libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

blah

Browse source 
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
This commit is contained in:
Douglas Palmer 2024-02-01 17:33:48 -08:00 committed by Pedro Igor
parent d9d41b1a09
commit 66f0d2ff1d
2 changed files with 55 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
model/storage-private/src/main/java/org/keycloak/storage/datastore/DefaultExportImportManager.java
View file

@ -815,11 +815,15 @@ public class DefaultExportImportManager implements ExportImportManager {
realm.setPasswordPolicy(PasswordPolicy.parse(session, rep.getPasswordPolicy())); realm.setPasswordPolicy(PasswordPolicy.parse(session, rep.getPasswordPolicy()));
if (rep.getOtpPolicyType() != null) realm.setOTPPolicy(toPolicy(rep)); if (rep.getOtpPolicyType() != null) realm.setOTPPolicy(toPolicy(rep));
WebAuthnPolicy webAuthnPolicy = getWebAuthnPolicyTwoFactor(rep); if (rep.getWebAuthnPolicyRpEntityName() != null && !rep.getWebAuthnPolicyRpEntityName().isEmpty()) {
realm.setWebAuthnPolicy(webAuthnPolicy); WebAuthnPolicy webAuthnPolicy = getWebAuthnPolicyTwoFactor(rep);
realm.setWebAuthnPolicy(webAuthnPolicy);
}
webAuthnPolicy = getWebAuthnPolicyPasswordless(rep); if (rep.getWebAuthnPolicyPasswordlessRpEntityName() != null && !rep.getWebAuthnPolicyPasswordlessRpEntityName().isEmpty()) {
realm.setWebAuthnPolicyPasswordless(webAuthnPolicy); WebAuthnPolicy webAuthnPolicy = getWebAuthnPolicyPasswordless(rep);
realm.setWebAuthnPolicyPasswordless(webAuthnPolicy);
}
updateCibaSettings(rep, realm); updateCibaSettings(rep, realm);
updateParSettings(rep, realm); updateParSettings(rep, realm);

