Search in sources :

Example 36 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class CustomFlowTest method validateX509FlowUpdate.

@Test
public void validateX509FlowUpdate() throws Exception {
    String flowAlias = "Browser Flow With Extra 2";
    AuthenticationFlowRepresentation flow = new AuthenticationFlowRepresentation();
    flow.setAlias(flowAlias);
    flow.setDescription("");
    flow.setProviderId("basic-flow");
    flow.setTopLevel(true);
    flow.setBuiltIn(false);
    try (Creator.Flow amr = Creator.create(testRealm(), flow)) {
        AuthenticationManagementResource authMgmtResource = amr.resource();
        // add execution - X509 username
        final AuthenticationExecutionInfoRepresentation execution = amr.addExecution(ValidateX509CertificateUsernameFactory.PROVIDER_ID);
        String executionId = execution.getId();
        Map<String, String> config = new HashMap<>();
        config.put(AbstractX509ClientCertificateAuthenticator.ENABLE_CRL, Boolean.TRUE.toString());
        AuthenticatorConfigRepresentation authConfig = new AuthenticatorConfigRepresentation();
        authConfig.setAlias("Config alias");
        authConfig.setConfig(config);
        String acId;
        try (Response resp = authMgmtResource.newExecutionConfig(executionId, authConfig)) {
            assertThat(resp, statusCodeIs(Status.CREATED));
            acId = ApiUtil.getCreatedId(resp);
        }
        authConfig = authMgmtResource.getAuthenticatorConfig(acId);
        authConfig.getConfig().put(AbstractX509ClientCertificateAuthenticator.ENABLE_CRL, Boolean.FALSE.toString());
        authConfig.getConfig().put(AbstractX509ClientCertificateAuthenticator.CRL_RELATIVE_PATH, "");
        authMgmtResource.updateAuthenticatorConfig(acId, authConfig);
        // Saving the same options for the second time would fail for CRL_RELATIVE_PATH on Oracle due to "" == NULL weirdness
        authMgmtResource.updateAuthenticatorConfig(acId, authConfig);
    }
}
Also used : Response(javax.ws.rs.core.Response) AuthenticationManagementResource(org.keycloak.admin.client.resource.AuthenticationManagementResource) HashMap(java.util.HashMap) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) Creator(org.keycloak.testsuite.updaters.Creator) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 37 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class AbstractX509AuthenticationTest method newConfig.

static AuthenticatorConfigRepresentation newConfig(String alias, Map<String, String> params) {
    AuthenticatorConfigRepresentation config = new AuthenticatorConfigRepresentation();
    config.setAlias(alias);
    config.setConfig(params);
    return config;
}
Also used : AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation)

Example 38 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class X509BrowserLoginTest method loginDuplicateUsersNotAllowed.

@Test
public void loginDuplicateUsersNotAllowed() {
    AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", createLoginIssuerDN_OU2CustomAttributeConfig().getConfig());
    String cfgId = createConfig(browserExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    // Set up the users so that the identity extracted from X509 client cert
    // matches more than a single user to trigger DuplicateModelException.
    UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
    Assert.assertNotNull(user);
    user.singleAttribute("x509_certificate_identity", "Red Hat");
    this.updateUser(user);
    user = testRealm().users().get(userId).toRepresentation();
    Assert.assertNotNull(user);
    user.singleAttribute("x509_certificate_identity", "Red Hat");
    this.updateUser(user);
    events.clear();
    loginPage.open();
    Assert.assertThat(loginPage.getError(), containsString("X509 certificate authentication's failed."));
    loginPage.login("test-user@localhost", "password");
    Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
    Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
    events.expectLogin().user(userId).detail(Details.USERNAME, "test-user@localhost").removeDetail(Details.REDIRECT_URI).assertEvent();
}
Also used : Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 39 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class X509BrowserLoginTest method loginWithNonMatchingRegex.

@Test
public void loginWithNonMatchingRegex() throws Exception {
    X509AuthenticatorConfigModel config = createLoginIssuerDN_OU2CustomAttributeConfig();
    config.setRegularExpression("INVALID=(.*?)(?:,|$)");
    AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", config.getConfig());
    String cfgId = createConfig(browserExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    loginConfirmationPage.open();
    events.expectLogin().user((String) null).session((String) null).error("invalid_user_credentials").removeDetail(Details.CONSENT).removeDetail(Details.REDIRECT_URI).assertEvent();
}
Also used : X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 40 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class X509BrowserLoginTest method changeLocaleOnX509InfoPage.

// KEYCLOAK-6866
@Test
public void changeLocaleOnX509InfoPage() {
    ProfileAssume.assumeCommunity();
    AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", createLoginSubjectEmail2UsernameOrEmailConfig().getConfig());
    String cfgId = createConfig(browserExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    log.debug("Open confirm page");
    loginConfirmationPage.open();
    log.debug("check if on confirm page");
    Assert.assertThat(loginConfirmationPage.getSubjectDistinguishedNameText(), startsWith("EMAILADDRESS=test-user@localhost"));
    log.debug("check if locale is EN");
    Assert.assertThat(loginConfirmationPage.getLanguageDropdownText(), is(equalTo("English")));
    log.debug("change locale to DE");
    loginConfirmationPage.openLanguage("Deutsch");
    log.debug("check if locale is DE");
    Assert.assertThat(loginConfirmationPage.getLanguageDropdownText(), is(equalTo("Deutsch")));
    Assert.assertThat(DroneUtils.getCurrentDriver().getPageSource(), containsString("X509 Client Zertifikat:"));
    log.debug("confirm cert");
    loginConfirmationPage.confirm();
    log.debug("check if logged in");
    Assert.assertThat(appPage.getRequestType(), is(equalTo(AppPage.RequestType.AUTH_RESPONSE)));
}
Also used : Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Aggregations

AuthenticatorConfigRepresentation (org.keycloak.representations.idm.AuthenticatorConfigRepresentation)53 Test (org.junit.Test)43 Matchers.containsString (org.hamcrest.Matchers.containsString)36 X509AuthenticatorConfigModel (org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel)24 OAuthClient (org.keycloak.testsuite.util.OAuthClient)18 Response (javax.ws.rs.core.Response)7 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)6 HashMap (java.util.HashMap)5 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)4 AuthenticationExecutionInfoRepresentation (org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)4 AuthenticationFlowRepresentation (org.keycloak.representations.idm.AuthenticationFlowRepresentation)4 AssertEvents (org.keycloak.testsuite.AssertEvents)4 NotFoundException (javax.ws.rs.NotFoundException)2 LinkedHashMap (java.util.LinkedHashMap)1 Ignore (org.junit.Ignore)1 AuthenticationManagementResource (org.keycloak.admin.client.resource.AuthenticationManagementResource)1 RealmResource (org.keycloak.admin.client.resource.RealmResource)1 MultivaluedHashMap (org.keycloak.common.util.MultivaluedHashMap)1 AuthenticationExecutionModel (org.keycloak.models.AuthenticationExecutionModel)1 AuthenticationFlowModel (org.keycloak.models.AuthenticationFlowModel)1