keycloak-aplcache
Changes
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java 76(+51 -25)
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java 26(+12 -14)
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java 64(+64 -0)
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java 2(+1 -1)
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java 2(+1 -1)
Details
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
index fdf0dbe..1f79f8f 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
@@ -54,6 +54,11 @@ public abstract class AbstractIdentityProviderTest {
URL url = getClass().getResource("/broker-test/test-app-keycloak.json");
deployApplication("test-app", "/test-app", UserSessionStatusServlet.class, url.getPath(), "manager");
}
+
+ @Override
+ protected String[] getTestRealms() {
+ return new String[] {"realm-with-broker"};
+ }
};
@Rule
@@ -76,45 +81,68 @@ public abstract class AbstractIdentityProviderTest {
// choose the identity provider
this.loginPage.clickSocial(providerId);
- assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml"));
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/"));
// log in to identity provider
- this.loginPage.login("saml.user", "password");
+ this.loginPage.login("test-user", "password");
- assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/broker/realm-with-broker/" + providerId));
+ doAfterProviderAuthentication(providerId);
- // update profile
- this.updateProfilePage.assertCurrent();
+ doUpdateProfile(providerId);
+
+ // authenticated and redirected to app
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app/"));
+ assertNotNull(retrieveSessionStatus());
+
+ doAssertFederatedUser(providerId);
+
+ driver.navigate().to("http://localhost:8081/test-app/logout");
+ driver.navigate().to("http://localhost:8081/test-app/");
+
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
+ }
+ protected void doAssertFederatedUser(String providerId) {
String userEmail = "new@email.com";
String userFirstName = "New first";
String userLastName = "New last";
+ UserModel federatedUser = getFederatedUser();
- this.updateProfilePage.update(userFirstName, userLastName, userEmail);
-
- // authenticated and redirected to app
- assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app/"));
+ assertEquals(userEmail, federatedUser.getEmail());
+ assertEquals(userFirstName, federatedUser.getFirstName());
+ assertEquals(userLastName, federatedUser.getLastName());
+ }
+ protected UserModel getFederatedUser() {
KeycloakSession samlServerSession = brokerServerRule.startSession();
RealmModel brokerRealm = samlServerSession.realms().getRealm("realm-with-broker");
+ UserModel userModel = samlServerSession.users().getUserByUsername("test-user", brokerRealm);
- UserModel federatedUser = samlServerSession.users().getUserByEmail(userEmail, brokerRealm);
+ if (userModel != null) {
+ return userModel;
+ }
- // user created
- assertNotNull(federatedUser);
- assertEquals(userFirstName, federatedUser.getFirstName());
- assertEquals(userLastName, federatedUser.getLastName());
+ userModel = samlServerSession.users().getUserByEmail("test-user@localhost", brokerRealm);
- driver.navigate().to("http://localhost:8081/test-app/logout");
- driver.navigate().to("http://localhost:8081/test-app/");
+ if (userModel == null) {
+ return samlServerSession.users().getUserByEmail("new@email.com", brokerRealm);
+ }
- assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
+ return userModel;
+ }
- // choose the identity provider
- this.loginPage.clickSocial(providerId);
+ protected void doUpdateProfile(String providerId) {
