KEYCLOAK-14235 Support for running broker tests with different hostnames for auth server and IdP
This commit is contained in:
vmuzikar
Marek Posolda
parent
58cbee0146
commit
d71e81ed5e
56 changed files with 564 additions and 502 deletions
|
|
@ -973,4 +973,23 @@ Run tests using the `auth-server-quarkus` profile:
|
|||
|
||||
Right now, the server runs in a separate process. To debug the server set `auth.server.debug` system property to `true`.
|
||||
|
||||
To configure the debugger port, set the `auth.server.debug.port` system property with any valid port number. Default is `5005`.
|
||||
To configure the debugger port, set the `auth.server.debug.port` system property with any valid port number. Default is `5005`.
|
||||
|
||||
## Cookies testing
|
||||
In order to reproduce some specific cookies behaviour in browsers (like SameSite policies or 3rd party cookie blocking),
|
||||
some subset of tests needs to be ran with different hosts for auth server and app/IdP server in order to simulate third
|
||||
party contexts. Those hosts must be different from localhost as that host has some special treatment from browsers. At
|
||||
the same time both hosts must use different domains to be considered cross-origin, e.g. `127.0.0.1.nip.io` and
|
||||
`127.0.0.1.xip.io`. NOT `app1.127.0.0.1.nip.io` and `app2.127.0.0.1.nip.io`!!
|
||||
|
||||
Also, those new cookies policies are currently not yet enabled by default (which will change in the near future). To test
|
||||
those policies, you need the latest stable Firefox together with `firefox-strict-cookies` profile. This profile sets the
|
||||
browser to Firefox, configures the proper cookies behavior and makes Firefox to run in the headless mode (which is ok
|
||||
because this is not UI testing). For debugging purposes you can override the headless mode with `-DfirefoxHeadless=false`.
|
||||
|
||||
**Broker tests:**
|
||||
|
||||
mvn clean install -f testsuite/integration-arquillian/tests/base \
|
||||
-Pfirefox-strict-cookies \
|
||||
-Dtest=**.broker.** \
|
||||
-Dauth.server.host=[some_host] -Dauth.server.host2=[some_other_host]
|
||||
|
|
@ -197,6 +197,7 @@
|
|||
<include>password-blacklists/**</include>
|
||||
<include>log4j.properties</include>
|
||||
<include>vault/**</include>
|
||||
<include>firefox-cookies-prefs.js</include>
|
||||
</includes>
|
||||
<!--<filtering>true</filtering>-->
|
||||
</resource>
|
||||
|
|
|
|||
|
|
@ -20,6 +20,8 @@ package org.keycloak.testsuite.pages;
|
|||
import org.openqa.selenium.WebElement;
|
||||
import org.openqa.selenium.support.FindBy;
|
||||
|
||||
import static org.keycloak.testsuite.util.UIUtils.clickLink;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
*/
|
||||
|
|
@ -33,11 +35,11 @@ public class LoginExpiredPage extends AbstractPage {
|
|||
|
||||
|
||||
public void clickLoginRestartLink() {
|
||||
loginRestartLink.click();
|
||||
clickLink(loginRestartLink);
|
||||
}
|
||||
|
||||
public void clickLoginContinueLink() {
|
||||
loginContinueLink.click();
|
||||
clickLink(loginContinueLink);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -85,26 +85,26 @@ public class LoginPage extends LanguageComboboxAwarePage {
|
|||
passwordInput.clear();
|
||||
passwordInput.sendKeys(password);
|
||||
|
||||
submitButton.click();
|
||||
clickLink(submitButton);
|
||||
}
|
||||
|
||||
public void login(String password) {
|
||||
passwordInput.clear();
|
||||
passwordInput.sendKeys(password);
|
||||
|
||||
submitButton.click();
|
||||
clickLink(submitButton);
|
||||
}
|
||||
|
||||
public void missingPassword(String username) {
|
||||
usernameInput.clear();
|
||||
usernameInput.sendKeys(username);
|
||||
passwordInput.clear();
|
||||
submitButton.click();
|
||||
clickLink(submitButton);
|
||||
|
||||
}
|
||||
public void missingUsername() {
|
||||
usernameInput.clear();
|
||||
submitButton.click();
|
||||
clickLink(submitButton);
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -164,11 +164,11 @@ public class LoginPage extends LanguageComboboxAwarePage {
|
|||
}
|
||||
|
||||
public void resetPassword() {
|
||||
resetPasswordLink.click();
|
||||
clickLink(resetPasswordLink);
|
||||
}
|
||||
|
||||
public void recoverUsername() {
|
||||
recoverUsernameLink.click();
|
||||
clickLink(recoverUsernameLink);
|
||||
}
|
||||
|
||||
public void setRememberMe(boolean enable) {
|
||||
|
|
|
|||
|
|
@ -3,6 +3,8 @@ package org.keycloak.testsuite.pages;
|
|||
import org.openqa.selenium.WebElement;
|
||||
import org.openqa.selenium.support.FindBy;
|
||||
|
||||
import static org.keycloak.testsuite.util.UIUtils.clickLink;
|
||||
|
||||
public class UpdateAccountInformationPage extends LanguageComboboxAwarePage {
|
||||
|
||||
@FindBy(id = "username")
|
||||
|
|
@ -36,7 +38,7 @@ public class UpdateAccountInformationPage extends LanguageComboboxAwarePage {
|
|||
lastNameInput.clear();
|
||||
lastNameInput.sendKeys(lastName);
|
||||
|
||||
submitButton.click();
|
||||
clickLink(submitButton);
|
||||
}
|
||||
|
||||
public void updateAccountInformation(String email,
|
||||
|
|
@ -51,7 +53,7 @@ public class UpdateAccountInformationPage extends LanguageComboboxAwarePage {
|
|||
lastNameInput.clear();
|
||||
lastNameInput.sendKeys(lastName);
|
||||
|
||||
submitButton.click();
|
||||
clickLink(submitButton);
|
||||
}
|
||||
|
||||
public void updateAccountInformation(String firstName,
|
||||
|
|
@ -62,7 +64,7 @@ public class UpdateAccountInformationPage extends LanguageComboboxAwarePage {
|
|||
lastNameInput.clear();
|
||||
lastNameInput.sendKeys(lastName);
|
||||
|
||||
submitButton.click();
|
||||
clickLink(submitButton);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -35,7 +35,6 @@ import org.keycloak.testsuite.util.UserBuilder;
|
|||
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
import static org.keycloak.testsuite.admin.ApiUtil.createUserWithAdminClient;
|
||||
|
|
@ -76,13 +75,13 @@ public class AccountBrokerTest extends AbstractBaseBrokerTest {
|
|||
log.debug("adding identity provider to realm " + bc.consumerRealmName());
|
||||
|
||||
RealmResource realm = adminClient.realm(bc.consumerRealmName());
|
||||
realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext)).close();
|
||||
realm.identityProviders().create(bc.setUpIdentityProvider()).close();
|
||||
realm.identityProviders().get(bc.getIDPAlias());
|
||||
}
|
||||
|
||||
@Before
|
||||
public void addClients() {
|
||||
List<ClientRepresentation> clients = bc.createProviderClients(suiteContext);
|
||||
List<ClientRepresentation> clients = bc.createProviderClients();
|
||||
if (clients != null) {
|
||||
RealmResource providerRealm = adminClient.realm(bc.providerRealmName());
|
||||
for (ClientRepresentation client : clients) {
|
||||
|
|
@ -97,7 +96,7 @@ public class AccountBrokerTest extends AbstractBaseBrokerTest {
|
|||
}
|
||||
}
|
||||
|
||||
clients = bc.createConsumerClients(suiteContext);
|
||||
clients = bc.createConsumerClients();
|
||||
if (clients != null) {
|
||||
RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
|
||||
for (ClientRepresentation client : clients) {
|
||||
|
|
|
|||
|
|
@ -312,7 +312,7 @@ public class BrokerLinkAndTokenExchangeTest extends AbstractServletsAdapterTest
|
|||
}
|
||||
|
||||
public void createParentChild() {
|
||||
BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext);
|
||||
BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -197,7 +197,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractServletsAdapterTest
|
|||
}
|
||||
|
||||
public void createParentChild() {
|
||||
BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext);
|
||||
BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ import org.keycloak.admin.client.resource.IdentityProviderResource;
|
|||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
import org.keycloak.admin.client.resource.UserResource;
|
||||
import org.keycloak.common.util.Time;
|
||||
import org.keycloak.models.IdentityProviderMapperModel;
|
||||
import org.keycloak.models.IdentityProviderMapperSyncMode;
|
||||
import org.keycloak.models.IdentityProviderSyncMode;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
|
|
@ -50,6 +49,8 @@ import static org.keycloak.testsuite.broker.BrokerRunOnServerUtil.configurePostB
|
|||
import static org.keycloak.testsuite.broker.BrokerRunOnServerUtil.disablePostBrokerLoginFlow;
|
||||
import static org.keycloak.testsuite.broker.BrokerRunOnServerUtil.grantReadTokenRole;
|
||||
import static org.keycloak.testsuite.broker.BrokerRunOnServerUtil.revokeReadTokenRole;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForElementEnabled;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
|
||||
|
|
@ -148,12 +149,12 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
|
||||
createUser(bc.consumerRealmName(), "consumer", "password", "FirstName", "LastName", "consumer@localhost.com");
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
waitForAccountManagementTitle();
|
||||
accountUpdateProfilePage.assertCurrent();
|
||||
logoutFromRealm(bc.providerRealmName());
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
accountFederatedIdentityPage.realm(bc.consumerRealmName());
|
||||
accountFederatedIdentityPage.open();
|
||||
|
|
@ -180,7 +181,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
|
||||
identityProviderResource.update(idpRep);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
updatePasswordPage.updatePasswords("password", "password");
|
||||
waitForAccountManagementTitle();
|
||||
|
|
@ -195,7 +196,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
Client client = javax.ws.rs.client.ClientBuilder.newBuilder().register((ClientRequestFilter) request -> request.getHeaders().add(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken.get())).build();
|
||||
|
||||
try {
|
||||
WebTarget target = client.target(Urls.identityProviderRetrieveToken(URI.create(BrokerTestTools.getAuthRoot(suiteContext) + "/auth"), bc.getIDPAlias(), bc.consumerRealmName()));
|
||||
WebTarget target = client.target(Urls.identityProviderRetrieveToken(URI.create(getConsumerRoot() + "/auth"), bc.getIDPAlias(), bc.consumerRealmName()));
|
||||
|
||||
try (Response response = target.request().get()) {
|
||||
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
|
||||
|
|
@ -224,13 +225,13 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
|
||||
loginWithExistingUser();
|
||||
|
||||
driver.navigate().to(getAccountPasswordUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountPasswordUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
