Merge pull request #971 from mposolda/master

Add authenticateByDefault flag to IdentityProviderModel. Automatic kerberos login
This commit is contained in:
Marek Posolda 2015-02-13 10:25:46 +01:00
commit 45375a9625
23 changed files with 149 additions and 23 deletions

View file

@ -103,15 +103,23 @@ public class KerberosIdentityProvider extends AbstractIdentityProvider<KerberosI
logger.trace("Sending back " + HttpHeaders.WWW_AUTHENTICATE + ": " + negotiateHeader);
}
// Error page is rendered just if browser is unable to send Authorization header with SPNEGO token
Response response = request.getSession().getProvider(LoginFormsProvider.class)
Response response;
LoginFormsProvider loginFormsProvider = request.getSession().getProvider(LoginFormsProvider.class)
.setRealm(request.getRealm())
.setUriInfo(request.getUriInfo())
.setClient(request.getClientSession().getClient())
.setStatus(Response.Status.UNAUTHORIZED);
if (request.getClientSession().getUserSession() == null) {
// User not logged. Display HTML with login form as fallback if SPNEGO token not found
response = loginFormsProvider.setClient(request.getClientSession().getClient())
.setClientSessionCode(getRelayState(request))
.setWarning("errorKerberosLogin")
.setStatus(Response.Status.UNAUTHORIZED)
.createLogin();
} else {
// User logged and linking account. Display HTML with error if SPNEGO token not found
response = loginFormsProvider.setError("errorKerberosLinkAccount")
.createErrorPage();
}
response.getMetadata().putSingle(HttpHeaders.WWW_AUTHENTICATE, negotiateHeader);
return AuthenticationResponse.fromResponse(response);

View file

@ -23,6 +23,7 @@
<column name="PROVIDER_ID" type="VARCHAR(255)"/>
<column name="UPDATE_PROFILE_FIRST_LOGIN" type="BOOLEAN(1)"/>
<column name="STORE_TOKEN" type="BOOLEAN(1)"/>
<column name="AUTHENTICATE_BY_DEFAULT" type="BOOLEAN(1)"/>
<column name="REALM_ID" type="VARCHAR(36)"/>
</createTable>
<createTable tableName="IDENTITY_PROVIDER_CONFIG">

View file

@ -8,6 +8,7 @@ import com.mongodb.BasicDBObjectBuilder;
import com.mongodb.DBCollection;
import com.mongodb.DBCursor;
import com.mongodb.DBObject;
import org.keycloak.models.utils.KeycloakModelUtils;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@ -52,11 +53,14 @@ public class Update1_2_0_Beta1 extends Update {
.add("clientSecret", clientSecret).get();
DBObject identityProvider = new BasicDBObjectBuilder()
.add("internalId", KeycloakModelUtils.generateId())
.add("providerId", socialProviderId)
.add("name", socialProviderId)
.add("id", socialProviderId)
.add("updateProfileFirstLogin", updateProfileOnInitialSocialLogin)
.add("enabled", true)
.add("storeToken", false)
.add("authenticateByDefault", false)
.add("config", identityProviderConfig).get();
identityProviders.add(identityProvider);

View file

@ -32,6 +32,7 @@ public class IdentityProviderRepresentation {
protected boolean enabled = true;
protected boolean updateProfileFirstLogin = true;
protected boolean storeToken;
protected boolean authenticateByDefault;
protected String groupName;
protected Map<String, String> config = new HashMap<String, String>();
@ -91,6 +92,14 @@ public class IdentityProviderRepresentation {
this.updateProfileFirstLogin = updateProfileFirstLogin;
}
public boolean isAuthenticateByDefault() {
return authenticateByDefault;
}
public void setAuthenticateByDefault(boolean authenticateByDefault) {
this.authenticateByDefault = authenticateByDefault;
}
public boolean isStoreToken() {
return this.storeToken;
}

View file

@ -653,6 +653,8 @@ module.controller('RealmIdentityProviderCtrl', function($scope, $filter, $upload
$scope.identityProvider.name = providerFactory.name;
$scope.identityProvider.enabled = true;
$scope.identityProvider.updateProfileFirstLogin = true;
// Kerberos is suggested as default provider, others not
$scope.identityProvider.authenticateByDefault = (providerFactory.id === "kerberos");
$scope.newIdentityProvider = true;
}