49
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
View file

@ -275,7 +275,7 @@ public class RealmTest extends AbstractAdminTest {
rep.setRealm("attributes"); rep.setRealm("attributes");
rep.setDisplayName("DISPLAY_NAME"); rep.setDisplayName("DISPLAY_NAME");
rep.setDisplayNameHtml("DISPLAY_NAME_HTML"); rep.setDisplayNameHtml("DISPLAY_NAME_HTML");
rep.setDefaultSignatureAlgorithm("HS256"); rep.setDefaultSignatureAlgorithm("RS256");
rep.setBruteForceProtected(true); rep.setBruteForceProtected(true);
rep.setPermanentLockout(true); rep.setPermanentLockout(true);
rep.setMaxFailureWaitSeconds(dummyInt); rep.setMaxFailureWaitSeconds(dummyInt);
@ -289,6 +289,28 @@ public class RealmTest extends AbstractAdminTest {
rep.setOfflineSessionMaxLifespanEnabled(true); rep.setOfflineSessionMaxLifespanEnabled(true);
rep.setOfflineSessionMaxLifespan(dummyInt); rep.setOfflineSessionMaxLifespan(dummyInt);
rep.setWebAuthnPolicyRpEntityName("RP_ENTITY_NAME");
rep.setWebAuthnPolicySignatureAlgorithms(Collections.singletonList("RS256"));
rep.setWebAuthnPolicyRpId("localhost");
rep.setWebAuthnPolicyAttestationConveyancePreference("Direct");
rep.setWebAuthnPolicyAuthenticatorAttachment("Platform");
rep.setWebAuthnPolicyRequireResidentKey("Yes");
rep.setWebAuthnPolicyUserVerificationRequirement("Required");
rep.setWebAuthnPolicyCreateTimeout(dummyInt);
rep.setWebAuthnPolicyAvoidSameAuthenticatorRegister(true);
rep.setWebAuthnPolicyAcceptableAaguids(Collections.singletonList("00000000-0000-0000-0000-000000000000"));
rep.setWebAuthnPolicyPasswordlessRpEntityName("RP_ENTITY_NAME");
rep.setWebAuthnPolicyPasswordlessSignatureAlgorithms(Collections.singletonList("RS256"));
rep.setWebAuthnPolicyPasswordlessRpId("localhost");
rep.setWebAuthnPolicyPasswordlessAttestationConveyancePreference("Direct");
rep.setWebAuthnPolicyPasswordlessAuthenticatorAttachment("Platform");
rep.setWebAuthnPolicyPasswordlessRequireResidentKey("Yes");
rep.setWebAuthnPolicyPasswordlessUserVerificationRequirement("Required");
rep.setWebAuthnPolicyPasswordlessCreateTimeout(dummyInt);
rep.setWebAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister(true);
rep.setWebAuthnPolicyPasswordlessAcceptableAaguids(Collections.singletonList("00000000-0000-0000-0000-000000000000"));
adminClient.realms().create(rep); adminClient.realms().create(rep);
getCleanup().addCleanup(() -> adminClient.realms().realm("attributes").remove()); getCleanup().addCleanup(() -> adminClient.realms().realm("attributes").remove());
@ -299,7 +321,7 @@ public class RealmTest extends AbstractAdminTest {
rep = adminClient.realm("attributes").toRepresentation(); rep = adminClient.realm("attributes").toRepresentation();
assertEquals("DISPLAY_NAME", rep.getDisplayName()); assertEquals("DISPLAY_NAME", rep.getDisplayName());
assertEquals("DISPLAY_NAME_HTML", rep.getDisplayNameHtml()); assertEquals("DISPLAY_NAME_HTML", rep.getDisplayNameHtml());
assertEquals("HS256", rep.getDefaultSignatureAlgorithm()); assertEquals("RS256", rep.getDefaultSignatureAlgorithm());
assertTrue(rep.isBruteForceProtected()); assertTrue(rep.isBruteForceProtected());
assertTrue(rep.isPermanentLockout()); assertTrue(rep.isPermanentLockout());
assertEquals(dummyInt, rep.getMaxFailureWaitSeconds()); assertEquals(dummyInt, rep.getMaxFailureWaitSeconds());
@ -312,6 +334,28 @@ public class RealmTest extends AbstractAdminTest {
assertEquals(dummyInt, rep.getActionTokenGeneratedByUserLifespan()); assertEquals(dummyInt, rep.getActionTokenGeneratedByUserLifespan());
assertTrue(rep.getOfflineSessionMaxLifespanEnabled()); assertTrue(rep.getOfflineSessionMaxLifespanEnabled());
assertEquals(dummyInt, rep.getOfflineSessionMaxLifespan()); assertEquals(dummyInt, rep.getOfflineSessionMaxLifespan());
assertEquals("RP_ENTITY_NAME", rep.getWebAuthnPolicyRpEntityName());
assertEquals(Collections.singletonList("RS256"), rep.getWebAuthnPolicySignatureAlgorithms());
assertEquals("localhost", rep.getWebAuthnPolicyRpId());
assertEquals("Direct", rep.getWebAuthnPolicyAttestationConveyancePreference());
assertEquals("Platform", rep.getWebAuthnPolicyAuthenticatorAttachment());
assertEquals("Yes", rep.getWebAuthnPolicyRequireResidentKey());
assertEquals("Required", rep.getWebAuthnPolicyUserVerificationRequirement());
assertEquals(dummyInt, rep.getWebAuthnPolicyCreateTimeout());
assertTrue(rep.isWebAuthnPolicyAvoidSameAuthenticatorRegister());
assertEquals(Collections.singletonList("00000000-0000-0000-0000-000000000000"), rep.getWebAuthnPolicyAcceptableAaguids());
assertEquals("RP_ENTITY_NAME", rep.getWebAuthnPolicyPasswordlessRpEntityName());
assertEquals(Collections.singletonList("RS256"), rep.getWebAuthnPolicyPasswordlessSignatureAlgorithms());
assertEquals("localhost", rep.getWebAuthnPolicyPasswordlessRpId());
assertEquals("Direct", rep.getWebAuthnPolicyPasswordlessAttestationConveyancePreference());
assertEquals("Platform", rep.getWebAuthnPolicyPasswordlessAuthenticatorAttachment());
assertEquals("Yes", rep.getWebAuthnPolicyPasswordlessRequireResidentKey());
assertEquals("Required", rep.getWebAuthnPolicyPasswordlessUserVerificationRequirement());
assertEquals(dummyInt, rep.getWebAuthnPolicyPasswordlessCreateTimeout());
assertTrue(rep.isWebAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister());
assertEquals(Collections.singletonList("00000000-0000-0000-0000-000000000000"), rep.getWebAuthnPolicyPasswordlessAcceptableAaguids());
} }
@Test @Test
@ -618,6 +662,7 @@ public class RealmTest extends AbstractAdminTest {
rep.getAttributes().put("foo1", "bar1"); rep.getAttributes().put("foo1", "bar1");
rep.getAttributes().put("foo2", "bar2"); rep.getAttributes().put("foo2", "bar2");
rep.setWebAuthnPolicyRpEntityName("keycloak");
rep.setWebAuthnPolicyAcceptableAaguids(webAuthnPolicyAcceptableAaguids); rep.setWebAuthnPolicyAcceptableAaguids(webAuthnPolicyAcceptableAaguids);
rep.setBruteForceProtected(true); rep.setBruteForceProtected(true);
rep.setDisplayName("dn1"); rep.setDisplayName("dn1");