use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class CustomFlowTest method validateX509FlowUpdate.
@Test
public void validateX509FlowUpdate() throws Exception {
String flowAlias = "Browser Flow With Extra 2";
AuthenticationFlowRepresentation flow = new AuthenticationFlowRepresentation();
flow.setAlias(flowAlias);
flow.setDescription("");
flow.setProviderId("basic-flow");
flow.setTopLevel(true);
flow.setBuiltIn(false);
try (Creator.Flow amr = Creator.create(testRealm(), flow)) {
AuthenticationManagementResource authMgmtResource = amr.resource();
// add execution - X509 username
final AuthenticationExecutionInfoRepresentation execution = amr.addExecution(ValidateX509CertificateUsernameFactory.PROVIDER_ID);
String executionId = execution.getId();
Map<String, String> config = new HashMap<>();
config.put(AbstractX509ClientCertificateAuthenticator.ENABLE_CRL, Boolean.TRUE.toString());
AuthenticatorConfigRepresentation authConfig = new AuthenticatorConfigRepresentation();
authConfig.setAlias("Config alias");
authConfig.setConfig(config);
String acId;
try (Response resp = authMgmtResource.newExecutionConfig(executionId, authConfig)) {
assertThat(resp, statusCodeIs(Status.CREATED));
acId = ApiUtil.getCreatedId(resp);
}
authConfig = authMgmtResource.getAuthenticatorConfig(acId);
authConfig.getConfig().put(AbstractX509ClientCertificateAuthenticator.ENABLE_CRL, Boolean.FALSE.toString());
authConfig.getConfig().put(AbstractX509ClientCertificateAuthenticator.CRL_RELATIVE_PATH, "");
authMgmtResource.updateAuthenticatorConfig(acId, authConfig);
// Saving the same options for the second time would fail for CRL_RELATIVE_PATH on Oracle due to "" == NULL weirdness
authMgmtResource.updateAuthenticatorConfig(acId, authConfig);
}
}
use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class AbstractX509AuthenticationTest method newConfig.
static AuthenticatorConfigRepresentation newConfig(String alias, Map<String, String> params) {
AuthenticatorConfigRepresentation config = new AuthenticatorConfigRepresentation();
config.setAlias(alias);
config.setConfig(params);
return config;
}
use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class X509BrowserLoginTest method loginDuplicateUsersNotAllowed.
@Test
public void loginDuplicateUsersNotAllowed() {
AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", createLoginIssuerDN_OU2CustomAttributeConfig().getConfig());
String cfgId = createConfig(browserExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
// Set up the users so that the identity extracted from X509 client cert
// matches more than a single user to trigger DuplicateModelException.
UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_certificate_identity", "Red Hat");
this.updateUser(user);
user = testRealm().users().get(userId).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_certificate_identity", "Red Hat");
this.updateUser(user);
events.clear();
loginPage.open();
Assert.assertThat(loginPage.getError(), containsString("X509 certificate authentication's failed."));
loginPage.login("test-user@localhost", "password");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
events.expectLogin().user(userId).detail(Details.USERNAME, "test-user@localhost").removeDetail(Details.REDIRECT_URI).assertEvent();
}
use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class X509BrowserLoginTest method loginWithNonMatchingRegex.
@Test
public void loginWithNonMatchingRegex() throws Exception {
X509AuthenticatorConfigModel config = createLoginIssuerDN_OU2CustomAttributeConfig();
config.setRegularExpression("INVALID=(.*?)(?:,|$)");
AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", config.getConfig());
String cfgId = createConfig(browserExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
loginConfirmationPage.open();
events.expectLogin().user((String) null).session((String) null).error("invalid_user_credentials").removeDetail(Details.CONSENT).removeDetail(Details.REDIRECT_URI).assertEvent();
}
use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class X509BrowserLoginTest method changeLocaleOnX509InfoPage.
// KEYCLOAK-6866
@Test
public void changeLocaleOnX509InfoPage() {
ProfileAssume.assumeCommunity();
AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", createLoginSubjectEmail2UsernameOrEmailConfig().getConfig());
String cfgId = createConfig(browserExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
log.debug("Open confirm page");
loginConfirmationPage.open();
log.debug("check if on confirm page");
Assert.assertThat(loginConfirmationPage.getSubjectDistinguishedNameText(), startsWith("EMAILADDRESS=test-user@localhost"));
log.debug("check if locale is EN");
Assert.assertThat(loginConfirmationPage.getLanguageDropdownText(), is(equalTo("English")));
log.debug("change locale to DE");
loginConfirmationPage.openLanguage("Deutsch");
log.debug("check if locale is DE");
Assert.assertThat(loginConfirmationPage.getLanguageDropdownText(), is(equalTo("Deutsch")));
Assert.assertThat(DroneUtils.getCurrentDriver().getPageSource(), containsString("X509 Client Zertifikat:"));
log.debug("confirm cert");
loginConfirmationPage.confirm();
log.debug("check if logged in");
Assert.assertThat(appPage.getRequestType(), is(equalTo(AppPage.RequestType.AUTH_RESPONSE)));
}
Aggregations