keycloak-aplcache
Changes
docbook/auth-server-docs/pom.xml 2(+1 -1)
docbook/saml-adapter-docs/pom.xml 2(+1 -1)
examples/fuse/camel/pom.xml 1(+1 -0)
examples/fuse/testrealm.json 1(+0 -1)
examples/multi-tenant/pom.xml 3(+3 -0)
examples/pom.xml 18(+11 -7)
forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginFormsProvider.java 10(+9 -1)
model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheUserProvider.java 6(+6 -0)
model/jpa/src/main/java/org/keycloak/models/jpa/session/JpaUserSessionPersisterProvider.java 44(+22 -22)
model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/MongoUserProvider.java 13(+13 -0)
model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/compat/SimpleUserSessionInitializer.java 2(+1 -1)
model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java 20(+16 -4)
testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java 42(+40 -2)
testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionPersisterProviderTest.java 8(+8 -0)
testsuite/integration-arquillian/servers/migration/pom.xml 391(+215 -176)
testsuite/integration-arquillian/servers/migration/wildfly_kc12/src/main/xslt/add-dialect-logger.xsl 0(+0 -0)
testsuite/integration-arquillian/servers/migration/wildfly_kc12/src/main/xslt/datasource.xsl 0(+0 -0)
testsuite/integration-arquillian/servers/migration/wildfly_kc13/src/main/xslt/add-dialect-logger.xsl 0(+0 -0)
testsuite/integration-arquillian/servers/migration/wildfly_kc13/src/main/xslt/datasource.xsl 0(+0 -0)
testsuite/integration-arquillian/servers/migration/wildfly_kc14/src/main/xslt/add-dialect-logger.xsl 0(+0 -0)
testsuite/integration-arquillian/servers/migration/wildfly_kc14/src/main/xslt/datasource.xsl 0(+0 -0)
testsuite/integration-arquillian/servers/migration/wildfly_kc15/src/main/xslt/add-dialect-logger.xsl 0(+0 -0)
testsuite/integration-arquillian/servers/migration/wildfly_kc15/src/main/xslt/datasource.xsl 0(+0 -0)
testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/add-dialect-logger.xsl 28(+28 -0)
testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/datasource.xsl 94(+94 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/ContainersTestEnricher.java 74(+68 -6)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JBossJiraParser.java 14(+7 -7)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/Jira.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JiraTestExecutionDecider.java 76(+38 -38)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KeycloakArquillianExtension.java 4(+3 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/migration/Migration.java 39(+39 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/migration/MigrationTestExecutionDecider.java 61(+61 -0)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java 1(+1 -0)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java 90(+90 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-15.json 751(+751 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-16.json 796(+796 -0)
testsuite/integration-arquillian/tests/pom.xml 187(+73 -114)
Details
diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.6.0.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.6.0.xml
index b50a4f4..5b0a0da 100644
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.6.0.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.6.0.xml
@@ -31,7 +31,7 @@
<constraints nullable="false"/>
</column>
<column name="LAST_SESSION_REFRESH" type="INT"/>
- <column name="OFFLINE_FLAG" type="VARCHAR(4)">
+ <column name="OFFLINE" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="DATA" type="CLOB"/>
@@ -47,14 +47,14 @@
<column name="CLIENT_ID" type="VARCHAR(36)">
<constraints nullable="false"/>
</column>
- <column name="OFFLINE_FLAG" type="VARCHAR(4)">
+ <column name="OFFLINE" type="BOOLEAN" defaultValueBoolean="false">
<constraints nullable="false"/>
</column>
<column name="TIMESTAMP" type="INT"/>
<column name="DATA" type="CLOB"/>
</createTable>
- <addPrimaryKey columnNames="USER_SESSION_ID, OFFLINE_FLAG" constraintName="CONSTRAINT_OFFLINE_US_SES_PK" tableName="OFFLINE_USER_SESSION"/>
- <addPrimaryKey columnNames="CLIENT_SESSION_ID, OFFLINE_FLAG" constraintName="CONSTRAINT_OFFLINE_CL_SES_PK" tableName="OFFLINE_CLIENT_SESSION"/>
+ <addPrimaryKey columnNames="USER_SESSION_ID, OFFLINE" constraintName="CONSTRAINT_OFFLINE_US_SES_PK" tableName="OFFLINE_USER_SESSION"/>
+ <addPrimaryKey columnNames="CLIENT_SESSION_ID, OFFLINE" constraintName="CONSTRAINT_OFFLINE_CL_SES_PK" tableName="OFFLINE_CLIENT_SESSION"/>
</changeSet>
</databaseChangeLog>
\ No newline at end of file
diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.6.1.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.6.1.xml
new file mode 100644
index 0000000..4e0129e
--- /dev/null
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.6.1.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
+ <changeSet author="mposolda@redhat.com" id="1.6.1_from15">
+
+ <preConditions onFail="MARK_RAN" onFailMessage="Upgrading from 1.6.0 version. Skipped 1.6.1_from15 changeSet and marked as ran">
+ <not>
+ <changeSetExecuted id="1.6.0" author="mposolda@redhat.com" changeLogFile="META-INF/jpa-changelog-1.6.0.xml" />
+ </not>
+ </preConditions>
+
+ <addColumn tableName="REALM">
+ <column name="OFFLINE_SESSION_IDLE_TIMEOUT" type="INT" defaultValueNumeric="0"/>
+ <column name="REVOKE_REFRESH_TOKEN" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ </addColumn>
+
+ <addColumn tableName="KEYCLOAK_ROLE">
+ <column name="SCOPE_PARAM_REQUIRED" type="BOOLEAN" defaultValueBoolean="false">
+ <constraints nullable="false"/>
+ </column>
+ </addColumn>
+
+ <addColumn tableName="CLIENT">
+ <column name="ROOT_URL" type="VARCHAR(255)"/>
+ <column name="DESCRIPTION" type="VARCHAR(255)"/>
+ </addColumn>
+
+ <createTable tableName="OFFLINE_USER_SESSION">
+ <column name="USER_SESSION_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="USER_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="REALM_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="LAST_SESSION_REFRESH" type="INT"/>
+ <column name="OFFLINE_FLAG" type="VARCHAR(4)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="DATA" type="CLOB"/>
+ </createTable>
+
+ <createTable tableName="OFFLINE_CLIENT_SESSION">
+ <column name="CLIENT_SESSION_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="USER_SESSION_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="CLIENT_ID" type="VARCHAR(36)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="OFFLINE_FLAG" type="VARCHAR(4)">
+ <constraints nullable="false"/>
+ </column>
+ <column name="TIMESTAMP" type="INT"/>
+ <column name="DATA" type="CLOB"/>
+ </createTable>
+
+ <addPrimaryKey columnNames="USER_SESSION_ID, OFFLINE_FLAG" constraintName="CONSTRAINT_OFFL_US_SES_PK2" tableName="OFFLINE_USER_SESSION"/>
+ <addPrimaryKey columnNames="CLIENT_SESSION_ID, OFFLINE_FLAG" constraintName="CONSTRAINT_OFFL_CL_SES_PK2" tableName="OFFLINE_CLIENT_SESSION"/>
+ </changeSet>
+
+ <!-- Just for the update from 1.6.0 -->
+ <changeSet author="mposolda@redhat.com" id="1.6.1_from16">
+
+ <preConditions onFail="MARK_RAN" onFailMessage="Upgrading from 1.5.0 or older version. Skipped 1.6.1_from16 changeSet and marked as ran">
+ <changeSetExecuted id="1.6.0" author="mposolda@redhat.com" changeLogFile="META-INF/jpa-changelog-1.6.0.xml" />
+ </preConditions>
+
+ <dropPrimaryKey constraintName="CONSTRAINT_OFFLINE_US_SES_PK" tableName="OFFLINE_USER_SESSION" />
+ <dropPrimaryKey constraintName="CONSTRAINT_OFFLINE_CL_SES_PK" tableName="OFFLINE_CLIENT_SESSION" />
+
+ <addColumn tableName="OFFLINE_USER_SESSION">
+ <column name="OFFLINE_FLAG" type="VARCHAR(4)">
+ <constraints nullable="false"/>
+ </column>
+ </addColumn>
+ <update tableName="OFFLINE_USER_SESSION">
+ <column name="OFFLINE_FLAG" value="1"/>
+ </update>
+ <dropColumn tableName="OFFLINE_USER_SESSION" columnName="OFFLINE" />
+
+ <addColumn tableName="OFFLINE_CLIENT_SESSION">
+ <column name="OFFLINE_FLAG" type="VARCHAR(4)">
+ <constraints nullable="false"/>
+ </column>
+ </addColumn>
+ <update tableName="OFFLINE_CLIENT_SESSION">
+ <column name="OFFLINE_FLAG" value="1"/>
+ </update>
+ <dropColumn tableName="OFFLINE_CLIENT_SESSION" columnName="OFFLINE" />
+
+ <addPrimaryKey columnNames="USER_SESSION_ID, OFFLINE_FLAG" constraintName="CONSTRAINT_OFFL_US_SES_PK2" tableName="OFFLINE_USER_SESSION"/>
+ <addPrimaryKey columnNames="CLIENT_SESSION_ID, OFFLINE_FLAG" constraintName="CONSTRAINT_OFFL_CL_SES_PK2" tableName="OFFLINE_CLIENT_SESSION"/>
+
+ </changeSet>
+
+ <changeSet author="mposolda@redhat.com" id="1.6.1">
+ </changeSet>
+
+</databaseChangeLog>
\ No newline at end of file
diff --git a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-master.xml b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-master.xml
index 93c2824..2acc0bb 100755
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-master.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-master.xml
@@ -9,6 +9,6 @@
<include file="META-INF/jpa-changelog-1.3.0.xml"/>
<include file="META-INF/jpa-changelog-1.4.0.xml"/>
<include file="META-INF/jpa-changelog-1.5.0.xml"/>
- <include file="META-INF/jpa-changelog-1.6.0.xml"/>
+ <include file="META-INF/jpa-changelog-1.6.1.xml"/>
<include file="META-INF/jpa-changelog-1.7.0.xml"/>
</databaseChangeLog>
diff --git a/distribution/saml-adapters/jetty91-adapter-zip/pom.xml b/distribution/saml-adapters/jetty91-adapter-zip/pom.xml
index 2c15be4..733aabf 100755
--- a/distribution/saml-adapters/jetty91-adapter-zip/pom.xml
+++ b/distribution/saml-adapters/jetty91-adapter-zip/pom.xml
@@ -4,7 +4,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
- <version>1.6.0.Final-SNAPSHOT</version>
+ <version></version>
<relativePath>../../../pom.xml</relativePath>
</parent>
docbook/auth-server-docs/pom.xml 2(+1 -1)
diff --git a/docbook/auth-server-docs/pom.xml b/docbook/auth-server-docs/pom.xml
index e605049..a7c2ddd 100755
--- a/docbook/auth-server-docs/pom.xml
+++ b/docbook/auth-server-docs/pom.xml
@@ -2,7 +2,7 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
- <artifactId>keycloak-parent</artifactId>
+ <artifactId>keycloak-docbook-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>1.7.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
diff --git a/docbook/auth-server-docs/reference/en/en-US/modules/javascript-adapter.xml b/docbook/auth-server-docs/reference/en/en-US/modules/javascript-adapter.xml
index 33d62dc..2036afb 100755
--- a/docbook/auth-server-docs/reference/en/en-US/modules/javascript-adapter.xml
+++ b/docbook/auth-server-docs/reference/en/en-US/modules/javascript-adapter.xml
@@ -210,6 +210,7 @@ new Keycloak({ url: 'http://localhost/auth', realm: 'myrealm', clientId: 'myApp'
<listitem>prompt - can be set to 'none' to check if the user is logged in already (if not logged in, a login form is not displayed)</listitem>
<listitem>loginHint - used to pre-fill the username/email field on the login form</listitem>
<listitem>action - if value is 'register' then user is redirected to registration page, otherwise to login page</listitem>
+ <listitem>locale - specifies the desired locale for the UI</listitem>
</itemizedlist>
</para>
</simplesect>
docbook/saml-adapter-docs/pom.xml 2(+1 -1)
diff --git a/docbook/saml-adapter-docs/pom.xml b/docbook/saml-adapter-docs/pom.xml
index 63bf704..975ac5c 100755
--- a/docbook/saml-adapter-docs/pom.xml
+++ b/docbook/saml-adapter-docs/pom.xml
@@ -2,7 +2,7 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
- <artifactId>keycloak-parent</artifactId>
+ <artifactId>keycloak-docbook-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>1.7.0.Final-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
examples/fuse/camel/pom.xml 1(+1 -0)
diff --git a/examples/fuse/camel/pom.xml b/examples/fuse/camel/pom.xml
index f0c45d1..fa17c0e 100755
--- a/examples/fuse/camel/pom.xml
+++ b/examples/fuse/camel/pom.xml
@@ -21,6 +21,7 @@
<keycloak.osgi.import>
org.eclipse.jetty.security;version="[8.1,10)",
org.eclipse.jetty.util.security;version="[8.1,10)",
+ org.apache.camel;version="[2.12,3)",
org.keycloak.*;version="${project.version}",
*;resolution:=optional
</keycloak.osgi.import>
examples/fuse/testrealm.json 1(+0 -1)
diff --git a/examples/fuse/testrealm.json b/examples/fuse/testrealm.json
index ed112bc..f7c3754 100644
--- a/examples/fuse/testrealm.json
+++ b/examples/fuse/testrealm.json
@@ -183,7 +183,6 @@
"enabled": true,
"publicClient": false,
"directGrantsOnly": true,
- "consentRequired": true,
"secret": "password"
}
],
examples/multi-tenant/pom.xml 3(+3 -0)
diff --git a/examples/multi-tenant/pom.xml b/examples/multi-tenant/pom.xml
index 1f90cbd..da6d022 100755
--- a/examples/multi-tenant/pom.xml
+++ b/examples/multi-tenant/pom.xml
@@ -38,16 +38,19 @@
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-adapter-core</artifactId>
+ <scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-adapter-spi</artifactId>
+ <scope>provided</scope>
</dependency>
<!-- Contains KeycloakPrincipal -->
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>
+ <scope>provided</scope>
</dependency>
</dependencies>
<build>
diff --git a/examples/multi-tenant/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/examples/multi-tenant/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
new file mode 100644
index 0000000..d371dbd
--- /dev/null
+++ b/examples/multi-tenant/src/main/webapp/WEB-INF/jboss-deployment-structure.xml
@@ -0,0 +1,7 @@
+<jboss-deployment-structure>
+ <deployment>
+ <dependencies>
+ <module name="org.keycloak.keycloak-adapter-spi"/>
+ </dependencies>
+ </deployment>
+</jboss-deployment-structure>
examples/pom.xml 18(+11 -7)
diff --git a/examples/pom.xml b/examples/pom.xml
index ec25be9..6423a7c 100755
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -14,16 +14,20 @@
<packaging>pom</packaging>
<build>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-deploy-plugin</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-deploy-plugin</artifactId>
- <configuration>
- <skip>true</skip>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<configuration>
<failOnMissingWebXml>false</failOnMissingWebXml>
diff --git a/examples/saml/post-with-encryption/pom.xml b/examples/saml/post-with-encryption/pom.xml
index 0c95d95..090f6af 100755
--- a/examples/saml/post-with-encryption/pom.xml
+++ b/examples/saml/post-with-encryption/pom.xml
@@ -2,9 +2,13 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
- <groupId>org.keycloak.examples</groupId>
+ <parent>
+ <artifactId>keycloak-examples-saml-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.7.0.Final-SNAPSHOT</version>
+ </parent>
+
<artifactId>saml-post-encryption</artifactId>
- <version>1.6.0.Final-SNAPSHOT</version>
<packaging>war</packaging>
diff --git a/examples/saml/post-with-signature/pom.xml b/examples/saml/post-with-signature/pom.xml
index 8841ac0..14db058 100755
--- a/examples/saml/post-with-signature/pom.xml
+++ b/examples/saml/post-with-signature/pom.xml
@@ -2,9 +2,13 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
- <groupId>org.keycloak.examples</groupId>
+ <parent>
+ <artifactId>keycloak-examples-saml-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.7.0.Final-SNAPSHOT</version>
+ </parent>
+
<artifactId>saml-post-signatures</artifactId>
- <version>1.6.0.Final-SNAPSHOT</version>
<packaging>war</packaging>
diff --git a/examples/saml/redirect-with-signature/pom.xml b/examples/saml/redirect-with-signature/pom.xml
index 55f426b..06a4e55 100755
--- a/examples/saml/redirect-with-signature/pom.xml
+++ b/examples/saml/redirect-with-signature/pom.xml
@@ -2,9 +2,13 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
- <groupId>org.keycloak.examples</groupId>
+ <parent>
+ <artifactId>keycloak-examples-saml-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.7.0.Final-SNAPSHOT</version>
+ </parent>
+
<artifactId>saml-redirect-signatures</artifactId>
- <version>1.6.0.Final-SNAPSHOT</version>
<packaging>war</packaging>
diff --git a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/TotpBean.java b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/TotpBean.java
index b7d4df3..419f321 100755
