diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java index 575809f2f4..c6b38c9ef4 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java @@ -45,7 +45,13 @@ public class Oidc { public static final String ACCEPT = "Accept"; + public static final String ADAPTER_STATE_COOKIE_PATH = "adapter-state-cookie-path"; + public static final String ALLOW_ANY_HOSTNAME = "allow-any-hostname"; + public static final String ALWAYS_REFRESH_TOKEN = "always-refresh-token"; + public static final String AUTH_SERVER_URL = "auth-server-url"; public static final String AUTHENTICATION_REQUEST_FORMAT = "authentication-request-format"; + public static final String AUTODETECT_BEARER_ONLY = "autodetect-bearer-only"; + public static final String BEARER_ONLY = "bearer-only"; public static final String OIDC_NAME = "OIDC"; public static final String JSON_CONTENT_TYPE = "application/json"; public static final String HTML_CONTENT_TYPE = "text/html"; @@ -55,14 +61,27 @@ public class Oidc { public static final String KEYCLOAK_REALMS_PATH = "realms/"; public static final String JSON_CONFIG_CONTEXT_PARAM = "org.wildfly.security.http.oidc.json.config"; static final String ACCOUNT_PATH = "account"; + public static final String CORS_MAX_AGE = "cors-max-age"; + public static final String CORS_ALLOWED_HEADERS = "cors-allowed-headers"; + public static final String CORS_ALLOWED_METHODS = "cors-allowed-methods"; + public static final String CORS_EXPOSED_HEADERS = "cors-exposed-headers"; + public static final String CONNECTION_POOL_SIZE = "connection-pool-size"; public static final String CLIENTS_MANAGEMENT_REGISTER_NODE_PATH = "clients-managements/register-node"; public static final String CLIENTS_MANAGEMENT_UNREGISTER_NODE_PATH = "clients-managements/unregister-node"; + public static final String CREDENTIALS = "credentials"; + public static final String DISABLE_TRUST_MANAGER = "disable-trust-manager"; public static final String SLASH = "/"; public static final String OIDC_CLIENT_CONTEXT_KEY = OidcClientContext.class.getName(); public static final String CLIENT_ID = "client_id"; + public static final String CLIENT_ID_JSON_VALUE = "client-id"; + public static final String CLIENT_KEYSTORE = "client-keystore"; + public static final String CLIENT_KEYSTORE_PASSWORD = "client-keystore-password"; + public static final String CLIENT_KEY_PASSWORD = "client-key-password"; public static final String CODE = "code"; + public static final String ENABLE_CORS = "enable-cors"; public static final String ERROR = "error"; public static final String ERROR_DESCRIPTION = "error_description"; + public static final String EXPOSE_TOKEN = "expose-token"; public static final String FACES_REQUEST = "Faces-Request"; public static final String GRANT_TYPE = "grant_type"; public static final String INVALID_TOKEN = "invalid_token"; @@ -74,9 +93,17 @@ public class Oidc { public static final String OPTIONS = "OPTIONS"; public static final String PARTIAL = "partial/"; public static final String PASSWORD = "password"; + public static final String PRINCIPAL_ATTRIBUTE = "principal-attribute"; public static final String PROMPT = "prompt"; + public static final String PROXY_URL = "proxy-url"; + public static final String PUBLIC_CLIENT = "public-client"; + public static final String REALM = "realm"; + public static final String REALM_PUBLIC_KEY = "realm-public-key"; + public static final String REGISTER_NODE_AT_STARTUP = "register-node-at-startup"; + public static final String REGISTER_NODE_PERIOD = "register-node-period"; public static final String REQUEST = "request"; public static final String REQUEST_URI = "request_uri"; + public static final String RESOURCE = "resource"; public static final String SCOPE = "scope"; public static final String UI_LOCALES = "ui_locales"; public static final String USERNAME = "username"; @@ -86,6 +113,7 @@ public class Oidc { public static final String RESPONSE_TYPE = "response_type"; public static final String SESSION_STATE = "session_state"; public static final String SOAP_ACTION = "SOAPAction"; + public static final String SSL_REQUIRED = "ssl-required"; public static final String STALE_TOKEN = "Stale token"; public static final String STATE = "state"; public static final int INVALID_ISSUED_FOR_CLAIM = -1; @@ -118,8 +146,33 @@ public class Oidc { static final String DEFAULT_TOKEN_SIGNATURE_ALGORITHM = "RS256"; public static final String DISABLE_TYP_CLAIM_VALIDATION_PROPERTY_NAME = "wildfly.elytron.oidc.disable.typ.claim.validation"; public static final String ALLOW_QUERY_PARAMS_PROPERTY_NAME = "wildfly.elytron.oidc.allow.query.params"; + public static final String TOKEN_MINIMUM_TIME_TO_LIVE = "token-minimum-time-to-live"; + public static final String TOKEN_SIGNATURE_ALGORITHM = "token-signature-algorithm"; + public static final String TOKEN_STORE = "token-store"; + public static final String TRUSTSTORE = "truststore"; + public static final String TRUSTSTORE_PASSWORD = "truststore-password"; + public static final String TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN = "turn-off-change-session-id-on-login"; + public static final String USE_RESOURCE_ROLE_MAPPINGS = "use-resource-role-mappings"; + public static final String USE_REALM_ROLE_MAPPINGS = "use-realm-role-mappings"; public static final String X_REQUESTED_WITH = "X-Requested-With"; public static final String XML_HTTP_REQUEST = "XMLHttpRequest"; + public static final String MIN_TIME_BETWEEN_JWKS_REQUESTS = "min-time-between-jwks-requests"; + public static final String PUBLIC_KEY_CACHE_TTL = "public-key-cache-ttl"; + public static final String IGNORE_OAUTH_QUERY_PARAMETER = "ignore-oauth-query-parameter"; + public static final String VERIFY_TOKEN_AUDIENCE = "verify-token-audience"; + public static final String REQUEST_OBJECT_SIGNING_ALGORITHM = "request-object-signing-algorithm"; + public static final String REQUEST_OBJECT_ENCRYPTION_ALG_VALUE = "request-object-encryption-alg-value"; + public static final String REQUEST_OBJECT_ENCRYPTION_ENC_VALUE = "request-object-encryption-enc-value"; + public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_FILE = "request-object-signing-keystore-file"; + public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD = "request-object-signing-keystore-password"; + public static final String REQUEST_OBJECT_SIGNING_KEY_PASSWORD = "request-object-signing-key-password"; + public static final String REQUEST_OBJECT_SIGNING_KEY_ALIAS = "request-object-signing-key-alias"; + public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE = "request-object-signing-keystore-type"; + public static final String REDIRECT_REWRITE_RULES = "redirect-rewrite-rules"; + public static final String ENABLE_PKCE = "enable-pkce"; + public static final String CONFIDENTIAL_PORT = "confidential-port"; + public static final String ENABLE_BASIC_AUTH = "enable-basic-auth"; + public static final String PROVIDER_URL = "provider-url"; /** * Bearer token pattern. diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java index 29d2d785e3..4f107b7959 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java @@ -19,6 +19,61 @@ package org.wildfly.security.http.oidc; import static org.wildfly.security.http.oidc.Oidc.DEFAULT_TOKEN_SIGNATURE_ALGORITHM; +import static org.wildfly.security.http.oidc.Oidc.ADAPTER_STATE_COOKIE_PATH; +import static org.wildfly.security.http.oidc.Oidc.ALLOW_ANY_HOSTNAME; +import static org.wildfly.security.http.oidc.Oidc.ALWAYS_REFRESH_TOKEN; +import static org.wildfly.security.http.oidc.Oidc.AUTH_SERVER_URL; +import static org.wildfly.security.http.oidc.Oidc.AUTHENTICATION_REQUEST_FORMAT; +import static org.wildfly.security.http.oidc.Oidc.AUTODETECT_BEARER_ONLY; +import static org.wildfly.security.http.oidc.Oidc.BEARER_ONLY; +import static org.wildfly.security.http.oidc.Oidc.CLIENT_ID_JSON_VALUE; +import static org.wildfly.security.http.oidc.Oidc.CLIENT_KEYSTORE; +import static org.wildfly.security.http.oidc.Oidc.CLIENT_KEYSTORE_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.CLIENT_KEY_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.CONFIDENTIAL_PORT; +import static