From 30f4f920c1fc0f8083117706aa2692a5b1b88837 Mon Sep 17 00:00:00 2001 From: wyvie Date: Fri, 6 May 2016 15:01:11 +0200 Subject: [PATCH] KEYCLOAK-2971: saml provider without signature in broker test --- ...onstants.java => BrokerTestConstants.java} | 9 +- .../testsuite/broker/AbstractBrokerTest.java | 21 +-- .../testsuite/broker/KcOidcBrokerTest.java | 8 +- .../testsuite/broker/KcSamlBrokerTest.java | 138 ++++++++++++++++++ 4 files changed, 159 insertions(+), 17 deletions(-) rename testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/broker/{KcOidcBrokerConstants.java => BrokerTestConstants.java} (61%) create mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlBrokerTest.java diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/broker/KcOidcBrokerConstants.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/broker/BrokerTestConstants.java similarity index 61% rename from testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/broker/KcOidcBrokerConstants.java rename to testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/broker/BrokerTestConstants.java index 176e7c542d..17acecd176 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/broker/KcOidcBrokerConstants.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/broker/BrokerTestConstants.java @@ -1,12 +1,15 @@ package org.keycloak.testsuite.broker; -class KcOidcBrokerConstants { +class BrokerTestConstants { final static String REALM_PROV_NAME = "provider"; final static String REALM_CONS_NAME = "consumer"; - final static String IDP_ALIAS = "kc-oidc-idp"; - final static String IDP_PROVIDER_ID = "keycloak-oidc"; + final static String IDP_OIDC_ALIAS = "kc-oidc-idp"; + final static String IDP_OIDC_PROVIDER_ID = "keycloak-oidc"; + + final static String IDP_SAML_ALIAS = "kc-saml-idp"; + final static String IDP_SAML_PROVIDER_ID = "saml"; final static String CLIENT_ID = "brokerapp"; final static String CLIENT_SECRET = "secret"; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java index aa12b41f09..600b596457 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java @@ -15,6 +15,7 @@ import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.pages.UpdateAccountInformationPage; import java.util.List; +import java.util.stream.Collectors; import static org.keycloak.testsuite.admin.ApiUtil.createUserWithAdminClient; import static org.keycloak.testsuite.admin.ApiUtil.resetUserPassword; @@ -117,11 +118,13 @@ public abstract class AbstractBrokerTest extends AbstractKeycloakTest { public void tryToLogInAsUserInIDP() { driver.navigate().to(getAuthRoot() + "/auth/realms/" + consumerRealmName() + "/account"); + log.debug("Clicking social " + getIDPAlias()); accountLoginPage.clickSocial(getIDPAlias()); Assert.assertTrue("Driver should be on the provider realm page right now", driver.getCurrentUrl().contains("/auth/realms/" + providerRealmName() + "/")); + log.debug("Logging in"); accountLoginPage.login(getUserLogin(), getUserPassword()); Assert.assertTrue("We must be on update user profile page right now", @@ -130,21 +133,19 @@ public abstract class AbstractBrokerTest extends AbstractKeycloakTest { Assert.assertTrue("We must be on correct realm right now", driver.getCurrentUrl().contains("/auth/realms/" + consumerRealmName() + "/")); + log.debug("Updating info on updateAccount page"); updateAccountInformationPage.updateAccountInformation("Firstname", "Lastname"); UsersResource consumerUsers = adminClient.realm(consumerRealmName()).users(); - List users = consumerUsers.search("", 0, 5); - Assert.assertTrue("There must be at least one user", users.size() > 0); + Assert.assertTrue("There must be at least one user", consumerUsers.count() > 0); - boolean foundUser = false; - for (UserRepresentation user : users) { - if (user.getUsername().equals(getUserLogin()) && user.getEmail().equals(getUserEmail())) { - foundUser = true; - break; - } - } + List users = consumerUsers.search("", 0, 5); + + List correctUsers = users.stream() + .filter(user -> user.getUsername().equals(getUserLogin()) && user.getEmail().equals(getUserEmail())) + .collect(Collectors.toList()); Assert.assertTrue("There must be user " + getUserLogin() + " in realm " + consumerRealmName(), - foundUser); + correctUsers.size() > 0); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerTest.java index f17ed2bfdc..7faf6248d8 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerTest.java @@ -8,7 +8,7 @@ import java.util.Collections; import java.util.List; import java.util.Map; -import static org.keycloak.testsuite.broker.KcOidcBrokerConstants.*; +import static org.keycloak.testsuite.broker.BrokerTestConstants.*; public class KcOidcBrokerTest extends AbstractBrokerTest { @@ -39,7 +39,7 @@ public class KcOidcBrokerTest extends AbstractBrokerTest { client.setEnabled(true); client.setRedirectUris(Collections.singletonList(getAuthRoot() + - "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_ALIAS + "/endpoint/*")); + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint/*")); return Collections.singletonList(client); } @@ -51,7 +51,7 @@ public class KcOidcBrokerTest extends AbstractBrokerTest { @Override protected IdentityProviderRepresentation setUpIdentityProvider() { - IdentityProviderRepresentation idp = createIdentityProvider(IDP_ALIAS, IDP_PROVIDER_ID); + IdentityProviderRepresentation idp = createIdentityProvider(IDP_OIDC_ALIAS, IDP_OIDC_PROVIDER_ID); Map config = idp.getConfig(); @@ -95,7 +95,7 @@ public class KcOidcBrokerTest extends AbstractBrokerTest { @Override protected String getIDPAlias() { - return IDP_ALIAS; + return IDP_OIDC_ALIAS; } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlBrokerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlBrokerTest.java new file mode 100644 index 0000000000..a1fdc7639d --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlBrokerTest.java @@ -0,0 +1,138 @@ +package org.keycloak.testsuite.broker; + +import org.keycloak.representations.idm.ClientRepresentation; +import org.keycloak.representations.idm.IdentityProviderRepresentation; +import org.keycloak.representations.idm.ProtocolMapperRepresentation; +import org.keycloak.representations.idm.RealmRepresentation; + +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import static org.keycloak.testsuite.broker.BrokerTestConstants.*; + +public class KcSamlBrokerTest extends AbstractBrokerTest { + + @Override + protected RealmRepresentation createProviderRealm() { + RealmRepresentation realm = new RealmRepresentation(); + + realm.setEnabled(true); + realm.setRealm(REALM_PROV_NAME); + + return realm; + } + + @Override + protected RealmRepresentation createConsumerRealm() { + RealmRepresentation realm = new RealmRepresentation(); + + realm.setEnabled(true); + realm.setRealm(REALM_CONS_NAME); + + return realm; + } + + @Override + protected List createProviderClients() { + ClientRepresentation client = new ClientRepresentation(); + + client.setClientId(getAuthRoot() + "/auth/realms/" + REALM_CONS_NAME); + client.setEnabled(true); + client.setProtocol(IDP_SAML_PROVIDER_ID); + client.setRedirectUris(Collections.singletonList( + getAuthRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint" + )); + + Map attributes = new HashMap<>(); + + attributes.put("saml.authnstatement", "true"); + attributes.put("saml_single_logout_service_url_post", + getAuthRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint"); + attributes.put("saml_force_name_id_format", + getAuthRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint"); + attributes.put("saml_force_name_id_format", "true"); + attributes.put("saml_name_id_format", "username"); + attributes.put("saml.assertion.signature", "false"); + attributes.put("saml.server.signature", "false"); + attributes.put("saml.client.signature", "false"); + + client.setAttributes(attributes); + + ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation(); + mapper.setName("email"); + mapper.setProtocol("saml"); + mapper.setProtocolMapper("saml-user-property-mapper"); + mapper.setConsentRequired(false); + + Map mapperConfig = mapper.getConfig(); + mapperConfig.put("user.attribute", "email"); + mapperConfig.put("attribute.name", "urn:oid:1.2.840.113549.1.9.1"); + mapperConfig.put("attribute.nameformat", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); + mapperConfig.put("friendly.name", "email"); + + client.setProtocolMappers(Collections.singletonList( + mapper + )); + + return Collections.singletonList(client); + } + + @Override + protected List createConsumerClients() { + return null; + } + + @Override + protected IdentityProviderRepresentation setUpIdentityProvider() { + IdentityProviderRepresentation idp = createIdentityProvider(IDP_SAML_ALIAS, IDP_SAML_PROVIDER_ID); + + idp.setTrustEmail(true); + idp.setAddReadTokenRoleOnCreate(true); + idp.setStoreToken(true); + + Map config = idp.getConfig(); + + config.put("singleSignOnServiceUrl", getAuthRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/saml"); + config.put("singleLogoutServiceUrl", getAuthRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/saml"); + config.put("nameIDPolicyFormat", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"); + config.put("forceAuthn", "true"); + config.put("postBindingResponse", "true"); + config.put("postBindingAuthnRequest", "true"); + config.put("validateSignature", "false"); + config.put("wantAuthnRequestsSigned", "false"); + + return idp; + } + + @Override + protected String providerRealmName() { + return REALM_PROV_NAME; + } + + @Override + protected String consumerRealmName() { + return REALM_CONS_NAME; + } + + @Override + protected String getUserLogin() { + return USER_LOGIN; + } + + @Override + protected String getUserPassword() { + return USER_PASSWORD; + } + + @Override + protected String getUserEmail() { + return USER_EMAIL; + } + + @Override + protected String getIDPAlias() { + return IDP_SAML_ALIAS; + } +}