KEYCLOAK-2971: saml provider without signature in broker test
This commit is contained in:
wyvie
parent
a867a1646a
commit
30f4f920c1
4 changed files with 159 additions and 17 deletions
|
|
@ -1,12 +1,15 @@
|
|||
package org.keycloak.testsuite.broker;
|
||||
|
||||
class KcOidcBrokerConstants {
|
||||
class BrokerTestConstants {
|
||||
|
||||
final static String REALM_PROV_NAME = "provider";
|
||||
final static String REALM_CONS_NAME = "consumer";
|
||||
|
||||
final static String IDP_ALIAS = "kc-oidc-idp";
|
||||
final static String IDP_PROVIDER_ID = "keycloak-oidc";
|
||||
final static String IDP_OIDC_ALIAS = "kc-oidc-idp";
|
||||
final static String IDP_OIDC_PROVIDER_ID = "keycloak-oidc";
|
||||
|
||||
final static String IDP_SAML_ALIAS = "kc-saml-idp";
|
||||
final static String IDP_SAML_PROVIDER_ID = "saml";
|
||||
|
||||
final static String CLIENT_ID = "brokerapp";
|
||||
final static String CLIENT_SECRET = "secret";
|
||||
|
|
@ -15,6 +15,7 @@ import org.keycloak.testsuite.pages.LoginPage;
|
|||
import org.keycloak.testsuite.pages.UpdateAccountInformationPage;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import static org.keycloak.testsuite.admin.ApiUtil.createUserWithAdminClient;
|
||||
import static org.keycloak.testsuite.admin.ApiUtil.resetUserPassword;
|
||||
|
|
@ -117,11 +118,13 @@ public abstract class AbstractBrokerTest extends AbstractKeycloakTest {
|
|||
public void tryToLogInAsUserInIDP() {
|
||||
driver.navigate().to(getAuthRoot() + "/auth/realms/" + consumerRealmName() + "/account");
|
||||
|
||||
log.debug("Clicking social " + getIDPAlias());
|
||||
accountLoginPage.clickSocial(getIDPAlias());
|
||||
|
||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
||||
driver.getCurrentUrl().contains("/auth/realms/" + providerRealmName() + "/"));
|
||||
|
||||
log.debug("Logging in");
|
||||
accountLoginPage.login(getUserLogin(), getUserPassword());
|
||||
|
||||
Assert.assertTrue("We must be on update user profile page right now",
|
||||
|
|
@ -130,21 +133,19 @@ public abstract class AbstractBrokerTest extends AbstractKeycloakTest {
|
|||
Assert.assertTrue("We must be on correct realm right now",
|
||||
driver.getCurrentUrl().contains("/auth/realms/" + consumerRealmName() + "/"));
|
||||
|
||||
log.debug("Updating info on updateAccount page");
|
||||
updateAccountInformationPage.updateAccountInformation("Firstname", "Lastname");
|
||||
|
||||
UsersResource consumerUsers = adminClient.realm(consumerRealmName()).users();
|
||||
List<UserRepresentation> users = consumerUsers.search("", 0, 5);
|
||||
Assert.assertTrue("There must be at least one user", users.size() > 0);
|
||||
Assert.assertTrue("There must be at least one user", consumerUsers.count() > 0);
|
||||
|
||||
boolean foundUser = false;
|
||||
for (UserRepresentation user : users) {
|
||||
if (user.getUsername().equals(getUserLogin()) && user.getEmail().equals(getUserEmail())) {
|
||||
foundUser = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
List<UserRepresentation> users = consumerUsers.search("", 0, 5);
|
||||
|
||||
List<UserRepresentation> correctUsers = users.stream()
|
||||
.filter(user -> user.getUsername().equals(getUserLogin()) && user.getEmail().equals(getUserEmail()))
|
||||
.collect(Collectors.toList());
|
||||
|
||||
Assert.assertTrue("There must be user " + getUserLogin() + " in realm " + consumerRealmName(),
|
||||
foundUser);
|
||||
correctUsers.size() > 0);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ import java.util.Collections;
|
|||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.keycloak.testsuite.broker.KcOidcBrokerConstants.*;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestConstants.*;
|
||||
|
||||
public class KcOidcBrokerTest extends AbstractBrokerTest {
|
||||
|
||||
|
|
@ -39,7 +39,7 @@ public class KcOidcBrokerTest extends AbstractBrokerTest {
|
|||
client.setEnabled(true);
|
||||
|
||||
client.setRedirectUris(Collections.singletonList(getAuthRoot() +
|
||||
"/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_ALIAS + "/endpoint/*"));
|
||||
"/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint/*"));
|
||||
|
||||
return Collections.singletonList(client);
|
||||
}
|
||||
|
|
@ -51,7 +51,7 @@ public class KcOidcBrokerTest extends AbstractBrokerTest {
|
|||
|
||||
@Override
|
||||
protected IdentityProviderRepresentation setUpIdentityProvider() {
|
||||
IdentityProviderRepresentation idp = createIdentityProvider(IDP_ALIAS, IDP_PROVIDER_ID);
|
||||
IdentityProviderRepresentation idp = createIdentityProvider(IDP_OIDC_ALIAS, IDP_OIDC_PROVIDER_ID);
|
||||
|
||||
Map<String, String> config = idp.getConfig();
|
||||
|
||||
|
|
@ -95,7 +95,7 @@ public class KcOidcBrokerTest extends AbstractBrokerTest {
