Merge pull request #938 from pedroigor/KEYCLOAK-883
[KEYCLOAK-883] - Initial tests for SAML brokering.
This commit is contained in:
commit
f013796324
21 changed files with 573 additions and 213 deletions
|
@ -199,7 +199,7 @@ public class SAMLIdentityProvider extends AbstractIdentityProvider<SAMLIdentityP
|
||||||
|
|
||||||
private void validateSignature(SAML2Request saml2Request) throws ProcessingException {
|
private void validateSignature(SAML2Request saml2Request) throws ProcessingException {
|
||||||
if (getConfig().isValidateSignature()) {
|
if (getConfig().isValidateSignature()) {
|
||||||
X509Certificate certificate = XMLSignatureUtil.getX509CertificateFromKeyInfoString(getConfig().getSigningPublicKey().replaceAll("\\s", ""));
|
X509Certificate certificate = XMLSignatureUtil.getX509CertificateFromKeyInfoString(getConfig().getSigningCertificate().replaceAll("\\s", ""));
|
||||||
SAMLDocumentHolder samlDocumentHolder = saml2Request.getSamlDocumentHolder();
|
SAMLDocumentHolder samlDocumentHolder = saml2Request.getSamlDocumentHolder();
|
||||||
Document samlDocument = samlDocumentHolder.getSamlDocument();
|
Document samlDocument = samlDocumentHolder.getSamlDocument();
|
||||||
|
|
||||||
|
|
|
@ -55,20 +55,20 @@ public class SAMLIdentityProviderConfig extends IdentityProviderModel {
|
||||||
getConfig().put("forceAuthn", String.valueOf(forceAuthn));
|
getConfig().put("forceAuthn", String.valueOf(forceAuthn));
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getSigningPublicKey() {
|
public String getSigningCertificate() {
|
||||||
return getConfig().get("signingPublicKey");
|
return getConfig().get("signingCertificate");
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setSigningPublicKey(String signingPublicKey) {
|
public void setSigningCertificate(String signingCertificate) {
|
||||||
getConfig().put("signingPublicKey", signingPublicKey);
|
getConfig().put("signingCertificate", signingCertificate);
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getNameIDPolicyFormat() {
|
public String getNameIDPolicyFormat() {
|
||||||
return getConfig().get("nameIDPolicyFormat");
|
return getConfig().get("nameIDPolicyFormat");
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setNameIDPolicyFormat(String signingPublicKey) {
|
public void setNameIDPolicyFormat(String nameIDPolicyFormat) {
|
||||||
getConfig().put("nameIDPolicyFormat", signingPublicKey);
|
getConfig().put("nameIDPolicyFormat", nameIDPolicyFormat);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isWantAuthnRequestsSigned() {
|
public boolean isWantAuthnRequestsSigned() {
|
||||||
|
|
|
@ -83,7 +83,7 @@ public class SAMLIdentityProviderFactory extends AbstractIdentityProviderFactory
|
||||||
samlIdentityProviderConfig.setPostBindingResponse(true);
|
samlIdentityProviderConfig.setPostBindingResponse(true);
|
||||||
|
|
||||||
List<KeyDescriptorType> keyDescriptor = idpDescriptor.getKeyDescriptor();
|
List<KeyDescriptorType> keyDescriptor = idpDescriptor.getKeyDescriptor();
|
||||||
String defaultPublicKey = null;
|
String defaultCertificate = null;
|
||||||
|
|
||||||
if (keyDescriptor != null) {
|
if (keyDescriptor != null) {
|
||||||
for (KeyDescriptorType keyDescriptorType : keyDescriptor) {
|
for (KeyDescriptorType keyDescriptorType : keyDescriptor) {
|
||||||
|
@ -91,22 +91,22 @@ public class SAMLIdentityProviderFactory extends AbstractIdentityProviderFactory
|
||||||
Element x509KeyInfo = DocumentUtil.getChildElement(keyInfo, new QName("dsig", "X509Certificate"));
|
Element x509KeyInfo = DocumentUtil.getChildElement(keyInfo, new QName("dsig", "X509Certificate"));
|
||||||
|
|
||||||
if (KeyTypes.SIGNING.equals(keyDescriptorType.getUse())) {
|
if (KeyTypes.SIGNING.equals(keyDescriptorType.getUse())) {
|
||||||
samlIdentityProviderConfig.setSigningPublicKey(x509KeyInfo.getTextContent());
|
samlIdentityProviderConfig.setSigningCertificate(x509KeyInfo.getTextContent());
|
||||||
} else if (KeyTypes.ENCRYPTION.equals(keyDescriptorType.getUse())) {
|
} else if (KeyTypes.ENCRYPTION.equals(keyDescriptorType.getUse())) {
|
||||||
samlIdentityProviderConfig.setEncryptionPublicKey(x509KeyInfo.getTextContent());
|
samlIdentityProviderConfig.setEncryptionPublicKey(x509KeyInfo.getTextContent());
|
||||||
} else if (keyDescriptorType.getUse() == null) {
|
} else if (keyDescriptorType.getUse() == null) {
|
||||||
defaultPublicKey = x509KeyInfo.getTextContent();
|
defaultCertificate = x509KeyInfo.getTextContent();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (defaultPublicKey != null) {
|
if (defaultCertificate != null) {
|
||||||
if (samlIdentityProviderConfig.getSigningPublicKey() == null) {
|
if (samlIdentityProviderConfig.getSigningCertificate() == null) {
|
||||||
samlIdentityProviderConfig.setSigningPublicKey(defaultPublicKey);
|
samlIdentityProviderConfig.setSigningCertificate(defaultCertificate);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (samlIdentityProviderConfig.getEncryptionPublicKey() == null) {
|
if (samlIdentityProviderConfig.getEncryptionPublicKey() == null) {
|
||||||
samlIdentityProviderConfig.setEncryptionPublicKey(defaultPublicKey);
|
samlIdentityProviderConfig.setEncryptionPublicKey(defaultCertificate);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -52,11 +52,11 @@
|
||||||
<span tooltip-placement="right" tooltip="Specifies the URI reference corresponding to a name identifier format. Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent." class="fa fa-info-circle"></span>
|
<span tooltip-placement="right" tooltip="Specifies the URI reference corresponding to a name identifier format. Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent." class="fa fa-info-circle"></span>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group clearfix" data-ng-show="!importFile">
