broker token role
This commit is contained in:
Bill Burke
parent
dae219d32e
commit
d49e0eda9e
21 changed files with 101 additions and 131 deletions
|
|
@ -78,6 +78,11 @@
|
||||||
<constraints nullable="false"/>
|
<constraints nullable="false"/>
|
||||||
</column>
|
</column>
|
||||||
</addColumn>
|
</addColumn>
|
||||||
|
<addColumn tableName="IDENTITY_PROVIDER">
|
||||||
|
<column name="ADD_TOKEN_ROLE" type="BOOLEAN" defaultValueBoolean="true">
|
||||||
|
<constraints nullable="false"/>
|
||||||
|
</column>
|
||||||
|
</addColumn>
|
||||||
<update tableName="CLIENT">
|
<update tableName="CLIENT">
|
||||||
<column name="CONSENT_REQUIRED" valueBoolean="true"/>
|
<column name="CONSENT_REQUIRED" valueBoolean="true"/>
|
||||||
<where>DTYPE = 'OAuthClientEntity'</where>
|
<where>DTYPE = 'OAuthClientEntity'</where>
|
||||||
|
|
|
||||||
|
|
@ -1,43 +0,0 @@
|
||||||
/*
|
|
||||||
* JBoss, Home of Professional Open Source
|
|
||||||
*
|
|
||||||
* Copyright 2013 Red Hat, Inc. and/or its affiliates.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.keycloak.representations.idm;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @author pedroigor
|
|
||||||
*/
|
|
||||||
public class ClientIdentityProviderMappingRepresentation {
|
|
||||||
|
|
||||||
protected String id;
|
|
||||||
protected boolean retrieveToken;
|
|
||||||
|
|
||||||
public String getId() {
|
|
||||||
return this.id;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setId(String identityProviderId) {
|
|
||||||
this.id = identityProviderId;
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean isRetrieveToken() {
|
|
||||||
return this.retrieveToken;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setRetrieveToken(boolean retrieveToken) {
|
|
||||||
this.retrieveToken = retrieveToken;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
@ -29,7 +29,6 @@ public class ClientRepresentation {
|
||||||
protected Boolean fullScopeAllowed;
|
protected Boolean fullScopeAllowed;
|
||||||
protected Integer nodeReRegistrationTimeout;
|
protected Integer nodeReRegistrationTimeout;
|
||||||
protected Map<String, Integer> registeredNodes;
|
protected Map<String, Integer> registeredNodes;
|
||||||
protected List<ClientIdentityProviderMappingRepresentation> identityProviders;
|
|
||||||
protected List<ProtocolMapperRepresentation> protocolMappers;
|
protected List<ProtocolMapperRepresentation> protocolMappers;
|
||||||
|
|
||||||
public String getId() {
|
public String getId() {
|
||||||
|
|
@ -200,14 +199,6 @@ public class ClientRepresentation {
|
||||||
this.frontchannelLogout = frontchannelLogout;
|
this.frontchannelLogout = frontchannelLogout;
|
||||||
}
|
}
|
||||||
|
|
||||||
public List<ClientIdentityProviderMappingRepresentation> getIdentityProviders() {
|
|
||||||
return this.identityProviders;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setIdentityProviders(List<ClientIdentityProviderMappingRepresentation> identityProviders) {
|
|
||||||
this.identityProviders = identityProviders;
|
|
||||||
}
|
|
||||||
|
|
||||||
public List<ProtocolMapperRepresentation> getProtocolMappers() {
|
public List<ProtocolMapperRepresentation> getProtocolMappers() {
|
||||||
return protocolMappers;
|
return protocolMappers;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -31,6 +31,7 @@ public class IdentityProviderRepresentation {
|
||||||
protected boolean enabled = true;
|
protected boolean enabled = true;
|
||||||
protected boolean updateProfileFirstLogin = true;
|
protected boolean updateProfileFirstLogin = true;
|
||||||
protected boolean storeToken;
|
protected boolean storeToken;
|
||||||
|
protected boolean addReadTokenRoleOnCreate;
|
||||||
protected boolean authenticateByDefault;
|
protected boolean authenticateByDefault;
|
||||||
protected Map<String, String> config = new HashMap<String, String>();
|
protected Map<String, String> config = new HashMap<String, String>();
|
||||||
|
|
||||||
|
|
@ -97,4 +98,12 @@ public class IdentityProviderRepresentation {
|
||||||
public void setStoreToken(boolean storeToken) {
|
public void setStoreToken(boolean storeToken) {
|
||||||
this.storeToken = storeToken;
|
this.storeToken = storeToken;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean isAddReadTokenRoleOnCreate() {
|
||||||
|
return addReadTokenRoleOnCreate;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setAddReadTokenRoleOnCreate(boolean addReadTokenRoleOnCreate) {
|
||||||
|
this.addReadTokenRoleOnCreate = addReadTokenRoleOnCreate;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -41,13 +41,20 @@