org.wildfly.security.http.oidc.Oidc.CONNECTION_POOL_SIZE; +import static org.wildfly.security.http.oidc.Oidc.CORS_ALLOWED_HEADERS; +import static org.wildfly.security.http.oidc.Oidc.CORS_ALLOWED_METHODS; +import static org.wildfly.security.http.oidc.Oidc.CORS_EXPOSED_HEADERS; +import static org.wildfly.security.http.oidc.Oidc.CORS_MAX_AGE; +import static org.wildfly.security.http.oidc.Oidc.CREDENTIALS; +import static org.wildfly.security.http.oidc.Oidc.DISABLE_TRUST_MANAGER; +import static org.wildfly.security.http.oidc.Oidc.ENABLE_BASIC_AUTH; +import static org.wildfly.security.http.oidc.Oidc.ENABLE_CORS; +import static org.wildfly.security.http.oidc.Oidc.ENABLE_PKCE; +import static org.wildfly.security.http.oidc.Oidc.EXPOSE_TOKEN; +import static org.wildfly.security.http.oidc.Oidc.IGNORE_OAUTH_QUERY_PARAMETER; +import static org.wildfly.security.http.oidc.Oidc.MIN_TIME_BETWEEN_JWKS_REQUESTS; +import static org.wildfly.security.http.oidc.Oidc.PRINCIPAL_ATTRIBUTE; +import static org.wildfly.security.http.oidc.Oidc.PROVIDER_URL; +import static org.wildfly.security.http.oidc.Oidc.PROXY_URL; +import static org.wildfly.security.http.oidc.Oidc.PUBLIC_CLIENT; +import static org.wildfly.security.http.oidc.Oidc.PUBLIC_KEY_CACHE_TTL; +import static org.wildfly.security.http.oidc.Oidc.REDIRECT_REWRITE_RULES; +import static org.wildfly.security.http.oidc.Oidc.REGISTER_NODE_AT_STARTUP; +import static org.wildfly.security.http.oidc.Oidc.REGISTER_NODE_PERIOD; +import static org.wildfly.security.http.oidc.Oidc.REALM; +import static org.wildfly.security.http.oidc.Oidc.REALM_PUBLIC_KEY; +import static org.wildfly.security.http.oidc.Oidc.RESOURCE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_ENCRYPTION_ALG_VALUE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_ENCRYPTION_ENC_VALUE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_ALGORITHM; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_ALIAS; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_FILE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE; +import static org.wildfly.security.http.oidc.Oidc.SCOPE; +import static org.wildfly.security.http.oidc.Oidc.SSL_REQUIRED; +import static org.wildfly.security.http.oidc.Oidc.TOKEN_MINIMUM_TIME_TO_LIVE; +import static org.wildfly.security.http.oidc.Oidc.TOKEN_SIGNATURE_ALGORITHM; +import static org.wildfly.security.http.oidc.Oidc.TOKEN_STORE; +import static org.wildfly.security.http.oidc.Oidc.TRUSTSTORE; +import static org.wildfly.security.http.oidc.Oidc.TRUSTSTORE_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN; +import static org.wildfly.security.http.oidc.Oidc.USE_RESOURCE_ROLE_MAPPINGS; +import static org.wildfly.security.http.oidc.Oidc.USE_REALM_ROLE_MAPPINGS; +import static org.wildfly.security.http.oidc.Oidc.VERIFY_TOKEN_AUDIENCE; import java.util.Map; import java.util.TreeMap; @@ -34,143 +89,143 @@ * @author John D. Ament * @author Farah Juma */ -@JsonPropertyOrder({"realm", "realm-public-key", "auth-server-url", "ssl-required", - "resource", "public-client", "credentials", - "use-resource-role-mappings", "use-realm-role-mappings", - "enable-cors", "cors-max-age", "cors-allowed-methods", "cors-exposed-headers", - "expose-token", "bearer-only", "autodetect-bearer-only", "connection-pool-size", - "allow-any-hostname", "disable-trust-manager", "truststore", "truststore-password", - "client-keystore", "client-keystore-password", "client-key-password", - "always-refresh-token", - "register-node-at-startup", "register-node-period", "token-store", "adapter-state-cookie-path", "principal-attribute", - "proxy-url", "turn-off-change-session-id-on-login", "token-minimum-time-to-live", - "min-time-between-jwks-requests", "public-key-cache-ttl", - "ignore-oauth-query-parameter", "verify-token-audience", "token-signature-algorithm", "scope", - "authentication-request-format", "request-object-signing-algorithm", "request-object-encryption-alg-value", - "request-object-encryption-enc-value", "request-object-signing-keystore-file", - "request-object-signing-keystore-password","request-object-signing-key-password", "request-object-signing-key-alias", - "request-object-signing-keystore-type" +@JsonPropertyOrder({REALM, REALM_PUBLIC_KEY, AUTH_SERVER_URL, SSL_REQUIRED, + RESOURCE, PUBLIC_CLIENT, CREDENTIALS, + USE_RESOURCE_ROLE_MAPPINGS, USE_REALM_ROLE_MAPPINGS, + ENABLE_CORS, CORS_MAX_AGE, CORS_ALLOWED_METHODS, CORS_EXPOSED_HEADERS, + EXPOSE_TOKEN, BEARER_ONLY, AUTODETECT_BEARER_ONLY, CONNECTION_POOL_SIZE, + ALLOW_ANY_HOSTNAME, DISABLE_TRUST_MANAGER, TRUSTSTORE, TRUSTSTORE_PASSWORD, + CLIENT_KEYSTORE, CLIENT_KEYSTORE_PASSWORD, CLIENT_KEY_PASSWORD, + ALWAYS_REFRESH_TOKEN, + REGISTER_NODE_AT_STARTUP, REGISTER_NODE_PERIOD, TOKEN_STORE, ADAPTER_STATE_COOKIE_PATH, PRINCIPAL_ATTRIBUTE, + PROXY_URL, TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN, TOKEN_MINIMUM_TIME_TO_LIVE, + MIN_TIME_BETWEEN_JWKS_REQUESTS, PUBLIC_KEY_CACHE_TTL, + IGNORE_OAUTH_QUERY_PARAMETER, VERIFY_TOKEN_AUDIENCE, TOKEN_SIGNATURE_ALGORITHM, SCOPE, + AUTHENTICATION_REQUEST_FORMAT, REQUEST_OBJECT_SIGNING_ALGORITHM, REQUEST_OBJECT_ENCRYPTION_ALG_VALUE, + REQUEST_OBJECT_ENCRYPTION_ENC_VALUE, REQUEST_OBJECT_SIGNING_KEYSTORE_FILE, + REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD,REQUEST_OBJECT_SIGNING_KEY_PASSWORD, REQUEST_OBJECT_SIGNING_KEY_ALIAS, + REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE }) public class OidcJsonConfiguration { - @JsonProperty("allow-any-hostname") + @JsonProperty(ALLOW_ANY_HOSTNAME) protected boolean allowAnyHostname; - @JsonProperty("disable-trust-manager") + @JsonProperty(DISABLE_TRUST_MANAGER) protected boolean disableTrustManager; - @JsonProperty("truststore") + @JsonProperty(TRUSTSTORE) protected String truststore; - @JsonProperty("truststore-password") + @JsonProperty(TRUSTSTORE_PASSWORD) protected String truststorePassword; - @JsonProperty("client-keystore") + @JsonProperty(CLIENT_KEYSTORE) protected String clientKeystore; - @JsonProperty("client-keystore-password") + @JsonProperty(CLIENT_KEYSTORE_PASSWORD) protected String clientKeystorePassword; - @JsonProperty("client-key-password") + @JsonProperty(CLIENT_KEY_PASSWORD) protected String clientKeyPassword; - @JsonProperty("request-object-signing-keystore-file") + @JsonProperty(REQUEST_OBJECT_SIGNING_KEYSTORE_FILE) protected String requestObjectSigningKeyStoreFile; - @JsonProperty("request-object-signing-keystore-password") + @JsonProperty(REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD) protected String requestObjectSigningKeyStorePassword; - @JsonProperty("request-object-signing-key-password") + @JsonProperty(REQUEST_OBJECT_SIGNING_KEY_PASSWORD) protected String requestObjectSigningKeyPassword; - @JsonProperty("request-object-signing-key-alias") + @JsonProperty(REQUEST_OBJECT_SIGNING_KEY_ALIAS) protected String requestObjectSigningKeyAlias; - @JsonProperty("request-object-signing-keystore-type") + @JsonProperty(REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE) protected String requestObjectSigningKeyStoreType; - @JsonProperty("connection-pool-size") + @JsonProperty(CONNECTION_POOL_SIZE) protected int connectionPoolSize = 20; - @JsonProperty("always-refresh-token") + @JsonProperty(ALWAYS_REFRESH_TOKEN) protected boolean alwaysRefreshToken = false; - @JsonProperty("register-node-at-startup") + @JsonProperty(REGISTER_NODE_AT_STARTUP) protected boolean registerNodeAtStartup = false; - @JsonProperty("register-node-period") + @JsonProperty(REGISTER_NODE_PERIOD) protected int registerNodePeriod = -1; - @JsonProperty("token-store") + @JsonProperty(TOKEN_STORE) protected String tokenStore; - @JsonProperty("adapter-state-cookie-path") + @JsonProperty(ADAPTER_STATE_COOKIE_PATH) protected String tokenCookiePath; - @JsonProperty("principal-attribute") + @JsonProperty(PRINCIPAL_ATTRIBUTE) protected String principalAttribute; - @JsonProperty("turn-off-change-session-id-on-login") + @JsonProperty(TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN) protected Boolean turnOffChangeSessionIdOnLogin; - @JsonProperty("token-minimum-time-to-live") + @JsonProperty(TOKEN_MINIMUM_TIME_TO_LIVE) protected