diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/DummySocialServlet.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/DummySocialServlet.java
deleted file mode 100755
index fe2745c413..0000000000
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/DummySocialServlet.java
+++ /dev/null
@@ -1,77 +0,0 @@
-package org.keycloak.testsuite;
-
-import org.apache.http.NameValuePair;
-import org.apache.http.client.utils.URLEncodedUtils;
-import org.keycloak.OAuth2Constants;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.net.URI;
-import java.util.List;
-import java.util.UUID;
-
-public class DummySocialServlet extends HttpServlet {
-
- @Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
- PrintWriter pw = resp.getWriter();
- pw.print("");
- pw.print("");
- pw.print("");
- pw.print("");
- pw.print("");
- pw.flush();
- }
-
- @Override
- protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
- String state = null;
- String redirectUri = null;
-
- List query = null;
- try {
- URI uri = URI.create(req.getRequestURL().append('?').append(req.getQueryString()).toString());
- query = URLEncodedUtils.parse(uri, "UTF-8");
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- for (NameValuePair p : query) {
- if (OAuth2Constants.STATE.equals(p.getName())) {
- state = p.getValue();
- } else if (OAuth2Constants.REDIRECT_URI.equals(p.getName())) {
- redirectUri = p.getValue();
- }
- }
-
- String redirect;
- if (req.getParameter("login") != null) {
- redirect = redirectUri + "?id=" + req.getParameter("id") + "&username=" + req.getParameter("username") + "&state=" + state + "&code=" + UUID.randomUUID().toString();
- if (req.getParameter("firstname") != null) {
- redirect += "&firstname=" + req.getParameter("firstname");
- }
- if (req.getParameter("lastname") != null) {
- redirect += "&lastname=" + req.getParameter("lastname");
- }
- if (req.getParameter("email") != null) {
- redirect += "&email=" + req.getParameter("email");
- }
- } else {
- redirect = redirectUri + "?error=access_denied&state=" + state;
- }
-
- resp.sendRedirect(redirect);
- }
-
-}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
index fdf0dbe918..0367bb7d15 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
@@ -18,11 +18,17 @@
package org.keycloak.testsuite.broker;
import org.codehaus.jackson.map.ObjectMapper;
+import org.junit.After;
+import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
+import org.junit.Test;
+import org.keycloak.models.FederatedIdentityModel;
+import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
+import org.keycloak.representations.IDToken;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.broker.util.UserSessionStatusServlet;
import org.keycloak.testsuite.broker.util.UserSessionStatusServlet.UserSessionStatus;
@@ -31,11 +37,17 @@ import org.keycloak.testsuite.pages.LoginUpdateProfilePage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
+import org.openqa.selenium.By;
+import org.openqa.selenium.NoSuchElementException;
import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
import java.io.IOException;
import java.net.URL;
+import java.util.List;
+import java.util.Set;
+import static com.thoughtworks.selenium.SeleneseTestBase.fail;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
@@ -54,6 +66,11 @@ public abstract class AbstractIdentityProviderTest {
URL url = getClass().getResource("/broker-test/test-app-keycloak.json");
deployApplication("test-app", "/test-app", UserSessionStatusServlet.class, url.getPath(), "manager");
}
+
+ @Override
+ protected String[] getTestRealms() {
+ return new String[] {"realm-with-broker"};
+ }
};
@Rule
@@ -68,53 +85,217 @@ public abstract class AbstractIdentityProviderTest {
@WebResource
private LoginUpdateProfilePage updateProfilePage;
- protected void assertSuccessfulAuthentication(String providerId) {
+ private KeycloakSession session;
+
+ @Before
+ public void onBefore() {
+ this.session = brokerServerRule.startSession();
+ removeTestUsers();
+ brokerServerRule.stopSession(this.session, true);
+ this.session = brokerServerRule.startSession();
+ }
+
+ @After
+ public void onAfter() {
+ brokerServerRule.stopSession(this.session, true);
+ }
+
+ @Test
+ public void testSuccessfulAuthentication() {
+ IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+
+ identityProviderModel.setUpdateProfileFirstLogin(true);
+
+ assertSuccessfulAuthentication(identityProviderModel);
+ }
+
+ @Test
+ public void testSuccessfulAuthenticationWithoutUpdateProfile() {
+ IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+
+ identityProviderModel.setUpdateProfileFirstLogin(false);
+
+ assertSuccessfulAuthentication(identityProviderModel);
+ }
+
+ @Test
+ public void testDisabled() {
+ IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+
+ identityProviderModel.setEnabled(false);
+
+ this.driver.navigate().to("http://localhost:8081/test-app/");
+
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
+
+ try {
+ this.driver.findElement(By.className(getProviderId()));
+ fail("Provider [" + getProviderId() + "] not disabled.");
+ } catch (NoSuchElementException nsee) {
+
+ }
+ }
+
+ @Test
+ public void testUserAlreadyExistsWhenUpdatingProfile() {
+ IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+
