloak.OAuth2Constants; import org.keycloak.adapters.authentication.JWTClientCredentialsProvider; import org.keycloak.client.registration.Auth; import org.keycloak.common.util.KeycloakUriBuilder; +import org.keycloak.connections.infinispan.InfinispanConnectionProvider; import org.keycloak.constants.ServiceUrlConstants; import org.keycloak.jose.jwk.JSONWebKeySet; +import org.keycloak.jose.jwk.JWK; +import org.keycloak.jose.jwk.JWKBuilder; import org.keycloak.jose.jws.JWSBuilder; +import org.keycloak.keys.PublicKeyStorageUtils; +import org.keycloak.keys.loader.PublicKeyStorageManager; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.protocol.oidc.OIDCLoginProtocol; import org.keycloak.protocol.oidc.OIDCLoginProtocolService; @@ -139,6 +145,16 @@ public class OIDCJwksClientRegistrationTest extends AbstractClientRegistrationTe // The "kid" is set manually to some custom value @Test public void createClientWithJWKS_customKid() throws Exception { + OIDCClientRepresentation response = createClientWithManuallySetKid("a1"); + + Map generatedKeys = testingClient.testApp().oidcClientEndpoints().getKeysAsPem(); + + // Tries to authenticate client with privateKey JWT + assertAuthenticateClientSuccess(generatedKeys, response, "a1"); + } + + + private OIDCClientRepresentation createClientWithManuallySetKid(String kid) throws Exception { OIDCClientRepresentation clientRep = createRep(); clientRep.setGrantTypes(Collections.singletonList(OAuth2Constants.CLIENT_CREDENTIALS)); @@ -146,20 +162,84 @@ public class OIDCJwksClientRegistrationTest extends AbstractClientRegistrationTe // Generate keys for client TestOIDCEndpointsApplicationResource oidcClientEndpointsResource = testingClient.testApp().oidcClientEndpoints(); - Map generatedKeys = oidcClientEndpointsResource.generateKeys(); + oidcClientEndpointsResource.generateKeys(); JSONWebKeySet keySet = oidcClientEndpointsResource.getJwks(); // Override kid with custom value - keySet.getKeys()[0].setKeyId("a1"); + keySet.getKeys()[0].setKeyId(kid); clientRep.setJwks(keySet); - OIDCClientRepresentation response = reg.oidc().create(clientRep); + return reg.oidc().create(clientRep); + } + + + @Test + public void testTwoClientsWithSameKid() throws Exception { + // Create client with manually set "kid" + OIDCClientRepresentation response = createClientWithManuallySetKid("a1"); + + + // Create client2 + OIDCClientRepresentation clientRep2 = createRep(); + + clientRep2.setGrantTypes(Collections.singletonList(OAuth2Constants.CLIENT_CREDENTIALS)); + clientRep2.setTokenEndpointAuthMethod(OIDCLoginProtocol.PRIVATE_KEY_JWT); + + // Generate some random keys for client2 + KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); + generator.initialize(2048); + PublicKey client2PublicKey = generator.generateKeyPair().getPublic(); + + // Set client2 with manually set "kid" to be same like kid of client1 (but keys for both clients are different) + JSONWebKeySet keySet = new JSONWebKeySet(); + keySet.setKeys(new JWK[]{JWKBuilder.create().kid("a1").rs256(client2PublicKey)}); + + clientRep2.setJwks(keySet); + clientRep2 = reg.oidc().create(clientRep2); + + + // Authenticate client1 + Map generatedKeys = testingClient.testApp().oidcClientEndpoints().getKeysAsPem(); + assertAuthenticateClientSuccess(generatedKeys, response, "a1"); + + // Assert item in publicKey cache for client1 + String expectedCacheKey = PublicKeyStorageUtils.getClientModelCacheKey(REALM_NAME, response.getClientId()); + Assert.assertTrue(testingClient.testing().cache(InfinispanConnectionProvider.KEYS_CACHE_NAME).contains(expectedCacheKey)); + + // Assert it's not possible to authenticate as client2 with the same "kid" like client1 + assertAuthenticateClientError(generatedKeys, clientRep2, "a1"); + } + + + @Test + public void testPublicKeyCacheInvalidatedWhenUpdatingClient() throws Exception { + OIDCClientRepresentation response = createClientWithManuallySetKid("a1"); + + Map generatedKeys = testingClient.testApp().oidcClientEndpoints().getKeysAsPem(); // Tries to authenticate client with privateKey JWT assertAuthenticateClientSuccess(generatedKeys, response, "a1"); + + // Assert item in publicKey cache for client1 + String expectedCacheKey = PublicKeyStorageUtils.getClientModelCacheKey(REALM_NAME, response.getClientId()); + Assert.assertTrue(testingClient.testing().cache(InfinispanConnectionProvider.KEYS_CACHE_NAME).contains(expectedCacheKey)); + + + + // Update client with some bad JWKS_URI + response.setJwksUri("http://localhost:4321/non-existent"); + reg.auth(Auth.token(response.getRegistrationAccessToken())) + .oidc().update(response); + + // Assert item not any longer for client1 + Assert.assertFalse(testingClient.testing().cache(InfinispanConnectionProvider.KEYS_CACHE_NAME).contains(expectedCacheKey)); + + // Assert it's not possible to authenticate as client1 + assertAuthenticateClientError(generatedKeys, response, "a1"); } + @Test public void createClientWithJWKSURI() throws Exception { OIDCClientRepresentation clientRep = createRep(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/demorealm.json b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/demorealm.json index 027258439d..d65fa94847 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/demorealm.json +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/demorealm.json @@ -175,6 +175,16 @@ ], "secret": "password" }, + { + "clientId": "product-portal-subsystem", + "enabled": true, + "adminUrl": "/product-portal-subsystem", + "baseUrl": "/product-portal-subsystem", + "redirectUris": [ + "/product-portal-subsystem/*" + ], + "secret": "password" + }, { "clientId": "secure-portal", "enabled": true, diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-subsystem/META-INF/context.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-subsystem/META-INF/context.xml new file mode 100644 index 0000000000..b4ddcce386 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-subsystem/META-INF/context.xml @@ -0,0 +1,20 @@ + + + + + \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-subsystem/WEB-INF/jetty-web.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-subsystem/WEB-INF/jetty-web.xml new file mode 100644 index 0000000000..8c59313878 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-subsystem/WEB-INF/jetty-web.xml @@ -0,0 +1,46 @@ + + + + + + + + + + + + + \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-subsystem/WEB-INF/web.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-subsystem/WEB-INF/web.xml new file mode 100644 index 0000000000..0af7958ab1 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/product-portal-subsystem/WEB-INF/web.xml @@ -0,0 +1,57 @@ + + + + + + product-portal-subsystem + + + Servlet + org.keycloak.testsuite.adapter.servlet.ProductServlet + + + + Servlet + /* + + + + + Users + /* + + + user + + + + + KEYCLOAK + demo + + + + admin + + + user + + diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/org/keycloak/testsuite/broker/kc3731-broker-realm.json b/testsuite/integration-arquillian/tests/base/src/test/resources/org/keycloak/testsuite/broker/kc3731-broker-realm.json new file mode 100644 index 0000000000..6e5c7e06ce --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/org/keycloak/testsuite/broker/kc3731-broker-realm.json @@ -0,0 +1,64 @@ +{ + "id" : "${name.realm.consumer}", + "realm" : "${name.realm.consumer}", + "enabled" : true, + "sslRequired" : "external", + "roles" : { + "client" : { + "http://localhost:18080/sales-post-enc/" : [ { + "name" : "manager" + } ] + } + }, + "clients" : [ { + "clientId": "http://localhost:18080/sales-post-enc/", + "enabled": true, + "protocol": "saml", + "fullScopeAllowed": true, + "redirectUris": [ + "http://localhost:18080/sales-post-enc/*" + ], + "attributes": { + "saml.authnstatement": "true", + "saml.client.signature": "true", + "saml.encrypt": "false", + "saml.server.signature": "true", + "saml.signature.algorithm": "RSA_SHA512", + "saml.signing.certificate": "MIIB1DCCAT0CBgFJGVacCDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1lbmMvMB4XDTE0MTAxNjE0MjA0NloXDTI0MTAxNjE0MjIyNlowMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3QtZW5jLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2+5MCT5BnVN+IYnKZcH6ev1pjXGi4feE0nOycq/VJ3aeaZMi4G9AxOxCBPupErOC7Kgm/Bw5AdJyw+Q12wSRXfJ9FhqCrLXpb7YOhbVSTJ8De5O8mW35DxAlh/cxe9FXjqPb286wKTUZ3LfGYR+X235UQeCTAPS/Ufi21EXaEikCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBMrfGD9QFfx5v7ld/OAto5rjkTe3R1Qei8XRXfcs83vLaqEzjEtTuLGrJEi55kXuJgBpVmQpnwCCkkjSy0JxbqLDdVi9arfWUxEGmOr01ZHycELhDNaQcFqVMPr5kRHIHgktT8hK2IgCvd3Fy9/JCgUgCPxKfhwecyEOKxUc857g==", + "saml.signing.private.key": "MIICXQIBAAKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQABAoGBANtbZG9bruoSGp2s5zhzLzd4hczT6Jfk3o9hYjzNb5Z60ymN3Z1omXtQAdEiiNHkRdNxK+EM7TcKBfmoJqcaeTkW8cksVEAW23ip8W9/XsLqmbU2mRrJiKa+KQNDSHqJi1VGyimi4DDApcaqRZcaKDFXg2KDr/Qt5JFD/o9IIIPZAkEA+ZENdBIlpbUfkJh6Ln+bUTss/FZ1FsrcPZWu13rChRMrsmXsfzu9kZUWdUeQ2Dj5AoW2Q7L/cqdGXS7Mm5XhcwJBAOGZq9axJY5YhKrsksvYRLhQbStmGu5LG75suF+rc/44sFq+aQM7+oeRr4VY88Mvz7mk4esdfnk7ae+cCazqJvMCQQCx1L1cZw3yfRSn6S6u8XjQMjWE/WpjulujeoRiwPPY9WcesOgLZZtYIH8nRL6ehEJTnMnahbLmlPFbttxPRUanAkA11MtSIVcKzkhp2KV2ipZrPJWwI18NuVJXb+3WtjypTrGWFZVNNkSjkLnHIeCYlJIGhDd8OL9zAiBXEm6kmgLNAkBWAg0tK2hCjvzsaA505gWQb4X56uKWdb0IzN+fOLB3Qt7+fLqbVQNQoNGzqey6B4MoS1fUKAStqdGTFYPG/+9t", + "saml_idp_initiated_sso_url_name" : "sales" + }, + "baseUrl": "http://localhost:18080/sales-post-enc/", + "adminUrl": "http://localhost:18080/sales-post-enc/saml" + } ], + "identityProviders" : [ { + "alias" : "saml-leaf", + "providerId" : "saml", + "enabled" : true, + "updateProfileFirstLoginMode" : "on", + "trustEmail" : false, + "storeToken" : false, + "addReadTokenRoleOnCreate" : false, + "authenticateByDefault" : false, + "firstBrokerLoginFlowAlias" : "first broker login", + "config" : { + "nameIDPolicyFormat" : "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "postBindingAuthnRequest" : "true", + "postBindingResponse" : "true", + "singleLogoutServiceUrl" : "${url.realm.provider}/protocol/saml", + "singleSignOnServiceUrl" : "${url.realm.provider}/protocol/saml", + "validateSignature" : "false", + "wantAuthnRequestsSigned" : "false" + } + } ], + "identityProviderMappers" : [ { + "name" : "manager-role", + "identityProviderAlias" : "saml-leaf", + "identityProviderMapper" : "saml-role-idp-mapper", + "config" : { + "attribute.value" : "manager", + "role" : "http://localhost:18080/sales-post-enc/.manager", + "attribute.name" : "Role" + } + } ] +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/org/keycloak/testsuite/broker/kc3731-provider-realm.json b/testsuite/integration-arquillian/tests/base/src/test/resources/org/keycloak/testsuite/broker/kc3731-provider-realm.json new file mode 100644 index 0000000000..8804a367c1 