use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer.REMOTE in project keycloak by keycloak.
the class BrowserFlowTest method testAlternativeNonInteractiveExecutorInSubflow.
@Test
@AuthServerContainerExclude(REMOTE)
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void testAlternativeNonInteractiveExecutorInSubflow() {
final String newFlowAlias = "browser - alternative non-interactive executor";
testingClient.server("test").run(session -> FlowUtil.inCurrentRealm(session).copyBrowserFlow(newFlowAlias));
testingClient.server("test").run(session -> FlowUtil.inCurrentRealm(session).selectFlow(newFlowAlias).inForms(forms -> forms.clear().addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.REQUIRED, UsernameFormFactory.PROVIDER_ID).addSubFlowExecution(Requirement.REQUIRED, reqSubFlow -> reqSubFlow.addAuthenticatorExecution(Requirement.ALTERNATIVE, PassThroughAuthenticator.PROVIDER_ID))).defineAsBrowserFlow());
try {
// provides username
loginUsernameOnlyPage.open();
loginUsernameOnlyPage.login("test-user@localhost");
// Check that Keycloak is redirecting us to the Keycloak account management page
WebElement aHref = driver.findElement(By.tagName("a"));
driver.get(aHref.getAttribute("href"));
assertThat(driver.getTitle(), containsString("Account Management"));
} finally {
revertFlows("browser - alternative non-interactive executor");
}
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer.REMOTE in project keycloak by keycloak.
the class IdentityProviderTest method failCreateInvalidUrl.
@Test
@AuthServerContainerExclude(REMOTE)
public void failCreateInvalidUrl() throws Exception {
try (AutoCloseable c = new RealmAttributeUpdater(realmsResouce().realm("test")).updateWith(r -> r.setSslRequired(SslRequired.ALL.name())).update()) {
IdentityProviderRepresentation newIdentityProvider = createRep("new-identity-provider", "oidc");
newIdentityProvider.getConfig().put("clientId", "clientId");
newIdentityProvider.getConfig().put("clientSecret", "some secret value");
OIDCIdentityProviderConfigRep oidcConfig = new OIDCIdentityProviderConfigRep(newIdentityProvider);
oidcConfig.setAuthorizationUrl("invalid://test");
try (Response response = this.realm.identityProviders().create(newIdentityProvider)) {
assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
assertEquals("The url [authorization_url] is malformed", error.getErrorMessage());
}
oidcConfig.setAuthorizationUrl(null);
oidcConfig.setTokenUrl("http://test");
try (Response response = this.realm.identityProviders().create(newIdentityProvider)) {
assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
assertEquals("The url [token_url] requires secure connections", error.getErrorMessage());
}
oidcConfig.setAuthorizationUrl(null);
oidcConfig.setTokenUrl(null);
oidcConfig.setJwksUrl("http://test");
try (Response response = this.realm.identityProviders().create(newIdentityProvider)) {
assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
assertEquals("The url [jwks_url] requires secure connections", error.getErrorMessage());
}
oidcConfig.setAuthorizationUrl(null);
oidcConfig.setTokenUrl(null);
oidcConfig.setJwksUrl(null);
oidcConfig.setLogoutUrl("http://test");
try (Response response = this.realm.identityProviders().create(newIdentityProvider)) {
assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
assertEquals("The url [logout_url] requires secure connections", error.getErrorMessage());
}
oidcConfig.setAuthorizationUrl(null);
oidcConfig.setTokenUrl(null);
oidcConfig.setJwksUrl(null);
oidcConfig.setLogoutUrl(null);
oidcConfig.setUserInfoUrl("http://test");
try (Response response = this.realm.identityProviders().create(newIdentityProvider)) {
assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
assertEquals("The url [userinfo_url] requires secure connections", error.getErrorMessage());
}
}
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer.REMOTE in project keycloak by keycloak.
the class BrowserFlowTest method testSwitchExecutionNotAllowedWithRequiredPasswordAndAlternativeOTP.
@Test
@AuthServerContainerExclude(REMOTE)
public void testSwitchExecutionNotAllowedWithRequiredPasswordAndAlternativeOTP() {
String newFlowAlias = "browser - copy 1";
configureBrowserFlowWithRequiredPasswordFormAndAlternativeOTP(newFlowAlias);
try {
loginUsernameOnlyPage.open();
loginUsernameOnlyPage.assertCurrent();
loginUsernameOnlyPage.login("user-with-one-configured-otp");
// Assert on password page now
passwordPage.assertCurrent();
String otpAuthenticatorExecutionId = realmsResouce().realm("test").flows().getExecutions(newFlowAlias).stream().filter(execution -> OTPFormAuthenticatorFactory.PROVIDER_ID.equals(execution.getProviderId())).findFirst().get().getId();
// Manually run request to switch execution to OTP. It shouldn't be allowed and error should be thrown
String actionURL = ActionURIUtils.getActionURIFromPageSource(driver.getPageSource());
String formParameters = Constants.AUTHENTICATION_EXECUTION + "=" + otpAuthenticatorExecutionId + "&" + Constants.CREDENTIAL_ID + "=";
URLUtils.sendPOSTRequestWithWebDriver(actionURL, formParameters);
errorPage.assertCurrent();
} finally {
revertFlows("browser - copy 1");
}
}
Aggregations