accountPasswordPage.changePassword("password", "password");
|
||||
|
||||
logoutFromRealm(bc.providerRealmName());
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
try {
|
||||
waitForPage(driver, "log in to", true);
|
||||
|
|
@ -274,7 +275,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
public void loginWithExistingUserWithErrorFromProviderIdP() {
|
||||
ClientRepresentation client = adminClient.realm(bc.providerRealmName())
|
||||
.clients()
|
||||
.findByClientId(bc.getIDPClientIdInProviderRealm(suiteContext))
|
||||
.findByClientId(bc.getIDPClientIdInProviderRealm())
|
||||
.get(0);
|
||||
|
||||
adminClient.realm(bc.providerRealmName())
|
||||
|
|
@ -282,7 +283,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
.get(client.getId())
|
||||
.update(ClientBuilder.edit(client).consentRequired(true).build());
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
driver.manage().timeouts().pageLoadTimeout(30, TimeUnit.MINUTES);
|
||||
|
|
@ -306,8 +307,8 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
@Test
|
||||
public void testDisabledUser() {
|
||||
loginUser();
|
||||
logoutFromRealm(bc.providerRealmName());
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
RealmResource realm = adminClient.realm(bc.consumerRealmName());
|
||||
UserRepresentation userRep = realm.users().search(bc.getUserLogin()).get(0);
|
||||
|
|
@ -332,7 +333,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
public void mapperGrantsNewRoleFromTokenWithInheritedSyncModeForce() {
|
||||
RealmResource realm = adminClient.realm(bc.consumerRealmName());
|
||||
realm.identityProviders().get(bc.getIDPAlias())
|
||||
.update(bc.setUpIdentityProvider(suiteContext, IdentityProviderSyncMode.FORCE));
|
||||
.update(bc.setUpIdentityProvider(IdentityProviderSyncMode.FORCE));
|
||||
|
||||
testMapperAssigningRoles(IdentityProviderMapperSyncMode.INHERIT, true);
|
||||
}
|
||||
|
|
@ -341,7 +342,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
public void mapperDoesNotGrantNewRoleFromTokenWithInheritedSyncModeImport() {
|
||||
RealmResource realm = adminClient.realm(bc.consumerRealmName());
|
||||
realm.identityProviders().get(bc.getIDPAlias())
|
||||
.update(bc.setUpIdentityProvider(suiteContext, IdentityProviderSyncMode.IMPORT));
|
||||
.update(bc.setUpIdentityProvider(IdentityProviderSyncMode.IMPORT));
|
||||
|
||||
testMapperAssigningRoles(IdentityProviderMapperSyncMode.INHERIT, false);
|
||||
}
|
||||
|
|
@ -369,7 +370,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
assertThat(currentRoles, hasItems(ROLE_MANAGER));
|
||||
assertThat(currentRoles, not(hasItems(ROLE_USER)));
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
|
||||
userResource.roles().realmLevel().add(Collections.singletonList(userRole));
|
||||
|
|
@ -386,8 +387,8 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
assertThat(currentRoles, not(hasItems(ROLE_USER)));
|
||||
}
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(bc.providerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -417,7 +418,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
assertThat(currentRoles, hasItems(ROLE_MANAGER));
|
||||
assertThat(currentRoles, not(hasItems(ROLE_USER, ROLE_FRIENDLY_MANAGER)));
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
|
||||
userResource.roles().realmLevel().add(Arrays.asList(userRole, friendlyManagerRole));
|
||||
|
|
@ -430,14 +431,14 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
assertThat(currentRoles, hasItems(ROLE_MANAGER, ROLE_FRIENDLY_MANAGER));
|
||||
assertThat(currentRoles, not(hasItems(ROLE_USER)));
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(bc.providerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
}
|
||||
|
||||
// KEYCLOAK-4016
|
||||
@Test
|
||||
public void testExpiredCode() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
log.debug("Expire all browser cookies");
|
||||
driver.manage().deleteAllCookies();
|
||||
|
|
@ -459,7 +460,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
|
||||
testingClient.server(bc.consumerRealmName()).run(configurePostBrokerLoginWithOTP(bc.getIDPAlias()));
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
logInWithBroker(bc);
|
||||
|
||||
|
|
@ -468,13 +469,13 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
totpPage.configure(totp.generateTOTP(totpSecret));
|
||||
RealmResource realm = adminClient.realm(bc.consumerRealmName());
|
||||
assertNumFederatedIdentities(realm.users().search(bc.getUserLogin()).get(0).getId(), 1);
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
logInWithBroker(bc);
|
||||
|
||||
loginTotpPage.assertCurrent();
|
||||
loginTotpPage.login(totp.generateTOTP(totpSecret));
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
testingClient.server(bc.consumerRealmName()).run(disablePostBrokerLoginFlow(bc.getIDPAlias()));
|
||||
logInWithBroker(bc);
|
||||
|
|
@ -499,7 +500,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
realm.update(consumerRealmRep);
|
||||
|
||||
try {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
logInWithBroker(bc);
|
||||
|
||||
|
|
@ -507,7 +508,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
String totpSecret = totpPage.getTotpSecret();
|
||||
totpPage.configure(totp.generateTOTP(totpSecret));
|
||||
assertNumFederatedIdentities(realm.users().search(bc.getUserLogin()).get(0).getId(), 1);
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
logInWithBroker(bc);
|
||||
|
||||
|
|
@ -530,7 +531,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
|
||||
loginTotpPage.login(totp.generateTOTP(totpSecret));
|
||||
waitForAccountManagementTitle();
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
} finally {
|
||||
testingClient.server(bc.consumerRealmName()).run(disablePostBrokerLoginFlow(bc.getIDPAlias()));
|
||||
|
||||
|
|
@ -556,7 +557,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
idp.getConfig().put("backchannelSupported", "false");
|
||||
adminClient.realm(bc.consumerRealmName()).identityProviders().get(bc.getIDPAlias()).update(idp);
|
||||
Time.setOffset(2);
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
waitForPage(driver, "update account information", false);
|
||||
updateAccountInformationPage.assertCurrent();
|
||||
|
|
@ -588,7 +589,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
adminClient.realm(bc.consumerRealmName()).components().add(component);
|
||||
|
||||
createUser(bc.providerRealmName(), "test-user", "password", "FirstName", "LastName", "test-user@localhost.com");
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
loginPage.clickSocial(bc.getIDPAlias());
|
||||
loginPage.login("test-user", "password");
|
||||
waitForAccountManagementTitle();
|
||||
|
|
@ -601,11 +602,11 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
|
|||
accountPasswordPage.changePassword("secret", "new-password", "new-password");
|
||||
assertEquals("Your password has been updated.", accountUpdateProfilePage.getSuccess());
|
||||
|
||||
logoutFromRealm(bc.providerRealmName());
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
createUser(bc.providerRealmName(), "test-user-noemail", "password", "FirstName", "LastName", "test-user-noemail@localhost.com");
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
loginPage.clickSocial(bc.getIDPAlias());
|
||||
loginPage.login("test-user-noemail", "password");
|
||||
waitForAccountManagementTitle();
|
||||
|
|
|
|||
|
|
@ -68,7 +68,9 @@ import static org.keycloak.testsuite.admin.ApiUtil.createUserWithAdminClient;
|
|||
import static org.keycloak.testsuite.admin.ApiUtil.resetUserPassword;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestConstants.USER_EMAIL;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.encodeUrl;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
|
||||
|
||||
/**
|
||||
* No test methods there. Just some useful common functionality
|
||||
|
|
@ -164,7 +166,7 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
|
|||
}
|
||||
|
||||
protected void addClientsToProviderAndConsumer() {
|
||||
List<ClientRepresentation> clients = bc.createProviderClients(suiteContext);
|
||||
List<ClientRepresentation> clients = bc.createProviderClients();
|
||||
final RealmResource providerRealm = adminClient.realm(bc.providerRealmName());
|
||||
for (ClientRepresentation client : clients) {
|
||||
log.debug("adding client " + client.getClientId() + " to realm " + bc.providerRealmName());
|
||||
|
|
@ -173,7 +175,7 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
|
|||
resp.close();
|
||||
}
|
||||
|
||||
clients = bc.createConsumerClients(suiteContext);
|
||||
clients = bc.createConsumerClients();
|
||||
if (clients != null) {
|
||||
RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
|
||||
for (ClientRepresentation client : clients) {
|
||||
|
|
@ -217,7 +219,7 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
|
|||
}
|
||||
|
||||
protected void logInAsUserInIDP() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
}
|
||||
|
||||
|
|
@ -226,6 +228,7 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
|
|||
}
|
||||
|
||||
protected void logInWithIdp(String idpAlias, String username, String password) {
|
||||
waitForPage(driver, "log in to", true);
|
||||
log.debug("Clicking social " + idpAlias);
|
||||
loginPage.clickSocial(idpAlias);
|
||||
waitForPage(driver, "log in to", true);
|
||||
|
|
@ -251,43 +254,45 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
|
|||
}
|
||||
|
||||
|
||||
protected String getAccountUrl(String realmName) {
|
||||
return BrokerTestTools.getAuthRoot(suiteContext) + "/auth/realms/" + realmName + "/account";
|
||||
protected String getAccountUrl(String contextRoot, String realmName) {
|
||||
return contextRoot + "/auth/realms/" + realmName + "/account";
|
||||
}
|
||||
|
||||
|
||||
protected String getAccountPasswordUrl(String realmName) {
|
||||
return BrokerTestTools.getAuthRoot(suiteContext) + "/auth/realms/" + realmName + "/account/password";
|
||||
protected String getAccountPasswordUrl(String contextRoot, String realmName) {
|
||||
return contextRoot + "/auth/realms/" + realmName + "/account/password";
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the login page for an existing client in provided realm
|
||||
*
|
||||
* @param contextRoot
|
||||
* @param realmName Name of the realm
|
||||
* @param clientId ClientId of a client. Client has to exists in the realm.