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/org/keycloak/testsuite/broker/kc3731-provider-realm.json @@ -0,0 +1,49 @@ +{ + "id" : "${name.realm.provider}", + "realm" : "${name.realm.provider}", + "enabled" : true, + "sslRequired" : "external", + "roles" : { + "client" : { + "${url.realm.consumer}" : [ { + "name" : "manager" + } ] + } + }, + "clients" : [ { + "clientId": "${url.realm.consumer}", + "enabled": true, + "protocol": "saml", + "fullScopeAllowed": true, + "redirectUris": [ + "${url.realm.consumer}/broker/saml-leaf/endpoint" + ], + "attributes" : { + "saml.assertion.signature" : "false", + "saml.authnstatement" : "true", + "saml.client.signature" : "false", + "saml.encrypt" : "false", + "saml.force.post.binding" : "true", + "saml.server.signature" : "false", + "saml_assertion_consumer_url_post" : "${url.realm.consumer}/broker/saml-leaf/endpoint/clients/sales", + "saml_force_name_id_format" : "false", + "saml_idp_initiated_sso_url_name" : "samlbroker", + "saml_name_id_format" : "persistent", + "saml_single_logout_service_url_post" : "${url.realm.consumer}/broker/saml-leaf/endpoint" + } + } ], + "users" : [ { + "username" : "test", + "enabled" : true, + "email" : "a@localhost", + "firstName": "b", + "lastName": "c", + "credentials" : [ { + "type" : "password", + "value" : "test" + } ], + "clientRoles" : { + "${url.realm.consumer}" : [ "manager" ] + } + } ] +} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/as7/src/test/java/org/keycloak/testsuite/adapter/AS7OIDCAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/as7/src/test/java/org/keycloak/testsuite/adapter/AS7OIDCAdapterTest.java index bd9843ed18..281de0b36d 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/as7/src/test/java/org/keycloak/testsuite/adapter/AS7OIDCAdapterTest.java +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/as7/src/test/java/org/keycloak/testsuite/adapter/AS7OIDCAdapterTest.java @@ -1,6 +1,6 @@ package org.keycloak.testsuite.adapter; -import org.keycloak.testsuite.adapter.servlet.AbstractDemoServletsAdapterTest; +import org.keycloak.testsuite.adapter.servlet.AbstractJBossOIDCServletsAdapterTest; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; /** @@ -8,6 +8,6 @@ import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; * @author tkyjovsk */ @AppServerContainer("app-server-as7") -public class AS7OIDCAdapterTest extends AbstractDemoServletsAdapterTest { +public class AS7OIDCAdapterTest extends AbstractJBossOIDCServletsAdapterTest { } diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/common/xslt/keycloak-subsystem.xsl b/testsuite/integration-arquillian/tests/other/adapters/jboss/common/xslt/keycloak-subsystem.xsl index 0027550eda..114d875d92 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/common/xslt/keycloak-subsystem.xsl +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/common/xslt/keycloak-subsystem.xsl @@ -21,6 +21,16 @@ customer-portal-subsystem password + + + demo + MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB + /auth + EXTERNAL + product-portal-subsystem + password + + diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/common/xslt/keycloak-subsystem_separate-realm-def.xsl b/testsuite/integration-arquillian/tests/other/adapters/jboss/common/xslt/keycloak-subsystem_separate-realm-def.xsl new file mode 100644 index 0000000000..3306012796 --- /dev/null +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/common/xslt/keycloak-subsystem_separate-realm-def.xsl @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB + + /auth + + EXTERNAL + + + + demo + customer-portal-subsystem + password + + + + demo + product-portal-subsystem + password + + + + + + + + + + + + \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/EAPOIDCAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/EAPOIDCAdapterTest.java index 169cc6e835..b5f3ee903a 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/EAPOIDCAdapterTest.java +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/EAPOIDCAdapterTest.java @@ -1,6 +1,6 @@ package org.keycloak.testsuite.adapter; -import org.keycloak.testsuite.adapter.servlet.AbstractDemoServletsAdapterTest; +import org.keycloak.testsuite.adapter.servlet.AbstractJBossOIDCServletsAdapterTest; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; /** @@ -8,6 +8,6 @@ import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; * @author tkyjovsk */ @AppServerContainer("app-server-eap") -public class EAPOIDCAdapterTest extends AbstractDemoServletsAdapterTest { +public class EAPOIDCAdapterTest extends AbstractJBossOIDCServletsAdapterTest { } diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6-fuse/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6-fuse/pom.xml index 72e4c20027..d59e6b0ce0 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6-fuse/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6-fuse/pom.xml @@ -29,7 +29,7 @@ integration-arquillian-tests-adapters-eap6-fuse - Adapter Tests - JBoss - EAP 6 + Adapter Tests - JBoss - EAP 6 Fuse eap6-fuse diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/EAP6OIDCAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/EAP6OIDCAdapterTest.java index 4afd228ac4..1367d959ed 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/EAP6OIDCAdapterTest.java +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/EAP6OIDCAdapterTest.java @@ -1,6 +1,6 @@ package org.keycloak.testsuite.adapter; -import org.keycloak.testsuite.adapter.servlet.AbstractDemoServletsAdapterTest; +import org.keycloak.testsuite.adapter.servlet.AbstractJBossOIDCServletsAdapterTest; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; /** @@ -8,6 +8,6 @@ import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; * @author tkyjovsk */ @AppServerContainer("app-server-eap6") -public class EAP6OIDCAdapterTest extends AbstractDemoServletsAdapterTest { +public class EAP6OIDCAdapterTest extends AbstractJBossOIDCServletsAdapterTest { } diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/jboss/pom.xml index defe63a3b0..17a362f4dc 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/pom.xml @@ -36,6 +36,8 @@ ${project.parent.basedir}/common managed + ${auth.server.http.port} + keycloak-subsystem.xsl @@ -57,12 +59,12 @@ standalone.xml - ${common.resources}/xslt/keycloak-subsystem.xsl + ${common.resources}/xslt/${keycloak.subsystem.xsl} ${app.server.home}/standalone/configuration auth-server-host - http://localhost:${auth.server.http.port} + http://localhost:${auth.server.actual.http.port} @@ -83,41 +85,17 @@ true - - - - org.codehaus.mojo - xml-maven-plugin - - - configure-keycloak-subsystem - process-test-resources - - transform - - - - - ${app.server.home}/standalone/configuration - - standalone.xml - - ${common.resources}/xslt/keycloak-subsystem.xsl - ${app.server.home}/standalone/configuration - - - auth-server-host - https://localhost:${auth.server.https.port} - - - - - - - - - - + + + ${auth.server.https.port} + + + + keycloak-subsystem-separate-realm + + + keycloak-subsystem_separate-realm-def.xsl + adapter-test-jboss-submodules diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/src/test/java/org/keycloak/testsuite/adapter/RelativeEAPOIDCAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/src/test/java/org/keycloak/testsuite/adapter/RelativeEAPOIDCAdapterTest.java index 8d0cedcefd..fe87f9f825 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/src/test/java/org/keycloak/testsuite/adapter/RelativeEAPOIDCAdapterTest.java +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/eap/src/test/java/org/keycloak/testsuite/adapter/RelativeEAPOIDCAdapterTest.java @@ -1,11 +1,11 @@ package org.keycloak.testsuite.adapter; -import org.keycloak.testsuite.adapter.servlet.AbstractDemoServletsAdapterTest; +import org.keycloak.testsuite.adapter.servlet.AbstractJBossOIDCServletsAdapterTest; /** * * @author tkyjovsk */ -public class RelativeEAPOIDCAdapterTest extends AbstractDemoServletsAdapterTest { +public class RelativeEAPOIDCAdapterTest extends AbstractJBossOIDCServletsAdapterTest { } diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/wildfly/src/test/java/org/keycloak/testsuite/adapter/RelativeWildflyOIDCAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/wildfly/src/test/java/org/keycloak/testsuite/adapter/RelativeWildflyOIDCAdapterTest.java index 09ed2bc76c..0e14d93a43 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/wildfly/src/test/java/org/keycloak/testsuite/adapter/RelativeWildflyOIDCAdapterTest.java +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/relative/wildfly/src/test/java/org/keycloak/testsuite/adapter/RelativeWildflyOIDCAdapterTest.java @@ -1,11 +1,11 @@ package org.keycloak.testsuite.adapter; -import org.keycloak.testsuite.adapter.servlet.AbstractDemoServletsAdapterTest; +import org.keycloak.testsuite.adapter.servlet.AbstractJBossOIDCServletsAdapterTest; /** * * @author tkyjovsk */ -public class RelativeWildflyOIDCAdapterTest extends AbstractDemoServletsAdapterTest { +public class RelativeWildflyOIDCAdapterTest extends AbstractJBossOIDCServletsAdapterTest { } diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/pom.xml b/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/pom.xml index b07ae3838b..989dd2bb12 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/pom.xml +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/pom.xml @@ -24,7 +24,7 @@ org.keycloak.testsuite integration-arquillian-tests-adapters-jboss - 2.1.0-SNAPSHOT + 2.4.1.Final-SNAPSHOT integration-arquillian-tests-adapters-remote @@ -70,9 +70,9 @@ - org.keycloak.quickstart - keycloak-quickstart-app-profile-jee - 0.5-SNAPSHOT + org.keycloak.testsuite + keycloak-test-app-profile-jee + ${project.version} war diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/java/org/keycloak/testsuite/performance/httpclient/HttpClientLoginLogoutPerfTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/java/org/keycloak/testsuite/performance/httpclient/HttpClientLoginLogoutPerfTest.java index a853e2b447..c665f798c3 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/java/org/keycloak/testsuite/performance/httpclient/HttpClientLoginLogoutPerfTest.java +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/java/org/keycloak/testsuite/performance/httpclient/HttpClientLoginLogoutPerfTest.java @@ -53,7 +53,7 @@ public class HttpClientLoginLogoutPerfTest extends HttpClientPerformanceTest { private static final Logger LOG = Logger.getLogger(HttpClientLoginLogoutPerfTest.class); - private static final String EXAMPLES = "Examples"; + private static final String TEST_REALM = "Test"; private String securedUrl; private String logoutUrl; @@ -72,18 +72,18 @@ public class HttpClientLoginLogoutPerfTest extends HttpClientPerformanceTest { @Deployment(name = AppProfileJEE.DEPLOYMENT_NAME) private static WebArchive appProfileJEE() throws IOException { - return warDeployment("keycloak-quickstart-app-profile-jee-0.5-SNAPSHOT"); + return