blah

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-01 17:33:48 -08:00 · 2024-02-01 17:33:48 -08:00 · 66f0d2ff1d
commit 66f0d2ff1d
parent d9d41b1a09
2 changed files with 55 additions and 6 deletions
--- a/model/storage-private/src/main/java/org/keycloak/storage/datastore/DefaultExportImportManager.java
+++ b/model/storage-private/src/main/java/org/keycloak/storage/datastore/DefaultExportImportManager.java
@ -815,11 +815,15 @@ public class DefaultExportImportManager implements ExportImportManager {
            realm.setPasswordPolicy(PasswordPolicy.parse(session, rep.getPasswordPolicy()));
        if (rep.getOtpPolicyType() != null) realm.setOTPPolicy(toPolicy(rep));

-        WebAuthnPolicy webAuthnPolicy = getWebAuthnPolicyTwoFactor(rep);
-        realm.setWebAuthnPolicy(webAuthnPolicy);
+        if (rep.getWebAuthnPolicyRpEntityName() != null && !rep.getWebAuthnPolicyRpEntityName().isEmpty()) {
+            WebAuthnPolicy webAuthnPolicy = getWebAuthnPolicyTwoFactor(rep);
+            realm.setWebAuthnPolicy(webAuthnPolicy);
+        }

-        webAuthnPolicy = getWebAuthnPolicyPasswordless(rep);
-        realm.setWebAuthnPolicyPasswordless(webAuthnPolicy);
+        if (rep.getWebAuthnPolicyPasswordlessRpEntityName() != null && !rep.getWebAuthnPolicyPasswordlessRpEntityName().isEmpty()) {
+            WebAuthnPolicy webAuthnPolicy = getWebAuthnPolicyPasswordless(rep);
+            realm.setWebAuthnPolicyPasswordless(webAuthnPolicy);
+        }

        updateCibaSettings(rep, realm);
        updateParSettings(rep, realm);
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
@ -275,7 +275,7 @@ public class RealmTest extends AbstractAdminTest {
        rep.setRealm("attributes");
        rep.setDisplayName("DISPLAY_NAME");
        rep.setDisplayNameHtml("DISPLAY_NAME_HTML");
-        rep.setDefaultSignatureAlgorithm("HS256");
+        rep.setDefaultSignatureAlgorithm("RS256");
        rep.setBruteForceProtected(true);
        rep.setPermanentLockout(true);
        rep.setMaxFailureWaitSeconds(dummyInt);
@ -289,6 +289,28 @@ public class RealmTest extends AbstractAdminTest {
        rep.setOfflineSessionMaxLifespanEnabled(true);
        rep.setOfflineSessionMaxLifespan(dummyInt);

+        rep.setWebAuthnPolicyRpEntityName("RP_ENTITY_NAME");
+        rep.setWebAuthnPolicySignatureAlgorithms(Collections.singletonList("RS256"));
+        rep.setWebAuthnPolicyRpId("localhost");
+        rep.setWebAuthnPolicyAttestationConveyancePreference("Direct");
+        rep.setWebAuthnPolicyAuthenticatorAttachment("Platform");
+        rep.setWebAuthnPolicyRequireResidentKey("Yes");
+        rep.setWebAuthnPolicyUserVerificationRequirement("Required");
+        rep.setWebAuthnPolicyCreateTimeout(dummyInt);
+        rep.setWebAuthnPolicyAvoidSameAuthenticatorRegister(true);
+        rep.setWebAuthnPolicyAcceptableAaguids(Collections.singletonList("00000000-0000-0000-0000-000000000000"));
+
+        rep.setWebAuthnPolicyPasswordlessRpEntityName("RP_ENTITY_NAME");
+        rep.setWebAuthnPolicyPasswordlessSignatureAlgorithms(Collections.singletonList("RS256"));
+        rep.setWebAuthnPolicyPasswordlessRpId("localhost");
+        rep.setWebAuthnPolicyPasswordlessAttestationConveyancePreference("Direct");
+        rep.setWebAuthnPolicyPasswordlessAuthenticatorAttachment("Platform");
+        rep.setWebAuthnPolicyPasswordlessRequireResidentKey("Yes");
+        rep.setWebAuthnPolicyPasswordlessUserVerificationRequirement("Required");
+        rep.setWebAuthnPolicyPasswordlessCreateTimeout(dummyInt);
+        rep.setWebAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister(true);
+        rep.setWebAuthnPolicyPasswordlessAcceptableAaguids(Collections.singletonList("00000000-0000-0000-0000-000000000000"));
+
        adminClient.realms().create(rep);
        getCleanup().addCleanup(() -> adminClient.realms().realm("attributes").remove());