|
||||
* @return Login URL
|
||||
*/
|
||||
protected String getLoginUrl(String realmName, String clientId) {
|
||||
protected String getLoginUrl(String contextRoot, String realmName, String clientId) {
|
||||
List<ClientRepresentation> clients = adminClient.realm(realmName).clients().findByClientId(clientId);
|
||||
|
||||
assertThat(clients, Matchers.is(Matchers.not(Matchers.empty())));
|
||||
|
||||
String redirectURI = clients.get(0).getBaseUrl();
|
||||
|
||||
return BrokerTestTools.getAuthRoot(suiteContext) + "/auth/realms/" + realmName + "/protocol/openid-connect/auth?client_id=" +
|
||||
return contextRoot + "/auth/realms/" + realmName + "/protocol/openid-connect/auth?client_id=" +
|
||||
clientId + "&redirect_uri=" + redirectURI + "&response_type=code&scope=openid";
|
||||
}
|
||||
|
||||
protected void logoutFromRealm(String realm) {
|
||||
logoutFromRealm(realm, null);
|
||||
protected void logoutFromRealm(String contextRoot, String realm) {
|
||||
logoutFromRealm(contextRoot, realm, null);
|
||||
}
|
||||
|
||||
protected void logoutFromRealm(String realm, String initiatingIdp) { logoutFromRealm(realm, initiatingIdp, null); }
|
||||
protected void logoutFromRealm(String contextRoot, String realm, String initiatingIdp) { logoutFromRealm(contextRoot, realm, initiatingIdp, null); }
|
||||
|
||||
protected void logoutFromRealm(String realm, String initiatingIdp, String tokenHint) {
|
||||
driver.navigate().to(BrokerTestTools.getAuthRoot(suiteContext)
|
||||
protected void logoutFromRealm(String contextRoot, String realm, String initiatingIdp, String tokenHint) {
|
||||
driver.navigate().to(contextRoot
|
||||
+ "/auth/realms/" + realm
|
||||
+ "/protocol/" + "openid-connect"
|
||||
+ "/logout?redirect_uri=" + encodeUrl(getAccountUrl(realm))
|
||||
+ "/logout?redirect_uri=" + encodeUrl(getAccountUrl(contextRoot, realm))
|
||||
+ (!StringUtils.isBlank(initiatingIdp) ? "&initiating_idp=" + initiatingIdp : "")
|
||||
+ (!StringUtils.isBlank(tokenHint) ? "&id_token_hint=" + tokenHint : "")
|
||||
);
|
||||
|
|
@ -330,9 +335,9 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
|
|||
}
|
||||
|
||||
|
||||
protected URI getAuthServerSamlEndpoint(String realm) throws IllegalArgumentException, UriBuilderException {
|
||||
protected URI getConsumerSamlEndpoint(String realm) throws IllegalArgumentException, UriBuilderException {
|
||||
return RealmsResource
|
||||
.protocolUrl(UriBuilder.fromUri(getAuthServerRoot()))
|
||||
.protocolUrl(UriBuilder.fromUri(getConsumerRoot()).path("auth"))
|
||||
.build(realm, SamlProtocol.LOGIN_PROTOCOL);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -21,6 +21,8 @@ import java.util.Map;
|
|||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.keycloak.models.utils.DefaultAuthenticationFlows.IDP_REVIEW_PROFILE_CONFIG_ALIAS;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
|
||||
/**
|
||||
|
|
@ -46,7 +48,7 @@ public abstract class AbstractBrokerTest extends AbstractInitializedBaseBrokerTe
|
|||
}
|
||||
|
||||
protected void loginUser() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
logInWithBroker(bc);
|
||||
|
||||
|
|
@ -84,7 +86,7 @@ public abstract class AbstractBrokerTest extends AbstractInitializedBaseBrokerTe
|
|||
|
||||
Integer userCount = adminClient.realm(bc.consumerRealmName()).users().count();
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
assertEquals(accountPage.buildUri().toASCIIString().replace("master", "consumer") + "/", driver.getCurrentUrl());
|
||||
|
|
@ -95,15 +97,15 @@ public abstract class AbstractBrokerTest extends AbstractInitializedBaseBrokerTe
|
|||
protected void testSingleLogout() {
|
||||
log.debug("Testing single log out");
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.providerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getProviderRoot(), bc.providerRealmName()));
|
||||
|
||||
Assert.assertTrue("Should be logged in the account page", driver.getTitle().endsWith("Account Management"));
|
||||
|
||||
logoutFromRealm(bc.providerRealmName());
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
|
||||
Assert.assertTrue("Should be on " + bc.providerRealmName() + " realm", driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName()));
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
Assert.assertTrue("Should be on " + bc.consumerRealmName() + " realm on login page",
|
||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/protocol/openid-connect/"));
|
||||
|
|
|
|||
|
|
@ -30,15 +30,17 @@ import org.openqa.selenium.By;
|
|||
import org.openqa.selenium.NoSuchElementException;
|
||||
import org.openqa.selenium.WebDriver;
|
||||
import org.openqa.selenium.WebElement;
|
||||
import org.openqa.selenium.htmlunit.HtmlUnitDriver;
|
||||
import org.openqa.selenium.support.PageFactory;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertThat;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.keycloak.testsuite.broker.BrokerRunOnServerUtil.assertHardCodedSessionNote;
|
||||
import static org.keycloak.testsuite.broker.BrokerRunOnServerUtil.configureAutoLinkFlow;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestConstants.USER_EMAIL;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.util.MailAssert.assertEmailAndGetUrl;
|
||||
|
||||
|
|
@ -61,7 +63,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
public void testErrorExistingUserWithUpdateProfile() {
|
||||
createUser("consumer");
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
waitForPage(driver, "update account information", false);
|
||||
|
|
@ -85,7 +87,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
|
||||
String existingUser = createUser("consumer");
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
waitForPage(driver, "account already exists", false);
|
||||
|
|
@ -123,7 +125,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
String existingUser = createUser("consumer");
|
||||
String anotherUser = createUser("foobar", "foo@bar.baz");
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
waitForPage(driver, "account already exists", false);
|
||||
|
|
@ -162,7 +164,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
updateExecutions(AbstractBrokerTest::disableExistingUser);
|
||||
String existingUser = createUser("consumer");
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
assertEquals("Authenticate to link your account with " + bc.getIDPAlias(), loginPage.getInfoMessage());
|
||||
|
|
@ -194,7 +196,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
|
||||
String existingUser = createUser("consumer");
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
waitForPage(driver, "account already exists", false);
|
||||
|
|
@ -230,7 +232,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
updateExecutions(AbstractBrokerTest::disableExistingUser);
|
||||
String existingUser = createUser("consumer");
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
assertEquals("Authenticate to link your account with " + bc.getIDPAlias(), loginPage.getInfoMessage());
|
||||
|
|
@ -268,7 +270,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
|
||||
providerUser.update(userResource);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
log.debug("Clicking social " + bc.getIDPAlias());
|
||||
loginPage.clickSocial(bc.getIDPAlias());
|
||||
|
|
@ -286,7 +288,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
// Click browser 'back' and then 'forward' and then continue
|
||||
driver.navigate().back();
|
||||
assertTrue(driver.getPageSource().contains("You are already logged in."));
|
||||
driver.navigate().forward();
|
||||
driver.navigate().forward(); // here a new execution ID is added to the URL using JS, see below
|
||||
idpConfirmLinkPage.assertCurrent();
|
||||
|
||||
// Click browser 'back' on review profile page
|
||||
|
|
@ -294,6 +296,11 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
waitForPage(driver, "update account information", false);
|
||||
updateAccountInformationPage.assertCurrent();
|
||||
driver.navigate().back();
|
||||
// JS-capable browsers (i.e. all except HtmlUnit) add a new execution ID to the URL which then causes the login expire page to appear (because the old ID and new ID don't match)
|
||||
if (!(driver instanceof HtmlUnitDriver)) {
|
||||
loginExpiredPage.assertCurrent();
|
||||
loginExpiredPage.clickLoginContinueLink();
|
||||
}
|
||||
waitForPage(driver, "update account information", false);
|
||||
updateAccountInformationPage.assertCurrent();
|
||||
updateAccountInformationPage.updateAccountInformation(bc.getUserEmail(), "FirstName", "LastName");
|
||||
|
|
@ -345,7 +352,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
|
||||
providerUser.update(userResource);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
logInWithBroker(bc);
|
||||
|
||||
|
|
@ -399,7 +406,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
|
||||
providerUser.update(userResource);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
waitForPage(driver, "account already exists", false);
|
||||
|
|
@ -449,7 +456,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
public void testFirstBrokerLoginFlowUpdateProfileOff() {
|
||||
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
waitForAccountManagementTitle();
|
||||
|
|
@ -470,7 +477,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
|
||||
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
waitForPage(driver, "account already exists", false);
|
||||
|
|
@ -487,7 +494,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
|
||||
updateExecutions(AbstractBrokerTest::enableUpdateProfileOnFirstLogin);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
Assert.assertTrue(updateAccountInformationPage.isCurrent());
|
||||
|
|
@ -509,7 +516,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
public void testRequiredUpdatedPassword() {
|
||||
updateExecutions(AbstractBrokerTest::enableRequirePassword);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
Assert.assertTrue(updateAccountInformationPage.isCurrent());
|
||||
|
|
@ -539,7 +546,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
consumerUser.setEmail(bc.getUserEmail());
|
||||
userResource.update(consumerUser);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
waitForPage(driver, "update account information", false);
|
||||
|
|
@ -592,7 +599,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
Response response = idpResource.addMapper(hardCodedSessionNoteMapper);
|
||||
response.close();
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
logInWithBroker(bc);
|
||||
|
||||
|
|
@ -619,7 +626,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
realmRep.setRegistrationEmailAsUsername(true);
|
||||
realm.update(realmRep);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
Assert.assertTrue(updateAccountInformationPage.isCurrent());
