Search in sources :

Example 46 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class X509BrowserCRLTest method loginFailedWithIntermediateRevocationListFromHttp.

@Test
public void loginFailedWithIntermediateRevocationListFromHttp() {
    X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setCRLEnabled(true).setCRLRelativePath(CRLRule.CRL_RESPONDER_ORIGIN + "/" + INTERMEDIATE_CA_CRL_PATH).setConfirmationPageAllowed(true).setMappingSourceType(SUBJECTDN_EMAIL).setUserIdentityMapperType(USERNAME_EMAIL);
    AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", config.getConfig());
    String cfgId = createConfig(browserExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    assertLoginFailedDueRevokedCertificate();
}
Also used : X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 47 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class CustomAuthFlowOTPTest method setConditionalOTPForm.

private void setConditionalOTPForm(Map<String, String> config) {
    List<AuthenticationFlowRepresentation> authFlows = getAuthMgmtResource().getFlows();
    for (AuthenticationFlowRepresentation flow : authFlows) {
        if ("ConditionalOTPFlow".equals(flow.getAlias())) {
            // update realm browser flow
            RealmRepresentation realm = testRealmResource().toRepresentation();
            realm.setBrowserFlow(DefaultAuthenticationFlows.BROWSER_FLOW);
            testRealmResource().update(realm);
            getAuthMgmtResource().deleteFlow(flow.getId());
            break;
        }
    }
    String flowAlias = "ConditionalOTPFlow";
    String provider = "auth-conditional-otp-form";
    // create flow
    AuthenticationFlowRepresentation flow = new AuthenticationFlowRepresentation();
    flow.setAlias(flowAlias);
    flow.setDescription("");
    flow.setProviderId("basic-flow");
    flow.setTopLevel(true);
    flow.setBuiltIn(false);
    Response response = getAuthMgmtResource().createFlow(flow);
    assertEquals(flowAlias + " create success", 201, response.getStatus());
    response.close();
    // add execution - username-password form
    Map<String, String> data = new HashMap<>();
    data.put("provider", "auth-username-password-form");
    getAuthMgmtResource().addExecution(flowAlias, data);
    // set username-password requirement to required
    updateRequirement(flowAlias, "auth-username-password-form", Requirement.REQUIRED);
    // add execution - conditional OTP
    data.clear();
    data.put("provider", provider);
    getAuthMgmtResource().addExecution(flowAlias, data);
    // set Conditional OTP requirement to required
    updateRequirement(flowAlias, provider, Requirement.REQUIRED);
    // update realm browser flow
    RealmRepresentation realm = testRealmResource().toRepresentation();
    realm.setBrowserFlow(flowAlias);
    testRealmResource().update(realm);
    // get executionId
    String executionId = getExecution(flowAlias, provider).getId();
    // prepare auth config
    AuthenticatorConfigRepresentation authConfig = new AuthenticatorConfigRepresentation();
    authConfig.setAlias("Config alias");
    authConfig.setConfig(config);
    // add auth config to the execution
    response = getAuthMgmtResource().newExecutionConfig(executionId, authConfig);
    assertEquals("new execution success", 201, response.getStatus());
    getCleanup().addAuthenticationConfigId(ApiUtil.getCreatedId(response));
    response.close();
}
Also used : Response(javax.ws.rs.core.Response) HashMap(java.util.HashMap) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation)

Example 48 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class PermissionsTest method flows.

@Test
public void flows() throws Exception {
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getFormProviders();
        }
    }, Resource.REALM, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getAuthenticatorProviders();
        }
    }, Resource.REALM, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getClientAuthenticatorProviders();
        }
    }, Resource.REALM, false, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getFormActionProviders();
        }
    }, Resource.REALM, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getFlows();
        }
    }, Resource.REALM, false, true);
    invoke(new InvocationWithResponse() {

        public void invoke(RealmResource realm, AtomicReference<Response> response) {
            response.set(realm.flows().createFlow(new AuthenticationFlowRepresentation()));
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getFlow("nosuch");
        }
    }, Resource.REALM, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().deleteFlow("nosuch");
        }
    }, Resource.REALM, true);
    invoke(new InvocationWithResponse() {

        public void invoke(RealmResource realm, AtomicReference<Response> response) {
            response.set(realm.flows().copy("nosuch", Collections.<String, String>emptyMap()));
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().addExecutionFlow("nosuch", Collections.<String, String>emptyMap());
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().addExecution("nosuch", Collections.<String, String>emptyMap());
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getExecutions("nosuch");
        }
    }, Resource.REALM, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().updateExecutions("nosuch", new AuthenticationExecutionInfoRepresentation());
        }
    }, Resource.REALM, true);
    invoke(new InvocationWithResponse() {

        public void invoke(RealmResource realm, AtomicReference<Response> response) {
            AuthenticationExecutionRepresentation rep = new AuthenticationExecutionRepresentation();
            rep.setAuthenticator("auth-cookie");
            rep.setRequirement("CONDITIONAL");
            response.set(realm.flows().addExecution(rep));
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().raisePriority("nosuch");
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().lowerPriority("nosuch");
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().removeExecution("nosuch");
        }
    }, Resource.REALM, true);
    invoke(new InvocationWithResponse() {

