diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.2.0.RC1.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.2.0.RC1.xml index 7b8c877113..972b7d9788 100755 --- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.2.0.RC1.xml +++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.2.0.RC1.xml @@ -78,6 +78,11 @@ + + + + + DTYPE = 'OAuthClientEntity' diff --git a/core/src/main/java/org/keycloak/representations/idm/ClientIdentityProviderMappingRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/ClientIdentityProviderMappingRepresentation.java deleted file mode 100644 index fdc02d3117..0000000000 --- a/core/src/main/java/org/keycloak/representations/idm/ClientIdentityProviderMappingRepresentation.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * JBoss, Home of Professional Open Source - * - * Copyright 2013 Red Hat, Inc. and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.representations.idm; - -/** - * @author pedroigor - */ -public class ClientIdentityProviderMappingRepresentation { - - protected String id; - protected boolean retrieveToken; - - public String getId() { - return this.id; - } - - public void setId(String identityProviderId) { - this.id = identityProviderId; - } - - public boolean isRetrieveToken() { - return this.retrieveToken; - } - - public void setRetrieveToken(boolean retrieveToken) { - this.retrieveToken = retrieveToken; - } -} diff --git a/core/src/main/java/org/keycloak/representations/idm/ClientRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/ClientRepresentation.java index de40f101ca..1643813eec 100755 --- a/core/src/main/java/org/keycloak/representations/idm/ClientRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/ClientRepresentation.java @@ -29,7 +29,6 @@ public class ClientRepresentation { protected Boolean fullScopeAllowed; protected Integer nodeReRegistrationTimeout; protected Map registeredNodes; - protected List identityProviders; protected List protocolMappers; public String getId() { @@ -200,14 +199,6 @@ public class ClientRepresentation { this.frontchannelLogout = frontchannelLogout; } - public List getIdentityProviders() { - return this.identityProviders; - } - - public void setIdentityProviders(List identityProviders) { - this.identityProviders = identityProviders; - } - public List getProtocolMappers() { return protocolMappers; } diff --git a/core/src/main/java/org/keycloak/representations/idm/IdentityProviderRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/IdentityProviderRepresentation.java index 2e89c645e7..c456355d9b 100755 --- a/core/src/main/java/org/keycloak/representations/idm/IdentityProviderRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/IdentityProviderRepresentation.java @@ -31,6 +31,7 @@ public class IdentityProviderRepresentation { protected boolean enabled = true; protected boolean updateProfileFirstLogin = true; protected boolean storeToken; + protected boolean addReadTokenRoleOnCreate; protected boolean authenticateByDefault; protected Map config = new HashMap(); @@ -97,4 +98,12 @@ public class IdentityProviderRepresentation { public void setStoreToken(boolean storeToken) { this.storeToken = storeToken; } + + public boolean isAddReadTokenRoleOnCreate() { + return addReadTokenRoleOnCreate; + } + + public void setAddReadTokenRoleOnCreate(boolean addReadTokenRoleOnCreate) { + this.addReadTokenRoleOnCreate = addReadTokenRoleOnCreate; + } } diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html index 0d1d027932..6ae4a81c77 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html +++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html @@ -41,13 +41,20 @@ - - - - - - - +
+ +
+ +
+ +
+
+ +
+ +
+ +
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html index ef62c07612..6746d0a8a7 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html +++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html @@ -41,13 +41,20 @@
- - - - - - - +
+ +
+ +
+ +
+
+ +
+ +
+ +
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html index dd0709392a..3c9260ab77 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html +++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html @@ -45,13 +45,20 @@
- - - - - - - +
+ +
+ +
+ +
+
+ +
+ +
+ +
diff --git a/model/api/src/main/java/org/keycloak/models/ClientIdentityProviderMappingModel.java b/model/api/src/main/java/org/keycloak/models/ClientIdentityProviderMappingModel.java deleted file mode 100644 index e3b84014a8..0000000000 --- a/model/api/src/main/java/org/keycloak/models/ClientIdentityProviderMappingModel.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * JBoss, Home of Professional Open Source - * - * Copyright 2013 Red Hat, Inc. and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.models; - -/** - * @author pedroigor - */ -public class ClientIdentityProviderMappingModel { - - private String identityProvider; - private boolean retrieveToken; - - public String getIdentityProvider() { - return this.identityProvider; - } - - public void setIdentityProvider(String identityProviderModel) { - this.identityProvider = identityProviderModel; - } - - public boolean isRetrieveToken() { - return this.retrieveToken; - } - - public void setRetrieveToken(boolean retrieveToken) { - this.retrieveToken = retrieveToken; - } -} diff --git a/model/api/src/main/java/org/keycloak/models/IdentityProviderModel.java b/model/api/src/main/java/org/keycloak/models/IdentityProviderModel.java index 0328087c6b..c7cb4a797a 100755 --- a/model/api/src/main/java/org/keycloak/models/IdentityProviderModel.java +++ b/model/api/src/main/java/org/keycloak/models/IdentityProviderModel.java @@ -47,6 +47,7 @@ public class IdentityProviderModel { private boolean storeToken; + protected boolean addReadTokenRoleOnCreate; /** * Specifies if particular provider should be used by default for authentication even before displaying login screen */ @@ -70,6 +71,7 @@ public class IdentityProviderModel { this.updateProfileFirstLogin = model.isUpdateProfileFirstLogin(); this.storeToken = model.isStoreToken(); this.authenticateByDefault = model.isAuthenticateByDefault(); + this.addReadTokenRoleOnCreate = model.addReadTokenRoleOnCreate; } public String getInternalId() { @@ -135,4 +137,12 @@ public class IdentityProviderModel { public void setConfig(Map config) { this.config = config; } + + public boolean isAddReadTokenRoleOnCreate() { + return addReadTokenRoleOnCreate; + } + + public void setAddReadTokenRoleOnCreate(boolean addReadTokenRoleOnCreate) { + this.addReadTokenRoleOnCreate = addReadTokenRoleOnCreate; + } } diff --git a/model/api/src/main/java/org/keycloak/models/entities/IdentityProviderEntity.java b/model/api/src/main/java/org/keycloak/models/entities/IdentityProviderEntity.java index 4effc07c27..04dd0bceec 100755 --- a/model/api/src/main/java/org/keycloak/models/entities/IdentityProviderEntity.java +++ b/model/api/src/main/java/org/keycloak/models/entities/IdentityProviderEntity.java @@ -32,6 +32,7 @@ public class IdentityProviderEntity { private boolean enabled; private boolean updateProfileFirstLogin; private boolean storeToken; + protected boolean addReadTokenRoleOnCreate; private boolean authenticateByDefault; private Map config = new HashMap(); @@ -107,4 +108,12 @@ public class IdentityProviderEntity { public void setConfig(Map config) { this.config = config; } + + public boolean isAddReadTokenRoleOnCreate() { + return addReadTokenRoleOnCreate; + } + + public void setAddReadTokenRoleOnCreate(boolean addReadTokenRoleOnCreate) { + this.addReadTokenRoleOnCreate = addReadTokenRoleOnCreate; + } } diff --git a/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java b/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java index 63be7f03ab..d0bedfd258 100755 --- a/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java +++ b/model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java @@ -293,6 +293,7 @@ public class ModelToRepresentation { providerRep.setUpdateProfileFirstLogin(identityProviderModel.isUpdateProfileFirstLogin()); providerRep.setAuthenticateByDefault(identityProviderModel.isAuthenticateByDefault()); providerRep.setConfig(identityProviderModel.getConfig()); + providerRep.setAddReadTokenRoleOnCreate(identityProviderModel.isAddReadTokenRoleOnCreate()); return providerRep; } diff --git a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java index 282d37608d..0ee6a599ca 100755 --- a/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java +++ b/model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java @@ -885,6 +885,7 @@ public class RepresentationToModel { identityProviderModel.setUpdateProfileFirstLogin(representation.isUpdateProfileFirstLogin()); identityProviderModel.setAuthenticateByDefault(representation.isAuthenticateByDefault()); identityProviderModel.setStoreToken(representation.isStoreToken()); + identityProviderModel.setAddReadTokenRoleOnCreate(representation.isAddReadTokenRoleOnCreate()); identityProviderModel.setConfig(representation.getConfig()); return identityProviderModel; diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java index 4cc5ddf952..8618ddb7a1 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java @@ -1093,6 +1093,7 @@ public class RealmAdapter implements RealmModel { identityProviderModel.setUpdateProfileFirstLogin(entity.isUpdateProfileFirstLogin()); identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault()); identityProviderModel.setStoreToken(entity.isStoreToken()); + identityProviderModel.setAddReadTokenRoleOnCreate(entity.isAddReadTokenRoleOnCreate()); identityProviders.add(identityProviderModel); } @@ -1120,6 +1121,7 @@ public class RealmAdapter implements RealmModel { entity.setProviderId(identityProvider.getProviderId()); entity.setEnabled(identityProvider.isEnabled()); entity.setStoreToken(identityProvider.isStoreToken()); + entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate()); entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin()); entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault()); entity.setConfig(identityProvider.getConfig()); @@ -1148,6 +1150,7 @@ public class RealmAdapter implements RealmModel { entity.setEnabled(identityProvider.isEnabled()); entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin()); entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault()); + entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate()); entity.setStoreToken(identityProvider.isStoreToken()); entity.setConfig(identityProvider.getConfig()); } diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java index 00671fb32f..ba6de02019 100755 --- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java +++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java @@ -47,6 +47,9 @@ public class IdentityProviderEntity { @Column(name="STORE_TOKEN") private boolean storeToken; + @Column(name="ADD_TOKEN_ROLE") + protected boolean addReadTokenRoleOnCreate; + @Column(name="AUTHENTICATE_BY_DEFAULT") private boolean authenticateByDefault; @@ -128,5 +131,11 @@ public class IdentityProviderEntity { this.config = config; } + public boolean isAddReadTokenRoleOnCreate() { + return addReadTokenRoleOnCreate; + } + public void setAddReadTokenRoleOnCreate(boolean addReadTokenRoleOnCreate) { + this.addReadTokenRoleOnCreate = addReadTokenRoleOnCreate; + } } \ No newline at end of file diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java index 27b62f6e3e..fb08290832 100755 --- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java +++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java @@ -763,6 +763,7 @@ public class RealmAdapter extends AbstractMongoAdapter impleme identityProviderModel.setUpdateProfileFirstLogin(entity.isUpdateProfileFirstLogin()); identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault()); identityProviderModel.setStoreToken(entity.isStoreToken()); + identityProviderModel.setAddReadTokenRoleOnCreate(entity.isAddReadTokenRoleOnCreate()); identityProviders.add(identityProviderModel); } @@ -790,6 +791,7 @@ public class RealmAdapter extends AbstractMongoAdapter impleme entity.setProviderId(identityProvider.getProviderId()); entity.setEnabled(identityProvider.isEnabled()); entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin()); + entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate()); entity.setStoreToken(identityProvider.isStoreToken()); entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault()); entity.setConfig(identityProvider.getConfig()); @@ -818,6 +820,7 @@ public class RealmAdapter extends AbstractMongoAdapter impleme entity.setEnabled(identityProvider.isEnabled()); entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin()); entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault()); + entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate()); entity.setStoreToken(identityProvider.isStoreToken()); entity.setConfig(identityProvider.getConfig()); } diff --git a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java index b2f5a530cb..e51c209769 100755 --- a/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java +++ b/services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java @@ -534,7 +534,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal federatedUser.setLastName(updatedIdentity.getLastName()); - if (updatedIdentity.getIdpConfig().isStoreToken()) { + if (updatedIdentity.getIdpConfig().isAddReadTokenRoleOnCreate()) { RoleModel readTokenRole = realmModel.getClientByClientId(Constants.BROKER_SERVICE_CLIENT_ID).getRole(READ_TOKEN_ROLE); federatedUser.grantRole(readTokenRole); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java index f1f1f97659..114aa0690e 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java @@ -7,7 +7,6 @@ import org.keycloak.broker.provider.IdentityProvider; import org.keycloak.broker.provider.IdentityProviderFactory; import org.keycloak.broker.provider.IdentityProviderMapper; import org.keycloak.models.ClientModel; -import org.keycloak.models.ClientIdentityProviderMappingModel; import org.keycloak.models.FederatedIdentityModel; import org.keycloak.models.IdentityProviderMapperModel; import org.keycloak.models.IdentityProviderModel; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java index 8ba95d2c4d..57add68c2b 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java @@ -157,7 +157,7 @@ public class AccountTest { }); } - //@Test + @Test public void ideTesting() throws Exception { Thread.sleep(100000000); } diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java index 5a783ff374..6b294e2b4c 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java @@ -30,7 +30,6 @@ import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; import org.keycloak.OAuth2Constants; -import org.keycloak.models.ClientIdentityProviderMappingModel; import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; import org.keycloak.models.FederatedIdentityModel; diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java index 4c10d4c1d7..9b1f643a84 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java @@ -31,7 +31,6 @@ import org.keycloak.broker.saml.SAMLIdentityProvider; import org.keycloak.broker.saml.SAMLIdentityProviderConfig; import org.keycloak.broker.saml.SAMLIdentityProviderFactory; import org.keycloak.models.ClientModel; -import org.keycloak.models.ClientIdentityProviderMappingModel; import org.keycloak.models.IdentityProviderModel; import org.keycloak.models.RealmModel; import org.keycloak.representations.idm.RealmRepresentation; diff --git a/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json b/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json index 1ac47ba949..50e45b907a 100755 --- a/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json +++ b/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json @@ -109,7 +109,8 @@ "alias" : "kc-saml-signed-idp", "providerId" : "saml", "enabled": true, - "updateProfileFirstLogin" : "true", + "updateProfileFirstLogin" : true, + "addReadTokenRoleOnCreate": true, "config": { "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-signed-idp/protocol/saml", "singleLogoutServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-signed-idp/protocol/saml", @@ -126,7 +127,8 @@ "alias" : "kc-saml-idp-basic", "providerId" : "saml", "enabled": true, - "updateProfileFirstLogin" : "true", + "updateProfileFirstLogin" : true, + "addReadTokenRoleOnCreate": true, "config": { "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-idp-basic/protocol/saml", "singleLogoutServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-idp-basic/protocol/saml", @@ -157,7 +159,8 @@ "providerId" : "keycloak-oidc", "enabled": true, "updateProfileFirstLogin" : "false", - "storeToken" : "true", + "storeToken" : true, + "addReadTokenRoleOnCreate": true, "config": { "clientId": "broker-app", "clientSecret": "secret", @@ -268,13 +271,7 @@ "redirectUris": [ "/test-app/*" ], - "webOrigins": [], - "identityProviders": [ - { - "id": "kc-oidc-idp", - "retrieveToken": false - } - ] + "webOrigins": [] } ], "oauthClients" : [