keycloak-admin 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/CHANGELOG.md +5 -0
- data/Gemfile.lock +4 -4
- data/README.md +3 -1
- data/lib/keycloak-admin/client/client_client.rb +8 -0
- data/lib/keycloak-admin/client/identity_provider_client.rb +20 -0
- data/lib/keycloak-admin/representation/client_representation.rb +62 -7
- data/lib/keycloak-admin/representation/identity_provider_mapper_representation.rb +19 -0
- data/lib/keycloak-admin/representation/identity_provider_representation.rb +3 -3
- data/lib/keycloak-admin/representation/protocol_mapper_representation.rb +19 -0
- data/lib/keycloak-admin/version.rb +1 -1
- data/lib/keycloak-admin.rb +2 -0
- data/spec/representation/client_representation_spec.rb +119 -0
- data/spec/representation/identity_provider_mapper_representation_spec.rb +24 -0
- data/spec/representation/identity_provider_representation_spec.rb +18 -18
- metadata +6 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5651d2f6cb0f65225b0d58aa8a6087098c79b98e3d2d92fa293efc584b65248e
|
|
4
|
+
data.tar.gz: d737f6b39c07ccfb357ab41475308a6f155c490abdcdef077ba51c7fc3307870
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ee0a70fc6b10d9b687f73f6a0742780adf9310d12bbfb2ade247dfb8cebaa29b389cb830dfb75115979f3533573d5a2657264a4e805c040f4a98dec35b0366f5
|
|
7
|
+
data.tar.gz: 2451d6bb9f6b5de496096b02fd181c53bc40e1a5749dbf990bc3b312a0d951e247976bf1cb93fb54f264cb95088b5c8c2d4ea779bdc542890e43837d28970e93
|
data/.gitignore
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [1.0.2] - 2022-03-11
|
|
9
|
+
|
|
10
|
+
* Create `Client`
|
|
11
|
+
* Create `Identity Provider` (Breaking change: `IdentityProviderRepresentation.configuration` has been renamed to `IdentityProviderRepresentation.config`)
|
|
12
|
+
* Add `Identity Provider Mapping`
|
|
8
13
|
|
|
9
14
|
## [1.0.1] - 2021-10-14
|
|
10
15
|
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
keycloak-admin (1.0.
|
|
4
|
+
keycloak-admin (1.0.2)
|
|
5
5
|
http-cookie (~> 1.0, >= 1.0.3)
|
|
6
6
|
rest-client (~> 2.0)
|
|
7
7
|
|
|
@@ -15,9 +15,9 @@ GEM
|
|
|
15
15
|
http-accept (1.7.0)
|
|
16
16
|
http-cookie (1.0.4)
|
|
17
17
|
domain_name (~> 0.5)
|
|
18
|
-
mime-types (3.
|
|
18
|
+
mime-types (3.4.1)
|
|
19
19
|
mime-types-data (~> 3.2015)
|
|
20
|
-
mime-types-data (3.
|
|
20
|
+
mime-types-data (3.2022.0105)
|
|
21
21
|
netrc (0.11.0)
|
|
22
22
|
rest-client (2.1.0)
|
|
23
23
|
http-accept (>= 1.7.0, < 2.0)
|
|
@@ -39,7 +39,7 @@ GEM
|
|
|
39
39
|
rspec-support (3.7.0)
|
|
40
40
|
unf (0.1.4)
|
|
41
41
|
unf_ext
|
|
42
|
-
unf_ext (0.0.
|
|
42
|
+
unf_ext (0.0.8)
|
|
43
43
|
|
|
44
44
|
PLATFORMS
|
|
45
45
|
ruby
|
data/README.md
CHANGED
|
@@ -12,7 +12,7 @@ This gem *does not* require Rails.
|
|
|
12
12
|
For example, using `bundle`, add this line to your Gemfile.
|
|
13
13
|
|
|
14
14
|
```ruby
|
|
15
|
-
gem "keycloak-admin", "1.0.
|
|
15
|
+
gem "keycloak-admin", "1.0.2"
|
|
16
16
|
```
|
|
17
17
|
|
|
18
18
|
## Login
|
|
@@ -114,6 +114,7 @@ All options have a default value. However, all of them can be changed in your in
|
|
|
114
114
|
* Impersonate a user
|
|
115
115
|
* Exchange a configurable token
|
|
116
116
|
* Get list of clients
|
|
117
|
+
* Create clients
|
|
117
118
|
* Get list of groups, create/save a group
|
|
118
119
|
* Get list of roles, save a role
|
|
119
120
|
* Get list of realms, save/update/delete a realm
|
|
@@ -123,6 +124,7 @@ All options have a default value. However, all of them can be changed in your in
|
|
|
123
124
|
* Add a Group on a User
|
|
124
125
|
* Remove a Group from a User
|
|
125
126
|
* Get list of Identity Providers
|
|
127
|
+
* Create Identity Providers
|
|
126
128
|
* Link/Unlink users to federated identity provider brokers
|
|
127
129
|
* Execute actions emails
|
|
128
130
|
* Send forgot passsword mail
|
|
@@ -6,6 +6,14 @@ module KeycloakAdmin
|
|
|
6
6
|
@realm_client = realm_client
|
|
7
7
|
end
|
|
8
8
|
|
|
9
|
+
def save(client_representation)
|
|
10
|
+
execute_http do
|
|
11
|
+
RestClient::Resource.new(clients_url, @configuration.rest_client_options).post(
|
|
12
|
+
client_representation.to_json, headers
|
|
13
|
+
)
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
|
|
9
17
|
def list
|
|
10
18
|
response = execute_http do
|
|
11
19
|
RestClient::Resource.new(clients_url, @configuration.rest_client_options).get(headers)
|
|
@@ -6,6 +6,22 @@ module KeycloakAdmin
|
|
|
6
6
|
@realm_client = realm_client
|
|
7
7
|
end
|
|
8
8
|
|
|
9
|
+
def create(identity_provider_representation)
|
|
10
|
+
execute_http do
|
|
11
|
+
RestClient::Resource.new(identity_providers_url, @configuration.rest_client_options).post(
|
|
12
|
+
identity_provider_representation.to_json, headers
|
|
13
|
+
)
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def add_mapping(identity_provider_alias, identity_provider_mapping_representation)
|
|
18
|
+
execute_http do
|
|
19
|
+
RestClient::Resource.new(identity_provider_mappers_url(identity_provider_alias), @configuration.rest_client_options).post(
|
|
20
|
+
identity_provider_mapping_representation.to_json, headers
|
|
21
|
+
)
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
9
25
|
def list
|
|
10
26
|
response = execute_http do
|
|
11
27
|
RestClient::Resource.new(identity_providers_url, @configuration.rest_client_options).get(headers)
|
|
@@ -27,5 +43,9 @@ module KeycloakAdmin
|
|
|
27
43
|
"#{@realm_client.realm_admin_url}/identity-provider/instances"
|
|
28
44
|
end
|
|
29
45
|
end
|
|
46
|
+
|
|
47
|
+
def identity_provider_mappers_url(internal_id_or_alias)
|
|
48
|
+
"#{identity_providers_url(internal_id_or_alias)}/mappers"
|
|
49
|
+
end
|
|
30
50
|
end
|
|
31
51
|
end
|
|
@@ -1,15 +1,70 @@
|
|
|
1
1
|
module KeycloakAdmin
|
|
2
2
|
class ClientRepresentation < Representation
|
|
3
3
|
attr_accessor :id,
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
4
|
+
:name,
|
|
5
|
+
:client_id,
|
|
6
|
+
:description,
|
|
7
|
+
:client_authenticator_type,
|
|
8
|
+
:always_display_in_console,
|
|
9
|
+
:surrogate_auth_required,
|
|
10
|
+
:redirect_uris,
|
|
11
|
+
:web_origins,
|
|
12
|
+
:not_before,
|
|
13
|
+
:bearer_only,
|
|
14
|
+
:consent_required,
|
|
15
|
+
:standard_flow_enabled,
|
|
16
|
+
:implicit_flow_enabled,
|
|
17
|
+
:direct_access_grants_enabled,
|
|
18
|
+
:service_accounts_enabled,
|
|
19
|
+
:authorization_services_enabled,
|
|
20
|
+
:public_client,
|
|
21
|
+
:frontchannel_logout,
|
|
22
|
+
:protocol,
|
|
23
|
+
:base_url,
|
|
24
|
+
:root_url,
|
|
