Search in sources :

Example 41 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class X509BrowserLoginTest method loginWithX509CertBadUserOrNotFound.

@Test
public void loginWithX509CertBadUserOrNotFound() {
    AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", createLoginSubjectEmail2UsernameOrEmailConfig().getConfig());
    String cfgId = createConfig(browserExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    // Delete user
    UserRepresentation user = findUser("test-user@localhost");
    Assert.assertNotNull(user);
    Response response = testRealm().users().delete(userId);
    assertEquals(204, response.getStatus());
    response.close();
    // TODO causes the test to fail
    // assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.userResourcePath(userId));
    loginConfirmationPage.open();
    loginPage.assertCurrent();
    // Verify there is an error message
    Assert.assertNotNull(loginPage.getError());
    Assert.assertThat(loginPage.getError(), containsString("X509 certificate authentication's failed."));
    AssertEvents.ExpectedEvent expectedEvent = events.expectLogin().user((String) null).session((String) null).error("user_not_found").detail(Details.USERNAME, "test-user@localhost").removeDetail(Details.CONSENT).removeDetail(Details.REDIRECT_URI);
    addX509CertificateDetails(expectedEvent).assertEvent();
    // Continue with form based login
    loginPage.login("test-user@localhost", "password");
    loginPage.assertCurrent();
    Assert.assertEquals("test-user@localhost", loginPage.getUsername());
    Assert.assertEquals("", loginPage.getPassword());
    Assert.assertEquals("Invalid username or password.", loginPage.getInputError());
}
Also used : Response(javax.ws.rs.core.Response) AssertEvents(org.keycloak.testsuite.AssertEvents) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 42 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class X509DirectGrantTest method loginForceTemporaryAccountLock.

private void loginForceTemporaryAccountLock() throws Exception {
    X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setMappingSourceType(ISSUERDN).setRegularExpression("OU=(.*?)(?:,|$)").setUserIdentityMapperType(USER_ATTRIBUTE).setCustomAttributeName("x509_certificate_identity");
    AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", config.getConfig());
    String cfgId = createConfig(directGrantExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    UserRepresentation user = testRealm().users().get(userId).toRepresentation();
    Assert.assertNotNull(user);
    user.singleAttribute("x509_certificate_identity", "-");
    this.updateUser(user);
    events.clear();
    oauth.clientId("resource-owner");
    oauth.doGrantAccessTokenRequest("secret", "", "", null);
    oauth.doGrantAccessTokenRequest("secret", "", "", null);
    oauth.doGrantAccessTokenRequest("secret", "", "", null);
    events.clear();
}
Also used : X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation)

Example 43 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class X509DirectGrantTest method loginWithNonSupportedCertKeyUsage.

@Test
public void loginWithNonSupportedCertKeyUsage() throws Exception {
    // Set the X509 authenticator configuration
    AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", createLoginSubjectEmailWithKeyUsage("dataEncipherment").getConfig());
    String cfgId = createConfig(directGrantExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    oauth.clientId("resource-owner");
    OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null);
    assertEquals(401, response.getStatusCode());
    assertEquals("invalid_request", response.getError());
    Assert.assertThat(response.getErrorDescription(), containsString("Key Usage bit 'dataEncipherment' is not set."));
    events.clear();
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 44 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class X509DirectGrantTest method loginCertificateRevoked.

@Test
public void loginCertificateRevoked() throws Exception {
    // Not possible to test file CRL on undertow at this moment - jboss config dir doesn't exist
    ContainerAssume.assumeNotAuthServerUndertow();
    X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setCRLEnabled(true).setCRLRelativePath(INTERMEDIATE_CA_CRL_PATH).setConfirmationPageAllowed(true).setMappingSourceType(SUBJECTDN_EMAIL).setUserIdentityMapperType(USERNAME_EMAIL);
    AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", config.getConfig());
    String cfgId = createConfig(directGrantExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    oauth.clientId("resource-owner");
    OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null);
    assertEquals(401, response.getStatusCode());
    assertEquals("invalid_request", response.getError());
    Assert.assertThat(response.getErrorDescription(), containsString("Certificate has been revoked, certificate's subject:"));
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) X509AuthenticatorConfigModel(org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 45 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class X509DirectGrantTest method loginWithNonSupportedCertExtendedKeyUsage.

@Test
public void loginWithNonSupportedCertExtendedKeyUsage() throws Exception {
    // Set the X509 authenticator configuration
    AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", createLoginSubjectEmailWithExtendedKeyUsage("serverAuth").getConfig());
    String cfgId = createConfig(directGrantExecution.getId(), cfg);
    Assert.assertNotNull(cfgId);
    oauth.clientId("resource-owner");
    OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null);
    assertEquals(200, response.getStatusCode());
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Aggregations

AuthenticatorConfigRepresentation (org.keycloak.representations.idm.AuthenticatorConfigRepresentation)53 Test (org.junit.Test)43 Matchers.containsString (org.hamcrest.Matchers.containsString)36 X509AuthenticatorConfigModel (org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel)24 OAuthClient (org.keycloak.testsuite.util.OAuthClient)18 Response (javax.ws.rs.core.Response)7 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)6 HashMap (java.util.HashMap)5 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)4 AuthenticationExecutionInfoRepresentation (org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)4 AuthenticationFlowRepresentation (org.keycloak.representations.idm.AuthenticationFlowRepresentation)4 AssertEvents (org.keycloak.testsuite.AssertEvents)4 NotFoundException (javax.ws.rs.NotFoundException)2 LinkedHashMap (java.util.LinkedHashMap)1 Ignore (org.junit.Ignore)1 AuthenticationManagementResource (org.keycloak.admin.client.resource.AuthenticationManagementResource)1 RealmResource (org.keycloak.admin.client.resource.RealmResource)1 MultivaluedHashMap (org.keycloak.common.util.MultivaluedHashMap)1 AuthenticationExecutionModel (org.keycloak.models.AuthenticationExecutionModel)1 AuthenticationFlowModel (org.keycloak.models.AuthenticationFlowModel)1