keycloak-admin 0.7.9 → 1.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ddc2a67d3273ab4353daeb48dce261f5ba27a310fa91e9947e751da86d55a124
-  data.tar.gz: 5850f80b6f5c1f76ade40a92bba444559fcc1f637bee0eaf1cb4b917cbfd7f4c
+  metadata.gz: 5651d2f6cb0f65225b0d58aa8a6087098c79b98e3d2d92fa293efc584b65248e
+  data.tar.gz: d737f6b39c07ccfb357ab41475308a6f155c490abdcdef077ba51c7fc3307870
 SHA512:
-  metadata.gz: 210d92708eb39e0f221cd54f7c5d1fec917f8a1cab5bafb6ec1b1f706b60e634acf55bd38396bf5017ac95eef4aaed2d3892700ec9cbcc84757128ed02f2d46f
-  data.tar.gz: 45e19fa08576cb1f468f0fc9dd6841da93e0bafe91002361ad78610637a41e438bfc7e7a04f5741eab87bc161cab4982b7d9fd88a482862ede548c03b2e3c287
+  metadata.gz: ee0a70fc6b10d9b687f73f6a0742780adf9310d12bbfb2ade247dfb8cebaa29b389cb830dfb75115979f3533573d5a2657264a4e805c040f4a98dec35b0366f5
+  data.tar.gz: 2451d6bb9f6b5de496096b02fd181c53bc40e1a5749dbf990bc3b312a0d951e247976bf1cb93fb54f264cb95088b5c8c2d4ea779bdc542890e43837d28970e93

data/.gitignore

@@ -7,3 +7,4 @@ test/dummy/log/*.log
 test/dummy/tmp/
 *.gem
 .idea/
+.byebug_history

data/CHANGELOG.md

@@ -5,6 +5,23 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.0.2] - 2022-03-11
+
+* Create `Client`
+* Create `Identity Provider` (Breaking change: `IdentityProviderRepresentation.configuration` has been renamed to `IdentityProviderRepresentation.config`)
+* Add `Identity Provider Mapping`
+
+## [1.0.1] - 2021-10-14
+
+* List all `Identity Providers`
+* Add Group on Users (thanks to @tomuench)
+* Remove Group from Users (thanks to @tomuench)
+
+## [1.0.0] - 2021-08-03
+
+* Add `totp` on Users
+* Add `required_actions` on Users
+
 ## [0.7.9] - 2020-10-22
 
 * Extend `search` function to use complex queries (thanks to @hobbypunk90)

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    keycloak-admin (0.7.9)
+    keycloak-admin (1.0.2)
       http-cookie (~> 1.0, >= 1.0.3)
       rest-client (~> 2.0)
 
@@ -13,11 +13,11 @@ GEM
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
     http-accept (1.7.0)
-    http-cookie (1.0.3)
+    http-cookie (1.0.4)
       domain_name (~> 0.5)
-    mime-types (3.3.1)
+    mime-types (3.4.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2020.0512)
+    mime-types-data (3.2022.0105)
     netrc (0.11.0)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
@@ -39,7 +39,7 @@ GEM
     rspec-support (3.7.0)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.7.7)
+    unf_ext (0.0.8)
 
 PLATFORMS
   ruby

data/README.md

@@ -12,7 +12,7 @@ This gem *does not* require Rails.
 For example, using `bundle`, add this line to your Gemfile.
 
 ```ruby
-gem "keycloak-admin", "0.7.9"
+gem "keycloak-admin", "1.0.2"
 ```
 
 ## Login
@@ -114,12 +114,17 @@ All options have a default value. However, all of them can be changed in your in
 * Impersonate a user
 * Exchange a configurable token
 * Get list of clients
+* Create clients
 * Get list of groups, create/save a group
 * Get list of roles, save a role
 * Get list of realms, save/update/delete a realm
 * Get list of client role mappings for a user/group
 * Save client role mappings for a user/group
 * Save realm-level role mappings for a user/group
+* Add a Group on a User
+* Remove a Group from a User
+* Get list of Identity Providers
+* Create Identity Providers
 * Link/Unlink users to federated identity provider brokers
 * Execute actions emails
 * Send forgot passsword mail
@@ -367,6 +372,16 @@ group_id  = "3a63b5c0-ef8a-47fd-86ed-b5fead18d9b8"
 KeycloakAdmin.realm("a_realm").group(group_id).role_mapper.save_realm_level(role_list)
 ```
 
+### Get list of identity providers
+
+Note: This client requires the `realm-management.view-identity-providers` role.
+
+Returns an array of `KeycloakAdmin::IdentityProviderRepresentation`.
+
+```ruby
+KeycloakAdmin.realm("a_realm").identity_providers.list
+```
+
 ## How to execute library tests
 
 From the `keycloak-admin-api` directory:
@@ -374,4 +389,5 @@ From the `keycloak-admin-api` directory:
 ```
   $ docker build . -t keycloak-admin:test
   $ docker run -v `pwd`:/usr/src/app/ keycloak-admin:test bundle exec rspec spec
-```
+```
+

data/lib/keycloak-admin/client/client_client.rb

@@ -6,6 +6,14 @@ module KeycloakAdmin
       @realm_client = realm_client
     end
 