@ -299,7 +321,7 @@ public class RealmTest extends AbstractAdminTest {
        rep = adminClient.realm("attributes").toRepresentation();
        assertEquals("DISPLAY_NAME", rep.getDisplayName());
        assertEquals("DISPLAY_NAME_HTML", rep.getDisplayNameHtml());
-        assertEquals("HS256", rep.getDefaultSignatureAlgorithm());
+        assertEquals("RS256", rep.getDefaultSignatureAlgorithm());
        assertTrue(rep.isBruteForceProtected());
        assertTrue(rep.isPermanentLockout());
        assertEquals(dummyInt, rep.getMaxFailureWaitSeconds());
@ -312,6 +334,28 @@ public class RealmTest extends AbstractAdminTest {
        assertEquals(dummyInt, rep.getActionTokenGeneratedByUserLifespan());
        assertTrue(rep.getOfflineSessionMaxLifespanEnabled());
        assertEquals(dummyInt, rep.getOfflineSessionMaxLifespan());
+
+        assertEquals("RP_ENTITY_NAME", rep.getWebAuthnPolicyRpEntityName());
+        assertEquals(Collections.singletonList("RS256"), rep.getWebAuthnPolicySignatureAlgorithms());
+        assertEquals("localhost", rep.getWebAuthnPolicyRpId());
+        assertEquals("Direct", rep.getWebAuthnPolicyAttestationConveyancePreference());
+        assertEquals("Platform", rep.getWebAuthnPolicyAuthenticatorAttachment());
+        assertEquals("Yes", rep.getWebAuthnPolicyRequireResidentKey());
+        assertEquals("Required", rep.getWebAuthnPolicyUserVerificationRequirement());
+        assertEquals(dummyInt, rep.getWebAuthnPolicyCreateTimeout());
+        assertTrue(rep.isWebAuthnPolicyAvoidSameAuthenticatorRegister());
+        assertEquals(Collections.singletonList("00000000-0000-0000-0000-000000000000"), rep.getWebAuthnPolicyAcceptableAaguids());
+
+        assertEquals("RP_ENTITY_NAME", rep.getWebAuthnPolicyPasswordlessRpEntityName());
+        assertEquals(Collections.singletonList("RS256"), rep.getWebAuthnPolicyPasswordlessSignatureAlgorithms());
+        assertEquals("localhost", rep.getWebAuthnPolicyPasswordlessRpId());
+        assertEquals("Direct", rep.getWebAuthnPolicyPasswordlessAttestationConveyancePreference());
+        assertEquals("Platform", rep.getWebAuthnPolicyPasswordlessAuthenticatorAttachment());
+        assertEquals("Yes", rep.getWebAuthnPolicyPasswordlessRequireResidentKey());
+        assertEquals("Required", rep.getWebAuthnPolicyPasswordlessUserVerificationRequirement());
+        assertEquals(dummyInt, rep.getWebAuthnPolicyPasswordlessCreateTimeout());
+        assertTrue(rep.isWebAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister());
+        assertEquals(Collections.singletonList("00000000-0000-0000-0000-000000000000"), rep.getWebAuthnPolicyPasswordlessAcceptableAaguids());
    }

    @Test
@ -618,6 +662,7 @@ public class RealmTest extends AbstractAdminTest {
        rep.getAttributes().put("foo1", "bar1");
        rep.getAttributes().put("foo2", "bar2");

+        rep.setWebAuthnPolicyRpEntityName("keycloak");
        rep.setWebAuthnPolicyAcceptableAaguids(webAuthnPolicyAcceptableAaguids);
        rep.setBruteForceProtected(true);
        rep.setDisplayName("dn1");