Search in sources :

Example 61 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class KcOidcFirstBrokerLoginTest method testLinkAccountByReauthenticationWithDifferentBroker.

/**
 * Tests that duplication is detected and user wants to link federatedIdentity with existing account. He will confirm link by reauthentication
 * with different broker already linked to his account
 */
@Test
public void testLinkAccountByReauthenticationWithDifferentBroker() {
    KcSamlBrokerConfiguration samlBrokerConfig = KcSamlBrokerConfiguration.INSTANCE;
    ClientRepresentation samlClient = samlBrokerConfig.createProviderClients().get(0);
    IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider();
    RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
    try {
        updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
        adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
        consumerRealm.identityProviders().create(samlBroker);
        driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
        logInWithBroker(samlBrokerConfig);
        waitForAccountManagementTitle();
        accountUpdateProfilePage.assertCurrent();
        logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
        logInWithBroker(bc);
        waitForPage(driver, "account already exists", false);
        assertTrue(idpConfirmLinkPage.isCurrent());
        assertEquals("User with email user@localhost.com already exists. How do you want to continue?", idpConfirmLinkPage.getMessage());
        idpConfirmLinkPage.clickLinkAccount();
        assertEquals("Authenticate to link your account with " + bc.getIDPAlias(), loginPage.getInfoMessage());
        try {
            this.loginPage.findSocialButton(bc.getIDPAlias());
            org.junit.Assert.fail("Not expected to see social button with " + samlBrokerConfig.getIDPAlias());
        } catch (NoSuchElementException expected) {
        }
        log.debug("Clicking social " + samlBrokerConfig.getIDPAlias());
        loginPage.clickSocial(samlBrokerConfig.getIDPAlias());
        waitForAccountManagementTitle();
        accountUpdateProfilePage.assertCurrent();
        assertNumFederatedIdentities(consumerRealm.users().search(samlBrokerConfig.getUserLogin()).get(0).getId(), 2);
    } finally {
        updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
        removeUserByUsername(consumerRealm, "consumer");
    }
}
Also used : RealmResource(org.keycloak.admin.client.resource.RealmResource) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) NoSuchElementException(org.openqa.selenium.NoSuchElementException) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 62 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class KcAdmCreateTest method testCreateIDPWithoutSyncMode.

@Test
public void testCreateIDPWithoutSyncMode() throws IOException {
    final String realm = "test";
    final RealmResource realmResource = adminClient.realm(realm);
    FileConfigHandler handler = initCustomConfigFile();
    try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
        loginAsUser(configFile.getFile(), serverUrl, realm, "user1", "userpass");
        final File idpJson = new File("target/test-classes/cli/idp-keycloak-without-sync-mode.json");
        KcAdmExec exe = execute("create identity-provider/instances/ -r " + realm + " -f " + idpJson.getAbsolutePath() + " --config " + configFile.getFile());
        assertExitCodeAndStdErrSize(exe, 0, 1);
    }
    // If the sync mode is not present on creating the idp, it will never be added automatically. However, the model will always assume "LEGACY", so no errors should occur.
    Assert.assertNull(realmResource.identityProviders().get("idpAlias").toRepresentation().getConfig().get(IdentityProviderModel.SYNC_MODE));
}
Also used : FileConfigHandler(org.keycloak.client.admin.cli.config.FileConfigHandler) RealmResource(org.keycloak.admin.client.resource.RealmResource) KcAdmExec(org.keycloak.testsuite.cli.KcAdmExec) File(java.io.File) TempFileResource(org.keycloak.testsuite.util.TempFileResource) Test(org.junit.Test)

Example 63 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class KcOidcBrokerLogoutTest method addIdentityProviderToProviderRealm.

@Before
public void addIdentityProviderToProviderRealm() {
    log.debug("adding identity provider to realm " + bc.consumerRealmName());
    final RealmResource realm = adminClient.realm(bc.consumerRealmName());
    realm.identityProviders().create(bc.setUpIdentityProvider()).close();
}
Also used : RealmResource(org.keycloak.admin.client.resource.RealmResource) Before(org.junit.Before)

Example 64 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class KcOidcBrokerPromptNoneRedirectTest method testRequireConsentReturnsInteractionRequired.

/**
 * Tests that an auth request with {@code prompt=none} that is forwarded to a default IDP returns a {@code interaction_required}
 * error message if the IDP requires consent as part of the authentication process. Per spec, when {@code prompt=none} is used
 * the server must not display any authentication or consent user interface pages.
 *
 * @throws Exception if an error occurs while running the test.
 */
@Test
public void testRequireConsentReturnsInteractionRequired() throws Exception {
    RealmResource brokeredRealm = adminClient.realm(bc.providerRealmName());
    List<ClientRepresentation> clients = brokeredRealm.clients().findByClientId(CLIENT_ID);
    org.junit.Assert.assertEquals(1, clients.size());
    ClientRepresentation brokerApp = clients.get(0);
    brokerApp.setConsentRequired(true);
    brokeredRealm.clients().get(brokerApp.getId()).update(brokerApp);
    /* verify that the interaction_required error is returned with sending auth request to the consumer realm with prompt=none. */
    checkAuthWithPromptNoneReturnsInteractionRequired();
}
Also used : RealmResource(org.keycloak.admin.client.resource.RealmResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 65 with RealmResource

use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.

the class AbstractMigrationTest method testIdentityProviderAuthenticator.

protected void testIdentityProviderAuthenticator(RealmResource... realms) {
    log.info("testing identity provider authenticator");
    for (RealmResource realm : realms) {
        boolean success = false;
        for (AuthenticationFlowRepresentation flow : realm.flows().getFlows()) {
            if (flow.getAlias().equals(DefaultAuthenticationFlows.BROWSER_FLOW)) {
                for (AuthenticationExecutionExportRepresentation execution : flow.getAuthenticationExecutions()) {
                    if ("identity-provider-redirector".equals(execution.getAuthenticator())) {
                        assertEquals("Requirement should be ALTERNATIVE.", AuthenticationExecutionModel.Requirement.ALTERNATIVE.name(), execution.getRequirement());
                        assertTrue("Priority should be 25.", execution.getPriority() == 25);
                        success = true;
                    }
                }
            }
        }
        if (!success) {
            fail("BROWSER_FLOW should contain execution: 'identity-provider-redirector' authenticator.");
        }
    }
}
Also used : RealmResource(org.keycloak.admin.client.resource.RealmResource) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) AuthenticationExecutionExportRepresentation(org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation)

Aggregations

RealmResource (org.keycloak.admin.client.resource.RealmResource)263 Test (org.junit.Test)190 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)67 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)61 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)58 Response (javax.ws.rs.core.Response)55 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)48 ClientResource (org.keycloak.admin.client.resource.ClientResource)39 OAuthClient (org.keycloak.testsuite.util.OAuthClient)37 GroupRepresentation (org.keycloak.representations.idm.GroupRepresentation)36 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)34 Before (org.junit.Before)31 UserResource (org.keycloak.admin.client.resource.UserResource)30 IdentityProviderRepresentation (org.keycloak.representations.idm.IdentityProviderRepresentation)25 List (java.util.List)19 LinkedList (java.util.LinkedList)16 ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)16 VerifyProfileTest (org.keycloak.testsuite.forms.VerifyProfileTest)14 ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)13 AccessToken (org.keycloak.representations.AccessToken)12