libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

broker token role

Browse source
This commit is contained in:
Bill Burke 2015-04-23 15:26:07 -04:00
parent dae219d32e
commit d49e0eda9e
21 changed files with 101 additions and 131 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.2.0.RC1.xml
View file

@ -78,6 +78,11 @@
<constraints nullable="false"/>
</column>
</addColumn>
<addColumn tableName="IDENTITY_PROVIDER">
<column name="ADD_TOKEN_ROLE" type="BOOLEAN" defaultValueBoolean="true">
<constraints nullable="false"/>
</column>
</addColumn>
<update tableName="CLIENT">
<column name="CONSENT_REQUIRED" valueBoolean="true"/>
<where>DTYPE = 'OAuthClientEntity'</where>

43
core/src/main/java/org/keycloak/representations/idm/ClientIdentityProviderMappingRepresentation.java
View file

@ -1,43 +0,0 @@
/*
* JBoss, Home of Professional Open Source
*
* Copyright 2013 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.representations.idm;
/**
* @author pedroigor
*/
public class ClientIdentityProviderMappingRepresentation {
protected String id;
protected boolean retrieveToken;
public String getId() {
return this.id;
}
public void setId(String identityProviderId) {
this.id = identityProviderId;
}
public boolean isRetrieveToken() {
return this.retrieveToken;
}
public void setRetrieveToken(boolean retrieveToken) {
this.retrieveToken = retrieveToken;
}
}

9
core/src/main/java/org/keycloak/representations/idm/ClientRepresentation.java
View file

@ -29,7 +29,6 @@ public class ClientRepresentation {
protected Boolean fullScopeAllowed;
protected Integer nodeReRegistrationTimeout;
protected Map<String, Integer> registeredNodes;
protected List<ClientIdentityProviderMappingRepresentation> identityProviders;
protected List<ProtocolMapperRepresentation> protocolMappers;
public String getId() {
@ -200,14 +199,6 @@ public class ClientRepresentation {
this.frontchannelLogout = frontchannelLogout;
}
public List<ClientIdentityProviderMappingRepresentation> getIdentityProviders() {
return this.identityProviders;
}
public void setIdentityProviders(List<ClientIdentityProviderMappingRepresentation> identityProviders) {
this.identityProviders = identityProviders;
}
public List<ProtocolMapperRepresentation> getProtocolMappers() {
return protocolMappers;
}

9
core/src/main/java/org/keycloak/representations/idm/IdentityProviderRepresentation.java
View file

@ -31,6 +31,7 @@ public class IdentityProviderRepresentation {
protected boolean enabled = true;
protected boolean updateProfileFirstLogin = true;
protected boolean storeToken;
protected boolean addReadTokenRoleOnCreate;
protected boolean authenticateByDefault;
protected Map<String, String> config = new HashMap<String, String>();
@ -97,4 +98,12 @@ public class IdentityProviderRepresentation {
public void setStoreToken(boolean storeToken) {
this.storeToken = storeToken;
}
public boolean isAddReadTokenRoleOnCreate() {
return addReadTokenRoleOnCreate;
}
public void setAddReadTokenRoleOnCreate(boolean addReadTokenRoleOnCreate) {
this.addReadTokenRoleOnCreate = addReadTokenRoleOnCreate;
}
}

21
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html
View file

@ -41,13 +41,20 @@
</div>
<span tooltip-placement="right" tooltip="Indicates if this provider should be tried by default for authentication even before displaying login screen" class="fa fa-info-circle"></span>
</div>
<!--<div class="form-group">-->
<!--<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>-->
<!--<div class="col-sm-4">-->
<!--<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />-->
<!--</div>-->
<!--<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>-->
<!--</div>-->
<div class="form-group">
<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>
<div class="col-sm-4">
<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored after authenticating users." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="storedTokensReadable">Stored Tokens Readable</label>
<div class="col-sm-4">
<input ng-model="identityProvider.addReadTokenRoleOnCreate" id="storedTokensReadable" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="Enable/disable new users can read any stored tokens. This assigns the broker.READ_TOKEN role." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="updateProfileFirstLogin">Update Profile on First Login</label>
<div class="col-sm-4">

