use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class BrowserFlowTest method testSocialProvidersPresentOnLoginUsernameOnlyPageIfConfigured.
@Test
@AuthServerContainerExclude(REMOTE)
public void testSocialProvidersPresentOnLoginUsernameOnlyPageIfConfigured() {
String testRealm = "test";
// Test setup - Configure the testing Keycloak instance with UsernameForm & PasswordForm (both REQUIRED) and OTPFormAuthenticator (ALTERNATIVE)
configureBrowserFlowWithRequiredPasswordFormAndAlternativeOTP("browser - copy 1");
try {
SocialLoginTest socialLoginTest = new SocialLoginTest();
// matters is if they are visible (clickable) on the LoginUsernameOnlyPage once the page is loaded
for (SocialLoginTest.Provider provider : Arrays.asList(GITHUB, GITLAB, GOOGLE)) {
adminClient.realm(testRealm).identityProviders().create(socialLoginTest.buildIdp(provider));
loginUsernameOnlyPage.open();
loginUsernameOnlyPage.assertCurrent();
// For each of the testing social providers, check the particular social provider button is present on the UsernameForm
// Test succeeded if NoSuchElementException is thrown for none of them
loginUsernameOnlyPage.findSocialButton(provider.id());
}
// Test cleanup - Return back to the initial state
} finally {
// Drop the testing social providers previously created within the test
for (IdentityProviderRepresentation providerRepresentation : adminClient.realm(testRealm).identityProviders().findAll()) {
adminClient.realm(testRealm).identityProviders().get(providerRepresentation.getInternalId()).remove();
}
revertFlows("browser - copy 1");
}
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class BrowserFlowTest method testConditionalRoleAuthenticatorWithRealmRoleIncludedInCompositeRealmRole.
// Check the ConditionalRoleAuthenticator
// Configure a conditional subflow with the required realm role "child-realm-role-1" and an OTP authenticator
// "child-realm-role-1" is a realm role included in realm composite role "composite-realm-role-1"
// user-with-two-configured-otp has the "composite-realm-role-1" role and should be asked for an OTP code
// user-with-one-configured-otp does not have the role. He should not be asked for an OTP code
@Test
@AuthServerContainerExclude(REMOTE)
public void testConditionalRoleAuthenticatorWithRealmRoleIncludedInCompositeRealmRole() {
// Create composite-realm-role-1
String compositeRealmRoleName = "composite-realm-role-1";
testRealm().roles().create(RoleBuilder.create().name(compositeRealmRoleName).build());
// Create child-realm-role-1
String childRealmRoleName = "child-realm-role-1";
testRealm().roles().create(RoleBuilder.create().name(childRealmRoleName).build());
// Make child-realm-role-1 a member of composite-realm-role-1
testRealm().roles().get(compositeRealmRoleName).addComposites(Collections.singletonList(testRealm().roles().get(childRealmRoleName).toRepresentation()));
// Add composite-realm-role-1 to user "user-with-two-configured-otp"
UserResource userResource = ApiUtil.findUserByUsernameId(testRealm(), "user-with-two-configured-otp");
userResource.roles().realmLevel().add(Collections.singletonList(testRealm().roles().get(compositeRealmRoleName).toRepresentation()));
// A browser flow is configured with an OTPForm for users having the role "child-realm-role-1"
configureBrowserFlowOTPNeedsRole(childRealmRoleName);
try {
// user-with-two-configured-otp has been configured with role "composite-realm-role-1".
// He should be asked for an OTP code
provideUsernamePassword("user-with-two-configured-otp");
Assert.assertTrue(oneTimeCodePage.isOtpLabelPresent());
loginTotpPage.assertCurrent();
loginTotpPage.assertOtpCredentialSelectorAvailability(true);
// user-with-one-configured-otp doesn't have the role. He should not be asked for an OTP code
provideUsernamePassword("user-with-one-configured-otp");
Assert.assertFalse(oneTimeCodePage.isOtpLabelPresent());
Assert.assertFalse(loginTotpPage.isCurrent());
} finally {
testRealm().roles().deleteRole(childRealmRoleName);
testRealm().roles().deleteRole(compositeRealmRoleName);
revertFlows("browser - rule");
}
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class BrowserFlowTest method testLoginWithWithNoOTPCredentialAndRequiredActionProviderDisabled.
/**
* This test checks that if a REQUIRED authentication execution which has isUserSetupAllowed -> true
* has its requiredActionProvider disabled, then it will not try to create the required action,
* and will instead raise an credential setup required error.
*/
@Test
@AuthServerContainerExclude(REMOTE)
public void testLoginWithWithNoOTPCredentialAndRequiredActionProviderDisabled() {
String newFlowAlias = "browser - copy 1";
configureBrowserFlowWithRequiredOTP(newFlowAlias);
RequiredActionProviderRepresentation otpRequiredAction = testRealm().flows().getRequiredAction("CONFIGURE_TOTP");
otpRequiredAction.setEnabled(false);
testRealm().flows().updateRequiredAction("CONFIGURE_TOTP", otpRequiredAction);
try {
provideUsernamePassword("test-user@localhost");
// Assert that the login evaluates to an error, as all required elements to not validate to successful
errorPage.assertCurrent();
} finally {
revertFlows("browser - copy 1");
otpRequiredAction.setEnabled(true);
testRealm().flows().updateRequiredAction("CONFIGURE_TOTP", otpRequiredAction);
}
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class BrowserFlowTest method testLoginWithWithNoOTPCredentialAndAlternativeActionProvider.
/**
* This test checks that if a alternative authentication execution which has no credential, and the alternative is a flow,
* then the selection mechanism will see that there's no viable alternative, and move on to the next execution (in this case the flow)
*/
@Test
@AuthServerContainerExclude(REMOTE)
public void testLoginWithWithNoOTPCredentialAndAlternativeActionProvider() {
String newFlowAlias = "browser - copy 1";
configureBrowserFlowWithAlternativeOTPAndPassword(newFlowAlias);
try {
loginUsernameOnlyPage.open();
loginUsernameOnlyPage.assertCurrent();
loginUsernameOnlyPage.login("test-user@localhost");
// Assert that the login skipped the OTP authenticator and moved to the password
passwordPage.assertCurrent();
} finally {
revertFlows("browser - copy 1");
}
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class JavaKeystoreKeyProviderTest method invalidKeyAlias.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void invalidKeyAlias() throws Exception {
ComponentRepresentation rep = createRep("valid", System.currentTimeMillis());
rep.getConfig().putSingle("keyAlias", "invalid");
Response response = adminClient.realm("test").components().add(rep);
assertErrror(response, "Failed to load keys. Error creating X509v1Certificate.");
}
Aggregations