use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class KcOidcFirstBrokerLoginTest method testLinkAccountByReauthenticationWithDifferentBroker.
/**
* Tests that duplication is detected and user wants to link federatedIdentity with existing account. He will confirm link by reauthentication
* with different broker already linked to his account
*/
@Test
public void testLinkAccountByReauthenticationWithDifferentBroker() {
KcSamlBrokerConfiguration samlBrokerConfig = KcSamlBrokerConfiguration.INSTANCE;
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients().get(0);
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider();
RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
try {
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
consumerRealm.identityProviders().create(samlBroker);
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
logInWithBroker(samlBrokerConfig);
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
logInWithBroker(bc);
waitForPage(driver, "account already exists", false);
assertTrue(idpConfirmLinkPage.isCurrent());
assertEquals("User with email user@localhost.com already exists. How do you want to continue?", idpConfirmLinkPage.getMessage());
idpConfirmLinkPage.clickLinkAccount();
assertEquals("Authenticate to link your account with " + bc.getIDPAlias(), loginPage.getInfoMessage());
try {
this.loginPage.findSocialButton(bc.getIDPAlias());
org.junit.Assert.fail("Not expected to see social button with " + samlBrokerConfig.getIDPAlias());
} catch (NoSuchElementException expected) {
}
log.debug("Clicking social " + samlBrokerConfig.getIDPAlias());
loginPage.clickSocial(samlBrokerConfig.getIDPAlias());
waitForAccountManagementTitle();
accountUpdateProfilePage.assertCurrent();
assertNumFederatedIdentities(consumerRealm.users().search(samlBrokerConfig.getUserLogin()).get(0).getId(), 2);
} finally {
updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
removeUserByUsername(consumerRealm, "consumer");
}
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class KcAdmCreateTest method testCreateIDPWithoutSyncMode.
@Test
public void testCreateIDPWithoutSyncMode() throws IOException {
final String realm = "test";
final RealmResource realmResource = adminClient.realm(realm);
FileConfigHandler handler = initCustomConfigFile();
try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
loginAsUser(configFile.getFile(), serverUrl, realm, "user1", "userpass");
final File idpJson = new File("target/test-classes/cli/idp-keycloak-without-sync-mode.json");
KcAdmExec exe = execute("create identity-provider/instances/ -r " + realm + " -f " + idpJson.getAbsolutePath() + " --config " + configFile.getFile());
assertExitCodeAndStdErrSize(exe, 0, 1);
}
// If the sync mode is not present on creating the idp, it will never be added automatically. However, the model will always assume "LEGACY", so no errors should occur.
Assert.assertNull(realmResource.identityProviders().get("idpAlias").toRepresentation().getConfig().get(IdentityProviderModel.SYNC_MODE));
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class KcOidcBrokerLogoutTest method addIdentityProviderToProviderRealm.
@Before
public void addIdentityProviderToProviderRealm() {
log.debug("adding identity provider to realm " + bc.consumerRealmName());
final RealmResource realm = adminClient.realm(bc.consumerRealmName());
realm.identityProviders().create(bc.setUpIdentityProvider()).close();
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class KcOidcBrokerPromptNoneRedirectTest method testRequireConsentReturnsInteractionRequired.
/**
* Tests that an auth request with {@code prompt=none} that is forwarded to a default IDP returns a {@code interaction_required}
* error message if the IDP requires consent as part of the authentication process. Per spec, when {@code prompt=none} is used
* the server must not display any authentication or consent user interface pages.
*
* @throws Exception if an error occurs while running the test.
*/
@Test
public void testRequireConsentReturnsInteractionRequired() throws Exception {
RealmResource brokeredRealm = adminClient.realm(bc.providerRealmName());
List<ClientRepresentation> clients = brokeredRealm.clients().findByClientId(CLIENT_ID);
org.junit.Assert.assertEquals(1, clients.size());
ClientRepresentation brokerApp = clients.get(0);
brokerApp.setConsentRequired(true);
brokeredRealm.clients().get(brokerApp.getId()).update(brokerApp);
/* verify that the interaction_required error is returned with sending auth request to the consumer realm with prompt=none. */
checkAuthWithPromptNoneReturnsInteractionRequired();
}
use of org.keycloak.admin.client.resource.RealmResource in project keycloak by keycloak.
the class AbstractMigrationTest method testIdentityProviderAuthenticator.
protected void testIdentityProviderAuthenticator(RealmResource... realms) {
log.info("testing identity provider authenticator");
for (RealmResource realm : realms) {
boolean success = false;
for (AuthenticationFlowRepresentation flow : realm.flows().getFlows()) {
if (flow.getAlias().equals(DefaultAuthenticationFlows.BROWSER_FLOW)) {
for (AuthenticationExecutionExportRepresentation execution : flow.getAuthenticationExecutions()) {
if ("identity-provider-redirector".equals(execution.getAuthenticator())) {
assertEquals("Requirement should be ALTERNATIVE.", AuthenticationExecutionModel.Requirement.ALTERNATIVE.name(), execution.getRequirement());
assertTrue("Priority should be 25.", execution.getPriority() == 25);
success = true;
}
}
}
}
if (!success) {
fail("BROWSER_FLOW should contain execution: 'identity-provider-redirector' authenticator.");
}
}
}
Aggregations