Examples with IdentityProviderCreator org.keycloak.testsuite.updaters.IdentityProviderCreator used on opensource projects

Search in sources :

Example 1 with IdentityProviderCreator

use of org.keycloak.testsuite.updaters.IdentityProviderCreator in project keycloak by keycloak.

the class KcAdmUpdateTest method testUpdateIDPWithoutInternalId.

@Test
public void testUpdateIDPWithoutInternalId() throws IOException {
    final String realm = "test";
    final RealmResource realmResource = adminClient.realm(realm);
    IdentityProviderRepresentation identityProvider = IdentityProviderBuilder.create().providerId(SAMLIdentityProviderFactory.PROVIDER_ID).alias("idpAlias").displayName("SAML").setAttribute(SAMLIdentityProviderConfig.SINGLE_SIGN_ON_SERVICE_URL, "https://saml.idp/saml").setAttribute(SAMLIdentityProviderConfig.SINGLE_LOGOUT_SERVICE_URL, "https://saml.idp/saml").setAttribute(SAMLIdentityProviderConfig.NAME_ID_POLICY_FORMAT, "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress").setAttribute(SAMLIdentityProviderConfig.POST_BINDING_RESPONSE, "false").setAttribute(SAMLIdentityProviderConfig.POST_BINDING_AUTHN_REQUEST, "false").setAttribute(SAMLIdentityProviderConfig.BACKCHANNEL_SUPPORTED, "false").build();
    try (Closeable ipc = new IdentityProviderCreator(realmResource, identityProvider)) {
        FileConfigHandler handler = initCustomConfigFile();
        try (TempFileResource configFile = new TempFileResource(handler.getConfigFile())) {
            loginAsUser(configFile.getFile(), serverUrl, realm, "user1", "userpass");
            KcAdmExec exe = execute("get identity-provider/instances/idpAlias -r " + realm + " --config " + configFile.getFile());
            assertExitCodeAndStdErrSize(exe, 0, 0);
            final File idpJson = new File("target/test-classes/cli/idp-keycloak-9167.json");
            exe = execute("update identity-provider/instances/idpAlias -r " + realm + " -f " + idpJson.getAbsolutePath() + " --config " + configFile.getFile());
            assertExitCodeAndStdErrSize(exe, 0, 0);
        }
        Assert.assertThat(realmResource.identityProviders().get("idpAlias").toRepresentation().getDisplayName(), is(equalTo("SAML_UPDATED")));
    }
}
Also used : FileConfigHandler(org.keycloak.client.admin.cli.config.FileConfigHandler) RealmResource(org.keycloak.admin.client.resource.RealmResource) Closeable(java.io.Closeable) IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) KcAdmExec(org.keycloak.testsuite.cli.KcAdmExec) File(java.io.File) TempFileResource(org.keycloak.testsuite.util.TempFileResource) Test(org.junit.Test)

Example 2 with IdentityProviderCreator

use of org.keycloak.testsuite.updaters.IdentityProviderCreator in project keycloak by keycloak.

the class BrokerTest method testInResponseToSetCorrectly.

@Test
public void testInResponseToSetCorrectly() throws IOException {
    final RealmResource realm = adminClient.realm(REALM_NAME);
    try (IdentityProviderCreator idp = new IdentityProviderCreator(realm, addIdentityProvider("https://saml.idp/saml"))) {
        AtomicReference<String> serviceProvidersId = new AtomicReference<>();
        SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).transformObject(ar -> {
            serviceProvidersId.set(ar.getID());
            return ar;
        }).build().login().idp(SAML_BROKER_ALIAS).build().processSamlResponse(REDIRECT).transformObject(this::createAuthnResponse).targetAttributeSamlResponse().targetUri(getSamlBrokerUrl(REALM_NAME)).build().followOneRedirect().updateProfile().username("userInResponseTo").email("f@g.h").firstName("a").lastName("b").build().followOneRedirect().getSamlResponse(POST);
        assertThat(samlResponse.getSamlObject(), isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        assertThat(((ResponseType) samlResponse.getSamlObject()).getInResponseTo(), is(serviceProvidersId.get()));
    } finally {
        clearUsers(realm);
    }
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) RealmResource(org.keycloak.admin.client.resource.RealmResource) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator) AtomicReference(java.util.concurrent.atomic.AtomicReference) Test(org.junit.Test)

Example 3 with IdentityProviderCreator

use of org.keycloak.testsuite.updaters.IdentityProviderCreator in project keycloak by keycloak.

the class BrokerTest method testRedirectQueryParametersPreserved.

@Test
public void testRedirectQueryParametersPreserved() throws IOException {
    final RealmResource realm = adminClient.realm(REALM_NAME);
    try (IdentityProviderCreator idp = new IdentityProviderCreator(realm, addIdentityProvider("https://saml.idp/?service=name&serviceType=prod"))) {
        SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).build().login().idp(SAML_BROKER_ALIAS).build().getSamlResponse(REDIRECT);
        assertThat(samlResponse.getSamlObject(), Matchers.instanceOf(AuthnRequestType.class));
        AuthnRequestType ar = (AuthnRequestType) samlResponse.getSamlObject();
        assertThat(ar.getDestination(), Matchers.equalTo(URI.create("https://saml.idp/?service=name&serviceType=prod")));
        Header[] headers = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).build().login().idp(SAML_BROKER_ALIAS).build().doNotFollowRedirects().executeAndTransform(resp -> resp.getHeaders(HttpHeaders.LOCATION));
        assertThat(headers.length, Matchers.is(1));
        assertThat(headers[0].getValue(), Matchers.containsString("https://saml.idp/?service=name&serviceType=prod"));
        assertThat(headers[0].getValue(), Matchers.containsString("SAMLRequest"));
    }
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) Header(org.apache.http.Header) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) RealmResource(org.keycloak.admin.client.resource.RealmResource) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator) Test(org.junit.Test)

Example 4 with IdentityProviderCreator

use of org.keycloak.testsuite.updaters.IdentityProviderCreator in project keycloak by keycloak.

the class BrokerTest method assertExpired.

private void assertExpired(XMLGregorianCalendar notBefore, XMLGregorianCalendar notOnOrAfter, boolean shouldPass) throws Exception {
    Status expectedStatus = shouldPass ? Status.OK : Status.BAD_REQUEST;
    final RealmResource realm = adminClient.realm(REALM_NAME);
    try (IdentityProviderCreator idp = new IdentityProviderCreator(realm, addIdentityProvider("https://saml.idp/"))) {
        new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).build().login().idp(SAML_BROKER_ALIAS).build().processSamlResponse(REDIRECT).transformObject(this::createAuthnResponse).transformObject(resp -> {
            // always invent a new user identified by a different email address
            ResponseType rt = (ResponseType) resp;
            AssertionType a = rt.getAssertions().get(0).getAssertion();
            NameIDType nameId = new NameIDType();
            nameId.setFormat(URI.create(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get()));
            nameId.setValue(UUID.randomUUID() + "@random.email.org");
            SubjectType subject = new SubjectType();
            SubjectType.STSubType subType = new SubjectType.STSubType();
            subType.addBaseID(nameId);
            subject.setSubType(subType);
            a.setSubject(subject);
            ConditionsType conditions = a.getConditions();
            conditions.setNotBefore(notBefore);
            conditions.setNotOnOrAfter(notOnOrAfter);
            return rt;
        }).targetAttributeSamlResponse().targetUri(getSamlBrokerUrl(REALM_NAME)).build().assertResponse(org.keycloak.testsuite.util.Matchers.statusCodeIsHC(expectedStatus)).execute();
    }
}
Also used : Status(javax.ws.rs.core.Response.Status) XMLTimeUtil(org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil) KeyPair(java.security.KeyPair) ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType) POST(org.keycloak.testsuite.util.SamlClient.Binding.POST) Header(org.apache.http.Header) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) SAMLIdentityProviderConfig(org.keycloak.broker.saml.SAMLIdentityProviderConfig) SAMLIdentityProviderFactory(org.keycloak.broker.saml.SAMLIdentityProviderFactory) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) Document(org.w3c.dom.Document) Requirement(org.keycloak.models.AuthenticationExecutionModel.Requirement) NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType) HasQName(org.keycloak.saml.processing.core.parsers.util.HasQName) URI(java.net.URI) HttpHeaders(org.apache.http.HttpHeaders) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) RealmResource(org.keycloak.admin.client.resource.RealmResource) IdentityProviderBuilder(org.keycloak.testsuite.util.IdentityProviderBuilder) UUID(java.util.UUID) Objects(java.util.Objects) List(java.util.List) Matchers.isSamlStatusResponse(org.keycloak.testsuite.util.Matchers.isSamlStatusResponse) Matchers.is(org.hamcrest.Matchers.is) SAML_CLIENT_ID_SALES_POST(org.keycloak.testsuite.saml.AbstractSamlTest.SAML_CLIENT_ID_SALES_POST) QName(javax.xml.namespace.QName) SamlPrincipalType(org.keycloak.protocol.saml.SamlPrincipalType) XmlDSigQNames(org.keycloak.saml.processing.core.parsers.saml.xmldsig.XmlDSigQNames) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AtomicReference(java.util.concurrent.atomic.AtomicReference) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) RSA_SHA1(org.keycloak.saml.SignatureAlgorithm.RSA_SHA1) REDIRECT(org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT) SAML2LoginResponseBuilder(org.keycloak.saml.SAML2LoginResponseBuilder) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) DOMException(org.w3c.dom.DOMException) Matchers.hasSize(org.hamcrest.Matchers.hasSize) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) UserResource(org.keycloak.admin.client.resource.UserResource) Status(javax.ws.rs.core.Response.Status) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) NodeList(org.w3c.dom.NodeList) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) REALM_NAME(org.keycloak.testsuite.saml.AbstractSamlTest.REALM_NAME) Matchers(org.hamcrest.Matchers) IOException(java.io.IOException) Test(org.junit.Test) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) SAML_ASSERTION_CONSUMER_URL_SALES_POST(org.keycloak.testsuite.saml.AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator) IdpReviewProfileAuthenticatorFactory(org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticatorFactory) BaseSAML2BindingBuilder(org.keycloak.saml.BaseSAML2BindingBuilder) Element(org.w3c.dom.Element) Assert(org.junit.Assert) SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) RealmResource(org.keycloak.admin.client.resource.RealmResource) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Example 5 with IdentityProviderCreator

use of org.keycloak.testsuite.updaters.IdentityProviderCreator in project keycloak by keycloak.

the class LogoutTest method testLogoutPropagatesToSamlIdentityProviderNameIdPreserved.

@Test
public void testLogoutPropagatesToSamlIdentityProviderNameIdPreserved() throws IOException {
    final RealmResource realm = adminClient.realm(REALM_NAME);
    try (Closeable sales = ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setFrontchannelLogout(true).removeAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE).setAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE, "http://url").update();
        Closeable idp = new IdentityProviderCreator(realm, addIdentityProvider())) {
        SAMLDocumentHolder samlResponse = logIntoUnsignedSalesAppViaIdp().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, REDIRECT).nameId(nameIdRef::get).sessionIndex(sessionIndexRef::get).build().getSamlResponse(REDIRECT);
        assertThat(samlResponse.getSamlObject(), isSamlLogoutRequest(BROKER_LOGOUT_SERVICE_URL));
        LogoutRequestType lr = (LogoutRequestType) samlResponse.getSamlObject();
        NameIDType logoutRequestNameID = lr.getNameID();
        assertThat(logoutRequestNameID.getFormat(), is(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.getUri()));
        assertThat(logoutRequestNameID.getValue(), is("a@b.c"));
        assertThat(logoutRequestNameID.getNameQualifier(), is(NAME_QUALIFIER));
        assertThat(logoutRequestNameID.getSPProvidedID(), is(SP_PROVIDED_ID));
        assertThat(logoutRequestNameID.getSPNameQualifier(), is(SP_NAME_QUALIFIER));
    }
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) RealmResource(org.keycloak.admin.client.resource.RealmResource) Closeable(java.io.Closeable) IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator) LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)9 IdentityProviderCreator (org.keycloak.testsuite.updaters.IdentityProviderCreator)9 RealmResource (org.keycloak.admin.client.resource.RealmResource)8 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)7 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)6 AtomicReference (java.util.concurrent.atomic.AtomicReference)4 Header (org.apache.http.Header)4 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)4 AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)4 IOException (java.io.IOException)3 URI (java.net.URI)3 KeyPair (java.security.KeyPair)3 List (java.util.List)3 Objects (java.util.Objects)3 UUID (java.util.UUID)3 Status (javax.ws.rs.core.Response.Status)3 XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)3 QName (javax.xml.namespace.QName)3 HttpHeaders (org.apache.http.HttpHeaders)3 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial