Examples with RequiredActionProviderSimpleRepresentation org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation used on opensource projects

Search in sources :

Example 1 with RequiredActionProviderSimpleRepresentation

use of org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation in project keycloak by keycloak.

the class BrowserFlowTest method testLoginWithWithNoOTPCredentialAndNoRequiredActionProviderRegistered.

/**
 * This test checks that if a REQUIRED authentication execution which has isUserSetupAllowed -> true
 * has its requiredActionProvider in a not registered state, then it will not try to create the required action,
 * and will instead raise an credential setup required error.
 */
@Test
@AuthServerContainerExclude(REMOTE)
public void testLoginWithWithNoOTPCredentialAndNoRequiredActionProviderRegistered() {
    String newFlowAlias = "browser - copy 1";
    configureBrowserFlowWithRequiredOTP(newFlowAlias);
    RequiredActionProviderRepresentation otpRequiredAction = testRealm().flows().getRequiredAction("CONFIGURE_TOTP");
    testRealm().flows().removeRequiredAction("CONFIGURE_TOTP");
    try {
        provideUsernamePassword("test-user@localhost");
        // Assert that the login evaluates to an error, as all required elements to not validate to successful
        errorPage.assertCurrent();
    } finally {
        revertFlows("browser - copy 1");
        RequiredActionProviderSimpleRepresentation simpleRepresentation = new RequiredActionProviderSimpleRepresentation();
        simpleRepresentation.setProviderId("CONFIGURE_TOTP");
        simpleRepresentation.setName(otpRequiredAction.getName());
        testRealm().flows().registerRequiredAction(simpleRepresentation);
    }
}
Also used : RequiredActionProviderRepresentation(org.keycloak.representations.idm.RequiredActionProviderRepresentation) RequiredActionProviderSimpleRepresentation(org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) SocialLoginTest(org.keycloak.testsuite.broker.SocialLoginTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)

Example 2 with RequiredActionProviderSimpleRepresentation

use of org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation in project keycloak by keycloak.

the class BrowserFlowTest method testLoginWithWithNoWebAuthnCredentialAndRequiredActionProviderDisabled.

/**
 * This test checks that if a REQUIRED authentication execution which has isUserSetupAllowed -> true
 * has its requiredActionProvider disabled, then it will not try to create the required action,
 * and will instead raise an credential setup required error.
 * NOTE: webauthn currently isn't configured by default in the realm. When this changes, this test will need to be adapted
 */
@Test
@AuthServerContainerExclude(REMOTE)
public void testLoginWithWithNoWebAuthnCredentialAndRequiredActionProviderDisabled() {
    String newFlowAlias = "browser - copy 1";
    configureBrowserFlowWithRequiredWebAuthn(newFlowAlias);
    RequiredActionProviderSimpleRepresentation requiredActionRepresentation = new RequiredActionProviderSimpleRepresentation();
    requiredActionRepresentation.setName("WebAuthn Required Action");
    requiredActionRepresentation.setProviderId(WebAuthnRegisterFactory.PROVIDER_ID);
    testRealm().flows().registerRequiredAction(requiredActionRepresentation);
    RequiredActionProviderRepresentation rapr = testRealm().flows().getRequiredAction(WebAuthnRegisterFactory.PROVIDER_ID);
    rapr.setEnabled(false);
    testRealm().flows().updateRequiredAction(WebAuthnRegisterFactory.PROVIDER_ID, rapr);
    try {
        provideUsernamePassword("test-user@localhost");
        // Assert that the login evaluates to an error, as all required elements to not validate to successful
        errorPage.assertCurrent();
    } finally {
        revertFlows("browser - copy 1");
        testRealm().flows().removeRequiredAction(WebAuthnRegisterFactory.PROVIDER_ID);
    }
}
Also used : RequiredActionProviderRepresentation(org.keycloak.representations.idm.RequiredActionProviderRepresentation) RequiredActionProviderSimpleRepresentation(org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) SocialLoginTest(org.keycloak.testsuite.broker.SocialLoginTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)

Example 3 with RequiredActionProviderSimpleRepresentation

use of org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation in project keycloak by keycloak.

the class AccountRestServiceTest method testCredentialsGet.

