use of org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected in project keycloak by keycloak.
the class ClientTokenExchangeSAML2Test method testExchangeToSAML2UnsignedAndUnencryptedAssertion.
@Test
@UncaughtServerErrorExpected
public void testExchangeToSAML2UnsignedAndUnencryptedAssertion() throws Exception {
testingClient.server().run(ClientTokenExchangeSAML2Test::setupRealm);
oauth.realm(TEST);
oauth.clientId("client-exchanger");
OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "user", "password");
String accessToken = response.getAccessToken();
TokenVerifier<AccessToken> accessTokenVerifier = TokenVerifier.create(accessToken, AccessToken.class);
AccessToken token = accessTokenVerifier.parse().getToken();
Assert.assertEquals(token.getPreferredUsername(), "user");
Assert.assertTrue(token.getRealmAccess() == null || !token.getRealmAccess().isUserInRole("example"));
Map<String, String> params = new HashMap<>();
params.put(OAuth2Constants.REQUESTED_TOKEN_TYPE, OAuth2Constants.SAML2_TOKEN_TYPE);
{
response = oauth.doTokenExchange(TEST, accessToken, SAML_UNSIGNED_AND_UNENCRYPTED_TARGET, "client-exchanger", "secret", params);
String exchangedTokenString = response.getAccessToken();
String assertionXML = new String(Base64Url.decode(exchangedTokenString), "UTF-8");
// Verify issued_token_type
Assert.assertEquals(OAuth2Constants.SAML2_TOKEN_TYPE, response.getIssuedTokenType());
// Verify assertion
Document assertionDoc = DocumentUtil.getDocument(assertionXML);
Assert.assertFalse(AssertionUtil.isSignedElement(assertionDoc.getDocumentElement()));
AssertionType assertion = (AssertionType) SAMLParser.getInstance().parse(assertionDoc);
// Audience
AudienceRestrictionType aud = (AudienceRestrictionType) assertion.getConditions().getConditions().get(0);
Assert.assertEquals(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET, aud.getAudience().get(0).toString());
// NameID
Assert.assertEquals("user", ((NameIDType) assertion.getSubject().getSubType().getBaseID()).getValue());
// Role mapping
List<String> roles = AssertionUtil.getRoles(assertion, null);
Assert.assertTrue(roles.contains("example"));
}
}
use of org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected in project keycloak by keycloak.
the class UncaughtErrorPageTest method uncaughtError.
@Test
@UncaughtServerErrorExpected
public void uncaughtError() throws MalformedURLException {
URI uri = suiteContext.getAuthServerInfo().getUriBuilder().path("/auth/realms/master/testing/uncaught-error").build();
driver.navigate().to(uri.toURL());
assertTrue(errorPage.isCurrent());
assertEquals("An internal server error has occurred", errorPage.getError());
}
use of org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected in project keycloak by keycloak.
the class UncaughtErrorPageTest method uncaughtErrorClientRegistration.
@Test
@UncaughtServerErrorExpected
public void uncaughtErrorClientRegistration() throws IOException {
try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
HttpPost post = new HttpPost(suiteContext.getAuthServerInfo().getUriBuilder().path("/auth/realms/master/clients-registrations/openid-connect").build());
post.setEntity(new StringEntity("{ invalid : invalid }"));
post.setHeader("Content-Type", "application/json");
CloseableHttpResponse response = client.execute(post);
assertEquals(400, response.getStatusLine().getStatusCode());
OAuth2ErrorRepresentation error = JsonSerialization.readValue(response.getEntity().getContent(), OAuth2ErrorRepresentation.class);
assertEquals("unknown_error", error.getError());
assertNull(error.getErrorDescription());
}
}
use of org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected in project keycloak by keycloak.
the class UncaughtErrorPageTest method uncaughtErrorAdmin.
@Test
@UncaughtServerErrorExpected
public void uncaughtErrorAdmin() throws IOException {
try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
String accessToken = adminClient.tokenManager().getAccessTokenString();
HttpPost post = new HttpPost(suiteContext.getAuthServerInfo().getUriBuilder().path("/auth/admin/realms").build());
post.setEntity(new StringEntity("{ invalid : invalid }"));
post.setHeader("Authorization", "bearer " + accessToken);
post.setHeader("Content-Type", "application/json");
CloseableHttpResponse response = client.execute(post);
assertEquals(400, response.getStatusLine().getStatusCode());
OAuth2ErrorRepresentation error = JsonSerialization.readValue(response.getEntity().getContent(), OAuth2ErrorRepresentation.class);
assertEquals("unknown_error", error.getError());
assertNull(error.getErrorDescription());
}
}
use of org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected in project keycloak by keycloak.
the class FineGrainAdminUnitTest method testWithTokenExchange.
/**
* KEYCLOAK-7406
*
* @throws Exception
*/
@Test
@UncaughtServerErrorExpected
@AuthServerContainerExclude(AuthServer.REMOTE)
@EnableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true)
public void testWithTokenExchange() throws Exception {
String exchanged = checkTokenExchange(true);
Assert.assertNotNull(exchanged);
try (Keycloak client = Keycloak.getInstance(getAuthServerContextRoot() + "/auth", AuthRealm.MASTER, Constants.ADMIN_CLI_CLIENT_ID, exchanged, TLSUtils.initializeTLS())) {
Assert.assertNotNull(client.realm("master").roles().get("offline_access"));
}
}
Aggregations