View file

@ -60,6 +60,13 @@
</div>
<span tooltip-placement="right" tooltip="Indicates if user must update his profile right after the first login." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="authenticateByDefault">Authenticate By Default</label>
<div class="col-sm-4">
<input ng-model="identityProvider.authenticateByDefault" name="identityProvider.authenticateByDefault" id="authenticateByDefault" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="Indicates if this provider should be tried by default for authentication even before displaying login screen" class="fa fa-info-circle"></span>
</div>
</fieldset>
<div class="pull-right form-actions">

View file

@ -113,6 +113,13 @@
</div>
<span tooltip-placement="right" tooltip="Indicates if user must update his profile right after the first login." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="authenticateByDefault">Authenticate By Default</label>
<div class="col-sm-4">
<input ng-model="identityProvider.authenticateByDefault" name="identityProvider.authenticateByDefault" id="authenticateByDefault" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="Indicates if this provider should be tried by default for authentication even before displaying login screen" class="fa fa-info-circle"></span>
</div>
</fieldset>
<div class="pull-right form-actions">

View file

@ -114,6 +114,13 @@
</div>
<span tooltip-placement="right" tooltip="Indicates if user must update his profile right after the first login." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="authenticateByDefault">Authenticate By Default</label>
<div class="col-sm-4">
<input ng-model="identityProvider.authenticateByDefault" name="identityProvider.authenticateByDefault" id="authenticateByDefault" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="Indicates if this provider should be tried by default for authentication even before displaying login screen" class="fa fa-info-circle"></span>
</div>
</fieldset>
<div class="pull-right form-actions">

View file

@ -70,6 +70,13 @@
</div>
<span tooltip-placement="right" tooltip="Indicates if user must update his profile right after the first login." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="authenticateByDefault">Authenticate By Default</label>
<div class="col-sm-4">
<input ng-model="identityProvider.authenticateByDefault" name="identityProvider.authenticateByDefault" id="authenticateByDefault" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="Indicates if this provider should be tried by default for authentication even before displaying login screen" class="fa fa-info-circle"></span>
</div>
</fieldset>
<div class="pull-right form-actions">

View file

@ -34,7 +34,7 @@ invalidPassword=Invalid username or password.
invalidEmail=Invalid email address
accountDisabled=Account is disabled, contact admin
accountTemporarilyDisabled=Account is temporarily disabled, contact admin or try again later
expiredCode=Login timeout or unknown action. Please login again
expiredCode=Login timeout. Please login again
missingFirstName=Please specify first name
missingLastName=Please specify last name
@ -98,7 +98,8 @@ actionPasswordWarning=You need to change your password to activate your account.
actionEmailWarning=You need to verify your email address to activate your account.
actionFollow=Please fill in the fields below.
errorKerberosLogin=Unable to login with Kerberos. Request Kerberos ticket or use different login mechanism
errorKerberosLogin=Kerberos ticket not available. Use different login mechanism
errorKerberosLinkAccount=Kerberos ticket not available.
successHeader=Success!
errorHeader=Error!

View file

@ -52,6 +52,11 @@ public class IdentityProviderModel {
private boolean storeToken;
/**
* Specifies if particular provider should be used by default for authentication even before displaying login screen
*/
private boolean authenticateByDefault;
/**
* <p>A map containing the configuration and properties for a specific identity provider instance and implementation. The items
* in the map are understood by the identity provider implementation.</p>
@ -70,6 +75,7 @@ public class IdentityProviderModel {
this.enabled = model.isEnabled();
this.updateProfileFirstLogin = model.isUpdateProfileFirstLogin();
this.storeToken = model.isStoreToken();
this.authenticateByDefault = model.isAuthenticateByDefault();
}
public String getInternalId() {
@ -128,6 +134,14 @@ public class IdentityProviderModel {
this.storeToken = storeToken;
}
public boolean isAuthenticateByDefault() {
return authenticateByDefault;
}
public void setAuthenticateByDefault(boolean authenticateByDefault) {
this.authenticateByDefault = authenticateByDefault;
}
public Map<String, String> getConfig() {
return this.config;
}

View file

@ -32,6 +32,7 @@ public class IdentityProviderEntity {
private boolean enabled;
private boolean updateProfileFirstLogin;
private boolean storeToken;
private boolean authenticateByDefault;
private Map<String, String> config = new HashMap<String, String>();
@ -67,6 +68,14 @@ public class IdentityProviderEntity {
this.updateProfileFirstLogin = updateProfileFirstLogin;
}
public boolean isAuthenticateByDefault() {
return authenticateByDefault;
}
public void setAuthenticateByDefault(boolean authenticateByDefault) {
this.authenticateByDefault = authenticateByDefault;
}
public boolean isStoreToken() {
return this.storeToken;
}

