libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-5473 X509 Add missing tests for User Identity Sources

Browse source
This commit is contained in:
mposolda 2019-04-24 15:30:26 +02:00 committed by Marek Posolda
parent 6ffe14c8e1
commit 39a5978273
2 changed files with 41 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/AbstractX509AuthenticationTest.java
View file

@ -434,12 +434,12 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe
.setUserIdentityMapperType(USERNAME_EMAIL); .setUserIdentityMapperType(USERNAME_EMAIL);
} }
protected static X509AuthenticatorConfigModel createLoginIssuerCNToCustomAttributeConfig() { protected static X509AuthenticatorConfigModel createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(X509AuthenticatorConfigModel.MappingSourceType sourceType, String userAttributeName) {
return new X509AuthenticatorConfigModel() return new X509AuthenticatorConfigModel()
.setConfirmationPageAllowed(true) .setConfirmationPageAllowed(true)
.setMappingSourceType(ISSUERDN_CN) .setMappingSourceType(sourceType)
.setUserIdentityMapperType(USER_ATTRIBUTE) .setUserIdentityMapperType(USER_ATTRIBUTE)
.setCustomAttributeName("x509_issuer_identity"); .setCustomAttributeName(userAttributeName);
} }
protected static X509AuthenticatorConfigModel createLoginIssuerDN_OU2CustomAttributeConfig() { protected static X509AuthenticatorConfigModel createLoginIssuerDN_OU2CustomAttributeConfig() {

39
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginTest.java
View file

@ -39,6 +39,9 @@ import static org.hamcrest.Matchers.startsWith;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.IdentityMapperType.USERNAME_EMAIL; import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.IdentityMapperType.USERNAME_EMAIL;
import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.IdentityMapperType.USER_ATTRIBUTE; import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.IdentityMapperType.USER_ATTRIBUTE;
import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.ISSUERDN_CN;
import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.ISSUERDN_EMAIL;
import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.SERIALNUMBER;
import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.SUBJECTDN; import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.SUBJECTDN;
import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.SUBJECTDN_EMAIL; import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.SUBJECTDN_EMAIL;
import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.ProfileAssume;
@ -165,7 +168,8 @@ public class X509BrowserLoginTest extends AbstractX509AuthenticationTest {
@Test @Test
public void loginAsUserFromCertIssuerCNMappedToUserAttribute() { public void loginAsUserFromCertIssuerCNMappedToUserAttribute() {
x509BrowserLogin(createLoginIssuerCNToCustomAttributeConfig(), userId2, "keycloak", "Keycloak Intermediate CA"); x509BrowserLogin(createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(ISSUERDN_CN, "x509_issuer_identity"),
userId2, "keycloak", "Keycloak Intermediate CA");
} }
@Test @Test
@ -182,6 +186,39 @@ public class X509BrowserLoginTest extends AbstractX509AuthenticationTest {
x509BrowserLogin(createLoginIssuerDN_OU2CustomAttributeConfig(), userId2, "keycloak", "Red Hat"); x509BrowserLogin(createLoginIssuerDN_OU2CustomAttributeConfig(), userId2, "keycloak", "Red Hat");
} }
@Test
public void loginAsUserFromCertIssuerEmailMappedToUserAttribute() {
UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_issuer_identity", "contact@keycloak.org");
this.updateUser(user);
events.clear();
x509BrowserLogin(createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(ISSUERDN_EMAIL, "x509_issuer_identity"),
userId2, "keycloak", "contact@keycloak.org");
}
@Test
public void loginAsUserFromCertSerialNumberMappedToUserAttribute() {
UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_serial_number", "4105");
this.updateUser(user);
events.clear();
x509BrowserLogin(createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SERIALNUMBER, "x509_serial_number"),
userId2, "keycloak", "4105");
}
@Test @Test
public void loginDuplicateUsersNotAllowed() { public void loginDuplicateUsersNotAllowed() {