Ejemplo n.º 1
0
        /// <summary>
        /// Remove roles from the group in keycloak.
        /// </summary>
        /// <param name="group"></param>
        /// <param name="role"></param>
        /// <returns></returns>
        private async Task RemoveRolesFromGroupInKeycloak(KModel.GroupModel group, RoleModel role)
        {
            var removeRoles = group.RealmRoles.Where(r => !role.Claims.Select(c => c.Name).Contains(r));

            foreach (var rname in removeRoles)
            {
                // Get the matching role from keycloak.
                var krole = await _client.HandleRequestAsync <KModel.RoleModel>(HttpMethod.Get, $"{_options.Auth.Keycloak.Admin.Authority}/roles/{rname}");

                var roles = new[] {
                    new KModel.RoleModel()
                    {
                        Id          = krole.Id,
                        Name        = krole.Name,
                        Composite   = false,
                        ClientRole  = false,
                        ContainerId = _options.Auth.Keycloak.Realm,
                        Description = krole.Description
                    }
                };

                // Update the group in keycloak.
                var response = await _client.SendJsonAsync($"{_options.Auth.Keycloak.Admin.Authority}/groups/{group.Id}/role-mappings/realm", HttpMethod.Delete, roles);

                if (!response.IsSuccessStatusCode)
                {
                    throw new HttpClientRequestException(response, $"Failed to update the group '{role.Name}' removing role '{rname}' in keycloak");
                }
            }
        }
Ejemplo n.º 2
0
        /// <summary>
        /// Add a group to keycloak.
        /// </summary>
        /// <param name="role"></param>
        /// <returns></returns>
        private async Task <KModel.GroupModel> AddGroupToKeycloak(RoleModel role)
        {
            var addGroup = new KModel.GroupModel()
            {
                Name       = role.Name,
                Path       = $"/{role.Name}",
                RealmRoles = role.Claims.Select(c => c.Name).ToArray()
            };

            // Add the group to keycloak and sync with PIMS.
            var response = await _client.SendJsonAsync($"{_options.Auth.Keycloak.Admin.Authority}/groups", HttpMethod.Post, addGroup);

            if (response.StatusCode == HttpStatusCode.Created)
            {
                // Get the Group Id
                var groups = await _client.HandleRequestAsync <IEnumerable <KModel.GroupModel> >(HttpMethod.Get, $"{_options.Auth.Keycloak.Admin.Authority}/groups?search={role.Name}");

                role.KeycloakGroupId = groups.FirstOrDefault().Id;
                return(await GetKeycloakGroupAsync(role, false));
            }
            else
            {
                throw new HttpClientRequestException(response, $"Failed to add the group '{role.Name}' to keycloak");
            }
        }
Ejemplo n.º 3
0
        /// <summary>
        /// Add roles to the group in keycloak.
        /// </summary>
        /// <param name="group"></param>
        /// <param name="role"></param>
        /// <returns></returns>
        private async Task AddRolesToGroupInKeycloak(KModel.GroupModel group, RoleModel role)
        {
            foreach (var claim in role.Claims)
            {
                // Get the matching role from keycloak.
                //var krole = await HandleRequestAsync<KModel.RoleModel>(HttpMethod.Get, $"{_options.Auth.Keycloak.Admin.Authority}/roles/{claim.Name}");
                var roles = role.Claims.Select(c => new KModel.RoleModel()
                {
                    Id          = c.KeycloakRoleId.Value,
                    Name        = c.Name,
                    Composite   = false,
                    ClientRole  = false,
                    ContainerId = _options.Auth.Keycloak.Realm,
                    Description = c.Description
                }).ToArray();

                // Update the group in keycloak.
                var response = await _client.SendJsonAsync($"{_options.Auth.Keycloak.Admin.Authority}/groups/{group.Id}/role-mappings/realm", HttpMethod.Post, roles);

                if (!response.IsSuccessStatusCode)
                {
                    throw new HttpClientRequestException(response, $"Failed to update the group '{role.Name}' with the role '{claim.Name}' in keycloak");
                }
            }
        }
Ejemplo n.º 4
0
        /// <summary>
        /// Update a group in keycloak.
        /// </summary>
        /// <param name="group"></param>
        /// <param name="role"></param>
        /// <returns></returns>
        private async Task <KModel.GroupModel> UpdateGroupInKeycloak(KModel.GroupModel group, RoleModel role)
        {
            // Update the group in keycloak.
            var response = await _client.SendJsonAsync($"{_options.Auth.Keycloak.Admin.Authority}/groups/{group.Id}", HttpMethod.Put, group);

            if (response.IsSuccessStatusCode)
            {
                await RemoveRolesFromGroupInKeycloak(group, role);
                await AddRolesToGroupInKeycloak(group, role);

                return(await GetKeycloakGroupAsync(role, false));
            }
            else
            {
                throw new HttpClientRequestException(response, $"Failed to update the group '{role.Name}' in keycloak");
            }
        }