|
||||||
</div>
|
</div>
|
||||||
<span tooltip-placement="right" tooltip="Indicates if this provider should be tried by default for authentication even before displaying login screen" class="fa fa-info-circle"></span>
|
<span tooltip-placement="right" tooltip="Indicates if this provider should be tried by default for authentication even before displaying login screen" class="fa fa-info-circle"></span>
|
||||||
</div>
|
</div>
|
||||||
<!--<div class="form-group">-->
|
<div class="form-group">
|
||||||
<!--<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>-->
|
<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>
|
||||||
<!--<div class="col-sm-4">-->
|
<div class="col-sm-4">
|
||||||
<!--<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />-->
|
<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />
|
||||||
<!--</div>-->
|
</div>
|
||||||
<!--<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>-->
|
<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored after authenticating users." class="fa fa-info-circle"></span>
|
||||||
<!--</div>-->
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<label class="col-sm-2 control-label" for="storedTokensReadable">Stored Tokens Readable</label>
|
||||||
|
<div class="col-sm-4">
|
||||||
|
<input ng-model="identityProvider.addReadTokenRoleOnCreate" id="storedTokensReadable" onoffswitch />
|
||||||
|
</div>
|
||||||
|
<span tooltip-placement="right" tooltip="Enable/disable new users can read any stored tokens. This assigns the broker.READ_TOKEN role." class="fa fa-info-circle"></span>
|
||||||
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label class="col-sm-2 control-label" for="updateProfileFirstLogin">Update Profile on First Login</label>
|
<label class="col-sm-2 control-label" for="updateProfileFirstLogin">Update Profile on First Login</label>
|
||||||
<div class="col-sm-4">
|
<div class="col-sm-4">
|
||||||
|
|
|
||||||
|
|
@ -41,13 +41,20 @@
|
||||||
</div>
|
</div>
|
||||||
<span tooltip-placement="right" tooltip="Indicates if this provider should be tried by default for authentication even before displaying login screen" class="fa fa-info-circle"></span>
|
<span tooltip-placement="right" tooltip="Indicates if this provider should be tried by default for authentication even before displaying login screen" class="fa fa-info-circle"></span>
|
||||||
</div>
|
</div>
|
||||||
<!--<div class="form-group">-->
|
<div class="form-group">
|
||||||
<!--<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>-->
|
<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>
|
||||||
<!--<div class="col-sm-4">-->
|
<div class="col-sm-4">
|
||||||
<!--<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />-->
|
<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />
|
||||||
<!--</div>-->
|
</div>
|
||||||
<!--<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>-->
|
<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored after authenticating users." class="fa fa-info-circle"></span>
|
||||||
<!--</div>-->
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<label class="col-sm-2 control-label" for="storedTokensReadable">Stored Tokens Readable</label>
|
||||||
|
<div class="col-sm-4">
|
||||||
|
<input ng-model="identityProvider.addReadTokenRoleOnCreate" id="storedTokensReadable" onoffswitch />
|
||||||
|
</div>
|
||||||
|
<span tooltip-placement="right" tooltip="Enable/disable new users can read any stored tokens. This assigns the broker.READ_TOKEN role." class="fa fa-info-circle"></span>
|
||||||
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label class="col-sm-2 control-label" for="updateProfileFirstLogin">Update Profile on First Login</label>
|
<label class="col-sm-2 control-label" for="updateProfileFirstLogin">Update Profile on First Login</label>
|
||||||
<div class="col-sm-4">
|
<div class="col-sm-4">
|
||||||
|
|
|
||||||
|
|
@ -45,13 +45,20 @@
|
||||||
</div>
|
</div>
|
||||||
<span tooltip-placement="right" tooltip="The scopes to be sent when asking for authorization. See documentation for possible values, separator and default value'." class="fa fa-info-circle"></span>
|
<span tooltip-placement="right" tooltip="The scopes to be sent when asking for authorization. See documentation for possible values, separator and default value'." class="fa fa-info-circle"></span>
|
||||||
</div>
|
</div>
|
||||||
<!--<div class="form-group">-->
|
<div class="form-group">
|
||||||
<!--<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>-->
|
<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>
|
||||||
<!--<div class="col-sm-4">-->
|
<div class="col-sm-4">
|
||||||
<!--<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />-->
|
<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />
|
||||||
<!--</div>-->
|
</div>
|
||||||
<!--<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>-->
|
<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored after authenticating users." class="fa fa-info-circle"></span>
|
||||||
<!--</div>-->
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<label class="col-sm-2 control-label" for="storedTokensReadable">Stored Tokens Readable</label>
|
||||||
|
<div class="col-sm-4">
|
||||||
|
<input ng-model="identityProvider.addReadTokenRoleOnCreate" id="storedTokensReadable" onoffswitch />
|
||||||
|
</div>
|
||||||
|
<span tooltip-placement="right" tooltip="Enable/disable new users can read any stored tokens. This assigns the broker.READ_TOKEN role." class="fa fa-info-circle"></span>
|
||||||
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label class="col-sm-2 control-label" for="enabled">Enabled</label>
|
<label class="col-sm-2 control-label" for="enabled">Enabled</label>
|
||||||
<div class="col-sm-4">
|
<div class="col-sm-4">
|
||||||
|
|
|
||||||
|
|
@ -1,43 +0,0 @@
|
||||||
/*
|
|
||||||
* JBoss, Home of Professional Open Source
|
|
||||||
*
|
|
||||||
* Copyright 2013 Red Hat, Inc. and/or its affiliates.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.keycloak.models;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @author pedroigor
|
|
||||||
*/
|
|
||||||
public class ClientIdentityProviderMappingModel {
|
|
||||||
|
|
||||||
private String identityProvider;
|
|
||||||
private boolean retrieveToken;
|
|
||||||
|
|
||||||
public String getIdentityProvider() {
|
|
||||||
return this.identityProvider;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setIdentityProvider(String identityProviderModel) {
|
|
||||||
this.identityProvider = identityProviderModel;
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean isRetrieveToken() {
|
|
||||||
return this.retrieveToken;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setRetrieveToken(boolean retrieveToken) {
|
|
||||||
this.retrieveToken = retrieveToken;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
@ -47,6 +47,7 @@ public class IdentityProviderModel {
|
||||||
|
|
||||||
private boolean storeToken;
|
private boolean storeToken;
|
||||||
|
|
||||||
|
protected boolean addReadTokenRoleOnCreate;
|
||||||
/**
|
/**
|
||||||
* Specifies if particular provider should be used by default for authentication even before displaying login screen
|
* Specifies if particular provider should be used by default for authentication even before displaying login screen
|
||||||
*/
|
*/
|
||||||
|
|
@ -70,6 +71,7 @@ public class IdentityProviderModel {
|
||||||
this.updateProfileFirstLogin = model.isUpdateProfileFirstLogin();
|
this.updateProfileFirstLogin = model.isUpdateProfileFirstLogin();
|
||||||
this.storeToken = model.isStoreToken();
|
this.storeToken = model.isStoreToken();
|
||||||
this.authenticateByDefault = model.isAuthenticateByDefault();
|
this.authenticateByDefault = model.isAuthenticateByDefault();
|
||||||
|
this.addReadTokenRoleOnCreate = model.addReadTokenRoleOnCreate;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getInternalId() {
|
public String getInternalId() {
|
||||||
|
|
@ -135,4 +137,12 @@ public class IdentityProviderModel {
|
||||||
public void setConfig(Map<String, String> config) {
|
public void setConfig(Map<String, String> config) {
|
||||||
this.config = config;
|
this.config = config;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean isAddReadTokenRoleOnCreate() {
|
||||||
|
return addReadTokenRoleOnCreate;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setAddReadTokenRoleOnCreate(boolean addReadTokenRoleOnCreate) {
|
||||||
|
this.addReadTokenRoleOnCreate = addReadTokenRoleOnCreate;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -32,6 +32,7 @@ public class IdentityProviderEntity {
|
||||||
private boolean enabled;
|
private boolean enabled;
|
||||||
private boolean updateProfileFirstLogin;
|
private boolean updateProfileFirstLogin;
|
||||||
private boolean storeToken;
|
private boolean storeToken;
|
||||||
|
protected boolean addReadTokenRoleOnCreate;
|
||||||
private boolean authenticateByDefault;
|
private boolean authenticateByDefault;
|
||||||
|
|
||||||
private Map<String, String> config = new HashMap<String, String>();
