Examples with AuthServerContainerExclude org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude used on opensource projects

Example 46 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class BrowserFlowTest method testConditionalFlowWithConditionalAuthenticatorEvaluatingToFalseActsAsDisabled.

@Test
@AuthServerContainerExclude(REMOTE)
public void testConditionalFlowWithConditionalAuthenticatorEvaluatingToFalseActsAsDisabled() {
    String newFlowAlias = "browser - copy 1";
    configureBrowserFlowWithConditionalFlowWithOTP(newFlowAlias);
    try {
        loginUsernameOnlyPage.open();
        loginUsernameOnlyPage.assertCurrent();
        loginUsernameOnlyPage.login("test-user@localhost");
        // Assert that the login evaluates to an error, as all required elements to not validate to successful
        errorPage.assertCurrent();
    } finally {
        revertFlows("browser - copy 1");
    }
}

Example 47 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class BrowserFlowTest method testConditionalFlowWithConditionalAuthenticatorEvaluatingToTrueActsAsRequired.

@Test
@AuthServerContainerExclude(REMOTE)
public void testConditionalFlowWithConditionalAuthenticatorEvaluatingToTrueActsAsRequired() {
    String newFlowAlias = "browser - copy 1";
    configureBrowserFlowWithConditionalFlowWithOTP(newFlowAlias);
    try {
        loginUsernameOnlyPage.open();
        loginUsernameOnlyPage.assertCurrent();
        loginUsernameOnlyPage.login("user-with-one-configured-otp");
        // Assert on password page now
        Assert.assertTrue(oneTimeCodePage.isOtpLabelPresent());
        loginTotpPage.assertCurrent();
        loginTotpPage.assertOtpCredentialSelectorAvailability(false);
        loginTotpPage.login(getOtpCode(USER_WITH_ONE_OTP_OTP_SECRET));
        Assert.assertFalse(loginTotpPage.isCurrent());
        events.expectLogin().user(testRealm().users().search("user-with-one-configured-otp").get(0).getId()).detail(Details.USERNAME, "user-with-one-configured-otp").assertEvent();
    } finally {
        revertFlows("browser - copy 1");
    }
}

Example 48 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class BrowserFlowTest method testAlternativeNonInteractiveExecutorInSubflow.

@Test
@AuthServerContainerExclude(REMOTE)
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void testAlternativeNonInteractiveExecutorInSubflow() {
    final String newFlowAlias = "browser - alternative non-interactive executor";
    testingClient.server("test").run(session -> FlowUtil.inCurrentRealm(session).copyBrowserFlow(newFlowAlias));
    testingClient.server("test").run(session -> FlowUtil.inCurrentRealm(session).selectFlow(newFlowAlias).inForms(forms -> forms.clear().addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.REQUIRED, UsernameFormFactory.PROVIDER_ID).addSubFlowExecution(Requirement.REQUIRED, reqSubFlow -> reqSubFlow.addAuthenticatorExecution(Requirement.ALTERNATIVE, PassThroughAuthenticator.PROVIDER_ID))).defineAsBrowserFlow());
    try {
        // provides username
        loginUsernameOnlyPage.open();
        loginUsernameOnlyPage.login("test-user@localhost");
        // Check that Keycloak is redirecting us to the Keycloak account management page
        WebElement aHref = driver.findElement(By.tagName("a"));
        driver.get(aHref.getAttribute("href"));
        assertThat(driver.getTitle(), containsString("Account Management"));
    } finally {
        revertFlows("browser - alternative non-interactive executor");
    }
}

Example 49 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class BrowserFlowTest method testConditionalRoleAuthenticator.

// Check the ConditionalRoleAuthenticator
// Configure a conditional subflow with the required role "user" and an OTP authenticator
// user-with-two-configured-otp has the "user" role and should be asked for an OTP code
// user-with-one-configured-otp does not have the role. He should not be asked for an OTP code
@Test
@AuthServerContainerExclude(REMOTE)
public void testConditionalRoleAuthenticator() {
    String requiredRole = "user";
    // A browser flow is configured with an OTPForm for users having the role "user"
    configureBrowserFlowOTPNeedsRole(requiredRole);
    try {
        // user-with-two-configured-otp has been configured with role "user". He should be asked for an OTP code
        provideUsernamePassword("user-with-two-configured-otp");
        Assert.assertTrue(oneTimeCodePage.isOtpLabelPresent());
        loginTotpPage.assertCurrent();
        loginTotpPage.assertOtpCredentialSelectorAvailability(true);
        // user-with-one-configured-otp has not configured role. He should not be asked for an OTP code
        provideUsernamePassword("user-with-one-configured-otp");
        Assert.assertFalse(oneTimeCodePage.isOtpLabelPresent());
        Assert.assertFalse(loginTotpPage.isCurrent());
    } finally {
        revertFlows("browser - rule");
    }
}

Example 50 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class BrowserFlowTest method testConditionalRoleAuthenticatorWithClientRoleIncludedInCompositeClientRole.

// Check the ConditionalRoleAuthenticator
// Configure a conditional subflow with the required client role "child-client-role-1" from "test-app" client and an OTP authenticator
// "child-client-role-1" is a client role included in composite client role "composite-client-role-1"
// user-with-two-configured-otp has the "composite-client-role-1" role and should be asked for an OTP code
// user-with-one-configured-otp does not have the role. He should not be asked for an OTP code
@Test
@AuthServerContainerExclude(REMOTE)
public void testConditionalRoleAuthenticatorWithClientRoleIncludedInCompositeClientRole() {
    String clientName = "test-app";
    ClientRepresentation testClient = testRealm().clients().findByClientId(clientName).get(0);
    // Create composite-client-role-1
    String compositeClientRoleName = "composite-client-role-1";
    testRealm().clients().get(testClient.getId()).roles().create(RoleBuilder.create().name(compositeClientRoleName).build());
    // Create child-client-role-1
    String childClientRoleName = "child-client-role-1";
    testRealm().clients().get(testClient.getId()).roles().create(RoleBuilder.create().name(childClientRoleName).build());
    // Make child-client-role-1 a member of composite-client-role-1
    testRealm().clients().get(testClient.getId()).roles().get(compositeClientRoleName).addComposites(Collections.singletonList(testRealm().clients().get(testClient.getId()).roles().get(childClientRoleName).toRepresentation()));
    // Add composite-client-role-1 to user "user-with-two-configured-otp"
    UserResource userResource = ApiUtil.findUserByUsernameId(testRealm(), "user-with-two-configured-otp");
    userResource.roles().clientLevel(testClient.getId()).add(Collections.singletonList(testRealm().clients().get(testClient.getId()).roles().get(compositeClientRoleName).toRepresentation()));
    // A browser flow is configured with an OTPForm for users having the role "test-app.child-client-role-1"
    configureBrowserFlowOTPNeedsRole(clientName + "." + childClientRoleName);
    try {
        // user-with-two-configured-otp has been configured with role "test-app.child-client-role-1". He should be asked for an OTP code
        provideUsernamePassword("user-with-two-configured-otp");
        Assert.assertTrue(oneTimeCodePage.isOtpLabelPresent());
        loginTotpPage.assertCurrent();
        loginTotpPage.assertOtpCredentialSelectorAvailability(true);
        // user-with-one-configured-otp doesn't have the role. He should not be asked for an OTP code
        provideUsernamePassword("user-with-one-configured-otp");
        Assert.assertFalse(oneTimeCodePage.isOtpLabelPresent());
        Assert.assertFalse(loginTotpPage.isCurrent());
    } finally {
        testRealm().clients().get(testClient.getId()).roles().deleteRole(childClientRoleName);
        testRealm().clients().get(testClient.getId()).roles().deleteRole(compositeClientRoleName);
        revertFlows("browser - rule");
    }
}