+ identityProviderModel.setUpdateProfileFirstLogin(true);
+
this.driver.navigate().to("http://localhost:8081/test-app/");
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
// choose the identity provider
- this.loginPage.clickSocial(providerId);
+ this.loginPage.clickSocial(getProviderId());
- assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml"));
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/"));
// log in to identity provider
- this.loginPage.login("saml.user", "password");
+ this.loginPage.login("test-user", "password");
- assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/broker/realm-with-broker/" + providerId));
+ doAfterProviderAuthentication();
- // update profile
this.updateProfilePage.assertCurrent();
+ this.updateProfilePage.update("Test", "User", "psilva@redhat.com");
- String userEmail = "new@email.com";
- String userFirstName = "New first";
- String userLastName = "New last";
+ WebElement element = this.driver.findElement(By.className("kc-feedback-text"));
- this.updateProfilePage.update(userFirstName, userLastName, userEmail);
+ assertNotNull(element);
- // authenticated and redirected to app
- assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app/"));
+ assertEquals("Email already exists", element.getText());
- KeycloakSession samlServerSession = brokerServerRule.startSession();
- RealmModel brokerRealm = samlServerSession.realms().getRealm("realm-with-broker");
+ this.updateProfilePage.assertCurrent();
+ this.updateProfilePage.update("Test", "User", "test-user@redhat.com");
- UserModel federatedUser = samlServerSession.users().getUserByEmail(userEmail, brokerRealm);
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app"));
+
+ UserModel federatedUser = getFederatedUser();
- // user created
assertNotNull(federatedUser);
- assertEquals(userFirstName, federatedUser.getFirstName());
- assertEquals(userLastName, federatedUser.getLastName());
+ }
- driver.navigate().to("http://localhost:8081/test-app/logout");
- driver.navigate().to("http://localhost:8081/test-app/");
+ @Test
+ public void testUserAlreadyExistsWhenNotUpdatingProfile() {
+ IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+
+ identityProviderModel.setUpdateProfileFirstLogin(false);
+
+ this.driver.navigate().to("http://localhost:8081/test-app/");
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
// choose the identity provider
- this.loginPage.clickSocial(providerId);
+ this.loginPage.clickSocial(getProviderId());
- // already authenticated in saml idp and redirected to app
- assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app/"));
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/"));
+
+ // log in to identity provider
+ this.loginPage.login("pedroigor", "password");
+
+ doAfterProviderAuthentication();
+
+ WebElement element = this.driver.findElement(By.className("kc-feedback-text"));
+
+ assertNotNull(element);
+
+ assertEquals("User with email already exists. Please login to account management to link the account.", element.getText());
+ }
+
+ private void assertSuccessfulAuthentication(IdentityProviderModel identityProviderModel) {
+ driver.navigate().to("http://localhost:8081/test-app");
+
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
+
+ // choose the identity provider
+ this.loginPage.clickSocial(getProviderId());
+
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/"));
+
+ // log in to identity provider
+ this.loginPage.login("test-user", "password");
+
+ doAfterProviderAuthentication();
+
+ if (identityProviderModel.isUpdateProfileFirstLogin()) {
+ String userEmail = "new@email.com";
+ String userFirstName = "New first";
+ String userLastName = "New last";
+
+ // update profile
+ this.updateProfilePage.assertCurrent();
+ this.updateProfilePage.update(userFirstName, userLastName, userEmail);
+ }
+
+ // authenticated and redirected to app
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app"));
+
+ UserModel federatedUser = getFederatedUser();
+
+ assertNotNull(federatedUser);
+
+ doAssertFederatedUser(federatedUser);
+
+ RealmModel realm = getRealm();
+
+ Set federatedIdentities = this.session.users().getFederatedIdentities(federatedUser, realm);
+
+ assertEquals(1, federatedIdentities.size());
+
+ FederatedIdentityModel federatedIdentityModel = federatedIdentities.iterator().next();
+
+ assertEquals(getProviderId(), federatedIdentityModel.getIdentityProvider());
+ assertEquals(federatedUser.getUsername(), federatedIdentityModel.getUserName());
+
+ driver.navigate().to("http://localhost:8081/test-app/logout");
+ driver.navigate().to("http://localhost:8081/test-app");
+
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
+ }
+
+ protected UserModel getFederatedUser() {
+ UserSessionStatus userSessionStatus = retrieveSessionStatus();
+ IDToken idToken = userSessionStatus.getIdToken();
+ KeycloakSession samlServerSession = brokerServerRule.startSession();
+ RealmModel brokerRealm = samlServerSession.realms().getRealm("realm-with-broker");
+
+ return samlServerSession.users().getUserById(idToken.getSubject(), brokerRealm);
+ }
+
+ protected void doAfterProviderAuthentication() {
+
+ }
+
+ protected abstract String getProviderId();
+
+ protected IdentityProviderModel getIdentityProviderModel() {