|
||||
|
|
@ -652,7 +659,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
String linkedUserId = createUser("consumer");
|
||||
|
||||
//test
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
waitForPage(driver, "update account information", false);
|
||||
|
|
@ -701,7 +708,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
|
||||
configureSMTPServer();
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
waitForPage(driver, "update account information", false);
|
||||
|
|
@ -735,7 +742,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
|
||||
createUser(bc.providerRealmName(), "no-email", "password", "FirstName", "LastName", null);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
log.debug("Clicking social " + bc.getIDPAlias());
|
||||
loginPage.clickSocial(bc.getIDPAlias());
|
||||
waitForPage(driver, "log in to", true);
|
||||
|
|
@ -774,7 +781,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
|
||||
identityProviderResource.update(idpRep);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
waitForPage(driver, "update account information", false);
|
||||
|
|
@ -811,7 +818,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
|
||||
configureSMTPServer();
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
waitForPage(driver, "update account information", false);
|
||||
|
|
@ -848,7 +855,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
userResource.update(consumerUser);
|
||||
configureSMTPServer();
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
//link account by email
|
||||
|
|
@ -870,7 +877,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
|
||||
driver.navigate().to(url);
|
||||
waitForPage(driver, "you are already logged in.", false);
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
driver.navigate().to(url);
|
||||
waitForPage(driver, "confirm linking the account testuser of identity provider " + bc.getIDPAlias() + " with your account.", false);
|
||||
|
|
@ -893,7 +900,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
userResource.update(consumerUser);
|
||||
configureSMTPServer();
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
//link account by email
|
||||
|
|
@ -923,7 +930,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
//create user on consumer's site who should be linked later
|
||||
String linkedUserId = createUser("consumer");
|
||||
|
||||
driver.navigate().to(getLoginUrl(bc.consumerRealmName(), "broker-app"));
|
||||
driver.navigate().to(getLoginUrl(getConsumerRoot(), bc.consumerRealmName(), "broker-app"));
|
||||
logInWithBroker(bc);
|
||||
|
||||
waitForPage(driver, "update account information", false);
|
||||
|
|
@ -970,7 +977,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
|
||||
|
||||
createUser(bc.providerRealmName(), "no-first-name", "password", null, "LastName", "no-first-name@localhost.com");
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
log.debug("Clicking social " + bc.getIDPAlias());
|
||||
loginPage.clickSocial(bc.getIDPAlias());
|
||||
waitForPage(driver, "log in to", true);
|
||||
|
|
@ -985,10 +992,10 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
waitForAccountManagementTitle();
|
||||
accountUpdateProfilePage.assertCurrent();
|
||||
|
||||
logoutFromRealm(bc.providerRealmName());
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
createUser(bc.providerRealmName(), "no-last-name", "password", "FirstName", null, "no-last-name@localhost.com");
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
log.debug("Clicking social " + bc.getIDPAlias());
|
||||
loginPage.clickSocial(bc.getIDPAlias());
|
||||
waitForPage(driver, "log in to", true);
|
||||
|
|
@ -1003,10 +1010,10 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
waitForAccountManagementTitle();
|
||||
accountUpdateProfilePage.assertCurrent();
|
||||
|
||||
logoutFromRealm(bc.providerRealmName());
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
createUser(bc.providerRealmName(), "no-email", "password", "FirstName", "LastName", null);
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
log.debug("Clicking social " + bc.getIDPAlias());
|
||||
loginPage.clickSocial(bc.getIDPAlias());
|
||||
waitForPage(driver, "log in to", true);
|
||||
|
|
@ -1032,7 +1039,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
|
||||
createUser(bc.providerRealmName(), "all-info-set", "password", "FirstName", "LastName", "all-info-set@localhost.com");
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
log.debug("Clicking social " + bc.getIDPAlias());
|
||||
loginPage.clickSocial(bc.getIDPAlias());
|
||||
waitForPage(driver, "log in to", true);
|
||||
|
|
@ -1053,7 +1060,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
public void testWithoutUpdateProfile() {
|
||||
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
waitForAccountManagementTitle();
|
||||
accountUpdateProfilePage.assertCurrent();
|
||||
|
|
@ -1068,7 +1075,7 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractInitializedBa
|
|||
public void testAutoLinkAccountWithBroker() {
|
||||
testingClient.server(bc.consumerRealmName()).run(configureAutoLinkFlow(bc.getIDPAlias()));
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
RealmResource realm = adminClient.realm(bc.consumerRealmName());
|
||||
|
|
|
|||
|
|
@ -3,14 +3,12 @@ package org.keycloak.testsuite.broker;
|
|||
import org.junit.Before;
|
||||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
import org.keycloak.admin.client.resource.UsersResource;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.MappingsRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.testsuite.util.UserBuilder;
|
||||
|
||||
import javax.ws.rs.core.Response;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
|
@ -39,7 +37,7 @@ public abstract class AbstractIdentityProviderMapperTest extends AbstractBaseBro
|
|||
protected IdentityProviderRepresentation setupIdentityProvider() {
|
||||
log.debug("adding identity provider to realm " + bc.consumerRealmName());
|
||||
|
||||
final IdentityProviderRepresentation idp = bc.setUpIdentityProvider(suiteContext);
|
||||
final IdentityProviderRepresentation idp = bc.setUpIdentityProvider();
|
||||
realm.identityProviders().create(idp).close();
|
||||
return idp;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -55,7 +55,7 @@ public abstract class AbstractInitializedBaseBrokerTest extends AbstractBaseBrok
|
|||
|
||||
log.debug("adding identity provider to realm " + bc.consumerRealmName());
|
||||
RealmResource realm = adminClient.realm(bc.consumerRealmName());
|
||||
realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext)).close();
|
||||
realm.identityProviders().create(bc.setUpIdentityProvider()).close();
|
||||
identityProviderResource = realm.identityProviders().get(bc.getIDPAlias());
|
||||
|
||||
addClientsToProviderAndConsumer();
|
||||
|
|
|
|||
|
|
@ -3,6 +3,8 @@ package org.keycloak.testsuite.broker;
|
|||
import static org.hamcrest.Matchers.contains;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
import static org.junit.Assert.assertThat;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
import static org.keycloak.testsuite.util.WaitUtils.pause;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
|
@ -13,6 +15,7 @@ import org.keycloak.models.IdentityProviderMapperSyncMode;
|
|||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.openqa.selenium.firefox.FirefoxDriver;
|
||||
|
||||
/**
|
||||
* @author hmlnarik,
|
||||
|
|
@ -52,7 +55,7 @@ public abstract class AbstractRoleMapperTest extends AbstractIdentityProviderMap
|
|||
if (createAfterFirstLogin) {
|
||||
createMapperInIdp(idp, syncMode);
|
||||
}
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
updateUser();
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import static org.hamcrest.Matchers.equalTo;
|
|||
import static org.hamcrest.Matchers.notNullValue;
|
||||
import static org.hamcrest.Matchers.nullValue;
|
||||
import static org.junit.Assert.assertThat;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
|
@ -108,7 +109,7 @@ public abstract class AbstractUserAttributeMapperTest extends AbstractIdentityPr
|
|||
|
||||
assertUserAttributes(initialUserAttributes, userRep);
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
// update user in provider realm
|
||||
UserRepresentation userRepProvider = findUser(bc.providerRealmName(), bc.getUserLogin(), email);
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ import static org.hamcrest.Matchers.is;
|
|||
import static org.junit.Assert.assertThat;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.broker.KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
|
|
@ -62,7 +63,7 @@ public abstract class AbstractUsernameTemplateMapperTest extends AbstractIdentit
|
|||
String mappedUserName = String.format(getMapperTemplate(), userName);
|
||||
findUser(bc.consumerRealmName(), mappedUserName, bc.getUserEmail());
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
updateUser(updatedUserName);
|
||||
|
||||
|
|
|
|||
|
|
@ -119,7 +119,7 @@ public class AccountLinkTest extends AbstractKeycloakTest {
|
|||
|
||||
|
||||
public void createParentChild() {
|
||||
BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext);
|
||||
BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ import org.keycloak.models.IdentityProviderSyncMode;
|
|||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
|
|
@ -24,21 +23,21 @@ public interface BrokerConfiguration {
|
|||
*/
|
||||
RealmRepresentation createConsumerRealm();
|
||||
|
||||
List<ClientRepresentation> createProviderClients(SuiteContext suiteContext);
|
||||
List<ClientRepresentation> createProviderClients();
|
||||
|
||||
List<ClientRepresentation> createConsumerClients(SuiteContext suiteContext);
|
||||
List<ClientRepresentation> createConsumerClients();
|
||||
|
||||
/**
|
||||
* @return Representation of the identity provider for declaration in the broker
|
||||
*/
|
||||
default IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext) {
|
||||
return setUpIdentityProvider(suiteContext, IdentityProviderSyncMode.IMPORT);
|
||||
default IdentityProviderRepresentation setUpIdentityProvider() {
|
||||
return setUpIdentityProvider(IdentityProviderSyncMode.IMPORT);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Representation of the identity provider for declaration in the broker
|
||||
*/
|
||||
IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext, IdentityProviderSyncMode force);
|
||||
IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode force);
|
||||
|
||||
/**
|
||||
* @return Name of realm containing identity provider. Must be consistent with {@link #createProviderRealm()}
|
||||
|
|
@ -53,7 +52,7 @@ public interface BrokerConfiguration {
|
|||
/**
|
||||
* @return Client ID of the identity provider as set in provider realm.