|
|||
|
||||
@Override
|
||||
protected String getIDPAlias() {
|
||||
return IDP_ALIAS;
|
||||
return IDP_OIDC_ALIAS;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,138 @@
|
|||
package org.keycloak.testsuite.broker;
|
||||
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.keycloak.testsuite.broker.BrokerTestConstants.*;
|
||||
|
||||
public class KcSamlBrokerTest extends AbstractBrokerTest {
|
||||
|
||||
@Override
|
||||
protected RealmRepresentation createProviderRealm() {
|
||||
RealmRepresentation realm = new RealmRepresentation();
|
||||
|
||||
realm.setEnabled(true);
|
||||
realm.setRealm(REALM_PROV_NAME);
|
||||
|
||||
return realm;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected RealmRepresentation createConsumerRealm() {
|
||||
RealmRepresentation realm = new RealmRepresentation();
|
||||
|
||||
realm.setEnabled(true);
|
||||
realm.setRealm(REALM_CONS_NAME);
|
||||
|
||||
return realm;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected List<ClientRepresentation> createProviderClients() {
|
||||
ClientRepresentation client = new ClientRepresentation();
|
||||
|
||||
client.setClientId(getAuthRoot() + "/auth/realms/" + REALM_CONS_NAME);
|
||||
client.setEnabled(true);
|
||||
client.setProtocol(IDP_SAML_PROVIDER_ID);
|
||||
client.setRedirectUris(Collections.singletonList(
|
||||
getAuthRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint"
|
||||
));
|
||||
|
||||
Map<String, String> attributes = new HashMap<>();
|
||||
|
||||
attributes.put("saml.authnstatement", "true");
|
||||
attributes.put("saml_single_logout_service_url_post",
|
||||
getAuthRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
|
||||
attributes.put("saml_force_name_id_format",
|
||||
getAuthRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
|
||||
attributes.put("saml_force_name_id_format", "true");
|
||||
attributes.put("saml_name_id_format", "username");
|
||||
attributes.put("saml.assertion.signature", "false");
|
||||
attributes.put("saml.server.signature", "false");
|
||||
attributes.put("saml.client.signature", "false");
|
||||
|
||||
client.setAttributes(attributes);
|
||||
|
||||
ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
|
||||
mapper.setName("email");
|
||||
mapper.setProtocol("saml");
|
||||
mapper.setProtocolMapper("saml-user-property-mapper");
|
||||
mapper.setConsentRequired(false);
|
||||
|
||||
Map<String, String> mapperConfig = mapper.getConfig();
|
||||
mapperConfig.put("user.attribute", "email");
|
||||
mapperConfig.put("attribute.name", "urn:oid:1.2.840.113549.1.9.1");
|
||||
mapperConfig.put("attribute.nameformat", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
|
||||
mapperConfig.put("friendly.name", "email");
|
||||
|
||||
client.setProtocolMappers(Collections.singletonList(
|
||||
mapper
|
||||
));
|
||||
|
||||
return Collections.singletonList(client);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected List<ClientRepresentation> createConsumerClients() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected IdentityProviderRepresentation setUpIdentityProvider() {
|
||||
IdentityProviderRepresentation idp = createIdentityProvider(IDP_SAML_ALIAS, IDP_SAML_PROVIDER_ID);
|
||||
|
||||
idp.setTrustEmail(true);
|
||||
idp.setAddReadTokenRoleOnCreate(true);
|
||||
idp.setStoreToken(true);
|
||||
|
||||
Map<String, String> config = idp.getConfig();
|
||||
|
||||
config.put("singleSignOnServiceUrl", getAuthRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/saml");
|
||||
config.put("singleLogoutServiceUrl", getAuthRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/saml");
|
||||
config.put("nameIDPolicyFormat", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
|
||||
config.put("forceAuthn", "true");
|
||||
config.put("postBindingResponse", "true");
|
||||
config.put("postBindingAuthnRequest", "true");
|
||||
config.put("validateSignature", "false");
|
||||
config.put("wantAuthnRequestsSigned", "false");
|
||||
|
||||
return idp;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String providerRealmName() {
|
||||
return REALM_PROV_NAME;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String consumerRealmName() {
|
||||
return REALM_CONS_NAME;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String getUserLogin() {
|
||||
return USER_LOGIN;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String getUserPassword() {
|
||||
return USER_PASSWORD;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String getUserEmail() {
|
||||
return USER_EMAIL;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String getIDPAlias() {
|
||||
return IDP_SAML_ALIAS;
|
||||
}
|
||||
}
|
||||
Loading…
Reference in a new issue