+ IdentityProviderModel identityProviderModel = getRealm().getIdentityProviderById(getProviderId());
+
+ assertNotNull(identityProviderModel);
+
+ return identityProviderModel;
+ }
+
+ private RealmModel getRealm() {
+ return this.session.realms().getRealm("realm-with-broker");
+ }
+
+ protected void doAssertFederatedUser(UserModel federatedUser) {
+ IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+
+ if (identityProviderModel.isUpdateProfileFirstLogin()) {
+ String userEmail = "new@email.com";
+ String userFirstName = "New first";
+ String userLastName = "New last";
+
+ assertEquals(userEmail, federatedUser.getEmail());
+ assertEquals(userFirstName, federatedUser.getFirstName());
+ assertEquals(userLastName, federatedUser.getLastName());
+ } else {
+ assertEquals("test-user@localhost", federatedUser.getEmail());
+ assertEquals("Test", federatedUser.getFirstName());
+ assertEquals("User", federatedUser.getLastName());
+ }
}
private UserSessionStatus retrieveSessionStatus() {
@@ -125,13 +306,27 @@ public abstract class AbstractIdentityProviderTest {
String pageSource = this.driver.getPageSource();
sessionStatus = objectMapper.readValue(pageSource.getBytes(), UserSessionStatus.class);
-
- assertNotNull(retrieveSessionStatus());
- } catch (IOException e) {
- throw new RuntimeException("Could not retrieve session status.", e);
+ } catch (IOException ignore) {
+ ignore.printStackTrace();
}
return sessionStatus;
}
+ private void removeTestUsers() {
+ RealmModel realm = getRealm();
+ List users = this.session.users().getUsers(realm);
+
+ for (UserModel user : users) {
+ Set identities = this.session.users().getFederatedIdentities(user, realm);
+
+ for (FederatedIdentityModel fedIdentity : identities) {
+ this.session.users().removeFederatedIdentity(realm, user, fedIdentity.getIdentityProvider());
+ }
+
+ if (!user.getUsername().equals("pedroigor")) {
+ this.session.users().removeUser(realm, user);
+ }
+ }
+ }
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java
index 7ef78c0ea7..d8e759460b 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java
@@ -60,14 +60,6 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
assertIdentityProviderConfig(realm.getIdentityProviders());
assertTrue(realm.isIdentityFederationEnabled());
-
- this.realmManager.removeRealm(realm);
-
- commit();
-
- realm = this.realmManager.getRealm(realm.getId());
-
- assertNull(realm);
}
@Test
@@ -141,27 +133,27 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
Set checkedProviders = new HashSet(getExpectedProviders());
for (IdentityProviderModel identityProvider : identityProviders) {
- String providerId = identityProvider.getProviderId();
+ if (identityProvider.getId().startsWith("model-")) {
+ String providerId = identityProvider.getProviderId();
- if (SAMLIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- if (identityProvider.getId().equals("saml-signed-idp")) {
+ if (SAMLIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
assertSamlIdentityProviderConfig(identityProvider);
+ } else if (GoogleIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+ assertGoogleIdentityProviderConfig(identityProvider);
+ } else if (OIDCIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+ assertOidcIdentityProviderConfig(identityProvider);
+ } else if (FacebookIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+ assertFacebookIdentityProviderConfig(identityProvider);
+ } else if (GitHubIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+ assertGitHubIdentityProviderConfig(identityProvider);
+ } else if (TwitterIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+ assertTwitterIdentityProviderConfig(identityProvider);
} else {
continue;
}
- } else if (GoogleIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- assertGoogleIdentityProviderConfig(identityProvider);
- } else if (OIDCIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- assertOidcIdentityProviderConfig(identityProvider);
- } else if (FacebookIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- assertFacebookIdentityProviderConfig(identityProvider);
- } else if (GitHubIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- assertGitHubIdentityProviderConfig(identityProvider);
- } else if (TwitterIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- assertTwitterIdentityProviderConfig(identityProvider);
- }
- checkedProviders.remove(providerId);
+ checkedProviders.remove(providerId);
+ }
}
assertTrue(checkedProviders.isEmpty());
@@ -171,7 +163,7 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
GoogleIdentityProvider googleIdentityProvider = new GoogleIdentityProviderFactory().create(identityProvider);
OIDCIdentityProviderConfig config = googleIdentityProvider.getConfig();
- assertEquals("google", config.getId());
+ assertEquals("model-google", config.getId());
assertEquals(GoogleIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
assertEquals("Google", config.getName());
assertEquals(true, config.isEnabled());
@@ -188,7 +180,7 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
SAMLIdentityProvider samlIdentityProvider = new SAMLIdentityProviderFactory().create(identityProvider);
SAMLIdentityProviderConfig config = samlIdentityProvider.getConfig();
- assertEquals("saml-signed-idp", config.getId());