+ String userEmail = "new@email.com";
+ String userFirstName = "New first";
+ String userLastName = "New last";
+
+ // update profile
+ this.updateProfilePage.assertCurrent();
+ this.updateProfilePage.update(userFirstName, userLastName, userEmail);
+ }
+
+ protected void doAfterProviderAuthentication(String providerId) {
- // already authenticated in saml idp and redirected to app
- assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app/"));
}
private UserSessionStatus retrieveSessionStatus() {
@@ -125,10 +153,8 @@ public abstract class AbstractIdentityProviderTest {
String pageSource = this.driver.getPageSource();
sessionStatus = objectMapper.readValue(pageSource.getBytes(), UserSessionStatus.class);
-
- assertNotNull(retrieveSessionStatus());
- } catch (IOException e) {
- throw new RuntimeException("Could not retrieve session status.", e);
+ } catch (IOException ignore) {
+ ignore.printStackTrace();
}
return sessionStatus;
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java
index 7ef78c0..b473542 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java
@@ -143,22 +143,20 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
for (IdentityProviderModel identityProvider : identityProviders) {
String providerId = identityProvider.getProviderId();
- if (SAMLIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- if (identityProvider.getId().equals("saml-signed-idp")) {
+ if (!identityProvider.getId().contains("kc-")) {
+ if (SAMLIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
assertSamlIdentityProviderConfig(identityProvider);
- } else {
- continue;
+ } else if (GoogleIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+ assertGoogleIdentityProviderConfig(identityProvider);
+ } else if (OIDCIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+ assertOidcIdentityProviderConfig(identityProvider);
+ } else if (FacebookIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+ assertFacebookIdentityProviderConfig(identityProvider);
+ } else if (GitHubIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+ assertGitHubIdentityProviderConfig(identityProvider);
+ } else if (TwitterIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+ assertTwitterIdentityProviderConfig(identityProvider);
}
- } else if (GoogleIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- assertGoogleIdentityProviderConfig(identityProvider);
- } else if (OIDCIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- assertOidcIdentityProviderConfig(identityProvider);
- } else if (FacebookIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- assertFacebookIdentityProviderConfig(identityProvider);
- } else if (GitHubIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- assertGitHubIdentityProviderConfig(identityProvider);
- } else if (TwitterIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- assertTwitterIdentityProviderConfig(identityProvider);
}
checkedProviders.remove(providerId);
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java
new file mode 100755
index 0000000..81c26c0
--- /dev/null
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java
@@ -0,0 +1,64 @@
+package org.keycloak.testsuite.broker;
+
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.services.managers.RealmManager;
+import org.keycloak.testsuite.pages.OAuthGrantPage;
+import org.keycloak.testsuite.rule.AbstractKeycloakRule;
+import org.keycloak.testsuite.rule.WebResource;
+import org.keycloak.testutils.KeycloakServer;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+/**
+ * @author pedroigor
+ */