exampleDeployment("keycloak-test-app-profile-jee"); } @Override public void setDefaultPageUriParameters() { super.setDefaultPageUriParameters(); - testRealmPage.setAuthRealm(EXAMPLES); + testRealmPage.setAuthRealm(TEST_REALM); } @Override public void addAdapterTestRealms(List testRealms) { - RealmRepresentation examplesRealm = loadRealm("/examples-realm.json"); + RealmRepresentation examplesRealm = loadRealm("/test-realm.json"); examplesRealm.setPasswordPolicy("hashIterations(" + PASSWORD_HASH_ITERATIONS + ")"); testRealms.add(examplesRealm); } diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/resources/examples-realm-bak.json b/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/resources/examples-realm-bak.json deleted file mode 100644 index e13a53d3ee..0000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/resources/examples-realm-bak.json +++ /dev/null @@ -1,1797 +0,0 @@ -{ - "id" : "Examples", - "realm" : "Examples", - "notBefore" : 0, - "revokeRefreshToken" : false, - "accessTokenLifespan" : 300, - "accessTokenLifespanForImplicitFlow" : 900, - "ssoSessionIdleTimeout" : 1800, - "ssoSessionMaxLifespan" : 36000, - "offlineSessionIdleTimeout" : 2592000, - "accessCodeLifespan" : 60, - "accessCodeLifespanUserAction" : 300, - "accessCodeLifespanLogin" : 1800, - "enabled" : true, - "sslRequired" : "external", - "registrationAllowed" : false, - "registrationEmailAsUsername" : false, - "rememberMe" : false, - "verifyEmail" : false, - "resetPasswordAllowed" : false, - "editUsernameAllowed" : false, - "bruteForceProtected" : false, - "maxFailureWaitSeconds" : 900, - "minimumQuickLoginWaitSeconds" : 60, - "waitIncrementSeconds" : 60, - "quickLoginCheckMilliSeconds" : 1000, - "maxDeltaTimeSeconds" : 43200, - "failureFactor" : 30, - "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=", - "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", - "certificate" : "MIICnzCCAYcCBgFRjbxGhzANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhFeGFtcGxlczAeFw0xNTEyMTAyMTEwMDVaFw0yNTEyMTAyMTExNDVaMBMxETAPBgNVBAMMCEV4YW1wbGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGMvmVFV6yC5RquGBTErkVCS73seRqsiyB25OG5F2y36dt8RVHcmnA0jbEcSuhfTLcQIjFCY1X8NfOzQlrAEB+E41jS0Bfr0DfyhCuRb/cJ4SHKY35dKKFILn3QvHmcv6vhO5qnAGK80blWGP4CQFtbONUOMu6ZGyjirtFHCj/TNr7lAwlTSaD5ukOdt9apRkdP1xwupELdu7MXeJ4ik4+Axe4B2u6pixpIypIrY6eVt+JEPzFSB7cPQoUmE3FgW1i1Oxu+2iPJQ38ze9xr6xFTNJDQPv3unBZGR46svyX8D1Mo3pm+QgR6Z5JQNwGBS9qXkdjnI+O/N4q8+/S4s/QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQABi0R5bquA8uk2dJnRJp4+GC7vSma+CMYJ7DldTq/U6iGG1umBnzue2aWi+PPfxGtIOzWzUA536RwvZByQrVIvHNA9XpmBumBl7RpCxRcTjoa4JDATN0QPHJW0/jWa9tCNENADhykeHxUtdhCefVzUKhm8eLxmCnkVHMtvkLi20aPFzgyxSq3hAPRj/DV0zpql7VDLWYr6oQ3AjyVKuYvC/VRf79goFz3Z5F9J20kK8hqOWUZzHFMASKcHIE2IuewPVNk+cRLRAYcuxkAvEXJgskp9/8BdmjYyNtcWQuRcEDSO4lFiQ04hR1P4MnEw9IKpKEb6igxXcdS1fx5doEPJ", - "codeSecret" : "f18b75ce-66a2-4510-9245-1980efdd1cc4", - "roles" : { - "realm" : [ { - "id" : "f540ac12-b9e7-45c3-9be8-d469f1051b16", - "name" : "offline_access", - "description" : "${role_offline-access}", - "scopeParamRequired" : true, - "composite" : false - }, { - "id" : "7d14d261-4590-4f10-8830-e9f7bca923d9", - "name" : "user", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "2897aa90-8c9e-49ef-b273-7074333a45b9", - "name" : "admin", - "scopeParamRequired" : false, - "composite" : false - } ], - "client" : { - "realm-management" : [ { - "id" : "f11b2b13-d6b5-401d-9a5a-da841cc24b78", - "name" : "manage-events", - "description" : "${role_manage-events}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "63278de8-8686-4a25-97f5-bc9ca505edd9", - "name" : "view-clients", - "description" : "${role_view-clients}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "4a152ca7-7efc-4ce5-b3bd-1cae29838710", - "name" : "view-realm", - "description" : "${role_view-realm}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "109166ed-30cf-4500-beb9-9c7bc06aa67a", - "name" : "view-users", - "description" : "${role_view-users}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "e7067af6-c3f1-4439-a33d-108ec0ac99bc", - "name" : "realm-admin", - "description" : "${role_realm-admin}", - "scopeParamRequired" : false, - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "view-events", "manage-identity-providers", "impersonation", "view-clients", "manage-events", "view-realm", "view-identity-providers", "manage-users", "manage-clients", "create-client", "view-users", "manage-realm" ] - } - } - }, { - "id" : "2aaf70b6-a1a4-4a61-ad43-04f4c2a254e1", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "73a11338-48f4-4421-acfc-730fe3f3a799", - "name" : "view-events", - "description" : "${role_view-events}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "6a8d7a84-fcc9-4a80-b948-78eeb62d1ee5", - "name" : "impersonation", - "description" : "${role_impersonation}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "d2ccaa4a-953c-4c51-9d0f-323e0e2adaf4", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "e6bd5ddb-8b12-47ae-8750-199b09e14fd9", - "name" : "manage-users", - "description" : "${role_manage-users}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "c8af8ff4-c3e9-4a3d-9b01-ffd1cd81353f", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "cd192455-0ac7-41f8-a375-c41d9c20967e", - "name" : "create-client", - "description" : "${role_create-client}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "cdf3138b-91e4-4993-9577-ae0b948e836f", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "scopeParamRequired" : false, - "composite" : false - } ], - "app-jee" : [ ], - "security-admin-console" : [ ], - "service-jaxrs" : [ ], - "app-profile-jee-saml" : [ ], - "app-profile-jee" : [ ], - "admin-cli" : [ ], - "app-html5" : [ ], - "broker" : [ { - "id" : "5320e8f7-9c24-4881-99d4-47d05534f166", - "name" : "read-token", - "description" : "${role_read-token}", - "scopeParamRequired" : false, - "composite" : false - } ], - "account" : [ { - "id" : "f24a5945-7751-4f5f-8d2b-733f83b89ca2", - "name" : "view-profile", - "description" : "${role_view-profile}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "4c29db3b-cd54-425f-918b-d62fd6256f49", - "name" : "manage-account", - "description" : "${role_manage-account}", - "scopeParamRequired" : false, - "composite" : false - } ], - "app-profile-html5" : [ ] - } - }, - "groups" : [ ], - "defaultRoles" : [ "offline_access" ], - "requiredCredentials" : [ "password" ], - "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", - "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, - "otpPolicyLookAheadWindow" : 1, - "otpPolicyPeriod" : 30, - "users" : [ { - "id" : "5c961fa6-c93f-4d95-b620-3abf74730b10", - "createdTimestamp" : 1449782544215, - "username" : "admin-user", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Admin", - "lastName" : "User", - "email" : "admin@user.com", - "credentials" : [ { - "type" : "password", - "hashedSaltedValue" : "nP2DTe9zXzvuzn4deQhmEqA7eKNs14tdMSaZgfdCHBmWm7mX5DHK/7C6rXjx7BZnE3uzDXKDjZsb2eQFixw9QA==", - "salt" : "uP98vzC7rZadMl1oB1YESg==", - "hashIterations" : 1, - "counter" : 0, - "digits" : 0 - } ], - "requiredActions" : [ ], - "realmRoles" : [ "offline_access", "user", "admin" ], - "clientRoles" : { - "account" : [ "view-profile", "manage-account" ] - }, - "groups" : [ ] - }, { - "id" : "5a5e3de6-8bbb-4a6f-b2f4-df2a39f46e4e", - "createdTimestamp" : 1449782197314, - "username" : "secure-user", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Secure", - "lastName" : "User", - "email" : "secure@user.com", - "credentials" : [ { - "type" : "password", - "hashedSaltedValue" : "Fu+o7j8wZZE4XyR6hRxAX0v3GM8Lzrt4bHVjSCpY86o/RP5tAhBMZsLEM8iZ97eOazKTzdofj2v8qnjpOIldJg==", - "salt" : "306EQU1PC5oVl/+j9XAqrg==", - "hashIterations" : 1, - "counter" : 0, - "digits" : 0 - } ], - "requiredActions" : [ ], - "realmRoles" : [ "offline_access", "user" ], - "clientRoles" : { - "account" : [ "view-profile", "manage-account" ] - }, - "groups" : [ ] - } ], - "clientScopeMappings" : { - "realm-management" : [ { - "client" : "security-admin-console", - "roles" : [ "realm-admin" ] - }, { - "client" : "admin-cli", - "roles" : [ "realm-admin" ] - } ] - }, - "clients" : [ { - "id" : "2c0a2e2b-e58a-41c5-811c-8047b3059b5c", - "clientId" : "realm-management", - "name" : "${client_realm-management}", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "79a77b77-0958-4a75-a5d0-a7f88d2376cb", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "attributes" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "f851fdbd-0f76-4a45-ac91-66a27ceaa514", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "f0787470-6265-47b4-8b18-ae9338eb2e43", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "039f4448-386c-4f3f-b691-ff71a96736d5", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "ec6f41d5-8f12-4f32-b069-1160a64fc09f", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "8f080912-609b-4cae-b892-7ceedd962293", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "8dd11379-330d-4a15-ac2c-af9f3ed4c1d7", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "f74c463c-f56c-4c10-add5-6c40a9dce522", - "clientId" : "app-jee", - "name" : "app-jee", - "description" : "app-jee", - "rootUrl" : "http://localhost:8080", - "adminUrl" : "/app-jee/", - "baseUrl" : "http://localhost:8080/app-jee/", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "7dfad209-79a0-4103-856c-d021ab7a052b", - "redirectUris" : [ "/app-jee/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.signature.algorithm" : "RSA_SHA256", - "saml.encrypt" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml.server.signature" : "false", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "57b5cf15-7f2b-41f8-bd1f-0af62cc370cb", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "bd6ada89-d446-40e3-99d5-5f22abce773c", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "918d97f3-e3aa-4793-b353-9ba68ce893f0", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "1c6943e0-ac48-4b81-8e7e-b71219a94fe3", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "c0285e8f-a09d-4fac-88ff-8444f27c6002", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "403b483e-82c5-4bd9-b9ea-d09e9e80022f", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] - }, { - "id" : "d2a31747-475f-41a2-9e75-fe1e4c03dd94", - "clientId" : "security-admin-console", - "name" : "${client_security-admin-console}", - "baseUrl" : "/auth/admin/Examples/console/index.html", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "4c9ce312-f07a-461a-8cdc-2f2cf96062d1", - "redirectUris" : [ "/auth/admin/Examples/console/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "attributes" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "355f43b3-4750-4409-8a48-489bb5e314d6", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "5a686b95-9b95-467d-a3b9-b7abf85484fe", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "abf9e75c-d465-464f-b945-1cfd2313f4ee", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "consentText" : "${locale}", - "config" : { - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - }, { - "id" : "dcf71134-ddcd-4215-b395-c0c6457c1e7d", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "dc4cdda7-ea73-42fa-b4b4-f91141dfd4db", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "ee8ae69b-d107-4b50-a522-14eafe993e40", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "53040785-a874-48b0-b6c5-3f73378ff993", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "60e7cc2e-0884-43a1-8ff5-7e86e199488b", - "clientId" : "service-jaxrs", - "name" : "service-jaxrs", - "description" : "service-jaxrs", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "23ee787b-e9fe-473b-aa53-ccaf1d98edaa", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.signature.algorithm" : "RSA_SHA256", - "saml.encrypt" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml.server.signature" : "false", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "15515c6f-189d-4e1f-ae1c-255610c1217b", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "ef6db9ea-d9f2-4eb4-8efc-67b593adea56", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "1692f65c-59f9-44f6-876f-cfa06b6d08dc", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "0d42629e-ffec-4acf-93e7-30f02576f965", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "c57e082a-43b7-42db-b9fb-61c8b80c82f6", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "a0b948fe-c404-4e45-a1a4-cb2c64cc4f8c", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "b1b260e2-108c-4adb-9732-8a0e0d692459", - "clientId" : "app-profile-jee-saml", - "name" : "app-profile-jee-saml", - "description" : "app-profile-jee-saml", - "rootUrl" : "http://localhost:8080", - "adminUrl" : "http://localhost:8080/app-profile-jee-saml/", - "baseUrl" : "http://localhost:8080/app-profile-jee-saml/", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "171ee9fe-92bf-4080-8055-addfb6cc6d43", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "saml", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.signature.algorithm" : "RSA_SHA256", - "saml.encrypt" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml.server.signature" : "false", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "f86b2e20-af97-4f3c-b427-3615fc4cfa3c", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "984fbaff-98ff-4893-8102-eef611b3d454", - "name" : "X500 surname", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - "user.attribute" : "lastName", - "friendly.name" : "surname", - "attribute.name" : "urn:oid:2.5.4.4" - } - }, { - "id" : "0ddd2206-0fbf-4e21-bffc-ec0d73eb7725", - "name" : "X500 email", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - "user.attribute" : "email", - "friendly.name" : "email", - "attribute.name" : "urn:oid:1.2.840.113549.1.9.1" - } - }, { - "id" : "acc82bfd-9033-4c2e-95e6-49017ae88a59", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "89ed44c1-7cf0-44f9-b098-d01b00d975b0", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "568b6670-1a5e-4996-8df8-733d0e52751d", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "591ddc4c-1482-4fd1-a9ff-826f4a4aee87", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "6f9bb8ee-e8a5-45ae-a5b5-4900453afe3c", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "79edf0eb-5ee6-4877-82c9-8bafe093bbb8", - "name" : "X500 givenName", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - "user.attribute" : "firstName", - "friendly.name" : "givenName", - "attribute.name" : "urn:oid:2.5.4.42" - } - } ] - }, { - "id" : "534efc58-fca1-4c17-b99d-5a80723111e5", - "clientId" : "app-profile-jee", - "name" : "app-profile-jee", - "description" : "app-profile-jee", - "rootUrl" : "http://localhost:8080", - "adminUrl" : "/app-profile-jee/", - "baseUrl" : "http://localhost:8080/app-profile-jee/", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "4f36f31a-be9d-4f92-b982-425301bac5df", - "redirectUris" : [ "/app-profile-jee/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.signature.algorithm" : "RSA_SHA256", - "saml.encrypt" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml.server.signature" : "false", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "c9f8b614-ea9b-44f6-93f0-ce220ad6ddfe", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "56a03f82-87a9-4833-9549-d78d5b6f2103", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "f474ef62-f007-46a5-8962-8b1481bfb860", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "b541572f-436a-4408-bb85-d8b631601e47", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "306b0092-011a-49b4-a281-9242d10f97b6", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "c8b5e83d-4f44-4ba9-a536-ffceefa7b957", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "201c1be5-776b-469a-879f-b709d8524ec1", - "clientId" : "admin-cli", - "name" : "${client_admin-cli}", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "fbe821af-b7ac-42af-b3af-9ba5b6c57bf4", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "attributes" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "317718b2-3201-47f0-82c9-d2f7975fbe2e", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "6877e1b9-8cb1-4074-b600-95542c894c7e", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "e2f5fafb-6b11-42a6-a795-26f447c87a60", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "51aaed4e-254f-49eb-81d7-2dc591e0d46b", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "97ef8e04-cdb7-456e-b2e7-a9072c7af941", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "c1f3947d-fb60-48d7-88f4-93665325a0e4", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "36526376-011d-49e9-8f17-88e7ebdcc975", - "clientId" : "app-html5", - "name" : "app-html5", - "description" : "app-html5", - "rootUrl" : "http://localhost:8080", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "c3d0b5c9-adbd-4948-9416-86d5cd66b714", - "redirectUris" : [ "/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.signature.algorithm" : "RSA_SHA256", - "saml.encrypt" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml.server.signature" : "false", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "6a34552a-e325-4890-8a11-ba1052a4c1f4", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "2e89927d-d26f-45c3-b2e4-792e7d047dd8", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "4a243cca-f719-4cfa-bcd3-95cd8c03eabd", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "66a9cc11-ea38-4506-a8e7-e8dfbc9a1cbd", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "6c659824-9beb-4dc1-a19a-6839d0b827a9", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "86f85aec-692e-40f7-933d-2bb60619c43e", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "ee300a81-4085-4513-987b-70d1dfbb3677", - "clientId" : "broker", - "name" : "${client_broker}", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "dc5ff222-409b-4516-bdfb-b9dcad78f1be", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "attributes" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "48bacfc9-0b3e-46f1-a17a-eee78bb756ce", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "1d0a728a-d9dc-4604-bac3-8ead48a9cb08", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "dc0af336-ed8f-4c81-8c6c-298bddcb46bf", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "a902457d-53c4-4d18-9ff4-e5e850816eec", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "ed4b6bf5-b6e7-4842-9c28-5479808a60ca", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "4aa2c376-1530-432a-89dc-d5761545bdcd", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "095faf3a-958e-427e-940e-0c546daa2335", - "clientId" : "account", - "name" : "${client_account}", - "baseUrl" : "/auth/realms/Examples/account", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "16685ec3-779d-4c15-9024-4d5a41e6f8b5", - "defaultRoles" : [ "view-profile", "manage-account" ], - "redirectUris" : [ "/auth/realms/Examples/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "attributes" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "2ee2fbea-ccb5-4113-b89f-14ef742aec8b", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "c19af2b3-8cf3-4a88-93fb-15a7c977560c", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "46dca0b5-7246-4745-91e8-c87e4f9b8d49", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "c1df7e2d-e052-4836-a323-969e114ac95f", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "65a4fee1-3641-4aa3-ac76-8829c7fc410f", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "2b7287cf-9345-4950-8c7c-13539cfd958c", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "afb55cf7-28ca-4b01-80ce-39b36aef0109", - "clientId" : "app-profile-html5", - "name" : "app-profile-html5", - "description" : "app-profile-html5", - "rootUrl" : "http://localhost:8080/app-profile-html5", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "2a1879d3-c873-4705-aee9-70c7249991eb", - "redirectUris" : [ "/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.signature.algorithm" : "RSA_SHA256", - "saml.encrypt" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml.server.signature" : "false", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "3e17ba98-4974-4361-9333-f69b5f1658cb", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "f7408fb9-f658-48be-97fd-00a1ef64ba13", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "8be7ab55-cac3-4ec7-b3b8-0a78aa89b42f", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "d46942f2-b378-4b64-83b1-e68860277ef7", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "f80e03ec-f30a-4eeb-9825-16f49313c18b", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "1a4e1d8e-7555-4363-b909-9467bd49bb7d", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - } ] - } ], - "browserSecurityHeaders" : { - "contentSecurityPolicy" : "frame-src 'self'", - "xFrameOptions" : "SAMEORIGIN" - }, - "smtpServer" : { }, - "eventsEnabled" : false, - "eventsListeners" : [ "jboss-logging" ], - "enabledEventTypes" : [ ], - "adminEventsEnabled" : false, - "adminEventsDetailsEnabled" : false, - "identityFederationEnabled" : false, - "internationalizationEnabled" : false, - "supportedLocales" : [ ], - "authenticationFlows" : [ { - "alias" : "Handle Existing Account", - "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-confirm-link", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 10 - }, { - "authenticator" : "idp-email-verification", - "autheticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "userSetupAllowed" : false, - "priority" : 20 - }, { - "flowAlias" : "Verify Existing Account by Re-authentication", - "autheticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "userSetupAllowed" : false, - "priority" : 30 - } ] - }, { - "alias" : "Verify Existing Account