@Test
public void testCredentialsGet() throws IOException {
    configureBrowserFlowWithWebAuthnAuthenticator("browser-webauthn");
    // Register requiredActions for WebAuthn and WebAuthn Passwordless
    RequiredActionProviderSimpleRepresentation requiredAction = new RequiredActionProviderSimpleRepresentation();
    requiredAction.setId("12345");
    requiredAction.setName(WebAuthnRegisterFactory.PROVIDER_ID);
    requiredAction.setProviderId(WebAuthnRegisterFactory.PROVIDER_ID);
    testRealm().flows().registerRequiredAction(requiredAction);
    requiredAction = new RequiredActionProviderSimpleRepresentation();
    requiredAction.setId("6789");
    requiredAction.setName(WebAuthnPasswordlessRegisterFactory.PROVIDER_ID);
    requiredAction.setProviderId(WebAuthnPasswordlessRegisterFactory.PROVIDER_ID);
    testRealm().flows().registerRequiredAction(requiredAction);
    List<AccountCredentialResource.CredentialContainer> credentials = getCredentials();
    Assert.assertEquals(4, credentials.size());
    AccountCredentialResource.CredentialContainer password = credentials.get(0);
    assertCredentialContainerExpected(password, PasswordCredentialModel.TYPE, CredentialTypeMetadata.Category.BASIC_AUTHENTICATION.toString(), "password-display-name", "password-help-text", "kcAuthenticatorPasswordClass", null, UserModel.RequiredAction.UPDATE_PASSWORD.toString(), false, 1);
    CredentialRepresentation password1 = password.getUserCredentials().get(0);
    assertNull(password1.getSecretData());
    Assert.assertNotNull(password1.getCredentialData());
    AccountCredentialResource.CredentialContainer otp = credentials.get(1);
    assertCredentialContainerExpected(otp, OTPCredentialModel.TYPE, CredentialTypeMetadata.Category.TWO_FACTOR.toString(), "otp-display-name", "otp-help-text", "kcAuthenticatorOTPClass", UserModel.RequiredAction.CONFIGURE_TOTP.toString(), null, true, 0);
    // WebAuthn credentials will be returned, but createAction will be still null because requiredAction "webauthn register" not yet registered
    AccountCredentialResource.CredentialContainer webauthn = credentials.get(2);
    assertCredentialContainerExpected(webauthn, WebAuthnCredentialModel.TYPE_TWOFACTOR, CredentialTypeMetadata.Category.TWO_FACTOR.toString(), "webauthn-display-name", "webauthn-help-text", "kcAuthenticatorWebAuthnClass", WebAuthnRegisterFactory.PROVIDER_ID, null, true, 0);
    AccountCredentialResource.CredentialContainer webauthnPasswordless = credentials.get(3);
    assertCredentialContainerExpected(webauthnPasswordless, WebAuthnCredentialModel.TYPE_PASSWORDLESS, CredentialTypeMetadata.Category.PASSWORDLESS.toString(), "webauthn-passwordless-display-name", "webauthn-passwordless-help-text", "kcAuthenticatorWebAuthnPasswordlessClass", WebAuthnPasswordlessRegisterFactory.PROVIDER_ID, null, true, 0);
    // disable WebAuthn passwordless required action. User doesn't have WebAuthnPasswordless credential, so WebAuthnPasswordless credentialType won't be returned
    setRequiredActionEnabledStatus(WebAuthnPasswordlessRegisterFactory.PROVIDER_ID, false);
    credentials = getCredentials();
    assertExpectedCredentialTypes(credentials, PasswordCredentialModel.TYPE, OTPCredentialModel.TYPE, WebAuthnCredentialModel.TYPE_TWOFACTOR);
    // Test that WebAuthn won't be returned when removed from the authentication flow
    removeWebAuthnFlow("browser-webauthn");
    credentials = getCredentials();
    assertExpectedCredentialTypes(credentials, PasswordCredentialModel.TYPE, OTPCredentialModel.TYPE);
    // Test password-only
    credentials = SimpleHttp.doGet(getAccountUrl("credentials?" + AccountCredentialResource.TYPE + "=password"), httpClient).auth(tokenUtil.getToken()).asJson(new TypeReference<List<AccountCredentialResource.CredentialContainer>>() {
    });
    Assert.assertEquals(1, credentials.size());
    password = credentials.get(0);
    Assert.assertEquals(PasswordCredentialModel.TYPE, password.getType());
    Assert.assertEquals(1, password.getUserCredentials().size());
    // Test password-only and user-credentials
    credentials = SimpleHttp.doGet(getAccountUrl("credentials?" + AccountCredentialResource.TYPE + "=password&" + AccountCredentialResource.USER_CREDENTIALS + "=false"), httpClient).auth(tokenUtil.getToken()).asJson(new TypeReference<List<AccountCredentialResource.CredentialContainer>>() {
    });
    Assert.assertEquals(1, credentials.size());
    password = credentials.get(0);
    Assert.assertEquals(PasswordCredentialModel.TYPE, password.getType());
    assertNull(password.getUserCredentials());
}
Also used : CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) AccountCredentialResource(org.keycloak.services.resources.account.AccountCredentialResource) RequiredActionProviderSimpleRepresentation(org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation) TypeReference(com.fasterxml.jackson.core.type.TypeReference) Test(org.junit.Test) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)