--- a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/TotpBean.java
+++ b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/TotpBean.java
@@ -51,7 +51,7 @@ public class TotpBean {
this.totpSecret = randomString(20);
this.totpSecretEncoded = Base32.encode(totpSecret.getBytes());
- this.keyUri = realm.getOTPPolicy().getKeyURI(realm, this.totpSecret);
+ this.keyUri = realm.getOTPPolicy().getKeyURI(realm, user, this.totpSecret);
}
private static String randomString(int length) {
diff --git a/forms/common-themes/src/main/resources/theme/base/login/login-reset-password.ftl b/forms/common-themes/src/main/resources/theme/base/login/login-reset-password.ftl
index e19a266..404de17 100755
--- a/forms/common-themes/src/main/resources/theme/base/login/login-reset-password.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/login/login-reset-password.ftl
@@ -11,7 +11,7 @@
<label for="username" class="${properties.kcLabelClass!}">${msg("usernameOrEmail")}</label>
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input type="text" id="username" name="username" class="${properties.kcInputClass!}" />
+ <input type="text" id="username" name="username" class="${properties.kcInputClass!}" autofocus/>
</div>
</div>
diff --git a/forms/common-themes/src/main/resources/theme/base/login/login-totp.ftl b/forms/common-themes/src/main/resources/theme/base/login/login-totp.ftl
index e472fff..3f46b76 100755
--- a/forms/common-themes/src/main/resources/theme/base/login/login-totp.ftl
+++ b/forms/common-themes/src/main/resources/theme/base/login/login-totp.ftl
@@ -12,7 +12,7 @@
</div>
<div class="${properties.kcInputWrapperClass!}">
- <input id="totp" name="totp" type="text" class="${properties.kcInputClass!}" />
+ <input id="totp" name="totp" type="text" class="${properties.kcInputClass!}" autofocus />
</div>
</div>
diff --git a/forms/login-api/src/main/java/org/keycloak/login/LoginFormsProvider.java b/forms/login-api/src/main/java/org/keycloak/login/LoginFormsProvider.java
index cb5f2be..fccfce1 100755
--- a/forms/login-api/src/main/java/org/keycloak/login/LoginFormsProvider.java
+++ b/forms/login-api/src/main/java/org/keycloak/login/LoginFormsProvider.java
@@ -52,6 +52,8 @@ public interface LoginFormsProvider extends Provider {
public LoginFormsProvider setClientSessionCode(String accessCode);
+ public LoginFormsProvider setClientSession(ClientSessionModel clientSession);
+
public LoginFormsProvider setAccessRequest(List<RoleModel> realmRolesRequested, MultivaluedMap<String,RoleModel> resourceRolesRequested, List<ProtocolMapperModel> protocolMappers);
public LoginFormsProvider setAccessRequest(String message);
diff --git a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginFormsProvider.java b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginFormsProvider.java
index 7fc1bcd..6125d0b 100755
--- a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginFormsProvider.java
+++ b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginFormsProvider.java
@@ -47,6 +47,7 @@ import org.keycloak.login.freemarker.model.TotpBean;
import org.keycloak.login.freemarker.model.UrlBean;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel;
+import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
@@ -138,7 +139,8 @@ public class FreeMarkerLoginFormsProvider implements LoginFormsProvider {
case VERIFY_EMAIL:
try {
UriBuilder builder = Urls.loginActionEmailVerificationBuilder(uriInfo.getBaseUri());
- builder.queryParam("key", accessCode);
+ builder.queryParam(OAuth2Constants.CODE, accessCode);
+ builder.queryParam("key", clientSession.getNote(Constants.VERIFY_EMAIL_KEY));
String link = builder.build(realm.getName()).toString();
long expiration = TimeUnit.SECONDS.toMinutes(realm.getAccessCodeLifespanUserAction());
@@ -532,6 +534,12 @@ public class FreeMarkerLoginFormsProvider implements LoginFormsProvider {
}
@Override
+ public LoginFormsProvider setClientSession(ClientSessionModel clientSession) {
+ this.clientSession = clientSession;
+ return this;
+ }
+
+ @Override
public LoginFormsProvider setAccessRequest(List<RoleModel> realmRolesRequested, MultivaluedMap<String, RoleModel> resourceRolesRequested, List<ProtocolMapperModel> protocolMappersRequested) {
this.realmRolesRequested = realmRolesRequested;
this.resourceRolesRequested = resourceRolesRequested;
diff --git a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/ClientBean.java b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/ClientBean.java
index f10d031..a292718 100755
--- a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/ClientBean.java
+++ b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/ClientBean.java
@@ -4,6 +4,7 @@ import org.keycloak.models.ClientModel;
import org.keycloak.services.util.ResolveRelative;
import java.net.URI;
+import java.util.Map;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -32,4 +33,11 @@ public class ClientBean {
return ResolveRelative.resolveRelativeUri(requestUri, client.getRootUrl(), client.getBaseUrl());
}
+ public Map<String,String> getAttributes(){
+ return client.getAttributes();
+ }
+
+ public String getAttribute(String key){
+ return client.getAttribute(key);
+ }
}
diff --git a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/TotpBean.java b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/TotpBean.java
index 6f89167..6c9def4 100755
--- a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/TotpBean.java
+++ b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/TotpBean.java
@@ -49,7 +49,7 @@ public class TotpBean {
this.totpSecret = HmacOTP.generateSecret(20);
this.totpSecretEncoded = Base32.encode(totpSecret.getBytes());
- this.keyUri = realm.getOTPPolicy().getKeyURI(realm, this.totpSecret);
+ this.keyUri = realm.getOTPPolicy().getKeyURI(realm, user, this.totpSecret);
}
public boolean isEnabled() {
diff --git a/integration/js/src/main/resources/keycloak.js b/integration/js/src/main/resources/keycloak.js
index d189a36..7b378de 100755
--- a/integration/js/src/main/resources/keycloak.js
+++ b/integration/js/src/main/resources/keycloak.js
@@ -168,6 +168,10 @@
url += '&scope=' + options.scope;
}
+ if (options && options.locale) {
+ url += '&ui_locales=' + options.locale;
+ }
+
return url;
}
diff --git a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java
index 88817ac..45c73a3 100644
--- a/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java
+++ b/model/api/src/main/java/org/keycloak/migration/migrators/MigrateTo1_6_0.java
@@ -63,10 +63,8 @@ public class MigrateTo1_6_0 {
KeycloakModelUtils.setupOfflineTokens(realm);
RoleModel role = realm.getRole(Constants.OFFLINE_ACCESS_ROLE);
- // Check if possible to avoid iterating over users
- for (UserModel user : session.userStorage().getUsers(realm, true)) {
- user.grantRole(role);
- }
+ // Bulk grant of offline_access role to all users
+ session.users().grantToAllUsers(realm, role);
}
ClientModel adminConsoleClient = realm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
diff --git a/model/api/src/main/java/org/keycloak/models/Constants.java b/model/api/src/main/java/org/keycloak/models/Constants.java
index 43bdc7d..8977def 100755
--- a/model/api/src/main/java/org/keycloak/models/Constants.java
+++ b/model/api/src/main/java/org/keycloak/models/Constants.java
@@ -22,4 +22,6 @@ public interface Constants {
// 30 days
int DEFAULT_OFFLINE_SESSION_IDLE_TIMEOUT = 2592000;
+
+ public static final String VERIFY_EMAIL_KEY = "VERIFY_EMAIL_KEY";
}
diff --git a/model/api/src/main/java/org/keycloak/models/OTPPolicy.java b/model/api/src/main/java/org/keycloak/models/OTPPolicy.java
index 4ea52ac..1c6665a 100755
--- a/model/api/src/main/java/org/keycloak/models/OTPPolicy.java
+++ b/model/api/src/main/java/org/keycloak/models/OTPPolicy.java
@@ -1,8 +1,11 @@
package org.keycloak.models;
+import org.jboss.logging.Logger;
import org.keycloak.models.utils.Base32;
import org.keycloak.models.utils.HmacOTP;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Map;
@@ -12,6 +15,7 @@ import java.util.Map;
*/
public class OTPPolicy {
+ protected static final Logger logger = Logger.getLogger(OTPPolicy.class);
protected String type;
protected String algorithm;
@@ -90,10 +94,17 @@ public class OTPPolicy {
this.period = period;
}
- public String getKeyURI(RealmModel realm, String secret) {
+ public String getKeyURI(RealmModel realm, UserModel user, String secret) {
- String uri = "otpauth://" + type + "/" + realm.getName() + "?secret=" + Base32.encode(secret.getBytes()) + "&digits=" + digits + "&algorithm=" + algToKeyUriAlg.get(algorithm);
- if (type.equals(UserCredentialModel.HOTP)) {
+ String uri = null;
+ uri = "otpauth://" + type + "/" + realm.getName() + ":" + user.getUsername() + "?secret=" +
+ Base32.encode(secret.getBytes()) + "&digits=" + digits + "&algorithm=" + algToKeyUriAlg.get(algorithm);
+ try {
+ uri += "&issuer=" + URLEncoder.encode(realm.getName(), "UTF-8");
+ } catch (UnsupportedEncodingException e) {
+ logger.debug("Failed to add issuer parameter to OTP URI becasue UTF-8 is not supported.");
+ }
+ if (type.equals(UserCredentialModel.HOTP)) {
uri += "&counter=" + initialCounter;
}
if (type.equals(UserCredentialModel.TOTP)) {
diff --git a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
index b0ffba4..d75ed95 100755
--- a/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
+++ b/model/api/src/main/java/org/keycloak/models/UserFederationManager.java
@@ -344,6 +344,12 @@ public class UserFederationManager implements UserProvider {
}
@Override
+ public void grantToAllUsers(RealmModel realm, RoleModel role) {
+ // not federation-aware for now
+ session.userStorage().grantToAllUsers(realm, role);
+ }
+
+ @Override
public void preRemove(RealmModel realm) {
for (UserFederationProviderModel federation : realm.getUserFederationProviders()) {
UserFederationProvider fed = getFederationProvider(federation);
diff --git a/model/api/src/main/java/org/keycloak/models/UserProvider.java b/model/api/src/main/java/org/keycloak/models/UserProvider.java
index 2ad5c55..962bc77 100755
--- a/model/api/src/main/java/org/keycloak/models/UserProvider.java
+++ b/model/api/src/main/java/org/keycloak/models/UserProvider.java
@@ -47,6 +47,8 @@ public interface UserProvider extends Provider {
Set<FederatedIdentityModel> getFederatedIdentities(UserModel user, RealmModel realm);
FederatedIdentityModel getFederatedIdentity(UserModel user, String socialProvider, RealmModel realm);
+ void grantToAllUsers(RealmModel realm, RoleModel role);
+
void preRemove(RealmModel realm);
void preRemove(RealmModel realm, UserFederationProviderModel link);
diff --git a/model/api/src/main/java/org/keycloak/models/utils/PostMigrationEvent.java b/model/api/src/main/java/org/keycloak/models/utils/PostMigrationEvent.java
new file mode 100644
index 0000000..513836f
--- /dev/null
+++ b/model/api/src/main/java/org/keycloak/models/utils/PostMigrationEvent.java
@@ -0,0 +1,11 @@
+package org.keycloak.models.utils;
+
+import org.keycloak.provider.ProviderEvent;
+
+/**
+ * Executed at startup after model migration is finished
+ *
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class PostMigrationEvent implements ProviderEvent {
+}
diff --git a/model/file/src/main/java/org/keycloak/models/file/FileUserProvider.java b/model/file/src/main/java/org/keycloak/models/file/FileUserProvider.java
index 6540c37..e4b29d3 100755
--- a/model/file/src/main/java/org/keycloak/models/file/FileUserProvider.java
+++ b/model/file/src/main/java/org/keycloak/models/file/FileUserProvider.java
@@ -439,6 +439,13 @@ public class FileUserProvider implements UserProvider {
}
@Override
+ public void grantToAllUsers(RealmModel realm, RoleModel role) {
+ for (UserModel user : inMemoryModel.getUsers(realm.getId())) {
+ user.grantRole(role);
+ }
+ }
+
+ @Override
public void preRemove(RealmModel realm) {
// Nothing to do here? Federation links are attached to users, which are removed by InMemoryModel
}
diff --git a/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheUserProvider.java b/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheUserProvider.java
index 3ea488d..44260a1 100755
--- a/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheUserProvider.java
+++ b/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheUserProvider.java
@@ -314,6 +314,12 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
}
@Override
+ public void grantToAllUsers(RealmModel realm, RoleModel role) {
+ realmInvalidations.add(realm.getId()); // easier to just invalidate whole realm
+ getDelegate().grantToAllUsers(realm, role);
+ }
+
+ @Override
public void preRemove(RealmModel realm) {
realmInvalidations.add(realm.getId());
getDelegate().preRemove(realm);
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserRoleMappingEntity.java b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserRoleMappingEntity.java
index 1ce81e8..45dfc3d 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserRoleMappingEntity.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/entities/UserRoleMappingEntity.java
@@ -23,7 +23,8 @@ import java.io.Serializable;
@NamedQuery(name="deleteUserRoleMappingsByRealm", query="delete from UserRoleMappingEntity mapping where mapping.user IN (select u from UserEntity u where u.realmId=:realmId)"),
@NamedQuery(name="deleteUserRoleMappingsByRealmAndLink", query="delete from UserRoleMappingEntity mapping where mapping.user IN (select u from UserEntity u where u.realmId=:realmId and u.federationLink=:link)"),
@NamedQuery(name="deleteUserRoleMappingsByRole", query="delete from UserRoleMappingEntity m where m.roleId = :roleId"),
- @NamedQuery(name="deleteUserRoleMappingsByUser", query="delete from UserRoleMappingEntity m where m.user = :user")
+ @NamedQuery(name="deleteUserRoleMappingsByUser", query="delete from UserRoleMappingEntity m where m.user = :user"),
+ @NamedQuery(name="grantRoleToAllUsers", query="insert into UserRoleMappingEntity (roleId, user) select role.id, user from RoleEntity role, UserEntity user where role.id = :roleId AND role.realm.id = :realmId AND user.realmId = :realmId")
})
@Table(name="USER_ROLE_MAPPING")
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java
index b643bb6..5f8ce7f 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProvider.java
@@ -148,7 +148,13 @@ public class JpaUserProvider implements UserProvider {
}
}
-
+ @Override
+ public void grantToAllUsers(RealmModel realm, RoleModel role) {
+ int num = em.createNamedQuery("grantRoleToAllUsers")
+ .setParameter("realmId", realm.getId())
+ .setParameter("roleId", role.getId())
+ .executeUpdate();
+ }
@Override
public void preRemove(RealmModel realm) {
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/session/JpaUserSessionPersisterProvider.java b/model/jpa/src/main/java/org/keycloak/models/jpa/session/JpaUserSessionPersisterProvider.java
index 6fc2960..5fa648e 100644
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/session/JpaUserSessionPersisterProvider.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/session/JpaUserSessionPersisterProvider.java
@@ -188,32 +188,32 @@ public class JpaUserSessionPersisterProvider implements UserSessionPersisterProv
userSessionIds.add(entity.getUserSessionId());
}
- TypedQuery<PersistentClientSessionEntity> query2 = em.createNamedQuery("findClientSessionsByUserSessions", PersistentClientSessionEntity.class);
- query2.setParameter("userSessionIds", userSessionIds);
- query2.setParameter("offline", offlineStr);
- List<PersistentClientSessionEntity> clientSessions = query2.getResultList();
-
- // Assume both userSessions and clientSessions ordered by userSessionId
- int j=0;
- for (UserSessionModel ss : result) {
- PersistentUserSessionAdapter userSession = (PersistentUserSessionAdapter) ss;
- List<ClientSessionModel> currentClientSessions = userSession.getClientSessions(); // This is empty now and we want to fill it
-
- boolean next = true;
- while (next && j<clientSessions.size()) {
- PersistentClientSessionEntity clientSession = clientSessions.get(j);
- if (clientSession.getUserSessionId().equals(userSession.getId())) {
- PersistentClientSessionAdapter clientSessAdapter = toAdapter(userSession.getRealm(), userSession, clientSession);