View file

@ -308,6 +308,7 @@ public class ModelToRepresentation {
providerRep.setEnabled(identityProviderModel.isEnabled());
providerRep.setStoreToken(identityProviderModel.isStoreToken());
providerRep.setUpdateProfileFirstLogin(identityProviderModel.isUpdateProfileFirstLogin());
providerRep.setAuthenticateByDefault(identityProviderModel.isAuthenticateByDefault());
providerRep.setConfig(identityProviderModel.getConfig());
return providerRep;

View file

@ -759,6 +759,7 @@ public class RepresentationToModel {
identityProviderModel.setName(representation.getName());
identityProviderModel.setEnabled(representation.isEnabled());
identityProviderModel.setUpdateProfileFirstLogin(representation.isUpdateProfileFirstLogin());
identityProviderModel.setAuthenticateByDefault(representation.isAuthenticateByDefault());
identityProviderModel.setStoreToken(representation.isStoreToken());
identityProviderModel.setConfig(representation.getConfig());

View file

@ -1120,6 +1120,7 @@ public class RealmAdapter implements RealmModel {
identityProviderModel.setConfig(entity.getConfig());
identityProviderModel.setEnabled(entity.isEnabled());
identityProviderModel.setUpdateProfileFirstLogin(entity.isUpdateProfileFirstLogin());
identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault());
identityProviderModel.setStoreToken(entity.isStoreToken());
identityProviders.add(identityProviderModel);
@ -1150,6 +1151,7 @@ public class RealmAdapter implements RealmModel {
entity.setEnabled(identityProvider.isEnabled());
entity.setStoreToken(identityProvider.isStoreToken());
entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
entity.setConfig(identityProvider.getConfig());
realm.addIdentityProvider(entity);
@ -1176,6 +1178,7 @@ public class RealmAdapter implements RealmModel {
entity.setName(identityProvider.getName());
entity.setEnabled(identityProvider.isEnabled());
entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
entity.setStoreToken(identityProvider.isStoreToken());
entity.setConfig(identityProvider.getConfig());
}

View file

@ -50,6 +50,9 @@ public class IdentityProviderEntity {
@Column(name="STORE_TOKEN")
private boolean storeToken;
@Column(name="AUTHENTICATE_BY_DEFAULT")
private boolean authenticateByDefault;
@ElementCollection
@MapKeyColumn(name="name")
@Column(name="value", columnDefinition = "TEXT")
@ -120,6 +123,14 @@ public class IdentityProviderEntity {
this.storeToken = storeToken;
}
public boolean isAuthenticateByDefault() {
return authenticateByDefault;
}
public void setAuthenticateByDefault(boolean authenticateByDefault) {
this.authenticateByDefault = authenticateByDefault;
}
public Map<String, String> getConfig() {
return this.config;
}

View file

@ -251,7 +251,8 @@ public class MongoUserProvider implements UserProvider {
@Override
public FederatedIdentityModel getFederatedIdentity(UserModel user, String socialProvider, RealmModel realm) {
FederatedIdentityEntity federatedIdentityEntity = findSocialLink(user, socialProvider, realm);
return federatedIdentityEntity != null ? new FederatedIdentityModel(federatedIdentityEntity.getIdentityProvider(), federatedIdentityEntity.getUserId(), federatedIdentityEntity.getUserName()) : null;
return federatedIdentityEntity != null ? new FederatedIdentityModel(federatedIdentityEntity.getIdentityProvider(), federatedIdentityEntity.getUserId(),
federatedIdentityEntity.getUserName(), federatedIdentityEntity.getToken()) : null;
}
@Override

View file

@ -796,6 +796,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
identityProviderModel.setConfig(entity.getConfig());
identityProviderModel.setEnabled(entity.isEnabled());
identityProviderModel.setUpdateProfileFirstLogin(entity.isUpdateProfileFirstLogin());
identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault());
identityProviderModel.setStoreToken(entity.isStoreToken());
identityProviders.add(identityProviderModel);
@ -825,6 +826,8 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
entity.setName(identityProvider.getName());
entity.setEnabled(identityProvider.isEnabled());
entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
entity.setStoreToken(identityProvider.isStoreToken());
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
entity.setConfig(identityProvider.getConfig());
realm.getIdentityProviders().add(entity);
@ -851,6 +854,7 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
entity.setName(identityProvider.getName());
entity.setEnabled(identityProvider.isEnabled());
entity.setUpdateProfileFirstLogin(identityProvider.isUpdateProfileFirstLogin());
entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault());
entity.setStoreToken(identityProvider.isStoreToken());
entity.setConfig(identityProvider.getConfig());
}