|
private Map<String, String> config = new HashMap<String, String>();
|
||||||
|
|
@ -107,4 +108,12 @@ public class IdentityProviderEntity {
|
||||||
public void setConfig(Map<String, String> config) {
|
public void setConfig(Map<String, String> config) {
|
||||||
this.config = config;
|
this.config = config;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean isAddReadTokenRoleOnCreate() {
|
||||||
|
return addReadTokenRoleOnCreate;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setAddReadTokenRoleOnCreate(boolean addReadTokenRoleOnCreate) {
|
||||||
|
this.addReadTokenRoleOnCreate = addReadTokenRoleOnCreate;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -293,6 +293,7 @@ public class ModelToRepresentation {
|
||||||
providerRep.setUpdateProfileFirstLogin(identityProviderModel.isUpdateProfileFirstLogin());
|
providerRep.setUpdateProfileFirstLogin(identityProviderModel.isUpdateProfileFirstLogin());
|
||||||
providerRep.setAuthenticateByDefault(identityProviderModel.isAuthenticateByDefault());
|
providerRep.setAuthenticateByDefault(identityProviderModel.isAuthenticateByDefault());
|
||||||
providerRep.setConfig(identityProviderModel.getConfig());
|
providerRep.setConfig(identityProviderModel.getConfig());
|
||||||
|
providerRep.setAddReadTokenRoleOnCreate(identityProviderModel.isAddReadTokenRoleOnCreate());
|
||||||
|
|
||||||
return providerRep;
|
return providerRep;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -885,6 +885,7 @@ public class RepresentationToModel {
|
||||||
identityProviderModel.setUpdateProfileFirstLogin(representation.isUpdateProfileFirstLogin());
|
identityProviderModel.setUpdateProfileFirstLogin(representation.isUpdateProfileFirstLogin());
|
||||||
identityProviderModel.setAuthenticateByDefault(representation.isAuthenticateByDefault());
|
identityProviderModel.setAuthenticateByDefault(representation.isAuthenticateByDefault());
|
||||||
identityProviderModel.setStoreToken(representation.isStoreToken());
|
identityProviderModel.setStoreToken(representation.isStoreToken());
|
||||||
|
identityProviderModel.setAddReadTokenRoleOnCreate(representation.isAddReadTokenRoleOnCreate());
|
||||||
identityProviderModel.setConfig(representation.getConfig());
|
identityProviderModel.setConfig(representation.getConfig());
|
||||||
|
|
||||||
return identityProviderModel;
|
return identityProviderModel;
|
||||||
|
|
|
||||||
|
|
@ -1093,6 +1093,7 @@ public class RealmAdapter implements RealmModel {
|
||||||
identityProviderModel.setUpdateProfileFirstLogin(entity.isUpdateProfileFirstLogin());
|
identityProviderModel.setUpdateProfileFirstLogin(entity.isUpdateProfileFirstLogin());
|
||||||
identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault());
|
identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault());
|
||||||
identityProviderModel.setStoreToken(entity.isStoreToken());
|
identityProviderModel.setStoreToken(entity.isStoreToken());
|
||||||
|
identityProviderModel.setAddReadTokenRoleOnCreate(entity.isAddReadTokenRoleOnCreate());
|
||||||
|
|
||||||
identityProviders.add(identityProviderModel);
|
identityProviders.add(identityProviderModel);
|
||||||
}
|
}
|
||||||
|
|
@ -1120,6 +1121,7 @@ public class RealmAdapter implements RealmModel {
|
||||||
entity.setProviderId(identityProvider.getProviderId());
|
entity.setProviderId(identityProvider.getProviderId());
|
||||||
entity.setEnabled(identityProvider.isEnabled());
|
entity.setEnabled(identityProvider.isEnabled());
|
||||||
entity.setStoreToken(identityProvider.isStoreToken());
|
entity.setStoreToken(identityProvider.isStoreToken());
|
||||||
|
entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate());
|
||||||
entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
|
entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
|
||||||
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
|
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
|
||||||
entity.setConfig(identityProvider.getConfig());
|
entity.setConfig(identityProvider.getConfig());
|
||||||
|
|
@ -1148,6 +1150,7 @@ public class RealmAdapter implements RealmModel {
|
||||||
entity.setEnabled(identityProvider.isEnabled());
|
entity.setEnabled(identityProvider.isEnabled());
|
||||||
entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
|
entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
|
||||||
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
|
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
|
||||||
|
entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate());
|
||||||
entity.setStoreToken(identityProvider.isStoreToken());
|
entity.setStoreToken(identityProvider.isStoreToken());
|
||||||
entity.setConfig(identityProvider.getConfig());
|
entity.setConfig(identityProvider.getConfig());
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -47,6 +47,9 @@ public class IdentityProviderEntity {
|
||||||
@Column(name="STORE_TOKEN")
|
@Column(name="STORE_TOKEN")
|
||||||
private boolean storeToken;
|
private boolean storeToken;
|
||||||
|
|
||||||
|
@Column(name="ADD_TOKEN_ROLE")
|
||||||
|
protected boolean addReadTokenRoleOnCreate;
|
||||||
|
|
||||||
@Column(name="AUTHENTICATE_BY_DEFAULT")
|
@Column(name="AUTHENTICATE_BY_DEFAULT")
|
||||||
private boolean authenticateByDefault;
|
private boolean authenticateByDefault;
|
||||||
|
|
||||||
|
|
@ -128,5 +131,11 @@ public class IdentityProviderEntity {
|
||||||
this.config = config;
|
this.config = config;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean isAddReadTokenRoleOnCreate() {
|
||||||
|
return addReadTokenRoleOnCreate;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setAddReadTokenRoleOnCreate(boolean addReadTokenRoleOnCreate) {
|
||||||
|
this.addReadTokenRoleOnCreate = addReadTokenRoleOnCreate;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -763,6 +763,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
||||||
identityProviderModel.setUpdateProfileFirstLogin(entity.isUpdateProfileFirstLogin());
|
identityProviderModel.setUpdateProfileFirstLogin(entity.isUpdateProfileFirstLogin());
|
||||||
identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault());
|
identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault());
|
||||||
identityProviderModel.setStoreToken(entity.isStoreToken());
|
identityProviderModel.setStoreToken(entity.isStoreToken());
|
||||||
|
identityProviderModel.setAddReadTokenRoleOnCreate(entity.isAddReadTokenRoleOnCreate());
|
||||||
|
|
||||||
identityProviders.add(identityProviderModel);
|
identityProviders.add(identityProviderModel);
|
||||||
}
|
}
|
||||||
|
|
@ -790,6 +791,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
||||||
entity.setProviderId(identityProvider.getProviderId());
|
entity.setProviderId(identityProvider.getProviderId());
|
||||||
entity.setEnabled(identityProvider.isEnabled());
|
entity.setEnabled(identityProvider.isEnabled());
|
||||||
entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
|
entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
|
||||||
|
entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate());
|
||||||
entity.setStoreToken(identityProvider.isStoreToken());
|
entity.setStoreToken(identityProvider.isStoreToken());
|
||||||
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
|
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
|
||||||
entity.setConfig(identityProvider.getConfig());
|
entity.setConfig(identityProvider.getConfig());
|
||||||
|
|
@ -818,6 +820,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
||||||
entity.setEnabled(identityProvider.isEnabled());
|
entity.setEnabled(identityProvider.isEnabled());
|
||||||
entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
|
entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
|
||||||
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
|
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
|
||||||
|
entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate());
|
||||||
entity.setStoreToken(identityProvider.isStoreToken());
|
entity.setStoreToken(identityProvider.isStoreToken());
|
||||||
entity.setConfig(identityProvider.getConfig());
|
entity.setConfig(identityProvider.getConfig());
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -534,7 +534,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
|
||||||
federatedUser.setLastName(updatedIdentity.getLastName());
|
federatedUser.setLastName(updatedIdentity.getLastName());
|
||||||
|
|
||||||
|
|
||||||
if (updatedIdentity.getIdpConfig().isStoreToken()) {
|
if (updatedIdentity.getIdpConfig().isAddReadTokenRoleOnCreate()) {
|
||||||
RoleModel readTokenRole = realmModel.getClientByClientId(Constants.BROKER_SERVICE_CLIENT_ID).getRole(READ_TOKEN_ROLE);
|
RoleModel readTokenRole = realmModel.getClientByClientId(Constants.BROKER_SERVICE_CLIENT_ID).getRole(READ_TOKEN_ROLE);
|
||||||
federatedUser.grantRole(readTokenRole);
|
federatedUser.grantRole(readTokenRole);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,6 @@ import org.keycloak.broker.provider.IdentityProvider;
|
||||||