- currentClientSessions.add(clientSessAdapter);
- j++;
- } else {
- next = false;
+ if (!userSessionIds.isEmpty()) {
+ TypedQuery<PersistentClientSessionEntity> query2 = em.createNamedQuery("findClientSessionsByUserSessions", PersistentClientSessionEntity.class);
+ query2.setParameter("userSessionIds", userSessionIds);
+ query2.setParameter("offline", offlineStr);
+ List<PersistentClientSessionEntity> clientSessions = query2.getResultList();
+
+ // Assume both userSessions and clientSessions ordered by userSessionId
+ int j = 0;
+ for (UserSessionModel ss : result) {
+ PersistentUserSessionAdapter userSession = (PersistentUserSessionAdapter) ss;
+ List<ClientSessionModel> currentClientSessions = userSession.getClientSessions(); // This is empty now and we want to fill it
+
+ boolean next = true;
+ while (next && j < clientSessions.size()) {
+ PersistentClientSessionEntity clientSession = clientSessions.get(j);
+ if (clientSession.getUserSessionId().equals(userSession.getId())) {
+ PersistentClientSessionAdapter clientSessAdapter = toAdapter(userSession.getRealm(), userSession, clientSession);
+ currentClientSessions.add(clientSessAdapter);
+ j++;
+ } else {
+ next = false;
+ }
}
}
}
-
-
return result;
}
diff --git a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/MongoUserProvider.java b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/MongoUserProvider.java
index bb4ab4c..9b4f1f8 100755
--- a/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/MongoUserProvider.java
+++ b/model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/MongoUserProvider.java
@@ -386,6 +386,19 @@ public class MongoUserProvider implements UserProvider {
}
@Override
+ public void grantToAllUsers(RealmModel realm, RoleModel role) {
+ DBObject query = new QueryBuilder()
+ .and("realmId").is(realm.getId())
+ .get();
+
+ DBObject update = new QueryBuilder()
+ .and("$push").is(new BasicDBObject("roleIds", role.getId()))
+ .get();
+
+ int count = getMongoStore().updateEntities(MongoUserEntity.class, query, update, invocationContext);
+ }
+
+ @Override
public void preRemove(RealmModel realm) {
DBObject query = new QueryBuilder()
.and("realmId").is(realm.getId())
diff --git a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/compat/SimpleUserSessionInitializer.java b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/compat/SimpleUserSessionInitializer.java
index cb5a7e7..1ec5dc9 100644
--- a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/compat/SimpleUserSessionInitializer.java
+++ b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/compat/SimpleUserSessionInitializer.java
@@ -39,7 +39,7 @@ public class SimpleUserSessionInitializer {
public void run(KeycloakSession session) {
int count = sessionLoader.getSessionsCount(session);
- for (int i=0 ; i<=count ; i+=sessionsPerSegment) {
+ for (int i=0 ; i<count ; i+=sessionsPerSegment) {
sessionLoader.loadSessions(session, i, sessionsPerSegment);
}
}
diff --git a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java
index 1d7c279..382d01f 100755
--- a/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java
+++ b/model/sessions-infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java
@@ -5,9 +5,11 @@ import org.infinispan.Version;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.connections.infinispan.InfinispanConnectionProvider;
+import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.KeycloakSessionTask;
+import org.keycloak.models.RealmModel;
import org.keycloak.models.UserSessionProvider;
import org.keycloak.models.UserSessionProviderFactory;
import org.keycloak.models.session.UserSessionPersisterProvider;
@@ -19,6 +21,9 @@ import org.keycloak.models.sessions.infinispan.entities.SessionEntity;
import org.keycloak.models.sessions.infinispan.initializer.InfinispanUserSessionInitializer;
import org.keycloak.models.sessions.infinispan.initializer.OfflineUserSessionLoader;
import org.keycloak.models.utils.KeycloakModelUtils;
+import org.keycloak.models.utils.PostMigrationEvent;
+import org.keycloak.provider.ProviderEvent;
+import org.keycloak.provider.ProviderEventListener;
/**
* Uses Infinispan to store user sessions. On EAP 6.4 (Infinispan 5.2) map reduce is not supported for local caches as a work around
@@ -68,13 +73,20 @@ public class InfinispanUserSessionProviderFactory implements UserSessionProvider
});
// Max count of worker errors. Initialization will end with exception when this number is reached
- int maxErrors = config.getInt("maxErrors", 20);
+ final int maxErrors = config.getInt("maxErrors", 20);
// Count of sessions to be computed in each segment
- int sessionsPerSegment = config.getInt("sessionsPerSegment", 100);
+ final int sessionsPerSegment = config.getInt("sessionsPerSegment", 100);
- // TODO: Possibility to run this asynchronously to not block start time
- loadPersistentSessions(factory, maxErrors, sessionsPerSegment);
+ factory.register(new ProviderEventListener() {
+
+ @Override
+ public void onEvent(ProviderEvent event) {
+ if (event instanceof PostMigrationEvent) {
+ loadPersistentSessions(factory, maxErrors, sessionsPerSegment);
+ }
+ }
+ });
}
diff --git a/services/src/main/java/org/keycloak/authentication/requiredactions/VerifyEmail.java b/services/src/main/java/org/keycloak/authentication/requiredactions/VerifyEmail.java
index 01ddcff..7fc77a8 100755
--- a/services/src/main/java/org/keycloak/authentication/requiredactions/VerifyEmail.java
+++ b/services/src/main/java/org/keycloak/authentication/requiredactions/VerifyEmail.java
@@ -8,9 +8,12 @@ import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.events.Details;
import org.keycloak.events.EventType;
import org.keycloak.login.LoginFormsProvider;
+import org.keycloak.models.ClientSessionModel;
+import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.UserModel;
+import org.keycloak.models.utils.HmacOTP;
import org.keycloak.services.resources.LoginActionsService;
import org.keycloak.services.validation.Validation;
@@ -44,8 +47,11 @@ public class VerifyEmail implements RequiredActionProvider, RequiredActionFactor
context.getEvent().clone().event(EventType.SEND_VERIFY_EMAIL).detail(Details.EMAIL, context.getUser().getEmail()).success();
LoginActionsService.createActionCookie(context.getRealm(), context.getUriInfo(), context.getConnection(), context.getUserSession().getId());
+ setupKey(context.getClientSession());
+
LoginFormsProvider loginFormsProvider = context.getSession().getProvider(LoginFormsProvider.class)
.setClientSessionCode(context.generateCode())
+ .setClientSession(context.getClientSession())
.setUser(context.getUser());
Response challenge = loginFormsProvider.createResponse(UserModel.RequiredAction.VERIFY_EMAIL);
context.challenge(challenge);
@@ -87,4 +93,9 @@ public class VerifyEmail implements RequiredActionProvider, RequiredActionFactor
public String getId() {
return UserModel.RequiredAction.VERIFY_EMAIL.name();
}
+
+ public static void setupKey(ClientSessionModel clientSession) {
+ String secret = HmacOTP.generateSecret(10);
+ clientSession.setNote(Constants.VERIFY_EMAIL_KEY, secret);
+ }
}
diff --git a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
index 83b8d6e..a07999d 100755
--- a/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
+++ b/services/src/main/java/org/keycloak/services/resources/KeycloakApplication.java
@@ -11,6 +11,7 @@ import org.keycloak.migration.MigrationModelManager;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
+import org.keycloak.models.utils.PostMigrationEvent;
import org.keycloak.offlineconfig.AdminRecovery;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.DefaultKeycloakSessionFactory;
@@ -83,6 +84,8 @@ public class KeycloakApplication extends Application {
setupDefaultRealm(context.getContextPath());
migrateModel();
+ sessionFactory.publish(new PostMigrationEvent());
+
new ExportImportManager().checkExportImport(this.sessionFactory, context.getContextPath());
importRealms(context);
diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
index 46bc553..20de78b 100755
--- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java
@@ -23,6 +23,8 @@ package org.keycloak.services.resources;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
+import org.keycloak.authentication.AuthenticationFlowError;
+import org.keycloak.authentication.requiredactions.VerifyEmail;
import org.keycloak.common.ClientConnection;
import org.keycloak.OAuth2Constants;
import org.keycloak.authentication.AuthenticationProcessor;
@@ -49,6 +51,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.models.UserModel.RequiredAction;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.FormMessage;
+import org.keycloak.models.utils.HmacOTP;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.RestartLoginCookie;
@@ -533,7 +536,7 @@ public class LoginActionsService {
event.event(EventType.VERIFY_EMAIL);
if (key != null) {
Checks checks = new Checks();
- if (!checks.verifyCode(key, ClientSessionModel.Action.REQUIRED_ACTIONS.name())) {
+ if (!checks.verifyCode(code, ClientSessionModel.Action.REQUIRED_ACTIONS.name())) {
return checks.response;
}
ClientSessionCode accessCode = checks.clientCode;
@@ -547,11 +550,21 @@ public class LoginActionsService {
UserSessionModel userSession = clientSession.getUserSession();
UserModel user = userSession.getUser();
initEvent(clientSession);
+ event.event(EventType.VERIFY_EMAIL).detail(Details.EMAIL, user.getEmail());
+
+ String keyFromSession = clientSession.getNote(Constants.VERIFY_EMAIL_KEY);
+ clientSession.removeNote(Constants.VERIFY_EMAIL_KEY);
+ if (!key.equals(keyFromSession)) {
+ logger.error("Invalid key for email verification");
+ event.error(Errors.INVALID_USER_CREDENTIALS);
+ throw new WebApplicationException(ErrorPage.error(session, Messages.INVALID_CODE));
+ }
+
user.setEmailVerified(true);
user.removeRequiredAction(RequiredAction.VERIFY_EMAIL);
- event.event(EventType.VERIFY_EMAIL).detail(Details.EMAIL, user.getEmail()).success();
+ event.success();
String actionCookieValue = getActionCookie();
if (actionCookieValue == null || !actionCookieValue.equals(userSession.getId())) {
@@ -576,8 +589,11 @@ public class LoginActionsService {
createActionCookie(realm, uriInfo, clientConnection, userSession.getId());
+ VerifyEmail.setupKey(clientSession);
+
return session.getProvider(LoginFormsProvider.class)
.setClientSessionCode(accessCode.getCode())
+ .setClientSession(clientSession)
.setUser(userSession.getUser())
.createResponse(RequiredAction.VERIFY_EMAIL);
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
index a9c0c58..c7f075f 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
@@ -26,7 +26,9 @@ import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
+import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.events.Details;
+import org.keycloak.events.Errors;
import org.keycloak.events.Event;
import org.keycloak.events.EventType;
import org.keycloak.models.RealmModel;
@@ -130,7 +132,7 @@ public class RequiredActionEmailVerificationTest {
String mailCodeId = sendEvent.getDetails().get(Details.CODE_ID);
- Assert.assertEquals(mailCodeId, verificationUrl.split("key=")[1].split("\\.")[1]);
+ Assert.assertEquals(mailCodeId, verificationUrl.split("code=")[1].split("\\&")[0].split("\\.")[1]);
driver.navigate().to(verificationUrl.trim());
@@ -223,7 +225,7 @@ public class RequiredActionEmailVerificationTest {
String mailCodeId = sendEvent.getDetails().get(Details.CODE_ID);
- Assert.assertEquals(mailCodeId, verificationUrl.split("key=")[1].split("\\.")[1]);
+ Assert.assertEquals(mailCodeId, verificationUrl.split("code=")[1].split("\\&")[0].split("\\.")[1]);
driver.manage().deleteAllCookies();
@@ -238,6 +240,42 @@ public class RequiredActionEmailVerificationTest {
assertTrue(loginPage.isCurrent());
}
+
+
+ @Test
+ public void verifyInvalidKeyOrCode() throws IOException, MessagingException {
+ loginPage.open();
+ loginPage.login("test-user@localhost", "password");
+
+ Assert.assertTrue(verifyEmailPage.isCurrent());
+ String resendEmailLink = verifyEmailPage.getResendEmailLink();
+ String keyInsteadCodeURL = resendEmailLink.replace("code=", "key=");
+
+ AssertEvents.ExpectedEvent emailEvent = events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL).detail("email", "test-user@localhost");
+ Event sendEvent = emailEvent.assertEvent();
+ String sessionId = sendEvent.getSessionId();
+ String mailCodeId = sendEvent.getDetails().get(Details.CODE_ID);
+
+ driver.navigate().to(keyInsteadCodeURL);
+
+ events.expectRequiredAction(EventType.VERIFY_EMAIL_ERROR)
+ .error(Errors.INVALID_CODE)
+ .client((String)null)
+ .user((String)null)
+ .session((String)null)
+ .clearDetails()
+ .assertEvent();
+
+ String badKeyURL = KeycloakUriBuilder.fromUri(resendEmailLink).queryParam("key", "foo").build().toString();
+ driver.navigate().to(badKeyURL);
+
+ events.expectRequiredAction(EventType.VERIFY_EMAIL_ERROR)
+ .error(Errors.INVALID_USER_CREDENTIALS)
+ .session(sessionId)
+ .detail("email", "test-user@localhost")
+ .detail(Details.CODE_ID, mailCodeId)
+ .assertEvent();
+ }
private String getPasswordResetEmailLink(MimeMessage message) throws IOException, MessagingException {
Multipart multipart = (Multipart) message.getContent();
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserModelTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserModelTest.java
index 258dd3c..6601855 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserModelTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserModelTest.java
@@ -5,6 +5,7 @@ import org.junit.Test;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
+import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserModel.RequiredAction;
import org.keycloak.services.managers.ClientManager;
@@ -283,6 +284,36 @@ public class UserModelTest extends AbstractModelTest {
Assert.assertNull(session.users().getUserByUsername("user1", realm));
}
+ @Test
+ public void testGrantToAll() {
+ RealmModel realm1 = realmManager.createRealm("realm1");
+ RoleModel role1 = realm1.addRole("role1");
+ UserModel user1 = realmManager.getSession().users().addUser(realm1, "user1");
+ UserModel user2 = realmManager.getSession().users().addUser(realm1, "user2");
+
+ RealmModel realm2 = realmManager.createRealm("realm2");
+ UserModel realm2User1 = realmManager.getSession().users().addUser(realm2, "user1");
+
+ commit();
+
+ realm1 = realmManager.getRealmByName("realm1");
+ role1 = realm1.getRole("role1");
+ realmManager.getSession().users().grantToAllUsers(realm1, role1);
+
+ commit();
+
+ realm1 = realmManager.getRealmByName("realm1");
+ role1 = realm1.getRole("role1");
+ user1 = realmManager.getSession().users().getUserByUsername("user1", realm1);
+ user2 = realmManager.getSession().users().getUserByUsername("user2", realm1);
+ Assert.assertTrue(user1.hasRole(role1));
+ Assert.assertTrue(user2.hasRole(role1));
+
+ realm2 = realmManager.getRealmByName("realm2");
+ realm2User1 = realmManager.getSession().users().getUserByUsername("user1", realm2);
+ Assert.assertFalse(realm2User1.hasRole(role1));
+ }
+
public static void assertEquals(UserModel expected, UserModel actual) {
Assert.assertEquals(expected.getUsername(), actual.getUsername());
Assert.assertEquals(expected.getCreatedTimestamp(), actual.getCreatedTimestamp());
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionPersisterProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionPersisterProviderTest.java
index 8a6fc9d..cbc8284 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionPersisterProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/UserSessionPersisterProviderTest.java
@@ -290,6 +290,14 @@ public class UserSessionPersisterProviderTest {
realmMgr.removeRealm(realmMgr.getRealm("foo"));
}
+ // KEYCLOAK-1999
+ @Test
+ public void testNoSessions() {
+ UserSessionPersisterProvider persister = session.getProvider(UserSessionPersisterProvider.class);
+ List<UserSessionModel> sessions = persister.loadUserSessions(0, 1, true);
+ Assert.assertEquals(0, sessions.size());
+ }
+