|
||||
*/
|
||||
String getIDPClientIdInProviderRealm(SuiteContext suiteContext);
|
||||
String getIDPClientIdInProviderRealm();
|
||||
|
||||
/**
|
||||
* @return User login name of the brokered user
|
||||
|
|
|
|||
|
|
@ -1,16 +1,10 @@
|
|||
package org.keycloak.testsuite.broker;
|
||||
|
||||
import org.apache.http.client.utils.URIBuilder;
|
||||
import org.keycloak.admin.client.Keycloak;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.net.URLEncoder;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
|
||||
import org.keycloak.testsuite.pages.PageUtils;
|
||||
import org.openqa.selenium.By;
|
||||
import org.openqa.selenium.WebDriver;
|
||||
|
|
@ -18,7 +12,16 @@ import org.openqa.selenium.WebElement;
|
|||
import org.openqa.selenium.support.ui.ExpectedCondition;
|
||||
import org.openqa.selenium.support.ui.WebDriverWait;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.net.URI;
|
||||
import java.net.URLEncoder;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.keycloak.testsuite.arquillian.AuthServerTestEnricher.AUTH_SERVER_HOST;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_PROVIDER_ID;
|
||||
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
|
||||
|
||||
/**
|
||||
*
|
||||
|
|
@ -26,8 +29,23 @@ import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_PROVIDE
|
|||
*/
|
||||
public class BrokerTestTools {
|
||||
|
||||
public static String getAuthRoot(SuiteContext suiteContext) {
|
||||
return suiteContext.getAuthServerInfo().getContextRoot().toString();
|
||||
private static String providerRoot;
|
||||
private static String consumerRoot;
|
||||
|
||||
public static String getProviderRoot() {
|
||||
if (providerRoot == null) {
|
||||
// everything is identical to consumerRoot but the host (it's technically the same server instance)
|
||||
providerRoot = new URIBuilder(URI.create(getConsumerRoot()))
|
||||
.setHost(System.getProperty("auth.server.host2", AUTH_SERVER_HOST)).toString();
|
||||
}
|
||||
return providerRoot;
|
||||
}
|
||||
|
||||
public static String getConsumerRoot() {
|
||||
if (consumerRoot == null) {
|
||||
consumerRoot = AuthServerTestEnricher.getAuthServerContextRoot();
|
||||
}
|
||||
return consumerRoot;
|
||||
}
|
||||
|
||||
public static IdentityProviderRepresentation createIdentityProvider(String alias, String providerId) {
|
||||
|
|
@ -42,6 +60,8 @@ public class BrokerTestTools {
|
|||
}
|
||||
|
||||
public static void waitForPage(WebDriver driver, final String title, final boolean isHtmlTitle) {
|
||||
waitForPageToLoad();
|
||||
|
||||
WebDriverWait wait = new WebDriverWait(driver, 5);
|
||||
ExpectedCondition<Boolean> condition = (WebDriver input) -> isHtmlTitle ? input.getTitle().toLowerCase().contains(title) : PageUtils.getPageTitle(input).toLowerCase().contains(title);
|
||||
|
||||
|
|
@ -76,16 +96,15 @@ public class BrokerTestTools {
|
|||
* @param adminClient
|
||||
* @param childRealm
|
||||
* @param idpRealm
|
||||
* @param suiteContext
|
||||
*/
|
||||
public static void createKcOidcBroker(Keycloak adminClient, String childRealm, String idpRealm, SuiteContext suiteContext) {
|
||||
createKcOidcBroker(adminClient, childRealm, idpRealm, suiteContext, idpRealm, false);
|
||||
public static void createKcOidcBroker(Keycloak adminClient, String childRealm, String idpRealm) {
|
||||
createKcOidcBroker(adminClient, childRealm, idpRealm, idpRealm, false);
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
public static void createKcOidcBroker(Keycloak adminClient, String childRealm, String idpRealm, SuiteContext suiteContext, String alias, boolean linkOnly) {
|
||||
public static void createKcOidcBroker(Keycloak adminClient, String childRealm, String idpRealm, String alias, boolean linkOnly) {
|
||||
IdentityProviderRepresentation idp = createIdentityProvider(alias, IDP_OIDC_PROVIDER_ID);
|
||||
idp.setLinkOnly(linkOnly);
|
||||
idp.setStoreToken(true);
|
||||
|
|
@ -94,10 +113,10 @@ public class BrokerTestTools {
|
|||
|
||||
config.put("clientId", childRealm);
|
||||
config.put("clientSecret", childRealm);
|
||||
config.put("authorizationUrl", getAuthRoot(suiteContext) + "/auth/realms/" + idpRealm + "/protocol/openid-connect/auth");
|
||||
config.put("tokenUrl", getAuthRoot(suiteContext) + "/auth/realms/" + idpRealm + "/protocol/openid-connect/token");
|
||||
config.put("logoutUrl", getAuthRoot(suiteContext) + "/auth/realms/" + idpRealm + "/protocol/openid-connect/logout");
|
||||
config.put("userInfoUrl", getAuthRoot(suiteContext) + "/auth/realms/" + idpRealm + "/protocol/openid-connect/userinfo");
|
||||
config.put("authorizationUrl", getProviderRoot() + "/auth/realms/" + idpRealm + "/protocol/openid-connect/auth");
|
||||
config.put("tokenUrl", getProviderRoot() + "/auth/realms/" + idpRealm + "/protocol/openid-connect/token");
|
||||
config.put("logoutUrl", getProviderRoot() + "/auth/realms/" + idpRealm + "/protocol/openid-connect/logout");
|
||||
config.put("userInfoUrl", getProviderRoot() + "/auth/realms/" + idpRealm + "/protocol/openid-connect/userinfo");
|
||||
config.put("backchannelSupported", "true");
|
||||
adminClient.realm(childRealm).identityProviders().create(idp);
|
||||
|
||||
|
|
@ -107,10 +126,10 @@ public class BrokerTestTools {
|
|||
client.setSecret(childRealm);
|
||||
client.setEnabled(true);
|
||||
|
||||
client.setRedirectUris(Collections.singletonList(getAuthRoot(suiteContext) +
|
||||
client.setRedirectUris(Collections.singletonList(getConsumerRoot() +
|
||||
"/auth/realms/" + childRealm + "/broker/" + idpRealm + "/endpoint/*"));
|
||||
|
||||
client.setAdminUrl(getAuthRoot(suiteContext) +
|
||||
client.setAdminUrl(getConsumerRoot() +
|
||||
"/auth/realms/" + childRealm + "/broker/" + idpRealm + "/endpoint");
|
||||
adminClient.realm(idpRealm).clients().create(client);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import static org.hamcrest.Matchers.not;
|
|||
import static org.junit.Assert.assertThat;
|
||||
import static org.keycloak.models.IdentityProviderMapperSyncMode.FORCE;
|
||||
import static org.keycloak.models.IdentityProviderMapperSyncMode.IMPORT;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
import java.util.HashMap;
|
||||
|
||||
|
|
@ -87,7 +88,7 @@ public class HardcodedUserAttributeMapperTest extends AbstractIdentityProviderMa
|
|||
if (createAfterFirstLogin) {
|
||||
createMapperInIdp(idp, syncMode);
|
||||
}
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
if (user.getAttributes() != null) {
|
||||
user.setAttributes(new HashMap<>());
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ import static org.keycloak.models.IdentityProviderMapperSyncMode.LEGACY;
|
|||
import static org.keycloak.testsuite.broker.KcOidcBrokerConfiguration.HARDOCDED_CLAIM;
|
||||
import static org.keycloak.testsuite.broker.KcOidcBrokerConfiguration.HARDOCDED_VALUE;
|
||||
import static org.keycloak.testsuite.broker.KcOidcBrokerConfiguration.USER_INFO_CLAIM;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:external.martin.idel@bosch.io">Martin Idel</a>
|
||||
|
|
@ -113,7 +114,7 @@ public class JsonUserAttributeMapperTest extends AbstractIdentityProviderMapperT
|
|||
if (createAfterFirstLogin) {
|
||||
createGithubProviderMapper(idp, syncMode);
|
||||
}
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
if (!createAfterFirstLogin) {
|
||||
updateClaimSentToIDP(claim, updatedValue);
|
||||
|
|
|
|||
|
|
@ -43,6 +43,7 @@ import static org.junit.Assert.assertEquals;
|
|||
import static org.junit.Assert.assertNotEquals;
|
||||
import static org.keycloak.testsuite.admin.ApiUtil.createUserWithAdminClient;
|
||||
import static org.keycloak.testsuite.admin.ApiUtil.resetUserPassword;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
|
|
@ -76,7 +77,7 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
|
|||
log.debug("adding identity provider to realm " + bc.consumerRealmName());
|
||||
|
||||
RealmResource realm = adminClient.realm(bc.consumerRealmName());
|
||||
Response resp = realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext));
|
||||
Response resp = realm.identityProviders().create(bc.setUpIdentityProvider());
|
||||
resp.close();
|
||||
}
|
||||
|
||||
|
|
@ -96,7 +97,7 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
|
|||
logInAsUserInIDPForFirstTime();
|
||||
assertLoggedInAccountManagement();
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
// Rotate public keys on the parent broker
|
||||
rotateKeys();
|
||||
|
|
@ -105,7 +106,7 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
|
|||
logInAsUserInIDP();
|
||||
assertErrorPage("Unexpected error when authenticating with identity provider");
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
// Set time offset. New keys can be downloaded. Check that user is able to login.
|
||||
setTimeOffset(20);
|
||||
|
|
@ -144,7 +145,7 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
|
|||
logInAsUserInIDPForFirstTime();
|
||||
assertLoggedInAccountManagement();
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
// Rotate public keys on the parent broker
|
||||
rotateKeys();
|
||||
|
|
@ -153,7 +154,7 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
|
|||
logInAsUserInIDP();
|
||||
assertErrorPage("Unexpected error when authenticating with identity provider");
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
// Even after time offset is user not able to login, because it uses old key hardcoded in identityProvider config
|
||||
setTimeOffset(20);
|
||||
|
|
@ -180,7 +181,7 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
|
|||
logInAsUserInIDPForFirstTime();
|
||||
assertLoggedInAccountManagement();
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
// Set key id to an invalid one
|
||||
cfg.setPublicKeySignatureVerifierKeyId("invalid-key-id");
|
||||
|
|
@ -194,21 +195,21 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
|
|||
updateIdentityProvider(idpRep);
|
||||
logInAsUserInIDP();
|
||||
assertLoggedInAccountManagement();
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
// Set key id to empty
|
||||
cfg.setPublicKeySignatureVerifierKeyId("");
|
||||
updateIdentityProvider(idpRep);
|
||||
logInAsUserInIDP();
|
||||
assertLoggedInAccountManagement();
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
// Unset key id
|
||||
cfg.setPublicKeySignatureVerifierKeyId(null);
|
||||
updateIdentityProvider(idpRep);
|
||||
logInAsUserInIDP();
|
||||
assertLoggedInAccountManagement();
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -221,7 +222,7 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
|
|||
logInAsUserInIDPForFirstTime();
|
||||
assertLoggedInAccountManagement();
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
// Check that key is cached
|
||||
IdentityProviderRepresentation idpRep = getIdentityProvider();
|
||||
|
|
@ -246,7 +247,7 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
|
|||
logInAsUserInIDPForFirstTime();
|
||||
assertLoggedInAccountManagement();
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
// Check that key is cached
|
||||
IdentityProviderRepresentation idpRep = getIdentityProvider();
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import org.keycloak.testsuite.Assert;
|
|||
import java.util.List;
|
||||
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
public class KcOidcBrokerAcrParameterTest extends AbstractBrokerTest {
|
||||
|
||||
|
|
@ -20,7 +21,7 @@ public class KcOidcBrokerAcrParameterTest extends AbstractBrokerTest {
|
|||
|
||||
@Override
|
||||
protected void loginUser() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
driver.navigate().to(driver.getCurrentUrl() + "&" + ACR_VALUES + "=" + ACR_3);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ package org.keycloak.testsuite.broker;
|
|||
import org.keycloak.models.IdentityProviderSyncMode;
|
||||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
|
|
@ -22,10 +21,10 @@ public class KcOidcBrokerClientSecretBasicAuthTest extends AbstractBrokerTest {
|
|||
private class KcOidcBrokerConfigurationWithBasicAuthAuthentication extends KcOidcBrokerConfiguration {
|
||||
|
||||
@Override
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext, IdentityProviderSyncMode syncMode) {
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode syncMode) {
|
||||
IdentityProviderRepresentation idp = createIdentityProvider(IDP_OIDC_ALIAS, IDP_OIDC_PROVIDER_ID);
|
||||
Map<String, String> config = idp.getConfig();
|
||||
applyDefaultConfiguration(suiteContext, config, syncMode);
|
||||
applyDefaultConfiguration(config, syncMode);
|
||||
config.put("clientAuthMethod", OIDCLoginProtocol.CLIENT_SECRET_BASIC);
|
||||
return idp;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ import org.keycloak.models.IdentityProviderSyncMode;
|
|||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
|
||||
public class KcOidcBrokerClientSecretJwtTest extends AbstractBrokerTest {
|
||||
|
||||
|
|
@ -25,8 +24,8 @@ public class KcOidcBrokerClientSecretJwtTest extends AbstractBrokerTest {
|
|||
private class KcOidcBrokerConfigurationWithJWTAuthentication extends KcOidcBrokerConfiguration {
|
||||
|
||||
@Override
|
||||
public List<ClientRepresentation> createProviderClients(SuiteContext suiteContext) {
|
||||
List<ClientRepresentation> clientsRepList = super.createProviderClients(suiteContext);
|
||||
public List<ClientRepresentation> createProviderClients() {
|
||||
List<ClientRepresentation> clientsRepList = super.createProviderClients();
|
||||
log.info("Update provider clients to accept JWT authentication");
|
||||
for (ClientRepresentation client: clientsRepList) {
|
||||
client.setClientAuthenticatorType(JWTClientSecretAuthenticator.PROVIDER_ID);
|
||||
|
|
@ -36,10 +35,10 @@ public class KcOidcBrokerClientSecretJwtTest extends AbstractBrokerTest {
|
|||
}
|
||||
|
||||
@Override
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext, IdentityProviderSyncMode syncMode) {
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode syncMode) {
|
||||
IdentityProviderRepresentation idp = createIdentityProvider(IDP_OIDC_ALIAS, IDP_OIDC_PROVIDER_ID);
|
||||
Map<String, String> config = idp.getConfig();
|
||||
applyDefaultConfiguration(suiteContext, config, syncMode);
|
||||
applyDefaultConfiguration(config, syncMode);
|
||||
config.put("clientAuthMethod", OIDCLoginProtocol.CLIENT_SECRET_JWT);
|
||||
return idp;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ import org.keycloak.representations.idm.ClientRepresentation;
|
|||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
|
|
@ -56,18 +55,18 @@ public class KcOidcBrokerConfiguration implements BrokerConfiguration {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<ClientRepresentation> createProviderClients(SuiteContext suiteContext) {
|
||||
public List<ClientRepresentation> createProviderClients() {
|
||||
ClientRepresentation client = new ClientRepresentation();
|
||||
client.setId(CLIENT_ID);
|
||||
client.setClientId(getIDPClientIdInProviderRealm(suiteContext));
|
||||
client.setClientId(getIDPClientIdInProviderRealm());
|
||||
client.setName(CLIENT_ID);
|
||||
client.setSecret(CLIENT_SECRET);
|
||||
client.setEnabled(true);
|
||||
|
||||
client.setRedirectUris(Collections.singletonList(getAuthRoot(suiteContext) +
|
||||
client.setRedirectUris(Collections.singletonList(getConsumerRoot() +
|
||||
"/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint/*"));
|
||||
|
||||
client.setAdminUrl(getAuthRoot(suiteContext) +
|
||||
client.setAdminUrl(getConsumerRoot() +
|
||||
"/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint");
|
||||
|
||||
ProtocolMapperRepresentation emailMapper = new ProtocolMapperRepresentation();
|
||||
|
|
@ -154,7 +153,7 @@ public class KcOidcBrokerConfiguration implements BrokerConfiguration {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<ClientRepresentation> createConsumerClients(SuiteContext suiteContext) {
|
||||
public List<ClientRepresentation> createConsumerClients() {
|
||||
ClientRepresentation client = new ClientRepresentation();
|
||||
client.setId("broker-app");
|
||||
client.setClientId("broker-app");
|
||||
|
|
@ -163,34 +162,34 @@ public class KcOidcBrokerConfiguration implements BrokerConfiguration {
|
|||
client.setEnabled(true);
|
||||
client.setDirectAccessGrantsEnabled(true);
|
||||
|
||||
client.setRedirectUris(Collections.singletonList(getAuthRoot(suiteContext) +
|
||||
client.setRedirectUris(Collections.singletonList(getConsumerRoot() +
|
||||
"/auth/*"));
|
||||
|
||||
client.setBaseUrl(getAuthRoot(suiteContext) +
|
||||
client.setBaseUrl(getConsumerRoot() +
|
||||
"/auth/realms/" + REALM_CONS_NAME + "/app");
|
||||
|
||||
return Collections.singletonList(client);
|
||||
}
|
||||
|
||||
@Override
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext, IdentityProviderSyncMode syncMode) {
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode syncMode) {
|
||||
IdentityProviderRepresentation idp = createIdentityProvider(IDP_OIDC_ALIAS, IDP_OIDC_PROVIDER_ID);
|
||||
|
||||
Map<String, String> config = idp.getConfig();
|
||||
applyDefaultConfiguration(suiteContext, config, syncMode);
|
||||
applyDefaultConfiguration(config, syncMode);
|
||||
|
||||
return idp;
|
||||
}
|
||||
|
||||
protected void applyDefaultConfiguration(final SuiteContext suiteContext, final Map<String, String> config, IdentityProviderSyncMode syncMode) {
|
||||
protected void applyDefaultConfiguration(final Map<String, String> config, IdentityProviderSyncMode syncMode) {
|
||||
config.put(IdentityProviderModel.SYNC_MODE, syncMode.toString());
|
||||
config.put("clientId", CLIENT_ID);
|
||||
config.put("clientSecret", CLIENT_SECRET);
|
||||
config.put("prompt", "login");
|
||||
config.put("authorizationUrl", getAuthRoot(suiteContext) + "/auth/realms/" + REALM_PROV_NAME + "/protocol/openid-connect/auth");
|
||||
config.put("tokenUrl", getAuthRoot(suiteContext) + "/auth/realms/" + REALM_PROV_NAME + "/protocol/openid-connect/token");
|
||||
config.put("logoutUrl", getAuthRoot(suiteContext) + "/auth/realms/" + REALM_PROV_NAME + "/protocol/openid-connect/logout");
|
||||
config.put("userInfoUrl", getAuthRoot(suiteContext) + "/auth/realms/" + REALM_PROV_NAME + "/protocol/openid-connect/userinfo");
|
||||
config.put("authorizationUrl", getProviderRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/openid-connect/auth");
|
||||
config.put("tokenUrl", getProviderRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/openid-connect/token");
|
||||
config.put("logoutUrl", getProviderRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/openid-connect/logout");
|
||||
config.put("userInfoUrl", getProviderRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/openid-connect/userinfo");
|
||||
config.put("defaultScope", "email profile");
|
||||
config.put("backchannelSupported", "true");
|
||||
}
|
||||
|
|
@ -201,7 +200,7 @@ public class KcOidcBrokerConfiguration implements BrokerConfiguration {
|
|||
}
|
||||
|
||||
@Override
|
||||
public String getIDPClientIdInProviderRealm(SuiteContext suiteContext) {
|
||||
public String getIDPClientIdInProviderRealm() {
|
||||
return CLIENT_ID;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -17,7 +17,6 @@ import org.junit.Rule;
|
|||
import org.junit.Test;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
import org.keycloak.testsuite.util.ReverseProxy;
|
||||
|
||||
public final class KcOidcBrokerFrontendUrlTest extends AbstractBrokerTest {
|
||||
|
|
@ -42,8 +41,8 @@ public final class KcOidcBrokerFrontendUrlTest extends AbstractBrokerTest {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<ClientRepresentation> createProviderClients(SuiteContext suiteContext) {
|
||||
List<ClientRepresentation> clients = super.createProviderClients(suiteContext);
|
||||
public List<ClientRepresentation> createProviderClients() {
|
||||
List<ClientRepresentation> clients = super.createProviderClients();
|
||||
|
||||
List<String> redirectUris = new ArrayList<>();
|
||||
|
||||
|
|
|
|||
|
|
@ -23,10 +23,11 @@ import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
|||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
|
||||
import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_ALIAS;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_PROVIDER_ID;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.createIdentityProvider;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
/**
|
||||
* Migrated from old testsuite. Previous version by Pedro Igor.