        public void invoke(RealmResource realm, AtomicReference<Response> response) {
            response.set(realm.flows().newExecutionConfig("nosuch", new AuthenticatorConfigRepresentation()));
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getAuthenticatorConfig("nosuch");
        }
    }, Resource.REALM, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getUnregisteredRequiredActions();
        }
    }, Resource.REALM, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().registerRequiredAction(new RequiredActionProviderSimpleRepresentation());
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getRequiredActions();
        }
    }, Resource.REALM, false, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getRequiredAction("nosuch");
        }
    }, Resource.REALM, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().removeRequiredAction("nosuch");
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().updateRequiredAction("nosuch", new RequiredActionProviderRepresentation());
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getAuthenticatorConfigDescription("nosuch");
        }
    }, Resource.REALM, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getPerClientConfigDescription();
        }
    }, Resource.REALM, false, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().getAuthenticatorConfig("nosuch");
        }
    }, Resource.REALM, false);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().removeAuthenticatorConfig("nosuch");
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            realm.flows().updateAuthenticatorConfig("nosuch", new AuthenticatorConfigRepresentation());
        }
    }, Resource.REALM, true);
    invoke(new Invocation() {

        public void invoke(RealmResource realm) {
            clients.get(AdminRoles.VIEW_REALM).realm(REALM_NAME).flows().getPerClientConfigDescription();
            clients.get(AdminRoles.VIEW_REALM).realm(REALM_NAME).flows().getClientAuthenticatorProviders();
            clients.get(AdminRoles.VIEW_REALM).realm(REALM_NAME).flows().getRequiredActions();
        }
    }, adminClient, true);
    // Re-create realm
    adminClient.realm(REALM_NAME).remove();
    recreatePermissionRealm();
}
Also used : Response(javax.ws.rs.core.Response) RequiredActionProviderRepresentation(org.keycloak.representations.idm.RequiredActionProviderRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) AuthenticationExecutionRepresentation(org.keycloak.representations.idm.AuthenticationExecutionRepresentation) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) RequiredActionProviderSimpleRepresentation(org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 49 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class AuthenticatorConfigTest method testCreateConfig.

@Test
public void testCreateConfig() {
    AuthenticatorConfigRepresentation cfg = newConfig("foo", IdpCreateUserIfUniqueAuthenticatorFactory.REQUIRE_PASSWORD_UPDATE_AFTER_REGISTRATION, "true");
    // Attempt to create config for non-existent execution
    Response response = authMgmtResource.newExecutionConfig("exec-id-doesnt-exists", cfg);
    Assert.assertEquals(404, response.getStatus());
    response.close();
    // Create config success
    String cfgId = createConfig(executionId, cfg);
    // Assert found
    AuthenticatorConfigRepresentation cfgRep = authMgmtResource.getAuthenticatorConfig(cfgId);
    assertConfig(cfgRep, cfgId, "foo", IdpCreateUserIfUniqueAuthenticatorFactory.REQUIRE_PASSWORD_UPDATE_AFTER_REGISTRATION, "true");
    // Cleanup
    authMgmtResource.removeAuthenticatorConfig(cfgId);
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionConfigPath(cfgId), ResourceType.AUTHENTICATOR_CONFIG);
}
Also used : Response(javax.ws.rs.core.Response) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 50 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class AuthenticatorConfigTest method testCreateConfigWithReservedChar.

@Test
public void testCreateConfigWithReservedChar() {
    AuthenticatorConfigRepresentation cfg = newConfig("f!oo", IdpCreateUserIfUniqueAuthenticatorFactory.REQUIRE_PASSWORD_UPDATE_AFTER_REGISTRATION, "true");
    Response resp = authMgmtResource.newExecutionConfig(executionId, cfg);
    Assert.assertEquals(400, resp.getStatus());
}
Also used : Response(javax.ws.rs.core.Response) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Aggregations

AuthenticatorConfigRepresentation (org.keycloak.representations.idm.AuthenticatorConfigRepresentation)53 Test (org.junit.Test)43 Matchers.containsString (org.hamcrest.Matchers.containsString)36 X509AuthenticatorConfigModel (org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel)24 OAuthClient (org.keycloak.testsuite.util.OAuthClient)18 Response (javax.ws.rs.core.Response)7 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)6 HashMap (java.util.HashMap)5 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)4 AuthenticationExecutionInfoRepresentation (org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)4 AuthenticationFlowRepresentation (org.keycloak.representations.idm.AuthenticationFlowRepresentation)4 AssertEvents (org.keycloak.testsuite.AssertEvents)4 NotFoundException (javax.ws.rs.NotFoundException)2 LinkedHashMap (java.util.LinkedHashMap)1 Ignore (org.junit.Ignore)1 AuthenticationManagementResource (org.keycloak.admin.client.resource.AuthenticationManagementResource)1 RealmResource (org.keycloak.admin.client.resource.RealmResource)1 MultivaluedHashMap (org.keycloak.common.util.MultivaluedHashMap)1 AuthenticationExecutionModel (org.keycloak.models.AuthenticationExecutionModel)1 AuthenticationFlowModel (org.keycloak.models.AuthenticationFlowModel)1