+    def save(client_representation)
+      execute_http do
+        RestClient::Resource.new(clients_url, @configuration.rest_client_options).post(
+          client_representation.to_json, headers
+        )
+      end
+    end
+
     def list
       response = execute_http do
         RestClient::Resource.new(clients_url, @configuration.rest_client_options).get(headers)

data/lib/keycloak-admin/client/identity_provider_client.rb

@@ -0,0 +1,51 @@
+module KeycloakAdmin
+  class IdentityProviderClient < Client
+    def initialize(configuration, realm_client)
+      super(configuration)
+      raise ArgumentError.new("realm must be defined") unless realm_client.name_defined?
+      @realm_client = realm_client
+    end
+
+    def create(identity_provider_representation)
+      execute_http do
+        RestClient::Resource.new(identity_providers_url, @configuration.rest_client_options).post(
+          identity_provider_representation.to_json, headers
+        )
+      end
+    end
+
+    def add_mapping(identity_provider_alias, identity_provider_mapping_representation)
+      execute_http do
+        RestClient::Resource.new(identity_provider_mappers_url(identity_provider_alias), @configuration.rest_client_options).post(
+          identity_provider_mapping_representation.to_json, headers
+        )
+      end
+    end
+
+    def list
+      response = execute_http do
+        RestClient::Resource.new(identity_providers_url, @configuration.rest_client_options).get(headers)
+      end
+      JSON.parse(response).map { |provider_as_hash| IdentityProviderRepresentation.from_hash(provider_as_hash) }
+    end
+
+    def get(internal_id_or_alias=nil)
+      response = execute_http do
+        RestClient::Resource.new(identity_providers_url, @configuration.rest_client_options).get(headers)
+      end
+      IdentityProviderRepresentation.from_hash(JSON.parse(response))
+    end
+
+    def identity_providers_url(internal_id_or_alias=nil)
+      if internal_id_or_alias
+        "#{@realm_client.realm_admin_url}/identity-provider/instances/#{internal_id_or_alias}"
+      else
+        "#{@realm_client.realm_admin_url}/identity-provider/instances"
+      end
+    end
+
+    def identity_provider_mappers_url(internal_id_or_alias)
+      "#{identity_providers_url(internal_id_or_alias)}/mappers"
+    end
+  end
+end

data/lib/keycloak-admin/client/realm_client.rb

@@ -83,6 +83,10 @@ module KeycloakAdmin
       UserClient.new(@configuration, self)
     end
 
+    def identity_providers
+      IdentityProviderClient.new(@configuration, self)
+    end
+
     def user(user_id)
       UserResource.new(@configuration, self, user_id)
     end

data/lib/keycloak-admin/client/user_client.rb

@@ -31,6 +31,27 @@ module KeycloakAdmin
       )
     end
 
+    def add_group(user_id, group_id)
+      RestClient::Request.execute(
+        @configuration.rest_client_options.merge(
+          method: :put,
+          url: "#{users_url(user_id)}/groups/#{group_id}",
+          payload: {},
+          headers: headers
+        )
+      )
+    end
+
+    def remove_group(user_id, group_id)
+      RestClient::Request.execute(
+        @configuration.rest_client_options.merge(
+          method: :delete,
+          url: "#{users_url(user_id)}/groups/#{group_id}",
+          headers: headers
+        )
+      )
+    end
+
     def get(user_id)
       response = execute_http do
         RestClient::Resource.new(users_url(user_id), @configuration.rest_client_options).get(headers)

data/lib/keycloak-admin/representation/client_representation.rb

@@ -1,15 +1,70 @@
 module KeycloakAdmin
   class ClientRepresentation < Representation
     attr_accessor :id,
-      :name,
-      :client_id
-    # TODO: Add more attributes
+                  :name,
+                  :client_id,
+                  :description,
+                  :client_authenticator_type,
+                  :always_display_in_console,
+                  :surrogate_auth_required,
+                  :redirect_uris,
+                  :web_origins,
+                  :not_before,
+                  :bearer_only,
+                  :consent_required,
+                  :standard_flow_enabled,
+                  :implicit_flow_enabled,
+                  :direct_access_grants_enabled,
+                  :service_accounts_enabled,
+                  :authorization_services_enabled,
+                  :public_client,
+                  :frontchannel_logout,
+                  :protocol,
+                  :base_url,
+                  :root_url,
+                  :attributes,
+                  :authentication_flow_binding_overrides,
+                  :full_scope_allowed,
+                  :node_re_registration_timeout,
+                  :attributes,
+                  :protocol_mappers,
+                  :default_client_scopes,
+                  :optional_client_scopes,
+                  :access
 
     def self.from_hash(hash)
-      client           = new
-      client.id        = hash["id"]
-      client.name      = hash["name"]
-      client.client_id = hash["clientId"]
+      client                                       = new
+      client.id                                    = hash["id"]
+      client.name                                  = hash["name"]
+      client.client_id                             = hash["clientId"]
+      client.description                           = hash["description"]
+      client.client_authenticator_type             = hash["clientAuthenticatorType"]
+      client.always_display_in_console             = hash["alwaysDisplayInConsole"] || false
+      client.surrogate_auth_required               = hash["surrogateAuthRequired"] || false
+      client.redirect_uris                         = hash["redirectUris"] || false
+      client.web_origins                           = hash["webOrigins"] || false
+      client.not_before                            = hash["notBefore"] || false
+      client.bearer_only                           = hash["bearerOnly"] || false
+      client.consent_required                      = hash["consentRequired"] || false
+      client.standard_flow_enabled                 = hash["standardFlowEnabled"] || false
+      client.implicit_flow_enabled                 = hash["implicitFlowEnabled"] || false
+      client.direct_access_grants_enabled          = hash["directAccessGrantsEnabled"] || false
+      client.service_accounts_enabled              = hash["serviceAccountsEnabled"] || false
+      client.authorization_services_enabled        = hash["authorizationServicesEnabled"] || false
+      client.public_client                         = hash["publicClient"] || false
+      client.frontchannel_logout                   = hash["frontchannelLogout"] || false
+      client.protocol                              = hash["protocol"]
+      client.base_url                              = hash["baseUrl"]
+      client.root_url                              = hash["rootUrl"]
+      client.attributes                            = hash["attributes"] || {}
+      client.authentication_flow_binding_overrides = hash["authenticationFlowBindingOverrides"] || {}
+      client.full_scope_allowed                    = hash["fullScopeAllowed"] || false
+      client.node_re_registration_timeout          = hash["nodeReRegistrationTimeout"] || -1
+      client.attributes                            = hash["attributes"]
+      client.protocol_mappers                      = (hash["protocolMappers"] || []).map { |protocol_mapper_hash| ProtocolMapperRepresentation.from_hash(protocol_mapper_hash) }
+      client.default_client_scopes                 = hash["defaultClientScopes"] || []
+      client.optional_client_scopes                = hash["optionalClientScopes"] || []
+      client.access                                = hash["access"] || {}
       client
     end
   end

data/lib/keycloak-admin/representation/identity_provider_mapper_representation.rb

@@ -0,0 +1,19 @@
+module KeycloakAdmin
+  class IdentityProviderMapperRepresentation < Representation
+    attr_accessor :id,
+                  :name,
+                  :identity_provider_alias,
+                  :identity_provider_mapper,
+                  :config
+
+    def self.from_hash(hash)
+      client                           = new
+      client.id                        = hash["id"]
+      client.name                      = hash["name"]
+      client.identity_provider_alias   = hash["identityProviderAlias"]
+      client.identity_provider_mapper  = hash["identityProviderMapper"]
+      client.config                    = hash["config"]
+      client
+    end
+  end
+end

data/lib/keycloak-admin/representation/identity_provider_representation.rb

@@ -0,0 +1,67 @@
+module KeycloakAdmin
+  class IdentityProviderRepresentation < Representation
+    attr_accessor :alias,
+                  :display_name,
+                  :internal_id,
+                  :provider_id,
+                  :enabled,
+                  :update_profile_first_login_mode,
+                  :trust_email,
+                  :store_token,
+                  :add_read_token_role_on_create,
+                  :authenticate_by_default,
+                  :link_only,
+                  :first_broker_login_flow_alias,
+                  :config
+
+    def self.from_hash(hash)
+      if hash.nil?
+        nil
+      else
+        new(
+          hash["alias"],
+          hash["displayName"],
+          hash["internalId"],
+          hash["providerId"],
+          hash["enabled"],
+          hash["updateProfileFirstLoginMode"],
+          hash["trustEmail"],
+          hash["storeToken"],
+          hash["addReadTokenRoleOnCreate"],
+          hash["authenticateByDefault"],
+          hash["linkOnly"],
+          hash["firstBrokerLoginFlowAlias"],
+          hash["config"]
+        )
+      end
+    end
+
+    def initialize(alias_name,
+                   display_name,
+                   internal_id,
+                   provider_id,
+                   enabled,
+                   update_profile_first_login_mode,
+                   trust_email,
+                   store_token,
+                   add_read_token_role_on_create,
+                   authenticate_by_default,
+                   link_only,
+                   first_broker_login_flow_alias,
+                   config)
+      @alias                           = alias_name
+      @display_name                    = display_name
+      @internal_id                     = internal_id
+      @provider_id                     = provider_id
+      @enabled                         = enabled
+      @update_profile_first_login_mode = update_profile_first_login_mode
+      @trust_email                     = trust_email
+      @store_token                     = store_token
+      @add_read_token_role_on_create   = add_read_token_role_on_create
+      @authenticate_by_default         = authenticate_by_default
+      @link_only                       = link_only
+      @first_broker_login_flow_alias   = first_broker_login_flow_alias
+      @config                          = config || {}
+    end
+  end
+end

data/lib/keycloak-admin/representation/protocol_mapper_representation.rb

@@ -0,0 +1,19 @@
+module KeycloakAdmin
+  class ProtocolMapperRepresentation < Representation
+    attr_accessor :config,
+                  :id,
+                  :name,
+                  :protocol,
+                  :protocol_mapper
+
+    def self.from_hash(hash)
+      rep                 = new
+      rep.id              = hash["id"]
+      rep.config          = hash["config"]
+      rep.name            = hash["name"]
+      rep.protocol        = hash["protocol"]
+      rep.protocol_mapper = hash["protocolMapper"]
+      rep
+    end
+  end
+end

data/lib/keycloak-admin/representation/user_representation.rb

@@ -10,8 +10,10 @@ module KeycloakAdmin
       :email_verified,
       :first_name,
       :last_name,
+      :totp,
       :credentials,
-      :federated_identities
+      :federated_identities,
+      :required_actions
 
     def self.from_hash(hash)
       user                      = new
@@ -25,6 +27,8 @@ module KeycloakAdmin
       user.first_name           = hash["firstName"]
       user.last_name            = hash["lastName"]
       user.attributes           = hash["attributes"]
+      user.required_actions     = hash["requiredActions"] || []
+      user.totp                 = hash["totp"] || false
       user.credentials          = hash["credentials"]&.map{ |hash| CredentialRepresentation.from_hash(hash) } || []
       user.federated_identities = hash["federatedIdentities"]&.map { |hash| FederatedIdentityRepresentation.from_hash(hash) } || []
       user

data/lib/keycloak-admin/version.rb

@@ -1,3 +1,3 @@
 module KeycloakAdmin
-  VERSION = "0.7.9"
+  VERSION = "1.0.2"
 end

data/lib/keycloak-admin.rb

@@ -10,9 +10,11 @@ require_relative "keycloak-admin/client/role_client"
 require_relative "keycloak-admin/client/role_mapper_client"
 require_relative "keycloak-admin/client/token_client"
 require_relative "keycloak-admin/client/user_client"
+require_relative "keycloak-admin/client/identity_provider_client"
 require_relative "keycloak-admin/client/configurable_token_client"
 require_relative "keycloak-admin/representation/camel_json"
 require_relative "keycloak-admin/representation/representation"
+require_relative "keycloak-admin/representation/protocol_mapper_representation"
 require_relative "keycloak-admin/representation/client_representation"
 require_relative "keycloak-admin/representation/group_representation"
 require_relative "keycloak-admin/representation/token_representation"
@@ -23,6 +25,8 @@ require_relative "keycloak-admin/representation/realm_representation"
 require_relative "keycloak-admin/representation/role_representation"
 require_relative "keycloak-admin/representation/federated_identity_representation"
 require_relative "keycloak-admin/representation/user_representation"
+require_relative "keycloak-admin/representation/identity_provider_mapper_representation"
+require_relative "keycloak-admin/representation/identity_provider_representation"
 require_relative "keycloak-admin/resource/base_role_containing_resource"
 require_relative "keycloak-admin/resource/group_resource"
 require_relative "keycloak-admin/resource/user_resource"

data/spec/client/identity_provider_client_spec.rb

@@ -0,0 +1,92 @@
+RSpec.describe KeycloakAdmin::IdentityProviderClient do
+  describe "#identity_providers_url" do
+    let(:realm_name)  { "valid-realm" }
+    let(:provider_id) { nil }
+
+    before(:each) do
+      @built_url = KeycloakAdmin.realm(realm_name).identity_providers.identity_providers_url(provider_id)
+    end
+
+    context "when provider_id is not defined" do
+      let(:provider_id) { nil }
+      it "returns a proper url without provider id" do
+        expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/identity-provider/instances"
+      end
+    end
+
+    context "when provider_id is defined" do
+      let(:provider_id) { "95985b21-d884-4bbd-b852-cb8cd365afc2" }
+      it "returns a proper url with the provider id" do
+        expect(@built_url).to eq "http://auth.service.io/auth/admin/realms/valid-realm/identity-provider/instances/95985b21-d884-4bbd-b852-cb8cd365afc2"
+      end
+    end
+  end
+
+  describe "#list" do
+    let(:realm_name) { "valid-realm" }
+    let(:json_response) do
+      <<-JSON
+      [
+        {
+          "alias": "acme",
+          "displayName": "ACME",
+          "internalId": "20fea77e-ae3d-411e-9467-2b3a20cd3e6d",
+          "providerId": "saml",
+          "enabled": true,
+          "updateProfileFirstLoginMode": "on",
+          "trustEmail": true,
+          "storeToken": false,
+          "addReadTokenRoleOnCreate": false,
+          "authenticateByDefault": false,
+          "linkOnly": false,
+          "firstBrokerLoginFlowAlias": "first broker login",
+          "config": {
+            "hideOnLoginPage": "",
+            "validateSignature": "true",
+            "samlXmlKeyNameTranformer": "KEY_ID",
+            "signingCertificate": "",
+            "postBindingLogout": "false",
+            "nameIDPolicyFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
+            "postBindingResponse": "true",
+            "backchannelSupported": "",
+            "signatureAlgorithm": "RSA_SHA256",
+            "wantAssertionsEncrypted": "false",
+            "xmlSigKeyInfoKeyNameTransformer": "CERT_SUBJECT",
+            "useJwksUrl": "true",
+            "wantAssertionsSigned": "true",
+            "postBindingAuthnRequest": "true",
+            "forceAuthn": "",
+            "wantAuthnRequestsSigned": "true",
+            "singleSignOnServiceUrl": "https://login.microsoftonline.com/test/saml2",
+            "addExtensionsElementWithKeyInfo": "false"
+          }
+        }
+      ]
+      JSON
+    end
+    before(:each) do
+      @identity_provider_client = KeycloakAdmin.realm(realm_name).identity_providers
+
+      stub_token_client
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return json_response
+    end
+
+    it "lists identity providers" do
+      identity_providers = @identity_provider_client.list
+      expect(identity_providers.length).to eq 1
+      expect(identity_providers[0].alias).to eq "acme"
+    end
+
+    it "passes rest client options" do
+      rest_client_options = {verify_ssl: OpenSSL::SSL::VERIFY_NONE}
+      allow_any_instance_of(KeycloakAdmin::Configuration).to receive(:rest_client_options).and_return rest_client_options
+
+      expect(RestClient::Resource).to receive(:new).with(
+        "http://auth.service.io/auth/admin/realms/valid-realm/identity-provider/instances", rest_client_options).and_call_original
+
+      identity_providers = @identity_provider_client.list
+      expect(identity_providers.length).to eq 1
+      expect(identity_providers[0].alias).to eq "acme"
+    end
+  end
+end