21
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html
View file

@ -41,13 +41,20 @@
</div>
<span tooltip-placement="right" tooltip="Indicates if this provider should be tried by default for authentication even before displaying login screen" class="fa fa-info-circle"></span>
</div>
<!--<div class="form-group">-->
<!--<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>-->
<!--<div class="col-sm-4">-->
<!--<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />-->
<!--</div>-->
<!--<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>-->
<!--</div>-->
<div class="form-group">
<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>
<div class="col-sm-4">
<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored after authenticating users." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="storedTokensReadable">Stored Tokens Readable</label>
<div class="col-sm-4">
<input ng-model="identityProvider.addReadTokenRoleOnCreate" id="storedTokensReadable" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="Enable/disable new users can read any stored tokens. This assigns the broker.READ_TOKEN role." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="updateProfileFirstLogin">Update Profile on First Login</label>
<div class="col-sm-4">

21
forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-social.html
View file

@ -45,13 +45,20 @@
</div>
<span tooltip-placement="right" tooltip="The scopes to be sent when asking for authorization. See documentation for possible values, separator and default value'." class="fa fa-info-circle"></span>
</div>
<!--<div class="form-group">-->
<!--<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>-->
<!--<div class="col-sm-4">-->
<!--<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />-->
<!--</div>-->
<!--<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored when authenticating users." class="fa fa-info-circle"></span>-->
<!--</div>-->
<div class="form-group">
<label class="col-sm-2 control-label" for="enabled">Store Tokens</label>
<div class="col-sm-4">
<input ng-model="identityProvider.storeToken" id="storeToken" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="Enable/disable if tokens must be stored after authenticating users." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="storedTokensReadable">Stored Tokens Readable</label>
<div class="col-sm-4">
<input ng-model="identityProvider.addReadTokenRoleOnCreate" id="storedTokensReadable" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="Enable/disable new users can read any stored tokens. This assigns the broker.READ_TOKEN role." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="enabled">Enabled</label>
<div class="col-sm-4">

43
model/api/src/main/java/org/keycloak/models/ClientIdentityProviderMappingModel.java
View file

@ -1,43 +0,0 @@
/*
* JBoss, Home of Professional Open Source
*
* Copyright 2013 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.models;
/**
* @author pedroigor
*/
public class ClientIdentityProviderMappingModel {
private String identityProvider;
private boolean retrieveToken;
public String getIdentityProvider() {
return this.identityProvider;
}
public void setIdentityProvider(String identityProviderModel) {
this.identityProvider = identityProviderModel;
}
public boolean isRetrieveToken() {
return this.retrieveToken;
}
public void setRetrieveToken(boolean retrieveToken) {
this.retrieveToken = retrieveToken;
}
}

10
model/api/src/main/java/org/keycloak/models/IdentityProviderModel.java
View file

@ -47,6 +47,7 @@ public class IdentityProviderModel {
private boolean storeToken;
protected boolean addReadTokenRoleOnCreate;
/**
* Specifies if particular provider should be used by default for authentication even before displaying login screen
*/
@ -70,6 +71,7 @@ public class IdentityProviderModel {
this.updateProfileFirstLogin = model.isUpdateProfileFirstLogin();
this.storeToken = model.isStoreToken();
this.authenticateByDefault = model.isAuthenticateByDefault();
this.addReadTokenRoleOnCreate = model.addReadTokenRoleOnCreate;
}
public String getInternalId() {
@ -135,4 +137,12 @@ public class IdentityProviderModel {
public void setConfig(Map<String, String> config) {
this.config = config;
}
public boolean isAddReadTokenRoleOnCreate() {
return addReadTokenRoleOnCreate;
}
public void setAddReadTokenRoleOnCreate(boolean addReadTokenRoleOnCreate) {
this.addReadTokenRoleOnCreate = addReadTokenRoleOnCreate;
}
}