int tokenMinimumTimeToLive = 0; - @JsonProperty("min-time-between-jwks-requests") + @JsonProperty(MIN_TIME_BETWEEN_JWKS_REQUESTS) protected int minTimeBetweenJwksRequests = 10; - @JsonProperty("public-key-cache-ttl") + @JsonProperty(PUBLIC_KEY_CACHE_TTL) protected int publicKeyCacheTtl = 86400; // 1 day // https://tools.ietf.org/html/rfc7636 - @JsonProperty("enable-pkce") + @JsonProperty(ENABLE_PKCE) protected boolean pkce = false; - @JsonProperty("ignore-oauth-query-parameter") + @JsonProperty(IGNORE_OAUTH_QUERY_PARAMETER) protected boolean ignoreOAuthQueryParameter = false; - @JsonProperty("verify-token-audience") + @JsonProperty(VERIFY_TOKEN_AUDIENCE) protected boolean verifyTokenAudience = false; - @JsonProperty("confidential-port") + @JsonProperty(CONFIDENTIAL_PORT) protected int confidentialPort; - @JsonProperty("resource") + @JsonProperty(RESOURCE) protected String resource; - @JsonProperty("use-resource-role-mappings") + @JsonProperty(USE_RESOURCE_ROLE_MAPPINGS) protected boolean useResourceRoleMappings; - @JsonProperty("use-realm-role-mappings") + @JsonProperty(USE_REALM_ROLE_MAPPINGS) protected boolean useRealmRoleMappings = true; - @JsonProperty("enable-cors") + @JsonProperty(ENABLE_CORS) protected boolean cors; - @JsonProperty("cors-max-age") + @JsonProperty(CORS_MAX_AGE) protected int corsMaxAge = -1; - @JsonProperty("cors-allowed-headers") + @JsonProperty(CORS_ALLOWED_HEADERS) protected String corsAllowedHeaders; - @JsonProperty("cors-allowed-methods") + @JsonProperty(CORS_ALLOWED_METHODS) protected String corsAllowedMethods; - @JsonProperty("cors-exposed-headers") + @JsonProperty(CORS_EXPOSED_HEADERS) protected String corsExposedHeaders; - @JsonProperty("expose-token") + @JsonProperty(EXPOSE_TOKEN) protected boolean exposeToken; - @JsonProperty("bearer-only") + @JsonProperty(BEARER_ONLY) protected boolean bearerOnly; - @JsonProperty("autodetect-bearer-only") + @JsonProperty(AUTODETECT_BEARER_ONLY) protected boolean autodetectBearerOnly; - @JsonProperty("enable-basic-auth") + @JsonProperty(ENABLE_BASIC_AUTH) protected boolean enableBasicAuth; - @JsonProperty("public-client") + @JsonProperty(PUBLIC_CLIENT) protected boolean publicClient; - @JsonProperty("credentials") + @JsonProperty(CREDENTIALS) protected Map credentials = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); - @JsonProperty("redirect-rewrite-rules") + @JsonProperty(REDIRECT_REWRITE_RULES) protected Map redirectRewriteRules; - @JsonProperty("realm") + @JsonProperty(REALM) protected String realm; - @JsonProperty("realm-public-key") + @JsonProperty(REALM_PUBLIC_KEY) protected String realmKey; - @JsonProperty("auth-server-url") + @JsonProperty(AUTH_SERVER_URL) protected String authServerUrl; - @JsonProperty("ssl-required") + @JsonProperty(SSL_REQUIRED) protected String sslRequired; - @JsonProperty("provider-url") + @JsonProperty(PROVIDER_URL) protected String providerUrl; - @JsonProperty("client-id") + @JsonProperty(CLIENT_ID_JSON_VALUE) protected String clientId; - @JsonProperty("token-signature-algorithm") + @JsonProperty(TOKEN_SIGNATURE_ALGORITHM) protected String tokenSignatureAlgorithm = DEFAULT_TOKEN_SIGNATURE_ALGORITHM; - @JsonProperty("scope") + @JsonProperty(SCOPE) protected String scope; - @JsonProperty("authentication-request-format") + @JsonProperty(AUTHENTICATION_REQUEST_FORMAT) protected String authenticationRequestFormat; - @JsonProperty("request-object-signing-algorithm") + @JsonProperty(REQUEST_OBJECT_SIGNING_ALGORITHM) protected String requestObjectSigningAlgorithm; - @JsonProperty("request-object-encryption-alg-value") + @JsonProperty(REQUEST_OBJECT_ENCRYPTION_ALG_VALUE) protected String requestObjectEncryptionAlgValue; - @JsonProperty("request-object-encryption-enc-value") + @JsonProperty(REQUEST_OBJECT_ENCRYPTION_ENC_VALUE) protected String requestObjectEncryptionEncValue; /** * The Proxy url to use for requests to the auth-server, configurable via the adapter config property {@code proxy-url}. */ - @JsonProperty("proxy-url") + @JsonProperty(PROXY_URL) protected