+ assertEquals("model-saml-signed-idp", config.getId());
assertEquals(SAMLIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
assertEquals("SAML Signed IdP", config.getName());
assertEquals(true, config.isEnabled());
@@ -207,7 +199,7 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
OIDCIdentityProvider googleIdentityProvider = new OIDCIdentityProviderFactory().create(identityProvider);
OIDCIdentityProviderConfig config = googleIdentityProvider.getConfig();
- assertEquals("oidc-idp", config.getId());
+ assertEquals("model-oidc-idp", config.getId());
assertEquals(OIDCIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
assertEquals("OIDC IdP", config.getName());
assertEquals(false, config.isEnabled());
@@ -220,7 +212,7 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
FacebookIdentityProvider facebookIdentityProvider = new FacebookIdentityProviderFactory().create(identityProvider);
OAuth2IdentityProviderConfig config = facebookIdentityProvider.getConfig();
- assertEquals("facebook", config.getId());
+ assertEquals("model-facebook", config.getId());
assertEquals(FacebookIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
assertEquals("Facebook", config.getName());
assertEquals(true, config.isEnabled());
@@ -236,7 +228,7 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
GitHubIdentityProvider gitHubIdentityProvider = new GitHubIdentityProviderFactory().create(identityProvider);
OAuth2IdentityProviderConfig config = gitHubIdentityProvider.getConfig();
- assertEquals("github", config.getId());
+ assertEquals("model-github", config.getId());
assertEquals(GitHubIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
assertEquals("GitHub", config.getName());
assertEquals(true, config.isEnabled());
@@ -252,7 +244,7 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
TwitterIdentityProvider gitHubIdentityProvider = new TwitterIdentityProviderFactory().create(identityProvider);
OAuth2IdentityProviderConfig config = gitHubIdentityProvider.getConfig();
- assertEquals("twitter", config.getId());
+ assertEquals("model-twitter", config.getId());
assertEquals(TwitterIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
assertEquals("Twitter", config.getName());
assertEquals(true, config.isEnabled());
@@ -267,13 +259,17 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
assertNotNull(realmRepresentation);
assertEquals("realm-with-broker", realmRepresentation.getRealm());
- RealmModel realmModel = this.realmManager.importRealm(realmRepresentation);
+ RealmModel realmModel = this.realmManager.getRealm("realm-with-broker");
- commit();
+ if (realmModel == null) {
+ realmModel = this.realmManager.importRealm(realmRepresentation);
- realmModel = this.realmManager.getRealm(realmModel.getId());
+ commit();
- assertNotNull(realmModel);
+ realmModel = this.realmManager.getRealm(realmModel.getId());
+
+ assertNotNull(realmModel);
+ }
return realmModel;
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java
new file mode 100755
index 0000000000..011af1b30f
--- /dev/null
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java
@@ -0,0 +1,45 @@
+package org.keycloak.testsuite.broker;
+
+import org.junit.ClassRule;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.services.managers.RealmManager;
+import org.keycloak.testsuite.pages.OAuthGrantPage;
+import org.keycloak.testsuite.rule.AbstractKeycloakRule;
+import org.keycloak.testsuite.rule.WebResource;
+import org.keycloak.testutils.KeycloakServer;
+
+/**
+ * @author pedroigor
+ */
+public class OIDCKeyCloakServerBrokerBasicTest extends AbstractIdentityProviderTest {
+
+ @ClassRule
+ public static AbstractKeycloakRule samlServerRule = new AbstractKeycloakRule() {
+
+ @Override
+ protected void configureServer(KeycloakServer server) {
+ server.getConfig().setPort(8082);
+ }
+
+ @Override
+ protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
+ server.importRealm(getClass().getResourceAsStream("/broker-test/test-broker-realm-with-kc-oidc.json"));
+ }
+ };
+
+ @WebResource
+ private OAuthGrantPage grantPage;
+
+ @Override
+ protected void doAfterProviderAuthentication() {
+ // grant access to broker-app
+ grantPage.assertCurrent();
+ grantPage.accept();
+ }
+
+ @Override
+ protected String getProviderId() {
+ return "kc-oidc-idp";
+ }
+}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java
index d51eb0e1b4..b14328a4c2 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java
@@ -1,13 +1,17 @@
package org.keycloak.testsuite.broker;
import org.junit.ClassRule;
-import org.junit.Test;
+import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testutils.KeycloakServer;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+
/**
* @author pedroigor
*/
@@ -27,8 +31,21 @@ public class SAMLKeyCloakServerBrokerBasicTest extends AbstractIdentityProviderT
}
};
- @Test
- public void testSuccessfulAuthentication() {
- assertSuccessfulAuthentication("saml-idp-basic");
+ @Override
+ protected String getProviderId() {
+ return "kc-saml-idp-basic";
+ }
+
+ @Override
+ protected void doAssertFederatedUser(UserModel federatedUser) {
+ IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+
+ if (identityProviderModel.isUpdateProfileFirstLogin()) {
+ super.doAssertFederatedUser(federatedUser);
+ } else {
