Merge remote-tracking branch 'upstream/master'
This commit is contained in:
commit
bc05560d4d
29 changed files with 905 additions and 73 deletions
|
@ -206,13 +206,13 @@ if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-
|
|||
echo
|
||||
end-if
|
||||
|
||||
if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:read-resource
|
||||
echo Adding local-cache=actionTokens to keycloak cache container...
|
||||
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:add(indexing=NONE,start=LAZY)
|
||||
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE)
|
||||
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1)
|
||||
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000)
|
||||
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1)
|
||||
if (outcome == failed) of /profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:read-resource
|
||||
echo Adding distributed-cache=actionTokens to keycloak cache container...
|
||||
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:add(indexing=NONE,mode=SYNC,owners=2)
|
||||
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE)
|
||||
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1)
|
||||
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000)
|
||||
/profile=$clusteredProfile/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1)
|
||||
echo
|
||||
end-if
|
||||
|
||||
|
|
|
@ -211,13 +211,13 @@ if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distrib
|
|||
echo
|
||||
end-if
|
||||
|
||||
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:read-resource
|
||||
echo Adding local-cache=actionTokens to keycloak cache container...
|
||||
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/:add(indexing=NONE,start=LAZY)
|
||||
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE)
|
||||
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1)
|
||||
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000)
|
||||
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1)
|
||||
if (outcome == failed) of /subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:read-resource
|
||||
echo Adding distributed-cache=actionTokens to keycloak cache container...
|
||||
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/:add(indexing=NONE,mode=SYNC,owners=2)
|
||||
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=strategy,value=NONE)
|
||||
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=eviction/:write-attribute(name=max-entries,value=-1)
|
||||
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=interval,value=300000)
|
||||
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/component=expiration/:write-attribute(name=max-idle,value=-1)
|
||||
echo
|
||||
end-if
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ embed-server --server-config=standalone-ha.xml
|
|||
/subsystem=infinispan/cache-container=keycloak/local-cache=keys:add()
|
||||
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/eviction=EVICTION:add(max-entries=1000,strategy=LRU)
|
||||
/subsystem=infinispan/cache-container=keycloak/local-cache=keys/expiration=EXPIRATION:add(max-idle=3600000)
|
||||
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens:add()
|
||||
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/eviction=EVICTION:add(max-entries=-1,strategy=NONE)
|
||||
/subsystem=infinispan/cache-container=keycloak/local-cache=actionTokens/expiration=EXPIRATION:add(max-idle=-1,interval=300000)
|
||||
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens:add(indexing="NONE",mode="SYNC",owners="2")
|
||||
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/eviction=EVICTION:add(max-entries=-1,strategy=NONE)
|
||||
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/expiration=EXPIRATION:add(max-idle=-1,interval=300000)
|
||||
/extension=org.keycloak.keycloak-server-subsystem/:add(module=org.keycloak.keycloak-server-subsystem)
|
||||
|
|
|
@ -248,7 +248,14 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon
|
|||
cacheManager.defineConfiguration(InfinispanConnectionProvider.KEYS_CACHE_NAME, getKeysCacheConfig());
|
||||
cacheManager.getCache(InfinispanConnectionProvider.KEYS_CACHE_NAME, true);
|
||||
|
||||
cacheManager.defineConfiguration(InfinispanConnectionProvider.ACTION_TOKEN_CACHE, getActionTokenCacheConfig());
|
||||
final ConfigurationBuilder actionTokenCacheConfigBuilder = getActionTokenCacheConfig();
|
||||
if (clustered) {
|
||||
actionTokenCacheConfigBuilder.clustering().cacheMode(async ? CacheMode.REPL_ASYNC : CacheMode.REPL_SYNC);
|
||||
}
|
||||
if (jdgEnabled) {
|
||||
configureRemoteActionTokenCacheStore(actionTokenCacheConfigBuilder, async);
|
||||
}
|
||||
cacheManager.defineConfiguration(InfinispanConnectionProvider.ACTION_TOKEN_CACHE, actionTokenCacheConfigBuilder.build());
|
||||
cacheManager.getCache(InfinispanConnectionProvider.ACTION_TOKEN_CACHE, true);
|
||||
|
||||
long authzRevisionsMaxEntries = cacheManager.getCache(InfinispanConnectionProvider.AUTHORIZATION_CACHE_NAME).getCacheConfiguration().eviction().maxEntries();
|
||||
|
@ -301,6 +308,30 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon
|
|||
|
||||
}
|
||||
|
||||
private void configureRemoteActionTokenCacheStore(ConfigurationBuilder builder, boolean async) {
|
||||
String jdgServer = config.get("remoteStoreServer", "localhost");
|
||||
Integer jdgPort = config.getInt("remoteStorePort", 11222);
|
||||
|
||||
builder.persistence()
|
||||
.passivation(false)
|
||||
.addStore(RemoteStoreConfigurationBuilder.class)
|
||||
.fetchPersistentState(false)
|
||||
.ignoreModifications(false)
|
||||
.purgeOnStartup(false)
|
||||
.preload(true)
|
||||
.shared(true)
|
||||
.remoteCacheName(InfinispanConnectionProvider.ACTION_TOKEN_CACHE)
|
||||
.rawValues(true)
|
||||
.forceReturnValues(false)
|
||||
.marshaller(KeycloakHotRodMarshallerFactory.class.getName())
|
||||
.addServer()
|
||||
.host(jdgServer)
|
||||
.port(jdgPort)
|
||||
.async()
|
||||
.enabled(async);
|
||||
|
||||
}
|
||||
|
||||
protected Configuration getKeysCacheConfig() {
|
||||
ConfigurationBuilder cb = new ConfigurationBuilder();
|
||||
cb.eviction().strategy(EvictionStrategy.LRU).type(EvictionType.COUNT).size(InfinispanConnectionProvider.KEYS_CACHE_DEFAULT_MAX);
|
||||
|
@ -308,7 +339,7 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon
|
|||
return cb.build();
|
||||
}
|
||||
|
||||
private Configuration getActionTokenCacheConfig() {
|
||||
private ConfigurationBuilder getActionTokenCacheConfig() {
|
||||
ConfigurationBuilder cb = new ConfigurationBuilder();
|
||||
|
||||
cb.eviction()
|
||||
|
@ -319,7 +350,7 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon
|
|||
.maxIdle(InfinispanConnectionProvider.ACTION_TOKEN_MAX_IDLE_SECONDS, TimeUnit.SECONDS)
|
||||
.wakeUpInterval(InfinispanConnectionProvider.ACTION_TOKEN_WAKE_UP_INTERVAL_SECONDS, TimeUnit.SECONDS);
|
||||
|
||||
return cb.build();
|
||||
return cb;
|
||||
}
|
||||
|
||||
private static final Object CHANNEL_INIT_SYNCHRONIZER = new Object();
|
||||
|
|
|
@ -35,7 +35,7 @@ import java.util.Set;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class GroupAdapter implements GroupModel {
|
||||
protected GroupModel updated;
|
||||
protected volatile GroupModel updated;
|
||||
protected CachedGroup cached;
|
||||
protected RealmCacheSession cacheSession;
|
||||
protected KeycloakSession keycloakSession;
|
||||
|
@ -56,7 +56,7 @@ public class GroupAdapter implements GroupModel {
|
|||
}
|
||||
}
|
||||
|
||||
protected boolean invalidated;
|
||||
protected volatile boolean invalidated;
|
||||
public void invalidate() {
|
||||
invalidated = true;
|
||||
}
|
||||
|
|
|
@ -55,7 +55,7 @@ import java.util.concurrent.ConcurrentHashMap;
|
|||
public class RealmAdapter implements CachedRealmModel {
|
||||
protected CachedRealm cached;
|
||||
protected RealmCacheSession cacheSession;
|
||||
protected RealmModel updated;
|
||||
protected volatile RealmModel updated;
|
||||
protected RealmCache cache;
|
||||
protected KeycloakSession session;
|
||||
|
||||
|
@ -75,7 +75,7 @@ public class RealmAdapter implements CachedRealmModel {
|
|||
return updated;
|
||||
}
|
||||
|
||||
protected boolean invalidated;
|
||||
protected volatile boolean invalidated;
|
||||
|
||||
protected void invalidateFlag() {
|
||||
invalidated = true;
|
||||
|
|
|
@ -41,7 +41,7 @@ import java.util.concurrent.ConcurrentHashMap;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class UserAdapter implements CachedUserModel {
|
||||
protected UserModel updated;
|
||||
protected volatile UserModel updated;
|
||||
protected CachedUser cached;
|
||||
protected UserCacheSession userProviderCache;
|
||||
protected KeycloakSession keycloakSession;
|
||||
|
|
|
@ -17,13 +17,14 @@
|
|||
package org.keycloak.models.sessions.infinispan;
|
||||
|
||||
import org.keycloak.cluster.ClusterProvider;
|
||||
import org.keycloak.common.util.Time;
|
||||
import org.keycloak.models.*;
|
||||
|
||||
import org.keycloak.models.cache.infinispan.events.AddInvalidatedActionTokenEvent;
|
||||
import org.keycloak.models.cache.infinispan.events.RemoveActionTokensSpecificEvent;
|
||||
import org.keycloak.models.sessions.infinispan.entities.ActionTokenValueEntity;
|
||||
import org.keycloak.models.sessions.infinispan.entities.ActionTokenReducedKey;
|
||||
import java.util.*;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
import org.infinispan.Cache;
|
||||
|
||||
/**
|
||||
|
@ -57,9 +58,7 @@ public class InfinispanActionTokenStoreProvider implements ActionTokenStoreProvi
|
|||
ActionTokenReducedKey tokenKey = new ActionTokenReducedKey(key.getUserId(), key.getActionId(), key.getActionVerificationNonce());
|
||||
ActionTokenValueEntity tokenValue = new ActionTokenValueEntity(notes);
|
||||
|
||||
ClusterProvider cluster = session.getProvider(ClusterProvider.class);
|
||||
AddInvalidatedActionTokenEvent event = new AddInvalidatedActionTokenEvent(tokenKey, key.getExpiration(), tokenValue);
|
||||
this.tx.notify(cluster, generateActionTokenEventId(), event, false);
|
||||
this.tx.put(actionKeyCache, tokenKey, tokenValue, key.getExpiration() - Time.currentTime(), TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
private static String generateActionTokenEventId() {
|
||||
|
@ -92,6 +91,7 @@ public class InfinispanActionTokenStoreProvider implements ActionTokenStoreProvi
|
|||
return value;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeAll(String userId, String actionId) {
|
||||
if (userId == null || actionId == null) {
|
||||
return;
|
||||
|
|
|
@ -19,16 +19,16 @@ package org.keycloak.models.sessions.infinispan;
|
|||
import org.keycloak.Config;
|
||||
import org.keycloak.Config.Scope;
|
||||
import org.keycloak.cluster.ClusterProvider;
|
||||
import org.keycloak.common.util.Time;
|
||||
import org.keycloak.connections.infinispan.InfinispanConnectionProvider;
|
||||
import org.keycloak.models.*;
|
||||
|
||||
import org.keycloak.models.cache.infinispan.events.AddInvalidatedActionTokenEvent;
|
||||
import org.keycloak.models.cache.infinispan.events.RemoveActionTokensSpecificEvent;
|
||||
import org.keycloak.models.sessions.infinispan.entities.ActionTokenValueEntity;
|
||||
import org.keycloak.models.sessions.infinispan.entities.ActionTokenReducedKey;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
import java.util.stream.Collectors;
|
||||
import org.infinispan.AdvancedCache;
|
||||
import org.infinispan.Cache;
|
||||
import org.infinispan.context.Flag;
|
||||
import org.infinispan.remoting.transport.Address;
|
||||
|
@ -76,22 +76,17 @@ public class InfinispanActionTokenStoreProviderFactory implements ActionTokenSto
|
|||
|
||||
LOG.debugf("[%s] Removing token invalidation for user+action: userId=%s, actionId=%s", cacheAddress, e.getUserId(), e.getActionId());
|
||||
|
||||
cache
|
||||
AdvancedCache<ActionTokenReducedKey, ActionTokenValueEntity> localCache = cache
|
||||
.getAdvancedCache()
|
||||
.withFlags(Flag.CACHE_MODE_LOCAL, Flag.SKIP_CACHE_LOAD)
|
||||
.withFlags(Flag.CACHE_MODE_LOCAL, Flag.SKIP_CACHE_LOAD);
|
||||
|
||||
List<ActionTokenReducedKey> toRemove = localCache
|
||||
.keySet()
|
||||
.stream()
|
||||
.filter(k -> Objects.equals(k.getUserId(), e.getUserId()) && Objects.equals(k.getActionId(), e.getActionId()))
|
||||
.forEach(cache::remove);
|
||||
} else if (event instanceof AddInvalidatedActionTokenEvent) {
|
||||
AddInvalidatedActionTokenEvent e = (AddInvalidatedActionTokenEvent) event;
|
||||
.collect(Collectors.toList());
|
||||
|
||||
LOG.debugf("[%s] Invalidating token %s", cacheAddress, e.getKey());
|
||||
if (e.getExpirationInSecs() == DEFAULT_CACHE_EXPIRATION) {
|
||||
cache.put(e.getKey(), e.getTokenValue());
|
||||
} else {
|
||||
cache.put(e.getKey(), e.getTokenValue(), e.getExpirationInSecs() - Time.currentTime(), TimeUnit.SECONDS);
|
||||
}
|
||||
toRemove.forEach(localCache::remove);
|
||||
}
|
||||
});
|
||||
|
||||
|
|
|
@ -56,7 +56,22 @@ public class CredentialModel implements Serializable {
|
|||
private int period;
|
||||
private MultivaluedHashMap<String, String> config;
|
||||
|
||||
|
||||
public CredentialModel shallowClone() {
|
||||
CredentialModel res = new CredentialModel();
|
||||
res.id = id;
|
||||
res.type = type;
|
||||
res.value = value;
|
||||
res.device = device;
|
||||
res.salt = salt;
|
||||
res.hashIterations = hashIterations;
|
||||
res.createdDate = createdDate;
|
||||
res.counter = counter;
|
||||
res.algorithm = algorithm;
|
||||
res.digits = digits;
|
||||
res.period = period;
|
||||
res.config = config;
|
||||
return res;
|
||||
}
|
||||
|
||||
public String getId() {
|
||||
return id;
|
||||
|
|
|
@ -18,7 +18,7 @@ package org.keycloak.models.cache;
|
|||
|
||||
import org.keycloak.models.UserModel;
|
||||
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
import java.util.concurrent.ConcurrentMap;
|
||||
|
||||
/**
|
||||
* Cached users will implement this interface
|
||||
|
@ -55,5 +55,5 @@ public interface CachedUserModel extends UserModel {
|
|||
*
|
||||
* @return
|
||||
*/
|
||||
ConcurrentHashMap getCachedWith();
|
||||
ConcurrentMap getCachedWith();
|
||||
}
|
||||
|
|
|
@ -121,7 +121,20 @@ public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
|||
if (model.isAuthenticatorFlow()) {
|
||||
logger.debug("execution is flow");
|
||||
AuthenticationFlow authenticationFlow = processor.createFlowExecution(model.getFlowId(), model);
|
||||
Response flowChallenge = authenticationFlow.processFlow();
|
||||
|
||||
Response flowChallenge = null;
|
||||
try {
|
||||
flowChallenge = authenticationFlow.processFlow();
|
||||
} catch (AuthenticationFlowException afe) {
|
||||
if (model.isAlternative()) {
|
||||
logger.debug("Thrown exception in alternative Subflow. Ignoring Subflow");
|
||||
processor.getAuthenticationSession().setExecutionStatus(model.getId(), AuthenticationSessionModel.ExecutionStatus.ATTEMPTED);
|
||||
continue;
|
||||
} else {
|
||||
throw afe;
|
||||
}
|
||||
}
|
||||
|
||||
if (flowChallenge == null) {
|
||||
processor.getAuthenticationSession().setExecutionStatus(model.getId(), AuthenticationSessionModel.ExecutionStatus.SUCCESS);
|
||||
if (model.isAlternative()) alternativeSuccessful = true;
|
||||
|
@ -183,7 +196,7 @@ public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
|||
// if (redirect != null) return redirect;
|
||||
|
||||
AuthenticationProcessor.Result context = processor.createAuthenticatorContext(model, authenticator, executions);
|
||||
logger.debug("invoke authenticator.authenticate");
|
||||
logger.debugv("invoke authenticator.authenticate: {0}", factory.getId());
|
||||
authenticator.authenticate(context);
|
||||
Response response = processResult(context, false);
|
||||
if (response != null) return response;
|
||||
|
|
|
@ -56,12 +56,14 @@ public class PasswordCredentialProvider implements CredentialProvider, Credentia
|
|||
}
|
||||
|
||||
public CredentialModel getPassword(RealmModel realm, UserModel user) {
|
||||
List<CredentialModel> passwords;
|
||||
List<CredentialModel> passwords = null;
|
||||
if (user instanceof CachedUserModel && !((CachedUserModel)user).isMarkedForEviction()) {
|
||||
CachedUserModel cached = (CachedUserModel)user;
|
||||
passwords = (List<CredentialModel>)cached.getCachedWith().get(PASSWORD_CACHE_KEY);
|
||||
|
||||
} else {
|
||||
}
|
||||
// if the model was marked for eviction while passwords were initialized, override it from credentialStore
|
||||
if (! (user instanceof CachedUserModel) || ((CachedUserModel) user).isMarkedForEviction()) {
|
||||
passwords = getCredentialStore().getStoredCredentialsByType(realm, user, CredentialModel.PASSWORD);
|
||||
}
|
||||
if (passwords == null || passwords.isEmpty()) return null;
|
||||
|
@ -207,8 +209,10 @@ public class PasswordCredentialProvider implements CredentialProvider, Credentia
|
|||
return true;
|
||||
}
|
||||
|
||||
hash.encode(cred.getValue(), policy.getHashIterations(), password);
|
||||
getCredentialStore().updateCredential(realm, user, password);
|
||||
CredentialModel newPassword = password.shallowClone();
|
||||
hash.encode(cred.getValue(), policy.getHashIterations(), newPassword);
|
||||
getCredentialStore().updateCredential(realm, user, newPassword);
|
||||
|
||||
UserCache userCache = session.userCache();
|
||||
if (userCache != null) {
|
||||
userCache.evict(realm, user);
|
||||
|
|
|
@ -0,0 +1,87 @@
|
|||
/*
|
||||
* Copyright 2017 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.testsuite.authentication;
|
||||
|
||||
import org.jboss.logging.Logger;
|
||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||
import org.keycloak.authentication.Authenticator;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
*/
|
||||
public class ExpectedParamAuthenticator implements Authenticator {
|
||||
|
||||
public static final String EXPECTED_VALUE = "expected_value";
|
||||
|
||||
public static final String LOGGED_USER = "logged_user";
|
||||
|
||||
|
||||
private static final Logger logger = Logger.getLogger(ExpectedParamAuthenticator.class);
|
||||
|
||||
@Override
|
||||
public void authenticate(AuthenticationFlowContext context) {
|
||||
String paramValue = context.getAuthenticationSession().getClientNote(AuthorizationEndpoint.LOGIN_SESSION_NOTE_ADDITIONAL_REQ_PARAMS_PREFIX + "foo");
|
||||
String expectedValue = context.getAuthenticatorConfig().getConfig().get(EXPECTED_VALUE);
|
||||
logger.info("Value: " + paramValue + ", expectedValue: " + expectedValue);
|
||||
|
||||
if (paramValue != null && paramValue.equals(expectedValue)) {
|
||||
|
||||
String loggedUser = context.getAuthenticatorConfig().getConfig().get(LOGGED_USER);
|
||||
if (loggedUser == null) {
|
||||
logger.info("Successfully authenticated, but don't set any authenticated user");
|
||||
} else {
|
||||
UserModel user = context.getSession().users().getUserByUsername(loggedUser, context.getRealm());
|
||||
logger.info("Successfully authenticated as user " + user.getUsername());
|
||||
context.setUser(user);
|
||||
}
|
||||
|
||||
context.success();
|
||||
} else {
|
||||
context.attempted();
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void action(AuthenticationFlowContext context) {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean requiresUser() {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean configuredFor(KeycloakSession session, RealmModel realm, UserModel user) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user) {
|
||||
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
|
||||
}
|
||||
}
|
|
@ -0,0 +1,128 @@
|
|||
/*
|
||||
* Copyright 2017 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.testsuite.authentication;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.keycloak.Config;
|
||||
import org.keycloak.authentication.Authenticator;
|
||||
import org.keycloak.authentication.AuthenticatorFactory;
|
||||
import org.keycloak.authentication.ConfigurableAuthenticatorFactory;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.provider.ProviderConfigProperty;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class ExpectedParamAuthenticatorFactory implements AuthenticatorFactory, ConfigurableAuthenticatorFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "expected-param-authenticator";
|
||||
|
||||
private static final ExpectedParamAuthenticator SINGLETON = new ExpectedParamAuthenticator();
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return PROVIDER_ID;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Authenticator create(KeycloakSession session) {
|
||||
return SINGLETON;
|
||||
}
|
||||
|
||||
private static AuthenticationExecutionModel.Requirement[] REQUIREMENT_CHOICES = {
|
||||
AuthenticationExecutionModel.Requirement.REQUIRED,
|
||||
AuthenticationExecutionModel.Requirement.ALTERNATIVE,
|
||||
AuthenticationExecutionModel.Requirement.DISABLED
|
||||
};
|
||||
@Override
|
||||
public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
|
||||
return REQUIREMENT_CHOICES;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isUserSetupAllowed() {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isConfigurable() {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getHelpText() {
|
||||
return "You will be approved if you send query string parameter 'foo' with expected value.";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getDisplayType() {
|
||||
return "TEST: Expected Parameter";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getReferenceCategory() {
|
||||
return "Expected Parameter";
|
||||
}
|
||||
|
||||
@Override
|
||||
public void init(Config.Scope config) {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void postInit(KeycloakSessionFactory factory) {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
|
||||
}
|
||||
|
||||
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
|
||||
|
||||
static {
|
||||
ProviderConfigProperty property;
|
||||
property = new ProviderConfigProperty();
|
||||
property.setName(ExpectedParamAuthenticator.EXPECTED_VALUE);
|
||||
property.setLabel("Expected query parameter value");
|
||||
property.setType(ProviderConfigProperty.STRING_TYPE);
|
||||
property.setHelpText("Expected value of query parameter foo. Authenticator will success if request to OIDC authz endpoint has this parameter");
|
||||
configProperties.add(property);
|
||||
|
||||
property = new ProviderConfigProperty();
|
||||
property.setName(ExpectedParamAuthenticator.LOGGED_USER);
|
||||
property.setLabel("Automatically logged user");
|
||||
property.setType(ProviderConfigProperty.STRING_TYPE);
|
||||
property.setHelpText("This user will be successfully authenticated automatically when present");
|
||||
configProperties.add(property);
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public List<ProviderConfigProperty> getConfigProperties() {
|
||||
return configProperties;
|
||||
}
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,90 @@
|
|||
/*
|
||||
* Copyright 2017 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.testsuite.authentication;
|
||||
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||
import org.keycloak.authentication.Authenticator;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
*/
|
||||
public class PushButtonAuthenticator implements Authenticator {
|
||||
|
||||
@Override
|
||||
public void authenticate(AuthenticationFlowContext context) {
|
||||
String accessCode = context.generateAccessCode();
|
||||
String actionUrl = context.getActionUrl(accessCode).toString();
|
||||
|
||||
StringBuilder response = new StringBuilder("<html><head><title>PushTheButton</title></head><body>");
|
||||
|
||||
UserModel user = context.getUser();
|
||||
if (user == null) {
|
||||
response.append("No authenticated user<br>");
|
||||
} else {
|
||||
response.append("Authenticated user: " + user.getUsername() + "<br>");
|
||||
}
|
||||
|
||||
response.append("<form method='POST' action='" + actionUrl + "'>");
|
||||
response.append(" This is the Test Approver. Press login to continue.<br>");
|
||||
response.append(" <input type='submit' name='submit1' value='Submit' />");
|
||||
response.append("</form></body></html>");
|
||||
String html = response.toString();
|
||||
|
||||
Response jaxrsResponse = Response
|
||||
.status(Response.Status.OK)
|
||||
.type("text/html")
|
||||
.entity(html)
|
||||
.build();
|
||||
|
||||
context.challenge(jaxrsResponse);
|
||||
|
||||
// Response challenge = context.form().createForm("login-approve.ftl");
|
||||
// context.challenge(challenge);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void action(AuthenticationFlowContext context) {
|
||||
context.success();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean requiresUser() {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean configuredFor(KeycloakSession session, RealmModel realm, UserModel user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user) {
|
||||
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
|
||||
}
|
||||
}
|
|
@ -0,0 +1,109 @@
|
|||
/*
|
||||
* Copyright 2017 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.testsuite.authentication;
|
||||
|
||||
import org.keycloak.Config;
|
||||
import org.keycloak.authentication.Authenticator;
|
||||
import org.keycloak.authentication.AuthenticatorFactory;
|
||||
import org.keycloak.authentication.ConfigurableAuthenticatorFactory;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.provider.ProviderConfigProperty;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class PushButtonAuthenticatorFactory implements AuthenticatorFactory, ConfigurableAuthenticatorFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "push-button-authenticator";
|
||||
private static final PushButtonAuthenticator SINGLETON = new PushButtonAuthenticator();
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return PROVIDER_ID;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Authenticator create(KeycloakSession session) {
|
||||
return SINGLETON;
|
||||
}
|
||||
|
||||
private static AuthenticationExecutionModel.Requirement[] REQUIREMENT_CHOICES = {
|
||||
AuthenticationExecutionModel.Requirement.REQUIRED,
|
||||
AuthenticationExecutionModel.Requirement.ALTERNATIVE,
|
||||
AuthenticationExecutionModel.Requirement.DISABLED
|
||||
};
|
||||
@Override
|
||||
public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
|
||||
return REQUIREMENT_CHOICES;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isUserSetupAllowed() {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isConfigurable() {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getHelpText() {
|
||||
return "Just press the button to login.";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getDisplayType() {
|
||||
return "TEST: Button Login";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getReferenceCategory() {
|
||||
return "Button Login";
|
||||
}
|
||||
|
||||
@Override
|
||||
public void init(Config.Scope config) {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void postInit(KeycloakSessionFactory factory) {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
|
||||
}
|
||||
|
||||
private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
|
||||
|
||||
@Override
|
||||
public List<ProviderConfigProperty> getConfigProperties() {
|
||||
return configProperties;
|
||||
}
|
||||
|
||||
|
||||
}
|
|
@ -18,3 +18,5 @@
|
|||
org.keycloak.testsuite.forms.PassThroughAuthenticator
|
||||
org.keycloak.testsuite.forms.PassThroughRegistration
|
||||
org.keycloak.testsuite.forms.ClickThroughAuthenticator
|
||||
org.keycloak.testsuite.authentication.ExpectedParamAuthenticatorFactory
|
||||
org.keycloak.testsuite.authentication.PushButtonAuthenticatorFactory
|
|
@ -30,6 +30,7 @@
|
|||
<xsl:copy>
|
||||
<xsl:apply-templates select="@* | node()" />
|
||||
<local-cache name="work" start="EAGER" batching="false" />
|
||||
<local-cache name="actionTokens" start="EAGER" batching="false" />
|
||||
</xsl:copy>
|
||||
</xsl:template>
|
||||
|
||||
|
@ -38,6 +39,7 @@
|
|||
<xsl:copy>
|
||||
<xsl:apply-templates select="@* | node()" />
|
||||
<replicated-cache name="work" start="EAGER" batching="false" />
|
||||
<replicated-cache name="actionTokens" start="EAGER" batching="false" />
|
||||
</xsl:copy>
|
||||
</xsl:template>
|
||||
|
||||
|
|
|
@ -151,6 +151,8 @@ public class ProvidersTest extends AbstractAuthenticationTest {
|
|||
"Validates the password supplied as a 'password' form parameter in direct grant request");
|
||||
addProviderInfo(result, "direct-grant-validate-username", "Username Validation",
|
||||
"Validates the username supplied as a 'username' form parameter in direct grant request");
|
||||
addProviderInfo(result, "expected-param-authenticator", "TEST: Expected Parameter",
|
||||
"You will be approved if you send query string parameter 'foo' with expected value.");
|
||||
addProviderInfo(result, "http-basic-authenticator", "HTTP Basic Authentication", "Validates username and password from Authorization HTTP header");
|
||||
addProviderInfo(result, "identity-provider-redirector", "Identity Provider Redirector", "Redirects to default Identity Provider or Identity Provider specified with kc_idp_hint query parameter");
|
||||
addProviderInfo(result, "idp-confirm-link", "Confirm link existing account", "Show the form where user confirms if he wants " +
|
||||
|
@ -163,6 +165,8 @@ public class ProvidersTest extends AbstractAuthenticationTest {
|
|||
"User reviews and updates profile data retrieved from Identity Provider in the displayed form");
|
||||
addProviderInfo(result, "idp-username-password-form", "Username Password Form for identity provider reauthentication",
|
||||
"Validates a password from login form. Username is already known from identity provider authentication");
|
||||
addProviderInfo(result, "push-button-authenticator", "TEST: Button Login",
|
||||
"Just press the button to login.");
|
||||
addProviderInfo(result, "reset-credential-email", "Send Reset Email", "Send email to user and wait for response.");
|
||||
addProviderInfo(result, "reset-credentials-choose-user", "Choose User", "Choose a user to reset credentials for");
|
||||
addProviderInfo(result, "reset-otp", "Reset OTP", "Sets the Configure OTP required action if execution is REQUIRED. " +
|
||||
|
|
|
@ -28,7 +28,6 @@ import java.util.HashMap;
|
|||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.function.BiConsumer;
|
||||
import java.util.function.Consumer;
|
||||
import java.util.function.Function;
|
||||
import org.hamcrest.Matcher;
|
||||
import org.junit.Before;
|
||||
|
|
|
@ -116,11 +116,11 @@ public abstract class AbstractCrossDCTest extends AbstractTestRealmKeycloakTest
|
|||
* @return
|
||||
*/
|
||||
protected Keycloak getAdminClientFor(ContainerInfo node) {
|
||||
Keycloak adminClient = backendAdminClients.get(node);
|
||||
if (adminClient == null && node.equals(suiteContext.getAuthServerInfo())) {
|
||||
adminClient = this.adminClient;
|
||||
Keycloak client = backendAdminClients.get(node);
|
||||
if (client == null && node.equals(suiteContext.getAuthServerInfo())) {
|
||||
client = this.adminClient;
|
||||
}
|
||||
return adminClient;
|
||||
return client;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -34,7 +34,6 @@ import javax.mail.internet.MimeMessage;
|
|||
import javax.ws.rs.core.Response;
|
||||
import org.jboss.arquillian.graphene.page.Page;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Ignore;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
@ -45,7 +44,6 @@ import org.keycloak.testsuite.arquillian.InfinispanStatistics.Constants;
|
|||
import java.util.concurrent.TimeUnit;
|
||||
import org.hamcrest.Matchers;
|
||||
import static org.hamcrest.Matchers.greaterThan;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.junit.Assert.assertThat;
|
||||
|
||||
/**
|
||||
|
@ -117,21 +115,23 @@ public class ActionTokenCrossDCTest extends AbstractAdminCrossDCTest {
|
|||
old -> greaterThan((Comparable) 0l)
|
||||
);
|
||||
|
||||
// Verify that the caches are synchronized
|
||||
assertThat(cacheDc0Node0Statistics.getSingleStatistics(Constants.STAT_CACHE_NUMBER_OF_ENTRIES), greaterThan(originalNumberOfEntries));
|
||||
assertThat(cacheDc0Node0Statistics.getSingleStatistics(Constants.STAT_CACHE_NUMBER_OF_ENTRIES),
|
||||
is(cacheDc1Node0Statistics.getSingleStatistics(Constants.STAT_CACHE_NUMBER_OF_ENTRIES)));
|
||||
|
||||
assertEquals("Your account has been updated.", driver.getTitle());
|
||||
|
||||
// Verify that there was an action token added in the node which was targetted by the link
|
||||
assertThat(cacheDc0Node0Statistics.getSingleStatistics(Constants.STAT_CACHE_NUMBER_OF_ENTRIES), greaterThan(originalNumberOfEntries));
|
||||
|
||||
disableDcOnLoadBalancer(0);
|
||||
enableDcOnLoadBalancer(1);
|
||||
|
||||
driver.navigate().to(link);
|
||||
// Make sure that after going to the link, the invalidated action token has been retrieved from Infinispan server cluster in the other DC
|
||||
assertSingleStatistics(cacheDc1Node0Statistics, Constants.STAT_CACHE_NUMBER_OF_ENTRIES,
|
||||
() -> driver.navigate().to(link),
|
||||
Matchers::greaterThan
|
||||
);
|
||||
|
||||
errorPage.assertCurrent();
|
||||
}
|
||||
|
||||
@Ignore("KEYCLOAK-5030")
|
||||
@Test
|
||||
public void sendResetPasswordEmailAfterNewNodeAdded() throws IOException, MessagingException {
|
||||
disableDcOnLoadBalancer(1);
|
||||
|
|
|
@ -0,0 +1,350 @@
|
|||
/*
|
||||
* Copyright 2017 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.testsuite.forms;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.jboss.arquillian.container.test.api.Deployment;
|
||||
import org.jboss.arquillian.graphene.page.Page;
|
||||
import org.jboss.shrinkwrap.api.spec.WebArchive;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.UserResource;
|
||||
import org.keycloak.authentication.authenticators.browser.UsernamePasswordFormFactory;
|
||||
import org.keycloak.events.Details;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticationFlowModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
|
||||
import org.keycloak.testsuite.AssertEvents;
|
||||
import org.keycloak.testsuite.authentication.ExpectedParamAuthenticator;
|
||||
import org.keycloak.testsuite.authentication.ExpectedParamAuthenticatorFactory;
|
||||
import org.keycloak.testsuite.authentication.PushButtonAuthenticatorFactory;
|
||||
import org.keycloak.testsuite.pages.AppPage;
|
||||
import org.keycloak.testsuite.pages.ErrorPage;
|
||||
import org.keycloak.testsuite.pages.LoginPage;
|
||||
import org.keycloak.testsuite.runonserver.RunOnServerDeployment;
|
||||
import org.openqa.selenium.By;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
*/
|
||||
public class AuthenticatorSubflowsTest extends AbstractTestRealmKeycloakTest {
|
||||
|
||||
@Rule
|
||||
public AssertEvents events = new AssertEvents(this);
|
||||
|
||||
@Page
|
||||
protected AppPage appPage;
|
||||
|
||||
@Page
|
||||
protected LoginPage loginPage;
|
||||
|
||||
@Page
|
||||
protected ErrorPage errorPage;
|
||||
|
||||
@Override
|
||||
public void configureTestRealm(RealmRepresentation testRealm) {
|
||||
}
|
||||
|
||||
@Deployment
|
||||
public static WebArchive deploy() {
|
||||
return RunOnServerDeployment.create(UserResource.class)
|
||||
.addPackages(true, "org.keycloak.testsuite");
|
||||
}
|
||||
|
||||
|
||||
@Before
|
||||
public void setupFlows() {
|
||||
testingClient.server().run(session -> {
|
||||
RealmModel realm = session.realms().getRealmByName("test");
|
||||
|
||||
if (realm.getBrowserFlow().getAlias().equals("parent-flow")) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Parent flow
|
||||
AuthenticationFlowModel browser = new AuthenticationFlowModel();
|
||||
browser.setAlias("parent-flow");
|
||||
browser.setDescription("browser based authentication");
|
||||
browser.setProviderId("basic-flow");
|
||||
browser.setTopLevel(true);
|
||||
browser.setBuiltIn(true);
|
||||
browser = realm.addAuthenticationFlow(browser);
|
||||
realm.setBrowserFlow(browser);
|
||||
|
||||
// Subflow1
|
||||
AuthenticationFlowModel subflow1 = new AuthenticationFlowModel();
|
||||
subflow1.setTopLevel(false);
|
||||
subflow1.setBuiltIn(true);
|
||||
subflow1.setAlias("subflow-1");
|
||||
subflow1.setDescription("Parameter 'foo=bar1' AND username+password");
|
||||
subflow1.setProviderId("basic-flow");
|
||||
subflow1 = realm.addAuthenticationFlow(subflow1);
|
||||
|
||||
AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
|
||||
execution.setParentFlow(browser.getId());
|
||||
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
|
||||
execution.setFlowId(subflow1.getId());
|
||||
execution.setPriority(10);
|
||||
execution.setAuthenticatorFlow(true);
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
// Subflow1 - foo=bar1
|
||||
execution = new AuthenticationExecutionModel();
|
||||
execution.setParentFlow(subflow1.getId());
|
||||
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
|
||||
execution.setAuthenticator(ExpectedParamAuthenticatorFactory.PROVIDER_ID);
|
||||
execution.setPriority(10);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
|
||||
AuthenticatorConfigModel configModel = new AuthenticatorConfigModel();
|
||||
configModel.setAlias("bar1");
|
||||
Map<String, String> config = new HashMap<>();
|
||||
config.put(ExpectedParamAuthenticator.EXPECTED_VALUE, "bar1");
|
||||
configModel.setConfig(config);
|
||||
configModel = realm.addAuthenticatorConfig(configModel);
|
||||
execution.setAuthenticatorConfig(configModel.getId());
|
||||
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
// Subflow1 - username password
|
||||
execution = new AuthenticationExecutionModel();
|
||||
execution.setParentFlow(subflow1.getId());
|
||||
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
|
||||
execution.setAuthenticator(UsernamePasswordFormFactory.PROVIDER_ID);
|
||||
execution.setPriority(20);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
|
||||
|
||||
// Subflow2
|
||||
AuthenticationFlowModel subflow2 = new AuthenticationFlowModel();
|
||||
subflow2.setTopLevel(false);
|
||||
subflow2.setBuiltIn(true);
|
||||
subflow2.setAlias("subflow-2");
|
||||
subflow2.setDescription("username+password AND pushButton");
|
||||
subflow2.setProviderId("basic-flow");
|
||||
subflow2 = realm.addAuthenticationFlow(subflow2);
|
||||
|
||||
execution = new AuthenticationExecutionModel();
|
||||
execution.setParentFlow(browser.getId());
|
||||
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
|
||||
execution.setFlowId(subflow2.getId());
|
||||
execution.setPriority(20);
|
||||
execution.setAuthenticatorFlow(true);
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
// Subflow2 - push the button
|
||||
execution = new AuthenticationExecutionModel();
|
||||
execution.setParentFlow(subflow2.getId());
|
||||
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
|
||||
execution.setAuthenticator(PushButtonAuthenticatorFactory.PROVIDER_ID);
|
||||
execution.setPriority(10);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
// Subflow2 - username-password
|
||||
execution = new AuthenticationExecutionModel();
|
||||
execution.setParentFlow(subflow2.getId());
|
||||
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
|
||||
execution.setAuthenticator(UsernamePasswordFormFactory.PROVIDER_ID);
|
||||
execution.setPriority(20);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
// Subflow3
|
||||
AuthenticationFlowModel subflow3 = new AuthenticationFlowModel();
|
||||
subflow3.setTopLevel(false);
|
||||
subflow3.setBuiltIn(true);
|
||||
subflow3.setAlias("subflow-3");
|
||||
subflow3.setDescription("alternative subflow with child subflows");
|
||||
subflow3.setProviderId("basic-flow");
|
||||
subflow3 = realm.addAuthenticationFlow(subflow3);
|
||||
|
||||
execution = new AuthenticationExecutionModel();
|
||||
execution.setParentFlow(browser.getId());
|
||||
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
|
||||
execution.setFlowId(subflow3.getId());
|
||||
execution.setPriority(30);
|
||||
execution.setAuthenticatorFlow(true);
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
// Subflow3-1
|
||||
AuthenticationFlowModel subflow31 = new AuthenticationFlowModel();
|
||||
subflow31.setTopLevel(false);
|
||||
subflow31.setBuiltIn(true);
|
||||
subflow31.setAlias("subflow-31");
|
||||
subflow31.setDescription("subflow-31");
|
||||
subflow31.setProviderId("basic-flow");
|
||||
subflow31 = realm.addAuthenticationFlow(subflow31);
|
||||
|
||||
execution = new AuthenticationExecutionModel();
|
||||
execution.setParentFlow(subflow3.getId());
|
||||
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
|
||||
execution.setFlowId(subflow31.getId());
|
||||
execution.setPriority(10);
|
||||
execution.setAuthenticatorFlow(true);
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
// Subflow3-1 - foo=bar2
|
||||
execution = new AuthenticationExecutionModel();
|
||||
execution.setParentFlow(subflow31.getId());
|
||||
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
|
||||
execution.setAuthenticator(ExpectedParamAuthenticatorFactory.PROVIDER_ID);
|
||||
execution.setPriority(10);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
|
||||
configModel = new AuthenticatorConfigModel();
|
||||
configModel.setAlias("bar2");
|
||||
config = new HashMap<>();
|
||||
config.put(ExpectedParamAuthenticator.EXPECTED_VALUE, "bar2");
|
||||
config.put(ExpectedParamAuthenticator.LOGGED_USER, "john-doh@localhost");
|
||||
configModel.setConfig(config);
|
||||
configModel = realm.addAuthenticatorConfig(configModel);
|
||||
execution.setAuthenticatorConfig(configModel.getId());
|
||||
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
// Subflow3-1 - push the button
|
||||
execution = new AuthenticationExecutionModel();
|
||||
execution.setParentFlow(subflow31.getId());
|
||||
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
|
||||
execution.setAuthenticator(PushButtonAuthenticatorFactory.PROVIDER_ID);
|
||||
execution.setPriority(20);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
// Subflow3 - foo=bar3
|
||||
execution = new AuthenticationExecutionModel();
|
||||
execution.setParentFlow(subflow3.getId());
|
||||
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
|
||||
execution.setAuthenticator(ExpectedParamAuthenticatorFactory.PROVIDER_ID);
|
||||
