libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

[KEYCLOAK-5898] X.509 Auth - add tests for CRL with direct grant

Browse source
This commit is contained in:
Bruno Oliveira 2017-11-23 20:45:25 -02:00 committed by Stian Thorgersen
parent 697caaa805
commit 00677a6b92
1 changed files with 22 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509DirectGrantTest.java
View file

@ -177,6 +177,28 @@ public class X509DirectGrantTest extends AbstractX509AuthenticationTest {
} }
} }
@Test
public void loginCertificateRevoked() throws Exception {
X509AuthenticatorConfigModel config =
new X509AuthenticatorConfigModel()
.setCRLEnabled(true)
.setCRLRelativePath(CLIENT_CRL_PATH)
.setConfirmationPageAllowed(true)
.setMappingSourceType(SUBJECTDN_EMAIL)
.setUserIdentityMapperType(USERNAME_EMAIL);
AuthenticatorConfigRepresentation cfg = newConfig("x509-directgrant-config", config.getConfig());
String cfgId = createConfig(directGrantExecution.getId(), cfg);
Assert.assertNotNull(cfgId);
oauth.clientId("resource-owner");
OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "", "", null);
assertEquals(401, response.getStatusCode());
assertEquals("invalid_request", response.getError());
Assert.assertThat(response.getErrorDescription(), containsString("Certificate has been revoked, certificate's subject:"));
}
private void loginForceTemporaryAccountLock() throws Exception { private void loginForceTemporaryAccountLock() throws Exception {
X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel() X509AuthenticatorConfigModel config = new X509AuthenticatorConfigModel()
.setMappingSourceType(ISSUERDN) .setMappingSourceType(ISSUERDN)