use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class AbstractBrokerTest method enableRequirePassword.
static void enableRequirePassword(AuthenticationExecutionInfoRepresentation execution, AuthenticationManagementResource flows) {
String id = execution.getAuthenticationConfig();
if (id != null) {
AuthenticatorConfigRepresentation authenticatorConfig = flows.getAuthenticatorConfig(id);
if (authenticatorConfig != null) {
Map<String, String> config = authenticatorConfig.getConfig();
if (config != null && config.containsKey(IdpCreateUserIfUniqueAuthenticatorFactory.REQUIRE_PASSWORD_UPDATE_AFTER_REGISTRATION)) {
config.put(IdpCreateUserIfUniqueAuthenticatorFactory.REQUIRE_PASSWORD_UPDATE_AFTER_REGISTRATION, Boolean.TRUE.toString());
}
flows.updateAuthenticatorConfig(authenticatorConfig.getId(), authenticatorConfig);
}
}
}
use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class AbstractX509AuthenticationTest method x509BrowserLogin.
protected void x509BrowserLogin(X509AuthenticatorConfigModel config, String userId, String username, String attemptedUsername) {
AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", config.getConfig());
String cfgId = createConfig(browserExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
loginConfirmationPage.open();
Assert.assertTrue(loginConfirmationPage.getSubjectDistinguishedNameText().startsWith("EMAILADDRESS=test-user@localhost"));
Assert.assertEquals(username, loginConfirmationPage.getUsernameText());
loginConfirmationPage.confirm();
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
AssertEvents.ExpectedEvent expectedEvent = events.expectLogin().user(userId).detail(Details.USERNAME, attemptedUsername).removeDetail(Details.REDIRECT_URI);
addX509CertificateDetails(expectedEvent).assertEvent();
}
use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class X509BrowserLoginTest method loginValidCertificateDisabledUser.
@Test
public void loginValidCertificateDisabledUser() {
setUserEnabled("test-user@localhost", false);
try {
AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", createLoginSubjectEmail2UsernameOrEmailConfig().getConfig());
String cfgId = createConfig(browserExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
loginConfirmationPage.open();
loginPage.assertCurrent();
Assert.assertNotNull(loginPage.getError());
Assert.assertThat(loginPage.getError(), containsString("X509 certificate authentication's failed.\nUser is disabled"));
events.expectLogin().user(userId).session((String) null).error("user_disabled").detail(Details.USERNAME, "test-user@localhost").removeDetail(Details.CONSENT).removeDetail(Details.REDIRECT_URI).assertEvent();
loginPage.login("test-user@localhost", "password");
loginPage.assertCurrent();
// KEYCLOAK-1741 - assert form field values kept
Assert.assertEquals("test-user@localhost", loginPage.getUsername());
Assert.assertEquals("", loginPage.getPassword());
// KEYCLOAK-2024
Assert.assertEquals("Account is disabled, contact your administrator.", loginPage.getError());
events.expectLogin().user(userId).session((String) null).error("user_disabled").detail(Details.USERNAME, "test-user@localhost").removeDetail(Details.CONSENT).removeDetail(Details.REDIRECT_URI).assertEvent();
} finally {
setUserEnabled("test-user@localhost", true);
}
}
use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class X509BrowserLoginTest method loginWithX509CertCustomAttributeUserNotFound.
@Test
public void loginWithX509CertCustomAttributeUserNotFound() {
X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setConfirmationPageAllowed(true).setMappingSourceType(SUBJECTDN).setRegularExpression("O=(.*?)(?:,|$)").setCustomAttributeName("x509_certificate_identity").setUserIdentityMapperType(USER_ATTRIBUTE);
AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", config.getConfig());
String cfgId = createConfig(browserExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
loginConfirmationPage.open();
loginPage.assertCurrent();
// Verify there is an error message
Assert.assertNotNull(loginPage.getError());
Assert.assertThat(loginPage.getError(), containsString("X509 certificate authentication's failed."));
events.expectLogin().user((String) null).session((String) null).error("user_not_found").detail(Details.USERNAME, "Red Hat").removeDetail(Details.CONSENT).removeDetail(Details.REDIRECT_URI).assertEvent();
// Continue with form based login
loginPage.login("test-user@localhost", "password");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
events.expectLogin().user(userId).detail(Details.USERNAME, "test-user@localhost").removeDetail(Details.REDIRECT_URI).assertEvent();
}
use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class X509BrowserLoginTest method loginIgnoreX509IdentityContinueToFormLogin.
@Test
public void loginIgnoreX509IdentityContinueToFormLogin() throws Exception {
// Set the X509 authenticator configuration
AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", createLoginSubjectEmail2UsernameOrEmailConfig().getConfig());
String cfgId = createConfig(browserExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
loginConfirmationPage.open();
Assert.assertTrue(loginConfirmationPage.getSubjectDistinguishedNameText().startsWith("EMAILADDRESS=test-user@localhost"));
Assert.assertEquals("test-user@localhost", loginConfirmationPage.getUsernameText());
loginConfirmationPage.ignore();
loginPage.login("test-user@localhost", "password");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
events.expectLogin().user(userId).detail(Details.USERNAME, "test-user@localhost").removeDetail(Details.REDIRECT_URI).assertEvent();
}
Aggregations