|
||||
|
|
@ -44,11 +45,11 @@ public class KcOidcBrokerHiddenIdpHintTest extends AbstractInitializedBaseBroker
|
|||
private class KcOidcHiddenBrokerConfiguration extends KcOidcBrokerConfiguration {
|
||||
|
||||
@Override
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext, IdentityProviderSyncMode syncMode) {
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode syncMode) {
|
||||
IdentityProviderRepresentation idp = createIdentityProvider(IDP_OIDC_ALIAS, IDP_OIDC_PROVIDER_ID);
|
||||
|
||||
Map<String, String> config = idp.getConfig();
|
||||
applyDefaultConfiguration(suiteContext, config, syncMode);
|
||||
applyDefaultConfiguration(config, syncMode);
|
||||
config.put("hideOnLoginPage", "true");
|
||||
return idp;
|
||||
}
|
||||
|
|
@ -56,7 +57,7 @@ public class KcOidcBrokerHiddenIdpHintTest extends AbstractInitializedBaseBroker
|
|||
|
||||
@Test
|
||||
public void testSuccessfulRedirectToProviderHiddenOnLoginPage() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
waitForPage(driver, "log in to", true);
|
||||
String url = driver.getCurrentUrl() + "&kc_idp_hint=" + bc.getIDPAlias();
|
||||
driver.navigate().to(url);
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.keycloak.testsuite.broker;
|
|||
|
||||
import org.junit.Test;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
import org.keycloak.testsuite.Assert;
|
||||
|
||||
|
|
@ -36,7 +37,7 @@ public class KcOidcBrokerIdpHintTest extends AbstractInitializedBaseBrokerTest {
|
|||
|
||||
@Test
|
||||
public void testSuccessfulRedirect() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
waitForPage(driver, "log in to", true);
|
||||
String url = driver.getCurrentUrl() + "&kc_idp_hint=" + bc.getIDPAlias();
|
||||
driver.navigate().to(url);
|
||||
|
|
@ -54,7 +55,7 @@ public class KcOidcBrokerIdpHintTest extends AbstractInitializedBaseBrokerTest {
|
|||
// KEYCLOAK-5260
|
||||
@Test
|
||||
public void testSuccessfulRedirectToProviderAfterLoginPageShown() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
waitForPage(driver, "log in to", true);
|
||||
|
||||
String urlWithHint = driver.getCurrentUrl() + "&kc_idp_hint=" + bc.getIDPAlias();
|
||||
|
|
@ -70,7 +71,7 @@ public class KcOidcBrokerIdpHintTest extends AbstractInitializedBaseBrokerTest {
|
|||
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
||||
|
||||
// redirect shouldn't happen
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
waitForPage(driver, "log in to", true);
|
||||
Assert.assertTrue("Driver should be on the consumer realm page",
|
||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
||||
|
|
@ -78,7 +79,7 @@ public class KcOidcBrokerIdpHintTest extends AbstractInitializedBaseBrokerTest {
|
|||
|
||||
@Test
|
||||
public void testInvalidIdentityProviderHint() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
waitForPage(driver, "log in to", true);
|
||||
String url = driver.getCurrentUrl() + "&kc_idp_hint=bogus-idp";
|
||||
driver.navigate().to(url);
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import static org.keycloak.testsuite.broker.BrokerTestConstants.USER_EMAIL;
|
|||
import static org.keycloak.testsuite.broker.BrokerTestTools.createIdentityProvider;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.UserResource;
|
||||
|
|
@ -17,7 +18,6 @@ import org.keycloak.models.IdentityProviderSyncMode;
|
|||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
import org.keycloak.testsuite.updaters.Creator;
|
||||
import org.keycloak.testsuite.util.UserBuilder;
|
||||
|
||||
|
|
@ -31,11 +31,11 @@ public class KcOidcBrokerLoginHintTest extends AbstractBrokerTest {
|
|||
private class KcOidcBrokerConfigurationWithLoginHint extends KcOidcBrokerConfiguration {
|
||||
|
||||
@Override
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext, IdentityProviderSyncMode syncMode) {
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode syncMode) {
|
||||
IdentityProviderRepresentation idp = createIdentityProvider(IDP_OIDC_ALIAS, IDP_OIDC_PROVIDER_ID);
|
||||
|
||||
Map<String, String> config = idp.getConfig();
|
||||
applyDefaultConfiguration(suiteContext, config, syncMode);
|
||||
applyDefaultConfiguration(config, syncMode);
|
||||
config.put("loginHint", "true");
|
||||
return idp;
|
||||
}
|
||||
|
|
@ -43,7 +43,7 @@ public class KcOidcBrokerLoginHintTest extends AbstractBrokerTest {
|
|||
|
||||
@Override
|
||||
protected void loginUser() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
driver.navigate().to(driver.getCurrentUrl() + "&login_hint=" + USER_EMAIL);
|
||||
|
||||
|
|
@ -99,7 +99,7 @@ public class KcOidcBrokerLoginHintTest extends AbstractBrokerTest {
|
|||
.enabled(true)
|
||||
.build()
|
||||
)) {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
waitForPageToLoad();
|
||||
driver.navigate().to(driver.getCurrentUrl() + "&login_hint=" + USER_EMAIL + "&kc_idp_hint=" + IDP_OIDC_ALIAS);
|
||||
waitForPageToLoad();
|
||||
|
|
|
|||
|
|
@ -16,8 +16,9 @@ import static org.keycloak.testsuite.admin.ApiUtil.createUserWithAdminClient;
|
|||
import static org.keycloak.testsuite.admin.ApiUtil.resetUserPassword;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestConstants.REALM_CONS_NAME;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestConstants.REALM_PROV_NAME;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getAuthRoot;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot;
|
||||
|
||||
public class KcOidcBrokerLogoutTest extends AbstractBaseBrokerTest {
|
||||
|
||||
|
|
@ -50,7 +51,7 @@ public class KcOidcBrokerLogoutTest extends AbstractBaseBrokerTest {
|
|||
log.debug("adding identity provider to realm " + bc.consumerRealmName());
|
||||
|
||||
final RealmResource realm = adminClient.realm(bc.consumerRealmName());
|
||||
realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext)).close();
|
||||
realm.identityProviders().create(bc.setUpIdentityProvider()).close();
|
||||
}
|
||||
|
||||
@Before
|
||||
|
|
@ -63,8 +64,8 @@ public class KcOidcBrokerLogoutTest extends AbstractBaseBrokerTest {
|
|||
logInAsUserInIDPForFirstTime();
|
||||
assertLoggedInAccountManagement();
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
driver.navigate().to(getAccountUrl(REALM_PROV_NAME));
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
driver.navigate().to(getAccountUrl(getProviderRoot(), REALM_PROV_NAME));
|
||||
waitForPage(driver, "log in to provider", true);
|
||||
}
|
||||
|
||||
|
|
@ -73,8 +74,8 @@ public class KcOidcBrokerLogoutTest extends AbstractBaseBrokerTest {
|
|||
logInAsUserInIDPForFirstTime();
|
||||
assertLoggedInAccountManagement();
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName(), "kc-oidc-idp");
|
||||
driver.navigate().to(getAccountUrl(REALM_PROV_NAME));
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName(), "kc-oidc-idp");
|
||||
driver.navigate().to(getAccountUrl(getProviderRoot(), REALM_PROV_NAME));
|
||||
|
||||
waitForAccountManagementTitle();
|
||||
}
|
||||
|
|
@ -84,14 +85,14 @@ public class KcOidcBrokerLogoutTest extends AbstractBaseBrokerTest {
|
|||
logInAsUserInIDPForFirstTime();
|
||||
assertLoggedInAccountManagement();
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName(), "something-else");
|
||||
driver.navigate().to(getAccountUrl(REALM_PROV_NAME));
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName(), "something-else");
|
||||
driver.navigate().to(getAccountUrl(getProviderRoot(), REALM_PROV_NAME));
|
||||
waitForPage(driver, "log in to provider", true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void logoutAfterBrowserRestart() {
|
||||
driver.navigate().to(getLoginUrl(bc.consumerRealmName(), "broker-app"));
|
||||
driver.navigate().to(getLoginUrl(getConsumerRoot(), bc.consumerRealmName(), "broker-app"));
|
||||
logInWithBroker(bc);
|
||||
updateAccountInformation();
|
||||
|
||||
|
|
@ -99,7 +100,7 @@ public class KcOidcBrokerLogoutTest extends AbstractBaseBrokerTest {
|
|||
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
|
||||
OAuthClient.AccessTokenResponse response = oauth.realm(bc.consumerRealmName())
|
||||
.clientId("broker-app")
|
||||
.redirectUri(getAuthRoot(suiteContext) + "/auth/realms/" + REALM_CONS_NAME + "/app")
|
||||
.redirectUri(getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/app")
|
||||
.doAccessTokenRequest(code, "broker-app-secret");
|
||||
assertEquals(200, response.getStatusCode());
|
||||
|
||||
|
|
@ -111,8 +112,8 @@ public class KcOidcBrokerLogoutTest extends AbstractBaseBrokerTest {
|
|||
driver.manage().deleteCookieNamed(AuthenticationManager.KEYCLOAK_IDENTITY_COOKIE);
|
||||
driver.manage().deleteCookieNamed(AuthenticationManager.KEYCLOAK_IDENTITY_COOKIE + CookieHelper.LEGACY_COOKIE);
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName(), null, idToken);
|
||||
driver.navigate().to(getAccountUrl(REALM_PROV_NAME));
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName(), null, idToken);
|
||||
driver.navigate().to(getAccountUrl(getProviderRoot(), REALM_PROV_NAME));
|
||||
|
||||
waitForPage(driver, "log in to provider", true);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,13 +8,13 @@ import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_PROVIDE
|
|||
import static org.keycloak.testsuite.broker.BrokerTestConstants.USER_EMAIL;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.createIdentityProvider;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.keycloak.admin.client.resource.UsersResource;
|
||||
import org.keycloak.models.IdentityProviderSyncMode;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
|
||||
public class KcOidcBrokerNoLoginHintTest extends AbstractBrokerTest {
|
||||
|
||||
|
|
@ -26,11 +26,11 @@ public class KcOidcBrokerNoLoginHintTest extends AbstractBrokerTest {
|
|||
private class KcOidcBrokerConfigurationWithNoLoginHint extends KcOidcBrokerConfiguration {
|
||||
|
||||
@Override
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext, IdentityProviderSyncMode syncMode) {
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode syncMode) {
|
||||
IdentityProviderRepresentation idp = createIdentityProvider(IDP_OIDC_ALIAS, IDP_OIDC_PROVIDER_ID);
|
||||
|
||||
Map<String, String> config = idp.getConfig();
|
||||
applyDefaultConfiguration(suiteContext, config, syncMode);
|
||||
applyDefaultConfiguration(config, syncMode);
|
||||
config.put("loginHint", "false");
|
||||
return idp;
|
||||
}
|
||||
|
|
@ -38,7 +38,7 @@ public class KcOidcBrokerNoLoginHintTest extends AbstractBrokerTest {
|