Example 4 with RequiredActionProviderSimpleRepresentation

use of org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation in project keycloak by keycloak.

the class RequiredActionsTest method testCRUDRequiredAction.

@Test
public void testCRUDRequiredAction() {
    int lastPriority = authMgmtResource.getRequiredActions().get(authMgmtResource.getRequiredActions().size() - 1).getPriority();
    // Dummy RequiredAction is not registered in the realm and WebAuthn actions
    List<RequiredActionProviderSimpleRepresentation> result = authMgmtResource.getUnregisteredRequiredActions();
    Assert.assertEquals(4, result.size());
    RequiredActionProviderSimpleRepresentation action = result.get(0);
    Assert.assertEquals(DummyRequiredActionFactory.PROVIDER_ID, action.getProviderId());
    Assert.assertEquals("Dummy Action", action.getName());
    // Register it
    authMgmtResource.registerRequiredAction(action);
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authMgmtBasePath() + "/register-required-action", action, ResourceType.REQUIRED_ACTION);
    // Try to find not-existent action - should fail
    try {
        authMgmtResource.getRequiredAction("not-existent");
        Assert.fail("Didn't expect to find requiredAction of alias 'not-existent'");
    } catch (NotFoundException nfe) {
    // Expected
    }
    // Find existent
    RequiredActionProviderRepresentation rep = authMgmtResource.getRequiredAction(DummyRequiredActionFactory.PROVIDER_ID);
    compareRequiredAction(rep, newRequiredAction(DummyRequiredActionFactory.PROVIDER_ID, "Dummy Action", true, false, Collections.<String, String>emptyMap()));
    // Confirm the registered priority - should be N + 1
    Assert.assertEquals(lastPriority + 1, rep.getPriority());
    // Update not-existent - should fail
    try {
        authMgmtResource.updateRequiredAction("not-existent", rep);
        Assert.fail("Not expected to update not-existent requiredAction");
    } catch (NotFoundException nfe) {
    // Expected
    }
    // Update (set it as defaultAction)
    rep.setDefaultAction(true);
    authMgmtResource.updateRequiredAction(DummyRequiredActionFactory.PROVIDER_ID, rep);
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authRequiredActionPath(rep.getAlias()), rep, ResourceType.REQUIRED_ACTION);
    compareRequiredAction(rep, newRequiredAction(DummyRequiredActionFactory.PROVIDER_ID, "Dummy Action", true, true, Collections.<String, String>emptyMap()));
    // Remove unexistent - should fail
    try {
        authMgmtResource.removeRequiredAction("not-existent");
        Assert.fail("Not expected to remove not-existent requiredAction");
    } catch (NotFoundException nfe) {
    // Expected
    }
    // Remove success
    authMgmtResource.removeRequiredAction(DummyRequiredActionFactory.PROVIDER_ID);
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authRequiredActionPath(rep.getAlias()), ResourceType.REQUIRED_ACTION);
}
Also used : RequiredActionProviderRepresentation(org.keycloak.representations.idm.RequiredActionProviderRepresentation) NotFoundException(javax.ws.rs.NotFoundException) RequiredActionProviderSimpleRepresentation(org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation) Test(org.junit.Test)

