use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class X509BrowserLoginTest method loginWithX509CertBadUserOrNotFound.
@Test
public void loginWithX509CertBadUserOrNotFound() {
AuthenticatorConfigRepresentation cfg = newConfig("x509-browser-config", createLoginSubjectEmail2UsernameOrEmailConfig().getConfig());
String cfgId = createConfig(browserExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
// Delete user
UserRepresentation user = findUser("test-user@localhost");
Assert.assertNotNull(user);
Response response = testRealm().users().delete(userId);
assertEquals(204, response.getStatus());
response.close();
// TODO causes the test to fail
// assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.userResourcePath(userId));
loginConfirmationPage.open();
loginPage.assertCurrent();
// Verify there is an error message
Assert.assertNotNull(loginPage.getError());
Assert.assertThat(loginPage.getError(), containsString("X509 certificate authentication's failed."));
AssertEvents.ExpectedEvent expectedEvent = events.expectLogin().user((String) null).session((String) null).error("user_not_found").detail(Details.USERNAME, "test-user@localhost").removeDetail(Details.CONSENT).removeDetail(Details.REDIRECT_URI);
addX509CertificateDetails(expectedEvent).assertEvent();
// Continue with form based login
loginPage.login("test-user@localhost", "password");
loginPage.assertCurrent();
Assert.assertEquals("test-user@localhost", loginPage.getUsername());
Assert.assertEquals("", loginPage.getPassword());
Assert.assertEquals("Invalid username or password.", loginPage.getInputError());
}
use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class X509DirectGrantTest method loginForceTemporaryAccountLock.
private void loginForceTemporaryAccountLock() throws Exception {
X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setMappingSourceType(ISSUERDN).setRegularExpression("OU=(.*?)(?:,|$)").setUserIdentityMapperType(USER_ATTRIBUTE).setCustomAttributeName("x509_certificate_identity");
AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", config.getConfig());
String cfgId = createConfig(directGrantExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
UserRepresentation user = testRealm().users().get(userId).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_certificate_identity", "-");
this.updateUser(user);
events.clear();
oauth.clientId("resource-owner");
oauth.doGrantAccessTokenRequest("secret", "", "", null);
oauth.doGrantAccessTokenRequest("secret", "", "", null);
oauth.doGrantAccessTokenRequest("secret", "", "", null);
events.clear();
}
use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class X509DirectGrantTest method loginWithNonSupportedCertKeyUsage.
@Test
public void loginWithNonSupportedCertKeyUsage() throws Exception {
// Set the X509 authenticator configuration
AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", createLoginSubjectEmailWithKeyUsage("dataEncipherment").getConfig());
String cfgId = createConfig(directGrantExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
oauth.clientId("resource-owner");
OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null);
assertEquals(401, response.getStatusCode());
assertEquals("invalid_request", response.getError());
Assert.assertThat(response.getErrorDescription(), containsString("Key Usage bit 'dataEncipherment' is not set."));
events.clear();
}
use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class X509DirectGrantTest method loginCertificateRevoked.
@Test
public void loginCertificateRevoked() throws Exception {
// Not possible to test file CRL on undertow at this moment - jboss config dir doesn't exist
ContainerAssume.assumeNotAuthServerUndertow();
X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel().setCRLEnabled(true).setCRLRelativePath(INTERMEDIATE_CA_CRL_PATH).setConfirmationPageAllowed(true).setMappingSourceType(SUBJECTDN_EMAIL).setUserIdentityMapperType(USERNAME_EMAIL);
AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", config.getConfig());
String cfgId = createConfig(directGrantExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
oauth.clientId("resource-owner");
OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null);
assertEquals(401, response.getStatusCode());
assertEquals("invalid_request", response.getError());
Assert.assertThat(response.getErrorDescription(), containsString("Certificate has been revoked, certificate's subject:"));
}
use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class X509DirectGrantTest method loginWithNonSupportedCertExtendedKeyUsage.
@Test
public void loginWithNonSupportedCertExtendedKeyUsage() throws Exception {
// Set the X509 authenticator configuration
AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", createLoginSubjectEmailWithExtendedKeyUsage("serverAuth").getConfig());
String cfgId = createConfig(directGrantExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
oauth.clientId("resource-owner");
OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null);
assertEquals(200, response.getStatusCode());
}
Aggregations