KEYCLOAK-1799 Download adapter JSON config with proper adapter

services/src/main/java/org/keycloak/authentication/ClientAuthenticatorFactory.java

@@ -1,7 +1,9 @@
 package org.keycloak.authentication;
 
 import java.util.List;
+import java.util.Map;
 
+import org.keycloak.models.ClientModel;
 import org.keycloak.provider.ProviderConfigProperty;
 import org.keycloak.provider.ProviderFactory;
 
@@ -33,4 +35,12 @@ public interface ClientAuthenticatorFactory extends ProviderFactory<ClientAuthen
      */
     List<ProviderConfigProperty> getConfigPropertiesPerClient();
 
+    /**
+     * Get configuration, which needs to be used for adapter ( keycloak.json ) of particular client. Some implementations
+     * may return just template and user needs to edit the values according to his environment (For example fill the location of keystore file)
+     *
+     * @return
+     */
+    Map<String, Object> getAdapterConfiguration(ClientModel client);
+
 }

services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java

@@ -1,8 +1,10 @@
 package org.keycloak.authentication.authenticators.client;
 
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
 
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MultivaluedMap;
@@ -20,6 +22,7 @@ import org.keycloak.models.ClientModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.provider.ProviderConfigProperty;
+import org.keycloak.representations.idm.CredentialRepresentation;
 import org.keycloak.util.BasicAuthHelper;
 
 /**
@@ -148,6 +151,13 @@ public class ClientIdAndSecretAuthenticator extends AbstractClientAuthenticator
         return Collections.emptyList();
     }
 
+    @Override
+    public Map<String, Object> getAdapterConfiguration(ClientModel client) {
+        Map<String, Object> result = new HashMap<>();
+        result.put(CredentialRepresentation.SECRET, client.getSecret());
+        return result;
+    }
+
     @Override
     public String getId() {
         return PROVIDER_ID;

services/src/main/java/org/keycloak/authentication/authenticators/client/JWTClientAuthenticator.java

@@ -3,8 +3,10 @@ package org.keycloak.authentication.authenticators.client;
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
 
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
@@ -165,6 +167,21 @@ public class JWTClientAuthenticator extends AbstractClientAuthenticator {
         return Collections.emptyList();
     }
 
+    @Override
+    public Map<String, Object> getAdapterConfiguration(ClientModel client) {
+        Map<String, Object> props = new HashMap<>();
+        props.put("client-keystore-file", "REPLACE WITH THE LOCATION OF YOUR KEYSTORE FILE");
+        props.put("client-keystore-type", "jks");
+        props.put("client-keystore-password", "REPLACE WITH THE KEYSTORE PASSWORD");
+        props.put("client-key-password", "REPLACE WITH THE KEY PASSWORD IN KEYSTORE");
+        props.put("client-key-alias", client.getClientId());
+        props.put("token-timeout", 10);
+
+        Map<String, Object> config = new HashMap<>();
+        config.put("jwt", props);
+        return config;
+    }
+
     @Override
     public String getId() {
         return PROVIDER_ID;

services/src/main/java/org/keycloak/services/managers/ClientManager.java

@@ -3,6 +3,8 @@ package org.keycloak.services.managers;
 import org.codehaus.jackson.annotate.JsonProperty;
 import org.codehaus.jackson.annotate.JsonPropertyOrder;
 import org.jboss.logging.Logger;
+import org.keycloak.authentication.ClientAuthenticator;
+import org.keycloak.authentication.ClientAuthenticatorFactory;
 import org.keycloak.constants.ServiceAccountConstants;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.ProtocolMapperModel;
@@ -156,7 +158,7 @@ public class ClientManager {
         @JsonProperty("public-client")
         protected Boolean publicClient;
         @JsonProperty("credentials")
-        protected Map<String, String> credentials;
+        protected Map<String, Object> credentials;
 
         public Boolean isUseResourceRoleMappings() {
             return useResourceRoleMappings;
@@ -174,11 +176,11 @@ public class ClientManager {
             this.resource = resource;
         }
 
-        public Map<String, String> getCredentials() {
+        public Map<String, Object> getCredentials() {
             return credentials;
         }
 
-        public void setCredentials(Map<String, String> credentials) {
+        public void setCredentials(Map<String, Object> credentials) {
             this.credentials = credentials;
         }
 
@@ -214,10 +216,10 @@ public class ClientManager {
         rep.setResource(clientModel.getClientId());
 
         if (!clientModel.isBearerOnly() && !clientModel.isPublicClient()) {
-            Map<String, String> creds = new HashMap<String, String>();
-            String cred = clientModel.getSecret();
-            creds.put(CredentialRepresentation.SECRET, cred);
-            rep.setCredentials(creds);
+            String clientAuthenticator = clientModel.getClientAuthenticatorType();
+            ClientAuthenticatorFactory authenticator = (ClientAuthenticatorFactory) realmManager.getSession().getKeycloakSessionFactory().getProviderFactory(ClientAuthenticator.class, clientAuthenticator);
+            Map<String, Object> adapterConfig = authenticator.getAdapterConfiguration(clientModel);
+            rep.setCredentials(adapterConfig);
         }
 
         return rep;

testsuite/integration/src/test/java/org/keycloak/testsuite/forms/PassThroughClientAuthenticator.java

@@ -1,8 +1,10 @@
 package org.keycloak.testsuite.forms;
 
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
 
 import org.keycloak.authentication.AuthenticationFlowError;
 import org.keycloak.authentication.ClientAuthenticationFlowContext;
@@ -88,6 +90,17 @@ public class PassThroughClientAuthenticator extends AbstractClientAuthenticator
         return clientConfigProperties;
     }
 
+    @Override
+    public Map<String, Object> getAdapterConfiguration(ClientModel client) {
+        Map<String, Object> props = new HashMap<>();
+        props.put("foo", "some foo value");
+        props.put("bar", true);
+
+        Map<String, Object> config = new HashMap<>();
+        config.put("dummy", props);
+        return config;
+    }
+
     @Override
     public String getId() {
         return PROVIDER_ID;