Search in sources :

Example 6 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class AbstractBrokerTest method enableRequirePassword.

static void enableRequirePassword(AuthenticationExecutionInfoRepresentation execution, AuthenticationManagementResource flows) {
    String id = execution.getAuthenticationConfig();
    if (id != null) {
        AuthenticatorConfigRepresentation authenticatorConfig = flows.getAuthenticatorConfig(id);
        if (authenticatorConfig != null) {
            Map<String, String> config = authenticatorConfig.getConfig();
            if (config != null && config.containsKey(IdpCreateUserIfUniqueAuthenticatorFactory.REQUIRE_PASSWORD_UPDATE_AFTER_REGISTRATION)) {
                config.put(IdpCreateUserIfUniqueAuthenticatorFactory.REQUIRE_PASSWORD_UPDATE_AFTER_REGISTRATION, Boolean.TRUE.toString());
            }
            flows.updateAuthenticatorConfig(authenticatorConfig.getId(), authenticatorConfig);
        }
    }
}
Also used : AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation)

Example 7 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class AbstractX509AuthenticationTest method x509BrowserLogin.

protected void x509BrowserLogin(X509AuthenticatorConfigModel config, String userId, String username, String attemptedUsername) {
    AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", config.getConfig());
    String cfgId = createConfig(browserExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    loginConfirmationPage.open();
    Assert.assertTrue(loginConfirmationPage.getSubjectDistinguishedNameText().startsWith("EMAILADDRESS=test-user@localhost"));
    Assert.assertEquals(username, loginConfirmationPage.getUsernameText());
    loginConfirmationPage.confirm();
    Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
    Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
    AssertEvents.ExpectedEvent expectedEvent = events.expectLogin().user(userId).detail(Details.USERNAME, attemptedUsername).removeDetail(Details.REDIRECT_URI);
    addX509CertificateDetails(expectedEvent).assertEvent();
}
Also used : AssertEvents(org.keycloak.testsuite.AssertEvents) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation)

Example 8 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class X509BrowserLoginTest method loginValidCertificateDisabledUser.

@Test
public void loginValidCertificateDisabledUser() {
    setUserEnabled("test-user@localhost", false);
    try {
        AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", createLoginSubjectEmail2UsernameOrEmailConfig().getConfig());
        String cfgId = createConfig(browserExecution.getId(), cfg);
        Assert.assertNotNull(cfgId);
        loginConfirmationPage.open();
        loginPage.assertCurrent();
        Assert.assertNotNull(loginPage.getError());
        Assert.assertThat(loginPage.getError(), containsString("X509 certificate authentication's failed.\nUser is disabled"));
        events.expectLogin().user(userId).session((String) null).error("user_disabled").detail(Details.USERNAME, "test-user@localhost").removeDetail(Details.CONSENT).removeDetail(Details.REDIRECT_URI).assertEvent();
        loginPage.login("test-user@localhost", "password");
        loginPage.assertCurrent();
        // KEYCLOAK-1741 - assert form field values kept
        Assert.assertEquals("test-user@localhost", loginPage.getUsername());
        Assert.assertEquals("", loginPage.getPassword());
        // KEYCLOAK-2024
        Assert.assertEquals("Account is disabled, contact your administrator.", loginPage.getError());
        events.expectLogin().user(userId).session((String) null).error("user_disabled").detail(Details.USERNAME, "test-user@localhost").removeDetail(Details.CONSENT).removeDetail(Details.REDIRECT_URI).assertEvent();
    } finally {
        setUserEnabled("test-user@localhost", true);
    }
}
Also used : Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 9 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class X509BrowserLoginTest method loginWithX509CertCustomAttributeUserNotFound.

@Test
public void loginWithX509CertCustomAttributeUserNotFound() {
    X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setConfirmationPageAllowed(true).setMappingSourceType(SUBJECTDN).setRegularExpression("O=(.*?)(?:,|$)").setCustomAttributeName("x509_certificate_identity").setUserIdentityMapperType(USER_ATTRIBUTE);
    AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", config.getConfig());
    String cfgId = createConfig(browserExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    loginConfirmationPage.open();
    loginPage.assertCurrent();
    // Verify there is an error message
    Assert.assertNotNull(loginPage.getError());
    Assert.assertThat(loginPage.getError(), containsString("X509 certificate authentication's failed."));
    events.expectLogin().user((String) null).session((String) null).error("user_not_found").detail(Details.USERNAME, "Red Hat").removeDetail(Details.CONSENT).removeDetail(Details.REDIRECT_URI).assertEvent();
    // Continue with form based login
    loginPage.login("test-user@localhost", "password");
    Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
    Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
    events.expectLogin().user(userId).detail(Details.USERNAME, "test-user@localhost").removeDetail(Details.REDIRECT_URI).assertEvent();
}
Also used : X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 10 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class X509BrowserLoginTest method loginIgnoreX509IdentityContinueToFormLogin.

@Test
public void loginIgnoreX509IdentityContinueToFormLogin() throws Exception {
    // Set the X509 authenticator configuration
    AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", createLoginSubjectEmail2UsernameOrEmailConfig().getConfig());
    String cfgId = createConfig(browserExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    loginConfirmationPage.open();
    Assert.assertTrue(loginConfirmationPage.getSubjectDistinguishedNameText().startsWith("EMAILADDRESS=test-user@localhost"));
    Assert.assertEquals("test-user@localhost", loginConfirmationPage.getUsernameText());
    loginConfirmationPage.ignore();
    loginPage.login("test-user@localhost", "password");
    Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
    Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
    events.expectLogin().user(userId).detail(Details.USERNAME, "test-user@localhost").removeDetail(Details.REDIRECT_URI).assertEvent();
}
Also used : Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Aggregations

AuthenticatorConfigRepresentation (org.keycloak.representations.idm.AuthenticatorConfigRepresentation)53 Test (org.junit.Test)43 Matchers.containsString (org.hamcrest.Matchers.containsString)36 X509AuthenticatorConfigModel (org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel)24 OAuthClient (org.keycloak.testsuite.util.OAuthClient)18 Response (javax.ws.rs.core.Response)7 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)6 HashMap (java.util.HashMap)5 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)4 AuthenticationExecutionInfoRepresentation (org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)4 AuthenticationFlowRepresentation (org.keycloak.representations.idm.AuthenticationFlowRepresentation)4 AssertEvents (org.keycloak.testsuite.AssertEvents)4 NotFoundException (javax.ws.rs.NotFoundException)2 LinkedHashMap (java.util.LinkedHashMap)1 Ignore (org.junit.Ignore)1 AuthenticationManagementResource (org.keycloak.admin.client.resource.AuthenticationManagementResource)1 RealmResource (org.keycloak.admin.client.resource.RealmResource)1 MultivaluedHashMap (org.keycloak.common.util.MultivaluedHashMap)1 AuthenticationExecutionModel (org.keycloak.models.AuthenticationExecutionModel)1 AuthenticationFlowModel (org.keycloak.models.AuthenticationFlowModel)1