25
|
+
:attributes,
|
|
26
|
+
:authentication_flow_binding_overrides,
|
|
27
|
+
:full_scope_allowed,
|
|
28
|
+
:node_re_registration_timeout,
|
|
29
|
+
:attributes,
|
|
30
|
+
:protocol_mappers,
|
|
31
|
+
:default_client_scopes,
|
|
32
|
+
:optional_client_scopes,
|
|
33
|
+
:access
|
|
7
34
|
|
|
8
35
|
def self.from_hash(hash)
|
|
9
|
-
client
|
|
10
|
-
client.id
|
|
11
|
-
client.name
|
|
12
|
-
client.client_id
|
|
36
|
+
client = new
|
|
37
|
+
client.id = hash["id"]
|
|
38
|
+
client.name = hash["name"]
|
|
39
|
+
client.client_id = hash["clientId"]
|
|
40
|
+
client.description = hash["description"]
|
|
41
|
+
client.client_authenticator_type = hash["clientAuthenticatorType"]
|
|
42
|
+
client.always_display_in_console = hash["alwaysDisplayInConsole"] || false
|
|
43
|
+
client.surrogate_auth_required = hash["surrogateAuthRequired"] || false
|
|
44
|
+
client.redirect_uris = hash["redirectUris"] || false
|
|
45
|
+
client.web_origins = hash["webOrigins"] || false
|
|
46
|
+
client.not_before = hash["notBefore"] || false
|
|
47
|
+
client.bearer_only = hash["bearerOnly"] || false
|
|
48
|
+
client.consent_required = hash["consentRequired"] || false
|
|
49
|
+
client.standard_flow_enabled = hash["standardFlowEnabled"] || false
|
|
50
|
+
client.implicit_flow_enabled = hash["implicitFlowEnabled"] || false
|
|
51
|
+
client.direct_access_grants_enabled = hash["directAccessGrantsEnabled"] || false
|
|
52
|
+
client.service_accounts_enabled = hash["serviceAccountsEnabled"] || false
|
|
53
|
+
client.authorization_services_enabled = hash["authorizationServicesEnabled"] || false
|
|
54
|
+
client.public_client = hash["publicClient"] || false
|
|
55
|
+
client.frontchannel_logout = hash["frontchannelLogout"] || false
|
|
56
|
+
client.protocol = hash["protocol"]
|
|
57
|
+
client.base_url = hash["baseUrl"]
|
|
58
|
+
client.root_url = hash["rootUrl"]
|
|
59
|
+
client.attributes = hash["attributes"] || {}
|
|
60
|
+
client.authentication_flow_binding_overrides = hash["authenticationFlowBindingOverrides"] || {}
|
|
61
|
+
client.full_scope_allowed = hash["fullScopeAllowed"] || false
|
|
62
|
+
client.node_re_registration_timeout = hash["nodeReRegistrationTimeout"] || -1
|
|
63
|
+
client.attributes = hash["attributes"]
|
|
64
|
+
client.protocol_mappers = (hash["protocolMappers"] || []).map { |protocol_mapper_hash| ProtocolMapperRepresentation.from_hash(protocol_mapper_hash) }
|
|
65
|
+
client.default_client_scopes = hash["defaultClientScopes"] || []
|
|
66
|
+
client.optional_client_scopes = hash["optionalClientScopes"] || []
|
|
67
|
+
client.access = hash["access"] || {}
|
|
13
68
|
client
|
|
14
69
|
end
|
|
15
70
|
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
module KeycloakAdmin
|
|
2
|
+
class IdentityProviderMapperRepresentation < Representation
|
|
3
|
+
attr_accessor :id,
|
|
4
|
+
:name,
|
|
5
|
+
:identity_provider_alias,
|
|
6
|
+
:identity_provider_mapper,
|
|
7
|
+
:config
|
|
8
|
+
|
|
9
|
+
def self.from_hash(hash)
|
|
10
|
+
client = new
|
|
11
|
+
client.id = hash["id"]
|
|
12
|
+
client.name = hash["name"]
|
|
13
|
+
client.identity_provider_alias = hash["identityProviderAlias"]
|
|
14
|
+
client.identity_provider_mapper = hash["identityProviderMapper"]
|
|
15
|
+
client.config = hash["config"]
|
|
16
|
+
client
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -12,7 +12,7 @@ module KeycloakAdmin
|
|
|
12
12
|
:authenticate_by_default,
|
|
13
13
|
:link_only,
|
|
14
14
|
:first_broker_login_flow_alias,
|
|
15
|
-
:
|
|
15
|
+
:config
|
|
16
16
|
|
|
17
17
|
def self.from_hash(hash)
|
|
18
18
|
if hash.nil?