by Re-authentication", - "description" : "Reauthentication of existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-username-password-form", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 10 - }, { - "authenticator" : "auth-otp-form", - "autheticatorFlow" : false, - "requirement" : "OPTIONAL", - "userSetupAllowed" : false, - "priority" : 20 - } ] - }, { - "alias" : "browser", - "description" : "browser based authentication", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-cookie", - "autheticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "userSetupAllowed" : false, - "priority" : 10 - }, { - "authenticator" : "auth-spnego", - "autheticatorFlow" : false, - "requirement" : "DISABLED", - "userSetupAllowed" : false, - "priority" : 20 - }, { - "flowAlias" : "forms", - "autheticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "userSetupAllowed" : false, - "priority" : 30 - } ] - }, { - "alias" : "clients", - "description" : "Base authentication for clients", - "providerId" : "client-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "client-secret", - "autheticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "userSetupAllowed" : false, - "priority" : 10 - }, { - "authenticator" : "client-jwt", - "autheticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "userSetupAllowed" : false, - "priority" : 20 - } ] - }, { - "alias" : "direct grant", - "description" : "OpenID Connect Resource Owner Grant", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "direct-grant-validate-username", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 10 - }, { - "authenticator" : "direct-grant-validate-password", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 20 - }, { - "authenticator" : "direct-grant-validate-otp", - "autheticatorFlow" : false, - "requirement" : "OPTIONAL", - "userSetupAllowed" : false, - "priority" : 30 - } ] - }, { - "alias" : "first broker login", - "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "review profile config", - "authenticator" : "idp-review-profile", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 10 - }, { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "autheticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "userSetupAllowed" : false, - "priority" : 20 - }, { - "flowAlias" : "Handle Existing Account", - "autheticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "userSetupAllowed" : false, - "priority" : 30 - } ] - }, { - "alias" : "forms", - "description" : "Username, password, otp and other auth forms.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-username-password-form", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 10 - }, { - "authenticator" : "auth-otp-form", - "autheticatorFlow" : false, - "requirement" : "OPTIONAL", - "userSetupAllowed" : false, - "priority" : 20 - } ] - }, { - "alias" : "registration", - "description" : "registration flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-page-form", - "flowAlias" : "registration form", - "autheticatorFlow" : true, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 10 - } ] - }, { - "alias" : "registration form", - "description" : "registration form", - "providerId" : "form-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-user-creation", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 20 - }, { - "authenticator" : "registration-profile-action", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 40 - }, { - "authenticator" : "registration-password-action", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 50 - }, { - "authenticator" : "registration-recaptcha-action", - "autheticatorFlow" : false, - "requirement" : "DISABLED", - "userSetupAllowed" : false, - "priority" : 60 - } ] - }, { - "alias" : "reset credentials", - "description" : "Reset credentials for a user if they forgot their password or something", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "reset-credentials-choose-user", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 10 - }, { - "authenticator" : "reset-credential-email", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 20 - }, { - "authenticator" : "reset-password", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 30 - }, { - "authenticator" : "reset-otp", - "autheticatorFlow" : false, - "requirement" : "OPTIONAL", - "userSetupAllowed" : false, - "priority" : 40 - } ] - } ], - "authenticatorConfig" : [ { - "alias" : "create unique user config", - "config" : { - "require.password.update.after.registration" : "false" - } - }, { - "alias" : "review profile config", - "config" : { - "update.profile.on.first.login" : "missing" - } - } ], - "requiredActions" : [ { - "alias" : "CONFIGURE_TOTP", - "name" : "Configure Totp", - "providerId" : "CONFIGURE_TOTP", - "enabled" : true, - "defaultAction" : false, - "config" : { } - }, { - "alias" : "UPDATE_PASSWORD", - "name" : "Update Password", - "providerId" : "UPDATE_PASSWORD", - "enabled" : true, - "defaultAction" : false, - "config" : { } - }, { - "alias" : "UPDATE_PROFILE", - "name" : "Update Profile", - "providerId" : "UPDATE_PROFILE", - "enabled" : true, - "defaultAction" : false, - "config" : { } - }, { - "alias" : "VERIFY_EMAIL", - "name" : "Verify Email", - "providerId" : "VERIFY_EMAIL", - "enabled" : true, - "defaultAction" : false, - "config" : { } - }, { - "alias" : "terms_and_conditions", - "name" : "Terms and Conditions", - "providerId" : "terms_and_conditions", - "enabled" : false, - "defaultAction" : false, - "config" : { } - } ], - "browserFlow" : "browser", - "registrationFlow" : "registration", - "directGrantFlow" : "direct grant", - "resetCredentialsFlow" : "reset credentials", - "clientAuthenticationFlow" : "clients" -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/resources/examples-realm.json b/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/resources/examples-realm.json deleted file mode 100644 index 1f7d5fade6..0000000000 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/resources/examples-realm.json +++ /dev/null @@ -1,1795 +0,0 @@ -{ - "id" : "Examples", - "realm" : "Examples", - "notBefore" : 0, - "revokeRefreshToken" : false, - "accessTokenLifespan" : 300, - "accessTokenLifespanForImplicitFlow" : 900, - "ssoSessionIdleTimeout" : 1800, - "ssoSessionMaxLifespan" : 36000, - "offlineSessionIdleTimeout" : 2592000, - "accessCodeLifespan" : 60, - "accessCodeLifespanUserAction" : 300, - "accessCodeLifespanLogin" : 1800, - "enabled" : true, - "sslRequired" : "external", - "registrationAllowed" : false, - "registrationEmailAsUsername" : false, - "rememberMe" : false, - "verifyEmail" : false, - "resetPasswordAllowed" : false, - "editUsernameAllowed" : false, - "bruteForceProtected" : false, - "maxFailureWaitSeconds" : 900, - "minimumQuickLoginWaitSeconds" : 60, - "waitIncrementSeconds" : 60, - "quickLoginCheckMilliSeconds" : 1000, - "maxDeltaTimeSeconds" : 43200, - "failureFactor" : 30, - "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=", - "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", - "roles" : { - "realm" : [ { - "id" : "f540ac12-b9e7-45c3-9be8-d469f1051b16", - "name" : "offline_access", - "description" : "${role_offline-access}", - "scopeParamRequired" : true, - "composite" : false - }, { - "id" : "7d14d261-4590-4f10-8830-e9f7bca923d9", - "name" : "user", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "2897aa90-8c9e-49ef-b273-7074333a45b9", - "name" : "admin", - "scopeParamRequired" : false, - "composite" : false - } ], - "client" : { - "realm-management" : [ { - "id" : "f11b2b13-d6b5-401d-9a5a-da841cc24b78", - "name" : "manage-events", - "description" : "${role_manage-events}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "63278de8-8686-4a25-97f5-bc9ca505edd9", - "name" : "view-clients", - "description" : "${role_view-clients}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "4a152ca7-7efc-4ce5-b3bd-1cae29838710", - "name" : "view-realm", - "description" : "${role_view-realm}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "109166ed-30cf-4500-beb9-9c7bc06aa67a", - "name" : "view-users", - "description" : "${role_view-users}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "e7067af6-c3f1-4439-a33d-108ec0ac99bc", - "name" : "realm-admin", - "description" : "${role_realm-admin}", - "scopeParamRequired" : false, - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "view-events", "manage-identity-providers", "impersonation", "view-clients", "manage-events", "view-realm", "view-identity-providers", "manage-users", "manage-clients", "create-client", "view-users", "manage-realm" ] - } - } - }, { - "id" : "2aaf70b6-a1a4-4a61-ad43-04f4c2a254e1", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "73a11338-48f4-4421-acfc-730fe3f3a799", - "name" : "view-events", - "description" : "${role_view-events}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "6a8d7a84-fcc9-4a80-b948-78eeb62d1ee5", - "name" : "impersonation", - "description" : "${role_impersonation}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "d2ccaa4a-953c-4c51-9d0f-323e0e2adaf4", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "e6bd5ddb-8b12-47ae-8750-199b09e14fd9", - "name" : "manage-users", - "description" : "${role_manage-users}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "c8af8ff4-c3e9-4a3d-9b01-ffd1cd81353f", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "cd192455-0ac7-41f8-a375-c41d9c20967e", - "name" : "create-client", - "description" : "${role_create-client}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "cdf3138b-91e4-4993-9577-ae0b948e836f", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "scopeParamRequired" : false, - "composite" : false - } ], - "app-jee" : [ ], - "security-admin-console" : [ ], - "service-jaxrs" : [ ], - "app-profile-jee-saml" : [ ], - "app-profile-jee" : [ ], - "admin-cli" : [ ], - "app-html5" : [ ], - "broker" : [ { - "id" : "5320e8f7-9c24-4881-99d4-47d05534f166", - "name" : "read-token", - "description" : "${role_read-token}", - "scopeParamRequired" : false, - "composite" : false - } ], - "account" : [ { - "id" : "f24a5945-7751-4f5f-8d2b-733f83b89ca2", - "name" : "view-profile", - "description" : "${role_view-profile}", - "scopeParamRequired" : false, - "composite" : false - }, { - "id" : "4c29db3b-cd54-425f-918b-d62fd6256f49", - "name" : "manage-account", - "description" : "${role_manage-account}", - "scopeParamRequired" : false, - "composite" : false - } ], - "app-profile-html5" : [ ] - } - }, - "groups" : [ ], - "defaultRoles" : [ "offline_access" ], - "requiredCredentials" : [ "password" ], - "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", - "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, - "otpPolicyLookAheadWindow" : 1, - "otpPolicyPeriod" : 30, - "users" : [ { - "id" : "5c961fa6-c93f-4d95-b620-3abf74730b10", - "createdTimestamp" : 