IDP SAML testing (#3713)
This commit is contained in:
parent
12e715e465
commit
9d63ad0dea
3 changed files with 284 additions and 0 deletions
|
@ -6,6 +6,7 @@ import ListingPage from "../support/pages/admin_console/ListingPage";
|
|||
import CreateProviderPage from "../support/pages/admin_console/manage/identity_providers/CreateProviderPage";
|
||||
import ModalUtils from "../support/util/ModalUtils";
|
||||
import AddMapperPage from "../support/pages/admin_console/manage/identity_providers/AddMapperPage";
|
||||
import ProviderSAMLSettings from "../support/pages/admin_console/manage/identity_providers/social/ProviderSAMLSettings";
|
||||
|
||||
describe("SAML identity provider test", () => {
|
||||
const loginPage = new LoginPage();
|
||||
|
@ -148,6 +149,32 @@ describe("SAML identity provider test", () => {
|
|||
masthead.checkNotificationMessage(saveMapperSuccessMsg, true);
|
||||
});
|
||||
|
||||
it("should edit SAML settings", () => {
|
||||
const providerSAMLSettings = new ProviderSAMLSettings();
|
||||
|
||||
sidebarPage.goToIdentityProviders();
|
||||
listingPage.goToItemDetails(samlProviderName);
|
||||
providerSAMLSettings.disableProviderSwitch();
|
||||
sidebarPage.goToIdentityProviders();
|
||||
cy.findByText("Disabled");
|
||||
listingPage.goToItemDetails(samlProviderName);
|
||||
providerSAMLSettings.enableProviderSwitch();
|
||||
|
||||
cy.get(".pf-c-jump-links__list").contains("SAML settings").click();
|
||||
providerSAMLSettings.assertIdAndURLFields();
|
||||
providerSAMLSettings.assertNameIdPolicyFormat();
|
||||
providerSAMLSettings.assertPrincipalType();
|
||||
providerSAMLSettings.assertSAMLSwitches();
|
||||
providerSAMLSettings.assertSignatureAlgorithm();
|
||||
providerSAMLSettings.assertValidateSignatures();
|
||||
providerSAMLSettings.assertTextFields();
|
||||
|
||||
cy.get(".pf-c-jump-links__list")
|
||||
.contains("Requested AuthnContext Constraints")
|
||||
.click();
|
||||
providerSAMLSettings.assertAuthnContext();
|
||||
});
|
||||
|
||||
it("clean up providers", () => {
|
||||
const modalUtils = new ModalUtils();
|
||||
|
||||
|
|
|
@ -0,0 +1,248 @@
|
|||
import PageObject from "../../../components/PageObject";
|
||||
import Masthead from "../../../Masthead";
|
||||
|
||||
const masthead = new Masthead();
|
||||
|
||||
export default class ProviderSAMLSettings extends PageObject {
|
||||
private samlSwitch = "#Saml-switch";
|
||||
private modalConfirm = "#modal-confirm";
|
||||
private serviceProviderEntityID = "serviceProviderEntityId";
|
||||
private identityProviderEntityId = "identityProviderEntityId";
|
||||
private ssoServiceUrl = "sso-service-url";
|
||||
private singleLogoutServiceUrl = "single-logout-service-url";
|
||||
private nameIdPolicyFormat = "#kc-nameIdPolicyFormat";
|
||||
private principalType = "#kc-principalType";
|
||||
private principalAttribute = "principalAttribute";
|
||||
private principalSubjectNameId = "subjectNameId-option";
|
||||
private principalAttributeName = "attributeName-option";
|
||||
private principalFriendlyAttribute = "attributeFriendlyName-option";
|
||||
|
||||
private transientPolicy = "transient-option";
|
||||
private emailPolicy = "email-option";
|
||||
private kerberosPolicy = "kerberos-option";
|
||||
private x509Policy = "x509-option";
|
||||
private windowsDomainQNPolicy = "windowsDomainQN-option";
|
||||
private unspecifiedPolicy = "unspecified-option";
|
||||
private persistentPolicy = "persistent-option";
|
||||
|
||||
private allowCreate = "#allowCreate";
|
||||