+ assertEquals("test-user@localhost", federatedUser.getEmail());
+ assertNull(federatedUser.getFirstName());
+ assertNull(federatedUser.getLastName());
+ }
}
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
index 8c2d341322..47ddb14d31 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
@@ -1,13 +1,17 @@
package org.keycloak.testsuite.broker;
import org.junit.ClassRule;
-import org.junit.Test;
+import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testutils.KeycloakServer;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+
/**
* @author pedroigor
*/
@@ -27,8 +31,21 @@ public class SAMLKeyCloakServerBrokerWithSignatureTest extends AbstractIdentityP
}
};
- @Test
- public void testSuccessfulAuthentication() {
- assertSuccessfulAuthentication("saml-signed-idp");
+ @Override
+ protected String getProviderId() {
+ return "kc-saml-signed-idp";
+ }
+
+ @Override
+ protected void doAssertFederatedUser(UserModel federatedUser) {
+ IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+
+ if (identityProviderModel.isUpdateProfileFirstLogin()) {
+ super.doAssertFederatedUser(federatedUser);
+ } else {
+ assertEquals("test-user@localhost", federatedUser.getEmail());
+ assertNull(federatedUser.getFirstName());
+ assertNull(federatedUser.getLastName());
+ }
}
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java
deleted file mode 100755
index 830f05fbeb..0000000000
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java
+++ /dev/null
@@ -1,276 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2012, Red Hat, Inc., and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.keycloak.testsuite.social;
-
-import org.junit.Assert;
-import org.junit.BeforeClass;
-import org.junit.ClassRule;
-import org.junit.Ignore;
-import org.junit.Rule;
-import org.junit.Test;
-import org.keycloak.OAuth2Constants;
-import org.keycloak.events.Details;
-import org.keycloak.events.Event;
-import org.keycloak.events.EventType;
-import org.keycloak.models.RealmModel;
-import org.keycloak.representations.AccessToken;
-import org.keycloak.representations.idm.UserRepresentation;
-import org.keycloak.services.managers.RealmManager;
-import org.keycloak.testsuite.AssertEvents;
-import org.keycloak.testsuite.DummySocialServlet;
-import org.keycloak.testsuite.OAuthClient;
-import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
-import org.keycloak.testsuite.pages.AppPage;
-import org.keycloak.testsuite.pages.AppPage.RequestType;
-import org.keycloak.testsuite.pages.LoginPage;
-import org.keycloak.testsuite.pages.LoginUpdateProfilePage;
-import org.keycloak.testsuite.rule.KeycloakRule;
-import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup;
-import org.keycloak.testsuite.rule.WebResource;
-import org.keycloak.testsuite.rule.WebRule;
-import org.openqa.selenium.By;
-import org.openqa.selenium.WebDriver;
-
-import java.util.HashMap;
-
-/**
- * @author Stian Thorgersen
- */
-@Ignore("Refactor based on KEYCLOAK-883")
-public class SocialLoginTest {
-
- @ClassRule
- public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakSetup() {
- @Override
- public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) {
- HashMap socialConfig = new HashMap();
- socialConfig.put("dummy.key", "1234");
- socialConfig.put("dummy.secret", "1234");
- }
- });
-
- @Rule
- public WebRule webRule = new WebRule(this);
-
- @WebResource
- protected WebDriver driver;
-
- @WebResource
- protected AppPage appPage;
-
- @WebResource
- protected LoginPage loginPage;
-
- @WebResource
- protected LoginUpdateProfilePage profilePage;
-
- @WebResource
- protected OAuthClient oauth;
-
- @Rule
- public AssertEvents events = new AssertEvents(keycloakRule);
-
- @BeforeClass
- public static void before() {
- keycloakRule.deployServlet("dummy-social", "/dummy-social", DummySocialServlet.class);
- }
-
- @Test
- public void loginSuccess() throws Exception {
- loginPage.open();
-
- loginPage.clickSocial("dummy");
-
- driver.findElement(By.id("id")).sendKeys("1");
- driver.findElement(By.id("username")).sendKeys("dummy-user1");
- driver.findElement(By.id("firstname")).sendKeys("Bob");
- driver.findElement(By.id("lastname")).sendKeys("Builder");
- driver.findElement(By.id("email")).sendKeys("bob@builder.com");
- driver.findElement(By.id("login")).click();
-
- Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
-
- String userId = events.expect(EventType.REGISTER)
- .user(AssertEvents.isUUID())
- .detail(Details.EMAIL, "bob@builder.com")
- .detail(Details.REGISTER_METHOD, "social@dummy")
- .detail(Details.REDIRECT_URI, AssertEvents.DEFAULT_REDIRECT_URI)
- .detail(Details.USERNAME, "1@dummy")
- .session((String) null)
- .assertEvent().getUserId();
-
- Event loginEvent = events.expectSocialLogin()
- .user(userId)
- .detail(Details.USERNAME, "1@dummy")
- .detail(Details.AUTH_METHOD, "social@dummy")
- .assertEvent();
-
- String sessionId = loginEvent.getSessionId();
- String codeId = loginEvent.getDetails().get(Details.CODE_ID);
-
- AccessTokenResponse response = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get(OAuth2Constants.CODE), "password");
-
- events.expectCodeToToken(codeId, sessionId).user(userId).assertEvent();
-
- AccessToken token = oauth.verifyToken(response.getAccessToken());
- Assert.assertEquals(36, token.getSubject().length());
