KEYCLOAK-5473 X509 Add missing tests for User Identity Sources

This commit is contained in:
mposolda 2019-04-24 15:30:26 +02:00 committed by Marek Posolda
parent 6ffe14c8e1
commit 39a5978273
2 changed files with 41 additions and 4 deletions

View file

@ -434,12 +434,12 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe
.setUserIdentityMapperType(USERNAME_EMAIL); .setUserIdentityMapperType(USERNAME_EMAIL);
} }
protected static X509AuthenticatorConfigModel createLoginIssuerCNToCustomAttributeConfig() { protected static X509AuthenticatorConfigModel createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(X509AuthenticatorConfigModel.MappingSourceType sourceType, String userAttributeName) {
return new X509AuthenticatorConfigModel() return new X509AuthenticatorConfigModel()
.setConfirmationPageAllowed(true) .setConfirmationPageAllowed(true)
.setMappingSourceType(ISSUERDN_CN) .setMappingSourceType(sourceType)
.setUserIdentityMapperType(USER_ATTRIBUTE) .setUserIdentityMapperType(USER_ATTRIBUTE)
.setCustomAttributeName("x509_issuer_identity"); .setCustomAttributeName(userAttributeName);
} }
protected static X509AuthenticatorConfigModel createLoginIssuerDN_OU2CustomAttributeConfig() { protected static X509AuthenticatorConfigModel createLoginIssuerDN_OU2CustomAttributeConfig() {

View file

@ -39,6 +39,9 @@ import static org.hamcrest.Matchers.startsWith;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.IdentityMapperType.USERNAME_EMAIL; import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.IdentityMapperType.USERNAME_EMAIL;
import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.IdentityMapperType.USER_ATTRIBUTE; import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.IdentityMapperType.USER_ATTRIBUTE;
import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.ISSUERDN_CN;
import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.ISSUERDN_EMAIL;
import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.SERIALNUMBER;
import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.SUBJECTDN; import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.SUBJECTDN;
import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.SUBJECTDN_EMAIL; import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.SUBJECTDN_EMAIL;
import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.ProfileAssume;
@ -165,7 +168,8 @@ public class X509BrowserLoginTest extends AbstractX509AuthenticationTest {
@Test @Test
public void loginAsUserFromCertIssuerCNMappedToUserAttribute() { public void loginAsUserFromCertIssuerCNMappedToUserAttribute() {
x509BrowserLogin(createLoginIssuerCNToCustomAttributeConfig(), userId2, "keycloak", "Keycloak Intermediate CA"); x509BrowserLogin(createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(ISSUERDN_CN, "x509_issuer_identity"),
userId2, "keycloak", "Keycloak Intermediate CA");
} }
@Test @Test
@ -182,6 +186,39 @@ public class X509BrowserLoginTest extends AbstractX509AuthenticationTest {
x509BrowserLogin(createLoginIssuerDN_OU2CustomAttributeConfig(), userId2, "keycloak", "Red Hat"); x509BrowserLogin(createLoginIssuerDN_OU2CustomAttributeConfig(), userId2, "keycloak", "Red Hat");
} }
@Test
public void loginAsUserFromCertIssuerEmailMappedToUserAttribute() {
UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_issuer_identity", "contact@keycloak.org");
this.updateUser(user);
events.clear();
x509BrowserLogin(createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(ISSUERDN_EMAIL, "x509_issuer_identity"),
userId2, "keycloak", "contact@keycloak.org");
}
@Test
public void loginAsUserFromCertSerialNumberMappedToUserAttribute() {
UserRepresentation user = testRealm().users().get(userId2).toRepresentation();
Assert.assertNotNull(user);
user.singleAttribute("x509_serial_number", "4105");
this.updateUser(user);
events.clear();
x509BrowserLogin(createLoginWithSpecifiedSourceTypeToCustomAttributeConfig(SERIALNUMBER, "x509_serial_number"),
userId2, "keycloak", "4105");
}
@Test @Test
public void loginDuplicateUsersNotAllowed() { public void loginDuplicateUsersNotAllowed() {