|
|
@@ -48,7 +48,7 @@ module KeycloakAdmin
|
|
|
48
48
|
authenticate_by_default,
|
|
49
49
|
link_only,
|
|
50
50
|
first_broker_login_flow_alias,
|
|
51
|
-
|
|
51
|
+
config)
|
|
52
52
|
@alias = alias_name
|
|
53
53
|
@display_name = display_name
|
|
54
54
|
@internal_id = internal_id
|
|
@@ -61,7 +61,7 @@ module KeycloakAdmin
|
|
|
61
61
|
@authenticate_by_default = authenticate_by_default
|
|
62
62
|
@link_only = link_only
|
|
63
63
|
@first_broker_login_flow_alias = first_broker_login_flow_alias
|
|
64
|
-
@
|
|
64
|
+
@config = config || {}
|
|
65
65
|
end
|
|
66
66
|
end
|
|
67
67
|
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
module KeycloakAdmin
|
|
2
|
+
class ProtocolMapperRepresentation < Representation
|
|
3
|
+
attr_accessor :config,
|
|
4
|
+
:id,
|
|
5
|
+
:name,
|
|
6
|
+
:protocol,
|
|
7
|
+
:protocol_mapper
|
|
8
|
+
|
|
9
|
+
def self.from_hash(hash)
|
|
10
|
+
rep = new
|
|
11
|
+
rep.id = hash["id"]
|
|
12
|
+
rep.config = hash["config"]
|
|
13
|
+
rep.name = hash["name"]
|
|
14
|
+
rep.protocol = hash["protocol"]
|
|
15
|
+
rep.protocol_mapper = hash["protocolMapper"]
|
|
16
|
+
rep
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
data/lib/keycloak-admin.rb
CHANGED
|
@@ -14,6 +14,7 @@ require_relative "keycloak-admin/client/identity_provider_client"
|
|
|
14
14
|
require_relative "keycloak-admin/client/configurable_token_client"
|
|
15
15
|
require_relative "keycloak-admin/representation/camel_json"
|
|
16
16
|
require_relative "keycloak-admin/representation/representation"
|
|
17
|
+
require_relative "keycloak-admin/representation/protocol_mapper_representation"
|
|
17
18
|
require_relative "keycloak-admin/representation/client_representation"
|
|
18
19
|
require_relative "keycloak-admin/representation/group_representation"
|
|
19
20
|
require_relative "keycloak-admin/representation/token_representation"
|
|
@@ -24,6 +25,7 @@ require_relative "keycloak-admin/representation/realm_representation"
|
|
|
24
25
|
require_relative "keycloak-admin/representation/role_representation"
|
|
25
26
|
require_relative "keycloak-admin/representation/federated_identity_representation"
|
|
26
27
|
require_relative "keycloak-admin/representation/user_representation"
|
|
28
|
+
require_relative "keycloak-admin/representation/identity_provider_mapper_representation"
|
|
27
29
|
require_relative "keycloak-admin/representation/identity_provider_representation"
|
|
28
30
|
require_relative "keycloak-admin/resource/base_role_containing_resource"
|
|
29
31
|
require_relative "keycloak-admin/resource/group_resource"
|
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
RSpec.describe KeycloakAdmin::UserRepresentation do
|
|
2
|
+
describe "#to_json" do
|
|
3
|
+
before(:each) do
|
|
4
|
+
@client = KeycloakAdmin::ClientRepresentation.from_hash(
|
|
5
|
+
{
|
|
6
|
+
"id" => "c9104bc7-04d8-4348-b4df-8d883f9f6095",
|
|
7
|
+
"clientId" => "clien-test",
|
|
8
|
+
"name" => "Client TEST",
|
|
9
|
+
"description" => "Test to parse a client repsentation",
|
|
10
|
+
"surrogateAuthRequired" => false,
|
|
11
|
+
"enabled" => true,
|
|
12
|
+
"alwaysDisplayInConsole" => false,
|
|
13
|
+
"clientAuthenticatorType" => "client-secret",
|
|
14
|
+
"redirectUris" => [],
|
|
15
|
+
"webOrigins" => [],
|
|
16
|
+
"notBefore" => 0,
|
|
17
|
+
"bearerOnly" => false,
|
|
18
|
+
"consentRequired" => false,
|
|
19
|
+
"standardFlowEnabled" => false,
|
|
20
|
+
"implicitFlowEnabled" => false,
|
|
21
|
+
"directAccessGrantsEnabled" => false,
|
|
22
|
+
"serviceAccountsEnabled" => true,
|
|
23
|
+
"publicClient" => false,
|
|
24
|
+
"frontchannelLogout" => false,
|
|
25
|
+
"protocol" => "openid-connect",
|
|
26
|
+
"attributes" => {
|
|
27
|
+
"saml.assertion.signature" => "false",
|
|
28
|
+
"access.token.lifespan" => "86400",
|
|
29
|
+
"saml.multivalued.roles" => "false",
|
|
30
|
+
"saml.force.post.binding" => "false",
|
|
31
|
+
"saml.encrypt" => "false",
|
|
32
|
+
"saml.server.signature" => "false",
|
|
33
|
+
"backchannel.logout.revoke.offline.tokens" => "false",
|
|
34
|
+
"saml.server.signature.keyinfo.ext" => "false",
|
|
35
|
+
"exclude.session.state.from.auth.response" => "false",
|
|
36
|
+
"backchannel.logout.session.required" => "true",
|
|
37
|
+
"saml_force_name_id_format" => "false",
|
|
38
|
+
"saml.client.signature" => "false",
|
|
39
|
+
"tls.client.certificate.bound.access.tokens" => "false",
|
|
40
|
+
"saml.authnstatement" => "false",
|
|
41
|
+
"display.on.consent.screen" => "false",
|
|
42
|
+
"saml.onetimeuse.condition" => "false"
|
|
43
|
+
},
|
|
44
|
+
"authenticationFlowBindingOverrides" => {},
|
|
45
|
+
"fullScopeAllowed" => true,
|
|
46
|
+
"nodeReRegistrationTimeout" => -1,
|
|
47
|
+
"protocolMappers" => [
|
|
48
|
+
{
|
|
49
|
+
"id" => "2220432a-e953-422c-b176-62b65e085fe5",
|
|
50
|
+
"name" => "Client Host",
|
|
51
|
+
"protocol" => "openid-connect",
|
|
52
|
+
"protocolMapper" => "oidc-usersessionmodel-note-mapper",
|
|
53
|
+
"consentRequired" => false,
|
|
54
|
+
"config" => {
|
|
55
|
+
"user.session.note" => "clientHost",
|
|
56
|
+
"userinfo.token.claim" => "true",
|
|
57
|
+
"id.token.claim" => "true",
|
|
58
|
+
"access.token.claim" => "true",
|
|
59
|
+
"claim.name" => "clientHost",
|
|
60
|
+
"jsonType.label" => "String"
|
|
61
|
+
}
|
|
62
|
+
},
|
|
63
|
+
{
|
|
64
|
+
"id" => "5509e428-574d-4137-b396-9108244f31ee",
|
|
65
|
+
"name" => "Client IP Address",
|
|
66
|
+
"protocol" => "openid-connect",
|
|
67
|
+
"protocolMapper" => "oidc-usersessionmodel-note-mapper",
|
|
68
|
+
"consentRequired" => false,
|
|
69
|
+
"config" => {
|
|
70
|
+
"user.session.note" => "clientAddress",
|
|
71
|
+
"userinfo.token.claim" => "true",
|
|
72
|
+
"id.token.claim" => "true",
|
|
73
|
+
"access.token.claim" => "true",
|
|
74
|
+
"claim.name" => "clientAddress",
|
|
75
|
+
"jsonType.label" => "String"