private httpPostBindingResponse = "#httpPostBindingResponse";
|
||||
private httpPostBindingAuthnRequest = "#httpPostBindingAuthnRequest";
|
||||
private httpPostBindingLogout = "#httpPostBindingLogout";
|
||||
private wantAuthnRequestsSigned = "#wantAuthnRequestsSigned";
|
||||
|
||||
private signatureAlgorithm = "#kc-signatureAlgorithm";
|
||||
private samlSignatureKeyName = "#kc-samlSignatureKeyName";
|
||||
|
||||
private wantAssertionsSigned = "#wantAssertionsSigned";
|
||||
private wantAssertionsEncrypted = "#wantAssertionsEncrypted";
|
||||
private forceAuthentication = "#forceAuthentication";
|
||||
private validateSignature = "#validateSignature";
|
||||
private validatingX509Certs = "validatingX509Certs";
|
||||
private signServiceProviderMetadata = "#signServiceProviderMetadata";
|
||||
private passSubject = "#passSubject";
|
||||
private allowedClockSkew = "allowedClockSkew";
|
||||
private attributeConsumingServiceIndex = "attributeConsumingServiceIndex";
|
||||
private attributeConsumingServiceName = "attributeConsumingServiceName";
|
||||
|
||||
private comparison = "#comparison";
|
||||
private saveBtn = "save";
|
||||
private revertBtn = "revert";
|
||||
|
||||
public clickSaveBtn() {
|
||||
cy.findByTestId(this.saveBtn).click();
|
||||
}
|
||||
|
||||
public clickRevertBtn() {
|
||||
cy.findByTestId(this.revertBtn).click();
|
||||
}
|
||||
|
||||
public enableProviderSwitch() {
|
||||
cy.get(this.samlSwitch).parent().click();
|
||||
masthead.checkNotificationMessage("Provider successfully updated");
|
||||
}
|
||||
|
||||
public disableProviderSwitch() {
|
||||
cy.get(this.samlSwitch).parent().click();
|
||||
cy.get(this.modalConfirm).click();
|
||||
masthead.checkNotificationMessage("Provider successfully updated");
|
||||
}
|
||||
|
||||
public typeServiceProviderEntityId(entityId: string) {
|
||||
cy.findByTestId(this.serviceProviderEntityID)
|
||||
.click()
|
||||
.clear()
|
||||
.type(entityId);
|
||||
return this;
|
||||
}
|
||||
|
||||
public typeIdentityProviderEntityId(entityId: string) {
|
||||
cy.findByTestId(this.identityProviderEntityId)
|
||||
.click()
|
||||
.clear()
|
||||
.type(entityId);
|
||||
return this;
|
||||
}
|
||||
|
||||
public typeSsoServiceUrl(url: string) {
|
||||
cy.findByTestId(this.ssoServiceUrl).click().clear().type(url);
|
||||
return this;
|
||||
}
|
||||
|
||||
public typeSingleLogoutServiceUrl(url: string) {
|
||||
cy.findByTestId(this.singleLogoutServiceUrl).click().clear().type(url);
|
||||
return this;
|
||||
}
|
||||
|
||||
public typeX509Certs(cert: string) {
|
||||
cy.findByTestId(this.validatingX509Certs).click().clear().type(cert);
|
||||
return this;
|
||||
}
|
||||
|
||||
public selectNamePolicyIdFormat() {
|
||||
cy.get(this.nameIdPolicyFormat).scrollIntoView().click();
|
||||
}
|
||||
|
||||
public selectPrincipalFormat() {
|
||||
cy.get(this.principalType).scrollIntoView().click();
|
||||
}
|
||||
|
||||
public selectSignatureAlgorithm(algorithm: string) {
|
||||
cy.get(this.signatureAlgorithm).scrollIntoView().click();
|
||||
cy.findByText(algorithm).click();
|
||||
}
|
||||
|
||||
public selectSAMLSignature(key: string) {
|
||||
cy.get(this.samlSignatureKeyName).scrollIntoView().click();
|
||||
cy.findByText(key).click();
|
||||
}
|
||||
|
||||
public selectComparison(comparison: string) {
|
||||
cy.get(this.comparison).scrollIntoView().click();
|
||||
cy.findByText(comparison).scrollIntoView().click();
|
||||
}
|
||||
|
||||
public assertIdAndURLFields() {
|
||||
const ssoServiceUrlError =
|
||||
"Could not update the provider The url [singleSignOnServiceUrl] is malformed";
|
||||
const singleLogoutServiceUrlError =
|
||||
"Could not update the provider The url [singleLogoutServiceUrl] is malformed";
|
||||
this.typeServiceProviderEntityId("ServiceProviderEntityId");
|
||||
this.typeIdentityProviderEntityId("IdentityProviderEntityId");
|
||||
this.clickSaveBtn();
|
||||
|
||||
this.typeSsoServiceUrl("Not a real URL");
|
||||
this.clickSaveBtn();
|
||||
masthead.checkNotificationMessage(ssoServiceUrlError);
|
||||
this.clickRevertBtn();
|
||||
|
||||
this.typeSingleLogoutServiceUrl("Not a real URL");
|
||||
this.clickSaveBtn();
|
||||
masthead.checkNotificationMessage(singleLogoutServiceUrlError);
|
||||
return this;
|
||||
}
|
||||
|
||||
public assertNameIdPolicyFormat() {
|
||||
this.selectNamePolicyIdFormat();
|
||||
cy.findByTestId(this.transientPolicy).click();
|
||||
this.selectNamePolicyIdFormat();
|
||||
cy.findByTestId(this.emailPolicy).click();
|
||||
this.selectNamePolicyIdFormat();
|
||||
cy.findByTestId(this.kerberosPolicy).click();
|
||||
this.selectNamePolicyIdFormat();
|
||||
cy.findByTestId(this.x509Policy).click();
|
||||
this.selectNamePolicyIdFormat();
|
||||
cy.findByTestId(this.windowsDomainQNPolicy).click();
|
||||
this.selectNamePolicyIdFormat();
|
||||
cy.findByTestId(this.unspecifiedPolicy).click();
|
||||
this.selectNamePolicyIdFormat();
|
||||
cy.findByTestId(this.persistentPolicy).click();
|
||||
return this;
|
||||
}
|
||||
|
||||
public assertSignatureAlgorithm() {
|
||||
cy.get(this.wantAuthnRequestsSigned).parent().click();
|
||||
cy.get(this.signatureAlgorithm).should("not.exist");
|
||||
cy.get(this.samlSignatureKeyName).should("not.exist");
|
||||
this.clickRevertBtn();
|
||||
cy.get(this.signatureAlgorithm).should("exist");
|
||||
cy.get(this.samlSignatureKeyName).should("exist");
|
||||
|
||||
this.selectSignatureAlgorithm("RSA_SHA1");
|
||||
this.selectSignatureAlgorithm("RSA_SHA256");
|
||||
this.selectSignatureAlgorithm("RSA_SHA256_MGF1");
|
||||
this.selectSignatureAlgorithm("RSA_SHA512");
|
||||
this.selectSignatureAlgorithm("RSA_SHA512_MGF1");
|
||||
this.selectSignatureAlgorithm("DSA_SHA1");
|
||||
|
||||
this.selectSAMLSignature("NONE");
|
||||
this.selectSAMLSignature("KEY_ID");
|
||||
this.selectSAMLSignature("CERT_SUBJECT");
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
public assertPrincipalType() {
|
||||
this.selectPrincipalFormat();
|
||||
cy.findByTestId(this.principalAttributeName).click();
|
||||
cy.findByTestId(this.principalAttribute).should("exist").scrollIntoView();
|
||||
this.selectPrincipalFormat();
|
||||
cy.findByTestId(this.principalFriendlyAttribute).click();
|
||||
cy.findByTestId(this.principalAttribute).should("exist");
|
||||
this.selectPrincipalFormat();
|
||||
cy.findByTestId(this.principalSubjectNameId).click();
|
||||
cy.findByTestId(this.principalAttribute).should("not.exist");
|
||||
return this;
|
||||
}
|
||||
|
||||
public assertSAMLSwitches() {
|
||||
cy.get(this.allowCreate).parent().click();
|
||||
cy.get(this.httpPostBindingResponse).parent().click();
|
||||
cy.get(this.httpPostBindingLogout).parent().click();
|
||||
cy.get(this.httpPostBindingAuthnRequest).parent().click();
|
||||
|
||||
cy.get(this.wantAssertionsSigned).parent().click();
|
||||
cy.get(this.wantAssertionsEncrypted).parent().click();
|
||||
cy.get(this.forceAuthentication).parent().click();
|
||||
|
||||
cy.get(this.signServiceProviderMetadata).parent().click();
|
||||
cy.get(this.passSubject).parent().click();
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
public assertValidateSignatures() {
|
||||
cy.get(this.validateSignature).parent().click();
|
||||
cy.findByTestId(this.validatingX509Certs).should("not.exist");
|
||||
cy.get(this.validateSignature).parent().click();
|
||||
this.typeX509Certs("X509 Certificate");
|
||||
this.clickRevertBtn();
|
||||
cy.findByTestId(this.validatingX509Certs);
|
||||
this.clickSaveBtn();
|
||||
return this;
|
||||
}
|
||||
|
||||
public assertTextFields() {
|
||||
cy.findByTestId(this.allowedClockSkew)
|
||||
.click()
|
||||
.type("not a number")
|
||||
.should("be.empty")
|
||||
.type("111");
|
||||
|
||||
cy.findByTestId(this.attributeConsumingServiceIndex)
|
||||
.click()
|
||||
.type("not a number")
|
||||
.should("be.empty")
|
||||
.type("111");
|
||||
|
||||
cy.findByTestId(this.attributeConsumingServiceName).click().type("name");
|
||||
}
|
||||
|
||||
public assertAuthnContext() {
|
||||
this.selectComparison("minimum");
|
||||
this.selectComparison("maximum");
|
||||
this.selectComparison("better");
|
||||
this.selectComparison("exact");
|
||||
return this;
|
||||
}
|
||||
}
|
|
@ -132,6 +132,7 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
|
|||
/>
|
||||
}
|
||||
fieldId="single-logout-service-url"
|
||||
data-testid="single-logout-service-url"
|
||||
validated={
|
||||
errors.config?.singleLogoutServiceUrl
|
||||
? ValidatedOptions.error
|
||||
|
@ -150,6 +151,7 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
|
|||
<SwitchField
|
||||
field="config.backchannelSupported"
|
||||
label="backchannelLogout"
|
||||
data-testid="backchannelLogout"
|
||||
isReadOnly={readOnly}
|
||||
/>
|
||||
<FormGroup
|
||||
|
@ -299,6 +301,7 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
|
|||
<KeycloakTextInput
|
||||
type="text"
|
||||
id="principalAttribute"
|
||||
data-testid="principalAttribute"
|
||||
name="config.principalAttribute"
|
||||
ref={register}
|
||||
isReadOnly={readOnly}
|
||||
|
@ -441,17 +444,20 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
|
|||
<TextField
|
||||
field="config.signingCertificate"
|
||||
label="validatingX509Certs"
|
||||
data-testid="validatingX509Certs"
|
||||
isReadOnly={readOnly}
|
||||
/>
|
||||
)}
|
||||
<SwitchField
|
||||
field="config.signSpMetadata"
|
||||
label="signServiceProviderMetadata"
|
||||
data-testid="signServiceProviderMetadata"
|
||||
isReadOnly={readOnly}
|
||||
/>
|
||||
<SwitchField
|
||||
field="config.loginHint"
|
||||
label="passSubject"
|
||||
data-testid="passSubject"
|
||||
isReadOnly={readOnly}
|
||||
/>
|
||||
|
||||
|
@ -471,6 +477,7 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
|
|||
min="0"
|
||||
max="2147483"
|
||||
id="allowedClockSkew"
|
||||
data-testid="allowedClockSkew"
|
||||
name="config.allowedClockSkew"
|
||||
ref={register}
|
||||
isReadOnly={readOnly}
|
||||
|
@ -493,6 +500,7 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
|
|||
min="0"
|
||||
max="65535"
|
||||
id="attributeConsumingServiceIndex"
|
||||
data-testid="attributeConsumingServiceIndex"
|
||||
name="config.attributeConsumingServiceIndex"
|
||||
ref={register}
|
||||
isReadOnly={readOnly}
|
||||
|
@ -513,6 +521,7 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
|
|||
<KeycloakTextInput
|
||||
type="text"
|
||||
id="attributeConsumingServiceName"
|
||||
data-testid="attributeConsumingServiceName"
|
||||
name="config.attributeConsumingServiceName"
|
||||
ref={register}
|
||||
isReadOnly={readOnly}
|
||||
|
|
Loading…
Reference in a new issue