data/spec/client/user_client_spec.rb

@@ -158,7 +158,7 @@ RSpec.describe KeycloakAdmin::TokenClient do
       @user_client = KeycloakAdmin.realm(realm_name).users
 
       stub_token_client
-      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"username":"test_username","createdTimestamp":1559347200}'
+      allow_any_instance_of(RestClient::Resource).to receive(:get).and_return '{"username":"test_username","createdTimestamp":1559347200, "requiredActions":["CONFIGURE_TOTP"], "totp": true}'
     end
 
     it "parses the response" do
@@ -175,6 +175,8 @@ RSpec.describe KeycloakAdmin::TokenClient do
 
       user = @user_client.get('test_user_id')
       expect(user.username).to eq 'test_username'
+      expect(user.totp).to be true
+      expect(user.required_actions).to eq ["CONFIGURE_TOTP"]
     end
   end
 

data/spec/representation/client_representation_spec.rb

@@ -0,0 +1,119 @@
+RSpec.describe KeycloakAdmin::UserRepresentation do
+  describe "#to_json" do
+    before(:each) do
+      @client = KeycloakAdmin::ClientRepresentation.from_hash(
+        {
+          "id" => "c9104bc7-04d8-4348-b4df-8d883f9f6095",
+          "clientId" => "clien-test",
+          "name" => "Client TEST",
+          "description" => "Test to parse a client repsentation",
+          "surrogateAuthRequired" => false,
+          "enabled" => true,
+          "alwaysDisplayInConsole" => false,
+          "clientAuthenticatorType" => "client-secret",
+          "redirectUris" => [],
+          "webOrigins" => [],
+          "notBefore" => 0,
+          "bearerOnly" => false,
+          "consentRequired" => false,
+          "standardFlowEnabled" => false,
+          "implicitFlowEnabled" => false,
+          "directAccessGrantsEnabled" => false,
+          "serviceAccountsEnabled" => true,
+          "publicClient" => false,
+          "frontchannelLogout" => false,
+          "protocol" => "openid-connect",
+          "attributes" => {
+            "saml.assertion.signature" => "false",
+            "access.token.lifespan" => "86400",
+            "saml.multivalued.roles" => "false",
+            "saml.force.post.binding" => "false",
+            "saml.encrypt" => "false",
+            "saml.server.signature" => "false",
+            "backchannel.logout.revoke.offline.tokens" => "false",
+            "saml.server.signature.keyinfo.ext" => "false",
+            "exclude.session.state.from.auth.response" => "false",
+            "backchannel.logout.session.required" => "true",
+            "saml_force_name_id_format" => "false",
+            "saml.client.signature" => "false",
+            "tls.client.certificate.bound.access.tokens" => "false",
+            "saml.authnstatement" => "false",
+            "display.on.consent.screen" => "false",
+            "saml.onetimeuse.condition" => "false"
+          },
+          "authenticationFlowBindingOverrides" => {},
+          "fullScopeAllowed" => true,
+          "nodeReRegistrationTimeout" => -1,
+          "protocolMappers" => [
+            {
+              "id" => "2220432a-e953-422c-b176-62b65e085fe5",
+              "name" => "Client Host",
+              "protocol" => "openid-connect",
+              "protocolMapper" => "oidc-usersessionmodel-note-mapper",
+              "consentRequired" => false,
+              "config" => {
+                "user.session.note" => "clientHost",
+                "userinfo.token.claim" => "true",
+                "id.token.claim" => "true",
+                "access.token.claim" => "true",
+                "claim.name" => "clientHost",
+                "jsonType.label" => "String"
+              }
+            },
+            {
+              "id" => "5509e428-574d-4137-b396-9108244f31ee",
+              "name" => "Client IP Address",
+              "protocol" => "openid-connect",
+              "protocolMapper" => "oidc-usersessionmodel-note-mapper",
+              "consentRequired" => false,
+              "config" => {
+                "user.session.note" => "clientAddress",
+                "userinfo.token.claim" => "true",
+                "id.token.claim" => "true",
+                "access.token.claim" => "true",
+                "claim.name" => "clientAddress",
+                "jsonType.label" => "String"
+              }
+            },
+            {
+              "id" => "44504b93-dbce-48b8-9570-9a48d5421ae9",
+              "name" => "Client ID",
+              "protocol" => "openid-connect",
+              "protocolMapper" => "oidc-usersessionmodel-note-mapper",
+              "consentRequired" => false,
+              "config" => {
+                "user.session.note" => "clientId",
+                "userinfo.token.claim" => "true",
+                "id.token.claim" => "true",
+                "access.token.claim" => "true",
+                "claim.name" => "clientId",
+                "jsonType.label" => "String"
+              }
+            }
+          ],
+          "defaultClientScopes" => [
+            "web-origins",
+            "roles",
+            "profile",
+            "email"
+          ],
+          "optionalClientScopes" => [
+            "address",
+            "phone",
+            "offline_access",
+            "microprofile-jwt"
+          ],
+          "access" => {
+            "view" => true,
+            "configure" => true,
+            "manage" => true
+          }
+        }
+      )
+    end
+
+    it "can convert to json" do
+      expect(@client.to_json).to eq "{\"id\":\"c9104bc7-04d8-4348-b4df-8d883f9f6095\",\"name\":\"Client TEST\",\"clientId\":\"clien-test\",\"description\":\"Test to parse a client repsentation\",\"clientAuthenticatorType\":\"client-secret\",\"alwaysDisplayInConsole\":false,\"surrogateAuthRequired\":false,\"redirectUris\":[],\"webOrigins\":[],\"notBefore\":0,\"bearerOnly\":false,\"consentRequired\":false,\"standardFlowEnabled\":false,\"implicitFlowEnabled\":false,\"directAccessGrantsEnabled\":false,\"serviceAccountsEnabled\":true,\"authorizationServicesEnabled\":false,\"publicClient\":false,\"frontchannelLogout\":false,\"protocol\":\"openid-connect\",\"baseUrl\":null,\"rootUrl\":null,\"attributes\":{\"saml.assertion.signature\":\"false\",\"access.token.lifespan\":\"86400\",\"saml.multivalued.roles\":\"false\",\"saml.force.post.binding\":\"false\",\"saml.encrypt\":\"false\",\"saml.server.signature\":\"false\",\"backchannel.logout.revoke.offline.tokens\":\"false\",\"saml.server.signature.keyinfo.ext\":\"false\",\"exclude.session.state.from.auth.response\":\"false\",\"backchannel.logout.session.required\":\"true\",\"saml_force_name_id_format\":\"false\",\"saml.client.signature\":\"false\",\"tls.client.certificate.bound.access.tokens\":\"false\",\"saml.authnstatement\":\"false\",\"display.on.consent.screen\":\"false\",\"saml.onetimeuse.condition\":\"false\"},\"authenticationFlowBindingOverrides\":{},\"fullScopeAllowed\":true,\"nodeReRegistrationTimeout\":-1,\"protocolMappers\":[{\"id\":\"2220432a-e953-422c-b176-62b65e085fe5\",\"config\":{\"user.session.note\":\"clientHost\",\"userinfo.token.claim\":\"true\",\"id.token.claim\":\"true\",\"access.token.claim\":\"true\",\"claim.name\":\"clientHost\",\"jsonType.label\":\"String\"},\"name\":\"Client Host\",\"protocol\":\"openid-connect\",\"protocolMapper\":\"oidc-usersessionmodel-note-mapper\"},{\"id\":\"5509e428-574d-4137-b396-9108244f31ee\",\"config\":{\"user.session.note\":\"clientAddress\",\"userinfo.token.claim\":\"true\",\"id.token.claim\":\"true\",\"access.token.claim\":\"true\",\"claim.name\":\"clientAddress\",\"jsonType.label\":\"String\"},\"name\":\"Client IP Address\",\"protocol\":\"openid-connect\",\"protocolMapper\":\"oidc-usersessionmodel-note-mapper\"},{\"id\":\"44504b93-dbce-48b8-9570-9a48d5421ae9\",\"config\":{\"user.session.note\":\"clientId\",\"userinfo.token.claim\":\"true\",\"id.token.claim\":\"true\",\"access.token.claim\":\"true\",\"claim.name\":\"clientId\",\"jsonType.label\":\"String\"},\"name\":\"Client ID\",\"protocol\":\"openid-connect\",\"protocolMapper\":\"oidc-usersessionmodel-note-mapper\"}],\"defaultClientScopes\":[\"web-origins\",\"roles\",\"profile\",\"email\"],\"optionalClientScopes\":[\"address\",\"phone\",\"offline_access\",\"microprofile-jwt\"],\"access\":{\"view\":true,\"configure\":true,\"manage\":true}}"
+    end
+  end
+end

data/spec/representation/identity_provider_mapper_representation_spec.rb

@@ -0,0 +1,24 @@
+RSpec.describe KeycloakAdmin::UserRepresentation do
+  describe "#to_json" do
+    before(:each) do
+      @mapper = KeycloakAdmin::IdentityProviderMapperRepresentation.from_hash(
+        {
+          "id" => "91895ce9-b225-4274-993e-c8e6b8e490f0",
+          "name" => "IDP",
+          "identityProviderAlias" => "test",
+          "identityProviderMapper" => "hardcoded-attribute-idp-mapper",
+          "config" => {
+            "syncMode" => "INHERIT",
+            "attribute.value" => "test",
+            "attributes" => "[]",
+            "attribute" => "keycloak.idp"
+          }
+        }
+      )
+    end
+
+    it "can convert to json" do
+      expect(@mapper.to_json).to eq "{\"id\":\"91895ce9-b225-4274-993e-c8e6b8e490f0\",\"name\":\"IDP\",\"identityProviderAlias\":\"test\",\"identityProviderMapper\":\"hardcoded-attribute-idp-mapper\",\"config\":{\"syncMode\":\"INHERIT\",\"attribute.value\":\"test\",\"attributes\":\"[]\",\"attribute\":\"keycloak.idp\"}}"
+    end
+  end
+end

data/spec/representation/identity_provider_representation_spec.rb

@@ -0,0 +1,113 @@
+RSpec.describe KeycloakAdmin::IdentityProviderRepresentation do
+  describe "#from_hash" do
+    before(:each) do
+      json = <<-JSON
+      {
+        "alias": "acme",
+        "displayName": "ACME",
+        "internalId": "20fea77e-ae3d-411e-9467-2b3a20cd3e6d",
+        "providerId": "saml",
+        "enabled": true,
+        "updateProfileFirstLoginMode": "on",
+        "trustEmail": true,
+        "storeToken": false,
+        "addReadTokenRoleOnCreate": false,
+        "authenticateByDefault": false,
+        "linkOnly": false,
+        "firstBrokerLoginFlowAlias": "first broker login",
+        "config": {
+          "hideOnLoginPage": "",
+          "validateSignature": "true",
+          "samlXmlKeyNameTranformer": "KEY_ID",
+          "signingCertificate": "",
+          "postBindingLogout": "false",
+          "nameIDPolicyFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
+          "postBindingResponse": "true",
+          "backchannelSupported": "",
+          "signatureAlgorithm": "RSA_SHA256",
+          "wantAssertionsEncrypted": "false",
+          "xmlSigKeyInfoKeyNameTransformer": "CERT_SUBJECT",
+          "useJwksUrl": "true",
+          "wantAssertionsSigned": "true",
+          "postBindingAuthnRequest": "true",
+          "forceAuthn": "",
+          "wantAuthnRequestsSigned": "true",
+          "singleSignOnServiceUrl": "https://login.microsoftonline.com/test/saml2",
+          "addExtensionsElementWithKeyInfo": "false"
+        }
+      }
+      JSON
+      payload            = JSON.parse(json)
+      @identity_provider = KeycloakAdmin::IdentityProviderRepresentation.from_hash(payload)
+    end
+
+    it "parses the alias" do
+      expect(@identity_provider.alias).to eq "acme"
+    end
+
+    it "parses the display name" do
+      expect(@identity_provider.display_name).to eq "ACME"
+    end
+
+    it "parses the internalId" do
+      expect(@identity_provider.internal_id).to eq "20fea77e-ae3d-411e-9467-2b3a20cd3e6d"
+    end
+
+    it "parses the provider id" do
+      expect(@identity_provider.provider_id).to eq "saml"
+    end
+
+    it "parses the enabled" do
+      expect(@identity_provider.enabled).to eq true
+    end
+
+    it "parses the update_profile_first_login_mode" do
+      expect(@identity_provider.update_profile_first_login_mode).to eq "on"
+    end
+
+    it "parses the trust_email" do
+      expect(@identity_provider.trust_email).to eq true
+    end
+
+    it "parses the store_token" do
+      expect(@identity_provider.store_token).to eq false
+    end
+
+    it "parses the add_read_token_role_on_create" do
+      expect(@identity_provider.add_read_token_role_on_create).to eq false
+    end
+
+    it "parses the authenticate_by_default" do
+      expect(@identity_provider.authenticate_by_default).to eq false
+    end
+
+    it "parses the link_only" do
+      expect(@identity_provider.link_only).to eq false
+    end
+    
+    it "parses the first_broker_login_flow_alias" do
+      expect(@identity_provider.first_broker_login_flow_alias).to eq "first broker login"
+    end
+
+    it "parses the configuration as a hash with camel properties" do
+      expect(@identity_provider.config["hideOnLoginPage"]).to eq ""
+      expect(@identity_provider.config["validateSignature"]).to eq "true"
+      expect(@identity_provider.config["samlXmlKeyNameTranformer"]).to eq "KEY_ID"
+      expect(@identity_provider.config["signingCertificate"]).to eq ""
+      expect(@identity_provider.config["postBindingLogout"]).to eq "false"
+      expect(@identity_provider.config["nameIDPolicyFormat"]).to eq "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
+      expect(@identity_provider.config["postBindingResponse"]).to eq "true"
+      expect(@identity_provider.config["backchannelSupported"]).to eq ""
+      expect(@identity_provider.config["signatureAlgorithm"]).to eq "RSA_SHA256"
+      expect(@identity_provider.config["wantAssertionsEncrypted"]).to eq "false"
+      expect(@identity_provider.config["xmlSigKeyInfoKeyNameTransformer"]).to eq "CERT_SUBJECT"
+      expect(@identity_provider.config["useJwksUrl"]).to eq "true"
+      expect(@identity_provider.config["wantAssertionsSigned"]).to eq "true"
+      expect(@identity_provider.config["postBindingAuthnRequest"]).to eq "true"
+      expect(@identity_provider.config["forceAuthn"]).to eq ""
+      expect(@identity_provider.config["wantAuthnRequestsSigned"]).to eq "true"
+      expect(@identity_provider.config["singleSignOnServiceUrl"]).to eq "https://login.microsoftonline.com/test/saml2"
+      expect(@identity_provider.config["addExtensionsElementWithKeyInfo"]).to eq "false"
+    end
+  end
+end

data/spec/representation/user_representation_spec.rb

@@ -9,7 +9,7 @@ RSpec.describe KeycloakAdmin::UserRepresentation do
     end
 
     it "can convert to json" do
-      expect(@user.to_json).to eq '{"id":null,"createdTimestamp":1559836000,"origin":null,"username":"test_username","email":null,"enabled":true,"emailVerified":null,"firstName":null,"lastName":null,"attributes":null,"credentials":[],"federatedIdentities":[]}'
+      expect(@user.to_json).to eq '{"id":null,"createdTimestamp":1559836000,"origin":null,"username":"test_username","email":null,"enabled":true,"emailVerified":null,"firstName":null,"lastName":null,"attributes":null,"requiredActions":[],"totp":false,"credentials":[],"federatedIdentities":[]}'
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: keycloak-admin
 version: !ruby/object:Gem::Version
-  version: 0.7.9
+  version: 1.0.2
 platform: ruby
 authors:
 - Lorent Lempereur
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-10-22 00:00:00.000000000 Z
+date: 2022-03-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: http-cookie
@@ -94,6 +94,7 @@ files:
 - lib/keycloak-admin/client/client_role_mappings_client.rb
 - lib/keycloak-admin/client/configurable_token_client.rb
 - lib/keycloak-admin/client/group_client.rb
+- lib/keycloak-admin/client/identity_provider_client.rb
 - lib/keycloak-admin/client/realm_client.rb
 - lib/keycloak-admin/client/role_client.rb
 - lib/keycloak-admin/client/role_mapper_client.rb
@@ -105,8 +106,11 @@ files:
 - lib/keycloak-admin/representation/credential_representation.rb
 - lib/keycloak-admin/representation/federated_identity_representation.rb
 - lib/keycloak-admin/representation/group_representation.rb
+- lib/keycloak-admin/representation/identity_provider_mapper_representation.rb
+- lib/keycloak-admin/representation/identity_provider_representation.rb
 - lib/keycloak-admin/representation/impersonation_redirection_representation.rb
 - lib/keycloak-admin/representation/impersonation_representation.rb
+- lib/keycloak-admin/representation/protocol_mapper_representation.rb
 - lib/keycloak-admin/representation/realm_representation.rb
 - lib/keycloak-admin/representation/representation.rb
 - lib/keycloak-admin/representation/role_representation.rb
@@ -121,12 +125,16 @@ files:
 - spec/client/client_spec.rb
 - spec/client/configurable_token_client_spec.rb
 - spec/client/group_client_spec.rb
+- spec/client/identity_provider_client_spec.rb
 - spec/client/realm_client_spec.rb
 - spec/client/role_client_spec.rb
 - spec/client/role_mapper_client_spec.rb
 - spec/client/token_client_spec.rb
 - spec/client/user_client_spec.rb
 - spec/configuration_spec.rb
+- spec/representation/client_representation_spec.rb
+- spec/representation/identity_provider_mapper_representation_spec.rb
+- spec/representation/identity_provider_representation_spec.rb
 - spec/representation/impersonation_representation_spec.rb
 - spec/representation/user_representation_spec.rb
 - spec/resource/group_resource_spec.rb
@@ -136,7 +144,7 @@ homepage: https://github.com/looorent/keycloak-admin-ruby
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -151,8 +159,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.2.3
+signing_key:
 specification_version: 4
 summary: Keycloak Admin REST API client written in Ruby
 test_files: []