Search in sources :

Example 16 with UncaughtServerErrorExpected

use of org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected in project keycloak by keycloak.

the class ClientTokenExchangeSAML2Test method testExchangeToSAML2UnsignedAndUnencryptedAssertion.

@Test
@UncaughtServerErrorExpected
public void testExchangeToSAML2UnsignedAndUnencryptedAssertion() throws Exception {
    testingClient.server().run(ClientTokenExchangeSAML2Test::setupRealm);
    oauth.realm(TEST);
    oauth.clientId("client-exchanger");
    OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "user", "password");
    String accessToken = response.getAccessToken();
    TokenVerifier<AccessToken> accessTokenVerifier = TokenVerifier.create(accessToken, AccessToken.class);
    AccessToken token = accessTokenVerifier.parse().getToken();
    Assert.assertEquals(token.getPreferredUsername(), "user");
    Assert.assertTrue(token.getRealmAccess() == null || !token.getRealmAccess().isUserInRole("example"));
    Map<String, String> params = new HashMap<>();
    params.put(OAuth2Constants.REQUESTED_TOKEN_TYPE, OAuth2Constants.SAML2_TOKEN_TYPE);
    {
        response = oauth.doTokenExchange(TEST, accessToken, SAML_UNSIGNED_AND_UNENCRYPTED_TARGET, "client-exchanger", "secret", params);
        String exchangedTokenString = response.getAccessToken();
        String assertionXML = new String(Base64Url.decode(exchangedTokenString), "UTF-8");
        // Verify issued_token_type
        Assert.assertEquals(OAuth2Constants.SAML2_TOKEN_TYPE, response.getIssuedTokenType());
        // Verify assertion
        Document assertionDoc = DocumentUtil.getDocument(assertionXML);
        Assert.assertFalse(AssertionUtil.isSignedElement(assertionDoc.getDocumentElement()));
        AssertionType assertion = (AssertionType) SAMLParser.getInstance().parse(assertionDoc);
        // Audience
        AudienceRestrictionType aud = (AudienceRestrictionType) assertion.getConditions().getConditions().get(0);
        Assert.assertEquals(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET, aud.getAudience().get(0).toString());
        // NameID
        Assert.assertEquals("user", ((NameIDType) assertion.getSubject().getSubType().getBaseID()).getValue());
        // Role mapping
        List<String> roles = AssertionUtil.getRoles(assertion, null);
        Assert.assertTrue(roles.contains("example"));
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) HashMap(java.util.HashMap) AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) Document(org.w3c.dom.Document) AccessToken(org.keycloak.representations.AccessToken) List(java.util.List) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test) UncaughtServerErrorExpected(org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected)

Example 17 with UncaughtServerErrorExpected

use of org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected in project keycloak by keycloak.

the class UncaughtErrorPageTest method uncaughtError.

@Test
@UncaughtServerErrorExpected
public void uncaughtError() throws MalformedURLException {
    URI uri = suiteContext.getAuthServerInfo().getUriBuilder().path("/auth/realms/master/testing/uncaught-error").build();
    driver.navigate().to(uri.toURL());
    assertTrue(errorPage.isCurrent());
    assertEquals("An internal server error has occurred", errorPage.getError());
}
Also used : URI(java.net.URI) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) UncaughtServerErrorExpected(org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected)

Example 18 with UncaughtServerErrorExpected

use of org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected in project keycloak by keycloak.

the class UncaughtErrorPageTest method uncaughtErrorClientRegistration.

@Test
@UncaughtServerErrorExpected
public void uncaughtErrorClientRegistration() throws IOException {
    try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
        HttpPost post = new HttpPost(suiteContext.getAuthServerInfo().getUriBuilder().path("/auth/realms/master/clients-registrations/openid-connect").build());
        post.setEntity(new StringEntity("{ invalid : invalid }"));
        post.setHeader("Content-Type", "application/json");
        CloseableHttpResponse response = client.execute(post);
        assertEquals(400, response.getStatusLine().getStatusCode());
        OAuth2ErrorRepresentation error = JsonSerialization.readValue(response.getEntity().getContent(), OAuth2ErrorRepresentation.class);
        assertEquals("unknown_error", error.getError());
        assertNull(error.getErrorDescription());
    }
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) HttpPost(org.apache.http.client.methods.HttpPost) StringEntity(org.apache.http.entity.StringEntity) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) OAuth2ErrorRepresentation(org.keycloak.representations.idm.OAuth2ErrorRepresentation) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) UncaughtServerErrorExpected(org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected)

Example 19 with UncaughtServerErrorExpected

use of org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected in project keycloak by keycloak.

the class UncaughtErrorPageTest method uncaughtErrorAdmin.

@Test
@UncaughtServerErrorExpected
public void uncaughtErrorAdmin() throws IOException {
    try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
        String accessToken = adminClient.tokenManager().getAccessTokenString();
        HttpPost post = new HttpPost(suiteContext.getAuthServerInfo().getUriBuilder().path("/auth/admin/realms").build());
        post.setEntity(new StringEntity("{ invalid : invalid }"));
        post.setHeader("Authorization", "bearer " + accessToken);
        post.setHeader("Content-Type", "application/json");
        CloseableHttpResponse response = client.execute(post);
        assertEquals(400, response.getStatusLine().getStatusCode());
        OAuth2ErrorRepresentation error = JsonSerialization.readValue(response.getEntity().getContent(), OAuth2ErrorRepresentation.class);
        assertEquals("unknown_error", error.getError());
        assertNull(error.getErrorDescription());
    }
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) HttpPost(org.apache.http.client.methods.HttpPost) StringEntity(org.apache.http.entity.StringEntity) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) OAuth2ErrorRepresentation(org.keycloak.representations.idm.OAuth2ErrorRepresentation) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) UncaughtServerErrorExpected(org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected)

Example 20 with UncaughtServerErrorExpected

use of org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected in project keycloak by keycloak.

the class FineGrainAdminUnitTest method testWithTokenExchange.

/**
 * KEYCLOAK-7406
 *
 * @throws Exception
 */
@Test
@UncaughtServerErrorExpected
@AuthServerContainerExclude(AuthServer.REMOTE)
@EnableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true)
public void testWithTokenExchange() throws Exception {
    String exchanged = checkTokenExchange(true);
    Assert.assertNotNull(exchanged);
    try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", AuthRealm.MASTER, Constants.ADMIN_CLI_CLIENT_ID, exchanged, TLSUtils.initializeTLS())) {
        Assert.assertNotNull(client.realm("master").roles().get("offline_access"));
    }
}
Also used : Keycloak(org.keycloak.admin.client.Keycloak) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test) EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature) UncaughtServerErrorExpected(org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected)

Aggregations

Test (org.junit.Test)27 UncaughtServerErrorExpected (org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected)27 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)17 OAuthClient (org.keycloak.testsuite.util.OAuthClient)16 AccessToken (org.keycloak.representations.AccessToken)11 Response (javax.ws.rs.core.Response)10 HashMap (java.util.HashMap)7 List (java.util.List)7 Client (javax.ws.rs.client.Client)6 WebTarget (javax.ws.rs.client.WebTarget)6 Form (javax.ws.rs.core.Form)6 AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)6 AudienceRestrictionType (org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)6 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)6 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)6 Element (org.w3c.dom.Element)5 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)4 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)3 TokenVerifier (org.keycloak.TokenVerifier)3 ClientResource (org.keycloak.admin.client.resource.ClientResource)3