libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-2971: saml provider without signature in broker test

Browse source
This commit is contained in:
wyvie 2016-05-06 15:01:11 +02:00
parent a867a1646a
commit 30f4f920c1
4 changed files with 159 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/broker/KcOidcBrokerConstants.java → testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/broker/BrokerTestConstants.java
View file

@ -1,12 +1,15 @@
package org.keycloak.testsuite.broker; package org.keycloak.testsuite.broker;
class KcOidcBrokerConstants { class BrokerTestConstants {
final static String REALM_PROV_NAME = "provider"; final static String REALM_PROV_NAME = "provider";
final static String REALM_CONS_NAME = "consumer"; final static String REALM_CONS_NAME = "consumer";
final static String IDP_ALIAS = "kc-oidc-idp"; final static String IDP_OIDC_ALIAS = "kc-oidc-idp";
final static String IDP_PROVIDER_ID = "keycloak-oidc"; final static String IDP_OIDC_PROVIDER_ID = "keycloak-oidc";
final static String IDP_SAML_ALIAS = "kc-saml-idp";
final static String IDP_SAML_PROVIDER_ID = "saml";
final static String CLIENT_ID = "brokerapp"; final static String CLIENT_ID = "brokerapp";
final static String CLIENT_SECRET = "secret"; final static String CLIENT_SECRET = "secret";

21
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java
View file

@ -15,6 +15,7 @@ import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.UpdateAccountInformationPage; import org.keycloak.testsuite.pages.UpdateAccountInformationPage;
import java.util.List; import java.util.List;
import java.util.stream.Collectors;
import static org.keycloak.testsuite.admin.ApiUtil.createUserWithAdminClient; import static org.keycloak.testsuite.admin.ApiUtil.createUserWithAdminClient;
import static org.keycloak.testsuite.admin.ApiUtil.resetUserPassword; import static org.keycloak.testsuite.admin.ApiUtil.resetUserPassword;
@ -117,11 +118,13 @@ public abstract class AbstractBrokerTest extends AbstractKeycloakTest {
public void tryToLogInAsUserInIDP() { public void tryToLogInAsUserInIDP() {
driver.navigate().to(getAuthRoot() + "/auth/realms/" + consumerRealmName() + "/account"); driver.navigate().to(getAuthRoot() + "/auth/realms/" + consumerRealmName() + "/account");
log.debug("Clicking social " + getIDPAlias());
accountLoginPage.clickSocial(getIDPAlias()); accountLoginPage.clickSocial(getIDPAlias());
Assert.assertTrue("Driver should be on the provider realm page right now", Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + providerRealmName() + "/")); driver.getCurrentUrl().contains("/auth/realms/" + providerRealmName() + "/"));
log.debug("Logging in");
accountLoginPage.login(getUserLogin(), getUserPassword()); accountLoginPage.login(getUserLogin(), getUserPassword());
Assert.assertTrue("We must be on update user profile page right now", Assert.assertTrue("We must be on update user profile page right now",
@ -130,21 +133,19 @@ public abstract class AbstractBrokerTest extends AbstractKeycloakTest {
Assert.assertTrue("We must be on correct realm right now", Assert.assertTrue("We must be on correct realm right now",
driver.getCurrentUrl().contains("/auth/realms/" + consumerRealmName() + "/")); driver.getCurrentUrl().contains("/auth/realms/" + consumerRealmName() + "/"));
log.debug("Updating info on updateAccount page");
updateAccountInformationPage.updateAccountInformation("Firstname", "Lastname"); updateAccountInformationPage.updateAccountInformation("Firstname", "Lastname");
UsersResource consumerUsers = adminClient.realm(consumerRealmName()).users(); UsersResource consumerUsers = adminClient.realm(consumerRealmName()).users();
List<UserRepresentation> users = consumerUsers.search("", 0, 5); Assert.assertTrue("There must be at least one user", consumerUsers.count() > 0);
Assert.assertTrue("There must be at least one user", users.size() > 0);
boolean foundUser = false; List<UserRepresentation> users = consumerUsers.search("", 0, 5);
for (UserRepresentation user : users) {
if (user.getUsername().equals(getUserLogin()) && user.getEmail().equals(getUserEmail())) { List<UserRepresentation> correctUsers = users.stream()
foundUser = true; .filter(user -> user.getUsername().equals(getUserLogin()) && user.getEmail().equals(getUserEmail()))
break; .collect(Collectors.toList());
}
}
Assert.assertTrue("There must be user " + getUserLogin() + " in realm " + consumerRealmName(), Assert.assertTrue("There must be user " + getUserLogin() + " in realm " + consumerRealmName(),
foundUser); correctUsers.size() > 0);
} }
} }

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerTest.java
View file

@ -8,7 +8,7 @@ import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import static org.keycloak.testsuite.broker.KcOidcBrokerConstants.*; import static org.keycloak.testsuite.broker.BrokerTestConstants.*;
public class KcOidcBrokerTest extends AbstractBrokerTest { public class KcOidcBrokerTest extends AbstractBrokerTest {
@ -39,7 +39,7 @@ public class KcOidcBrokerTest extends AbstractBrokerTest {
client.setEnabled(true); client.setEnabled(true);
client.setRedirectUris(Collections.singletonList(getAuthRoot() + client.setRedirectUris(Collections.singletonList(getAuthRoot() +
"/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_ALIAS + "/endpoint/*")); "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint/*"));
return Collections.singletonList(client); return Collections.singletonList(client);
} }
@ -51,7 +51,7 @@ public class KcOidcBrokerTest extends AbstractBrokerTest {
@Override @Override
protected IdentityProviderRepresentation setUpIdentityProvider() { protected IdentityProviderRepresentation setUpIdentityProvider() {
IdentityProviderRepresentation idp = createIdentityProvider(IDP_ALIAS, IDP_PROVIDER_ID); IdentityProviderRepresentation idp = createIdentityProvider(IDP_OIDC_ALIAS, IDP_OIDC_PROVIDER_ID);
Map<String, String> config = idp.getConfig(); Map<String, String> config = idp.getConfig();
@ -95,7 +95,7 @@ public class KcOidcBrokerTest extends AbstractBrokerTest {
@Override @Override
protected String getIDPAlias() { protected String getIDPAlias() {
return IDP_ALIAS; return IDP_OIDC_ALIAS;
} }
} }

138
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlBrokerTest.java Normal file
View file

@ -0,0 +1,138 @@
package org.keycloak.testsuite.broker;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import static org.keycloak.testsuite.broker.BrokerTestConstants.*;
public class KcSamlBrokerTest extends AbstractBrokerTest {
@Override
protected RealmRepresentation createProviderRealm() {
RealmRepresentation realm = new RealmRepresentation();
realm.setEnabled(true);
realm.setRealm(REALM_PROV_NAME);
return realm;
}
@Override
protected RealmRepresentation createConsumerRealm() {
RealmRepresentation realm = new RealmRepresentation();
realm.setEnabled(true);
realm.setRealm(REALM_CONS_NAME);
return realm;
}
@Override
protected List<ClientRepresentation> createProviderClients() {
ClientRepresentation client = new ClientRepresentation();
client.setClientId(getAuthRoot() + "/auth/realms/" + REALM_CONS_NAME);
client.setEnabled(true);
client.setProtocol(IDP_SAML_PROVIDER_ID);
client.setRedirectUris(Collections.singletonList(
getAuthRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint"
));
Map<String, String> attributes = new HashMap<>();
attributes.put("saml.authnstatement", "true");
attributes.put("saml_single_logout_service_url_post",
getAuthRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
attributes.put("saml_force_name_id_format",
getAuthRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
attributes.put("saml_force_name_id_format", "true");
attributes.put("saml_name_id_format", "username");
attributes.put("saml.assertion.signature", "false");
attributes.put("saml.server.signature", "false");
attributes.put("saml.client.signature", "false");
client.setAttributes(attributes);
ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
mapper.setName("email");
mapper.setProtocol("saml");
mapper.setProtocolMapper("saml-user-property-mapper");
mapper.setConsentRequired(false);
Map<String, String> mapperConfig = mapper.getConfig();
mapperConfig.put("user.attribute", "email");
mapperConfig.put("attribute.name", "urn:oid:1.2.840.113549.1.9.1");
mapperConfig.put("attribute.nameformat", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
mapperConfig.put("friendly.name", "email");
client.setProtocolMappers(Collections.singletonList(
mapper
));
return Collections.singletonList(client);
}
@Override
protected List<ClientRepresentation> createConsumerClients() {
return null;
}
@Override
protected IdentityProviderRepresentation setUpIdentityProvider() {
IdentityProviderRepresentation idp = createIdentityProvider(IDP_SAML_ALIAS, IDP_SAML_PROVIDER_ID);
idp.setTrustEmail(true);
idp.setAddReadTokenRoleOnCreate(true);
idp.setStoreToken(true);
Map<String, String> config = idp.getConfig();
config.put("singleSignOnServiceUrl", getAuthRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/saml");
config.put("singleLogoutServiceUrl", getAuthRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/saml");
config.put("nameIDPolicyFormat", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
config.put("forceAuthn", "true");
config.put("postBindingResponse", "true");
config.put("postBindingAuthnRequest", "true");
config.put("validateSignature", "false");
config.put("wantAuthnRequestsSigned", "false");
return idp;
}
@Override
protected String providerRealmName() {
return REALM_PROV_NAME;
}
@Override
protected String consumerRealmName() {
return REALM_CONS_NAME;
}
@Override
protected String getUserLogin() {
return USER_LOGIN;
}
@Override
protected String getUserPassword() {
return USER_PASSWORD;
}
@Override
protected String getUserEmail() {
return USER_EMAIL;
}
@Override
protected String getIDPAlias() {
return IDP_SAML_ALIAS;
}
}