+public class OIDCKeyCloakServerBrokerBasicTest extends AbstractIdentityProviderTest {
+
+ @ClassRule
+ public static AbstractKeycloakRule samlServerRule = new AbstractKeycloakRule() {
+
+ @Override
+ protected void configureServer(KeycloakServer server) {
+ server.getConfig().setPort(8082);
+ }
+
+ @Override
+ protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
+ server.importRealm(getClass().getResourceAsStream("/broker-test/test-broker-realm-with-oidc.json"));
+ }
+ };
+
+ @WebResource
+ private OAuthGrantPage grantPage;
+
+ @Test
+ public void testSuccessfulAuthentication() {
+ assertSuccessfulAuthentication("kc-oidc-idp");
+ }
+
+ @Override
+ protected void doAfterProviderAuthentication(String providerId) {
+ // grant access to broker-app
+ grantPage.assertCurrent();
+ grantPage.accept();
+ }
+
+ @Override
+ protected void doUpdateProfile(String providerId) {
+ }
+
+ @Override
+ protected void doAssertFederatedUser(String providerId) {
+ UserModel userModel = getFederatedUser();
+
+ assertNotNull(userModel);
+ assertEquals("test-user@localhost", userModel.getEmail());
+ assertEquals("Test", userModel.getFirstName());
+ assertEquals("User", userModel.getLastName());
+ }
+}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java
index d51eb0e..0fcfb5f 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java
@@ -29,6 +29,6 @@ public class SAMLKeyCloakServerBrokerBasicTest extends AbstractIdentityProviderT
@Test
public void testSuccessfulAuthentication() {
- assertSuccessfulAuthentication("saml-idp-basic");
+ assertSuccessfulAuthentication("kc-saml-idp-basic");
}
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
index 8c2d341..65c4642 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
@@ -29,6 +29,6 @@ public class SAMLKeyCloakServerBrokerWithSignatureTest extends AbstractIdentityP
@Test
public void testSuccessfulAuthentication() {
- assertSuccessfulAuthentication("saml-signed-idp");
+ assertSuccessfulAuthentication("kc-saml-signed-idp");
}
}
diff --git a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-oidc.json b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-oidc.json
new file mode 100755
index 0000000..6d7b928
--- /dev/null
+++ b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-oidc.json
@@ -0,0 +1,46 @@
+{
+ "id": "realm-with-oidc-identity-provider",
+ "realm": "realm-with-oidc-identity-provider",
+ "enabled": true,
+ "requiredCredentials": [ "password" ],
+ "defaultRoles": [ "foo", "bar" ],
+ "privateKey": "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCCPyvTTb14vSMkpe/pds2P5Cqxk7bkeFnQiNMS1vyZ+HS2O79fxzp1eAguHnBTs4XTRT7SZJhIT/6utgqZjmDigKV5N7X5ptq8BM/W1qa1cYBRip261pc+tWf3IywJYQ9yFI9mUQarmIEl0D7GH16NSZklheaWfbodRVarvX+ML0amNtGYVDft/RftYmgbKKrK218qQp9R4GZFtf/Q/RmboNXN7weMINU8GWVkTRrccKBIXSunT6zXGfuj3Wp1YpVq20BWwY2OMM/P+yDAc7LKEO1LJqPBdT4r9BRn2lXiaga3AL24gTKZPKU/tu7uqfFciF+i4Rr58SMDNOzQcnklAgMBAAECggEAc0eibJYEO5d8QXW1kPgcHV2gBChv2mxDYnWYDLbIQSdNdfYP/qABt/MTmm5KkWr16fcCEYoD1w0mqFBrtVn1msSusUmEAYGTXJMNumOmjjX1kzaTQMmqeFBrwqwYz/xehWR5P+A7fSmwNV3KEeW19GvN5w5K96w0TLAQdFV3TQVPSytusDunwuR1yltMe1voaEDZ9z0Pi08YiEk2f6xhj5CMkoiw3mNImzfruphHullxU4FD05fH6tDeJ381527ILpAzDsgYZh4aFLKjUHem96bX4EL7FIzBJ6okgN78AZnUC/EaVfgFTw0qfhoWvZV4ruVXXiMhCg4CMMRDq/k9iQKBgQDBNWsJMT84OnnWmQoJmZogkFV+tsGrSK6Re+aJxLWpishh7dwAnT2OcagZvVdUb0FwNWu1D0B9/SKDDMRnnHBhOGDpH57m/eQdRU0oX1BD27xvffk0lLcfD4BTxnR5e9jss8K4twc9jf0P1rxC/loGJ2NtCH0BrPHgz54Ea+96ewKBgQCsk3JDaaPnFwzVYm2BXlhxOxLPsF4wvD2rIRAswZV4C5xebjand8nwiMmVpNd0PRLkEnkI+waURGv2EY/P3JsssoiY8Xqe8f/1G+SQKre7lbqOas8rFoALepC0BYDiZDFy0Z9ZnRAFzRI5sgIt7jpoMRD4xDNlmiV8X+yBxc3Y3wKBgQChDQsU1YUyNKQ8+sLAL9anEEkD4Ald4q8JPHN2IY+gLLxNzT0XEfsu0pTiJ8805axxgUYv3e/PVYNAJBNPnrqaf6lgiegl+jr9Hzhqz9CTUAYqFaL2boSakoxQyNtsLI0s+cb1vDN/3uy0GDZDzcty18BsMagqDmRtFgNNAj/UIwKBgQCahbeFBv0cOPZjxisY8Bou4N8aGehsqNBq/0LVYExuXa8YmoTTdJ3bgw9Er4G/ccQNdUDsuqAMeCtW/CiRzQ0ge4d1sprB4Rv3I4+HSsiS7SFKzfZLtWzXWlpg5qCdlWr1TR7qhYjIOPO9t1beO3YOvwhcRoliyyAPenBxTmTfbwKBgDtm2WJ5VlQgNpIdOs1CCiqd0DFmWOmvBPspPC1kySiy+Ndr9jNohRZkR7pEjgqA5E8rdzc88LirUN7bY5HFHRWN9KXrs5/o3O1K3GFCp64N6nvnPEYZ2zSJalcMC2fjSsJg26z8Dg1H+gfTIDUMoGiEAAnJXuqk+WayPU+fZMLn",
