Examples with AuthenticationRequestAcknowledgement org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement used on opensource projects

Search in sources :

Example 41 with AuthenticationRequestAcknowledgement

use of org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement in project keycloak by keycloak.

the class CIBATest method testCallbackAfterAuthenticationRequestExpired.

@Test
public void testCallbackAfterAuthenticationRequestExpired() throws Exception {
    ClientResource clientResource = null;
    ClientRepresentation clientRep = null;
    try {
        final String username = "nutzername-rot";
        // prepare CIBA settings
        clientResource = ApiUtil.findClientByClientId(adminClient.realm(TEST_REALM_NAME), TEST_CLIENT_NAME);
        assertThat(clientResource, notNullValue());
        clientRep = clientResource.toRepresentation();
        prepareCIBASettings(clientResource, clientRep);
        RealmRepresentation rep = backupCIBAPolicy();
        Map<String, String> attrMap = Optional.ofNullable(rep.getAttributes()).orElse(new HashMap<>());
        attrMap.put(CibaConfig.CIBA_EXPIRES_IN, String.valueOf(60));
        rep.setAttributes(attrMap);
        testRealm().update(rep);
        // user Backchannel Authentication Request
        AuthenticationRequestAcknowledgement response = doBackchannelAuthenticationRequest(TEST_CLIENT_NAME, TEST_CLIENT_PASSWORD, username, "3FIekcs9");
        // user Authentication Channel Request
        TestAuthenticationChannelRequest authenticationChannelReq = doAuthenticationChannelRequest("3FIekcs9");
        setTimeOffset(70);
        int statusCode = oauth.doAuthenticationChannelCallback(authenticationChannelReq.getBearerToken(), SUCCEED);
        assertThat(statusCode, is(equalTo(Status.FORBIDDEN.getStatusCode())));
        events.expect(EventType.LOGIN_ERROR).clearDetails().client((String) null).error(Errors.INVALID_TOKEN).user((String) null).session(CoreMatchers.nullValue(String.class)).assertEvent();
    } finally {
        revertCIBASettings(clientResource, clientRep);
        restoreCIBAPolicy();
    }
}
Also used : RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticationRequestAcknowledgement(org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement) TestAuthenticationChannelRequest(org.keycloak.testsuite.rest.representation.TestAuthenticationChannelRequest) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 42 with AuthenticationRequestAcknowledgement

use of org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement in project keycloak by keycloak.

the class CIBATest method testPingMode_clientNotificationSentEvenForUserCancel.

@Test
public void testPingMode_clientNotificationSentEvenForUserCancel() throws Exception {
    ClientResource clientResource = null;
    ClientRepresentation clientRep = null;
    try {
        final String username = "nutzername-rot";
        // prepare CIBA settings
        clientResource = ApiUtil.findClientByClientId(adminClient.realm(TEST_REALM_NAME), TEST_CLIENT_NAME);
        assertThat(clientResource, notNullValue());
        clientRep = clientResource.toRepresentation();
        prepareCIBASettings(clientResource, clientRep, "ping");
        // user Backchannel Authentication Request
        AuthenticationRequestAcknowledgement response = doBackchannelAuthenticationRequest(TEST_CLIENT_NAME, TEST_CLIENT_PASSWORD, username, "kwq26rfjs73", "client-notification-some", Collections.emptyMap());
        // user Authentication Channel Request
        TestAuthenticationChannelRequest authenticationChannelReq = doAuthenticationChannelRequest("kwq26rfjs73");
        // user Authentication Channel completed
        doAuthenticationChannelCallbackError(Status.OK, TEST_CLIENT_NAME, authenticationChannelReq, CANCELLED, username, Errors.NOT_ALLOWED);
        // Check client notification is present even if user cancelled authentication
        ClientNotificationEndpointRequest pushedClientNotification = testingClient.testApp().oidcClientEndpoints().getPushedCibaClientNotification("client-notification-some");
        Assert.assertEquals(pushedClientNotification.getAuthReqId(), response.getAuthReqId());
        // user Token Request
        OAuthClient.AccessTokenResponse tokenRes = oauth.doBackchannelAuthenticationTokenRequest(TEST_CLIENT_PASSWORD, response.getAuthReqId());
        assertThat(tokenRes.getStatusCode(), is(equalTo(Status.BAD_REQUEST.getStatusCode())));
        assertThat(tokenRes.getError(), is(OAuthErrorException.ACCESS_DENIED));
    } finally {
        revertCIBASettings(clientResource, clientRep);
    }
}
Also used : ClientNotificationEndpointRequest(org.keycloak.protocol.oidc.grants.ciba.endpoints.ClientNotificationEndpointRequest) OAuthClient(org.keycloak.testsuite.util.OAuthClient) ClientResource(org.keycloak.admin.client.resource.ClientResource) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticationRequestAcknowledgement(org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement) TestAuthenticationChannelRequest(org.keycloak.testsuite.rest.representation.TestAuthenticationChannelRequest) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 43 with AuthenticationRequestAcknowledgement

use of org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement in project keycloak by keycloak.

the class FAPICIBATest method doBackchannelAuthenticationRequestWithMTLS.

private AuthenticationRequestAcknowledgement doBackchannelAuthenticationRequestWithMTLS(String clientId, String request, Supplier<CloseableHttpClient> httpClientSupplier) {
    try {
        List<NameValuePair> parameters = new LinkedList<>();
        parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CIBA_GRANT_TYPE));
        parameters.add(new BasicNameValuePair(OIDCLoginProtocol.REQUEST_PARAM, request));
        parameters.add(new BasicNameValuePair(OIDCLoginProtocol.CLIENT_ID_PARAM, clientId));
        CloseableHttpResponse response = sendRequest(oauth.getBackchannelAuthenticationUrl(), parameters, httpClientSupplier);
        return new AuthenticationRequestAcknowledgement(response);
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : NameValuePair(org.apache.http.NameValuePair) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) AuthenticationRequestAcknowledgement(org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement) LinkedList(java.util.LinkedList) URISyntaxException(java.net.URISyntaxException) OAuthErrorException(org.keycloak.OAuthErrorException) IOException(java.io.IOException) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)

Example 44 with AuthenticationRequestAcknowledgement

use of org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement in project keycloak by keycloak.

the class FAPICIBATest method doBackchannelAuthenticationRequestWithClientSignedJWT.

private AuthenticationRequestAcknowledgement doBackchannelAuthenticationRequestWithClientSignedJWT(String signedJwt, String request, Supplier<CloseableHttpClient> httpClientSupplier) {
    try {
        List<NameValuePair> parameters = new LinkedList<>();
        parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CIBA_GRANT_TYPE));
        parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
        parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
        parameters.add(new BasicNameValuePair(OIDCLoginProtocol.REQUEST_PARAM, request));
        CloseableHttpResponse response = sendRequest(oauth.getBackchannelAuthenticationUrl(), parameters, httpClientSupplier);
        return new AuthenticationRequestAcknowledgement(response);
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : NameValuePair(org.apache.http.NameValuePair) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) AuthenticationRequestAcknowledgement(org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement) LinkedList(java.util.LinkedList) URISyntaxException(java.net.URISyntaxException) OAuthErrorException(org.keycloak.OAuthErrorException) IOException(java.io.IOException) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)

Example 45 with AuthenticationRequestAcknowledgement

use of org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement in project keycloak by keycloak.

the class FAPICIBATest method testFAPICIBAWithoutSignedAuthenticationRequest.

@Test
public void testFAPICIBAWithoutSignedAuthenticationRequest() throws Exception {
    setupPolicyFAPICIBAForAllClient();
    // Register client with X509
    String clientUUID = createClientByAdmin("foo", (ClientRepresentation clientRep) -> {
        clientRep.setClientAuthenticatorType(X509ClientAuthenticator.PROVIDER_ID);
        OIDCAdvancedConfigWrapper clientConfig = OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep);
        clientConfig.setRequestUris(Collections.singletonList(TestApplicationResourceUrls.clientRequestUri()));
        clientConfig.setTlsClientAuthSubjectDn("EMAILADDRESS=contact@keycloak.org, CN=Keycloak Intermediate CA, OU=Keycloak, O=Red Hat, ST=MA, C=US");
        setClientAuthMethodNeutralSettings(clientRep);
    });
    ClientResource clientResource = adminClient.realm(REALM_NAME).clients().get(clientUUID);
    ClientRepresentation client = clientResource.toRepresentation();
    assertEquals(X509ClientAuthenticator.PROVIDER_ID, client.getClientAuthenticatorType());
    AuthenticationRequestAcknowledgement response = doInvalidBackchannelAuthenticationRequestWithMTLS(clientId, username, bindingMessage, () -> MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore());
    assertThat(response.getStatusCode(), is(equalTo(400)));
    assertThat(response.getError(), is(equalTo(OAuthErrorException.INVALID_REQUEST)));
    assertThat(response.getErrorDescription(), is(equalTo("Missing parameter: 'request' or 'request_uri'")));
}
Also used : OIDCAdvancedConfigWrapper(org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper) ClientResource(org.keycloak.admin.client.resource.ClientResource) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthenticationRequestAcknowledgement(org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Aggregations

AuthenticationRequestAcknowledgement (org.keycloak.testsuite.util.OAuthClient.AuthenticationRequestAcknowledgement)46 Matchers.containsString (org.hamcrest.Matchers.containsString)42 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)41 ClientResource (org.keycloak.admin.client.resource.ClientResource)39 Test (org.junit.Test)37 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)37 OAuthClient (org.keycloak.testsuite.util.OAuthClient)27 TestAuthenticationChannelRequest (org.keycloak.testsuite.rest.representation.TestAuthenticationChannelRequest)26 AuthenticationChannelRequest (org.keycloak.protocol.oidc.grants.ciba.channel.AuthenticationChannelRequest)9 EventRepresentation (org.keycloak.representations.idm.EventRepresentation)9 AuthorizationEndpointRequestObject (org.keycloak.testsuite.rest.resource.TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject)8 ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)8 ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)8 ClientProfileBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)8 ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)8 HashMap (java.util.HashMap)7 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)6 IDToken (org.keycloak.representations.IDToken)5 IOException (java.io.IOException)4 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial