Search in sources :

Example 36 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class JavaKeystoreKeyProviderTest method invalidKeystorePassword.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void invalidKeystorePassword() throws Exception {
    ComponentRepresentation rep = createRep("valid", System.currentTimeMillis());
    rep.getConfig().putSingle("keystore", "invalid");
    Response response = adminClient.realm("test").components().add(rep);
    assertErrror(response, "Failed to load keys. File not found on server.");
}
Also used : ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation) Response(javax.ws.rs.core.Response) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 37 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class ClientRegistrationPoliciesTest method testMaxClientsPolicy.

@Test
// We would need to do domain name -> ip address to set trusted host
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testMaxClientsPolicy() throws Exception {
    setTrustedHost("localhost");
    int clientsCount = realmResource().clients().findAll().size();
    int newClientsLimit = clientsCount + 1;
    // Allow to create one more client to current limit
    ComponentRepresentation maxClientsPolicyRep = findPolicyByProviderAndAuth(MaxClientsClientRegistrationPolicyFactory.PROVIDER_ID, getPolicyAnon());
    maxClientsPolicyRep.getConfig().putSingle(MaxClientsClientRegistrationPolicyFactory.MAX_CLIENTS, String.valueOf(newClientsLimit));
    realmResource().components().component(maxClientsPolicyRep.getId()).update(maxClientsPolicyRep);
    // I can register one new client
    OIDCClientRepresentation client = create();
    // I can't register more clients
    assertOidcFail(ClientRegOp.CREATE, createRepOidc(), 403, "It's allowed to have max " + newClientsLimit + " clients per realm");
    // Revert
    maxClientsPolicyRep.getConfig().putSingle(MaxClientsClientRegistrationPolicyFactory.MAX_CLIENTS, String.valueOf(10000));
    realmResource().components().component(maxClientsPolicyRep.getId()).update(maxClientsPolicyRep);
}
Also used : ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 38 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class ClientRegistrationPoliciesTest method testProtocolMappersUpdate.

@Test
// We would need to do domain name -> ip address to set trusted host
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testProtocolMappersUpdate() throws Exception {
    setTrustedHost("localhost");
    // Check I can add client with allowed protocolMappers
    ProtocolMapperRepresentation protocolMapper = new ProtocolMapperRepresentation();
    protocolMapper.setName("Full name");
    protocolMapper.setProtocolMapper(FullNameMapper.PROVIDER_ID);
    protocolMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    ClientRepresentation clientRep = createRep("test-app");
    clientRep.setProtocolMappers(Collections.singletonList(protocolMapper));
    ClientRepresentation registeredClient = reg.create(clientRep);
    reg.auth(Auth.token(registeredClient));
    // Add some disallowed protocolMapper
    registeredClient.getProtocolMappers().add(createHardcodedMapperRep());
    // Check I can't update client because of protocolMapper
    assertFail(ClientRegOp.UPDATE, registeredClient, 403, "ProtocolMapper type not allowed");
    // Remove "bad" protocolMapper
    registeredClient.getProtocolMappers().removeIf((ProtocolMapperRepresentation mapper) -> {
        return mapper.getProtocolMapper().equals(HardcodedRole.PROVIDER_ID);
    });
    // Check I can update client now
    reg.update(registeredClient);
    // Revert client
    ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
}
Also used : ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 39 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class ClientPoliciesTest method testClientUpdateSourceHostsCondition.

@AuthServerContainerExclude(AuthServer.REMOTE)
@Test
public void testClientUpdateSourceHostsCondition() throws Exception {
    // register profiles
    String json = (new ClientProfilesBuilder()).addProfile((new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Prvni Profil").addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthenticatorExecutorConfig(Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, JWTClientSecretAuthenticator.PROVIDER_ID, X509ClientAuthenticator.PROVIDER_ID), null)).toRepresentation()).toString();
    updateProfiles(json);
    // register policies
    json = (new ClientPoliciesBuilder()).addPolicy((new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Prvni Politika", Boolean.TRUE).addCondition(ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID, createClientUpdateSourceHostsConditionConfig(Arrays.asList("localhost", "127.0.0.1"))).addProfile(PROFILE_NAME).toRepresentation()).toString();
    updatePolicies(json);
    String clientId = generateSuffixedName(CLIENT_NAME);
    String clientSecret = "secret";
    try {
        createClientByAdmin(clientId, (ClientRepresentation clientRep) -> {
            clientRep.setSecret(clientSecret);
        });
        fail();
    } catch (ClientPolicyException e) {
        assertEquals(OAuthErrorException.INVALID_CLIENT_METADATA, e.getMessage());
    }
    // update policies
    json = (new ClientPoliciesBuilder()).addPolicy((new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Aktualizovana Prvni Politika", Boolean.TRUE).addCondition(ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID, createClientUpdateSourceHostsConditionConfig(Arrays.asList("example.com"))).addProfile(PROFILE_NAME).toRepresentation()).toString();
    updatePolicies(json);
    try {
        createClientByAdmin(clientId, (ClientRepresentation clientRep) -> {
            clientRep.setSecret(clientSecret);
        });
    } catch (Exception e) {
        fail();
    }
}
Also used : ClientProfileBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder) ClientProfilesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder) ClientPoliciesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder) ClientPolicyBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder) IOException(java.io.IOException) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException) OAuthErrorException(org.keycloak.OAuthErrorException) BadRequestException(javax.ws.rs.BadRequestException) ClientRegistrationException(org.keycloak.client.registration.ClientRegistrationException) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 40 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class ClientRegistrationPoliciesTest method testProtocolMappersConsentRequired.

@Test
// We would need to do domain name -> ip address to set trusted host
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testProtocolMappersConsentRequired() throws Exception {
    setTrustedHost("localhost");
    // Register client and assert it doesn't have builtin protocol mappers
    ClientRepresentation clientRep = createRep("test-app");
    ClientRepresentation registeredClient = reg.create(clientRep);
    Assert.assertNull(registeredClient.getProtocolMappers());
    // Revert
    ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
}
Also used : OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)108 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)108 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)31 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)30 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)29 Matchers.containsString (org.hamcrest.Matchers.containsString)28 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)27 Response (javax.ws.rs.core.Response)24 UserResource (org.keycloak.admin.client.resource.UserResource)21 AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)21 SocialLoginTest (org.keycloak.testsuite.broker.SocialLoginTest)21 MimeMessage (javax.mail.internet.MimeMessage)14 OAuthClient (org.keycloak.testsuite.util.OAuthClient)14 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)13 ComponentRepresentation (org.keycloak.representations.idm.ComponentRepresentation)12 LinkedList (java.util.LinkedList)11 List (java.util.List)9 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)9 HashMap (java.util.HashMap)8 IOException (java.io.IOException)7