- Assert.assertEquals(sessionId, token.getSessionState());
-
- UserRepresentation profile = keycloakRule.getUserById("test", token.getSubject());
- Assert.assertEquals(36, profile.getUsername().length());
-
- Assert.assertEquals("Bob", profile.getFirstName());
- Assert.assertEquals("Builder", profile.getLastName());
- Assert.assertEquals("bob@builder.com", profile.getEmail());
-
- oauth.openLogout();
-
- events.expectLogout(sessionId).user(userId).assertEvent();
-
- loginPage.open();
-
- loginPage.clickSocial("dummy");
-
- driver.findElement(By.id("id")).sendKeys("1");
- driver.findElement(By.id("username")).sendKeys("dummy-user1");
- driver.findElement(By.id("login")).click();
-
- events.expectSocialLogin().user(userId).detail(Details.USERNAME, "1@dummy").detail(Details.AUTH_METHOD, "social@dummy").assertEvent();
- }
-
- @Test
- public void loginEmailExists() throws Exception {
- loginPage.open();
- loginPage.clickSocial("dummy");
-
- driver.findElement(By.id("id")).sendKeys("loginEmailExists1");
- driver.findElement(By.id("username")).sendKeys("dummy-user1");
- driver.findElement(By.id("firstname")).sendKeys("Bob");
- driver.findElement(By.id("lastname")).sendKeys("Builder");
- driver.findElement(By.id("email")).sendKeys("loginEmailExists@builder.com");
- driver.findElement(By.id("login")).click();
-
- oauth.openLogout();
- events.clear();
-
- loginPage.open();
-
- loginPage.clickSocial("dummy");
-
- driver.findElement(By.id("id")).sendKeys("loginEmailExists2");
- driver.findElement(By.id("username")).sendKeys("dummy-user2");
- driver.findElement(By.id("firstname")).sendKeys("Bob2");
- driver.findElement(By.id("lastname")).sendKeys("Builder2");
- driver.findElement(By.id("email")).sendKeys("loginEmailExists@builder.com");
- driver.findElement(By.id("login")).click();
-
- Assert.assertTrue(loginPage.isCurrent());
- Assert.assertEquals("User with email already exists. Please login to account management to link the account.", loginPage.getError());
-
- events.clear();
- }
-
- @Test
- public void loginCancelled() throws Exception {
- loginPage.open();
-
- loginPage.clickSocial("dummy");
-
- driver.findElement(By.id("cancel")).click();
-
- Assert.assertTrue(loginPage.isCurrent());
- Assert.assertEquals("Access denied", loginPage.getWarning());
-
- events.expectSocialLogin().error("rejected_by_user").user((String) null).session((String) null).detail(Details.AUTH_METHOD, "social@dummy").removeDetail(Details.USERNAME).removeDetail(Details.CODE_ID).assertEvent();
-
- String src = driver.getPageSource();
- loginPage.login("test-user@localhost", "password");
-
- Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
-
- events.expectLogin().assertEvent();
- }
-
- @Test
- public void profileUpdateRequired() {
- keycloakRule.configure(new KeycloakSetup() {
- @Override
- public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
- }
- });
-
- try {
- loginPage.open();
-
- loginPage.clickSocial("dummy");
-
- driver.findElement(By.id("id")).sendKeys("2");
- driver.findElement(By.id("username")).sendKeys("dummy-user2");
- driver.findElement(By.id("firstname")).sendKeys("Bob");
- driver.findElement(By.id("lastname")).sendKeys("Builder");
- driver.findElement(By.id("email")).sendKeys("bob@builder.com");
- driver.findElement(By.id("login")).click();
-
- profilePage.isCurrent();
-
- Assert.assertEquals("Bob", profilePage.getFirstName());
- Assert.assertEquals("Builder", profilePage.getLastName());
- Assert.assertEquals("bob@builder.com", profilePage.getEmail());
-
- String userId = events.expect(EventType.REGISTER)
- .user(AssertEvents.isUUID())
- .detail(Details.EMAIL, "bob@builder.com")
- .detail(Details.REGISTER_METHOD, "social@dummy")
- .detail(Details.REDIRECT_URI, AssertEvents.DEFAULT_REDIRECT_URI)
- .detail(Details.USERNAME, "2@dummy")
- .assertEvent().getUserId();
-
- profilePage.update("Dummy", "User", "dummy-user-reg@dummy-social");
-
- events.expectRequiredAction(EventType.UPDATE_PROFILE).user(userId).detail(Details.AUTH_METHOD, "social@dummy").detail(Details.USERNAME, "2@dummy").assertEvent();
- events.expectRequiredAction(EventType.UPDATE_EMAIL).user(userId).detail(Details.AUTH_METHOD, "social@dummy").detail(Details.USERNAME, "2@dummy").detail(Details.PREVIOUS_EMAIL, "bob@builder.com").detail(Details.UPDATED_EMAIL, "dummy-user-reg@dummy-social").assertEvent();
-
- Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
-
- Event loginEvent = events.expectLogin().user(userId).removeDetail(Details.USERNAME).detail(Details.AUTH_METHOD, "social@dummy").detail(Details.USERNAME, "2@dummy").assertEvent();
- String codeId = loginEvent.getDetails().get(Details.CODE_ID);
-
- AccessTokenResponse response = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get(OAuth2Constants.CODE), "password");
- AccessToken token = oauth.verifyToken(response.getAccessToken());
-
- events.expectCodeToToken(codeId, loginEvent.getSessionId()).user(userId).assertEvent();
-
- UserRepresentation profile = keycloakRule.getUserById("test", token.getSubject());
-
- Assert.assertEquals("Dummy", profile.getFirstName());
- Assert.assertEquals("User", profile.getLastName());
- Assert.assertEquals("dummy-user-reg@dummy-social", profile.getEmail());
- } finally {
- keycloakRule.configure(new KeycloakSetup() {
- @Override
- public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
- }
- });
- }
- }
-
-}
diff --git a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-kc-oidc.json b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-kc-oidc.json
new file mode 100755
index 0000000000..d7831a7377
--- /dev/null
+++ b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-kc-oidc.json
@@ -0,0 +1,56 @@
+{
+ "id": "realm-with-oidc-identity-provider",
+ "realm": "realm-with-oidc-identity-provider",
+ "enabled": true,
+ "requiredCredentials": [ "password" ],
+ "defaultRoles": [ "foo", "bar" ],
+ "privateKey": "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCCPyvTTb14vSMkpe/pds2P5Cqxk7bkeFnQiNMS1vyZ+HS2O79fxzp1eAguHnBTs4XTRT7SZJhIT/6utgqZjmDigKV5N7X5ptq8BM/W1qa1cYBRip261pc+tWf3IywJYQ9yFI9mUQarmIEl0D7GH16NSZklheaWfbodRVarvX+ML0amNtGYVDft/RftYmgbKKrK218qQp9R4GZFtf/Q/RmboNXN7weMINU8GWVkTRrccKBIXSunT6zXGfuj3Wp1YpVq20BWwY2OMM/P+yDAc7LKEO1LJqPBdT4r9BRn2lXiaga3AL24gTKZPKU/tu7uqfFciF+i4Rr58SMDNOzQcnklAgMBAAECggEAc0eibJYEO5d8QXW1kPgcHV2gBChv2mxDYnWYDLbIQSdNdfYP/qABt/MTmm5KkWr16fcCEYoD1w0mqFBrtVn1msSusUmEAYGTXJMNumOmjjX1kzaTQMmqeFBrwqwYz/xehWR5P+A7fSmwNV3KEeW19GvN5w5K96w0TLAQdFV3TQVPSytusDunwuR1yltMe1voaEDZ9z0Pi08YiEk2f6xhj5CMkoiw3mNImzfruphHullxU4FD05fH6tDeJ381527ILpAzDsgYZh4aFLKjUHem96bX4EL7FIzBJ6okgN78AZnUC/EaVfgFTw0qfhoWvZV4ruVXXiMhCg4CMMRDq/k9iQKBgQDBNWsJMT84OnnWmQoJmZogkFV+tsGrSK6Re+aJxLWpishh7dwAnT2OcagZvVdUb0FwNWu1D0B9/SKDDMRnnHBhOGDpH57m/eQdRU0oX1BD27xvffk0lLcfD4BTxnR5e9jss8K4twc9jf0P1rxC/loGJ2NtCH0BrPHgz54Ea+96ewKBgQCsk3JDaaPnFwzVYm2BXlhxOxLPsF4wvD2rIRAswZV4C5xebjand8nwiMmVpNd0PRLkEnkI+waURGv2EY/P3JsssoiY8Xqe8f/1G+SQKre7lbqOas8rFoALepC0BYDiZDFy0Z9ZnRAFzRI5sgIt7jpoMRD4xDNlmiV8X+yBxc3Y3wKBgQChDQsU1YUyNKQ8+sLAL9anEEkD4Ald4q8JPHN2IY+gLLxNzT0XEfsu0pTiJ8805axxgUYv3e/PVYNAJBNPnrqaf6lgiegl+jr9Hzhqz9CTUAYqFaL2boSakoxQyNtsLI0s+cb1vDN/3uy0GDZDzcty18BsMagqDmRtFgNNAj/UIwKBgQCahbeFBv0cOPZjxisY8Bou4N8aGehsqNBq/0LVYExuXa8YmoTTdJ3bgw9Er4G/ccQNdUDsuqAMeCtW/CiRzQ0ge4d1sprB4Rv3I4+HSsiS7SFKzfZLtWzXWlpg5qCdlWr1TR7qhYjIOPO9t1beO3YOvwhcRoliyyAPenBxTmTfbwKBgDtm2WJ5VlQgNpIdOs1CCiqd0DFmWOmvBPspPC1kySiy+Ndr9jNohRZkR7pEjgqA5E8rdzc88LirUN7bY5HFHRWN9KXrs5/o3O1K3GFCp64N6nvnPEYZ2zSJalcMC2fjSsJg26z8Dg1H+gfTIDUMoGiEAAnJXuqk+WayPU+fZMLn",
+ "publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj8r0029eL0jJKXv6XbNj+QqsZO25HhZ0IjTEtb8mfh0tju/X8c6dXgILh5wU7OF00U+0mSYSE/+rrYKmY5g4oCleTe1+abavATP1tamtXGAUYqdutaXPrVn9yMsCWEPchSPZlEGq5iBJdA+xh9ejUmZJYXmln26HUVWq71/jC9GpjbRmFQ37f0X7WJoGyiqyttfKkKfUeBmRbX/0P0Zm6DVze8HjCDVPBllZE0a3HCgSF0rp0+s1xn7o91qdWKVattAVsGNjjDPz/sgwHOyyhDtSyajwXU+K/QUZ9pV4moGtwC9uIEymTylP7bu7qnxXIhfouEa+fEjAzTs0HJ5JQIDAQAB",
+ "oauthClients" : [
+ {
+ "name": "broker-app",
+ "enabled": true,
+ "secret": "secret",
+ "redirectUris": [
+ "http://localhost:8081/auth/broker/realm-with-broker/kc-oidc-idp"
+ ],
+ "claims": {
+ "name" : true,
+ "email" : true,
+ "username" : true
+ }
+ }
+ ],
+ "users": [
+ {
+ "username" : "test-user",
+ "enabled": true,
+ "email" : "test-user@localhost",
+ "firstName" : "Test",
+ "lastName" : "User",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["manager"]
+ },
+ {
+ "username" : "pedroigor",
+ "enabled": true,
+ "email" : "psilva@redhat.com",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["manager"]
+ }
+ ],
+ "roles" : {
+ "realm" : [
+ {
+ "name": "manager",
+ "description": "Have Manager privileges"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml-with-signature.json b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml-with-signature.json
index 50eda96590..82db4ea508 100755
--- a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml-with-signature.json
+++ b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml-with-signature.json
@@ -1,6 +1,6 @@
{
- "id": "realm-with-saml-identity-provider",
- "realm": "realm-with-saml-identity-provider",
+ "id": "realm-with-saml-signed-idp",
+ "realm": "realm-with-saml-signed-idp",
"enabled": true,
"requiredCredentials": [ "password" ],
"defaultRoles": [ "foo", "bar" ],
@@ -11,7 +11,7 @@
"name": "http://localhost:8081/auth/",
"enabled": true,
"redirectUris": [
- "http://localhost:8081/auth/broker/realm-with-broker/saml-signed-idp"
+ "http://localhost:8081/auth/broker/realm-with-broker/kc-saml-signed-idp"
],
"attributes": {
"saml.assertion.signature": "true",
@@ -25,15 +25,28 @@
}
],
"users": [
- {
- "username" : "saml.user",
- "enabled": true,
- "credentials" : [
- { "type" : "password",
- "value" : "password" }
- ],
- "realmRoles": ["manager"]
- }
+ {
+ "username" : "test-user",
+ "enabled": true,
+ "email" : "test-user@localhost",
+ "firstName" : "Test",
+ "lastName" : "User",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["manager"]
+ },
+ {
+ "username" : "pedroigor",
+ "enabled": true,
+ "email" : "psilva@redhat.com",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["manager"]
+ }
],
"roles" : {
"realm" : [
diff --git a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml.json b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml.json
index 058a463bdf..4bf96ff71d 100755
--- a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml.json
+++ b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml.json
@@ -1,6 +1,6 @@
{