View file

@ -877,9 +877,7 @@ public class OpenIDConnectService {
.setError("Could not find an identity provider with the identifier [" + idpHint + "].")
.createErrorPage();
}
return Response.temporaryRedirect(
Urls.identityProviderAuthnRequest(this.uriInfo.getBaseUri(), idpHint, this.realm.getName(), accessCode)).build();
return redirectToIdentityProvider(idpHint, accessCode);
}
response = authManager.checkNonFormAuthentication(session, clientSession, realm, uriInfo, request, clientConnection, headers, event);
@ -890,16 +888,18 @@ public class OpenIDConnectService {
return oauth.cancelLogin(clientSession);
}
List<RequiredCredentialModel> requiredCredentials = realm.getRequiredCredentials();
if (requiredCredentials.isEmpty()) {
List<IdentityProviderModel> identityProviders = realm.getIdentityProviders();
for (IdentityProviderModel identityProvider : identityProviders) {
if (identityProvider.isAuthenticateByDefault()) {
return redirectToIdentityProvider(identityProvider.getId(), accessCode);
}
}
List<RequiredCredentialModel> requiredCredentials = realm.getRequiredCredentials();
if (requiredCredentials.isEmpty()) {
if (!identityProviders.isEmpty()) {
if (identityProviders.size() == 1) {
return Response.temporaryRedirect(
Urls.identityProviderAuthnRequest(this.uriInfo.getBaseUri(), identityProviders.get(0).getId(), this.realm.getName(), accessCode))
.build();
return redirectToIdentityProvider(identityProviders.get(0).getId(), accessCode);
}
return Flows.forms(session, realm, null, uriInfo).setError("Realm [" + this.realm.getName() + "] supports multiple identity providers. Could not determine which identity provider should be used to authenticate with.").createErrorPage();
@ -1197,6 +1197,13 @@ public class OpenIDConnectService {
return Response.status(status).entity(e).type("application/json").build();
}
private Response redirectToIdentityProvider(String providerId, String accessCode) {
logger.debug("Automatically redirect to identity provider: " + providerId);
return Response.temporaryRedirect(
Urls.identityProviderAuthnRequest(this.uriInfo.getBaseUri(), providerId, this.realm.getName(), accessCode))
.build();
}
TokenManager getTokenManager() {
return this.tokenManager;
}