private ClientSessionModel createClientSession(ClientModel client, UserSessionModel userSession, String redirect, String state, Set<String> roles, Set<String> protocolMappers) {
ClientSessionModel clientSession = session.sessions().createClientSession(realm, client);
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/VerifyEmailPage.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/VerifyEmailPage.java
index cfcfbb4..9968ce1 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/VerifyEmailPage.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/pages/VerifyEmailPage.java
@@ -50,4 +50,8 @@ public class VerifyEmailPage extends AbstractPage {
resendEmailLink.click();
}
+ public String getResendEmailLink() {
+ return resendEmailLink.getAttribute("href");
+ }
+
}
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc12/pom.xml b/testsuite/integration-arquillian/servers/migration/wildfly_kc12/pom.xml
new file mode 100644
index 0000000..132b1af
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc12/pom.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <parent>
+ <groupId>org.keycloak.testsuite</groupId>
+ <artifactId>integration-arquillian-migration-servers</artifactId>
+ <version>1.7.0.Final-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>integration-arquillian-server-wildfly-kc12</artifactId>
+ <packaging>pom</packaging>
+ <name>Keycloak 1.2.0.Final on Wildfly</name>
+
+ <properties>
+ <server.version>1.2.0.Final</server.version>
+ <keycloak.server.home>${project.build.directory}/unpacked/keycloak-${server.version}</keycloak.server.home>
+ <jdbc.mvn.driver.deployment.dir>${keycloak.server.home}/modules/system/layers/base/com/${jdbc.mvn.artifactId}/main</jdbc.mvn.driver.deployment.dir>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <configuration>
+ <skip>false</skip>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>xml-maven-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc13/pom.xml b/testsuite/integration-arquillian/servers/migration/wildfly_kc13/pom.xml
new file mode 100644
index 0000000..5d7bb1c
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc13/pom.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <parent>
+ <groupId>org.keycloak.testsuite</groupId>
+ <artifactId>integration-arquillian-migration-servers</artifactId>
+ <version>1.7.0.Final-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>integration-arquillian-server-wildfly-kc13</artifactId>
+ <packaging>pom</packaging>
+ <name>Keycloak 1.3.1.Final on Wildfly</name>
+
+ <properties>
+ <server.version>1.3.1.Final</server.version>
+ <keycloak.server.home>${project.build.directory}/unpacked/keycloak-${server.version}</keycloak.server.home>
+ <jdbc.mvn.driver.deployment.dir>${keycloak.server.home}/modules/system/layers/base/com/${jdbc.mvn.artifactId}/main</jdbc.mvn.driver.deployment.dir>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <configuration>
+ <skip>false</skip>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>xml-maven-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc14/pom.xml b/testsuite/integration-arquillian/servers/migration/wildfly_kc14/pom.xml
new file mode 100644
index 0000000..85dcff3
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc14/pom.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <parent>
+ <groupId>org.keycloak.testsuite</groupId>
+ <artifactId>integration-arquillian-migration-servers</artifactId>
+ <version>1.7.0.Final-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>integration-arquillian-server-wildfly-kc14</artifactId>
+ <packaging>pom</packaging>
+ <name>Keycloak 1.4.0.Final on Wildfly</name>
+
+ <properties>
+ <server.version>1.4.0.Final</server.version>
+ <keycloak.server.home>${project.build.directory}/unpacked/keycloak-${server.version}</keycloak.server.home>
+ <jdbc.mvn.driver.deployment.dir>${keycloak.server.home}/modules/system/layers/base/com/${jdbc.mvn.artifactId}/main</jdbc.mvn.driver.deployment.dir>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <configuration>
+ <skip>false</skip>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>xml-maven-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc15/pom.xml b/testsuite/integration-arquillian/servers/migration/wildfly_kc15/pom.xml
new file mode 100644
index 0000000..802f50a
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc15/pom.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <parent>
+ <groupId>org.keycloak.testsuite</groupId>
+ <artifactId>integration-arquillian-migration-servers</artifactId>
+ <version>1.7.0.Final-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>integration-arquillian-server-wildfly-kc15</artifactId>
+ <packaging>pom</packaging>
+ <name>Keycloak 1.5.1.Final on Wildfly</name>
+
+ <properties>
+ <server.version>1.5.1.Final</server.version>
+ <keycloak.server.home>${project.build.directory}/unpacked/keycloak-${server.version}</keycloak.server.home>
+ <jdbc.mvn.driver.deployment.dir>${keycloak.server.home}/modules/system/layers/base/com/${jdbc.mvn.artifactId}/main</jdbc.mvn.driver.deployment.dir>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <configuration>
+ <skip>false</skip>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>xml-maven-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc16/assembly.xml b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/assembly.xml
new file mode 100644
index 0000000..0a990ec
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/assembly.xml
@@ -0,0 +1,29 @@
+<assembly>
+
+ <id>auth-server-wildfly-kc16</id>
+
+ <formats>
+ <format>zip</format>
+ </formats>
+
+ <includeBaseDirectory>false</includeBaseDirectory>
+
+ <fileSets>
+ <fileSet>
+ <directory>${keycloak.server.home}</directory>
+ <outputDirectory>keycloak-1.6.1.Final</outputDirectory>
+ <excludes>
+ <exclude>**/*.sh</exclude>
+ </excludes>
+ </fileSet>
+ <fileSet>
+ <directory>${keycloak.server.home}</directory>
+ <outputDirectory>keycloak-1.6.1.Final</outputDirectory>
+ <includes>
+ <include>**/*.sh</include>
+ </includes>
+ <fileMode>0755</fileMode>
+ </fileSet>
+ </fileSets>
+
+</assembly>
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc16/pom.xml b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/pom.xml
new file mode 100644
index 0000000..5e27a3a
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/pom.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <parent>
+ <groupId>org.keycloak.testsuite</groupId>
+ <artifactId>integration-arquillian-migration-servers</artifactId>
+ <version>1.7.0.Final-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>integration-arquillian-server-wildfly-kc16</artifactId>
+ <packaging>pom</packaging>
+ <name>Keycloak 1.6.1.Final on Wildfly</name>
+
+ <properties>
+ <server.version>1.6.1.Final</server.version>
+ <keycloak.server.home>${project.build.directory}/unpacked/keycloak-${server.version}</keycloak.server.home>
+ <jdbc.mvn.driver.deployment.dir>${keycloak.server.home}/modules/system/layers/base/com/${jdbc.mvn.artifactId}/main</jdbc.mvn.driver.deployment.dir>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <configuration>
+ <skip>false</skip>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>xml-maven-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/add-dialect-logger.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/add-dialect-logger.xsl
new file mode 100644
index 0000000..b5dc8c4
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/add-dialect-logger.xsl
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:xalan="http://xml.apache.org/xalan"
+ version="2.0"
+ exclude-result-prefixes="xalan">
+
+ <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
+
+ <xsl:variable name="nsDS" select="'urn:jboss:domain:logging:'"/>
+
+ <xsl:template match="//*[local-name()='subsystem' and starts-with(namespace-uri(), $nsDS)]
+ /*[local-name()='root-logger' and starts-with(namespace-uri(), $nsDS)]">
+ <logger category="org.hibernate.dialect.Dialect">
+ <level name="ALL"/>
+ </logger>
+ <xsl:copy>
+ <xsl:apply-templates select="@* | node()" />
+ </xsl:copy>
+ </xsl:template>
+
+ <!-- Copy everything else. -->
+ <xsl:template match="@* | node()">
+ <xsl:copy>
+ <xsl:apply-templates select="@* | node()"/>
+ </xsl:copy>
+ </xsl:template>
+
+</xsl:stylesheet>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/datasource.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/datasource.xsl
new file mode 100644
index 0000000..c06899f
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/datasource.xsl
@@ -0,0 +1,94 @@
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:xalan="http://xml.apache.org/xalan"
+ xmlns:j="urn:jboss:domain:3.0"
+ xmlns:ds="urn:jboss:domain:datasources:3.0"
+ xmlns:k="urn:jboss:domain:keycloak:1.1"
+ xmlns:sec="urn:jboss:domain:security:1.2"
+ version="2.0"
+ exclude-result-prefixes="xalan j ds k sec">
+
+ <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
+ <xsl:strip-space elements="*"/>
+
+
+ <xsl:variable name="nsDS" select="'urn:jboss:domain:datasources:'"/>
+
+ <!-- Remove keycloak datasource definition. -->
+ <xsl:template match="//*[local-name()='subsystem' and starts-with(namespace-uri(), $nsDS)]
+ /*[local-name()='datasources' and starts-with(namespace-uri(), $nsDS)]
+ /*[local-name()='datasource' and starts-with(namespace-uri(), $nsDS) and @pool-name='KeycloakDS']">
+ </xsl:template>
+
+ <xsl:param name="jdbc.url" select="'jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE'"/>
+ <xsl:param name="driver" select="'h2'"/>
+
+ <xsl:param name="username" select="'sa'"/>
+ <xsl:param name="password" select="'sa'"/>
+
+ <xsl:param name="min.poolsize" select="'10'"/>
+ <xsl:param name="max.poolsize" select="'50'"/>
+ <xsl:param name="pool.prefill" select="'true'"/>
+
+ <xsl:variable name="newDatasourceDefinition">
+ <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
+ <connection-url>
+ <xsl:value-of select="$jdbc.url"/>
+ </connection-url>
+ <driver>
+ <xsl:value-of select="$driver"/>
+ </driver>
+ <security>
+ <user-name>
+ <xsl:value-of select="$username"/>
+ </user-name>
+ <password>
+ <xsl:value-of select="$password"/>
+ </password>
+ </security>
+ <pool>
+ <min-pool-size>
+ <xsl:value-of select="$min.poolsize"/>
+ </min-pool-size>
+ <max-pool-size>
+ <xsl:value-of select="$max.poolsize"/>
+ </max-pool-size>
+ <prefill>
+ <xsl:value-of select="$pool.prefill"/>
+ </prefill>
+ </pool>
+ </datasource>
+ </xsl:variable>
+
+ <xsl:variable name="newDriverDefinition">
+ <xsl:if test="$driver != 'h2'">
+ <driver name="{$driver}" module="com.{$driver}" />
+ </xsl:if>
+ </xsl:variable>
+
+ <!-- Add new datasource definition. -->
+ <xsl:template match="//*[local-name()='subsystem' and starts-with(namespace-uri(), $nsDS)]
+ /*[local-name()='datasources' and starts-with(namespace-uri(), $nsDS)]">
+ <xsl:copy>
+ <xsl:copy-of select="$newDatasourceDefinition"/>
+ <xsl:apply-templates select="@* | node()" />
+ </xsl:copy>
+ </xsl:template>
+
+ <!-- Add new driver definition. -->
+ <xsl:template match="//*[local-name()='subsystem' and starts-with(namespace-uri(), $nsDS)]
+ /*[local-name()='datasources' and starts-with(namespace-uri(), $nsDS)]
+ /*[local-name()='drivers' and starts-with(namespace-uri(), $nsDS)]">
+ <xsl:copy>
+ <xsl:copy-of select="$newDriverDefinition"/>
+ <xsl:apply-templates select="@* | node()" />
+ </xsl:copy>
+ </xsl:template>
+
+ <!-- Copy everything else. -->
+ <xsl:template match="@*|node()">
+ <xsl:copy>
+ <xsl:apply-templates select="@*|node()" />
+ </xsl:copy>
+ </xsl:template>
+
+</xsl:stylesheet>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/module.xsl b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/module.xsl
new file mode 100644
index 0000000..88ac56b
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/migration/wildfly_kc16/src/main/xslt/module.xsl
@@ -0,0 +1,33 @@
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:xalan="http://xml.apache.org/xalan"
+ xmlns:m="urn:jboss:module:1.3"
+ version="2.0"
+ exclude-result-prefixes="xalan m">
+
+ <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" />
+
+
+ <xsl:param name="database" select="''"/>
+ <xsl:param name="version" select="''"/>
+
+ <xsl:variable name="newModuleDefinition">
+ <module xmlns="urn:jboss:module:1.3" name="com.{$database}">
+ <resources>
+ <resource-root path="{$database}-{$version}.jar"/>
+ </resources>
+ <dependencies>
+ <module name="javax.api"/>
+ <module name="javax.transaction.api"/>
+ </dependencies>
+ </module>
+ </xsl:variable>
+
+ <!-- clear whole document -->
+ <xsl:template match="/*" />
+
+ <!-- Copy new module definition. -->
+ <xsl:template match="/*">
+ <xsl:copy-of select="$newModuleDefinition"/>
+ </xsl:template>
+
+</xsl:stylesheet>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/servers/pom.xml b/testsuite/integration-arquillian/servers/pom.xml
index aadfe4e..7175811 100644
--- a/testsuite/integration-arquillian/servers/pom.xml
+++ b/testsuite/integration-arquillian/servers/pom.xml
@@ -12,6 +12,10 @@
<packaging>pom</packaging>
<name>Servers</name>
+ <modules>
+ <module>migration</module>
+ </modules>
+
<profiles>
<profile>
<id>auth-server-wildfly</id>
@@ -26,30 +30,6 @@
<module>eap6</module>
</modules>
</profile>
- <profile>
- <id>migration-kc15</id>
- <modules>
- <module>wildfly_kc15</module>
- </modules>
- </profile>
- <profile>
- <id>migration-kc14</id>
- <modules>
- <module>wildfly_kc14</module>
- </modules>
- </profile>
- <profile>
- <id>migration-kc13</id>
- <modules>
- <module>wildfly_kc13</module>
- </modules>
- </profile>
- <profile>
- <id>migration-kc12</id>
- <modules>
- <module>wildfly_kc12</module>
- </modules>
- </profile>
</profiles>
</project>
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/ContainersTestEnricher.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/ContainersTestEnricher.java
index 257fb55..6727108 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/ContainersTestEnricher.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/ContainersTestEnricher.java
@@ -1,7 +1,13 @@
package org.keycloak.testsuite.arquillian;
+import java.io.File;
+import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
+import java.util.LinkedList;
+import org.apache.commons.io.FileUtils;
+import org.jboss.arquillian.container.spi.Container;
+import org.jboss.arquillian.container.spi.ContainerRegistry;
import org.jboss.arquillian.container.spi.event.StartSuiteContainers;
import org.jboss.arquillian.container.spi.event.StopSuiteContainers;
import org.jboss.arquillian.container.test.api.ContainerController;
@@ -33,13 +39,16 @@ import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
public class ContainersTestEnricher {
protected final Logger log = Logger.getLogger(this.getClass());
-
+
@Inject
private Instance<ContainerController> containerController;
@Inject
+ private Instance<ContainerRegistry> containerRegistry;
+
+ @Inject
private Event<StopSuiteContainers> stopSuiteContainers;
-
+
private String appServerQualifier;
private static final String AUTH_SERVER_CONTAINER_PROPERTY = "auth.server.container";
@@ -62,24 +71,77 @@ public class ContainersTestEnricher {
private InstanceProducer<OAuthClient> oauthClient;
private ContainerController controller;
+ private LinkedList<Container> containers;
private final boolean migrationTests = System.getProperty("migration", "false").equals("true");
private boolean alreadyStopped = false;
+ private boolean init = false;
+
+ private void init() {
+ if (!init) {
+ containers = new LinkedList(containerRegistry.get().getContainers());
+ }
+ init = true;
+ }
+ /*
+ * non-javadoc
+ *
+ * Before starting suite containers. Initialization of containers is done
+ * (only once during class life cycle)
+ */
public void startSuiteContainers(@Observes(precedence = 1) StartSuiteContainers event) {
+ init();
if (migrationTests) {
- log.info("\n### Starting keycloak with previous version ###\n");
+ log.info("\n\n### Starting keycloak " + System.getProperty("version", "- previous") + " ###\n");
}
}
- public void stopMigrationContainer(@Observes AfterStart event) {
+ /*
+ * non-javadoc
+ *
+ * After start container. Server logs are checked (in case jboss based container).
+ * In case of migration scenario: previous container is stopped.