- "id": "realm-with-saml-identity-provider",
- "realm": "realm-with-saml-identity-provider",
+ "id": "realm-with-saml-idp-basic",
+ "realm": "realm-with-saml-idp-basic",
"enabled": true,
"requiredCredentials": [ "password" ],
"defaultRoles": [ "foo", "bar" ],
@@ -11,7 +11,7 @@
"name": "http://localhost:8081/auth/",
"enabled": true,
"redirectUris": [
- "http://localhost:8081/auth/broker/realm-with-broker/saml-idp-basic"
+ "http://localhost:8081/auth/broker/realm-with-broker/kc-saml-idp-basic"
],
"attributes": {
"saml.authnstatement": "true"
@@ -19,15 +19,28 @@
}
],
"users": [
- {
- "username" : "saml.user",
- "enabled": true,
- "credentials" : [
- { "type" : "password",
- "value" : "password" }
- ],
- "realmRoles": ["manager"]
- }
+ {
+ "username" : "test-user",
+ "enabled": true,
+ "email" : "test-user@localhost",
+ "firstName" : "Test",
+ "lastName" : "User",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["manager"]
+ },
+ {
+ "username" : "pedroigor",
+ "enabled": true,
+ "email" : "psilva@redhat.com",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["manager"]
+ }
],
"roles" : {
"realm" : [
diff --git a/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json b/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json
index 21bd22acbd..d5865c1417 100755
--- a/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json
+++ b/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json
@@ -8,7 +8,7 @@
"publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj8r0029eL0jJKXv6XbNj+QqsZO25HhZ0IjTEtb8mfh0tju/X8c6dXgILh5wU7OF00U+0mSYSE/+rrYKmY5g4oCleTe1+abavATP1tamtXGAUYqdutaXPrVn9yMsCWEPchSPZlEGq5iBJdA+xh9ejUmZJYXmln26HUVWq71/jC9GpjbRmFQ37f0X7WJoGyiqyttfKkKfUeBmRbX/0P0Zm6DVze8HjCDVPBllZE0a3HCgSF0rp0+s1xn7o91qdWKVattAVsGNjjDPz/sgwHOyyhDtSyajwXU+K/QUZ9pV4moGtwC9uIEymTylP7bu7qnxXIhfouEa+fEjAzTs0HJ5JQIDAQAB",
"identityProviders" : [
{
- "id" : "google",
+ "id" : "model-google",
"providerId" : "google",
"name" : "Google",
"enabled": true,
@@ -19,7 +19,7 @@
}
},
{
- "id" : "facebook",
+ "id" : "model-facebook",
"providerId" : "facebook",
"name" : "Facebook",
"enabled": true,
@@ -33,7 +33,7 @@
}
},
{
- "id" : "github",
+ "id" : "model-github",
"providerId" : "github",
"name" : "GitHub",
"enabled": true,
@@ -47,7 +47,7 @@
}
},
{
- "id" : "twitter",
+ "id" : "model-twitter",
"providerId" : "twitter",
"name" : "Twitter",
"enabled": true,
@@ -61,13 +61,30 @@
}
},
{
- "id" : "saml-signed-idp",
+ "id" : "model-saml-signed-idp",
+ "providerId" : "saml",
+ "name" : "SAML Signed IdP",
+ "enabled": true,
+ "updateProfileFirstLogin" : "true",
+ "config": {
+ "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml",
+ "nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
+ "signingCertificate": "MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin",
+ "wantAuthnRequestsSigned": true,
+ "forceAuthn": true,
+ "validateSignature": true,
+ "postBindingResponse": true,
+ "postBindingAuthnRequest": true
+ }
+ },
+ {
+ "id" : "kc-saml-signed-idp",
"providerId" : "saml",
"name" : "SAML Signed IdP",
"enabled": true,
"updateProfileFirstLogin" : "true",
"config": {
- "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml",
+ "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-signed-idp/protocol/saml",
"nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"signingCertificate": "MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin",
"wantAuthnRequestsSigned": true,
@@ -78,13 +95,13 @@
}
},
{
- "id" : "saml-idp-basic",
+ "id" : "kc-saml-idp-basic",
"providerId" : "saml",
"name" : "SAML Signed IdP",
"enabled": true,
"updateProfileFirstLogin" : "true",
"config": {
- "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml",
+ "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-idp-basic/protocol/saml",
"nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"forceAuthn": true,
"postBindingResponse": true,
@@ -92,7 +109,7 @@
}
},
{
- "id" : "oidc-idp",
+ "id" : "model-oidc-idp",
"providerId" : "oidc",
"name" : "OIDC IdP",
"enabled": false,
@@ -101,11 +118,26 @@
"clientId": "clientId",
"clientSecret": "clientSecret",
"prompt": "prompt",
- "authorizationUrl": "authorizationUrl",
- "tokenUrl": "tokenUrl",
- "userInfoUrl": "userInfoUrl",
- "defaultScope": "defaultScope",
- "issuer": "issuer"
+ "authorizationUrl": "http://localhost:8082/auth/realms/realm-with-oidc-identity-provider/tokens/login",
+ "tokenUrl": "http://localhost:8081/auth/realms/realm-with-oidc-identity-provider/protocol/openid-connect/access/codes",
+ "userInfoUrl": "http://localhost:8081/auth/realms/realm-with-oidc-identity-provider/protocol/openid-connect/userinfo",
+ "defaultScope": "email profile"
+ }
+ },
+ {
+ "id" : "kc-oidc-idp",
+ "providerId" : "oidc",
+ "name" : "KeyCloak OIDC IdP",
+ "enabled": true,
+ "updateProfileFirstLogin" : "false",
+ "config": {
+ "clientId": "broker-app",
+ "clientSecret": "secret",
+ "prompt": "login",
+ "authorizationUrl": "http://localhost:8082/auth/realms/realm-with-oidc-identity-provider/tokens/login",
+ "tokenUrl": "http://localhost:8082/auth/realms/realm-with-oidc-identity-provider/protocol/openid-connect/access/codes",
+ "userInfoUrl": "http://localhost:8082/auth/realms/realm-with-oidc-identity-provider/protocol/openid-connect/userinfo",
+ "defaultScope": "email profile"
}
}
],