Example 5 with RequiredActionProviderSimpleRepresentation

use of org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation in project keycloak by keycloak.

the class AbstractWebAuthnAccountTest method afterAbstractKeycloakTestRealmImport.

@Override
protected void afterAbstractKeycloakTestRealmImport() {
    super.afterAbstractKeycloakTestRealmImport();
    // configure WebAuthn
    // we can't do this during the realm import because we'd need to specify all built-in flows as well
    AuthenticationFlowRepresentation flow = new AuthenticationFlowRepresentation();
    flow.setId(WEBAUTHN_FLOW_ID);
    flow.setAlias("webauthn flow");
    flow.setProviderId("basic-flow");
    flow.setBuiltIn(false);
    flow.setTopLevel(true);
    testRealmResource().flows().createFlow(flow);
    AuthenticationExecutionRepresentation execution = new AuthenticationExecutionRepresentation();
    execution.setAuthenticator(WebAuthnAuthenticatorFactory.PROVIDER_ID);
    execution.setPriority(10);
    execution.setRequirement(REQUIRED.toString());
    execution.setParentFlow(WEBAUTHN_FLOW_ID);
    testRealmResource().flows().addExecution(execution);
    execution.setAuthenticator(WebAuthnPasswordlessAuthenticatorFactory.PROVIDER_ID);
    testRealmResource().flows().addExecution(execution);
    RequiredActionProviderSimpleRepresentation requiredAction = new RequiredActionProviderSimpleRepresentation();
    requiredAction.setProviderId(WebAuthnRegisterFactory.PROVIDER_ID);
    requiredAction.setName("blahblah");
    testRealmResource().flows().registerRequiredAction(requiredAction);
    requiredAction.setProviderId(WebAuthnPasswordlessRegisterFactory.PROVIDER_ID);
    testRealmResource().flows().registerRequiredAction(requiredAction);
}
Also used : AuthenticationExecutionRepresentation(org.keycloak.representations.idm.AuthenticationExecutionRepresentation) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) RequiredActionProviderSimpleRepresentation(org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation)

Aggregations

RequiredActionProviderSimpleRepresentation (org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation)7 Test (org.junit.Test)6 RequiredActionProviderRepresentation (org.keycloak.representations.idm.RequiredActionProviderRepresentation)4 AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)4 Matchers.containsString (org.hamcrest.Matchers.containsString)3 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)3 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)3 SocialLoginTest (org.keycloak.testsuite.broker.SocialLoginTest)3 AuthenticationExecutionRepresentation (org.keycloak.representations.idm.AuthenticationExecutionRepresentation)2 AuthenticationFlowRepresentation (org.keycloak.representations.idm.AuthenticationFlowRepresentation)2 TypeReference (com.fasterxml.jackson.core.type.TypeReference)1 NotFoundException (javax.ws.rs.NotFoundException)1 Response (javax.ws.rs.core.Response)1 RealmResource (org.keycloak.admin.client.resource.RealmResource)1 AuthenticationExecutionInfoRepresentation (org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)1 AuthenticatorConfigRepresentation (org.keycloak.representations.idm.AuthenticatorConfigRepresentation)1 CredentialRepresentation (org.keycloak.representations.idm.CredentialRepresentation)1 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)1 AccountCredentialResource (org.keycloak.services.resources.account.AccountCredentialResource)1 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial