Example 26 with UncaughtServerErrorExpected
use of org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected in project keycloak by keycloak.
the class FlowOverrideTest method testRestInterfaceWithBadId.
@Test
@UncaughtServerErrorExpected
public void testRestInterfaceWithBadId() throws Exception {
ClientsResource clients = adminClient.realm("test").clients();
List<ClientRepresentation> query = clients.findByClientId(TEST_APP_FLOW);
ClientRepresentation clientRep = query.get(0);
String browserFlowId = clientRep.getAuthenticationFlowBindingOverrides().get(AuthenticationFlowBindings.BROWSER_BINDING);
clientRep.getAuthenticationFlowBindingOverrides().put(AuthenticationFlowBindings.BROWSER_BINDING, "bad-id");
try {
clients.get(clientRep.getId()).update(clientRep);
Assert.fail();
} catch (Exception e) {
}
query = clients.findByClientId(TEST_APP_FLOW);
clientRep = query.get(0);
Assert.assertEquals(browserFlowId, clientRep.getAuthenticationFlowBindingOverrides().get(AuthenticationFlowBindings.BROWSER_BINDING));
}
Also used :
ClientsResource(org.keycloak.admin.client.resource.ClientsResource)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
UncaughtServerErrorExpected(org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected)
Example 27 with UncaughtServerErrorExpected
use of org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected in project keycloak by keycloak.
the class IdTokenEncryptionTest method testIdTokenEncryptionWithoutEncryptionKEK.
@Test
@UncaughtServerErrorExpected
public void testIdTokenEncryptionWithoutEncryptionKEK() {
ClientResource clientResource = null;
ClientRepresentation clientRep = null;
try {
// generate and register signing/verifying key onto client, not encryption key
TestOIDCEndpointsApplicationResource oidcClientEndpointsResource = testingClient.testApp().oidcClientEndpoints();
oidcClientEndpointsResource.generateKeys(Algorithm.RS256);
clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
clientRep = clientResource.toRepresentation();
// set id token signature algorithm and encryption algorithms
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setIdTokenSignedResponseAlg(Algorithm.RS256);
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setIdTokenEncryptedResponseAlg(JWEConstants.RSA1_5);
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setIdTokenEncryptedResponseEnc(JWEConstants.A128CBC_HS256);
// use and set jwks_url
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setUseJwksUrl(true);
String jwksUrl = TestApplicationResourceUrls.clientJwksUri();
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setJwksUrl(jwksUrl);
clientResource.update(clientRep);
// get id token but failed
OAuthClient.AuthorizationEndpointResponse response = oauth.doLogin("test-user@localhost", "password");
AccessTokenResponse atr = oauth.doAccessTokenRequest(response.getCode(), "password");
Assert.assertEquals(OAuthErrorException.INVALID_REQUEST, atr.getError());
Assert.assertEquals("can not get encryption KEK", atr.getErrorDescription());
} finally {
// Revert
clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
clientRep = clientResource.toRepresentation();
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setIdTokenSignedResponseAlg(Algorithm.RS256);
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setIdTokenEncryptedResponseAlg(null);
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setIdTokenEncryptedResponseEnc(null);
// Revert jwks_url settings
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setUseJwksUrl(false);
OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setJwksUrl(null);
clientResource.update(clientRep);
}
}
Also used :
TestOIDCEndpointsApplicationResource(org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
UncaughtServerErrorExpected(org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected)
Aggregations
Test (org.junit.Test)27
UncaughtServerErrorExpected (org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected)27
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)17
OAuthClient (org.keycloak.testsuite.util.OAuthClient)16
AccessToken (org.keycloak.representations.AccessToken)11
Response (javax.ws.rs.core.Response)10
HashMap (java.util.HashMap)7
List (java.util.List)7
Client (javax.ws.rs.client.Client)6
WebTarget (javax.ws.rs.client.WebTarget)6
Form (javax.ws.rs.core.Form)6
AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)6
AudienceRestrictionType (org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)6
NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)6
AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)6
Element (org.w3c.dom.Element)5
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)4
CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)3
TokenVerifier (org.keycloak.TokenVerifier)3
ClientResource (org.keycloak.admin.client.resource.ClientResource)3