+ */
+ public void afterStart(@Observes AfterStart event) throws IOException {
+ if (System.getProperty("check.server.log", "true").equals("true")) {
+ checkServerLog();
+ }
+
if (migrationTests && !alreadyStopped) {
- log.info("\n### Stopping keycloak with previous version ###\n");
+ log.info("\n\n### Stopping keycloak " + System.getProperty("version", "- previous") + " ###\n");
stopSuiteContainers.fire(new StopSuiteContainers());
+ log.info("\n\n### Starting keycloak current version ###\n");
}
alreadyStopped = true;
}
-
+
+ /*
+ * non-javadoc
+ *
+ * check server logs (in case jboss based container) whether there are no ERRORs or SEVEREs
+ */
+ private void checkServerLog() throws IOException {
+ Container container = containers.removeFirst();
+ if (!container.getName().equals("auth-server-undertow")) {
+ String jbossHomePath = container.getContainerConfiguration().getContainerProperties().get("jbossHome");
+ log.debug("jbossHome: " + jbossHomePath + "\n");
+
+ String serverLogContent = FileUtils.readFileToString(new File(jbossHomePath + "/standalone/log/server.log"));
+
+ boolean containsError
+ = serverLogContent.contains("ERROR")
+ || serverLogContent.contains("SEVERE")
+ || serverLogContent.contains("Exception ");
+ //There is expected string "Exception" in server log: Adding provider
+ //singleton org.keycloak.services.resources.ModelExceptionMapper
+
+ if (containsError) {
+ throw new RuntimeException(container.getName() + ": Server log contains ERROR.");
+ }
+ }
+ }
+
public void beforeSuite(@Observes BeforeSuite event) {
suiteContext.set(new SuiteContext());
}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JBossJiraParser.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JBossJiraParser.java
index ea606b8..adf513d 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JBossJiraParser.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JBossJiraParser.java
@@ -22,17 +22,17 @@ public class JBossJiraParser {
private static final String JBOSS_TRACKER_REST_URL = "https://issues.jboss.org/rest/api/latest/issue/";
public static boolean isIssueClosed(String issueId) {
- Status issueStatus;
- try {
- issueStatus = getIssueStatus(issueId);
- } catch(Exception e) {
- issueStatus = Status.CLOSED; //let the test run in case there is no connection
- }
+ Status issueStatus;
+ try {
+ issueStatus = getIssueStatus(issueId);
+ } catch (Exception e) {
+ issueStatus = Status.CLOSED; //let the test run in case there is no connection
+ }
return issueStatus == Status.CLOSED || issueStatus == Status.RESOLVED;
}
private static Status getIssueStatus(String issueId) throws Exception {
- Client client = ClientBuilder.newClient();
+ Client client = ClientBuilder.newClient();
WebTarget target = client.target(JBOSS_TRACKER_REST_URL);
String json = target.path(issueId).request().accept(MediaType.APPLICATION_JSON_TYPE).get(String.class);
JsonObject jsonObject = new Gson().fromJson(json, JsonElement.class).getAsJsonObject();
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/Jira.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/Jira.java
index 961ae82..52b69b5 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/Jira.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/Jira.java
@@ -24,5 +24,5 @@ import java.lang.annotation.Target;
public @interface Jira {
String value();
- boolean enabled() default true;
+ boolean enabled() default true;
}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JiraTestExecutionDecider.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JiraTestExecutionDecider.java
index fa3c571..0ce98c5 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JiraTestExecutionDecider.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/jira/JiraTestExecutionDecider.java
@@ -19,43 +19,43 @@ import static org.keycloak.testsuite.arquillian.jira.JBossJiraParser.isIssueClos
*/
public class JiraTestExecutionDecider implements TestExecutionDecider {
- private static Map<String, Boolean> cache = new HashMap<String, Boolean>();
-
- @Override
- public ExecutionDecision decide(Method method) {
- Jira jiraAnnotation = method.getAnnotation(Jira.class);
- if (jiraAnnotation != null && jiraAnnotation.enabled()) {
- boolean executeTest = true;
- String[] issueIds = getIssuesId(jiraAnnotation.value());
- for (String issueId : issueIds) {
- if (cache.containsKey(issueId)) {
- executeTest = cache.get(issueId);
- } else {
- if (isIssueClosed(issueId)) {
- cache.put(issueId, true);
- } else {
- executeTest = false;
- cache.put(issueId, false);
- }
- }
- }
-
- if (executeTest) {
- return ExecutionDecision.execute();
- } else {
- return ExecutionDecision.dontExecute("Issue is still opened, therefore skipping the test " + method.getName());
- }
- }
- return ExecutionDecision.execute();
- }
-
- private String[] getIssuesId(String value) {
- return value.replaceAll("\\s+", "").split(",");
- }
-
- @Override
- public int precedence() {
- return 0;
- }
+ private static Map<String, Boolean> cache = new HashMap<>();
+
+ @Override
+ public ExecutionDecision decide(Method method) {
+ Jira jiraAnnotation = method.getAnnotation(Jira.class);
+ if (jiraAnnotation != null && jiraAnnotation.enabled()) {
+ boolean executeTest = true;
+ String[] issueIds = getIssuesId(jiraAnnotation.value());
+ for (String issueId : issueIds) {
+ if (cache.containsKey(issueId)) {
+ executeTest = cache.get(issueId);
+ } else {
+ if (isIssueClosed(issueId)) {
+ cache.put(issueId, true);
+ } else {
+ executeTest = false;
+ cache.put(issueId, false);
+ }
+ }
+ }
+
+ if (executeTest) {
+ return ExecutionDecision.execute();
+ } else {
+ return ExecutionDecision.dontExecute("Issue is still opened, therefore skipping the test " + method.getName());
+ }
+ }
+ return ExecutionDecision.execute();
+ }
+
+ private String[] getIssuesId(String value) {
+ return value.replaceAll("\\s+", "").split(",");
+ }
+
+ @Override
+ public int precedence() {
+ return 0;
+ }
}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KeycloakArquillianExtension.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KeycloakArquillianExtension.java
index 73583cf..a987a16 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KeycloakArquillianExtension.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KeycloakArquillianExtension.java
@@ -10,6 +10,7 @@ import org.jboss.arquillian.graphene.location.CustomizableURLResourceProvider;
import org.jboss.arquillian.test.spi.enricher.resource.ResourceProvider;
import org.jboss.arquillian.test.spi.execution.TestExecutionDecider;
import org.keycloak.testsuite.arquillian.jira.JiraTestExecutionDecider;
+import org.keycloak.testsuite.arquillian.migration.MigrationTestExecutionDecider;
import org.keycloak.testsuite.arquillian.undertow.CustomUndertowContainer;
/**
@@ -36,7 +37,8 @@ public class KeycloakArquillianExtension implements LoadableExtension {
.service(DeployableContainer.class, CustomUndertowContainer.class);
builder
- .service(TestExecutionDecider.class, JiraTestExecutionDecider.class);
+ .service(TestExecutionDecider.class, JiraTestExecutionDecider.class)
+ .service(TestExecutionDecider.class, MigrationTestExecutionDecider.class);
builder
.override(ResourceProvider.class, URLResourceProvider.class, URLProvider.class)
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/migration/Migration.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/migration/Migration.java
new file mode 100644
index 0000000..791e588
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/migration/Migration.java
@@ -0,0 +1,39 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.keycloak.testsuite.arquillian.migration;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+import java.lang.annotation.Target;
+
+/**
+ *
+ * @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a>
+ */
+@Documented
+@Retention(RUNTIME)
+@Target({ElementType.METHOD})
+public @interface Migration {
+ String versionFrom();
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/migration/MigrationTestExecutionDecider.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/migration/MigrationTestExecutionDecider.java
new file mode 100644
index 0000000..bfac24b
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/migration/MigrationTestExecutionDecider.java
@@ -0,0 +1,61 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.keycloak.testsuite.arquillian.migration;
+
+import java.lang.reflect.Method;
+import org.jboss.arquillian.test.spi.execution.ExecutionDecision;
+import org.jboss.arquillian.test.spi.execution.TestExecutionDecider;
+
+/**
+ * @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a>
+ */
+public class MigrationTestExecutionDecider implements TestExecutionDecider {
+
+ @Override
+ public ExecutionDecision decide(Method method) {
+
+ boolean migrationTest = "true".equals(System.getProperty("migration", "false"));
+ Migration migrationAnnotation = method.getAnnotation(Migration.class);
+
+ if (migrationTest && migrationAnnotation != null) {
+ String versionFrom = migrationAnnotation.versionFrom();
+ String version = System.getProperty("version");
+
+
+ if (version.equals(versionFrom)) {
+ return ExecutionDecision.execute();
+ } else {
+ return ExecutionDecision.dontExecute(method.getName() + "doesn't fit with migration version.");
+ }
+ }
+ if ((migrationTest && migrationAnnotation == null) || (!migrationTest && migrationAnnotation != null)) {
+ return ExecutionDecision.dontExecute("Migration test and no migration annotation or no migration test and migration annotation");
+ }
+ return ExecutionDecision.execute();
+ }
+
+ @Override
+ public int precedence() {
+ return 1;
+ }
+
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java
index 99c5d67..8ed6dcd 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java
@@ -86,6 +86,7 @@ public abstract class AbstractKeycloakTest {
driverSettings();
if (!suiteContext.isAdminPasswordUpdated()) {
+ log.debug("updating admin password");
updateMasterAdminPassword();
suiteContext.setAdminPasswordUpdated(true);
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java
new file mode 100644
index 0000000..41c1740
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/migration/MigrationTest.java
@@ -0,0 +1,90 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.keycloak.testsuite.migration;
+
+import java.util.List;
+import static org.junit.Assert.*;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.keycloak.admin.client.resource.ClientsResource;
+import org.keycloak.admin.client.resource.RealmResource;
+import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.testsuite.AbstractKeycloakTest;
+import org.keycloak.testsuite.arquillian.migration.Migration;
+
+/**
+ * @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a>
+ */
+public class MigrationTest extends AbstractKeycloakTest {
+
+ @Override
+ public void addTestRealms(List<RealmRepresentation> testRealms) {
+ log.info("Adding no test realms for migration test. Test realm should be migrated from previous vesrion.");
+ }
+
+ @Test
+ @Migration(versionFrom = "1.6.1.Final")
+ public void migration16Test() {
+ RealmResource realmResource = adminClient.realms().realm("Migration");
+ RealmRepresentation realmRep = realmResource.toRepresentation();
+ assertEquals("Migration", realmRep.getRealm());
+
+ List<RoleRepresentation> realmRoles = realmResource.roles().list();
+ assertEquals(1, realmRoles.size());
+ assertEquals("offline_access", realmRoles.get(0).getName());
+
+ for (ClientRepresentation client : realmResource.clients().findAll()) {
+ final String clientId = client.getClientId();
+ switch (clientId) {
+ case "realm-management":
+ assertEquals(13, realmResource.clients().get(client.getId()).roles().list().size());
+ break;
+ case "security-admin-console":
+ assertEquals(0, realmResource.clients().get(client.getId()).roles().list().size());
+ break;
+ case "broker":
+ assertEquals(1, realmResource.clients().get(client.getId()).roles().list().size());
+ break;
+ case "account":
+ assertEquals(2, realmResource.clients().get(client.getId()).roles().list().size());
+ break;
+ default:
+ fail("Migrated realm contains unexpected client " + clientId);
+ break;
+ }
+ }
+ }
+
+ @Test
+ @Migration(versionFrom = "1.5.1.Final")
+ @Ignore
+ public void migration15Test() {
+ for (RealmRepresentation realm : adminClient.realms().findAll()) {
+ System.out.println(realm.getRealm());
+ }
+
+ //TODO
+ }
+
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
index 1b6df1d..ad3f626 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
@@ -21,12 +21,39 @@
<!-- PREVIOUS VERSIONS KEYCLOAK FOR MIGRATION TESTS -->
<!-- IT HAS TO BE LISTED ABOWE KEYCLOAK AUTH SERVERS -->
+ <container qualifier="keycloak-1.6.1.Final" mode="suite" >
+ <configuration>
+ <property name="enabled">${migration.kc16}</property>
+ <property name="adapterImplClass">org.jboss.as.arquillian.container.managed.ManagedDeployableContainer</property>
+ <property name="jbossHome">${keycloak.migration.home}</property>
+ <property name="javaVmArguments">
+ -Dkeycloak.migration.action=import
+ -Dkeycloak.migration.provider=singleFile
+ -Dkeycloak.migration.file=${keycloak.migration.file}
+ -Dkeycloak.migration.strategy=OVERWRITE_EXISTING
+ -Dkeycloak.migration.realmName=Migration
+ -Djboss.socket.binding.port-offset=${auth.server.port.offset}
+ -Xms64m -Xmx512m -XX:MaxPermSize=256m
+ </property>
+ <property name="managementPort">${auth.server.management.port}</property>
+ <property name="startupTimeoutInSeconds">${startup.timeout.sec}</property>
+ </configuration>
+ </container>
+
<container qualifier="keycloak-1.5.1.Final" mode="suite" >
<configuration>
<property name="enabled">${migration.kc15}</property>
<property name="adapterImplClass">org.jboss.as.arquillian.container.managed.ManagedDeployableContainer</property>
- <property name="jbossHome">${keycloak-1.5.1.Final.home}</property>
- <property name="javaVmArguments">-Djboss.socket.binding.port-offset=${auth.server.port.offset} -Xms64m -Xmx512m -XX:MaxPermSize=256m</property>
+ <property name="jbossHome">${keycloak.migration.home}</property>
+ <property name="javaVmArguments">
+ -Dkeycloak.migration.action=import
+ -Dkeycloak.migration.provider=singleFile
+ -Dkeycloak.migration.file=${keycloak.migration.file}
+ -Dkeycloak.migration.strategy=OVERWRITE_EXISTING
+ -Dkeycloak.migration.realmName=Migration
+ -Djboss.socket.binding.port-offset=${auth.server.port.offset}
+ -Xms64m -Xmx512m -XX:MaxPermSize=256m
+ </property>
<property name="managementPort">${auth.server.management.port}</property>
<property name="startupTimeoutInSeconds">${startup.timeout.sec}</property>
</configuration>
@@ -36,7 +63,7 @@
<configuration>
<property name="enabled">${migration.kc14}</property>
<property name="adapterImplClass">org.jboss.as.arquillian.container.managed.ManagedDeployableContainer</property>
- <property name="jbossHome">${keycloak-1.4.0.Final.home}</property>
+ <property name="jbossHome">${keycloak.migration.home}</property>
<property name="javaVmArguments">-Djboss.socket.binding.port-offset=${auth.server.port.offset} -Xms64m -Xmx512m -XX:MaxPermSize=256m</property>
<property name="managementPort">${auth.server.management.port}</property>
<property name="startupTimeoutInSeconds">${startup.timeout.sec}</property>
@@ -47,7 +74,7 @@
<configuration>
<property name="enabled">${migration.kc13}</property>
<property name="adapterImplClass">org.jboss.as.arquillian.container.managed.ManagedDeployableContainer</property>
- <property name="jbossHome">${keycloak-1.3.1.Final.home}</property>
+ <property name="jbossHome">${keycloak.migration.home}</property>
<property name="javaVmArguments">-Djboss.socket.binding.port-offset=${auth.server.port.offset} -Xms64m -Xmx512m -XX:MaxPermSize=256m</property>
<property name="managementPort">${auth.server.management.port}</property>
<property name="startupTimeoutInSeconds">${startup.timeout.sec}</property>
@@ -58,7 +85,7 @@
<configuration>
<property name="enabled">${migration.kc12}</property>
<property name="adapterImplClass">org.jboss.as.arquillian.container.managed.ManagedDeployableContainer</property>
- <property name="jbossHome">${keycloak-1.2.0.Final.home}</property>
+ <property name="jbossHome">${keycloak.migration.homee}</property>
<property name="javaVmArguments">-Djboss.socket.binding.port-offset=${auth.server.port.offset} -Xms64m -Xmx512m -XX:MaxPermSize=256m</property>
<property name="managementPort">${auth.server.management.port}</property>
<property name="startupTimeoutInSeconds">${startup.timeout.sec}</property>
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-15.json b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-15.json
new file mode 100644
index 0000000..86e4606
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-15.json
@@ -0,0 +1,751 @@
+{
+ "id" : "9c3a9824-cc8b-46f6-8922-cd576a92850f",
+ "realm" : "Migration",
+ "notBefore" : 0,
+ "accessTokenLifespan" : 300,
+ "ssoSessionIdleTimeout" : 1800,
+ "ssoSessionMaxLifespan" : 36000,
+ "accessCodeLifespan" : 60,
+ "accessCodeLifespanUserAction" : 300,
+ "accessCodeLifespanLogin" : 1800,
+ "enabled" : true,
+ "sslRequired" : "external",
+ "registrationAllowed" : false,
+ "registrationEmailAsUsername" : false,
+ "rememberMe" : false,
+ "verifyEmail" : false,
+ "resetPasswordAllowed" : false,
+ "editUsernameAllowed" : false,
+ "bruteForceProtected" : false,
+ "maxFailureWaitSeconds" : 900,
+ "minimumQuickLoginWaitSeconds" : 60,
+ "waitIncrementSeconds" : 60,
+ "quickLoginCheckMilliSeconds" : 1000,
+ "maxDeltaTimeSeconds" : 43200,
+ "failureFactor" : 30,
+ "privateKey" : "MIIEpAIBAAKCAQEA29+/bYOEg+RFlDgKjX0nv+UMkV8X06E1XvRobuQjXKOV613VJIa1F/nGabXthkM3tC7DadJ5y1tBwhF+bJzMA4w38zNfJdjEp3DRND6ypUn0SJZrSw6l3u3w+s5uemgTWUZk463Xr3HbDxtnG+4t5GuHA2Oq6O2OLniVZKbDTpgF1HxzCBQiAxi2jNJm3tMlTdN6D/nV3Rwp2T1250T3ldkM3TDK/Nlup3oOejy+qRGEmh+omuABOOJ8icCULZ5S2AbiqfojP5ZN3WEpyCqcQvsdop4IawUbTDyy9BCE2K5CCZ6ZgQaSnpJZGUy91crPJXnI4tlg5Mh88l8aSrBLsQIDAQABAoIBAA5J7SPNzzfPBuKJ/c2SG5ox5W4xEthS+qfwFDVYqB+mFeEU2PwlsPEc71MBWq1GAwG3pEVlQzr+9DgLcP7X9b4pR52LchyAiM8k2sOda3ioZLKu68wV6JujNOznq3BTASblFztgmcqyCH1j14COKvdUMZL70CiQ/5NvjK3c1IZv5d/S9B7Qhd2o/6cO51xIodE87Lc4Pghq8cQ/AJJUJokyFtjkCpTNAYxcZgyiEMNbyjrbNMMEpiuspZ50eRbi7SOKOg6mSjwuTeK0cQ57JDuMhE/iyaMwh98uqSTccqeKS672z+7QCu89ce1YZMnWtjfwKEiIcTWB71pvy2gGwgECgYEA9Afv+5Zop4j1kmZvQcdr+UpW3Ia91nNelvlkMYPMrsC24xwrGhO9Hx76VxdBFCzDuYBIyOzbPLV7kFojSKmcWB6hb/S/j6eMd46ZetycrfH5sRpJHmqJpGZiARrWTLsFRNDwi2jwEl2qt3wkq/IBvuzNt9bwbnsajgRVSVWUBtECgYEA5qh+hl1f8R6KcrUro9kSSxjmlqzSIeAYNJ0VJkr2ZjRd984xTRSnUcuVJnbfNgfmywCB9s7QGgcMrs9BejKuP1bq2hnjjA1WOvz0Dq1FRw3wqYSZWHtVO2h/QDaKIcGjQ/PyWAyrOTBaL+bzKrNO66L7CQK63A4/Gj7QivFA7uECgYEAmYW81pyDbpLdW6MR72IUbZr1Fnu2RooCQhzXiccPKAmZhTudaiRs4H1OpSe+C4E2CSfJoo5QRtstx1zNwdLixxVOHu7s7OVNm5GcwQy1jUEkAuU0huwjd8fpdCR8GX23DNod2rbEAennktOJBpuTuZekvDl+vSK5TAsx1JcAL2ECgYB7rPTKjt6Wps2NW98eZ5ILejqJp/iz+TiBXYitk5wyiPmpmYGN1vkwPnymty5QBkSVrJwC/jlO+2CtiquNHgeYJr6eWytLOQt3bZJfHED9LFhSTKr8aoT06b7xa0z9dJpaIT9cPs7AR1DURn0z9Bjo9+aqmjAfNfRX2j5vgZRTgQKBgQC7+9bt4yZ0MAxJYTMVqU/LnyjPuDrgXZJYw5ZYO6r5xF0mdovE9+lY6I8OeAUg428Zk8mxMYeqOFUHF8nVBxofHrZbXR2eJxJLRO8f2GPRFYanA9MNe1Jc0WV5bi1gF+ifC0j//W1kGxCHJX1OeMSV/h8r3OaIHEwuu30ZLHFxRg==",
+ "publicKey" : "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29+/bYOEg+RFlDgKjX0nv+UMkV8X06E1XvRobuQjXKOV613VJIa1F/nGabXthkM3tC7DadJ5y1tBwhF+bJzMA4w38zNfJdjEp3DRND6ypUn0SJZrSw6l3u3w+s5uemgTWUZk463Xr3HbDxtnG+4t5GuHA2Oq6O2OLniVZKbDTpgF1HxzCBQiAxi2jNJm3tMlTdN6D/nV3Rwp2T1250T3ldkM3TDK/Nlup3oOejy+qRGEmh+omuABOOJ8icCULZ5S2AbiqfojP5ZN3WEpyCqcQvsdop4IawUbTDyy9BCE2K5CCZ6ZgQaSnpJZGUy91crPJXnI4tlg5Mh88l8aSrBLsQIDAQAB",
+ "certificate" : "MIICoTCCAYkCBgFQs81zNDANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlNaWdyYXRpb24wHhcNMTUxMDI5MTMzMTM3WhcNMjUxMDI5MTMzMzE3WjAUMRIwEAYDVQQDDAlNaWdyYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb379tg4SD5EWUOAqNfSe/5QyRXxfToTVe9Ghu5CNco5XrXdUkhrUX+cZpte2GQze0LsNp0nnLW0HCEX5snMwDjDfzM18l2MSncNE0PrKlSfRIlmtLDqXe7fD6zm56aBNZRmTjrdevcdsPG2cb7i3ka4cDY6ro7Y4ueJVkpsNOmAXUfHMIFCIDGLaM0mbe0yVN03oP+dXdHCnZPXbnRPeV2QzdMMr82W6neg56PL6pEYSaH6ia4AE44nyJwJQtnlLYBuKp+iM/lk3dYSnIKpxC+x2inghrBRtMPLL0EITYrkIJnpmBBpKeklkZTL3Vys8lecji2WDkyHzyXxpKsEuxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALaDK+wutEjdgY3Ux06Amp0k5qK16dz4jn+QKjdKPB1yThfzY1pisuyCUXPBlkn1OjB5ZvYl6ouwdNXgB8aeblbHZoyXh9ODeywi1xZd7pGxNXSfx0UzRk/YEEy0DAi9pxTyRYxiZ6/XJalS9PembTQvj+mVKqg1SDv7dyv4byvndEYSaUISrtGGrM3bb68PW4zInD793PJYWDSVxmEPOYtdgBJv4HAhPIJhjw15EOGlPv5QxW9P76OgISCutHaEe3UDP+TzIBBxYQFb1ZXA6ob3TFga78mFAkY4g98gEC11QSvZqhaRtLAz6PEisHRV+xDJVROgQ4Qew4qKgwE0gGE=",
+ "codeSecret" : "32f8634c-2be2-4d4d-8118-f4f7fee80b9f",
+ "roles" : {
+ "client" : {
+ "realm-management" : [ {
+ "id" : "dad7b3a4-b533-47c8-aba5-32e6429865a2",
+ "name" : "manage-identity-providers",
+ "description" : "${role_manage-identity-providers}",
+ "composite" : false
+ }, {
+ "id" : "a1dd3971-3906-4f4a-b4cd-3a198d2d7150",
+ "name" : "view-users",
+ "description" : "${role_view-users}",
+ "composite" : false
+ }, {
+ "id" : "6c2d766f-cfa5-4cae-b1ca-81f1f9f242c8",
+ "name" : "view-clients",
+ "description" : "${role_view-clients}",
+ "composite" : false
+ }, {
+ "id" : "60bb5b3e-8067-43fe-803e-a7e367967c7c",
+ "name" : "manage-realm",
+ "description" : "${role_manage-realm}",
+ "composite" : false
+ }, {
+ "id" : "c55cb35a-2602-47a6-a628-fc5a55341426",
+ "name" : "manage-users",
+ "description" : "${role_manage-users}",
+ "composite" : false
+ }, {
+ "id" : "4dc834d0-766b-45aa-ab3b-b7b976baa65d",
+ "name" : "realm-admin",
+ "description" : "${role_realm-admin}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "view-users", "manage-identity-providers", "view-clients", "manage-realm", "manage-users", "impersonation", "view-realm", "view-events", "manage-clients", "manage-events", "view-identity-providers" ]
+ }
+ }
+ }, {
+ "id" : "d444a98f-ab5e-4857-9300-496e04e498f5",
+ "name" : "impersonation",
+ "description" : "${role_impersonation}",
+ "composite" : false
+ }, {
+ "id" : "2f6f1407-f334-434f-becf-771e3ebb5625",
+ "name" : "view-realm",
+ "description" : "${role_view-realm}",
+ "composite" : false
+ }, {
+ "id" : "a40d3211-5244-4d92-80c0-0d3215580250",
+ "name" : "manage-events",
+ "description" : "${role_manage-events}",
+ "composite" : false
+ }, {
+ "id" : "d11c407e-504f-4923-b243-e794afa0247e",
+ "name" : "view-events",
+ "description" : "${role_view-events}",
+ "composite" : false
+ }, {
+ "id" : "3ef6ace4-4e87-4c30-a8b3-1f0df25868c6",
+ "name" : "manage-clients",
+ "description" : "${role_manage-clients}",
+ "composite" : false
+ }, {
+ "id" : "fa2a4972-b8d0-452e-8e13-d2cf7eaac7aa",
+ "name" : "view-identity-providers",
+ "description" : "${role_view-identity-providers}",
+ "composite" : false
+ } ],
+ "security-admin-console" : [ ],
+ "broker" : [ {
+ "id" : "1bc5aeb4-1df1-4402-8195-e2a72f6dca30",
+ "name" : "read-token",
+ "description" : "${role_read-token}",
+ "composite" : false
+ } ],
+ "account" : [ {
+ "id" : "71b5b5ff-b372-41a1-a427-7883fa64a8c7",
+ "name" : "manage-account",
+ "description" : "${role_manage-account}",
+ "composite" : false
+ }, {
+ "id" : "04daa556-8aeb-43ba-99c6-b393ec2a32d4",
+ "name" : "view-profile",
+ "description" : "${role_view-profile}",
+ "composite" : false
+ } ]
+ }
+ },
+ "requiredCredentials" : [ "password" ],
+ "otpPolicyType" : "totp",
+ "otpPolicyAlgorithm" : "HmacSHA1",
+ "otpPolicyInitialCounter" : 0,
+ "otpPolicyDigits" : 6,
+ "otpPolicyLookAheadWindow" : 1,
+ "otpPolicyPeriod" : 30,
+ "clientScopeMappings" : {
+ "realm-management" : [ {
+ "client" : "security-admin-console",
+ "roles" : [ "realm-admin" ]
+ } ]
+ },
+ "clients" : [ {
+ "id" : "ba27336f-3f89-471d-98d2-b8856bd6dbf1",
+ "clientId" : "realm-management",
+ "name" : "${client_realm-management}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "26aee4e9-8eec-421b-90a9-238538f5897a",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "serviceAccountsEnabled" : false,
+ "directGrantsOnly" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "5d56eba1-724e-4904-a8f8-86ca264a82cf",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${familyName}",
+ "config" : {
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "18a30786-89f9-4744-8f36-4de811a591ae",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${email}",
+ "config" : {
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "4d1c4456-0c0d-49b9-bfba-c2c83645aeb2",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${username}",
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "1a19db43-2346-4a24-b6f0-1b8d7fc1353e",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ }, {
+ "id" : "a18612f0-9eb3-4d81-af0c-b0749b83fbd3",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${givenName}",
+ "config" : {
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "70c26044-c7fc-4090-98e1-670fef006e25",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ } ]
+ }, {
+ "id" : "3fdddd5e-0022-4f6d-8fdf-212266db7fd4",
+ "clientId" : "security-admin-console",
+ "name" : "${client_security-admin-console}",
+ "baseUrl" : "/auth/admin/Migration/console/index.html",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "38ce8135-738d-4103-85ac-c3470ac8824d",
+ "redirectUris" : [ "/auth/admin/Migration/console/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "serviceAccountsEnabled" : false,
+ "directGrantsOnly" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "be58fe30-b767-4566-9192-a4fa81fafa2c",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ }, {
+ "id" : "c97523fd-fd4f-48d7-8937-bd434fa374fd",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${givenName}",
+ "config" : {
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "2323a85d-2686-46d4-bea8-e36524920f2e",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${email}",
+ "config" : {
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "56f8a80e-9e99-4add-b918-b864ca3f6f5c",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${username}",
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "f9f51e8d-d5af-456c-be5a-3019fb8c0910",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${familyName}",
+ "config" : {
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "3d8fbb0c-9058-4dde-b675-ca77a153ceb8",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ } ]
+ }, {
+ "id" : "068fcf1a-7048-43df-b3dd-e6c484e8b051",
+ "clientId" : "broker",
+ "name" : "${client_broker}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "041b50a6-54b5-4cff-84ef-1b7c388d3395",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "serviceAccountsEnabled" : false,
+ "directGrantsOnly" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "57c6f779-c96b-4f03-b268-354af2a8731e",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${email}",
+ "config" : {
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "f17a7b9f-9363-44bd-8320-df36f22ca712",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${givenName}",
+ "config" : {
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "ec1bf022-9e98-4f29-9bf0-f0a49bd844ad",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ }, {
+ "id" : "0d54c616-326b-4fe7-bbfa-af9a28304dc5",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${username}",
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "89ce95b9-a268-4306-a1ad-86066d0cdd03",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${familyName}",
+ "config" : {
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "8236274d-af69-4fc4-8804-a02d4af66157",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ } ]
+ }, {
+ "id" : "717b9e58-87ed-402d-a8f8-a37fd5e7c951",
+ "clientId" : "account",
+ "name" : "${client_account}",
+ "baseUrl" : "/auth/realms/Migration/account",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "9ea62eb5-5478-454a-a479-4012f8967f9c",
+ "defaultRoles" : [ "view-profile", "manage-account" ],
+ "redirectUris" : [ "/auth/realms/Migration/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "serviceAccountsEnabled" : false,
+ "directGrantsOnly" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "bfb4a165-2a55-4e4b-9b13-05e68822f5d6",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${familyName}",
+ "config" : {
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "c505e313-d478-4b1d-94df-c2c9b6036a95",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ }, {
+ "id" : "12fc43f0-19b7-4b4a-b50a-40b6fc344ede",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${email}",
+ "config" : {
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "250f3bf3-2655-4482-a814-3adcc7cef5a4",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ }, {
+ "id" : "6cf70d19-6a9e-4abf-8917-38b87bac15d6",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${username}",
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "Claim JSON Type" : "String"
+ }
+ }, {
+ "id" : "6cdeae21-ca97-4723-b880-d5aa35fa77b0",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${givenName}",
+ "config" : {
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "Claim JSON Type" : "String"
+ }
+ } ]
+ } ],
+ "browserSecurityHeaders" : {
+ "contentSecurityPolicy" : "frame-src 'self'",
+ "xFrameOptions" : "SAMEORIGIN"
+ },
+ "smtpServer" : { },
+ "eventsEnabled" : false,
+ "eventsListeners" : [ "jboss-logging" ],
+ "enabledEventTypes" : [ ],
+ "adminEventsEnabled" : false,
+ "adminEventsDetailsEnabled" : false,
+ "identityFederationEnabled" : false,
+ "internationalizationEnabled" : false,
+ "supportedLocales" : [ ],
+ "authenticationFlows" : [ {
+ "alias" : "registration form",
+ "description" : "registration form",
+ "providerId" : "form-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-user-creation",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ }, {
+ "authenticator" : "registration-profile-action",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 40
+ }, {
+ "authenticator" : "registration-password-action",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 50
+ }, {
+ "authenticator" : "registration-recaptcha-action",
+ "autheticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "userSetupAllowed" : false,
+ "priority" : 60
+ } ]
+ }, {
+ "alias" : "direct grant",
+ "description" : "OpenID Connect Resource Owner Grant",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "direct-grant-validate-username",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "direct-grant-validate-password",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ }, {
