Examples with ClientAttributeUpdater org.keycloak.testsuite.updaters.ClientAttributeUpdater used on opensource projects

Example 1 with ClientAttributeUpdater

use of org.keycloak.testsuite.updaters.ClientAttributeUpdater in project keycloak by keycloak.

the class AccountFormServiceTest method applicationsVisibilityNoScopesNoConsent.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void applicationsVisibilityNoScopesNoConsent() throws Exception {
    try (ClientAttributeUpdater cau = ClientAttributeUpdater.forClient(adminClient, REALM_NAME, ROOT_URL_CLIENT).setConsentRequired(false).setFullScopeAllowed(false).setDefaultClientScopes(Collections.EMPTY_LIST).setOptionalClientScopes(Collections.EMPTY_LIST).update();
        RoleScopeUpdater rsu = cau.realmRoleScope().update()) {
        applicationsPage.open();
        loginPage.login("john-doh@localhost", "password");
        applicationsPage.assertCurrent();
        Map<String, AccountApplicationsPage.AppEntry> apps = applicationsPage.getApplications();
        Assert.assertThat(apps.keySet(), containsInAnyOrder(/* "root-url-client", */
        "Account", "Account Console", "test-app", "test-app-scope", "third-party", "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant", "custom-audience"));
        rsu.add(testRealm().roles().get("user").toRepresentation()).update();
        driver.navigate().refresh();
        apps = applicationsPage.getApplications();
        Assert.assertThat(apps.keySet(), containsInAnyOrder("root-url-client", "Account", "Account Console", "test-app", "test-app-scope", "third-party", "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant", "custom-audience"));
    }
}

Example 2 with ClientAttributeUpdater

use of org.keycloak.testsuite.updaters.ClientAttributeUpdater in project keycloak by keycloak.

the class AccountFormServiceTest method applicationsVisibilityNoScopesAndConsent.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void applicationsVisibilityNoScopesAndConsent() throws Exception {
    try (ClientAttributeUpdater cau = ClientAttributeUpdater.forClient(adminClient, REALM_NAME, ROOT_URL_CLIENT).setConsentRequired(true).setFullScopeAllowed(false).setDefaultClientScopes(Collections.EMPTY_LIST).setOptionalClientScopes(Collections.EMPTY_LIST).update()) {
        applicationsPage.open();
        loginPage.login("john-doh@localhost", "password");
        applicationsPage.assertCurrent();
        Map<String, AccountApplicationsPage.AppEntry> apps = applicationsPage.getApplications();
        Assert.assertThat(apps.keySet(), containsInAnyOrder("root-url-client", "Account", "Account Console", "test-app", "test-app-scope", "third-party", "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant", "custom-audience"));
    }
}

Example 3 with ClientAttributeUpdater

use of org.keycloak.testsuite.updaters.ClientAttributeUpdater in project keycloak by keycloak.

the class AudienceProtocolMappersTest method testAudienceResolveNoFullScope.

@Test
public void testAudienceResolveNoFullScope() throws Exception {
    pmu.add(createSamlProtocolMapper(SAMLAudienceResolveProtocolMapper.PROVIDER_ID)).update();
    // remove full scope
    try (ClientAttributeUpdater cau = ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_EMPLOYEE_2).setFullScopeAllowed(false).update()) {
        // now only the same client should be in the audience
        this.testExpectedAudiences(SAML_CLIENT_ID_EMPLOYEE_2);
        // add another client in the scope
        String employee2Id = adminClient.realm(REALM_NAME).clients().findByClientId("http://localhost:8280/employee2/").get(0).getId();
        Assert.assertNotNull(employee2Id);
        String employeeId = adminClient.realm(REALM_NAME).clients().findByClientId("http://localhost:8280/employee/").get(0).getId();
        Assert.assertNotNull(employeeId);
        List<RoleRepresentation> availables = adminClient.realm(REALM_NAME).clients().get(employee2Id).getScopeMappings().clientLevel(employeeId).listAvailable();
        Assert.assertThat(availables.size(), greaterThan(0));
        // assign scope to only employee2 (employee-role-mapping should not be there)
        try (RoleScopeUpdater ru = cau.clientRoleScope(employeeId).add(availables.get(0)).update()) {
            this.testExpectedAudiences(SAML_CLIENT_ID_EMPLOYEE_2, "http://localhost:8280/employee/");
        }
    }
}

Example 4 with ClientAttributeUpdater

use of org.keycloak.testsuite.updaters.ClientAttributeUpdater in project keycloak by keycloak.

the class ArtifactBindingTest method testArtifactBindingWithBackchannelLogout.

@Test
public void testArtifactBindingWithBackchannelLogout() {
    try (SamlMessageReceiver backchannelLogoutReceiver = new SamlMessageReceiver(8082);
        ClientAttributeUpdater cau = ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlConfigAttributes.SAML_ARTIFACT_BINDING, "true").setFrontchannelLogout(false).setAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE, backchannelLogoutReceiver.getUrl()).update()) {
        new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).build().login().user(bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST).build().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST2, SAML_ASSERTION_CONSUMER_URL_SALES_POST2, POST).build().followOneRedirect().processSamlResponse(POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().execute();
        // We need new SamlClient so that logout is not done using cookie -> frontchannel logout
        new SamlClientBuilder().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST2, POST).nameId(nameIdRef::get).sessionIndex(sessionIndexRef::get).build().executeAndTransform(r -> {
            SAMLDocumentHolder saml2ObjectHolder = POST.extractResponse(r);
            assertThat(saml2ObjectHolder.getSamlObject(), isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
            return null;
        });
        // Check whether logoutReceiver contains correct LogoutRequest
        await().pollInterval(100, TimeUnit.MILLISECONDS).atMost(1, TimeUnit.MINUTES).until(backchannelLogoutReceiver::isMessageReceived);
        assertThat(backchannelLogoutReceiver.isMessageReceived(), is(true));
        SAMLDocumentHolder message = backchannelLogoutReceiver.getSamlDocumentHolder();
        assertThat(message.getSamlObject(), isSamlLogoutRequest(backchannelLogoutReceiver.getUrl()));
    } catch (Exception e) {
        throw new RuntimeException("Cannot run SamlMessageReceiver", e);
    }
}

Example 5 with ClientAttributeUpdater

use of org.keycloak.testsuite.updaters.ClientAttributeUpdater in project keycloak by keycloak.

the class InstallationTest method testSamlMetadataSpDescriptorPost.

@Test
public void testSamlMetadataSpDescriptorPost() throws Exception {
    try (ClientAttributeUpdater updater = ClientAttributeUpdater.forClient(adminClient, getRealmId(), SAML_NAME)) {
        assertThat(updater.getResource().toRepresentation().getAttributes().get(SamlConfigAttributes.SAML_FORCE_POST_BINDING), equalTo("true"));
        // error fallback
        Document doc = getDocumentFromXmlString(updater.getResource().getInstallationProvider(SamlSPDescriptorClientInstallation.SAML_CLIENT_INSTALATION_SP_DESCRIPTOR));
        Map<String, String> attrNamesAndValues = new HashMap<>();
        attrNamesAndValues.put("Binding", JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
        attrNamesAndValues.put("Location", "ERROR:ENDPOINT_NOT_SET");
        assertElements(doc, METADATA_NSURI.get(), "SingleLogoutService", attrNamesAndValues);
        assertElements(doc, METADATA_NSURI.get(), "AssertionConsumerService", attrNamesAndValues);
        attrNamesAndValues.clear();
        // fallback to adminUrl
        updater.setAdminUrl("admin-url").update();
        assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientResourcePath(samlClientId), ResourceType.CLIENT);
        doc = getDocumentFromXmlString(updater.getResource().getInstallationProvider(SamlSPDescriptorClientInstallation.SAML_CLIENT_INSTALATION_SP_DESCRIPTOR));
        attrNamesAndValues.put("Binding", JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
        attrNamesAndValues.put("Location", "admin-url");
        assertElements(doc, METADATA_NSURI.get(), "SingleLogoutService", attrNamesAndValues);
        assertElements(doc, METADATA_NSURI.get(), "AssertionConsumerService", attrNamesAndValues);
        attrNamesAndValues.clear();
        // fine grained
        updater.setAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE, "saml-assertion-post-url").setAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE, "saml-logout-post-url").setAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE, "saml-assertion-redirect-url").setAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE, "saml-logout-redirect-url").update();
        assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientResourcePath(samlClientId), ResourceType.CLIENT);
        doc = getDocumentFromXmlString(updater.getResource().getInstallationProvider(SamlSPDescriptorClientInstallation.SAML_CLIENT_INSTALATION_SP_DESCRIPTOR));
        attrNamesAndValues.put("Binding", JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
        attrNamesAndValues.put("Location", "saml-logout-post-url");
        assertElements(doc, METADATA_NSURI.get(), "SingleLogoutService", attrNamesAndValues);
        attrNamesAndValues.clear();
        attrNamesAndValues.put("Binding", JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
        attrNamesAndValues.put("Location", "saml-assertion-post-url");
        assertElements(doc, METADATA_NSURI.get(), "AssertionConsumerService", attrNamesAndValues);
    }
    assertAdminEvents.assertEvent(getRealmId(), OperationType.UPDATE, AdminEventPaths.clientResourcePath(samlClientId), ResourceType.CLIENT);
}