Example 36 with AuthServerContainerExclude
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class JavaKeystoreKeyProviderTest method invalidKeystorePassword.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void invalidKeystorePassword() throws Exception {
ComponentRepresentation rep = createRep("valid", System.currentTimeMillis());
rep.getConfig().putSingle("keystore", "invalid");
Response response = adminClient.realm("test").components().add(rep);
assertErrror(response, "Failed to load keys. File not found on server.");
}
Also used :
ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation)
Response(javax.ws.rs.core.Response)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
Test(org.junit.Test)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Example 37 with AuthServerContainerExclude
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class ClientRegistrationPoliciesTest method testMaxClientsPolicy.
@Test
// We would need to do domain name -> ip address to set trusted host
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testMaxClientsPolicy() throws Exception {
setTrustedHost("localhost");
int clientsCount = realmResource().clients().findAll().size();
int newClientsLimit = clientsCount + 1;
// Allow to create one more client to current limit
ComponentRepresentation maxClientsPolicyRep = findPolicyByProviderAndAuth(MaxClientsClientRegistrationPolicyFactory.PROVIDER_ID, getPolicyAnon());
maxClientsPolicyRep.getConfig().putSingle(MaxClientsClientRegistrationPolicyFactory.MAX_CLIENTS, String.valueOf(newClientsLimit));
realmResource().components().component(maxClientsPolicyRep.getId()).update(maxClientsPolicyRep);
// I can register one new client
OIDCClientRepresentation client = create();
// I can't register more clients
assertOidcFail(ClientRegOp.CREATE, createRepOidc(), 403, "It's allowed to have max " + newClientsLimit + " clients per realm");
// Revert
maxClientsPolicyRep.getConfig().putSingle(MaxClientsClientRegistrationPolicyFactory.MAX_CLIENTS, String.valueOf(10000));
realmResource().components().component(maxClientsPolicyRep.getId()).update(maxClientsPolicyRep);
}
Also used :
ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation)
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
Test(org.junit.Test)
Example 38 with AuthServerContainerExclude
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class ClientRegistrationPoliciesTest method testProtocolMappersUpdate.
@Test
// We would need to do domain name -> ip address to set trusted host
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testProtocolMappersUpdate() throws Exception {
setTrustedHost("localhost");
// Check I can add client with allowed protocolMappers
ProtocolMapperRepresentation protocolMapper = new ProtocolMapperRepresentation();
protocolMapper.setName("Full name");
protocolMapper.setProtocolMapper(FullNameMapper.PROVIDER_ID);
protocolMapper.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
ClientRepresentation clientRep = createRep("test-app");
clientRep.setProtocolMappers(Collections.singletonList(protocolMapper));
ClientRepresentation registeredClient = reg.create(clientRep);
reg.auth(Auth.token(registeredClient));
// Add some disallowed protocolMapper
registeredClient.getProtocolMappers().add(createHardcodedMapperRep());
// Check I can't update client because of protocolMapper
assertFail(ClientRegOp.UPDATE, registeredClient, 403, "ProtocolMapper type not allowed");
// Remove "bad" protocolMapper
registeredClient.getProtocolMappers().removeIf((ProtocolMapperRepresentation mapper) -> {
return mapper.getProtocolMapper().equals(HardcodedRole.PROVIDER_ID);
});
// Check I can update client now
reg.update(registeredClient);
// Revert client
ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
}
Also used :
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
Test(org.junit.Test)
Example 39 with AuthServerContainerExclude
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class ClientPoliciesTest method testClientUpdateSourceHostsCondition.
@AuthServerContainerExclude(AuthServer.REMOTE)
@Test
public void testClientUpdateSourceHostsCondition() throws Exception {
// register profiles
String json = (new ClientProfilesBuilder()).addProfile((new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Prvni Profil").addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthenticatorExecutorConfig(Arrays.asList(JWTClientAuthenticator.PROVIDER_ID, JWTClientSecretAuthenticator.PROVIDER_ID, X509ClientAuthenticator.PROVIDER_ID), null)).toRepresentation()).toString();
updateProfiles(json);
// register policies
json = (new ClientPoliciesBuilder()).addPolicy((new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Prvni Politika", Boolean.TRUE).addCondition(ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID, createClientUpdateSourceHostsConditionConfig(Arrays.asList("localhost", "127.0.0.1"))).addProfile(PROFILE_NAME).toRepresentation()).toString();
updatePolicies(json);
String clientId = generateSuffixedName(CLIENT_NAME);
String clientSecret = "secret";
try {
createClientByAdmin(clientId, (ClientRepresentation clientRep) -> {
clientRep.setSecret(clientSecret);
});
fail();
} catch (ClientPolicyException e) {
assertEquals(OAuthErrorException.INVALID_CLIENT_METADATA, e.getMessage());
}
// update policies
json = (new ClientPoliciesBuilder()).addPolicy((new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Aktualizovana Prvni Politika", Boolean.TRUE).addCondition(ClientUpdaterSourceHostsConditionFactory.PROVIDER_ID, createClientUpdateSourceHostsConditionConfig(Arrays.asList("example.com"))).addProfile(PROFILE_NAME).toRepresentation()).toString();
updatePolicies(json);
try {
createClientByAdmin(clientId, (ClientRepresentation clientRep) -> {
clientRep.setSecret(clientSecret);
});
} catch (Exception e) {
fail();
}
}
Also used :
ClientProfileBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)
ClientProfilesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)
ClientPoliciesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)
ClientPolicyBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)
IOException(java.io.IOException)
ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)
OAuthErrorException(org.keycloak.OAuthErrorException)
BadRequestException(javax.ws.rs.BadRequestException)
ClientRegistrationException(org.keycloak.client.registration.ClientRegistrationException)
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
Test(org.junit.Test)
Example 40 with AuthServerContainerExclude
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class ClientRegistrationPoliciesTest method testProtocolMappersConsentRequired.
@Test
// We would need to do domain name -> ip address to set trusted host
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testProtocolMappersConsentRequired() throws Exception {
setTrustedHost("localhost");
// Register client and assert it doesn't have builtin protocol mappers
ClientRepresentation clientRep = createRep("test-app");
ClientRepresentation registeredClient = reg.create(clientRep);
Assert.assertNull(registeredClient.getProtocolMappers());
// Revert
ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
}
Also used :
OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
Test(org.junit.Test)
Aggregations
Test (org.junit.Test)108
AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)108
AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)31
UserRepresentation (org.keycloak.representations.idm.UserRepresentation)30
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)29
Matchers.containsString (org.hamcrest.Matchers.containsString)28
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)27
Response (javax.ws.rs.core.Response)24
UserResource (org.keycloak.admin.client.resource.UserResource)21
AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)21
SocialLoginTest (org.keycloak.testsuite.broker.SocialLoginTest)21
MimeMessage (javax.mail.internet.MimeMessage)14
OAuthClient (org.keycloak.testsuite.util.OAuthClient)14
OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)13
ComponentRepresentation (org.keycloak.representations.idm.ComponentRepresentation)12
LinkedList (java.util.LinkedList)11
List (java.util.List)9
RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)9
HashMap (java.util.HashMap)8
IOException (java.io.IOException)7