execution.setPriority(20);
|
||||
execution.setAuthenticatorFlow(false);
|
||||
|
||||
configModel = new AuthenticatorConfigModel();
|
||||
configModel.setAlias("bar3");
|
||||
config = new HashMap<>();
|
||||
config.put(ExpectedParamAuthenticator.EXPECTED_VALUE, "bar3");
|
||||
config.put(ExpectedParamAuthenticator.LOGGED_USER, "keycloak-user@localhost");
|
||||
configModel.setConfig(config);
|
||||
configModel = realm.addAuthenticatorConfig(configModel);
|
||||
execution.setAuthenticatorConfig(configModel.getId());
|
||||
|
||||
realm.addAuthenticatorExecution(execution);
|
||||
|
||||
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
// @Test
|
||||
// public void testSleep() throws Exception {
|
||||
// log.info("Start sleeping");
|
||||
// Thread.sleep(1000000);
|
||||
// }
|
||||
|
||||
|
||||
@Test
|
||||
public void testSubflow1() throws Exception {
|
||||
// Add foo=bar1 . I am redirected to subflow1 - username+password form
|
||||
String loginFormUrl = oauth.getLoginFormUrl();
|
||||
loginFormUrl = loginFormUrl + "&foo=bar1";
|
||||
log.info("loginFormUrl: " + loginFormUrl);
|
||||
|
||||
//Thread.sleep(10000000);
|
||||
|
||||
driver.navigate().to(loginFormUrl);
|
||||
|
||||
loginPage.assertCurrent();
|
||||
|
||||
// Fill username+password. I am successfully authenticated
|
||||
oauth.fillLoginForm("test-user@localhost", "password");
|
||||
appPage.assertCurrent();
|
||||
|
||||
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testSubflow2() throws Exception {
|
||||
// Don't add 'foo' parameter. I am redirected to subflow2 - push the button
|
||||
String loginFormUrl = oauth.getLoginFormUrl();
|
||||
log.info("loginFormUrl: " + loginFormUrl);
|
||||
|
||||
//Thread.sleep(10000000);
|
||||
|
||||
driver.navigate().to(loginFormUrl);
|
||||
|
||||
Assert.assertEquals("PushTheButton", driver.getTitle());
|
||||
|
||||
// Push the button. I am redirected to username+password form
|
||||
driver.findElement(By.name("submit1")).click();
|
||||
|
||||
|
||||
loginPage.assertCurrent();
|
||||
|
||||
// Fill username+password. I am successfully authenticated
|
||||
oauth.fillLoginForm("test-user@localhost", "password");
|
||||
appPage.assertCurrent();
|
||||
|
||||
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
|
||||
}
|
||||
|
||||
|
||||
// @Test
|
||||
// public void testSubflow31() {
|
||||
// // Fill foo=bar2. I am see the pushButton
|
||||
// String loginFormUrl = oauth.getLoginFormUrl();
|
||||
// loginFormUrl = loginFormUrl + "&foo=bar2";
|
||||
// log.info("loginFormUrl: " + loginFormUrl);
|
||||
//
|
||||
// //Thread.sleep(10000000);
|
||||
//
|
||||
// driver.navigate().to(loginFormUrl);
|
||||
// Assert.assertEquals("PushTheButton", driver.getTitle());
|
||||
//
|
||||
// // Confirm push button. I am authenticated as john-doh@localhost
|
||||
// driver.findElement(By.name("submit1")).click();
|
||||
//
|
||||
// appPage.assertCurrent();
|
||||
//
|
||||
// events.expectLogin().detail(Details.USERNAME, "john-doh@localhost").assertEvent();
|
||||
// }
|
||||
//
|
||||
//
|
||||
// @Test
|
||||
// public void testSubflow32() {
|
||||
// // Fill foo=bar3. I am login automatically as "keycloak-user@localhost"
|
||||
//
|
||||
//
|
||||
// }
|
||||
|
||||
|
||||
}
|
|
@ -224,7 +224,7 @@
|
|||
<property name="adapterImplClass">org.keycloak.testsuite.arquillian.undertow.lb.SimpleUndertowLoadBalancerContainer</property>
|
||||
<property name="bindAddress">localhost</property>
|
||||
<property name="bindHttpPort">${auth.server.http.port}</property>
|
||||
<property name="nodes">auth-server-undertow-cross-dc-0.1=http://localhost:8101,auth-server-undertow-cross-dc-0.2-manual=http://localhost:8102,auth-server-undertow-cross-dc-1.1=http://localhost:8111,auth-server-undertow-cross-dc-1.2-manual=http://localhost:8112</property>
|
||||
<property name="nodes">auth-server-undertow-cross-dc-0_1=http://localhost:8101,auth-server-undertow-cross-dc-0_2-manual=http://localhost:8102,auth-server-undertow-cross-dc-1_1=http://localhost:8111,auth-server-undertow-cross-dc-1_2-manual=http://localhost:8112</property>
|
||||
</configuration>
|
||||
</container>
|
||||
|
||||
|
|
|
@ -69,3 +69,5 @@ log4j.logger.org.apache.directory.server.core=warn
|
|||
# log4j.logger.org.keycloak.authentication.authenticators.browser.IdentityProviderAuthenticator=trace
|
||||
# log4j.logger.org.keycloak.keys.infinispan=trace
|
||||
log4j.logger.org.keycloak.services.clientregistration.policy=debug
|
||||
|
||||
#log4j.logger.org.keycloak.authentication=debug
|
||||
|
|
|
@ -92,3 +92,4 @@ log4j.logger.org.apache.directory.server.ldap.LdapProtocolHandler=error
|
|||
#log4j.logger.org.keycloak.services.resources.LoginActionsService=debug
|
||||
#log4j.logger.org.keycloak.services.managers=debug
|
||||
#log4j.logger.org.keycloak.services.resources.SessionCodeChecks=debug
|
||||
#log4j.logger.org.keycloak.authentication=debug
|
|
@ -113,10 +113,10 @@
|
|||
<eviction max-entries="1000" strategy="LRU"/>
|
||||
<expiration max-idle="3600000" />
|
||||
</local-cache>
|
||||
<local-cache name="actionTokens">
|
||||
<distributed-cache name="actionTokens" mode="SYNC" owners="2">
|
||||
<eviction max-entries="-1" strategy="NONE"/>
|
||||
<expiration max-idle="-1" interval="300000"/>
|
||||
</local-cache>
|
||||
</distributed-cache>
|
||||
</cache-container>
|
||||
<cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">
|
||||
<transport lock-timeout="60000"/>
|
||||
|
|
|
@ -116,10 +116,10 @@
|
|||
<eviction max-entries="1000" strategy="LRU"/>
|
||||
<expiration max-idle="3600000" />
|
||||
</local-cache>
|
||||
<local-cache name="actionTokens">
|
||||
<distributed-cache name="actionTokens" mode="SYNC" owners="2">
|
||||
<eviction max-entries="-1" strategy="NONE"/>
|
||||
<expiration max-idle="-1" interval="300000"/>
|
||||
</local-cache>
|
||||
</distributed-cache>
|
||||
</cache-container>
|
||||
<cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">
|
||||
<transport lock-timeout="60000"/>
|
||||
|
|
Loading…
Reference in a new issue