Search in sources :

Example 21 with X509AuthenticatorConfigModel

use of org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel in project keycloak by keycloak.

the class X509BrowserCRLTest method loginFailedWithInvalidSignatureCRL.

@Test
public void loginFailedWithInvalidSignatureCRL() {
    X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setCRLEnabled(true).setCRLRelativePath(CRLRule.CRL_RESPONDER_ORIGIN + "/" + INTERMEDIATE_CA_INVALID_SIGNATURE_CRL_PATH).setConfirmationPageAllowed(true).setMappingSourceType(SUBJECTDN_EMAIL).setUserIdentityMapperType(USERNAME_EMAIL);
    AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", config.getConfig());
    String cfgId = createConfig(browserExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    // Verify there is an error message because of invalid CRL signature
    assertLoginFailedWithExpectedX509Error("Certificate validation's failed.\nSignature length not correct");
}
Also used : X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 22 with X509AuthenticatorConfigModel

use of org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel in project keycloak by keycloak.

the class X509BrowserCRLTest method loginFailedWithRevocationListFromDistributionPoints.

@Test
public void loginFailedWithRevocationListFromDistributionPoints() {
    X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setCRLEnabled(true).setCRLDistributionPointEnabled(true).setConfirmationPageAllowed(true).setMappingSourceType(SUBJECTDN_EMAIL).setUserIdentityMapperType(USERNAME_EMAIL);
    AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", config.getConfig());
    String cfgId = createConfig(browserExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    assertLoginFailedDueRevokedCertificate();
}
Also used : X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 23 with X509AuthenticatorConfigModel

use of org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel in project keycloak by keycloak.

the class X509BrowserLoginTest method loginAsUserFromHexCertSerialnumberAndIssuerDNMappedToUserAttribute.

@Test
public void loginAsUserFromHexCertSerialnumberAndIssuerDNMappedToUserAttribute() {
    UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
    Assert.assertNotNull(user);
    user.singleAttribute("x509_certificate_serialnumber", "1009");
    user.singleAttribute("x509_issuer_dn", "EMAILADDRESS=contact@keycloak.org, CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US");
    this.updateUser(user);
    events.clear();
    X509AuthenticatorConfigModel config = createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SERIALNUMBER_ISSUERDN, "x509_certificate_serialnumber##x509_issuer_dn");
    config.setSerialnumberHex(true);
    x509BrowserLogin(config, userId2, "keycloak", "1009##EMAILADDRESS=contact@keycloak.org, CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US");
}
Also used : X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 24 with X509AuthenticatorConfigModel

use of org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel in project keycloak by keycloak.

the class X509BrowserLoginTest method loginWithNonMatchingRegex.

@Test
public void loginWithNonMatchingRegex() throws Exception {
    X509AuthenticatorConfigModel config = createLoginIssuerDN_OU2CustomAttributeConfig();
    config.setRegularExpression("INVALID=(.*?)(?:,|$)");
    AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", config.getConfig());
    String cfgId = createConfig(browserExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    loginConfirmationPage.open();
    events.expectLogin().user((String) null).session((String) null).error("invalid_user_credentials").removeDetail(Details.CONSENT).removeDetail(Details.REDIRECT_URI).assertEvent();
}
Also used : X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 25 with X509AuthenticatorConfigModel

use of org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel in project keycloak by keycloak.

the class X509DirectGrantTest method loginForceTemporaryAccountLock.

private void loginForceTemporaryAccountLock() throws Exception {
    X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setMappingSourceType(ISSUERDN).setRegularExpression("OU=(.*?)(?:,|$)").setUserIdentityMapperType(USER_ATTRIBUTE).setCustomAttributeName("x509_certificate_identity");
    AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", config.getConfig());
    String cfgId = createConfig(directGrantExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    UserRepresentation user = testRealm().users().get(userId).toRepresentation();
    Assert.assertNotNull(user);
    user.singleAttribute("x509_certificate_identity", "-");
    this.updateUser(user);
    events.clear();
    oauth.clientId("resource-owner");
    oauth.doGrantAccessTokenRequest("secret", "", "", null);
    oauth.doGrantAccessTokenRequest("secret", "", "", null);
    oauth.doGrantAccessTokenRequest("secret", "", "", null);
    events.clear();
}
Also used : X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation)

Aggregations

X509AuthenticatorConfigModel (org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel)28 Test (org.junit.Test)27 Matchers.containsString (org.hamcrest.Matchers.containsString)24 AuthenticatorConfigRepresentation (org.keycloak.representations.idm.AuthenticatorConfigRepresentation)24 OAuthClient (org.keycloak.testsuite.util.OAuthClient)12 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)4 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)4 AssertEvents (org.keycloak.testsuite.AssertEvents)2