|
|
76
|
+
}
|
|
77
|
+
},
|
|
78
|
+
{
|
|
79
|
+
"id" => "44504b93-dbce-48b8-9570-9a48d5421ae9",
|
|
80
|
+
"name" => "Client ID",
|
|
81
|
+
"protocol" => "openid-connect",
|
|
82
|
+
"protocolMapper" => "oidc-usersessionmodel-note-mapper",
|
|
83
|
+
"consentRequired" => false,
|
|
84
|
+
"config" => {
|
|
85
|
+
"user.session.note" => "clientId",
|
|
86
|
+
"userinfo.token.claim" => "true",
|
|
87
|
+
"id.token.claim" => "true",
|
|
88
|
+
"access.token.claim" => "true",
|
|
89
|
+
"claim.name" => "clientId",
|
|
90
|
+
"jsonType.label" => "String"
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
],
|
|
94
|
+
"defaultClientScopes" => [
|
|
95
|
+
"web-origins",
|
|
96
|
+
"roles",
|
|
97
|
+
"profile",
|
|
98
|
+
"email"
|
|
99
|
+
],
|
|
100
|
+
"optionalClientScopes" => [
|
|
101
|
+
"address",
|
|
102
|
+
"phone",
|
|
103
|
+
"offline_access",
|
|
104
|
+
"microprofile-jwt"
|
|
105
|
+
],
|
|
106
|
+
"access" => {
|
|
107
|
+
"view" => true,
|
|
108
|
+
"configure" => true,
|
|
109
|
+
"manage" => true
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
)
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
it "can convert to json" do
|
|
116
|
+
expect(@client.to_json).to eq "{\"id\":\"c9104bc7-04d8-4348-b4df-8d883f9f6095\",\"name\":\"Client TEST\",\"clientId\":\"clien-test\",\"description\":\"Test to parse a client repsentation\",\"clientAuthenticatorType\":\"client-secret\",\"alwaysDisplayInConsole\":false,\"surrogateAuthRequired\":false,\"redirectUris\":[],\"webOrigins\":[],\"notBefore\":0,\"bearerOnly\":false,\"consentRequired\":false,\"standardFlowEnabled\":false,\"implicitFlowEnabled\":false,\"directAccessGrantsEnabled\":false,\"serviceAccountsEnabled\":true,\"authorizationServicesEnabled\":false,\"publicClient\":false,\"frontchannelLogout\":false,\"protocol\":\"openid-connect\",\"baseUrl\":null,\"rootUrl\":null,\"attributes\":{\"saml.assertion.signature\":\"false\",\"access.token.lifespan\":\"86400\",\"saml.multivalued.roles\":\"false\",\"saml.force.post.binding\":\"false\",\"saml.encrypt\":\"false\",\"saml.server.signature\":\"false\",\"backchannel.logout.revoke.offline.tokens\":\"false\",\"saml.server.signature.keyinfo.ext\":\"false\",\"exclude.session.state.from.auth.response\":\"false\",\"backchannel.logout.session.required\":\"true\",\"saml_force_name_id_format\":\"false\",\"saml.client.signature\":\"false\",\"tls.client.certificate.bound.access.tokens\":\"false\",\"saml.authnstatement\":\"false\",\"display.on.consent.screen\":\"false\",\"saml.onetimeuse.condition\":\"false\"},\"authenticationFlowBindingOverrides\":{},\"fullScopeAllowed\":true,\"nodeReRegistrationTimeout\":-1,\"protocolMappers\":[{\"id\":\"2220432a-e953-422c-b176-62b65e085fe5\",\"config\":{\"user.session.note\":\"clientHost\",\"userinfo.token.claim\":\"true\",\"id.token.claim\":\"true\",\"access.token.claim\":\"true\",\"claim.name\":\"clientHost\",\"jsonType.label\":\"String\"},\"name\":\"Client Host\",\"protocol\":\"openid-connect\",\"protocolMapper\":\"oidc-usersessionmodel-note-mapper\"},{\"id\":\"5509e428-574d-4137-b396-9108244f31ee\",\"config\":{\"user.session.note\":\"clientAddress\",\"userinfo.token.claim\":\"true\",\"id.token.claim\":\"true\",\"access.token.claim\":\"true\",\"claim.name\":\"clientAddress\",\"jsonType.label\":\"String\"},\"name\":\"Client IP Address\",\"protocol\":\"openid-connect\",\"protocolMapper\":\"oidc-usersessionmodel-note-mapper\"},{\"id\":\"44504b93-dbce-48b8-9570-9a48d5421ae9\",\"config\":{\"user.session.note\":\"clientId\",\"userinfo.token.claim\":\"true\",\"id.token.claim\":\"true\",\"access.token.claim\":\"true\",\"claim.name\":\"clientId\",\"jsonType.label\":\"String\"},\"name\":\"Client ID\",\"protocol\":\"openid-connect\",\"protocolMapper\":\"oidc-usersessionmodel-note-mapper\"}],\"defaultClientScopes\":[\"web-origins\",\"roles\",\"profile\",\"email\"],\"optionalClientScopes\":[\"address\",\"phone\",\"offline_access\",\"microprofile-jwt\"],\"access\":{\"view\":true,\"configure\":true,\"manage\":true}}"
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
RSpec.describe KeycloakAdmin::UserRepresentation do
|
|
2
|
+
describe "#to_json" do
|
|
3
|
+
before(:each) do
|
|
4
|
+
@mapper = KeycloakAdmin::IdentityProviderMapperRepresentation.from_hash(
|
|
5
|
+
{
|
|
6
|
+
"id" => "91895ce9-b225-4274-993e-c8e6b8e490f0",
|
|
7
|
+
"name" => "IDP",
|
|
8
|
+
"identityProviderAlias" => "test",
|
|
9
|
+
"identityProviderMapper" => "hardcoded-attribute-idp-mapper",
|
|
10
|
+
"config" => {
|
|
11
|
+
"syncMode" => "INHERIT",
|
|
12
|
+
"attribute.value" => "test",
|
|
13
|
+
"attributes" => "[]",
|
|
14
|
+
"attribute" => "keycloak.idp"
|
|
15
|
+
}
|
|
16
|
+
}
|
|
17
|
+
)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
it "can convert to json" do
|
|
21
|
+
expect(@mapper.to_json).to eq "{\"id\":\"91895ce9-b225-4274-993e-c8e6b8e490f0\",\"name\":\"IDP\",\"identityProviderAlias\":\"test\",\"identityProviderMapper\":\"hardcoded-attribute-idp-mapper\",\"config\":{\"syncMode\":\"INHERIT\",\"attribute.value\":\"test\",\"attributes\":\"[]\",\"attribute\":\"keycloak.idp\"}}"
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -90,24 +90,24 @@ RSpec.describe KeycloakAdmin::IdentityProviderRepresentation do
|
|
|
90
90
|
end
|
|
91
91
|
|
|
92
92
|
it "parses the configuration as a hash with camel properties" do
|
|
93
|
-
expect(@identity_provider.
|
|
94
|
-
expect(@identity_provider.
|
|
95
|
-
expect(@identity_provider.
|
|
96
|
-
expect(@identity_provider.
|
|
97
|
-
expect(@identity_provider.
|
|
98
|
-
expect(@identity_provider.
|
|
99
|
-
expect(@identity_provider.
|
|
100
|
-
expect(@identity_provider.
|
|
101
|
-
expect(@identity_provider.
|
|
102
|
-
expect(@identity_provider.
|
|
103
|
-
expect(@identity_provider.
|
|
104
|
-
expect(@identity_provider.
|
|
105
|
-
expect(@identity_provider.