|
<div class="form-group clearfix" data-ng-show="!importFile">
|
||||||
<label class="col-sm-2 control-label" for="signingPublicKey">Signing Public Key</label>
|
<label class="col-sm-2 control-label" for="signingCertificate">Validating X509 Certificate</label>
|
||||||
<div class="col-sm-4">
|
<div class="col-sm-4">
|
||||||
<textarea class="form-control" id="signingPublicKey" ng-model="identityProvider.config.signingPublicKey"/>
|
<textarea class="form-control" id="signingCertificate" ng-model="identityProvider.config.signingCertificate"/>
|
||||||
</div>
|
</div>
|
||||||
<span tooltip-placement="right" tooltip="The public key that must be used to check for signatures." class="fa fa-info-circle"></span>
|
<span tooltip-placement="right" tooltip="The certificate in PEM format that must be used to check for signatures." class="fa fa-info-circle"></span>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group" data-ng-show="!importFile">
|
<div class="form-group" data-ng-show="!importFile">
|
||||||
<label class="col-sm-2 control-label" for="wantAuthnRequestsSigned">Want AuthnRequests Signed</label>
|
<label class="col-sm-2 control-label" for="wantAuthnRequestsSigned">Want AuthnRequests Signed</label>
|
||||||
|
|
|
@ -124,7 +124,12 @@ public class CachedRealm {
|
||||||
|
|
||||||
requiredCredentials = model.getRequiredCredentials();
|
requiredCredentials = model.getRequiredCredentials();
|
||||||
userFederationProviders = model.getUserFederationProviders();
|
userFederationProviders = model.getUserFederationProviders();
|
||||||
identityProviders = model.getIdentityProviders();
|
|
||||||
|
this.identityProviders = new ArrayList<IdentityProviderModel>();
|
||||||
|
|
||||||
|
for (IdentityProviderModel identityProviderModel : model.getIdentityProviders()) {
|
||||||
|
this.identityProviders.add(new IdentityProviderModel(identityProviderModel));
|
||||||
|
}
|
||||||
|
|
||||||
smtpConfig.putAll(model.getSmtpConfig());
|
smtpConfig.putAll(model.getSmtpConfig());
|
||||||
browserSecurityHeaders.putAll(model.getBrowserSecurityHeaders());
|
browserSecurityHeaders.putAll(model.getBrowserSecurityHeaders());
|
||||||
|
|
|
@ -72,7 +72,7 @@ public class Urls {
|
||||||
UriBuilder uriBuilder = UriBuilder.fromUri(baseURI)
|
UriBuilder uriBuilder = UriBuilder.fromUri(baseURI)
|
||||||
.path(AuthenticationBrokerResource.class)
|
.path(AuthenticationBrokerResource.class)
|
||||||
.path(AuthenticationBrokerResource.class, "performLogin")
|
.path(AuthenticationBrokerResource.class, "performLogin")
|
||||||
.replaceQueryParam("provider_id", identityProvider.getProviderId());
|
.replaceQueryParam("provider_id", identityProvider.getId());
|
||||||
|
|
||||||
if (accessCode != null) {
|
if (accessCode != null) {
|
||||||
uriBuilder.replaceQueryParam(OAuth2Constants.CODE, accessCode);
|
uriBuilder.replaceQueryParam(OAuth2Constants.CODE, accessCode);
|
||||||
|
|
|
@ -0,0 +1,137 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source
|
||||||
|
*
|
||||||
|
* Copyright 2013 Red Hat, Inc. and/or its affiliates.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.keycloak.testsuite.broker;
|
||||||
|
|
||||||
|
import org.codehaus.jackson.map.ObjectMapper;
|
||||||
|
import org.junit.ClassRule;
|
||||||
|
import org.junit.Rule;
|
||||||
|
import org.keycloak.models.KeycloakSession;
|
||||||
|
import org.keycloak.models.RealmModel;
|
||||||
|
import org.keycloak.models.UserModel;
|
||||||
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
import org.keycloak.testsuite.broker.util.UserSessionStatusServlet;
|
||||||
|
import org.keycloak.testsuite.broker.util.UserSessionStatusServlet.UserSessionStatus;
|
||||||
|
import org.keycloak.testsuite.pages.LoginPage;
|
||||||
|
import org.keycloak.testsuite.pages.LoginUpdateProfilePage;
|
||||||
|
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
||||||
|
import org.keycloak.testsuite.rule.WebResource;
|
||||||
|
import org.keycloak.testsuite.rule.WebRule;
|
||||||
|
import org.openqa.selenium.WebDriver;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.net.URL;
|
||||||
|
|
||||||
|
import static org.junit.Assert.assertEquals;
|
||||||
|
import static org.junit.Assert.assertNotNull;
|
||||||
|
import static org.junit.Assert.assertTrue;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author pedroigor
|
||||||
|
*/
|
||||||
|
public abstract class AbstractIdentityProviderTest {
|
||||||
|
|
||||||
|
@ClassRule
|
||||||
|
public static AbstractKeycloakRule brokerServerRule = new AbstractKeycloakRule() {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
||||||
|
server.importRealm(getClass().getResourceAsStream("/broker-test/test-realm-with-broker.json"));
|
||||||
|
URL url = getClass().getResource("/broker-test/test-app-keycloak.json");
|
||||||
|
deployApplication("test-app", "/test-app", UserSessionStatusServlet.class, url.getPath(), "manager");
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
@Rule
|
||||||
|
public WebRule webRule = new WebRule(this);
|
||||||
|
|
||||||
|
@WebResource
|
||||||
|
private WebDriver driver;
|
||||||
|
|
||||||
|
@WebResource
|
||||||
|
private LoginPage loginPage;
|
||||||
|
|
||||||
|
@WebResource
|
||||||
|
private LoginUpdateProfilePage updateProfilePage;
|
||||||
|
|
||||||
|
protected void assertSuccessfulAuthentication(String providerId) {
|
||||||
|
this.driver.navigate().to("http://localhost:8081/test-app/");
|
||||||
|
|
||||||
|
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
|
||||||
|
|
||||||
|
// choose the identity provider
|
||||||
|
this.loginPage.clickSocial(providerId);
|
||||||
|
|
||||||
|
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml"));
|
||||||