import org.keycloak.broker.provider.IdentityProviderFactory;
|
import org.keycloak.broker.provider.IdentityProviderFactory;
|
||||||
import org.keycloak.broker.provider.IdentityProviderMapper;
|
import org.keycloak.broker.provider.IdentityProviderMapper;
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.ClientIdentityProviderMappingModel;
|
|
||||||
import org.keycloak.models.FederatedIdentityModel;
|
import org.keycloak.models.FederatedIdentityModel;
|
||||||
import org.keycloak.models.IdentityProviderMapperModel;
|
import org.keycloak.models.IdentityProviderMapperModel;
|
||||||
import org.keycloak.models.IdentityProviderModel;
|
import org.keycloak.models.IdentityProviderModel;
|
||||||
|
|
|
||||||
|
|
@ -157,7 +157,7 @@ public class AccountTest {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
//@Test
|
@Test
|
||||||
public void ideTesting() throws Exception {
|
public void ideTesting() throws Exception {
|
||||||
Thread.sleep(100000000);
|
Thread.sleep(100000000);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,6 @@ import org.junit.ClassRule;
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.OAuth2Constants;
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.models.ClientIdentityProviderMappingModel;
|
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.Constants;
|
import org.keycloak.models.Constants;
|
||||||
import org.keycloak.models.FederatedIdentityModel;
|
import org.keycloak.models.FederatedIdentityModel;
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,6 @@ import org.keycloak.broker.saml.SAMLIdentityProvider;
|
||||||
import org.keycloak.broker.saml.SAMLIdentityProviderConfig;
|
import org.keycloak.broker.saml.SAMLIdentityProviderConfig;
|
||||||
import org.keycloak.broker.saml.SAMLIdentityProviderFactory;
|
import org.keycloak.broker.saml.SAMLIdentityProviderFactory;
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.ClientIdentityProviderMappingModel;
|
|
||||||
import org.keycloak.models.IdentityProviderModel;
|
import org.keycloak.models.IdentityProviderModel;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
|
|
|
||||||
|
|
@ -109,7 +109,8 @@
|
||||||
"alias" : "kc-saml-signed-idp",
|
"alias" : "kc-saml-signed-idp",
|
||||||
"providerId" : "saml",
|
"providerId" : "saml",
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"updateProfileFirstLogin" : "true",
|
"updateProfileFirstLogin" : true,
|
||||||
|
"addReadTokenRoleOnCreate": true,
|
||||||
"config": {
|
"config": {
|
||||||
"singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-signed-idp/protocol/saml",
|
"singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-signed-idp/protocol/saml",
|
||||||
"singleLogoutServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-signed-idp/protocol/saml",
|
"singleLogoutServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-signed-idp/protocol/saml",
|
||||||
|
|
@ -126,7 +127,8 @@
|
||||||
"alias" : "kc-saml-idp-basic",
|
"alias" : "kc-saml-idp-basic",
|
||||||
"providerId" : "saml",
|
"providerId" : "saml",
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"updateProfileFirstLogin" : "true",
|
"updateProfileFirstLogin" : true,
|
||||||
|
"addReadTokenRoleOnCreate": true,
|
||||||
"config": {
|
"config": {
|
||||||
"singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-idp-basic/protocol/saml",
|
"singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-idp-basic/protocol/saml",
|
||||||
"singleLogoutServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-idp-basic/protocol/saml",
|
"singleLogoutServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-idp-basic/protocol/saml",
|
||||||
|
|
@ -157,7 +159,8 @@
|
||||||
"providerId" : "keycloak-oidc",
|
"providerId" : "keycloak-oidc",
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"updateProfileFirstLogin" : "false",
|
"updateProfileFirstLogin" : "false",
|
||||||
"storeToken" : "true",
|
"storeToken" : true,
|
||||||
|
"addReadTokenRoleOnCreate": true,
|
||||||
"config": {
|
"config": {
|
||||||
"clientId": "broker-app",
|
"clientId": "broker-app",
|
||||||
"clientSecret": "secret",
|
"clientSecret": "secret",
|
||||||
|
|
@ -268,13 +271,7 @@
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"/test-app/*"
|
"/test-app/*"
|
||||||
],
|
],
|
||||||
"webOrigins": [],
|
"webOrigins": []
|
||||||
"identityProviders": [
|
|
||||||
{
|
|
||||||
"id": "kc-oidc-idp",
|
|
||||||
"retrieveToken": false
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"oauthClients" : [
|
"oauthClients" : [
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue