Merge pull request #938 from pedroigor/KEYCLOAK-883

[KEYCLOAK-883] - Initial tests for SAML brokering.
This commit is contained in:
Pedro Igor 2015-01-29 09:11:39 -02:00
commit f013796324
21 changed files with 573 additions and 213 deletions

View file

@ -199,7 +199,7 @@ public class SAMLIdentityProvider extends AbstractIdentityProvider<SAMLIdentityP
private void validateSignature(SAML2Request saml2Request) throws ProcessingException { private void validateSignature(SAML2Request saml2Request) throws ProcessingException {
if (getConfig().isValidateSignature()) { if (getConfig().isValidateSignature()) {
X509Certificate certificate = XMLSignatureUtil.getX509CertificateFromKeyInfoString(getConfig().getSigningPublicKey().replaceAll("\\s", "")); X509Certificate certificate = XMLSignatureUtil.getX509CertificateFromKeyInfoString(getConfig().getSigningCertificate().replaceAll("\\s", ""));
SAMLDocumentHolder samlDocumentHolder = saml2Request.getSamlDocumentHolder(); SAMLDocumentHolder samlDocumentHolder = saml2Request.getSamlDocumentHolder();
Document samlDocument = samlDocumentHolder.getSamlDocument(); Document samlDocument = samlDocumentHolder.getSamlDocument();

View file

@ -55,20 +55,20 @@ public class SAMLIdentityProviderConfig extends IdentityProviderModel {
getConfig().put("forceAuthn", String.valueOf(forceAuthn)); getConfig().put("forceAuthn", String.valueOf(forceAuthn));
} }
public String getSigningPublicKey() { public String getSigningCertificate() {
return getConfig().get("signingPublicKey"); return getConfig().get("signingCertificate");
} }
public void setSigningPublicKey(String signingPublicKey) { public void setSigningCertificate(String signingCertificate) {
getConfig().put("signingPublicKey", signingPublicKey); getConfig().put("signingCertificate", signingCertificate);
} }
public String getNameIDPolicyFormat() { public String getNameIDPolicyFormat() {
return getConfig().get("nameIDPolicyFormat"); return getConfig().get("nameIDPolicyFormat");
} }
public void setNameIDPolicyFormat(String signingPublicKey) { public void setNameIDPolicyFormat(String nameIDPolicyFormat) {
getConfig().put("nameIDPolicyFormat", signingPublicKey); getConfig().put("nameIDPolicyFormat", nameIDPolicyFormat);
} }
public boolean isWantAuthnRequestsSigned() { public boolean isWantAuthnRequestsSigned() {

View file

@ -83,7 +83,7 @@ public class SAMLIdentityProviderFactory extends AbstractIdentityProviderFactory
samlIdentityProviderConfig.setPostBindingResponse(true); samlIdentityProviderConfig.setPostBindingResponse(true);
List<KeyDescriptorType> keyDescriptor = idpDescriptor.getKeyDescriptor(); List<KeyDescriptorType> keyDescriptor = idpDescriptor.getKeyDescriptor();
String defaultPublicKey = null; String defaultCertificate = null;
if (keyDescriptor != null) { if (keyDescriptor != null) {
for (KeyDescriptorType keyDescriptorType : keyDescriptor) { for (KeyDescriptorType keyDescriptorType : keyDescriptor) {
@ -91,22 +91,22 @@ public class SAMLIdentityProviderFactory extends AbstractIdentityProviderFactory
Element x509KeyInfo = DocumentUtil.getChildElement(keyInfo, new QName("dsig", "X509Certificate")); Element x509KeyInfo = DocumentUtil.getChildElement(keyInfo, new QName("dsig", "X509Certificate"));
if (KeyTypes.SIGNING.equals(keyDescriptorType.getUse())) { if (KeyTypes.SIGNING.equals(keyDescriptorType.getUse())) {
samlIdentityProviderConfig.setSigningPublicKey(x509KeyInfo.getTextContent()); samlIdentityProviderConfig.setSigningCertificate(x509KeyInfo.getTextContent());
} else if (KeyTypes.ENCRYPTION.equals(keyDescriptorType.getUse())) { } else if (KeyTypes.ENCRYPTION.equals(keyDescriptorType.getUse())) {
samlIdentityProviderConfig.setEncryptionPublicKey(x509KeyInfo.getTextContent()); samlIdentityProviderConfig.setEncryptionPublicKey(x509KeyInfo.getTextContent());
} else if (keyDescriptorType.getUse() == null) { } else if (keyDescriptorType.getUse() == null) {
defaultPublicKey = x509KeyInfo.getTextContent(); defaultCertificate = x509KeyInfo.getTextContent();
} }
} }
} }
if (defaultPublicKey != null) { if (defaultCertificate != null) {
if (samlIdentityProviderConfig.getSigningPublicKey() == null) { if (samlIdentityProviderConfig.getSigningCertificate() == null) {
samlIdentityProviderConfig.setSigningPublicKey(defaultPublicKey); samlIdentityProviderConfig.setSigningCertificate(defaultCertificate);
} }
if (samlIdentityProviderConfig.getEncryptionPublicKey() == null) { if (samlIdentityProviderConfig.getEncryptionPublicKey() == null) {
samlIdentityProviderConfig.setEncryptionPublicKey(defaultPublicKey); samlIdentityProviderConfig.setEncryptionPublicKey(defaultCertificate);
} }
} }

View file

@ -52,11 +52,11 @@
<span tooltip-placement="right" tooltip="Specifies the URI reference corresponding to a name identifier format. Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent." class="fa fa-info-circle"></span> <span tooltip-placement="right" tooltip="Specifies the URI reference corresponding to a name identifier format. Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent." class="fa fa-info-circle"></span>
</div> </div>
<div class="form-group clearfix" data-ng-show="!importFile"> <div class="form-group clearfix" data-ng-show="!importFile">
<label class="col-sm-2 control-label" for="signingPublicKey">Signing Public Key</label> <label class="col-sm-2 control-label" for="signingCertificate">Validating X509 Certificate</label>
<div class="col-sm-4"> <div class="col-sm-4">
<textarea class="form-control" id="signingPublicKey" ng-model="identityProvider.config.signingPublicKey"/> <textarea class="form-control" id="signingCertificate" ng-model="identityProvider.config.signingCertificate"/>
</div> </div>
<span tooltip-placement="right" tooltip="The public key that must be used to check for signatures." class="fa fa-info-circle"></span> <span tooltip-placement="right" tooltip="The certificate in PEM format that must be used to check for signatures." class="fa fa-info-circle"></span>
</div> </div>
<div class="form-group" data-ng-show="!importFile"> <div class="form-group" data-ng-show="!importFile">
<label class="col-sm-2 control-label" for="wantAuthnRequestsSigned">Want AuthnRequests Signed</label> <label class="col-sm-2 control-label" for="wantAuthnRequestsSigned">Want AuthnRequests Signed</label>

View file

@ -124,7 +124,12 @@ public class CachedRealm {
requiredCredentials = model.getRequiredCredentials(); requiredCredentials = model.getRequiredCredentials();
userFederationProviders = model.getUserFederationProviders(); userFederationProviders = model.getUserFederationProviders();
identityProviders = model.getIdentityProviders();
this.identityProviders = new ArrayList<IdentityProviderModel>();
for (IdentityProviderModel identityProviderModel : model.getIdentityProviders()) {
this.identityProviders.add(new IdentityProviderModel(identityProviderModel));
}
smtpConfig.putAll(model.getSmtpConfig()); smtpConfig.putAll(model.getSmtpConfig());
browserSecurityHeaders.putAll(model.getBrowserSecurityHeaders()); browserSecurityHeaders.putAll(model.getBrowserSecurityHeaders());

View file

@ -72,7 +72,7 @@ public class Urls {
UriBuilder uriBuilder = UriBuilder.fromUri(baseURI) UriBuilder uriBuilder = UriBuilder.fromUri(baseURI)
.path(AuthenticationBrokerResource.class) .path(AuthenticationBrokerResource.class)
.path(AuthenticationBrokerResource.class, "performLogin") .path(AuthenticationBrokerResource.class, "performLogin")
.replaceQueryParam("provider_id", identityProvider.getProviderId()); .replaceQueryParam("provider_id", identityProvider.getId());
if (accessCode != null) { if (accessCode != null) {
uriBuilder.replaceQueryParam(OAuth2Constants.CODE, accessCode); uriBuilder.replaceQueryParam(OAuth2Constants.CODE, accessCode);

View file

@ -0,0 +1,137 @@
/*
* JBoss, Home of Professional Open Source
*
* Copyright 2013 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.broker;
import org.codehaus.jackson.map.ObjectMapper;
import org.junit.ClassRule;
import org.junit.Rule;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.broker.util.UserSessionStatusServlet;
import org.keycloak.testsuite.broker.util.UserSessionStatusServlet.UserSessionStatus;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginUpdateProfilePage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver;
import java.io.IOException;
import java.net.URL;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
/**
* @author pedroigor
*/
public abstract class AbstractIdentityProviderTest {
@ClassRule
public static AbstractKeycloakRule brokerServerRule = new AbstractKeycloakRule() {
@Override
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
server.importRealm(getClass().getResourceAsStream("/broker-test/test-realm-with-broker.json"));
URL url = getClass().getResource("/broker-test/test-app-keycloak.json");
deployApplication("test-app", "/test-app", UserSessionStatusServlet.class, url.getPath(), "manager");
}
};
@Rule
public WebRule webRule = new WebRule(this);
@WebResource
private WebDriver driver;
@WebResource
private LoginPage loginPage;
@WebResource
private LoginUpdateProfilePage updateProfilePage;
protected void assertSuccessfulAuthentication(String providerId) {
this.driver.navigate().to("http://localhost:8081/test-app/");
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
// choose the identity provider
this.loginPage.clickSocial(providerId);
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml"));
// log in to identity provider
this.loginPage.login("saml.user", "password");
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/broker/realm-with-broker/" + providerId));
// update profile
this.updateProfilePage.assertCurrent();
String userEmail = "new@email.com";
String userFirstName = "New first";
String userLastName = "New last";
this.updateProfilePage.update(userFirstName, userLastName, userEmail);
// authenticated and redirected to app
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app/"));
KeycloakSession samlServerSession = brokerServerRule.startSession();
RealmModel brokerRealm = samlServerSession.realms().getRealm("realm-with-broker");
UserModel federatedUser = samlServerSession.users().getUserByEmail(userEmail, brokerRealm);
// user created
assertNotNull(federatedUser);
assertEquals(userFirstName, federatedUser.getFirstName());
assertEquals(userLastName, federatedUser.getLastName());
driver.navigate().to("http://localhost:8081/test-app/logout");
driver.navigate().to("http://localhost:8081/test-app/");
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
// choose the identity provider
this.loginPage.clickSocial(providerId);
// already authenticated in saml idp and redirected to app
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app/"));
}
private UserSessionStatus retrieveSessionStatus() {
UserSessionStatus sessionStatus = null;
try {
ObjectMapper objectMapper = new ObjectMapper();
String pageSource = this.driver.getPageSource();
sessionStatus = objectMapper.readValue(pageSource.getBytes(), UserSessionStatus.class);
assertNotNull(retrieveSessionStatus());
} catch (IOException e) {
throw new RuntimeException("Could not retrieve session status.", e);
}
return sessionStatus;
}
}

View file

@ -24,7 +24,7 @@ import org.keycloak.models.IdentityProviderModel;
import org.keycloak.social.SocialIdentityProvider; import org.keycloak.social.SocialIdentityProvider;
import org.keycloak.social.SocialIdentityProviderFactory; import org.keycloak.social.SocialIdentityProviderFactory;
import org.keycloak.testsuite.broker.provider.CustomIdentityProvider; import org.keycloak.testsuite.broker.provider.CustomIdentityProvider;
import org.keycloak.testsuite.broker.social.CustomSocialProvider; import org.keycloak.testsuite.broker.provider.social.CustomSocialProvider;
import java.util.Set; import java.util.Set;

View file

@ -144,7 +144,11 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
String providerId = identityProvider.getProviderId(); String providerId = identityProvider.getProviderId();
if (SAMLIdentityProviderFactory.PROVIDER_ID.equals(providerId)) { if (SAMLIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
if (identityProvider.getId().equals("saml-signed-idp")) {
assertSamlIdentityProviderConfig(identityProvider); assertSamlIdentityProviderConfig(identityProvider);
} else {
continue;
}
} else if (GoogleIdentityProviderFactory.PROVIDER_ID.equals(providerId)) { } else if (GoogleIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
assertGoogleIdentityProviderConfig(identityProvider); assertGoogleIdentityProviderConfig(identityProvider);
} else if (OIDCIdentityProviderFactory.PROVIDER_ID.equals(providerId)) { } else if (OIDCIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
@ -184,14 +188,14 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
SAMLIdentityProvider samlIdentityProvider = new SAMLIdentityProviderFactory().create(identityProvider); SAMLIdentityProvider samlIdentityProvider = new SAMLIdentityProviderFactory().create(identityProvider);
SAMLIdentityProviderConfig config = samlIdentityProvider.getConfig(); SAMLIdentityProviderConfig config = samlIdentityProvider.getConfig();
assertEquals("saml-idp", config.getId()); assertEquals("saml-signed-idp", config.getId());
assertEquals(SAMLIdentityProviderFactory.PROVIDER_ID, config.getProviderId()); assertEquals(SAMLIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
assertEquals("SAML IdP", config.getName()); assertEquals("SAML Signed IdP", config.getName());
assertEquals(true, config.isEnabled()); assertEquals(true, config.isEnabled());
assertEquals(true, config.isUpdateProfileFirstLogin()); assertEquals(true, config.isUpdateProfileFirstLogin());
assertEquals("http://localhost:8080/idp/", config.getSingleSignOnServiceUrl()); assertEquals("http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml", config.getSingleSignOnServiceUrl());
assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", config.getNameIDPolicyFormat()); assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", config.getNameIDPolicyFormat());
assertEquals("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", config.getSigningPublicKey()); assertEquals("MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin", config.getSigningCertificate());
assertEquals(true, config.isWantAuthnRequestsSigned()); assertEquals(true, config.isWantAuthnRequestsSigned());
assertEquals(true, config.isForceAuthn()); assertEquals(true, config.isForceAuthn());
assertEquals(true, config.isPostBindingAuthnRequest()); assertEquals(true, config.isPostBindingAuthnRequest());
@ -258,10 +262,10 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
} }
private RealmModel installTestRealm() throws IOException { private RealmModel installTestRealm() throws IOException {
RealmRepresentation realmRepresentation = loadJson("model/test-realm-with-identity-provider.json"); RealmRepresentation realmRepresentation = loadJson("broker-test/test-realm-with-broker.json");
assertNotNull(realmRepresentation); assertNotNull(realmRepresentation);
assertEquals("test-realm-with-identity-provider", realmRepresentation.getRealm()); assertEquals("realm-with-broker", realmRepresentation.getRealm());
RealmModel realmModel = this.realmManager.importRealm(realmRepresentation); RealmModel realmModel = this.realmManager.importRealm(realmRepresentation);

View file

@ -0,0 +1,34 @@
package org.keycloak.testsuite.broker;
import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testutils.KeycloakServer;
/**
* @author pedroigor
*/
public class SAMLKeyCloakServerBrokerBasicTest extends AbstractIdentityProviderTest {
@ClassRule
public static AbstractKeycloakRule samlServerRule = new AbstractKeycloakRule() {
@Override
protected void configureServer(KeycloakServer server) {
server.getConfig().setPort(8082);
}
@Override
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
server.importRealm(getClass().getResourceAsStream("/broker-test/test-broker-realm-with-saml.json"));
}
};
@Test
public void testSuccessfulAuthentication() {
assertSuccessfulAuthentication("saml-idp-basic");
}
}

View file

@ -0,0 +1,34 @@
package org.keycloak.testsuite.broker;
import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testutils.KeycloakServer;
/**
* @author pedroigor
*/
public class SAMLKeyCloakServerBrokerWithSignatureTest extends AbstractIdentityProviderTest {
@ClassRule
public static AbstractKeycloakRule samlServerRule = new AbstractKeycloakRule() {
@Override
protected void configureServer(KeycloakServer server) {
server.getConfig().setPort(8082);
}
@Override
protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
server.importRealm(getClass().getResourceAsStream("/broker-test/test-broker-realm-with-saml-with-signature.json"));
}
};
@Test
public void testSuccessfulAuthentication() {
assertSuccessfulAuthentication("saml-signed-idp");
}
}

View file

@ -15,7 +15,7 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.keycloak.testsuite.broker.social; package org.keycloak.testsuite.broker.provider.social;
import org.keycloak.broker.provider.AbstractIdentityProvider; import org.keycloak.broker.provider.AbstractIdentityProvider;
import org.keycloak.broker.provider.AuthenticationRequest; import org.keycloak.broker.provider.AuthenticationRequest;

View file

@ -15,7 +15,7 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.keycloak.testsuite.broker.social; package org.keycloak.testsuite.broker.provider.social;
import org.keycloak.broker.provider.AbstractIdentityProviderFactory; import org.keycloak.broker.provider.AbstractIdentityProviderFactory;
import org.keycloak.models.IdentityProviderModel; import org.keycloak.models.IdentityProviderModel;

View file

@ -0,0 +1,80 @@
/*
* JBoss, Home of Professional Open Source
*
* Copyright 2013 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.broker.util;
import org.codehaus.jackson.JsonNode;
import org.codehaus.jackson.map.ObjectMapper;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.representations.IDToken;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.Serializable;
/**
* @author pedroigor
*/
public class UserSessionStatusServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
if (req.getRequestURI().toString().endsWith("logout")) {
resp.setStatus(200);
req.logout();
return;
}
writeSessionStatus(req, resp);
}
private void writeSessionStatus(HttpServletRequest req, HttpServletResponse resp) throws IOException {
KeycloakSecurityContext context = (KeycloakSecurityContext)req.getAttribute(KeycloakSecurityContext.class.getName());
IDToken idToken = context.getIdToken();
JsonNode jsonNode = new ObjectMapper().valueToTree(new UserSessionStatus(idToken));
PrintWriter writer = resp.getWriter();
writer.println(jsonNode.toString());
writer.flush();
}
public static class UserSessionStatus implements Serializable {
private IDToken idToken;
public UserSessionStatus() {
}
public UserSessionStatus(IDToken idToken) {
this.idToken = idToken;
}
public IDToken getIdToken() {
return this.idToken;
}
public void setIdToken(IDToken idToken) {
this.idToken = idToken;
}
}
}

View file

@ -41,6 +41,9 @@ public abstract class AbstractKeycloakRule extends ExternalResource {
protected void before() throws Throwable { protected void before() throws Throwable {
server = new KeycloakServer(); server = new KeycloakServer();
configureServer(server);
server.start(); server.start();
removeTestRealms(); removeTestRealms();
@ -48,6 +51,10 @@ public abstract class AbstractKeycloakRule extends ExternalResource {
setupKeycloak(); setupKeycloak();
} }
protected void configureServer(KeycloakServer server) {
}
public UserRepresentation getUser(String realm, String name) { public UserRepresentation getUser(String realm, String name) {
KeycloakSession session = server.getSessionFactory().create(); KeycloakSession session = server.getSessionFactory().create();
session.getTransaction().begin(); session.getTransaction().begin();

View file

@ -1 +1 @@
org.keycloak.testsuite.broker.social.CustomSocialProviderFactory org.keycloak.testsuite.broker.provider.social.CustomSocialProviderFactory

View file

@ -0,0 +1,11 @@
{
"realm": "realm-with-broker",
"resource": "test-app",
"realm-public-key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj8r0029eL0jJKXv6XbNj+QqsZO25HhZ0IjTEtb8mfh0tju/X8c6dXgILh5wU7OF00U+0mSYSE/+rrYKmY5g4oCleTe1+abavATP1tamtXGAUYqdutaXPrVn9yMsCWEPchSPZlEGq5iBJdA+xh9ejUmZJYXmln26HUVWq71/jC9GpjbRmFQ37f0X7WJoGyiqyttfKkKfUeBmRbX/0P0Zm6DVze8HjCDVPBllZE0a3HCgSF0rp0+s1xn7o91qdWKVattAVsGNjjDPz/sgwHOyyhDtSyajwXU+K/QUZ9pV4moGtwC9uIEymTylP7bu7qnxXIhfouEa+fEjAzTs0HJ5JQIDAQAB",
"auth-server-url": "http://localhost:8081/auth",
"ssl-required" : "external",
"expose-token": true,
"credentials": {
"secret": "password"
}
}

View file

@ -0,0 +1,46 @@
{
"id": "realm-with-saml-identity-provider",
"realm": "realm-with-saml-identity-provider",
"enabled": true,
"requiredCredentials": [ "password" ],
"defaultRoles": [ "foo", "bar" ],
"privateKey": "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCCPyvTTb14vSMkpe/pds2P5Cqxk7bkeFnQiNMS1vyZ+HS2O79fxzp1eAguHnBTs4XTRT7SZJhIT/6utgqZjmDigKV5N7X5ptq8BM/W1qa1cYBRip261pc+tWf3IywJYQ9yFI9mUQarmIEl0D7GH16NSZklheaWfbodRVarvX+ML0amNtGYVDft/RftYmgbKKrK218qQp9R4GZFtf/Q/RmboNXN7weMINU8GWVkTRrccKBIXSunT6zXGfuj3Wp1YpVq20BWwY2OMM/P+yDAc7LKEO1LJqPBdT4r9BRn2lXiaga3AL24gTKZPKU/tu7uqfFciF+i4Rr58SMDNOzQcnklAgMBAAECggEAc0eibJYEO5d8QXW1kPgcHV2gBChv2mxDYnWYDLbIQSdNdfYP/qABt/MTmm5KkWr16fcCEYoD1w0mqFBrtVn1msSusUmEAYGTXJMNumOmjjX1kzaTQMmqeFBrwqwYz/xehWR5P+A7fSmwNV3KEeW19GvN5w5K96w0TLAQdFV3TQVPSytusDunwuR1yltMe1voaEDZ9z0Pi08YiEk2f6xhj5CMkoiw3mNImzfruphHullxU4FD05fH6tDeJ381527ILpAzDsgYZh4aFLKjUHem96bX4EL7FIzBJ6okgN78AZnUC/EaVfgFTw0qfhoWvZV4ruVXXiMhCg4CMMRDq/k9iQKBgQDBNWsJMT84OnnWmQoJmZogkFV+tsGrSK6Re+aJxLWpishh7dwAnT2OcagZvVdUb0FwNWu1D0B9/SKDDMRnnHBhOGDpH57m/eQdRU0oX1BD27xvffk0lLcfD4BTxnR5e9jss8K4twc9jf0P1rxC/loGJ2NtCH0BrPHgz54Ea+96ewKBgQCsk3JDaaPnFwzVYm2BXlhxOxLPsF4wvD2rIRAswZV4C5xebjand8nwiMmVpNd0PRLkEnkI+waURGv2EY/P3JsssoiY8Xqe8f/1G+SQKre7lbqOas8rFoALepC0BYDiZDFy0Z9ZnRAFzRI5sgIt7jpoMRD4xDNlmiV8X+yBxc3Y3wKBgQChDQsU1YUyNKQ8+sLAL9anEEkD4Ald4q8JPHN2IY+gLLxNzT0XEfsu0pTiJ8805axxgUYv3e/PVYNAJBNPnrqaf6lgiegl+jr9Hzhqz9CTUAYqFaL2boSakoxQyNtsLI0s+cb1vDN/3uy0GDZDzcty18BsMagqDmRtFgNNAj/UIwKBgQCahbeFBv0cOPZjxisY8Bou4N8aGehsqNBq/0LVYExuXa8YmoTTdJ3bgw9Er4G/ccQNdUDsuqAMeCtW/CiRzQ0ge4d1sprB4Rv3I4+HSsiS7SFKzfZLtWzXWlpg5qCdlWr1TR7qhYjIOPO9t1beO3YOvwhcRoliyyAPenBxTmTfbwKBgDtm2WJ5VlQgNpIdOs1CCiqd0DFmWOmvBPspPC1kySiy+Ndr9jNohRZkR7pEjgqA5E8rdzc88LirUN7bY5HFHRWN9KXrs5/o3O1K3GFCp64N6nvnPEYZ2zSJalcMC2fjSsJg26z8Dg1H+gfTIDUMoGiEAAnJXuqk+WayPU+fZMLn",
"publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj8r0029eL0jJKXv6XbNj+QqsZO25HhZ0IjTEtb8mfh0tju/X8c6dXgILh5wU7OF00U+0mSYSE/+rrYKmY5g4oCleTe1+abavATP1tamtXGAUYqdutaXPrVn9yMsCWEPchSPZlEGq5iBJdA+xh9ejUmZJYXmln26HUVWq71/jC9GpjbRmFQ37f0X7WJoGyiqyttfKkKfUeBmRbX/0P0Zm6DVze8HjCDVPBllZE0a3HCgSF0rp0+s1xn7o91qdWKVattAVsGNjjDPz/sgwHOyyhDtSyajwXU+K/QUZ9pV4moGtwC9uIEymTylP7bu7qnxXIhfouEa+fEjAzTs0HJ5JQIDAQAB",
"applications": [
{
"name": "http://localhost:8081/auth/",
"enabled": true,
"redirectUris": [
"http://localhost:8081/auth/broker/realm-with-broker/saml-signed-idp"
],
"attributes": {
"saml.assertion.signature": "true",
"saml.server.signature": "true",
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
"saml.authnstatement": "true",
"saml.signing.private.key": "MIICWwIBAAKBgQDVG8a7xGN6ZIkDbeecySygcDfsypjUMNPE4QJjis8B316CvsZQ0hcTTLUyiRpHlHZys2k3xEhHBHymFC1AONcvzZzpb40tAhLHO1qtAnut00khjAdjR3muLVdGkM/zMC7G5s9iIwBVhwOQhy+VsGnCH91EzkjZ4SVEr55KJoyQJQIDAQABAoGADaTtoG/+foOZUiLjRWKL/OmyavK9vjgyFtThNkZY4qHOh0h3og0RdSbgIxAsIpEa1FUwU2W5yvI6mNeJ3ibFgCgcxqPk6GkAC7DWfQfdQ8cS+dCuaFTs8ObIQEvU50YzeNPiiFxRA+MnauCUXaKm/PnDfjd4tPgru7XZvlGh0wECQQDsBbN2cKkBKpr/b5oJiBcBaSZtWiMNuYBDn9x8uORj+Gy/49BUIMHF2EWyxOWz6ocP5YiynNRkPe21Zus7PEr1AkEA5yWQOkxUTIg43s4pxNSeHtL+Ebqcg54lY2xOQK0yufxUVZI8ODctAKmVBMiCKpU3mZQquOaQicuGtocpgxlScQI/YM31zZ5nsxLGf/5GL6KhzPJT0IYn2nk7IoFu7bjn9BjwgcPurpLA52TNMYWQsTqAKwT6DEhG1NaRqNWNpb4VAkBehObAYBwMm5udyHIeEc+CzUalm0iLLa0eRdiN7AUVNpCJ2V2Uo0NcxPux1AgeP5xXydXafDXYkwhINWcNO9qRAkEA58ckAC5loUGwU5dLaugsGH/a2Q8Ac8bmPglwfCstYDpl8Gp/eimb1eKyvDEELOhyImAv4/uZV9wN85V0xZXWsw==",
"saml.signing.certificate": "MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin"
}
}
],
"users": [
{
"username" : "saml.user",
"enabled": true,
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": ["manager"]
}
],
"roles" : {
"realm" : [
{
"name": "manager",
"description": "Have Manager privileges"
}
]
}
}

View file

@ -0,0 +1,40 @@
{
"id": "realm-with-saml-identity-provider",
"realm": "realm-with-saml-identity-provider",
"enabled": true,
"requiredCredentials": [ "password" ],
"defaultRoles": [ "foo", "bar" ],
"privateKey": "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCCPyvTTb14vSMkpe/pds2P5Cqxk7bkeFnQiNMS1vyZ+HS2O79fxzp1eAguHnBTs4XTRT7SZJhIT/6utgqZjmDigKV5N7X5ptq8BM/W1qa1cYBRip261pc+tWf3IywJYQ9yFI9mUQarmIEl0D7GH16NSZklheaWfbodRVarvX+ML0amNtGYVDft/RftYmgbKKrK218qQp9R4GZFtf/Q/RmboNXN7weMINU8GWVkTRrccKBIXSunT6zXGfuj3Wp1YpVq20BWwY2OMM/P+yDAc7LKEO1LJqPBdT4r9BRn2lXiaga3AL24gTKZPKU/tu7uqfFciF+i4Rr58SMDNOzQcnklAgMBAAECggEAc0eibJYEO5d8QXW1kPgcHV2gBChv2mxDYnWYDLbIQSdNdfYP/qABt/MTmm5KkWr16fcCEYoD1w0mqFBrtVn1msSusUmEAYGTXJMNumOmjjX1kzaTQMmqeFBrwqwYz/xehWR5P+A7fSmwNV3KEeW19GvN5w5K96w0TLAQdFV3TQVPSytusDunwuR1yltMe1voaEDZ9z0Pi08YiEk2f6xhj5CMkoiw3mNImzfruphHullxU4FD05fH6tDeJ381527ILpAzDsgYZh4aFLKjUHem96bX4EL7FIzBJ6okgN78AZnUC/EaVfgFTw0qfhoWvZV4ruVXXiMhCg4CMMRDq/k9iQKBgQDBNWsJMT84OnnWmQoJmZogkFV+tsGrSK6Re+aJxLWpishh7dwAnT2OcagZvVdUb0FwNWu1D0B9/SKDDMRnnHBhOGDpH57m/eQdRU0oX1BD27xvffk0lLcfD4BTxnR5e9jss8K4twc9jf0P1rxC/loGJ2NtCH0BrPHgz54Ea+96ewKBgQCsk3JDaaPnFwzVYm2BXlhxOxLPsF4wvD2rIRAswZV4C5xebjand8nwiMmVpNd0PRLkEnkI+waURGv2EY/P3JsssoiY8Xqe8f/1G+SQKre7lbqOas8rFoALepC0BYDiZDFy0Z9ZnRAFzRI5sgIt7jpoMRD4xDNlmiV8X+yBxc3Y3wKBgQChDQsU1YUyNKQ8+sLAL9anEEkD4Ald4q8JPHN2IY+gLLxNzT0XEfsu0pTiJ8805axxgUYv3e/PVYNAJBNPnrqaf6lgiegl+jr9Hzhqz9CTUAYqFaL2boSakoxQyNtsLI0s+cb1vDN/3uy0GDZDzcty18BsMagqDmRtFgNNAj/UIwKBgQCahbeFBv0cOPZjxisY8Bou4N8aGehsqNBq/0LVYExuXa8YmoTTdJ3bgw9Er4G/ccQNdUDsuqAMeCtW/CiRzQ0ge4d1sprB4Rv3I4+HSsiS7SFKzfZLtWzXWlpg5qCdlWr1TR7qhYjIOPO9t1beO3YOvwhcRoliyyAPenBxTmTfbwKBgDtm2WJ5VlQgNpIdOs1CCiqd0DFmWOmvBPspPC1kySiy+Ndr9jNohRZkR7pEjgqA5E8rdzc88LirUN7bY5HFHRWN9KXrs5/o3O1K3GFCp64N6nvnPEYZ2zSJalcMC2fjSsJg26z8Dg1H+gfTIDUMoGiEAAnJXuqk+WayPU+fZMLn",
"publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj8r0029eL0jJKXv6XbNj+QqsZO25HhZ0IjTEtb8mfh0tju/X8c6dXgILh5wU7OF00U+0mSYSE/+rrYKmY5g4oCleTe1+abavATP1tamtXGAUYqdutaXPrVn9yMsCWEPchSPZlEGq5iBJdA+xh9ejUmZJYXmln26HUVWq71/jC9GpjbRmFQ37f0X7WJoGyiqyttfKkKfUeBmRbX/0P0Zm6DVze8HjCDVPBllZE0a3HCgSF0rp0+s1xn7o91qdWKVattAVsGNjjDPz/sgwHOyyhDtSyajwXU+K/QUZ9pV4moGtwC9uIEymTylP7bu7qnxXIhfouEa+fEjAzTs0HJ5JQIDAQAB",
"applications": [
{
"name": "http://localhost:8081/auth/",
"enabled": true,
"redirectUris": [
"http://localhost:8081/auth/broker/realm-with-broker/saml-idp-basic"
],
"attributes": {
"saml.authnstatement": "true"
}
}
],
"users": [
{
"username" : "saml.user",
"enabled": true,
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": ["manager"]
}
],
"roles" : {
"realm" : [
{
"name": "manager",
"description": "Have Manager privileges"
}
]
}
}

View file

@ -0,0 +1,145 @@
{
"id": "realm-with-broker",
"realm": "realm-with-broker",
"enabled": true,
"requiredCredentials": [ "password" ],
"defaultRoles": [ "manager" ],
"privateKey": "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCCPyvTTb14vSMkpe/pds2P5Cqxk7bkeFnQiNMS1vyZ+HS2O79fxzp1eAguHnBTs4XTRT7SZJhIT/6utgqZjmDigKV5N7X5ptq8BM/W1qa1cYBRip261pc+tWf3IywJYQ9yFI9mUQarmIEl0D7GH16NSZklheaWfbodRVarvX+ML0amNtGYVDft/RftYmgbKKrK218qQp9R4GZFtf/Q/RmboNXN7weMINU8GWVkTRrccKBIXSunT6zXGfuj3Wp1YpVq20BWwY2OMM/P+yDAc7LKEO1LJqPBdT4r9BRn2lXiaga3AL24gTKZPKU/tu7uqfFciF+i4Rr58SMDNOzQcnklAgMBAAECggEAc0eibJYEO5d8QXW1kPgcHV2gBChv2mxDYnWYDLbIQSdNdfYP/qABt/MTmm5KkWr16fcCEYoD1w0mqFBrtVn1msSusUmEAYGTXJMNumOmjjX1kzaTQMmqeFBrwqwYz/xehWR5P+A7fSmwNV3KEeW19GvN5w5K96w0TLAQdFV3TQVPSytusDunwuR1yltMe1voaEDZ9z0Pi08YiEk2f6xhj5CMkoiw3mNImzfruphHullxU4FD05fH6tDeJ381527ILpAzDsgYZh4aFLKjUHem96bX4EL7FIzBJ6okgN78AZnUC/EaVfgFTw0qfhoWvZV4ruVXXiMhCg4CMMRDq/k9iQKBgQDBNWsJMT84OnnWmQoJmZogkFV+tsGrSK6Re+aJxLWpishh7dwAnT2OcagZvVdUb0FwNWu1D0B9/SKDDMRnnHBhOGDpH57m/eQdRU0oX1BD27xvffk0lLcfD4BTxnR5e9jss8K4twc9jf0P1rxC/loGJ2NtCH0BrPHgz54Ea+96ewKBgQCsk3JDaaPnFwzVYm2BXlhxOxLPsF4wvD2rIRAswZV4C5xebjand8nwiMmVpNd0PRLkEnkI+waURGv2EY/P3JsssoiY8Xqe8f/1G+SQKre7lbqOas8rFoALepC0BYDiZDFy0Z9ZnRAFzRI5sgIt7jpoMRD4xDNlmiV8X+yBxc3Y3wKBgQChDQsU1YUyNKQ8+sLAL9anEEkD4Ald4q8JPHN2IY+gLLxNzT0XEfsu0pTiJ8805axxgUYv3e/PVYNAJBNPnrqaf6lgiegl+jr9Hzhqz9CTUAYqFaL2boSakoxQyNtsLI0s+cb1vDN/3uy0GDZDzcty18BsMagqDmRtFgNNAj/UIwKBgQCahbeFBv0cOPZjxisY8Bou4N8aGehsqNBq/0LVYExuXa8YmoTTdJ3bgw9Er4G/ccQNdUDsuqAMeCtW/CiRzQ0ge4d1sprB4Rv3I4+HSsiS7SFKzfZLtWzXWlpg5qCdlWr1TR7qhYjIOPO9t1beO3YOvwhcRoliyyAPenBxTmTfbwKBgDtm2WJ5VlQgNpIdOs1CCiqd0DFmWOmvBPspPC1kySiy+Ndr9jNohRZkR7pEjgqA5E8rdzc88LirUN7bY5HFHRWN9KXrs5/o3O1K3GFCp64N6nvnPEYZ2zSJalcMC2fjSsJg26z8Dg1H+gfTIDUMoGiEAAnJXuqk+WayPU+fZMLn",
"publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj8r0029eL0jJKXv6XbNj+QqsZO25HhZ0IjTEtb8mfh0tju/X8c6dXgILh5wU7OF00U+0mSYSE/+rrYKmY5g4oCleTe1+abavATP1tamtXGAUYqdutaXPrVn9yMsCWEPchSPZlEGq5iBJdA+xh9ejUmZJYXmln26HUVWq71/jC9GpjbRmFQ37f0X7WJoGyiqyttfKkKfUeBmRbX/0P0Zm6DVze8HjCDVPBllZE0a3HCgSF0rp0+s1xn7o91qdWKVattAVsGNjjDPz/sgwHOyyhDtSyajwXU+K/QUZ9pV4moGtwC9uIEymTylP7bu7qnxXIhfouEa+fEjAzTs0HJ5JQIDAQAB",
"identityProviders" : [
{
"id" : "google",
"providerId" : "google",
"name" : "Google",
"enabled": true,
"updateProfileFirstLogin" : "true",
"config": {
"clientId": "clientId",
"clientSecret": "clientSecret"
}
},
{
"id" : "facebook",
"providerId" : "facebook",
"name" : "Facebook",
"enabled": true,
"updateProfileFirstLogin" : "true",
"config": {
"authorizationUrl": "authorizationUrl",
"tokenUrl": "tokenUrl",
"userInfoUrl": "userInfoUrl",
"clientId": "clientId",
"clientSecret": "clientSecret"
}
},
{
"id" : "github",
"providerId" : "github",
"name" : "GitHub",
"enabled": true,
"updateProfileFirstLogin" : "true",
"config": {
"authorizationUrl": "authorizationUrl",
"tokenUrl": "tokenUrl",
"userInfoUrl": "userInfoUrl",
"clientId": "clientId",
"clientSecret": "clientSecret"
}
},
{
"id" : "twitter",
"providerId" : "twitter",
"name" : "Twitter",
"enabled": true,
"updateProfileFirstLogin" : "true",
"config": {
"authorizationUrl": "authorizationUrl",
"tokenUrl": "tokenUrl",
"userInfoUrl": "userInfoUrl",
"clientId": "clientId",
"clientSecret": "clientSecret"
}
},
{
"id" : "saml-signed-idp",
"providerId" : "saml",
"name" : "SAML Signed IdP",
"enabled": true,
"updateProfileFirstLogin" : "true",
"config": {
"singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml",
"nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"signingCertificate": "MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin",
"wantAuthnRequestsSigned": true,
"forceAuthn": true,
"validateSignature": true,
"postBindingResponse": true,
"postBindingAuthnRequest": true
}
},
{
"id" : "saml-idp-basic",
"providerId" : "saml",
"name" : "SAML Signed IdP",
"enabled": true,
"updateProfileFirstLogin" : "true",
"config": {
"singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml",
"nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"forceAuthn": true,
"postBindingResponse": true,
"postBindingAuthnRequest": true
}
},
{
"id" : "oidc-idp",
"providerId" : "oidc",
"name" : "OIDC IdP",
"enabled": false,
"updateProfileFirstLogin" : "false",
"config": {
"clientId": "clientId",
"clientSecret": "clientSecret",
"prompt": "prompt",
"authorizationUrl": "authorizationUrl",
"tokenUrl": "tokenUrl",
"userInfoUrl": "userInfoUrl",
"defaultScope": "defaultScope",
"issuer": "issuer"
}
}
],
"users": [
{
"username" : "pedroigor",
"enabled": true,
"email" : "psilva@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": ["manager"]
}
],
"applications": [
{
"name": "test-app",
"enabled": true,
"publicClient": true,
"adminUrl": "http://localhost:8081/auth",
"baseUrl": "http://localhost:8081/auth",
"redirectUris": [
"/test-app/*"
],
"webOrigins": []
}
],
"roles" : {
"realm" : [
{
"name": "manager",
"description": "Have Manager privileges"
}
]
}
}

View file

@ -1,183 +0,0 @@
{
"realm": "test-realm-with-identity-provider",
"enabled": true,
"requiredCredentials": [ "password" ],
"defaultRoles": [ "foo", "bar" ],
"identityProviders" : [
{
"id" : "google",
"providerId" : "google",
"name" : "Google",
"enabled": true,
"updateProfileFirstLogin" : "true",
"config": {
"clientId": "clientId",
"clientSecret": "clientSecret"
}
},
{
"id" : "facebook",
"providerId" : "facebook",
"name" : "Facebook",
"enabled": true,
"updateProfileFirstLogin" : "true",
"config": {
"authorizationUrl": "authorizationUrl",
"tokenUrl": "tokenUrl",
"userInfoUrl": "userInfoUrl",
"clientId": "clientId",
"clientSecret": "clientSecret"
}
},
{
"id" : "github",
"providerId" : "github",
"name" : "GitHub",
"enabled": true,
"updateProfileFirstLogin" : "true",
"config": {
"authorizationUrl": "authorizationUrl",
"tokenUrl": "tokenUrl",
"userInfoUrl": "userInfoUrl",
"clientId": "clientId",
"clientSecret": "clientSecret"
}
},
{
"id" : "twitter",
"providerId" : "twitter",
"name" : "Twitter",
"enabled": true,
"updateProfileFirstLogin" : "true",
"config": {
"authorizationUrl": "authorizationUrl",
"tokenUrl": "tokenUrl",
"userInfoUrl": "userInfoUrl",
"clientId": "clientId",
"clientSecret": "clientSecret"
}
},
{
"id" : "saml-idp",
"providerId" : "saml",
"name" : "SAML IdP",
"enabled": true,
"updateProfileFirstLogin" : "true",
"config": {
"singleSignOnServiceUrl": "http://localhost:8080/idp/",
"nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"signingPublicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"wantAuthnRequestsSigned": true,
"forceAuthn": true,
"validateSignature": true,
"postBindingResponse": true,
"postBindingAuthnRequest": true
}
},
{
"id" : "oidc-idp",
"providerId" : "oidc",
"name" : "OIDC IdP",
"enabled": false,
"updateProfileFirstLogin" : "false",
"config": {
"clientId": "clientId",
"clientSecret": "clientSecret",
"prompt": "prompt",
"authorizationUrl": "authorizationUrl",
"tokenUrl": "tokenUrl",
"userInfoUrl": "userInfoUrl",
"defaultScope": "defaultScope",
"issuer": "issuer"
}
}
],
"users": [
{
"username": "federated-user",
"enabled": true,
"federatedIdentities": [
{
"identityProvider": "facebook",
"userId": "facebook1",
"userName": "fbuser1"
},
{
"identityProvider": "twitter",
"userId": "twitter1",
"userName": "twuser1"
},
{
"identityProvider": "google",
"userId": "google1",
"userName": "mySocialUser@gmail.com"
}
]
}
],
"applications": [
{
"name": "Application",
"enabled": true,
"nodeReRegistrationTimeout": 50,
"registeredNodes": {
"node1": 10,
"172.10.15.20": 20
}
},
{
"name": "OtherApp",
"enabled": true
}
],
"oauthClients" : [
{
"name" : "oauthclient",
"enabled": true,
"secret": "clientpassword"
}
],
"roles" : {
"realm" : [
{
"name": "admin"
}
],
"application" : {
"Application" : [
{
"name": "app-admin"
},
{
"name": "app-user"
}
],
"OtherApp" : [
{
"name": "otherapp-admin"
},
{
"name": "otherapp-user"
}
]
}
},
"scopeMappings": [
{
"client": "oauthclient",
"roles": ["admin"]
}
],
"applicationScopeMappings": {
"Application": [
{
"client": "oauthclient",
"roles": ["app-user"]
}
]
}
}