|
|
||||||
|
// log in to identity provider
|
||||||
|
this.loginPage.login("saml.user", "password");
|
||||||
|
|
||||||
|
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/broker/realm-with-broker/" + providerId));
|
||||||
|
|
||||||
|
// update profile
|
||||||
|
this.updateProfilePage.assertCurrent();
|
||||||
|
|
||||||
|
String userEmail = "new@email.com";
|
||||||
|
String userFirstName = "New first";
|
||||||
|
String userLastName = "New last";
|
||||||
|
|
||||||
|
this.updateProfilePage.update(userFirstName, userLastName, userEmail);
|
||||||
|
|
||||||
|
// authenticated and redirected to app
|
||||||
|
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app/"));
|
||||||
|
|
||||||
|
KeycloakSession samlServerSession = brokerServerRule.startSession();
|
||||||
|
RealmModel brokerRealm = samlServerSession.realms().getRealm("realm-with-broker");
|
||||||
|
|
||||||
|
UserModel federatedUser = samlServerSession.users().getUserByEmail(userEmail, brokerRealm);
|
||||||
|
|
||||||
|
// user created
|
||||||
|
assertNotNull(federatedUser);
|
||||||
|
assertEquals(userFirstName, federatedUser.getFirstName());
|
||||||
|
assertEquals(userLastName, federatedUser.getLastName());
|
||||||
|
|
||||||
|
driver.navigate().to("http://localhost:8081/test-app/logout");
|
||||||
|
driver.navigate().to("http://localhost:8081/test-app/");
|
||||||
|
|
||||||
|
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
|
||||||
|
|
||||||
|
// choose the identity provider
|
||||||
|
this.loginPage.clickSocial(providerId);
|
||||||
|
|
||||||
|
// already authenticated in saml idp and redirected to app
|
||||||
|
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app/"));
|
||||||
|
}
|
||||||
|
|
||||||
|
private UserSessionStatus retrieveSessionStatus() {
|
||||||
|
UserSessionStatus sessionStatus = null;
|
||||||
|
|
||||||
|
try {
|
||||||
|
ObjectMapper objectMapper = new ObjectMapper();
|
||||||
|
String pageSource = this.driver.getPageSource();
|
||||||
|
|
||||||
|
sessionStatus = objectMapper.readValue(pageSource.getBytes(), UserSessionStatus.class);
|
||||||
|
|
||||||
|
assertNotNull(retrieveSessionStatus());
|
||||||
|
} catch (IOException e) {
|
||||||
|
throw new RuntimeException("Could not retrieve session status.", e);
|
||||||
|
}
|
||||||
|
|
||||||
|
return sessionStatus;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -24,7 +24,7 @@ import org.keycloak.models.IdentityProviderModel;
|
||||||
import org.keycloak.social.SocialIdentityProvider;
|
import org.keycloak.social.SocialIdentityProvider;
|
||||||
import org.keycloak.social.SocialIdentityProviderFactory;
|
import org.keycloak.social.SocialIdentityProviderFactory;
|
||||||
import org.keycloak.testsuite.broker.provider.CustomIdentityProvider;
|
import org.keycloak.testsuite.broker.provider.CustomIdentityProvider;
|
||||||
import org.keycloak.testsuite.broker.social.CustomSocialProvider;
|
import org.keycloak.testsuite.broker.provider.social.CustomSocialProvider;
|
||||||
|
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
|
|
|
@ -144,7 +144,11 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
|
||||||
String providerId = identityProvider.getProviderId();
|
String providerId = identityProvider.getProviderId();
|
||||||
|
|
||||||
if (SAMLIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
|
if (SAMLIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
|
||||||
|
if (identityProvider.getId().equals("saml-signed-idp")) {
|
||||||
assertSamlIdentityProviderConfig(identityProvider);
|
assertSamlIdentityProviderConfig(identityProvider);
|
||||||
|
} else {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
} else if (GoogleIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
|
} else if (GoogleIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
|
||||||
assertGoogleIdentityProviderConfig(identityProvider);
|
assertGoogleIdentityProviderConfig(identityProvider);
|
||||||
} else if (OIDCIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
|
} else if (OIDCIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
|
||||||
|
@ -184,14 +188,14 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
|
||||||
SAMLIdentityProvider samlIdentityProvider = new SAMLIdentityProviderFactory().create(identityProvider);
|
SAMLIdentityProvider samlIdentityProvider = new SAMLIdentityProviderFactory().create(identityProvider);
|
||||||
SAMLIdentityProviderConfig config = samlIdentityProvider.getConfig();
|
SAMLIdentityProviderConfig config = samlIdentityProvider.getConfig();
|
||||||
|
|
||||||
assertEquals("saml-idp", config.getId());
|
assertEquals("saml-signed-idp", config.getId());
|
||||||
assertEquals(SAMLIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
|
assertEquals(SAMLIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
|
||||||
assertEquals("SAML IdP", config.getName());
|
assertEquals("SAML Signed IdP", config.getName());
|
||||||
assertEquals(true, config.isEnabled());
|
assertEquals(true, config.isEnabled());
|
||||||
assertEquals(true, config.isUpdateProfileFirstLogin());
|
assertEquals(true, config.isUpdateProfileFirstLogin());
|
||||||
assertEquals("http://localhost:8080/idp/", config.getSingleSignOnServiceUrl());
|
assertEquals("http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml", config.getSingleSignOnServiceUrl());
|
||||||
assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", config.getNameIDPolicyFormat());
|
assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", config.getNameIDPolicyFormat());
|
||||||
assertEquals("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", config.getSigningPublicKey());
|
assertEquals("MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin", config.getSigningCertificate());
|
||||||
assertEquals(true, config.isWantAuthnRequestsSigned());
|
assertEquals(true, config.isWantAuthnRequestsSigned());
|
||||||
assertEquals(true, config.isForceAuthn());
|
assertEquals(true, config.isForceAuthn());
|
||||||
assertEquals(true, config.isPostBindingAuthnRequest());
|
assertEquals(true, config.isPostBindingAuthnRequest());
|
||||||
|
@ -258,10 +262,10 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
|
||||||
}
|
}
|
||||||
|
|
||||||
private RealmModel installTestRealm() throws IOException {
|
private RealmModel installTestRealm() throws IOException {
|
||||||
RealmRepresentation realmRepresentation = loadJson("model/test-realm-with-identity-provider.json");
|
RealmRepresentation realmRepresentation = loadJson("broker-test/test-realm-with-broker.json");
|
||||||
|
|
||||||
assertNotNull(realmRepresentation);
|
assertNotNull(realmRepresentation);
|
||||||
assertEquals("test-realm-with-identity-provider", realmRepresentation.getRealm());
|
assertEquals("realm-with-broker", realmRepresentation.getRealm());
|
||||||
|
|
||||||
RealmModel realmModel = this.realmManager.importRealm(realmRepresentation);
|
RealmModel realmModel = this.realmManager.importRealm(realmRepresentation);
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,34 @@
|
||||||
|
package org.keycloak.testsuite.broker;
|
||||||
|
|
||||||
|
import org.junit.ClassRule;
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.keycloak.models.KeycloakSession;
|
||||||
|
import org.keycloak.models.RealmModel;
|
||||||
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
||||||
|
import org.keycloak.testutils.KeycloakServer;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author pedroigor
|
||||||
|
*/
|
||||||
|
public class SAMLKeyCloakServerBrokerBasicTest extends AbstractIdentityProviderTest {
|
||||||
|
|
||||||
|
@ClassRule
|
||||||
|
public static AbstractKeycloakRule samlServerRule = new AbstractKeycloakRule() {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void configureServer(KeycloakServer server) {
|
||||||
|
server.getConfig().setPort(8082);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
||||||
|
server.importRealm(getClass().getResourceAsStream("/broker-test/test-broker-realm-with-saml.json"));
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testSuccessfulAuthentication() {
|
||||||
|
assertSuccessfulAuthentication("saml-idp-basic");
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,34 @@
|
||||||
|
package org.keycloak.testsuite.broker;
|
||||||
|
|
||||||
|
import org.junit.ClassRule;
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.keycloak.models.KeycloakSession;
|
||||||
|
import org.keycloak.models.RealmModel;
|
||||||
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
|
||||||
|
import org.keycloak.testutils.KeycloakServer;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author pedroigor
|
||||||
|
*/
|
||||||
|
public class SAMLKeyCloakServerBrokerWithSignatureTest extends AbstractIdentityProviderTest {
|
||||||
|
|
||||||
|
@ClassRule
|
||||||
|
public static AbstractKeycloakRule samlServerRule = new AbstractKeycloakRule() {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void configureServer(KeycloakServer server) {
|
||||||
|
server.getConfig().setPort(8082);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
|
||||||
|
server.importRealm(getClass().getResourceAsStream("/broker-test/test-broker-realm-with-saml-with-signature.json"));
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testSuccessfulAuthentication() {
|
||||||
|
assertSuccessfulAuthentication("saml-signed-idp");
|
||||||
|
}
|
||||||
|
}
|
|
@ -15,7 +15,7 @@
|
||||||
* See the License for the specific language governing permissions and
|
* See the License for the specific language governing permissions and
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
package org.keycloak.testsuite.broker.social;
|
package org.keycloak.testsuite.broker.provider.social;
|
||||||
|
|
||||||
import org.keycloak.broker.provider.AbstractIdentityProvider;
|
import org.keycloak.broker.provider.AbstractIdentityProvider;
|
||||||
import org.keycloak.broker.provider.AuthenticationRequest;
|
import org.keycloak.broker.provider.AuthenticationRequest;
|
|
@ -15,7 +15,7 @@
|
||||||
* See the License for the specific language governing permissions and
|
* See the License for the specific language governing permissions and
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
package org.keycloak.testsuite.broker.social;
|
package org.keycloak.testsuite.broker.provider.social;
|
||||||
|
|
||||||
import org.keycloak.broker.provider.AbstractIdentityProviderFactory;
|
import org.keycloak.broker.provider.AbstractIdentityProviderFactory;
|
||||||
import org.keycloak.models.IdentityProviderModel;
|
import org.keycloak.models.IdentityProviderModel;
|
|
@ -0,0 +1,80 @@
|
||||||
|
/*
|
||||||
|
* JBoss, Home of Professional Open Source
|
||||||
|
*
|
||||||
|
* Copyright 2013 Red Hat, Inc. and/or its affiliates.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.keycloak.testsuite.broker.util;
|
||||||
|
|
||||||
|
import org.codehaus.jackson.JsonNode;
|
||||||
|
import org.codehaus.jackson.map.ObjectMapper;
|
||||||
|
import org.keycloak.KeycloakSecurityContext;
|
||||||
|
import org.keycloak.representations.IDToken;
|
||||||
|
|
||||||
|
import javax.servlet.ServletException;
|
||||||
|
import javax.servlet.http.HttpServlet;
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.PrintWriter;
|
||||||
|
import java.io.Serializable;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author pedroigor
|
||||||
|
*/
|
||||||
|
public class UserSessionStatusServlet extends HttpServlet {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
|
||||||
|
if (req.getRequestURI().toString().endsWith("logout")) {
|
||||||
|
resp.setStatus(200);
|
||||||
|
req.logout();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
writeSessionStatus(req, resp);
|
||||||
|
}
|
||||||
|
|
||||||
|
private void writeSessionStatus(HttpServletRequest req, HttpServletResponse resp) throws IOException {
|
||||||
|
KeycloakSecurityContext context = (KeycloakSecurityContext)req.getAttribute(KeycloakSecurityContext.class.getName());
|
||||||
|
IDToken idToken = context.getIdToken();
|
||||||
|
JsonNode jsonNode = new ObjectMapper().valueToTree(new UserSessionStatus(idToken));
|
||||||
|
PrintWriter writer = resp.getWriter();
|
||||||
|
|
||||||
|
writer.println(jsonNode.toString());
|
||||||
|
|
||||||
|
writer.flush();
|
||||||
|
}
|
||||||
|
|
||||||
|
public static class UserSessionStatus implements Serializable {
|
||||||
|
|
||||||
|
private IDToken idToken;
|
||||||
|
|
||||||
|
public UserSessionStatus() {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
public UserSessionStatus(IDToken idToken) {
|
||||||
|
this.idToken = idToken;
|
||||||
|
}
|
||||||
|
|
||||||
|
public IDToken getIdToken() {
|
||||||
|
return this.idToken;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setIdToken(IDToken idToken) {
|
||||||
|
this.idToken = idToken;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -41,6 +41,9 @@ public abstract class AbstractKeycloakRule extends ExternalResource {
|
||||||
|
|
||||||
protected void before() throws Throwable {
|
protected void before() throws Throwable {
|
||||||
server = new KeycloakServer();
|
server = new KeycloakServer();
|
||||||
|
|
||||||
|
configureServer(server);
|
||||||
|
|
||||||
server.start();
|
server.start();
|
||||||
|
|
||||||
removeTestRealms();
|
removeTestRealms();
|
||||||
|
@ -48,6 +51,10 @@ public abstract class AbstractKeycloakRule extends ExternalResource {
|
||||||
setupKeycloak();
|
setupKeycloak();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected void configureServer(KeycloakServer server) {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
public UserRepresentation getUser(String realm, String name) {
|
public UserRepresentation getUser(String realm, String name) {
|
||||||
KeycloakSession session = server.getSessionFactory().create();
|
KeycloakSession session = server.getSessionFactory().create();
|
||||||
session.getTransaction().begin();
|
session.getTransaction().begin();
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
org.keycloak.testsuite.broker.social.CustomSocialProviderFactory
|
org.keycloak.testsuite.broker.provider.social.CustomSocialProviderFactory
|
11
testsuite/integration/src/test/resources/broker-test/test-app-keycloak.json
Executable file
11
testsuite/integration/src/test/resources/broker-test/test-app-keycloak.json
Executable file
|
@ -0,0 +1,11 @@
|
||||||
|
{
|
||||||
|
"realm": "realm-with-broker",
|
||||||
|
"resource": "test-app",
|
||||||
|
"realm-public-key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj8r0029eL0jJKXv6XbNj+QqsZO25HhZ0IjTEtb8mfh0tju/X8c6dXgILh5wU7OF00U+0mSYSE/+rrYKmY5g4oCleTe1+abavATP1tamtXGAUYqdutaXPrVn9yMsCWEPchSPZlEGq5iBJdA+xh9ejUmZJYXmln26HUVWq71/jC9GpjbRmFQ37f0X7WJoGyiqyttfKkKfUeBmRbX/0P0Zm6DVze8HjCDVPBllZE0a3HCgSF0rp0+s1xn7o91qdWKVattAVsGNjjDPz/sgwHOyyhDtSyajwXU+K/QUZ9pV4moGtwC9uIEymTylP7bu7qnxXIhfouEa+fEjAzTs0HJ5JQIDAQAB",
|
||||||
|
"auth-server-url": "http://localhost:8081/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"expose-token": true,
|
||||||
|
"credentials": {
|
||||||
|
"secret": "password"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,46 @@
|
||||||
|
{
|
||||||
|
"id": "realm-with-saml-identity-provider",
|
||||||
|
"realm": "realm-with-saml-identity-provider",
|
||||||
|
"enabled": true,
|
||||||
|
"requiredCredentials": [ "password" ],
|
||||||
|
"defaultRoles": [ "foo", "bar" ],
|
||||||
|
"privateKey": "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCCPyvTTb14vSMkpe/pds2P5Cqxk7bkeFnQiNMS1vyZ+HS2O79fxzp1eAguHnBTs4XTRT7SZJhIT/6utgqZjmDigKV5N7X5ptq8BM/W1qa1cYBRip261pc+tWf3IywJYQ9yFI9mUQarmIEl0D7GH16NSZklheaWfbodRVarvX+ML0amNtGYVDft/RftYmgbKKrK218qQp9R4GZFtf/Q/RmboNXN7weMINU8GWVkTRrccKBIXSunT6zXGfuj3Wp1YpVq20BWwY2OMM/P+yDAc7LKEO1LJqPBdT4r9BRn2lXiaga3AL24gTKZPKU/tu7uqfFciF+i4Rr58SMDNOzQcnklAgMBAAECggEAc0eibJYEO5d8QXW1kPgcHV2gBChv2mxDYnWYDLbIQSdNdfYP/qABt/MTmm5KkWr16fcCEYoD1w0mqFBrtVn1msSusUmEAYGTXJMNumOmjjX1kzaTQMmqeFBrwqwYz/xehWR5P+A7fSmwNV3KEeW19GvN5w5K96w0TLAQdFV3TQVPSytusDunwuR1yltMe1voaEDZ9z0Pi08YiEk2f6xhj5CMkoiw3mNImzfruphHullxU4FD05fH6tDeJ381527ILpAzDsgYZh4aFLKjUHem96bX4EL7FIzBJ6okgN78AZnUC/EaVfgFTw0qfhoWvZV4ruVXXiMhCg4CMMRDq/k9iQKBgQDBNWsJMT84OnnWmQoJmZogkFV+tsGrSK6Re+aJxLWpishh7dwAnT2OcagZvVdUb0FwNWu1D0B9/SKDDMRnnHBhOGDpH57m/eQdRU0oX1BD27xvffk0lLcfD4BTxnR5e9jss8K4twc9jf0P1rxC/loGJ2NtCH0BrPHgz54Ea+96ewKBgQCsk3JDaaPnFwzVYm2BXlhxOxLPsF4wvD2rIRAswZV4C5xebjand8nwiMmVpNd0PRLkEnkI+waURGv2EY/P3JsssoiY8Xqe8f/1G+SQKre7lbqOas8rFoALepC0BYDiZDFy0Z9ZnRAFzRI5sgIt7jpoMRD4xDNlmiV8X+yBxc3Y3wKBgQChDQsU1YUyNKQ8+sLAL9anEEkD4Ald4q8JPHN2IY+gLLxNzT0XEfsu0pTiJ8805axxgUYv3e/PVYNAJBNPnrqaf6lgiegl+jr9Hzhqz9CTUAYqFaL2boSakoxQyNtsLI0s+cb1vDN/3uy0GDZDzcty18BsMagqDmRtFgNNAj/UIwKBgQCahbeFBv0cOPZjxisY8Bou4N8aGehsqNBq/0LVYExuXa8YmoTTdJ3bgw9Er4G/ccQNdUDsuqAMeCtW/CiRzQ0ge4d1sprB4Rv3I4+HSsiS7SFKzfZLtWzXWlpg5qCdlWr1TR7qhYjIOPO9t1beO3YOvwhcRoliyyAPenBxTmTfbwKBgDtm2WJ5VlQgNpIdOs1CCiqd0DFmWOmvBPspPC1kySiy+Ndr9jNohRZkR7pEjgqA5E8rdzc88LirUN7bY5HFHRWN9KXrs5/o3O1K3GFCp64N6nvnPEYZ2zSJalcMC2fjSsJg26z8Dg1H+gfTIDUMoGiEAAnJXuqk+WayPU+fZMLn",
|
||||||
|
"publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj8r0029eL0jJKXv6XbNj+QqsZO25HhZ0IjTEtb8mfh0tju/X8c6dXgILh5wU7OF00U+0mSYSE/+rrYKmY5g4oCleTe1+abavATP1tamtXGAUYqdutaXPrVn9yMsCWEPchSPZlEGq5iBJdA+xh9ejUmZJYXmln26HUVWq71/jC9GpjbRmFQ37f0X7WJoGyiqyttfKkKfUeBmRbX/0P0Zm6DVze8HjCDVPBllZE0a3HCgSF0rp0+s1xn7o91qdWKVattAVsGNjjDPz/sgwHOyyhDtSyajwXU+K/QUZ9pV4moGtwC9uIEymTylP7bu7qnxXIhfouEa+fEjAzTs0HJ5JQIDAQAB",
|
||||||
|
"applications": [
|
||||||
|
{
|
||||||
|
"name": "http://localhost:8081/auth/",
|
||||||
|
"enabled": true,
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8081/auth/broker/realm-with-broker/saml-signed-idp"
|
||||||
|
],
|
||||||
|
"attributes": {
|
||||||
|
"saml.assertion.signature": "true",
|
||||||
|
"saml.server.signature": "true",
|
||||||
|
"saml.signature.algorithm": "RSA_SHA256",
|
||||||
|
"saml.client.signature": "true",
|
||||||
|
"saml.authnstatement": "true",
|
||||||
|
"saml.signing.private.key": "MIICWwIBAAKBgQDVG8a7xGN6ZIkDbeecySygcDfsypjUMNPE4QJjis8B316CvsZQ0hcTTLUyiRpHlHZys2k3xEhHBHymFC1AONcvzZzpb40tAhLHO1qtAnut00khjAdjR3muLVdGkM/zMC7G5s9iIwBVhwOQhy+VsGnCH91EzkjZ4SVEr55KJoyQJQIDAQABAoGADaTtoG/+foOZUiLjRWKL/OmyavK9vjgyFtThNkZY4qHOh0h3og0RdSbgIxAsIpEa1FUwU2W5yvI6mNeJ3ibFgCgcxqPk6GkAC7DWfQfdQ8cS+dCuaFTs8ObIQEvU50YzeNPiiFxRA+MnauCUXaKm/PnDfjd4tPgru7XZvlGh0wECQQDsBbN2cKkBKpr/b5oJiBcBaSZtWiMNuYBDn9x8uORj+Gy/49BUIMHF2EWyxOWz6ocP5YiynNRkPe21Zus7PEr1AkEA5yWQOkxUTIg43s4pxNSeHtL+Ebqcg54lY2xOQK0yufxUVZI8ODctAKmVBMiCKpU3mZQquOaQicuGtocpgxlScQI/YM31zZ5nsxLGf/5GL6KhzPJT0IYn2nk7IoFu7bjn9BjwgcPurpLA52TNMYWQsTqAKwT6DEhG1NaRqNWNpb4VAkBehObAYBwMm5udyHIeEc+CzUalm0iLLa0eRdiN7AUVNpCJ2V2Uo0NcxPux1AgeP5xXydXafDXYkwhINWcNO9qRAkEA58ckAC5loUGwU5dLaugsGH/a2Q8Ac8bmPglwfCstYDpl8Gp/eimb1eKyvDEELOhyImAv4/uZV9wN85V0xZXWsw==",
|
||||||
|
"saml.signing.certificate": "MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"users": [
|
||||||
|
{
|
||||||
|
"username" : "saml.user",
|
||||||
|
"enabled": true,
|
||||||
|
"credentials" : [
|
||||||
|
{ "type" : "password",
|
||||||
|
"value" : "password" }
|
||||||
|
],
|
||||||
|
"realmRoles": ["manager"]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"roles" : {
|
||||||
|
"realm" : [
|
||||||
|
{
|
||||||
|
"name": "manager",
|
||||||
|
"description": "Have Manager privileges"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
{
|
||||||
|
"id": "realm-with-saml-identity-provider",
|
||||||
|
"realm": "realm-with-saml-identity-provider",
|
||||||
|
"enabled": true,
|
||||||
|
"requiredCredentials": [ "password" ],
|
||||||
|
"defaultRoles": [ "foo", "bar" ],
|
||||||
|
"privateKey": "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCCPyvTTb14vSMkpe/pds2P5Cqxk7bkeFnQiNMS1vyZ+HS2O79fxzp1eAguHnBTs4XTRT7SZJhIT/6utgqZjmDigKV5N7X5ptq8BM/W1qa1cYBRip261pc+tWf3IywJYQ9yFI9mUQarmIEl0D7GH16NSZklheaWfbodRVarvX+ML0amNtGYVDft/RftYmgbKKrK218qQp9R4GZFtf/Q/RmboNXN7weMINU8GWVkTRrccKBIXSunT6zXGfuj3Wp1YpVq20BWwY2OMM/P+yDAc7LKEO1LJqPBdT4r9BRn2lXiaga3AL24gTKZPKU/tu7uqfFciF+i4Rr58SMDNOzQcnklAgMBAAECggEAc0eibJYEO5d8QXW1kPgcHV2gBChv2mxDYnWYDLbIQSdNdfYP/qABt/MTmm5KkWr16fcCEYoD1w0mqFBrtVn1msSusUmEAYGTXJMNumOmjjX1kzaTQMmqeFBrwqwYz/xehWR5P+A7fSmwNV3KEeW19GvN5w5K96w0TLAQdFV3TQVPSytusDunwuR1yltMe1voaEDZ9z0Pi08YiEk2f6xhj5CMkoiw3mNImzfruphHullxU4FD05fH6tDeJ381527ILpAzDsgYZh4aFLKjUHem96bX4EL7FIzBJ6okgN78AZnUC/EaVfgFTw0qfhoWvZV4ruVXXiMhCg4CMMRDq/k9iQKBgQDBNWsJMT84OnnWmQoJmZogkFV+tsGrSK6Re+aJxLWpishh7dwAnT2OcagZvVdUb0FwNWu1D0B9/SKDDMRnnHBhOGDpH57m/eQdRU0oX1BD27xvffk0lLcfD4BTxnR5e9jss8K4twc9jf0P1rxC/loGJ2NtCH0BrPHgz54Ea+96ewKBgQCsk3JDaaPnFwzVYm2BXlhxOxLPsF4wvD2rIRAswZV4C5xebjand8nwiMmVpNd0PRLkEnkI+waURGv2EY/P3JsssoiY8Xqe8f/1G+SQKre7lbqOas8rFoALepC0BYDiZDFy0Z9ZnRAFzRI5sgIt7jpoMRD4xDNlmiV8X+yBxc3Y3wKBgQChDQsU1YUyNKQ8+sLAL9anEEkD4Ald4q8JPHN2IY+gLLxNzT0XEfsu0pTiJ8805axxgUYv3e/PVYNAJBNPnrqaf6lgiegl+jr9Hzhqz9CTUAYqFaL2boSakoxQyNtsLI0s+cb1vDN/3uy0GDZDzcty18BsMagqDmRtFgNNAj/UIwKBgQCahbeFBv0cOPZjxisY8Bou4N8aGehsqNBq/0LVYExuXa8YmoTTdJ3bgw9Er4G/ccQNdUDsuqAMeCtW/CiRzQ0ge4d1sprB4Rv3I4+HSsiS7SFKzfZLtWzXWlpg5qCdlWr1TR7qhYjIOPO9t1beO3YOvwhcRoliyyAPenBxTmTfbwKBgDtm2WJ5VlQgNpIdOs1CCiqd0DFmWOmvBPspPC1kySiy+Ndr9jNohRZkR7pEjgqA5E8rdzc88LirUN7bY5HFHRWN9KXrs5/o3O1K3GFCp64N6nvnPEYZ2zSJalcMC2fjSsJg26z8Dg1H+gfTIDUMoGiEAAnJXuqk+WayPU+fZMLn",
|
||||||
|
"publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj8r0029eL0jJKXv6XbNj+QqsZO25HhZ0IjTEtb8mfh0tju/X8c6dXgILh5wU7OF00U+0mSYSE/+rrYKmY5g4oCleTe1+abavATP1tamtXGAUYqdutaXPrVn9yMsCWEPchSPZlEGq5iBJdA+xh9ejUmZJYXmln26HUVWq71/jC9GpjbRmFQ37f0X7WJoGyiqyttfKkKfUeBmRbX/0P0Zm6DVze8HjCDVPBllZE0a3HCgSF0rp0+s1xn7o91qdWKVattAVsGNjjDPz/sgwHOyyhDtSyajwXU+K/QUZ9pV4moGtwC9uIEymTylP7bu7qnxXIhfouEa+fEjAzTs0HJ5JQIDAQAB",
|
||||||
|
"applications": [
|
||||||
|
{
|
||||||
|
"name": "http://localhost:8081/auth/",
|
||||||
|
"enabled": true,
|
||||||
|
"redirectUris": [
|
||||||
|
"http://localhost:8081/auth/broker/realm-with-broker/saml-idp-basic"
|
||||||
|
],
|
||||||
|
"attributes": {
|
||||||
|
"saml.authnstatement": "true"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"users": [
|
||||||
|
{
|
||||||
|
"username" : "saml.user",
|
||||||
|
"enabled": true,
|
||||||
|
"credentials" : [
|
||||||
|
{ "type" : "password",
|
||||||
|
"value" : "password" }
|
||||||
|
],
|
||||||
|
"realmRoles": ["manager"]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"roles" : {
|
||||||
|
"realm" : [
|
||||||
|
{
|
||||||
|
"name": "manager",
|
||||||
|
"description": "Have Manager privileges"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
145
testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json
Executable file
145
testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json
Executable file
|
@ -0,0 +1,145 @@
|
||||||
|
{
|
||||||
|
"id": "realm-with-broker",
|
||||||
|
"realm": "realm-with-broker",
|
||||||
|
"enabled": true,
|
||||||
|
"requiredCredentials": [ "password" ],
|
||||||
|
"defaultRoles": [ "manager" ],
|
||||||
|
"privateKey": "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCCPyvTTb14vSMkpe/pds2P5Cqxk7bkeFnQiNMS1vyZ+HS2O79fxzp1eAguHnBTs4XTRT7SZJhIT/6utgqZjmDigKV5N7X5ptq8BM/W1qa1cYBRip261pc+tWf3IywJYQ9yFI9mUQarmIEl0D7GH16NSZklheaWfbodRVarvX+ML0amNtGYVDft/RftYmgbKKrK218qQp9R4GZFtf/Q/RmboNXN7weMINU8GWVkTRrccKBIXSunT6zXGfuj3Wp1YpVq20BWwY2OMM/P+yDAc7LKEO1LJqPBdT4r9BRn2lXiaga3AL24gTKZPKU/tu7uqfFciF+i4Rr58SMDNOzQcnklAgMBAAECggEAc0eibJYEO5d8QXW1kPgcHV2gBChv2mxDYnWYDLbIQSdNdfYP/qABt/MTmm5KkWr16fcCEYoD1w0mqFBrtVn1msSusUmEAYGTXJMNumOmjjX1kzaTQMmqeFBrwqwYz/xehWR5P+A7fSmwNV3KEeW19GvN5w5K96w0TLAQdFV3TQVPSytusDunwuR1yltMe1voaEDZ9z0Pi08YiEk2f6xhj5CMkoiw3mNImzfruphHullxU4FD05fH6tDeJ381527ILpAzDsgYZh4aFLKjUHem96bX4EL7FIzBJ6okgN78AZnUC/EaVfgFTw0qfhoWvZV4ruVXXiMhCg4CMMRDq/k9iQKBgQDBNWsJMT84OnnWmQoJmZogkFV+tsGrSK6Re+aJxLWpishh7dwAnT2OcagZvVdUb0FwNWu1D0B9/SKDDMRnnHBhOGDpH57m/eQdRU0oX1BD27xvffk0lLcfD4BTxnR5e9jss8K4twc9jf0P1rxC/loGJ2NtCH0BrPHgz54Ea+96ewKBgQCsk3JDaaPnFwzVYm2BXlhxOxLPsF4wvD2rIRAswZV4C5xebjand8nwiMmVpNd0PRLkEnkI+waURGv2EY/P3JsssoiY8Xqe8f/1G+SQKre7lbqOas8rFoALepC0BYDiZDFy0Z9ZnRAFzRI5sgIt7jpoMRD4xDNlmiV8X+yBxc3Y3wKBgQChDQsU1YUyNKQ8+sLAL9anEEkD4Ald4q8JPHN2IY+gLLxNzT0XEfsu0pTiJ8805axxgUYv3e/PVYNAJBNPnrqaf6lgiegl+jr9Hzhqz9CTUAYqFaL2boSakoxQyNtsLI0s+cb1vDN/3uy0GDZDzcty18BsMagqDmRtFgNNAj/UIwKBgQCahbeFBv0cOPZjxisY8Bou4N8aGehsqNBq/0LVYExuXa8YmoTTdJ3bgw9Er4G/ccQNdUDsuqAMeCtW/CiRzQ0ge4d1sprB4Rv3I4+HSsiS7SFKzfZLtWzXWlpg5qCdlWr1TR7qhYjIOPO9t1beO3YOvwhcRoliyyAPenBxTmTfbwKBgDtm2WJ5VlQgNpIdOs1CCiqd0DFmWOmvBPspPC1kySiy+Ndr9jNohRZkR7pEjgqA5E8rdzc88LirUN7bY5HFHRWN9KXrs5/o3O1K3GFCp64N6nvnPEYZ2zSJalcMC2fjSsJg26z8Dg1H+gfTIDUMoGiEAAnJXuqk+WayPU+fZMLn",
|
||||||
|
"publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj8r0029eL0jJKXv6XbNj+QqsZO25HhZ0IjTEtb8mfh0tju/X8c6dXgILh5wU7OF00U+0mSYSE/+rrYKmY5g4oCleTe1+abavATP1tamtXGAUYqdutaXPrVn9yMsCWEPchSPZlEGq5iBJdA+xh9ejUmZJYXmln26HUVWq71/jC9GpjbRmFQ37f0X7WJoGyiqyttfKkKfUeBmRbX/0P0Zm6DVze8HjCDVPBllZE0a3HCgSF0rp0+s1xn7o91qdWKVattAVsGNjjDPz/sgwHOyyhDtSyajwXU+K/QUZ9pV4moGtwC9uIEymTylP7bu7qnxXIhfouEa+fEjAzTs0HJ5JQIDAQAB",
|
||||||
|
"identityProviders" : [
|
||||||
|
{
|
||||||
|
"id" : "google",
|
||||||
|
"providerId" : "google",
|
||||||
|
"name" : "Google",
|
||||||
|
"enabled": true,
|
||||||
|
"updateProfileFirstLogin" : "true",
|
||||||
|
"config": {
|
||||||
|
"clientId": "clientId",
|
||||||
|
"clientSecret": "clientSecret"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"id" : "facebook",
|
||||||
|
"providerId" : "facebook",
|
||||||
|
"name" : "Facebook",
|
||||||
|
"enabled": true,
|
||||||
|
"updateProfileFirstLogin" : "true",
|
||||||
|
"config": {
|
||||||
|
"authorizationUrl": "authorizationUrl",
|
||||||
|
"tokenUrl": "tokenUrl",
|
||||||
|
"userInfoUrl": "userInfoUrl",
|
||||||
|
"clientId": "clientId",
|
||||||
|
"clientSecret": "clientSecret"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"id" : "github",
|
||||||
|
"providerId" : "github",
|
||||||
|
"name" : "GitHub",
|
||||||
|
"enabled": true,
|
||||||
|
"updateProfileFirstLogin" : "true",
|
||||||
|
"config": {
|
||||||
|
"authorizationUrl": "authorizationUrl",
|
||||||
|
"tokenUrl": "tokenUrl",
|
||||||
|
"userInfoUrl": "userInfoUrl",
|
||||||
|
"clientId": "clientId",
|
||||||
|
"clientSecret": "clientSecret"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"id" : "twitter",
|
||||||
|
"providerId" : "twitter",
|
||||||
|
"name" : "Twitter",
|
||||||
|
"enabled": true,
|
||||||
|
"updateProfileFirstLogin" : "true",
|
||||||
|
"config": {
|
||||||
|
"authorizationUrl": "authorizationUrl",
|
||||||
|
"tokenUrl": "tokenUrl",
|
||||||
|
"userInfoUrl": "userInfoUrl",
|
||||||
|
"clientId": "clientId",
|
||||||
|
"clientSecret": "clientSecret"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"id" : "saml-signed-idp",
|
||||||
|
"providerId" : "saml",
|
||||||
|
"name" : "SAML Signed IdP",
|
||||||
|
"enabled": true,
|
||||||
|
"updateProfileFirstLogin" : "true",
|
||||||
|
"config": {
|
||||||
|
"singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml",
|
||||||
|
"nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
|
||||||
|
"signingCertificate": "MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin",
|
||||||
|
"wantAuthnRequestsSigned": true,
|
||||||
|
"forceAuthn": true,
|
||||||
|
"validateSignature": true,
|
||||||
|
"postBindingResponse": true,
|
||||||
|
"postBindingAuthnRequest": true
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"id" : "saml-idp-basic",
|
||||||
|
"providerId" : "saml",
|
||||||
|
"name" : "SAML Signed IdP",
|
||||||
|
"enabled": true,
|
||||||
|
"updateProfileFirstLogin" : "true",
|
||||||
|
"config": {
|
||||||
|
"singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml",
|
||||||
|
"nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
|
||||||
|
"forceAuthn": true,
|
||||||
|
"postBindingResponse": true,
|
||||||
|
"postBindingAuthnRequest": true
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"id" : "oidc-idp",
|
||||||
|
"providerId" : "oidc",
|
||||||
|
"name" : "OIDC IdP",
|
||||||
|
"enabled": false,
|
||||||
|
"updateProfileFirstLogin" : "false",
|
||||||
|
"config": {
|
||||||
|
"clientId": "clientId",
|
||||||
|
"clientSecret": "clientSecret",
|
||||||
|
"prompt": "prompt",
|
||||||
|
"authorizationUrl": "authorizationUrl",
|
||||||
|
"tokenUrl": "tokenUrl",
|
||||||
|
"userInfoUrl": "userInfoUrl",
|
||||||
|
"defaultScope": "defaultScope",
|
||||||
|
"issuer": "issuer"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"users": [
|
||||||
|
{
|
||||||
|
"username" : "pedroigor",
|
||||||
|
"enabled": true,
|
||||||
|
"email" : "psilva@redhat.com",
|
||||||
|
"credentials" : [
|
||||||
|
{ "type" : "password",
|
||||||
|
"value" : "password" }
|
||||||
|
],
|
||||||
|
"realmRoles": ["manager"]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"applications": [
|
||||||
|
{
|
||||||
|
"name": "test-app",
|
||||||
|
"enabled": true,
|
||||||
|
"publicClient": true,
|
||||||
|
"adminUrl": "http://localhost:8081/auth",
|
||||||
|
"baseUrl": "http://localhost:8081/auth",
|
||||||
|
"redirectUris": [
|
||||||
|
"/test-app/*"
|
||||||
|
],
|
||||||
|
"webOrigins": []
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"roles" : {
|
||||||
|
"realm" : [
|
||||||
|
{
|
||||||
|
"name": "manager",
|
||||||
|
"description": "Have Manager privileges"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,183 +0,0 @@
|
||||||
{
|
|
||||||
"realm": "test-realm-with-identity-provider",
|
|
||||||
"enabled": true,
|
|
||||||
"requiredCredentials": [ "password" ],
|
|
||||||
"defaultRoles": [ "foo", "bar" ],
|
|
||||||
"identityProviders" : [
|
|
||||||
{
|
|
||||||
"id" : "google",
|
|
||||||
"providerId" : "google",
|
|
||||||
"name" : "Google",
|
|
||||||
"enabled": true,
|
|
||||||
"updateProfileFirstLogin" : "true",
|
|
||||||
"config": {
|
|
||||||
"clientId": "clientId",
|
|
||||||
"clientSecret": "clientSecret"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"id" : "facebook",
|
|
||||||
"providerId" : "facebook",
|
|
||||||
"name" : "Facebook",
|
|
||||||
"enabled": true,
|
|
||||||
"updateProfileFirstLogin" : "true",
|
|
||||||
"config": {
|
|
||||||
"authorizationUrl": "authorizationUrl",
|
|
||||||
"tokenUrl": "tokenUrl",
|
|
||||||
"userInfoUrl": "userInfoUrl",
|
|
||||||
"clientId": "clientId",
|
|
||||||
"clientSecret": "clientSecret"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"id" : "github",
|
|
||||||
"providerId" : "github",
|
|
||||||
"name" : "GitHub",
|
|
||||||
"enabled": true,
|
|
||||||
"updateProfileFirstLogin" : "true",
|
|
||||||
"config": {
|
|
||||||
"authorizationUrl": "authorizationUrl",
|
|
||||||
"tokenUrl": "tokenUrl",
|
|
||||||
"userInfoUrl": "userInfoUrl",
|
|
||||||
"clientId": "clientId",
|
|
||||||
"clientSecret": "clientSecret"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"id" : "twitter",
|
|
||||||
"providerId" : "twitter",
|
|
||||||
"name" : "Twitter",
|
|
||||||
"enabled": true,
|
|
||||||
"updateProfileFirstLogin" : "true",
|
|
||||||
"config": {
|
|
||||||
"authorizationUrl": "authorizationUrl",
|
|
||||||
"tokenUrl": "tokenUrl",
|
|
||||||
"userInfoUrl": "userInfoUrl",
|
|
||||||
"clientId": "clientId",
|
|
||||||
"clientSecret": "clientSecret"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"id" : "saml-idp",
|
|
||||||
"providerId" : "saml",
|
|
||||||
"name" : "SAML IdP",
|
|
||||||
"enabled": true,
|
|
||||||
"updateProfileFirstLogin" : "true",
|
|
||||||
"config": {
|
|
||||||
"singleSignOnServiceUrl": "http://localhost:8080/idp/",
|
|
||||||
"nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
|
|
||||||
"signingPublicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
|
||||||
"wantAuthnRequestsSigned": true,
|
|
||||||
"forceAuthn": true,
|
|
||||||
"validateSignature": true,
|
|
||||||
"postBindingResponse": true,
|
|
||||||
"postBindingAuthnRequest": true
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"id" : "oidc-idp",
|
|
||||||
"providerId" : "oidc",
|
|
||||||
"name" : "OIDC IdP",
|
|
||||||
"enabled": false,
|
|
||||||
"updateProfileFirstLogin" : "false",
|
|
||||||
"config": {
|
|
||||||
"clientId": "clientId",
|
|
||||||
"clientSecret": "clientSecret",
|
|
||||||
"prompt": "prompt",
|
|
||||||
"authorizationUrl": "authorizationUrl",
|
|
||||||
"tokenUrl": "tokenUrl",
|
|
||||||
"userInfoUrl": "userInfoUrl",
|
|
||||||
"defaultScope": "defaultScope",
|
|
||||||
"issuer": "issuer"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"users": [
|
|
||||||
{
|
|
||||||
"username": "federated-user",
|
|
||||||
"enabled": true,
|
|
||||||
"federatedIdentities": [
|
|
||||||
{
|
|
||||||
"identityProvider": "facebook",
|
|
||||||
"userId": "facebook1",
|
|
||||||
"userName": "fbuser1"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"identityProvider": "twitter",
|
|
||||||
"userId": "twitter1",
|
|
||||||
"userName": "twuser1"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"identityProvider": "google",
|
|
||||||
"userId": "google1",
|
|
||||||
"userName": "mySocialUser@gmail.com"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"applications": [
|
|
||||||
{
|
|
||||||
"name": "Application",
|
|
||||||
"enabled": true,
|
|
||||||
"nodeReRegistrationTimeout": 50,
|
|
||||||
"registeredNodes": {
|
|
||||||
"node1": 10,
|
|
||||||
"172.10.15.20": 20
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "OtherApp",
|
|
||||||
"enabled": true
|
|
||||||
}
|
|
||||||
|
|
||||||
],
|
|
||||||
"oauthClients" : [
|
|
||||||
{
|
|
||||||
"name" : "oauthclient",
|
|
||||||
"enabled": true,
|
|
||||||
"secret": "clientpassword"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"roles" : {
|
|
||||||
"realm" : [
|
|
||||||
{
|
|
||||||
"name": "admin"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"application" : {
|
|
||||||
"Application" : [
|
|
||||||
{
|
|
||||||
"name": "app-admin"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "app-user"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"OtherApp" : [
|
|
||||||
{
|
|
||||||
"name": "otherapp-admin"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "otherapp-user"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"scopeMappings": [
|
|
||||||
{
|
|
||||||
"client": "oauthclient",
|
|
||||||
"roles": ["admin"]
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"applicationScopeMappings": {
|
|
||||||
"Application": [
|
|
||||||
{
|
|
||||||
"client": "oauthclient",
|
|
||||||
"roles": ["app-user"]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
Loading…
Reference in a new issue