View file

@ -80,6 +80,7 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
identityProviderModel.setEnabled(false);
identityProviderModel.setUpdateProfileFirstLogin(false);
identityProviderModel.setStoreToken(true);
identityProviderModel.setAuthenticateByDefault(true);
realm.updateIdentityProvider(identityProviderModel);
@ -94,11 +95,13 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
assertFalse(identityProviderModel.isEnabled());
assertFalse(identityProviderModel.isUpdateProfileFirstLogin());
assertTrue(identityProviderModel.isStoreToken());
assertTrue(identityProviderModel.isAuthenticateByDefault());
identityProviderModel.setName("Changed Name Again");
identityProviderModel.getConfig().remove("config-added");
identityProviderModel.setEnabled(true);
identityProviderModel.setUpdateProfileFirstLogin(true);
identityProviderModel.setAuthenticateByDefault(false);
realm.updateIdentityProvider(identityProviderModel);
@ -109,8 +112,9 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
assertEquals("Changed Name Again", identityProviderModel.getName());
assertFalse(identityProviderModel.getConfig().containsKey("config-added"));
assertEquals(true, identityProviderModel.isEnabled());
assertEquals(true, identityProviderModel.isUpdateProfileFirstLogin());
assertTrue(identityProviderModel.isEnabled());
assertTrue(identityProviderModel.isUpdateProfileFirstLogin());
assertFalse(identityProviderModel.isAuthenticateByDefault());
}
@Test
@ -175,6 +179,8 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
assertEquals("Google", config.getName());
assertEquals(true, config.isEnabled());
assertEquals(true, config.isUpdateProfileFirstLogin());
assertEquals(false, config.isAuthenticateByDefault());
assertEquals(true, config.isStoreToken());
assertEquals("clientId", config.getClientId());
assertEquals("clientSecret", config.getClientSecret());
assertEquals(GoogleIdentityProvider.AUTH_URL, config.getAuthorizationUrl());
@ -192,6 +198,8 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
assertEquals("SAML Signed IdP", config.getName());
assertEquals(true, config.isEnabled());
assertEquals(true, config.isUpdateProfileFirstLogin());
assertEquals(false, config.isAuthenticateByDefault());
assertEquals(false, config.isStoreToken());
assertEquals("http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml", config.getSingleSignOnServiceUrl());
assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", config.getNameIDPolicyFormat());
assertEquals("MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin", config.getSigningCertificate());
@ -211,6 +219,8 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
assertEquals("OIDC IdP", config.getName());
assertEquals(false, config.isEnabled());
assertEquals(false, config.isUpdateProfileFirstLogin());
assertEquals(false, config.isAuthenticateByDefault());
assertEquals(false, config.isStoreToken());
assertEquals("clientId", config.getClientId());
assertEquals("clientSecret", config.getClientSecret());
}
@ -224,6 +234,8 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
assertEquals("Facebook", config.getName());
assertEquals(true, config.isEnabled());
assertEquals(true, config.isUpdateProfileFirstLogin());
assertEquals(false, config.isAuthenticateByDefault());
assertEquals(false, config.isStoreToken());
assertEquals("clientId", config.getClientId());
assertEquals("clientSecret", config.getClientSecret());
assertEquals(FacebookIdentityProvider.AUTH_URL, config.getAuthorizationUrl());
@ -240,6 +252,8 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
assertEquals("GitHub", config.getName());
assertEquals(true, config.isEnabled());
assertEquals(true, config.isUpdateProfileFirstLogin());
assertEquals(false, config.isAuthenticateByDefault());
assertEquals(false, config.isStoreToken());
assertEquals("clientId", config.getClientId());
assertEquals("clientSecret", config.getClientSecret());
assertEquals(GitHubIdentityProvider.AUTH_URL, config.getAuthorizationUrl());
@ -256,6 +270,8 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
assertEquals("Twitter", config.getName());
assertEquals(true, config.isEnabled());
assertEquals(true, config.isUpdateProfileFirstLogin());
assertEquals(false, config.isAuthenticateByDefault());
assertEquals(true, config.isStoreToken());
assertEquals("clientId", config.getClientId());
assertEquals("clientSecret", config.getClientSecret());
}
@ -269,6 +285,7 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
assertEquals("Kerberos", config.getName());
assertEquals(true, config.isEnabled());
assertEquals(true, config.isUpdateProfileFirstLogin());
assertEquals(false, config.isAuthenticateByDefault());
assertEquals("HTTP/server.domain.org@DOMAIN.ORG", config.getServerPrincipal());
assertEquals("/etc/http.keytab", config.getKeyTab());
assertTrue(config.getDebug());

View file

@ -286,7 +286,7 @@ public class LoginTest {
loginPage.login("login@test.com", "password");
loginPage.assertCurrent();
Assert.assertEquals("Login timeout or unknown action. Please login again", loginPage.getError());
Assert.assertEquals("Login timeout. Please login again", loginPage.getError());
events.expectLogin().user((String) null).session((String) null).error("expired_code").clearDetails().assertEvent();

View file

@ -164,7 +164,7 @@ public class LoginTotpTest {
loginTotpPage.login(totp.generate("totpSecret"));
loginPage.assertCurrent();
Assert.assertEquals("Login timeout or unknown action. Please login again", loginPage.getError());
Assert.assertEquals("Login timeout. Please login again", loginPage.getError());
AssertEvents.ExpectedEvent expectedEvent = events.expectLogin().error("expired_code")
.user((String)null)

View file

@ -15,6 +15,7 @@
"name" : "Google",
"enabled": true,
"updateProfileFirstLogin" : "true",
"storeToken": "true",
"config": {
"clientId": "clientId",
"clientSecret": "clientSecret"
@ -40,6 +41,7 @@
"name" : "GitHub",
"enabled": true,
"updateProfileFirstLogin" : "true",
"storeToken": "false",
"config": {
"authorizationUrl": "authorizationUrl",
"tokenUrl": "tokenUrl",
@ -54,6 +56,7 @@
"name" : "Twitter",
"enabled": true,
"updateProfileFirstLogin" : "true",
"storeToken": true,
"config": {
"authorizationUrl": "authorizationUrl",
"tokenUrl": "tokenUrl",
@ -116,6 +119,7 @@
"name" : "OIDC IdP",
"enabled": false,
"updateProfileFirstLogin" : "false",
"authenticateByDefault" : "false",
"config": {
"clientId": "clientId",
"clientSecret": "clientSecret",
@ -148,6 +152,7 @@
"name" : "Kerberos",
"enabled": true,
"updateProfileFirstLogin" : "true",
"authenticateByDefault" : "false",
"config": {
"serverPrincipal": "HTTP/server.domain.org@DOMAIN.ORG",
"keyTab": "/etc/http.keytab",