1449782544215, - "username" : "admin-user", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Admin", - "lastName" : "User", - "email" : "admin@user.com", - "credentials" : [ { - "type" : "password", - "hashedSaltedValue" : "nP2DTe9zXzvuzn4deQhmEqA7eKNs14tdMSaZgfdCHBmWm7mX5DHK/7C6rXjx7BZnE3uzDXKDjZsb2eQFixw9QA==", - "salt" : "uP98vzC7rZadMl1oB1YESg==", - "hashIterations" : 1, - "counter" : 0, - "digits" : 0 - } ], - "requiredActions" : [ ], - "realmRoles" : [ "offline_access", "user", "admin" ], - "clientRoles" : { - "account" : [ "view-profile", "manage-account" ] - }, - "groups" : [ ] - }, { - "id" : "5a5e3de6-8bbb-4a6f-b2f4-df2a39f46e4e", - "createdTimestamp" : 1449782197314, - "username" : "secure-user", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Secure", - "lastName" : "User", - "email" : "secure@user.com", - "credentials" : [ { - "type" : "password", - "hashedSaltedValue" : "Fu+o7j8wZZE4XyR6hRxAX0v3GM8Lzrt4bHVjSCpY86o/RP5tAhBMZsLEM8iZ97eOazKTzdofj2v8qnjpOIldJg==", - "salt" : "306EQU1PC5oVl/+j9XAqrg==", - "hashIterations" : 1, - "counter" : 0, - "digits" : 0 - } ], - "requiredActions" : [ ], - "realmRoles" : [ "offline_access", "user" ], - "clientRoles" : { - "account" : [ "view-profile", "manage-account" ] - }, - "groups" : [ ] - } ], - "clientScopeMappings" : { - "realm-management" : [ { - "client" : "security-admin-console", - "roles" : [ "realm-admin" ] - }, { - "client" : "admin-cli", - "roles" : [ "realm-admin" ] - } ] - }, - "clients" : [ { - "id" : "2c0a2e2b-e58a-41c5-811c-8047b3059b5c", - "clientId" : "realm-management", - "name" : "${client_realm-management}", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "79a77b77-0958-4a75-a5d0-a7f88d2376cb", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "attributes" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "f851fdbd-0f76-4a45-ac91-66a27ceaa514", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "f0787470-6265-47b4-8b18-ae9338eb2e43", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "039f4448-386c-4f3f-b691-ff71a96736d5", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "ec6f41d5-8f12-4f32-b069-1160a64fc09f", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "8f080912-609b-4cae-b892-7ceedd962293", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "8dd11379-330d-4a15-ac2c-af9f3ed4c1d7", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "f74c463c-f56c-4c10-add5-6c40a9dce522", - "clientId" : "app-jee", - "name" : "app-jee", - "description" : "app-jee", - "rootUrl" : "http://localhost:8080", - "adminUrl" : "/app-jee/", - "baseUrl" : "http://localhost:8080/app-jee/", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "7dfad209-79a0-4103-856c-d021ab7a052b", - "redirectUris" : [ "/app-jee/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.signature.algorithm" : "RSA_SHA256", - "saml.encrypt" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml.server.signature" : "false", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "57b5cf15-7f2b-41f8-bd1f-0af62cc370cb", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "bd6ada89-d446-40e3-99d5-5f22abce773c", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "918d97f3-e3aa-4793-b353-9ba68ce893f0", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "1c6943e0-ac48-4b81-8e7e-b71219a94fe3", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "c0285e8f-a09d-4fac-88ff-8444f27c6002", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "403b483e-82c5-4bd9-b9ea-d09e9e80022f", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] - }, { - "id" : "d2a31747-475f-41a2-9e75-fe1e4c03dd94", - "clientId" : "security-admin-console", - "name" : "${client_security-admin-console}", - "baseUrl" : "/auth/admin/Examples/console/index.html", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "4c9ce312-f07a-461a-8cdc-2f2cf96062d1", - "redirectUris" : [ "/auth/admin/Examples/console/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "attributes" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "355f43b3-4750-4409-8a48-489bb5e314d6", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "5a686b95-9b95-467d-a3b9-b7abf85484fe", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "abf9e75c-d465-464f-b945-1cfd2313f4ee", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "consentText" : "${locale}", - "config" : { - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - }, { - "id" : "dcf71134-ddcd-4215-b395-c0c6457c1e7d", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "dc4cdda7-ea73-42fa-b4b4-f91141dfd4db", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "ee8ae69b-d107-4b50-a522-14eafe993e40", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "53040785-a874-48b0-b6c5-3f73378ff993", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "60e7cc2e-0884-43a1-8ff5-7e86e199488b", - "clientId" : "service-jaxrs", - "name" : "service-jaxrs", - "description" : "service-jaxrs", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "23ee787b-e9fe-473b-aa53-ccaf1d98edaa", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.signature.algorithm" : "RSA_SHA256", - "saml.encrypt" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml.server.signature" : "false", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "15515c6f-189d-4e1f-ae1c-255610c1217b", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "ef6db9ea-d9f2-4eb4-8efc-67b593adea56", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "1692f65c-59f9-44f6-876f-cfa06b6d08dc", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "0d42629e-ffec-4acf-93e7-30f02576f965", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "c57e082a-43b7-42db-b9fb-61c8b80c82f6", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "a0b948fe-c404-4e45-a1a4-cb2c64cc4f8c", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "b1b260e2-108c-4adb-9732-8a0e0d692459", - "clientId" : "app-profile-jee-saml", - "name" : "app-profile-jee-saml", - "description" : "app-profile-jee-saml", - "rootUrl" : "http://localhost:8080", - "adminUrl" : "http://localhost:8080/app-profile-jee-saml/", - "baseUrl" : "http://localhost:8080/app-profile-jee-saml/", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "171ee9fe-92bf-4080-8055-addfb6cc6d43", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "saml", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.signature.algorithm" : "RSA_SHA256", - "saml.encrypt" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml.server.signature" : "false", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "f86b2e20-af97-4f3c-b427-3615fc4cfa3c", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "984fbaff-98ff-4893-8102-eef611b3d454", - "name" : "X500 surname", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - "user.attribute" : "lastName", - "friendly.name" : "surname", - "attribute.name" : "urn:oid:2.5.4.4" - } - }, { - "id" : "0ddd2206-0fbf-4e21-bffc-ec0d73eb7725", - "name" : "X500 email", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - "user.attribute" : "email", - "friendly.name" : "email", - "attribute.name" : "urn:oid:1.2.840.113549.1.9.1" - } - }, { - "id" : "acc82bfd-9033-4c2e-95e6-49017ae88a59", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "89ed44c1-7cf0-44f9-b098-d01b00d975b0", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "568b6670-1a5e-4996-8df8-733d0e52751d", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "591ddc4c-1482-4fd1-a9ff-826f4a4aee87", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "6f9bb8ee-e8a5-45ae-a5b5-4900453afe3c", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "79edf0eb-5ee6-4877-82c9-8bafe093bbb8", - "name" : "X500 givenName", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - "user.attribute" : "firstName", - "friendly.name" : "givenName", - "attribute.name" : "urn:oid:2.5.4.42" - } - } ] - }, { - "id" : "534efc58-fca1-4c17-b99d-5a80723111e5", - "clientId" : "app-profile-jee", - "name" : "app-profile-jee", - "description" : "app-profile-jee", - "rootUrl" : "http://localhost:8080", - "adminUrl" : "/app-profile-jee/", - "baseUrl" : "http://localhost:8080/app-profile-jee/", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "4f36f31a-be9d-4f92-b982-425301bac5df", - "redirectUris" : [ "/app-profile-jee/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.signature.algorithm" : "RSA_SHA256", - "saml.encrypt" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml.server.signature" : "false", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "c9f8b614-ea9b-44f6-93f0-ce220ad6ddfe", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "56a03f82-87a9-4833-9549-d78d5b6f2103", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "f474ef62-f007-46a5-8962-8b1481bfb860", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "b541572f-436a-4408-bb85-d8b631601e47", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "306b0092-011a-49b4-a281-9242d10f97b6", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "c8b5e83d-4f44-4ba9-a536-ffceefa7b957", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "201c1be5-776b-469a-879f-b709d8524ec1", - "clientId" : "admin-cli", - "name" : "${client_admin-cli}", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "fbe821af-b7ac-42af-b3af-9ba5b6c57bf4", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "attributes" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "317718b2-3201-47f0-82c9-d2f7975fbe2e", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "6877e1b9-8cb1-4074-b600-95542c894c7e", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "e2f5fafb-6b11-42a6-a795-26f447c87a60", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "51aaed4e-254f-49eb-81d7-2dc591e0d46b", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "97ef8e04-cdb7-456e-b2e7-a9072c7af941", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "c1f3947d-fb60-48d7-88f4-93665325a0e4", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "36526376-011d-49e9-8f17-88e7ebdcc975", - "clientId" : "app-html5", - "name" : "app-html5", - "description" : "app-html5", - "rootUrl" : "http://localhost:8080", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "c3d0b5c9-adbd-4948-9416-86d5cd66b714", - "redirectUris" : [ "/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.signature.algorithm" : "RSA_SHA256", - "saml.encrypt" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml.server.signature" : "false", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "6a34552a-e325-4890-8a11-ba1052a4c1f4", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "2e89927d-d26f-45c3-b2e4-792e7d047dd8", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "4a243cca-f719-4cfa-bcd3-95cd8c03eabd", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "66a9cc11-ea38-4506-a8e7-e8dfbc9a1cbd", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "6c659824-9beb-4dc1-a19a-6839d0b827a9", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "86f85aec-692e-40f7-933d-2bb60619c43e", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "ee300a81-4085-4513-987b-70d1dfbb3677", - "clientId" : "broker", - "name" : "${client_broker}", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "dc5ff222-409b-4516-bdfb-b9dcad78f1be", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "attributes" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "48bacfc9-0b3e-46f1-a17a-eee78bb756ce", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "1d0a728a-d9dc-4604-bac3-8ead48a9cb08", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "dc0af336-ed8f-4c81-8c6c-298bddcb46bf", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "a902457d-53c4-4d18-9ff4-e5e850816eec", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "ed4b6bf5-b6e7-4842-9c28-5479808a60ca", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "4aa2c376-1530-432a-89dc-d5761545bdcd", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "095faf3a-958e-427e-940e-0c546daa2335", - "clientId" : "account", - "name" : "${client_account}", - "baseUrl" : "/auth/realms/Examples/account", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "16685ec3-779d-4c15-9024-4d5a41e6f8b5", - "defaultRoles" : [ "view-profile", "manage-account" ], - "redirectUris" : [ "/auth/realms/Examples/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "attributes" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "2ee2fbea-ccb5-4113-b89f-14ef742aec8b", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "c19af2b3-8cf3-4a88-93fb-15a7c977560c", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "46dca0b5-7246-4745-91e8-c87e4f9b8d49", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "c1df7e2d-e052-4836-a323-969e114ac95f", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "65a4fee1-3641-4aa3-ac76-8829c7fc410f", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "2b7287cf-9345-4950-8c7c-13539cfd958c", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "afb55cf7-28ca-4b01-80ce-39b36aef0109", - "clientId" : "app-profile-html5", - "name" : "app-profile-html5", - "description" : "app-profile-html5", - "rootUrl" : "http://localhost:8080/app-profile-html5", - "surrogateAuthRequired" : false, - "enabled" : true, - "clientAuthenticatorType" : "client-secret", - "secret" : "2a1879d3-c873-4705-aee9-70c7249991eb", - "redirectUris" : [ "/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.signature.algorithm" : "RSA_SHA256", - "saml.encrypt" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml.server.signature" : "false", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "3e17ba98-4974-4361-9333-f69b5f1658cb", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : true, - "consentText" : "${fullName}", - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - }, { - "id" : "f7408fb9-f658-48be-97fd-00a1ef64ba13", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - }, { - "id" : "8be7ab55-cac3-4ec7-b3b8-0a78aa89b42f", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${username}", - "config" : { - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "d46942f2-b378-4b64-83b1-e68860277ef7", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${email}", - "config" : { - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - }, { - "id" : "f80e03ec-f30a-4eeb-9825-16f49313c18b", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${givenName}", - "config" : { - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "1a4e1d8e-7555-4363-b909-9467bd49bb7d", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : true, - "consentText" : "${familyName}", - "config" : { - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - } ] - } ], - "browserSecurityHeaders" : { - "contentSecurityPolicy" : "frame-src 'self'", - "xFrameOptions" : "SAMEORIGIN" - }, - "smtpServer" : { }, - "eventsEnabled" : false, - "eventsListeners" : [ "jboss-logging" ], - "enabledEventTypes" : [ ], - "adminEventsEnabled" : false, - "adminEventsDetailsEnabled" : false, - "identityFederationEnabled" : false, - "internationalizationEnabled" : false, - "supportedLocales" : [ ], - "authenticationFlows" : [ { - "alias" : "Handle Existing Account", - "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-confirm-link", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 10 - }, { - "authenticator" : "idp-email-verification", - "autheticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "userSetupAllowed" : false, - "priority" : 20 - }, { - "flowAlias" : "Verify Existing Account by Re-authentication", - "autheticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "userSetupAllowed" : false, - "priority" : 30 - } ] - }, { - "alias" : "Verify Existing Account by Re-authentication", - "description" : "Reauthentication of existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-username-password-form", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 10 - }, { - "authenticator" : "auth-otp-form", - "autheticatorFlow" : false, - "requirement" : "OPTIONAL", - "userSetupAllowed" : false, - "priority" : 20 - } ] - }, { - "alias" : "browser", - "description" : "browser based authentication", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-cookie", - "autheticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "userSetupAllowed" : false, - "priority" : 10 - }, { - "authenticator" : "auth-spnego", - "autheticatorFlow" : false, - "requirement" : "DISABLED", - "userSetupAllowed" : false, - "priority" : 20 - }, { - "flowAlias" : "forms", - "autheticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "userSetupAllowed" : false, - "priority" : 30 - } ] - }, { - "alias" : "clients", - "description" : "Base authentication for clients", - "providerId" : "client-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "client-secret", - "autheticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "userSetupAllowed" : false, - "priority" : 10 - }, { - "authenticator" : "client-jwt", - "autheticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "userSetupAllowed" : false, - "priority" : 20 - } ] - }, { - "alias" : "direct grant", - "description" : "OpenID Connect Resource Owner Grant", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "direct-grant-validate-username", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 10 - }, { - "authenticator" : "direct-grant-validate-password", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 20 - }, { - "authenticator" : "direct-grant-validate-otp", - "autheticatorFlow" : false, - "requirement" : "OPTIONAL", - "userSetupAllowed" : false, - "priority" : 30 - } ] - }, { - "alias" : "first broker login", - "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "review profile config", - "authenticator" : "idp-review-profile", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 10 - }, { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "autheticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "userSetupAllowed" : false, - "priority" : 20 - }, { - "flowAlias" : "Handle Existing Account", - "autheticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "userSetupAllowed" : false, - "priority" : 30 - } ] - }, { - "alias" : "forms", - "description" : "Username, password, otp and other auth forms.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-username-password-form", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 10 - }, { - "authenticator" : "auth-otp-form", - "autheticatorFlow" : false, - "requirement" : "OPTIONAL", - "userSetupAllowed" : false, - "priority" : 20 - } ] - }, { - "alias" : "registration", - "description" : "registration flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-page-form", - "flowAlias" : "registration form", - "autheticatorFlow" : true, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 10 - } ] - }, { - "alias" : "registration form", - "description" : "registration form", - "providerId" : "form-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-user-creation", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 20 - }, { - "authenticator" : "registration-profile-action", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 40 - }, { - "authenticator" : "registration-password-action", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 50 - }, { - "authenticator" : "registration-recaptcha-action", - "autheticatorFlow" : false, - "requirement" : "DISABLED", - "userSetupAllowed" : false, - "priority" : 60 - } ] - }, { - "alias" : "reset credentials", - "description" : "Reset credentials for a user if they forgot their password or something", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "reset-credentials-choose-user", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 10 - }, { - "authenticator" : "reset-credential-email", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 20 - }, { - "authenticator" : "reset-password", - "autheticatorFlow" : false, - "requirement" : "REQUIRED", - "userSetupAllowed" : false, - "priority" : 30 - }, { - "authenticator" : "reset-otp", - "autheticatorFlow" : false, - "requirement" : "OPTIONAL", - "userSetupAllowed" : false, - "priority" : 40 - } ] - } ], - "authenticatorConfig" : [ { - "alias" : "create unique user config", - "config" : { - "require.password.update.after.registration" : "false" - } - }, { - "alias" : "review profile config", - "config" : { - "update.profile.on.first.login" : "missing" - } - } ], - "requiredActions" : [ { - "alias" : "CONFIGURE_TOTP", - "name" : "Configure Totp", - "providerId" : "CONFIGURE_TOTP", - "enabled" : true, - "defaultAction" : false, - "config" : { } - }, { - "alias" : "UPDATE_PASSWORD", - "name" : "Update Password", - "providerId" : "UPDATE_PASSWORD", - "enabled" : true, - "defaultAction" : false, - "config" : { } - }, { - "alias" : "UPDATE_PROFILE", - "name" : "Update Profile", - "providerId" : "UPDATE_PROFILE", - "enabled" : true, - "defaultAction" : false, - "config" : { } - }, { - "alias" : "VERIFY_EMAIL", - "name" : "Verify Email", - "providerId" : "VERIFY_EMAIL", - "enabled" : true, - "defaultAction" : false, - "config" : { } - }, { - "alias" : "terms_and_conditions", - "name" : "Terms and Conditions", - "providerId" : "terms_and_conditions", - "enabled" : false, - "defaultAction" : false, - "config" : { } - } ], - "browserFlow" : "browser", - "registrationFlow" : "registration", - "directGrantFlow" : "direct grant", - "resetCredentialsFlow" : "reset credentials", - "clientAuthenticationFlow" : "clients" -} \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/resources/test-realm.json b/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/resources/test-realm.json new file mode 100644 index 0000000000..2ae0417836 --- /dev/null +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/remote/src/test/resources/test-realm.json @@ -0,0 +1,52 @@ +{ + "id": "Test", + "realm": "Test", + "enabled": true, + "accessTokenLifespan": 600, + "accessCodeLifespan": 10, + "accessCodeLifespanUserAction": 6000, + "sslRequired": "external", + "registrationAllowed": false, + "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=", + "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", + "requiredCredentials": ["password"], + "users": [{ + "username": "admin-user", + "enabled": true, + "firstName": "Admin", + "lastName": "User", + "email": "admin@user.com", + "credentials": [{ + "type": "password", + "value": "password" + }], + "realmRoles": ["offline_access", "user", "admin"], + "clientRoles": { + "account": ["view-profile", "manage-account"] + } + }, { + "username": "secure-user", + "enabled": true, + "firstName": "Secure", + "lastName": "User", + "email": "secure@user.com", + "credentials": [{ + "type": "password", + "value": "password" + }], + "realmRoles": ["offline_access", "user"], + "clientRoles": { + "account": ["view-profile", "manage-account"] + } + }], + "clients": [ + { + "clientId": "app-profile-jee", + "enabled": true, + "adminUrl": "/app-profile-jee/", + "baseUrl": "/app-profile-jee/", + "redirectUris": ["/app-profile-jee/*"], + "secret": "4f36f31a-be9d-4f92-b982-425301bac5df" + } + ] +} diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/WildflyOIDCAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/WildflyOIDCAdapterTest.java index 51ba75e452..abea3dbe67 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/WildflyOIDCAdapterTest.java +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/WildflyOIDCAdapterTest.java @@ -1,6 +1,6 @@ package org.keycloak.testsuite.adapter; -import org.keycloak.testsuite.adapter.servlet.AbstractDemoServletsAdapterTest; +import org.keycloak.testsuite.adapter.servlet.AbstractJBossOIDCServletsAdapterTest; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; /** @@ -8,6 +8,6 @@ import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; * @author tkyjovsk */ @AppServerContainer("app-server-wildfly") -public class WildflyOIDCAdapterTest extends AbstractDemoServletsAdapterTest { +public class WildflyOIDCAdapterTest extends AbstractJBossOIDCServletsAdapterTest { } diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly8/src/test/java/org/keycloak/testsuite/adapter/Wildfly8OIDCAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly8/src/test/java/org/keycloak/testsuite/adapter/Wildfly8OIDCAdapterTest.java index f853f0db57..2ffdfb2bd8 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly8/src/test/java/org/keycloak/testsuite/adapter/Wildfly8OIDCAdapterTest.java +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly8/src/test/java/org/keycloak/testsuite/adapter/Wildfly8OIDCAdapterTest.java @@ -1,6 +1,6 @@ package org.keycloak.testsuite.adapter; -import org.keycloak.testsuite.adapter.servlet.AbstractDemoServletsAdapterTest; +import org.keycloak.testsuite.adapter.servlet.AbstractJBossOIDCServletsAdapterTest; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; /** @@ -8,6 +8,6 @@ import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; * @author tkyjovsk */ @AppServerContainer("app-server-wildfly8") -public class Wildfly8OIDCAdapterTest extends AbstractDemoServletsAdapterTest { +public class Wildfly8OIDCAdapterTest extends AbstractJBossOIDCServletsAdapterTest { } diff --git a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/src/test/java/org/keycloak/testsuite/adapter/Wildfly9OIDCAdapterTest.java b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/src/test/java/org/keycloak/testsuite/adapter/Wildfly9OIDCAdapterTest.java index 8c92df2f24..0ffc804d59 100644 --- a/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/src/test/java/org/keycloak/testsuite/adapter/Wildfly9OIDCAdapterTest.java +++ b/testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly9/src/test/java/org/keycloak/testsuite/adapter/Wildfly9OIDCAdapterTest.java @@ -1,6 +1,6 @@ package org.keycloak.testsuite.adapter; -import org.keycloak.testsuite.adapter.servlet.AbstractDemoServletsAdapterTest; +import org.keycloak.testsuite.adapter.servlet.AbstractJBossOIDCServletsAdapterTest; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; /** @@ -8,6 +8,6 @@ import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; * @author tkyjovsk */ @AppServerContainer("app-server-wildfly9") -public class Wildfly9OIDCAdapterTest extends AbstractDemoServletsAdapterTest { +public class Wildfly9OIDCAdapterTest extends AbstractJBossOIDCServletsAdapterTest { } diff --git a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/authentication/PasswordPolicy.java b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/authentication/PasswordPolicy.java index 501583f79f..fc26648c56 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/authentication/PasswordPolicy.java +++ b/testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/authentication/PasswordPolicy.java @@ -6,6 +6,7 @@ import org.openqa.selenium.WebElement; import org.openqa.selenium.support.FindBy; import org.openqa.selenium.support.ui.Select; +import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad; import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement; /** @@ -33,8 +34,9 @@ public class PasswordPolicy extends Authentication { public void addPolicy(Type policy, String value) { waitUntilElement(addPolicySelectElement).is().present(); addPolicySelect.selectByVisibleText(policy.getName()); - setPolicyValue(policy, value); + if (value != null) {setPolicyValue(policy, value);} primaryButton.click(); + waitForPageToLoad(driver); } @@ -43,15 +45,13 @@ public class PasswordPolicy extends Authentication { } public void addPolicy(Type policy) { - addPolicySelect.selectByVisibleText(policy.getName()); - primaryButton.click(); + addPolicy(policy, null); } public void removePolicy(Type policy) { getPolicyRow(policy).findElement(By.cssSelector("td.kc-action-cell")).click(); - if (!primaryButton.isDisplayed()) { - primaryButton.click(); - } + primaryButton.click(); + waitForPageToLoad(driver); } public void editPolicy(Type policy, int value) { @@ -61,6 +61,7 @@ public class PasswordPolicy extends Authentication { public void editPolicy(Type policy, String value) { setPolicyValue(policy, value); primaryButton.click(); + waitForPageToLoad(driver); } private void setPolicyValue(Type policy, String value) { diff --git a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authentication/PasswordPolicyTest.java b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authentication/PasswordPolicyTest.java index f20348a6da..97a4b212b6 100644 --- a/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authentication/PasswordPolicyTest.java +++ b/testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/authentication/PasswordPolicyTest.java @@ -49,6 +49,7 @@ public class PasswordPolicyTest extends AbstractConsoleTest { public void testAddAndRemovePolicy() { passwordPolicyPage.navigateTo(); passwordPolicyPage.addPolicy(DIGITS, 5); + assertAlertSuccess(); passwordPolicyPage.removePolicy(DIGITS); assertAlertSuccess(); } diff --git a/testsuite/integration-arquillian/tests/other/sssd/src/test/java/org/keycloak/testsuite/sssd/SSSDTest.java b/testsuite/integration-arquillian/tests/other/sssd/src/test/java/org/keycloak/testsuite/sssd/SSSDTest.java index 48ba4b464f..56fe43a0d7 100644 --- a/testsuite/integration-arquillian/tests/other/sssd/src/test/java/org/keycloak/testsuite/sssd/SSSDTest.java +++ b/testsuite/integration-arquillian/tests/other/sssd/src/test/java/org/keycloak/testsuite/sssd/SSSDTest.java @@ -106,7 +106,6 @@ public class SSSDTest extends AbstractKeycloakTest { driver.navigate().to(getAccountUrl()); Assert.assertEquals("Browser should be on login page now", "Log in to " + REALM_NAME, driver.getTitle()); accountLoginPage.login(ADMIN_USERNAME, ADMIN_PASSWORD); - Assert.assertEquals("Unexpected error when handling authentication request to identity provider.", accountLoginPage.getInstruction()); } @@ -117,8 +116,7 @@ public class SSSDTest extends AbstractKeycloakTest { driver.navigate().to(getAccountUrl()); Assert.assertEquals("Browser should be on login page now", "Log in to " + REALM_NAME, driver.getTitle()); accountLoginPage.login(USERNAME, PASSWORD); - Assert.assertEquals("Browser should be on account page now, logged in", "Keycloak Account Management", driver.getTitle()); - + Assert.assertTrue(profilePage.isCurrent()); testUserGroups(); } diff --git a/testsuite/integration-arquillian/tests/pom.xml b/testsuite/integration-arquillian/tests/pom.xml index 9668db4389..bb9e838f6d 100755 --- a/testsuite/integration-arquillian/tests/pom.xml +++ b/testsuite/integration-arquillian/tests/pom.xml @@ -209,7 +209,7 @@ - org.wildfly + org.wildfly.arquillian wildfly-arquillian-container-remote diff --git a/themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js b/themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js index ed747ae30a..81af97b076 100755 --- a/themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js +++ b/themes/src/main/resources/theme/base/admin/resources/js/controllers/users.js @@ -637,6 +637,7 @@ module.controller('UserFederationCtrl', function($scope, $location, $route, real console.log('UserFederationCtrl ++++****'); $scope.realm = realm; $scope.providers = serverInfo.componentTypes['org.keycloak.storage.UserStorageProvider']; + $scope.instancesLoaded = false; if (!$scope.providers) $scope.providers = []; @@ -716,7 +717,7 @@ module.controller('UserFederationCtrl', function($scope, $location, $route, real data[i].isUserFederationProvider = true; $scope.instances.push(data[i]); } - + $scope.instancesLoaded = true; }); }); diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/user-federation.html b/themes/src/main/resources/theme/base/admin/resources/partials/user-federation.html index e4d2e4fb32..8298a999da 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/user-federation.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/user-federation.html @@ -3,7 +3,7 @@ {{:: 'user-federation' | translate}} -
+
diff --git a/wildfly/server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakAdapterConfigService.java b/wildfly/server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakAdapterConfigService.java index 32406257b6..538ed81cb8 100755 --- a/wildfly/server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakAdapterConfigService.java +++ b/wildfly/server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakAdapterConfigService.java @@ -85,7 +85,7 @@ public final class KeycloakAdapterConfigService { // be where the Keycloak server's Config interface expects it to be. private void massageScheduledTaskInterval(ModelNode copy) { - if (!copy.hasDefined("scheduled-task-intervale")) return; + if (!copy.hasDefined("scheduled-task-interval")) return; ModelNode taskInterval = copy.remove("scheduled-task-interval"); copy.get("scheduled", "interval").set(taskInterval); }