9
model/api/src/main/java/org/keycloak/models/entities/IdentityProviderEntity.java
View file

@ -32,6 +32,7 @@ public class IdentityProviderEntity {
private boolean enabled;
private boolean updateProfileFirstLogin;
private boolean storeToken;
protected boolean addReadTokenRoleOnCreate;
private boolean authenticateByDefault;
private Map<String, String> config = new HashMap<String, String>();
@ -107,4 +108,12 @@ public class IdentityProviderEntity {
public void setConfig(Map<String, String> config) {
this.config = config;
}
public boolean isAddReadTokenRoleOnCreate() {
return addReadTokenRoleOnCreate;
}
public void setAddReadTokenRoleOnCreate(boolean addReadTokenRoleOnCreate) {
this.addReadTokenRoleOnCreate = addReadTokenRoleOnCreate;
}
}

1
model/api/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java
View file

@ -293,6 +293,7 @@ public class ModelToRepresentation {
providerRep.setUpdateProfileFirstLogin(identityProviderModel.isUpdateProfileFirstLogin());
providerRep.setAuthenticateByDefault(identityProviderModel.isAuthenticateByDefault());
providerRep.setConfig(identityProviderModel.getConfig());
providerRep.setAddReadTokenRoleOnCreate(identityProviderModel.isAddReadTokenRoleOnCreate());
return providerRep;
}

1
model/api/src/main/java/org/keycloak/models/utils/RepresentationToModel.java
View file

@ -885,6 +885,7 @@ public class RepresentationToModel {
identityProviderModel.setUpdateProfileFirstLogin(representation.isUpdateProfileFirstLogin());
identityProviderModel.setAuthenticateByDefault(representation.isAuthenticateByDefault());
identityProviderModel.setStoreToken(representation.isStoreToken());
identityProviderModel.setAddReadTokenRoleOnCreate(representation.isAddReadTokenRoleOnCreate());
identityProviderModel.setConfig(representation.getConfig());
return identityProviderModel;

3
model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java
View file

@ -1093,6 +1093,7 @@ public class RealmAdapter implements RealmModel {
identityProviderModel.setUpdateProfileFirstLogin(entity.isUpdateProfileFirstLogin());
identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault());
identityProviderModel.setStoreToken(entity.isStoreToken());
identityProviderModel.setAddReadTokenRoleOnCreate(entity.isAddReadTokenRoleOnCreate());
identityProviders.add(identityProviderModel);
}
@ -1120,6 +1121,7 @@ public class RealmAdapter implements RealmModel {
entity.setProviderId(identityProvider.getProviderId());
entity.setEnabled(identityProvider.isEnabled());
entity.setStoreToken(identityProvider.isStoreToken());
entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate());
entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
entity.setConfig(identityProvider.getConfig());
@ -1148,6 +1150,7 @@ public class RealmAdapter implements RealmModel {
entity.setEnabled(identityProvider.isEnabled());
entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate());
entity.setStoreToken(identityProvider.isStoreToken());
entity.setConfig(identityProvider.getConfig());
}

11
model/jpa/src/main/java/org/keycloak/models/jpa/entities/IdentityProviderEntity.java
View file

@ -47,6 +47,9 @@ public class IdentityProviderEntity {
@Column(name="STORE_TOKEN")
private boolean storeToken;
@Column(name="ADD_TOKEN_ROLE")
protected boolean addReadTokenRoleOnCreate;
@Column(name="AUTHENTICATE_BY_DEFAULT")
private boolean authenticateByDefault;
@ -128,5 +131,11 @@ public class IdentityProviderEntity {
this.config = config;
}
public boolean isAddReadTokenRoleOnCreate() {
return addReadTokenRoleOnCreate;
}
public void setAddReadTokenRoleOnCreate(boolean addReadTokenRoleOnCreate) {
this.addReadTokenRoleOnCreate = addReadTokenRoleOnCreate;
}
}

3
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java
View file

@ -763,6 +763,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
identityProviderModel.setUpdateProfileFirstLogin(entity.isUpdateProfileFirstLogin());
identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault());
identityProviderModel.setStoreToken(entity.isStoreToken());
identityProviderModel.setAddReadTokenRoleOnCreate(entity.isAddReadTokenRoleOnCreate());
identityProviders.add(identityProviderModel);
}
@ -790,6 +791,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
entity.setProviderId(identityProvider.getProviderId());
entity.setEnabled(identityProvider.isEnabled());
entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate());
entity.setStoreToken(identityProvider.isStoreToken());
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
entity.setConfig(identityProvider.getConfig());
@ -818,6 +820,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
entity.setEnabled(identityProvider.isEnabled());
entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate());
entity.setStoreToken(identityProvider.isStoreToken());
entity.setConfig(identityProvider.getConfig());
}

2
services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
View file

@ -534,7 +534,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal
federatedUser.setLastName(updatedIdentity.getLastName());
if (updatedIdentity.getIdpConfig().isStoreToken()) {
if (updatedIdentity.getIdpConfig().isAddReadTokenRoleOnCreate()) {
RoleModel readTokenRole = realmModel.getClientByClientId(Constants.BROKER_SERVICE_CLIENT_ID).getRole(READ_TOKEN_ROLE);
federatedUser.grantRole(readTokenRole);
}

1
services/src/main/java/org/keycloak/services/resources/admin/IdentityProviderResource.java
View file

@ -7,7 +7,6 @@ import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.broker.provider.IdentityProviderFactory;
import org.keycloak.broker.provider.IdentityProviderMapper;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientIdentityProviderMappingModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.IdentityProviderMapperModel;
import org.keycloak.models.IdentityProviderModel;

2
testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java
View file

@ -157,7 +157,7 @@ public class AccountTest {
});
}
//@Test
@Test
public void ideTesting() throws Exception {
Thread.sleep(100000000);
}

1
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
View file

@ -30,7 +30,6 @@ import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.models.ClientIdentityProviderMappingModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.FederatedIdentityModel;

1
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java
View file

@ -31,7 +31,6 @@ import org.keycloak.broker.saml.SAMLIdentityProvider;
import org.keycloak.broker.saml.SAMLIdentityProviderConfig;
import org.keycloak.broker.saml.SAMLIdentityProviderFactory;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientIdentityProviderMappingModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.RealmRepresentation;

17
testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json
View file

@ -109,7 +109,8 @@
"alias" : "kc-saml-signed-idp",
"providerId" : "saml",
"enabled": true,
"updateProfileFirstLogin" : "true",
"updateProfileFirstLogin" : true,
"addReadTokenRoleOnCreate": true,
"config": {
"singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-signed-idp/protocol/saml",
"singleLogoutServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-signed-idp/protocol/saml",
@ -126,7 +127,8 @@
"alias" : "kc-saml-idp-basic",
"providerId" : "saml",
"enabled": true,
"updateProfileFirstLogin" : "true",
"updateProfileFirstLogin" : true,
"addReadTokenRoleOnCreate": true,
"config": {
"singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-idp-basic/protocol/saml",
"singleLogoutServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-idp-basic/protocol/saml",
@ -157,7 +159,8 @@
"providerId" : "keycloak-oidc",
"enabled": true,
"updateProfileFirstLogin" : "false",
"storeToken" : "true",
"storeToken" : true,
"addReadTokenRoleOnCreate": true,
"config": {
"clientId": "broker-app",
"clientSecret": "secret",
@ -268,13 +271,7 @@
"redirectUris": [
"/test-app/*"
],
"webOrigins": [],
"identityProviders": [
{
"id": "kc-oidc-idp",
"retrieveToken": false
}
]
"webOrigins": []
}
],
"oauthClients" : [