+ "authenticator" : "direct-grant-validate-otp",
+ "autheticatorFlow" : false,
+ "requirement" : "OPTIONAL",
+ "userSetupAllowed" : false,
+ "priority" : 30
+ } ]
+ }, {
+ "alias" : "reset credentials",
+ "description" : "Reset credentials for a user if they forgot their password or something",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "reset-credentials-choose-user",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "reset-credential-email",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ }, {
+ "authenticator" : "reset-password",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 30
+ }, {
+ "authenticator" : "reset-otp",
+ "autheticatorFlow" : false,
+ "requirement" : "OPTIONAL",
+ "userSetupAllowed" : false,
+ "priority" : 40
+ } ]
+ }, {
+ "alias" : "forms",
+ "description" : "Username, password, otp and other auth forms.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-username-password-form",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "auth-otp-form",
+ "autheticatorFlow" : false,
+ "requirement" : "OPTIONAL",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ } ]
+ }, {
+ "alias" : "clients",
+ "description" : "Base authentication for clients",
+ "providerId" : "client-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "client-secret",
+ "autheticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "client-jwt",
+ "autheticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ } ]
+ }, {
+ "alias" : "browser",
+ "description" : "browser based authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-cookie",
+ "autheticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "auth-spnego",
+ "autheticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ }, {
+ "flowAlias" : "forms",
+ "autheticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "userSetupAllowed" : false,
+ "priority" : 30
+ } ]
+ }, {
+ "alias" : "registration",
+ "description" : "registration flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-page-form",
+ "flowAlias" : "registration form",
+ "autheticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ } ]
+ } ],
+ "authenticatorConfig" : [ ],
+ "requiredActions" : [ {
+ "alias" : "CONFIGURE_TOTP",
+ "name" : "Configure Totp",
+ "providerId" : "CONFIGURE_TOTP",
+ "enabled" : true,
+ "defaultAction" : false,
+ "config" : { }
+ }, {
+ "alias" : "VERIFY_EMAIL",
+ "name" : "Verify Email",
+ "providerId" : "VERIFY_EMAIL",
+ "enabled" : true,
+ "defaultAction" : false,
+ "config" : { }
+ }, {
+ "alias" : "terms_and_conditions",
+ "name" : "Terms and Conditions",
+ "providerId" : "terms_and_conditions",
+ "enabled" : false,
+ "defaultAction" : false,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PASSWORD",
+ "name" : "Update Password",
+ "providerId" : "UPDATE_PASSWORD",
+ "enabled" : true,
+ "defaultAction" : false,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PROFILE",
+ "name" : "Update Profile",
+ "providerId" : "UPDATE_PROFILE",
+ "enabled" : true,
+ "defaultAction" : false,
+ "config" : { }
+ } ],
+ "browserFlow" : "browser",
+ "registrationFlow" : "registration",
+ "directGrantFlow" : "direct grant",
+ "resetCredentialsFlow" : "reset credentials",
+ "clientAuthenticationFlow" : "clients"
+}
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-16.json b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-16.json
new file mode 100644
index 0000000..3719d04
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/migration-test/migration-realm-16.json
@@ -0,0 +1,796 @@
+{
+ "id" : "Migration",
+ "realm" : "Migration",
+ "notBefore" : 0,
+ "revokeRefreshToken" : false,
+ "accessTokenLifespan" : 300,
+ "ssoSessionIdleTimeout" : 1800,
+ "ssoSessionMaxLifespan" : 36000,
+ "offlineSessionIdleTimeout" : 2592000,
+ "accessCodeLifespan" : 60,
+ "accessCodeLifespanUserAction" : 300,
+ "accessCodeLifespanLogin" : 1800,
+ "enabled" : true,
+ "sslRequired" : "external",
+ "registrationAllowed" : false,
+ "registrationEmailAsUsername" : false,
+ "rememberMe" : false,
+ "verifyEmail" : false,
+ "resetPasswordAllowed" : false,
+ "editUsernameAllowed" : false,
+ "bruteForceProtected" : false,
+ "maxFailureWaitSeconds" : 900,
+ "minimumQuickLoginWaitSeconds" : 60,
+ "waitIncrementSeconds" : 60,
+ "quickLoginCheckMilliSeconds" : 1000,
+ "maxDeltaTimeSeconds" : 43200,
+ "failureFactor" : 30,
+ "privateKey" : "MIIEowIBAAKCAQEAg/XlZqOYbYHyzHjWKwCD35JKloSyBBaIQgQbUjmWSBLw6xyNLSSvI45lmhoxcJTjxeZ+LKudfcoDVcLah1kYmTiS5YtNROeqmdWTkekdsAW8PYQJ0ScpatJ3jQ6xpe2E/AQWel5h6HI07O/r1mc3JDCXSe5zKdV9C0aGZpQSU2jWkVmP1cc2EZg5bVD1v057CUpKAX3qkloXpRedq6tMgwRSurhgnWDt93xWcv/+zz1Rw400batHmAm8Xa792jfZhSjvxtv9Q83Eb9jqi+c3BnxC3hucUDc6ivm8UgKYha054IOVbG8wDtmhZF8LlvLpjPk9iHuygS0zRnRuCo1+pQIDAQABAoIBACx5B8oSooFthS2CH/O4JbmIbRjTOceE7IELL0YD4HED6SvjoHSxY1EhYX6RC05871K3/pgBcn99QKh7lfh9f3vMBD3WN8FcLjPQNf67yOSU2j8FK+XQQ/YbXm0soZRhOytQGV8+RdL4AnxD04CboorQ0Xv6H9feelj9eLhDePWg5qEGHZJA6zGYiOUBALAL+SXoL59LWWLEM48TQWM0yGCA3mQM0iWCclbLNM1ls5gwMxSDdJeKC/3qlB6egGqPtXCEJdQXYqt3do8UUnxdQEkRGlJx14cSoH7fmZyZjLsEBcQT5uoAHI7/NMVN1DoFgwMTsq/MAATh3ngHqSl6J2ECgYEA3Ati3EaI0Vb8KzdjwZVgk9/KKnGLcswOl+cfU+lL9Vv5W4lVht3zvNAO8mUjtTSpjCF7LlY2lD9JEsv4cA9T3v2L7ZjkBiD6S/YYnEZYGAOjJb+LniRLqSVgN3beUgSiG/zzwuJm92J3dIcqMIPi4gdLMJ7KAv9qgbOddAy4b3kCgYEAmYXlqAu+Vgyjj3wzfgeXKzYkUfbEXUzsdugpW2gCvKi2/lJwmzORfsvSL88CxKZvzbEb1AJOrW+aPUbO0vPWo07ztphPKed+Gydp2G837f24eGZpBpxG6ATIa5MjtCHgX5guTMA3sJCFyLdMacRmlkmZEwbk7e9QxCp9HOmFoY0CgYB5u1LVya+nIBghUGM/lQP4yrVtBaO/vmPUZWhPY6FB+7/XhAJsuh09N10NfCZk+N1TSLJ8z/UhzmD+pRir5c7gbiQbLZn4SgYuP9cdnUze/CQlnfH/atTwnly8UmZruWR1V1sDVXzhHvg23w/YBx5dLOvL2gyn2+VwG43fxanDAQKBgFpFqWzOuvTOKb7NQVnyDKmUBHdNqtlRyhmBGhBtcG6OpkuVHjGkeQEdyFHkX7RSSZuhcMORN8IzxXYSlLrmNmeAnT3ZAXOac0R0QIDLpQ+ECVyCm28PpYH4jgDzXCMnaE/NpCvtOtHPqVsErSHkIo5saF4Px71A4zT15uuBRNphAoGBAMXV0eqeZOr/iHGIie3Ol0atZuB9b/BgLJBTFsCbFoVLdMAah4i2MXDm3vOUWlPf2VFL1LcKXYQ1GZ79We5LqG5w1CLA5WNt93U3yyl3/V5w02My5dVhz9BD4kWhZcvih+uVuHBxeI8Q8AvU63qqT4punQW4SSAHC+9e3U62aNc+",
+ "publicKey" : "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/XlZqOYbYHyzHjWKwCD35JKloSyBBaIQgQbUjmWSBLw6xyNLSSvI45lmhoxcJTjxeZ+LKudfcoDVcLah1kYmTiS5YtNROeqmdWTkekdsAW8PYQJ0ScpatJ3jQ6xpe2E/AQWel5h6HI07O/r1mc3JDCXSe5zKdV9C0aGZpQSU2jWkVmP1cc2EZg5bVD1v057CUpKAX3qkloXpRedq6tMgwRSurhgnWDt93xWcv/+zz1Rw400batHmAm8Xa792jfZhSjvxtv9Q83Eb9jqi+c3BnxC3hucUDc6ivm8UgKYha054IOVbG8wDtmhZF8LlvLpjPk9iHuygS0zRnRuCo1+pQIDAQAB",
+ "certificate" : "MIICoTCCAYkCBgFQs9TiPDANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlNaWdyYXRpb24wHhcNMTUxMDI5MTMzOTQ0WhcNMjUxMDI5MTM0MTI0WjAUMRIwEAYDVQQDDAlNaWdyYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCD9eVmo5htgfLMeNYrAIPfkkqWhLIEFohCBBtSOZZIEvDrHI0tJK8jjmWaGjFwlOPF5n4sq519ygNVwtqHWRiZOJLli01E56qZ1ZOR6R2wBbw9hAnRJylq0neNDrGl7YT8BBZ6XmHocjTs7+vWZzckMJdJ7nMp1X0LRoZmlBJTaNaRWY/VxzYRmDltUPW/TnsJSkoBfeqSWhelF52rq0yDBFK6uGCdYO33fFZy//7PPVHDjTRtq0eYCbxdrv3aN9mFKO/G2/1DzcRv2OqL5zcGfELeG5xQNzqK+bxSApiFrTngg5VsbzAO2aFkXwuW8umM+T2Ie7KBLTNGdG4KjX6lAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIOonQw/DIwSDU2oFyoaZ7VfFcT6Uh3QXfLB4ZYDek4m6Y8onrtqzuGo2Z2tcokV9PPkBAQtefSxIqx4COC9OeDBy1DeY04AkpprywLuOzCL/OBCV9QwiMkuBYYC5JJCIyTuo3qYxkuDA/iwDdH7vNDGohE6TDYmrC3Yp3lsLaHZ1lG52Df3qL8wo3/PdwzCOmyRGfm3vscTY+PqVCYcfxg9nPkoU3FwUJDAshjMxRw7/aafG8OmQ2EeYH4HV/FsULFrwoVF0Up8TkqAhmdJJ+vaGqaHHXQyiIPTMCdrkE58jAvtpbX0XCEDiNXT9qORhmjKP8Xq13XOQTfI5DRo8Qc=",
+ "codeSecret" : "56227bc5-edb9-419c-a019-d61a7c6ffb74",
+ "roles" : {
+ "realm" : [ {
+ "id" : "c4aae789-de76-4130-a06b-a28113ada698",
+ "name" : "offline_access",
+ "description" : "${role_offline-access}",
+ "scopeParamRequired" : true,
+ "composite" : false
+ } ],
+ "client" : {
+ "realm-management" : [ {
+ "id" : "22345bd8-afee-44c3-9958-a134e729aaa7",
+ "name" : "view-identity-providers",
+ "description" : "${role_view-identity-providers}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "6c6bb910-a769-4e92-b009-db4b9ab32c67",
+ "name" : "manage-events",
+ "description" : "${role_manage-events}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "5327bf34-5a16-4f36-bb15-100a25aac33e",
+ "name" : "view-realm",
+ "description" : "${role_view-realm}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "3c52d428-e3e5-40b3-92d4-ab6195b7dce5",
+ "name" : "create-client",
+ "description" : "${role_create-client}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "9999e081-5321-4c19-a8ac-27cea3bbde3a",
+ "name" : "impersonation",
+ "description" : "${role_impersonation}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "7c857cf1-b66e-4935-8749-580062d4719a",
+ "name" : "manage-identity-providers",
+ "description" : "${role_manage-identity-providers}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "549d2e65-d347-4221-bde0-65fff6580fc2",
+ "name" : "view-events",
+ "description" : "${role_view-events}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "aa1676b8-a92a-4c99-b266-54858129942d",
+ "name" : "view-users",
+ "description" : "${role_view-users}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "6c9a78fa-0e37-48bf-a9b5-2062312b0f33",
+ "name" : "manage-clients",
+ "description" : "${role_manage-clients}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "d38072d6-66fe-4102-8d4d-b5e8e2721e43",
+ "name" : "manage-realm",
+ "description" : "${role_manage-realm}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "a85da016-830e-42dd-8318-3cc8c28d3382",
+ "name" : "manage-users",
+ "description" : "${role_manage-users}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "0ab22444-1235-4391-ac10-571b33065177",
+ "name" : "realm-admin",
+ "description" : "${role_realm-admin}",
+ "scopeParamRequired" : false,
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "view-identity-providers", "manage-clients", "manage-events", "view-realm", "manage-realm", "manage-users", "create-client", "impersonation", "view-events", "manage-identity-providers", "view-clients", "view-users" ]
+ }
+ }
+ }, {
+ "id" : "442fcc9e-46af-495a-9cdf-64d32dabc808",
+ "name" : "view-clients",
+ "description" : "${role_view-clients}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ } ],
+ "security-admin-console" : [ ],
+ "broker" : [ {
+ "id" : "8d46836e-eb6c-4cf5-97fe-8b1b24a69e10",
+ "name" : "read-token",
+ "description" : "${role_read-token}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ } ],
+ "account" : [ {
+ "id" : "40799d46-6574-4d45-a157-33cc15e3e2f1",
+ "name" : "manage-account",
+ "description" : "${role_manage-account}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ }, {
+ "id" : "d6056197-e9a3-4922-8b1b-ce6e99a71a43",
+ "name" : "view-profile",
+ "description" : "${role_view-profile}",
+ "scopeParamRequired" : false,
+ "composite" : false
+ } ]
+ }
+ },
+ "defaultRoles" : [ "offline_access" ],
+ "requiredCredentials" : [ "password" ],
+ "otpPolicyType" : "totp",
+ "otpPolicyAlgorithm" : "HmacSHA1",
+ "otpPolicyInitialCounter" : 0,
+ "otpPolicyDigits" : 6,
+ "otpPolicyLookAheadWindow" : 1,
+ "otpPolicyPeriod" : 30,
+ "clientScopeMappings" : {
+ "realm-management" : [ {
+ "client" : "security-admin-console",
+ "roles" : [ "realm-admin" ]
+ } ]
+ },
+ "clients" : [ {
+ "id" : "cdf6e789-79b9-41ad-b4a3-f02abd2aeab6",
+ "clientId" : "realm-management",
+ "name" : "${client_realm-management}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "c51e802e-e33b-431e-8e74-c2ebd4ba6abf",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "serviceAccountsEnabled" : false,
+ "directGrantsOnly" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "cfaff5c8-a0e3-42af-8dcd-f7ae6000a240",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${email}",
+ "config" : {
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "5a68a544-0373-4cf3-9978-aed944df478f",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ }, {
+ "id" : "41c006db-88d6-42a6-addd-8efb535f1a7d",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ }, {
+ "id" : "d6fd0e72-aa1e-417d-b28b-ec31946dc6fd",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${username}",
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "d8692a7a-366d-407d-abc1-a6f45742c47c",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${givenName}",
+ "config" : {
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "54f4844b-aaa5-4260-b2aa-5dc446c8b978",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${familyName}",
+ "config" : {
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "7776fa56-ab87-4638-b42b-cc9537ab2fc2",
+ "clientId" : "security-admin-console",
+ "name" : "${client_security-admin-console}",
+ "baseUrl" : "/auth/admin/Migration/console/index.html",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "5e0673fa-921d-4415-9d92-3a4197d87e46",
+ "redirectUris" : [ "/auth/admin/Migration/console/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "serviceAccountsEnabled" : false,
+ "directGrantsOnly" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "9ed45252-c571-44fe-ac5f-b30cea378ff1",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "consentText" : "${locale}",
+ "config" : {
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "d1b5694e-e9e2-4d56-9019-bc658cdcded8",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${email}",
+ "config" : {
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "497fee7a-23b4-4345-a872-63444a8b1a27",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ }, {
+ "id" : "57881d46-deca-421e-a4c5-e023e747f68e",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${username}",
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "9cfe7043-ba2b-49e2-8a1b-f1b23fcb5eb5",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${familyName}",
+ "config" : {
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "c37a3c4a-8999-4111-ae2a-98954a5a8674",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ }, {
+ "id" : "a7917c74-f18a-43a0-a787-7afc7b45a247",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${givenName}",
+ "config" : {
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "e7faae41-f5e8-4571-b280-5bbe0d5bcb12",
+ "clientId" : "broker",
+ "name" : "${client_broker}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "b2a1f1ff-5157-4240-9354-69a6deb13ccb",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "serviceAccountsEnabled" : false,
+ "directGrantsOnly" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "b843f1fd-da0a-4d49-b367-3fb39f11383b",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${familyName}",
+ "config" : {
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "3b18c534-1e0a-474c-adf8-e9fbc33c05e8",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ }, {
+ "id" : "b7e9db64-52f6-4aba-9437-deefab06abee",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ }, {
+ "id" : "2da52efa-e9d9-4b68-a296-0310059b7df2",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${username}",
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "2d2df25d-26d1-4e7c-a85a-c485ab2cc0fe",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${givenName}",
+ "config" : {
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "d096910d-13ac-43a7-bad8-4d1bbfd34171",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${email}",