String proxyUrl; public boolean isAllowAnyHostname() { diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java index b604af8a8f..6eb698160a 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java @@ -413,12 +413,12 @@ private void performAuthentication(InputStream oidcConfig, String username, Stri protected InputStream getOidcConfigurationInputStreamWithProviderUrl() { String oidcConfig = "{\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + Oidc.RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + Oidc.PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + Oidc.PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"" + Oidc.SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + Oidc.CREDENTIALS + "\" : {\n" + + " \"" + Oidc.ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java index fdda1aac44..4dede8b5ed 100644 --- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java +++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java @@ -44,8 +44,28 @@ import static org.wildfly.security.http.oidc.KeycloakConfiguration.TENANT1_USER; import static org.wildfly.security.http.oidc.KeycloakConfiguration.TENANT2_PASSWORD; import static org.wildfly.security.http.oidc.KeycloakConfiguration.TENANT2_USER; +import static org.wildfly.security.http.oidc.Oidc.AUTH_SERVER_URL; +import static org.wildfly.security.http.oidc.Oidc.AUTHENTICATION_REQUEST_FORMAT; +import static org.wildfly.security.http.oidc.Oidc.CREDENTIALS; +import static org.wildfly.security.http.oidc.Oidc.ClientCredentialsProviderType; +import static org.wildfly.security.http.oidc.Oidc.PROVIDER_URL; import static org.wildfly.security.http.oidc.Oidc.OIDC_NAME; import static org.wildfly.security.http.oidc.Oidc.OIDC_SCOPE; +import static org.wildfly.security.http.oidc.Oidc.PUBLIC_CLIENT; +import static org.wildfly.security.http.oidc.Oidc.PRINCIPAL_ATTRIBUTE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_ALGORITHM; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_FILE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_PASSWORD; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_ALIAS; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_ENCRYPTION_ALG_VALUE; +import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_ENCRYPTION_ENC_VALUE; +import static org.wildfly.security.http.oidc.Oidc.RESOURCE; +import static org.wildfly.security.http.oidc.Oidc.REALM; +import static org.wildfly.security.http.oidc.Oidc.SCOPE; +import static org.wildfly.security.http.oidc.Oidc.SSL_REQUIRED; +import static org.wildfly.security.http.oidc.Oidc.TOKEN_SIGNATURE_ALGORITHM; import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.OAUTH2; import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST; import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST_URI; @@ -664,13 +684,13 @@ private InputStream getOidcConfigurationInputStream(String clientSecret) { private InputStream getOidcConfigurationInputStream(String clientSecret, String authServerUrl) { String oidcConfig = "{\n" + - " \"realm\" : \"" + TEST_REALM + "\",\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"auth-server-url\" : \"" + authServerUrl + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + clientSecret + "\"\n" + + " \"" + REALM + "\" : \"" + TEST_REALM + "\",\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + AUTH_SERVER_URL + "\" : \"" + authServerUrl + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + clientSecret + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -678,12 +698,12 @@ private InputStream getOidcConfigurationInputStream(String clientSecret, String private InputStream getOidcConfigurationInputStreamWithEnvironmentVariableExpression() { String oidcConfig = "{\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "${oidc.provider-url-env}\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "${oidc.provider-url-env}\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -691,12 +711,12 @@ private InputStream getOidcConfigurationInputStreamWithEnvironmentVariableExpres private InputStream getOidcConfigurationInputStreamWithSystemPropertyExpression() { String oidcConfig = "{\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"${oidc.provider.url}\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"${oidc.provider.url}\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -704,12 +724,12 @@ private InputStream getOidcConfigurationInputStreamWithSystemPropertyExpression( private InputStream getOidcConfigurationInputStreamWithProviderUrlTrailingSlash() { String oidcConfig = "{\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "/" + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "/" + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -717,11 +737,11 @@ private InputStream getOidcConfigurationInputStreamWithProviderUrlTrailingSlash( private InputStream getOidcConfigurationMissingRequiredOption() { String oidcConfig = "{\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -729,45 +749,43 @@ private InputStream getOidcConfigurationMissingRequiredOption() { private InputStream getOidcConfigurationInputStreamWithTokenSignatureAlgorithm() { String oidcConfig = "{\n" + - " \"token-signature-algorithm\" : \"RS256\",\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + TOKEN_SIGNATURE_ALGORITHM + "\" : \"RS256\",\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } private InputStream getOidcConfigurationInputStreamWithScope(String scopeValue){ String oidcConfig = "{\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"scope\" : \"" + scopeValue + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + SCOPE + "\" : \"" + scopeValue + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } private InputStream getOidcConfigurationInputStreamWithRequestParameter(String requestParameter, String signingAlgorithm, String encryptionAlgorithm, String encMethod){ String oidcConfig = "{\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + - " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" + - " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" + - " \"request-object-encryption-enc-value\" : \"" + encMethod + "\",\n" + - " \"scope\" : \"profile email phone\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + AUTHENTICATION_REQUEST_FORMAT + "\" : \"" + requestParameter + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_ALGORITHM + "\" : \"" + signingAlgorithm + "\",\n" + + " \"" + REQUEST_OBJECT_ENCRYPTION_ALG_VALUE + "\" : \"" + encryptionAlgorithm + "\",\n" + + " \"" + REQUEST_OBJECT_ENCRYPTION_ENC_VALUE + "\" : \"" + encMethod + "\",\n" + + " \"" + SCOPE + "\" : \"profile email phone\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -775,16 +793,15 @@ private InputStream getOidcConfigurationInputStreamWithRequestParameter(String r private InputStream getOidcConfigurationInputStreamWithoutEncValue(String requestParameter, String encryptionAlgorithm){ String oidcConfig = "{\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + - " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" + - " \"scope\" : \"profile email phone\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + AUTHENTICATION_REQUEST_FORMAT + "\" : \"" + requestParameter + "\",\n" + + " \"" + REQUEST_OBJECT_ENCRYPTION_ALG_VALUE + "\" : \"" + encryptionAlgorithm + "\",\n" + + " \"" + SCOPE + "\" : \"profile email phone\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -792,22 +809,22 @@ private InputStream getOidcConfigurationInputStreamWithoutEncValue(String reques private InputStream getOidcConfigurationInputStreamWithRequestParameter(String requestParameter, String signingAlgorithm, String encryptionAlgorithm, String encMethod, String keyStorePath, String alias, String keyStoreType){ String oidcConfig = "{\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + - " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" + - " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" + - " \"request-object-encryption-enc-value\" : \"" + encMethod + "\",\n" + - " \"request-object-signing-keystore-file\" : \"" + keyStorePath + "\",\n" + - " \"request-object-signing-keystore-type\" : \"" + keyStoreType + "\",\n" + - " \"request-object-signing-keystore-password\" : \"" + KEYSTORE_PASS + "\",\n" + - " \"request-object-signing-key-password\" : \"" + KEYSTORE_PASS + "\",\n" + - " \"request-object-signing-key-alias\" : \"" + alias + "\",\n" + - " \"scope\" : \"email phone profile\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + AUTHENTICATION_REQUEST_FORMAT + "\" : \"" + requestParameter + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_ALGORITHM + "\" : \"" + signingAlgorithm + "\",\n" + + " \"" + REQUEST_OBJECT_ENCRYPTION_ALG_VALUE + "\" : \"" + encryptionAlgorithm + "\",\n" + + " \"" + REQUEST_OBJECT_ENCRYPTION_ENC_VALUE + "\" : \"" + encMethod + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_KEYSTORE_FILE + "\" : \"" + keyStorePath + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE + "\" : \"" + keyStoreType + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD + "\" : \"" + KEYSTORE_PASS + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_KEY_PASSWORD + "\" : \"" + KEYSTORE_PASS + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_KEY_ALIAS + "\" : \"" + alias + "\",\n" + + " \"" + SCOPE + "\" : \"email phone profile\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -815,26 +832,26 @@ private InputStream getOidcConfigurationInputStreamWithRequestParameter(String r private InputStream getOidcConfigurationInputStreamWithRequestObjectPublicClient(String requestParameter, String signingAlgorithm){ String oidcConfig = "{\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + - " \"public-client\" : \"true\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"authentication-request-format\" : \"" + requestParameter + "\",\n" + - " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" + - " \"scope\" : \"email phone profile\"\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"true\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + AUTHENTICATION_REQUEST_FORMAT + "\" : \"" + requestParameter + "\",\n" + + " \"" + REQUEST_OBJECT_SIGNING_ALGORITHM + "\" : \"" + signingAlgorithm + "\",\n" + + " \"" + SCOPE + "\" : \"email phone profile\"\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); } private InputStream getOidcConfigurationInputStreamWithPrincipalAttribute(String principalAttributeValue) { String oidcConfig = "{\n" + - " \"principal-attribute\" : \"" + principalAttributeValue + "\",\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + PRINCIPAL_ATTRIBUTE + "\" : \"" + principalAttributeValue + "\",\n" + + " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -842,13 +859,13 @@ private InputStream getOidcConfigurationInputStreamWithPrincipalAttribute(String static InputStream getTenantConfigWithAuthServerUrl(String tenant) { String oidcConfig = "{\n" + - " \"realm\" : \"" + tenant + "\",\n" + - " \"resource\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"auth-server-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + REALM + "\" : \"" + tenant + "\",\n" + + " \""+ RESOURCE +"\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT +"\" : \"false\",\n" + + " \"" + AUTH_SERVER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8)); @@ -856,12 +873,12 @@ static InputStream getTenantConfigWithAuthServerUrl(String tenant) { static InputStream getTenantConfigWithProviderUrl(String tenant) { String oidcConfig = "{\n" + - " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + tenant + "\",\n" + - " \"client-id\" : \"" + CLIENT_ID + "\",\n" + - " \"public-client\" : \"false\",\n" + - " \"ssl-required\" : \"EXTERNAL\",\n" + - " \"credentials\" : {\n" + - " \"secret\" : \"" + CLIENT_SECRET + "\"\n" + + " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + tenant + "\",\n" + + " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" + + " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" + + " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" + + " \"" + CREDENTIALS + "\" : {\n" + + " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" + " }\n" + "}"; return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));