use of org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel in project keycloak by keycloak.
the class X509DirectGrantTest method loginCertificateRevoked.
@Test
public void loginCertificateRevoked() throws Exception {
// Not possible to test file CRL on undertow at this moment - jboss config dir doesn't exist
ContainerAssume.assumeNotAuthServerUndertow();
X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setCRLEnabled(true).setCRLRelativePath(INTERMEDIATE_CA_CRL_PATH).setConfirmationPageAllowed(true).setMappingSourceType(SUBJECTDN_EMAIL).setUserIdentityMapperType(USERNAME_EMAIL);
AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", config.getConfig());
String cfgId = createConfig(directGrantExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
oauth.clientId("resource-owner");
OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null);
assertEquals(401, response.getStatusCode());
assertEquals("invalid_request", response.getError());
Assert.assertThat(response.getErrorDescription(), containsString("Certificate has been revoked, certificate's subject:"));
}
use of org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel in project keycloak by keycloak.
the class X509BrowserCRLTest method loginFailedWithIntermediateRevocationListFromHttp.
@Test
public void loginFailedWithIntermediateRevocationListFromHttp() {
X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setCRLEnabled(true).setCRLRelativePath(CRLRule.CRL_RESPONDER_ORIGIN + "/" + INTERMEDIATE_CA_CRL_PATH).setConfirmationPageAllowed(true).setMappingSourceType(SUBJECTDN_EMAIL).setUserIdentityMapperType(USERNAME_EMAIL);
AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", config.getConfig());
String cfgId = createConfig(browserExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
assertLoginFailedDueRevokedCertificate();
}
use of org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel in project keycloak by keycloak.
the class X509BrowserCRLTest method loginSuccessWithEmptyRevocationListFromHttp.
@Test
public void loginSuccessWithEmptyRevocationListFromHttp() {
X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setCRLEnabled(true).setCRLRelativePath(CRLRule.CRL_RESPONDER_ORIGIN + "/" + EMPTY_CRL_PATH).setConfirmationPageAllowed(true).setMappingSourceType(SUBJECTDN_EMAIL).setUserIdentityMapperType(USERNAME_EMAIL);
x509BrowserLogin(config, userId, "test-user@localhost", "test-user@localhost");
}
Aggregations