|
|
106
|
-
expect(@identity_provider.
|
|
107
|
-
expect(@identity_provider.
|
|
108
|
-
expect(@identity_provider.
|
|
109
|
-
expect(@identity_provider.
|
|
110
|
-
expect(@identity_provider.
|
|
93
|
+
expect(@identity_provider.config["hideOnLoginPage"]).to eq ""
|
|
94
|
+
expect(@identity_provider.config["validateSignature"]).to eq "true"
|
|
95
|
+
expect(@identity_provider.config["samlXmlKeyNameTranformer"]).to eq "KEY_ID"
|
|
96
|
+
expect(@identity_provider.config["signingCertificate"]).to eq ""
|
|
97
|
+
expect(@identity_provider.config["postBindingLogout"]).to eq "false"
|
|
98
|
+
expect(@identity_provider.config["nameIDPolicyFormat"]).to eq "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
|
|
99
|
+
expect(@identity_provider.config["postBindingResponse"]).to eq "true"
|
|
100
|
+
expect(@identity_provider.config["backchannelSupported"]).to eq ""
|
|
101
|
+
expect(@identity_provider.config["signatureAlgorithm"]).to eq "RSA_SHA256"
|
|
102
|
+
expect(@identity_provider.config["wantAssertionsEncrypted"]).to eq "false"
|
|
103
|
+
expect(@identity_provider.config["xmlSigKeyInfoKeyNameTransformer"]).to eq "CERT_SUBJECT"
|
|
104
|
+
expect(@identity_provider.config["useJwksUrl"]).to eq "true"
|
|
105
|
+
expect(@identity_provider.config["wantAssertionsSigned"]).to eq "true"
|
|
106
|
+
expect(@identity_provider.config["postBindingAuthnRequest"]).to eq "true"
|
|
107
|
+
expect(@identity_provider.config["forceAuthn"]).to eq ""
|
|
108
|
+
expect(@identity_provider.config["wantAuthnRequestsSigned"]).to eq "true"
|
|
109
|
+
expect(@identity_provider.config["singleSignOnServiceUrl"]).to eq "https://login.microsoftonline.com/test/saml2"
|
|
110
|
+
expect(@identity_provider.config["addExtensionsElementWithKeyInfo"]).to eq "false"
|
|
111
111
|
end
|
|
112
112
|
end
|
|
113
113
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: keycloak-admin
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Lorent Lempereur
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-03-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: http-cookie
|
|
@@ -106,9 +106,11 @@ files:
|
|
|
106
106
|
- lib/keycloak-admin/representation/credential_representation.rb
|
|
107
107
|
- lib/keycloak-admin/representation/federated_identity_representation.rb
|
|
108
108
|
- lib/keycloak-admin/representation/group_representation.rb
|
|
109
|
+
- lib/keycloak-admin/representation/identity_provider_mapper_representation.rb
|
|
109
110
|
- lib/keycloak-admin/representation/identity_provider_representation.rb
|
|
110
111
|
- lib/keycloak-admin/representation/impersonation_redirection_representation.rb
|
|
111
112
|
- lib/keycloak-admin/representation/impersonation_representation.rb
|
|
113
|
+
- lib/keycloak-admin/representation/protocol_mapper_representation.rb
|
|
112
114
|
- lib/keycloak-admin/representation/realm_representation.rb
|
|
113
115
|
- lib/keycloak-admin/representation/representation.rb
|
|
114
116
|
- lib/keycloak-admin/representation/role_representation.rb
|
|
@@ -130,6 +132,8 @@ files:
|
|
|
130
132
|
- spec/client/token_client_spec.rb
|
|
131
133
|
- spec/client/user_client_spec.rb
|
|
132
134
|
- spec/configuration_spec.rb
|
|
135
|
+
- spec/representation/client_representation_spec.rb
|
|
136
|
+
- spec/representation/identity_provider_mapper_representation_spec.rb
|
|
133
137
|
- spec/representation/identity_provider_representation_spec.rb
|
|
134
138
|
- spec/representation/impersonation_representation_spec.rb
|
|
135
139
|
- spec/representation/user_representation_spec.rb
|