+ "publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj8r0029eL0jJKXv6XbNj+QqsZO25HhZ0IjTEtb8mfh0tju/X8c6dXgILh5wU7OF00U+0mSYSE/+rrYKmY5g4oCleTe1+abavATP1tamtXGAUYqdutaXPrVn9yMsCWEPchSPZlEGq5iBJdA+xh9ejUmZJYXmln26HUVWq71/jC9GpjbRmFQ37f0X7WJoGyiqyttfKkKfUeBmRbX/0P0Zm6DVze8HjCDVPBllZE0a3HCgSF0rp0+s1xn7o91qdWKVattAVsGNjjDPz/sgwHOyyhDtSyajwXU+K/QUZ9pV4moGtwC9uIEymTylP7bu7qnxXIhfouEa+fEjAzTs0HJ5JQIDAQAB",
+ "oauthClients" : [
+ {
+ "name": "broker-app",
+ "enabled": true,
+ "secret": "secret",
+ "redirectUris": [
+ "http://localhost:8081/auth/broker/realm-with-broker/kc-oidc-idp"
+ ],
+ "claims": {
+ "name" : true,
+ "email" : true,
+ "username" : true
+ }
+ }
+ ],
+ "users": [
+ {
+ "username" : "test-user",
+ "enabled": true,
+ "email" : "test-user@localhost",
+ "firstName" : "Test",
+ "lastName" : "User",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["manager"]
+ }
+ ],
+ "roles" : {
+ "realm" : [
+ {
+ "name": "manager",
+ "description": "Have Manager privileges"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml.json b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml.json
index 058a463..3f6d27a 100755
--- a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml.json
+++ b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml.json
@@ -1,6 +1,6 @@
{
- "id": "realm-with-saml-identity-provider",
- "realm": "realm-with-saml-identity-provider",
+ "id": "realm-with-saml-idp-basic",
+ "realm": "realm-with-saml-idp-basic",
"enabled": true,
"requiredCredentials": [ "password" ],
"defaultRoles": [ "foo", "bar" ],
@@ -11,7 +11,7 @@
"name": "http://localhost:8081/auth/",
"enabled": true,
"redirectUris": [
- "http://localhost:8081/auth/broker/realm-with-broker/saml-idp-basic"
+ "http://localhost:8081/auth/broker/realm-with-broker/kc-saml-idp-basic"
],
"attributes": {
"saml.authnstatement": "true"
@@ -19,15 +19,18 @@
}
],
"users": [
- {
- "username" : "saml.user",
- "enabled": true,
- "credentials" : [
- { "type" : "password",
- "value" : "password" }
- ],
- "realmRoles": ["manager"]
- }
+ {
+ "username" : "test-user",
+ "enabled": true,
+ "email" : "test-user@localhost",
+ "firstName" : "Test",
+ "lastName" : "User",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["manager"]
+ }
],
"roles" : {
"realm" : [
diff --git a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml-with-signature.json b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml-with-signature.json
index 50eda96..9882b81 100755
--- a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml-with-signature.json
+++ b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml-with-signature.json
@@ -1,6 +1,6 @@
{
- "id": "realm-with-saml-identity-provider",
- "realm": "realm-with-saml-identity-provider",
+ "id": "realm-with-saml-signed-idp",
+ "realm": "realm-with-saml-signed-idp",
"enabled": true,
"requiredCredentials": [ "password" ],
"defaultRoles": [ "foo", "bar" ],
@@ -11,7 +11,7 @@
"name": "http://localhost:8081/auth/",
"enabled": true,
"redirectUris": [
- "http://localhost:8081/auth/broker/realm-with-broker/saml-signed-idp"
+ "http://localhost:8081/auth/broker/realm-with-broker/kc-saml-signed-idp"
],
"attributes": {
"saml.assertion.signature": "true",
@@ -25,15 +25,18 @@
}
],
"users": [
- {
- "username" : "saml.user",
- "enabled": true,
- "credentials" : [
- { "type" : "password",
- "value" : "password" }
- ],
- "realmRoles": ["manager"]
- }
+ {
+ "username" : "test-user",
+ "enabled": true,
+ "email" : "test-user@localhost",
+ "firstName" : "Test",
+ "lastName" : "User",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["manager"]
+ }
],
"roles" : {
"realm" : [
diff --git a/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json b/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json
index 21bd22a..f86c74d 100755
--- a/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json
+++ b/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json
@@ -61,13 +61,30 @@
}
},
{
- "id" : "saml-signed-idp",
+ "id" : "saml-signed-idp",
+ "providerId" : "saml",
+ "name" : "SAML Signed IdP",
+ "enabled": true,
+ "updateProfileFirstLogin" : "true",
+ "config": {
+ "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml",
+ "nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
+ "signingCertificate": "MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin",
+ "wantAuthnRequestsSigned": true,
+ "forceAuthn": true,
+ "validateSignature": true,
+ "postBindingResponse": true,
+ "postBindingAuthnRequest": true
+ }
+ },
+ {
+ "id" : "kc-saml-signed-idp",
"providerId" : "saml",
"name" : "SAML Signed IdP",
"enabled": true,
"updateProfileFirstLogin" : "true",
"config": {
- "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml",
+ "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-signed-idp/protocol/saml",
"nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"signingCertificate": "MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin",
"wantAuthnRequestsSigned": true,
@@ -78,13 +95,13 @@
}
},
{
- "id" : "saml-idp-basic",
+ "id" : "kc-saml-idp-basic",
"providerId" : "saml",
"name" : "SAML Signed IdP",
"enabled": true,
"updateProfileFirstLogin" : "true",
"config": {
- "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml",
+ "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-idp-basic/protocol/saml",
"nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"forceAuthn": true,
"postBindingResponse": true,
@@ -101,12 +118,27 @@
"clientId": "clientId",
"clientSecret": "clientSecret",
"prompt": "prompt",
- "authorizationUrl": "authorizationUrl",
- "tokenUrl": "tokenUrl",
- "userInfoUrl": "userInfoUrl",
- "defaultScope": "defaultScope",
- "issuer": "issuer"
+ "authorizationUrl": "http://localhost:8082/auth/realms/realm-with-oidc-identity-provider/tokens/login",
+ "tokenUrl": "http://localhost:8081/auth/realms/realm-with-oidc-identity-provider/protocol/openid-connect/access/codes",
+ "userInfoUrl": "http://localhost:8081/auth/realms/realm-with-oidc-identity-provider/protocol/openid-connect/userinfo",
+ "defaultScope": "email profile"
}
+ },
+ {
+ "id" : "kc-oidc-idp",
+ "providerId" : "oidc",
+ "name" : "KeyCloak OIDC IdP",
+ "enabled": true,
+ "updateProfileFirstLogin" : "false",
+ "config": {
+ "clientId": "broker-app",
+ "clientSecret": "secret",
+ "prompt": "login",
+ "authorizationUrl": "http://localhost:8082/auth/realms/realm-with-oidc-identity-provider/tokens/login",
+ "tokenUrl": "http://localhost:8082/auth/realms/realm-with-oidc-identity-provider/protocol/openid-connect/access/codes",
+ "userInfoUrl": "http://localhost:8082/auth/realms/realm-with-oidc-identity-provider/protocol/openid-connect/userinfo",
+ "defaultScope": "email profile"
+ }
}
],
"users": [