+ "config" : {
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "a2864762-7cc1-4784-a540-439e611f29ba",
+ "clientId" : "account",
+ "name" : "${client_account}",
+ "baseUrl" : "/auth/realms/Migration/account",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "68cbd7a8-3b48-4751-a396-df7ab39a2fdf",
+ "defaultRoles" : [ "view-profile", "manage-account" ],
+ "redirectUris" : [ "/auth/realms/Migration/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "serviceAccountsEnabled" : false,
+ "directGrantsOnly" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "attributes" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "ed2c87d0-299a-40ac-a11c-df7af41bb365",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${email}",
+ "config" : {
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "80bc8d1f-3cb8-4362-890c-68d1a5c7263d",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${givenName}",
+ "config" : {
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "af93478f-176d-4be4-be5d-78a65dd88717",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${username}",
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "b6c1704d-39fc-4b63-8f70-74561849654f",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${familyName}",
+ "config" : {
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "928dbc26-41a1-4342-ba92-c230a85e830c",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ }, {
+ "id" : "03a967ab-ed2b-402f-ae2f-10729084376c",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ } ]
+ } ],
+ "browserSecurityHeaders" : {
+ "contentSecurityPolicy" : "frame-src 'self'",
+ "xFrameOptions" : "SAMEORIGIN"
+ },
+ "smtpServer" : { },
+ "eventsEnabled" : false,
+ "eventsListeners" : [ "jboss-logging" ],
+ "enabledEventTypes" : [ ],
+ "adminEventsEnabled" : false,
+ "adminEventsDetailsEnabled" : false,
+ "identityFederationEnabled" : false,
+ "internationalizationEnabled" : false,
+ "supportedLocales" : [ ],
+ "authenticationFlows" : [ {
+ "alias" : "reset credentials",
+ "description" : "Reset credentials for a user if they forgot their password or something",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "reset-credentials-choose-user",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "reset-credential-email",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ }, {
+ "authenticator" : "reset-password",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 30
+ }, {
+ "authenticator" : "reset-otp",
+ "autheticatorFlow" : false,
+ "requirement" : "OPTIONAL",
+ "userSetupAllowed" : false,
+ "priority" : 40
+ } ]
+ }, {
+ "alias" : "clients",
+ "description" : "Base authentication for clients",
+ "providerId" : "client-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "client-secret",
+ "autheticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "client-jwt",
+ "autheticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ } ]
+ }, {
+ "alias" : "registration form",
+ "description" : "registration form",
+ "providerId" : "form-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-user-creation",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ }, {
+ "authenticator" : "registration-profile-action",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 40
+ }, {
+ "authenticator" : "registration-password-action",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 50
+ }, {
+ "authenticator" : "registration-recaptcha-action",
+ "autheticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "userSetupAllowed" : false,
+ "priority" : 60
+ } ]
+ }, {
+ "alias" : "direct grant",
+ "description" : "OpenID Connect Resource Owner Grant",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "direct-grant-validate-username",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "direct-grant-validate-password",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ }, {
+ "authenticator" : "direct-grant-validate-otp",
+ "autheticatorFlow" : false,
+ "requirement" : "OPTIONAL",
+ "userSetupAllowed" : false,
+ "priority" : 30
+ } ]
+ }, {
+ "alias" : "registration",
+ "description" : "registration flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-page-form",
+ "flowAlias" : "registration form",
+ "autheticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ } ]
+ }, {
+ "alias" : "browser",
+ "description" : "browser based authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-cookie",
+ "autheticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "auth-spnego",
+ "autheticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ }, {
+ "flowAlias" : "forms",
+ "autheticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "userSetupAllowed" : false,
+ "priority" : 30
+ } ]
+ }, {
+ "alias" : "forms",
+ "description" : "Username, password, otp and other auth forms.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-username-password-form",
+ "autheticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "userSetupAllowed" : false,
+ "priority" : 10
+ }, {
+ "authenticator" : "auth-otp-form",
+ "autheticatorFlow" : false,
+ "requirement" : "OPTIONAL",
+ "userSetupAllowed" : false,
+ "priority" : 20
+ } ]
+ } ],
+ "authenticatorConfig" : [ ],
+ "requiredActions" : [ {
+ "alias" : "terms_and_conditions",
+ "name" : "Terms and Conditions",
+ "providerId" : "terms_and_conditions",
+ "enabled" : false,
+ "defaultAction" : false,
+ "config" : { }
+ }, {
+ "alias" : "CONFIGURE_TOTP",
+ "name" : "Configure Totp",
+ "providerId" : "CONFIGURE_TOTP",
+ "enabled" : true,
+ "defaultAction" : false,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PASSWORD",
+ "name" : "Update Password",
+ "providerId" : "UPDATE_PASSWORD",
+ "enabled" : true,
+ "defaultAction" : false,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PROFILE",
+ "name" : "Update Profile",
+ "providerId" : "UPDATE_PROFILE",
+ "enabled" : true,
+ "defaultAction" : false,
+ "config" : { }
+ }, {
+ "alias" : "VERIFY_EMAIL",
+ "name" : "Verify Email",
+ "providerId" : "VERIFY_EMAIL",
+ "enabled" : true,
+ "defaultAction" : false,
+ "config" : { }
+ } ],
+ "browserFlow" : "browser",
+ "registrationFlow" : "registration",
+ "directGrantFlow" : "direct grant",
+ "resetCredentialsFlow" : "reset credentials",
+ "clientAuthenticationFlow" : "clients"
+}
\ No newline at end of file
testsuite/integration-arquillian/tests/pom.xml 187(+73 -114)
diff --git a/testsuite/integration-arquillian/tests/pom.xml b/testsuite/integration-arquillian/tests/pom.xml
index 2c9f13f..074a08a 100644
--- a/testsuite/integration-arquillian/tests/pom.xml
+++ b/testsuite/integration-arquillian/tests/pom.xml
@@ -36,6 +36,7 @@
<arquillian-graphene.version>2.1.0.Alpha2</arquillian-graphene.version>
<arquillian-wildfly-container.version>8.2.0.Final</arquillian-wildfly-container.version>
<version.shrinkwrap.resolvers>2.1.1</version.shrinkwrap.resolvers>
+ <skip.unpack.previous>true</skip.unpack.previous>
</properties>
<dependencyManagement>
@@ -96,6 +97,32 @@
<failIfNoTests>false</failIfNoTests>
</configuration>
</plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>unpack-previous</id>
+ <phase>generate-test-resources</phase>
+ <goals>
+ <goal>unpack</goal>
+ </goals>
+ <configuration>
+ <skip>${skip.unpack.previous}</skip>
+ <artifactItems>
+ <artifactItem>
+ <groupId>org.keycloak.testsuite</groupId>
+ <artifactId>${server.artifactId}</artifactId>
+ <version>${project.version}</version>
+ <type>zip</type>
+ </artifactItem>
+ </artifactItems>
+ <outputDirectory>${containers.home}</outputDirectory>
+ <overWriteIfNewer>true</overWriteIfNewer>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
</pluginManagement>
</build>
@@ -333,7 +360,7 @@
<properties>
<auth.server.container>auth-server-wildfly</auth.server.container>
<auth.server.wildfly.home>${containers.home}/keycloak-${project.version}</auth.server.wildfly.home>
- <startup.timeout.sec>150</startup.timeout.sec>
+ <startup.timeout.sec>300</startup.timeout.sec>
<adapter.test.props/>
</properties>
<dependencies>
@@ -348,7 +375,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
- <version>2.10</version>
<executions>
<execution>
<id>unpack</id>
@@ -393,7 +419,7 @@
<properties>
<auth.server.container>auth-server-eap6</auth.server.container>
<auth.server.eap6.home>${containers.home}/keycloak-${project.version}</auth.server.eap6.home>
- <startup.timeout.sec>150</startup.timeout.sec>
+ <startup.timeout.sec>300</startup.timeout.sec>
<adapter.test.props/>
</properties>
<dependencies>
@@ -409,7 +435,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
- <version>2.10</version>
<executions>
<execution>
<id>unpack</id>
@@ -452,39 +477,43 @@
<!-- Profiles for migration tests-->
<profile>
- <id>migration-kc15</id>
+ <id>migration-kc16</id>
<properties>
- <keycloak-1.5.1.Final.home>${containers.home}/keycloak-1.5.1.Final</keycloak-1.5.1.Final.home>
+ <skip.unpack.previous>false</skip.unpack.previous>
+ <server.version>1.6.1.Final</server.version>
+ <server.artifactId>integration-arquillian-server-wildfly-kc16</server.artifactId>
</properties>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-dependency-plugin</artifactId>
- <version>2.10</version>
- <executions>
- <execution>
- <id>unpack-previous</id>
- <phase>generate-test-resources</phase>
- <goals>
- <goal>unpack</goal>
- </goals>
- <configuration>
- <artifactItems>
- <artifactItem>
- <groupId>org.keycloak.testsuite</groupId>
- <artifactId>integration-arquillian-server-wildfly-kc15</artifactId>
- <version>${project.version}</version>
- <type>zip</type>
- </artifactItem>
- </artifactItems>
- <outputDirectory>${containers.home}</outputDirectory>
- <overWriteIfNewer>true</overWriteIfNewer>
- </configuration>
- </execution>
- </executions>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <systemPropertyVariables>
+ <migration>true</migration>
+ <migration.kc16>true</migration.kc16>
+ <keycloak.migration.home>${containers.home}/keycloak-${server.version}</keycloak.migration.home>
+ <keycloak.migration.file>src/test/resources/migration-test/migration-realm-16.json</keycloak.migration.file>
+ <version>${server.version}</version>
+ </systemPropertyVariables>
+ </configuration>
</plugin>
+ </plugins>
+ </pluginManagement>
+ </build>
+ </profile>
+
+ <profile>
+ <id>migration-kc15</id>
+ <properties>
+ <skip.unpack.previous>false</skip.unpack.previous>
+ <server.version>1.5.1.Final</server.version>
+ <server.artifactId>integration-arquillian-server-wildfly-kc15</server.artifactId>
+ </properties>
+ <build>
+ <pluginManagement>
+ <plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
@@ -492,7 +521,9 @@
<systemPropertyVariables>
<migration>true</migration>
<migration.kc15>true</migration.kc15>
- <keycloak-1.5.1.Final.home>${keycloak-1.5.1.Final.home}</keycloak-1.5.1.Final.home>
+ <keycloak.migration.home>${containers.home}/keycloak-${server.version}</keycloak.migration.home>
+ <keycloak.migration.file>src/test/resources/migration-test/migration-realm-15.json</keycloak.migration.file>
+ <version>${server.version}</version>
</systemPropertyVariables>
</configuration>
</plugin>
@@ -504,45 +535,21 @@
<profile>
<id>migration-kc14</id>
<properties>
- <keycloak-1.4.0.Final.home>${containers.home}/keycloak-1.4.0.Final</keycloak-1.4.0.Final.home>
+ <skip.unpack.previous>false</skip.unpack.previous>
+ <server.version>1.4.0.Final</server.version>
+ <server.artifactId>integration-arquillian-server-wildfly-kc14</server.artifactId>
</properties>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-dependency-plugin</artifactId>
- <version>2.10</version>
- <executions>
- <execution>
- <id>unpack-previous</id>
- <phase>generate-test-resources</phase>
- <goals>
- <goal>unpack</goal>
- </goals>
- <configuration>
- <artifactItems>
- <artifactItem>
- <groupId>org.keycloak.testsuite</groupId>
- <artifactId>integration-arquillian-server-wildfly-kc14</artifactId>
- <version>${project.version}</version>
- <type>zip</type>
- </artifactItem>
- </artifactItems>
- <outputDirectory>${containers.home}</outputDirectory>
- <overWriteIfNewer>true</overWriteIfNewer>
- </configuration>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<systemPropertyVariables>
<migration>true</migration>
<migration.kc14>true</migration.kc14>
- <keycloak-1.4.0.Final.home>${keycloak-1.4.0.Final.home}</keycloak-1.4.0.Final.home>
+ <keycloak.migration.home>${containers.home}/keycloak-${server.version}</keycloak.migration.home>
</systemPropertyVariables>
</configuration>
</plugin>
@@ -554,45 +561,21 @@
<profile>
<id>migration-kc13</id>
<properties>
- <keycloak-1.3.1.Final.home>${containers.home}/keycloak-1.3.1.Final</keycloak-1.3.1.Final.home>
+ <skip.unpack.previous>false</skip.unpack.previous>
+ <server.version>1.3.1.Final</server.version>
+ <server.artifactId>integration-arquillian-server-wildfly-kc13</server.artifactId>
</properties>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-dependency-plugin</artifactId>
- <version>2.10</version>
- <executions>
- <execution>
- <id>unpack-previous</id>
- <phase>generate-test-resources</phase>
- <goals>
- <goal>unpack</goal>
- </goals>
- <configuration>
- <artifactItems>
- <artifactItem>
- <groupId>org.keycloak.testsuite</groupId>
- <artifactId>integration-arquillian-server-wildfly-kc13</artifactId>
- <version>${project.version}</version>
- <type>zip</type>
- </artifactItem>
- </artifactItems>
- <outputDirectory>${containers.home}</outputDirectory>
- <overWriteIfNewer>true</overWriteIfNewer>
- </configuration>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<systemPropertyVariables>
<migration>true</migration>
<migration.kc13>true</migration.kc13>
- <keycloak-1.3.1.Final.home>${keycloak-1.3.1.Final.home}</keycloak-1.3.1.Final.home>
+ <keycloak.migration.home>${containers.home}/keycloak-${server.version}</keycloak.migration.home>
</systemPropertyVariables>
</configuration>
</plugin>
@@ -604,45 +587,21 @@
<profile>
<id>migration-kc12</id>
<properties>
- <keycloak-1.2.0.Final.home>${containers.home}/keycloak-1.2.0.Final</keycloak-1.2.0.Final.home>
+ <skip.unpack.previous>false</skip.unpack.previous>
+ <server.version>1.2.0.Final</server.version>
+ <server.artifactId>integration-arquillian-server-wildfly-kc12</server.artifactId>
</properties>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-dependency-plugin</artifactId>
- <version>2.10</version>
- <executions>
- <execution>
- <id>unpack-previous</id>
- <phase>generate-test-resources</phase>
- <goals>
- <goal>unpack</goal>
- </goals>
- <configuration>
- <artifactItems>
- <artifactItem>
- <groupId>org.keycloak.testsuite</groupId>
- <artifactId>integration-arquillian-server-wildfly-kc12</artifactId>
- <version>${project.version}</version>
- <type>zip</type>
- </artifactItem>
- </artifactItems>
- <outputDirectory>${containers.home}</outputDirectory>
- <overWriteIfNewer>true</overWriteIfNewer>
- </configuration>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<systemPropertyVariables>
<migration>true</migration>
<migration.kc12>true</migration.kc12>
- <keycloak-1.2.0.Final.home>${keycloak-1.2.0.Final.home}</keycloak-1.2.0.Final.home>
+ <keycloak.migration.home>${containers.home}/keycloak-${server.version}</keycloak.migration.home>
</systemPropertyVariables>
</configuration>
</plugin>