|||
|
||||
@Override
|
||||
protected void loginUser() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
driver.navigate().to(driver.getCurrentUrl() + "&login_hint=" + USER_EMAIL);
|
||||
|
||||
|
|
|
|||
|
|
@ -1,26 +1,18 @@
|
|||
package org.keycloak.testsuite.broker;
|
||||
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.jose.jws.JWSInput;
|
||||
import org.keycloak.jose.jws.JWSInputException;
|
||||
import org.keycloak.representations.IDToken;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.testsuite.util.ClientBuilder;
|
||||
import org.keycloak.testsuite.util.OAuthClient;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.junit.Assert;
|
||||
import org.junit.Ignore;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.OAuth2Constants;
|
||||
import org.keycloak.admin.client.resource.UsersResource;
|
||||
import org.keycloak.jose.jws.JWSInput;
|
||||
import org.keycloak.jose.jws.JWSInputException;
|
||||
import org.keycloak.representations.AccessToken;
|
||||
import org.keycloak.representations.IDToken;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.services.managers.AuthenticationManager;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
import org.keycloak.testsuite.util.ClientBuilder;
|
||||
import org.keycloak.testsuite.util.OAuthClient;
|
||||
import org.openqa.selenium.Cookie;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
public class KcOidcBrokerNonceParameterTest extends AbstractBrokerTest {
|
||||
|
||||
|
|
@ -28,12 +20,12 @@ public class KcOidcBrokerNonceParameterTest extends AbstractBrokerTest {
|
|||
protected BrokerConfiguration getBrokerConfiguration() {
|
||||
return new KcOidcBrokerConfiguration() {
|
||||
@Override
|
||||
public List<ClientRepresentation> createConsumerClients(SuiteContext suiteContext) {
|
||||
List<ClientRepresentation> clients = new ArrayList<>(super.createConsumerClients(suiteContext));
|
||||
public List<ClientRepresentation> createConsumerClients() {
|
||||
List<ClientRepresentation> clients = new ArrayList<>(super.createConsumerClients());
|
||||
|
||||
clients.add(ClientBuilder.create().clientId("consumer-client")
|
||||
.publicClient()
|
||||
.redirectUris("http://localhost:8180/auth/realms/master/app/auth/*", "https://localhost:8543/auth/realms/master/app/auth/*")
|
||||
.redirectUris(getConsumerRoot() + "/auth/realms/master/app/auth/*")
|
||||
.publicClient().build());
|
||||
|
||||
return clients;
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_ALIAS;
|
|||
import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_PROVIDER_ID;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.createIdentityProvider;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
|
@ -15,7 +16,6 @@ import org.keycloak.models.IdentityProviderSyncMode;
|
|||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
|
||||
public class KcOidcBrokerParameterForwardTest extends AbstractBrokerTest {
|
||||
|
||||
|
|
@ -32,10 +32,10 @@ public class KcOidcBrokerParameterForwardTest extends AbstractBrokerTest {
|
|||
private class KcOidcBrokerConfigurationWithParameterForward extends KcOidcBrokerConfiguration {
|
||||
|
||||
@Override
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext, IdentityProviderSyncMode syncMode) {
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode syncMode) {
|
||||
IdentityProviderRepresentation idp = createIdentityProvider(IDP_OIDC_ALIAS, IDP_OIDC_PROVIDER_ID);
|
||||
Map<String, String> config = idp.getConfig();
|
||||
applyDefaultConfiguration(suiteContext, config, syncMode);
|
||||
applyDefaultConfiguration(config, syncMode);
|
||||
config.put("forwardParameters", FORWARDED_PARAMETER +", " + PARAMETER_NOT_SET);
|
||||
return idp;
|
||||
}
|
||||
|
|
@ -43,7 +43,7 @@ public class KcOidcBrokerParameterForwardTest extends AbstractBrokerTest {
|
|||
|
||||
@Override
|
||||
protected void loginUser() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
String queryString = "&" + FORWARDED_PARAMETER + "=" + FORWARDED_PARAMETER_VALUE + "&" + PARAMETER_NOT_FORWARDED + "=" + "value";
|
||||
driver.navigate().to(driver.getCurrentUrl() + queryString);
|
||||
|
|
|
|||
|
|
@ -23,7 +23,6 @@ import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
|||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.KeysMetadataRepresentation.KeyMetadataRepresentation;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
import org.keycloak.testsuite.util.KeyUtils;
|
||||
|
||||
import java.util.HashMap;
|
||||
|
|
@ -44,8 +43,8 @@ public class KcOidcBrokerPrivateKeyJwtTest extends AbstractBrokerTest {
|
|||
private class KcOidcBrokerConfigurationWithJWTAuthentication extends KcOidcBrokerConfiguration {
|
||||
|
||||
@Override
|
||||
public List<ClientRepresentation> createProviderClients(SuiteContext suiteContext) {
|
||||
List<ClientRepresentation> clientsRepList = super.createProviderClients(suiteContext);
|
||||
public List<ClientRepresentation> createProviderClients() {
|
||||
List<ClientRepresentation> clientsRepList = super.createProviderClients();
|
||||
log.info("Update provider clients to accept JWT authentication");
|
||||
KeyMetadataRepresentation keyRep = KeyUtils.getActiveKey(adminClient.realm(consumerRealmName()).keys().getKeyMetadata(), Algorithm.RS256);
|
||||
for (ClientRepresentation client: clientsRepList) {
|
||||
|
|
@ -59,10 +58,10 @@ public class KcOidcBrokerPrivateKeyJwtTest extends AbstractBrokerTest {
|
|||
}
|
||||
|
||||
@Override
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext, IdentityProviderSyncMode syncMode) {
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode syncMode) {
|
||||
IdentityProviderRepresentation idp = createIdentityProvider(IDP_OIDC_ALIAS, IDP_OIDC_PROVIDER_ID);
|
||||
Map<String, String> config = idp.getConfig();
|
||||
applyDefaultConfiguration(suiteContext, config, syncMode);
|
||||
applyDefaultConfiguration(config, syncMode);
|
||||
config.put("clientSecret", null);
|
||||
config.put("clientAuthMethod", OIDCLoginProtocol.PRIVATE_KEY_JWT);
|
||||
return idp;
|
||||
|
|
|
|||
|
|
@ -21,12 +21,10 @@ import java.util.Map;
|
|||
|
||||
import org.junit.Test;
|
||||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
import org.keycloak.models.IdentityProviderModel;
|
||||
import org.keycloak.models.IdentityProviderSyncMode;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
import org.keycloak.testsuite.util.UserBuilder;
|
||||
|
||||
import static org.keycloak.testsuite.admin.ApiUtil.createUserWithAdminClient;
|
||||
|
|
@ -35,6 +33,8 @@ import static org.keycloak.testsuite.broker.BrokerRunOnServerUtil.configurePostB
|
|||
import static org.keycloak.testsuite.broker.BrokerTestConstants.CLIENT_ID;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestConstants.USER_EMAIL;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot;
|
||||
|
||||
/**
|
||||
* This class tests the propagation of the {@code prompt=none} request parameter to a default IDP (if one has been specified)
|
||||
|
|
@ -65,7 +65,7 @@ public class KcOidcBrokerPromptNoneRedirectTest extends AbstractInitializedBaseB
|
|||
/* now send an auth request to the consumer realm including both the kc_idp_hint (to identify the default provider) and prompt=none.
|
||||
The presence of the default provider should cause the request with prompt=none to be propagated to the idp instead of resulting
|
||||
in a login required error because the user is not yet authenticated in the consumer realm. */
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
waitForPage(driver, "log in to", true);
|
||||
String url = driver.getCurrentUrl() + "&kc_idp_hint=" + bc.getIDPAlias() + "&prompt=none";
|
||||
driver.navigate().to(url);
|
||||
|
|
@ -79,8 +79,8 @@ public class KcOidcBrokerPromptNoneRedirectTest extends AbstractInitializedBaseB
|
|||
/* let's try logging out from the consumer realm and then send an auth request with only prompt=none. The absence of a default idp
|
||||
should result in a login required error because the user is not authenticated in the consumer realm and the request won't be propagated
|
||||
all the way to the idp where the user is authenticated. */
|
||||
logoutFromRealm(bc.consumerRealmName(), bc.getIDPAlias());
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName(), bc.getIDPAlias());
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
waitForPage(driver, "log in to", true);
|
||||
url = driver.getCurrentUrl() + "&prompt=none";
|
||||
driver.navigate().to(url);
|
||||
|
|
@ -98,7 +98,7 @@ public class KcOidcBrokerPromptNoneRedirectTest extends AbstractInitializedBaseB
|
|||
/* try sending an auth request to the consumer realm with prompt=none. As we have no user authenticated in both
|
||||
the consumer realm and the IDP, the IDP should return an error=login_required to the broker and the broker must
|
||||
in turn return the same error to the client. */
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
waitForPage(driver, "log in to", true);
|
||||
String url = driver.getCurrentUrl() + "&prompt=none&kc_idp_hint=" + bc.getIDPAlias();
|
||||
driver.navigate().to(url);
|
||||
|
|
@ -200,7 +200,7 @@ public class KcOidcBrokerPromptNoneRedirectTest extends AbstractInitializedBaseB
|
|||
authenticateDirectlyInIDP();
|
||||
|
||||
/* send an auth request to the consumer realm with prompt=none and a default provider. */
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
waitForPage(driver, "log in to", true);
|
||||
String url = driver.getCurrentUrl() + "&kc_idp_hint=" + bc.getIDPAlias() + "&prompt=none";
|
||||
driver.navigate().to(url);
|
||||
|
|
@ -211,7 +211,7 @@ public class KcOidcBrokerPromptNoneRedirectTest extends AbstractInitializedBaseB
|
|||
* Authenticates the broker user directly in the IDP to establish a valid authenticated session there.
|
||||
*/
|
||||
protected void authenticateDirectlyInIDP() {
|
||||
driver.navigate().to(getAccountUrl(bc.providerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getProviderRoot(), bc.providerRealmName()));
|
||||
waitForPage(driver, "log in to", true);
|
||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
||||
|
|
@ -229,8 +229,8 @@ public class KcOidcBrokerPromptNoneRedirectTest extends AbstractInitializedBaseB
|
|||
* auth requests with {@code prompt=none}.
|
||||
*/
|
||||
@Override
|
||||
protected void applyDefaultConfiguration(final SuiteContext suiteContext, final Map<String, String> config, IdentityProviderSyncMode syncMode) {
|
||||
super.applyDefaultConfiguration(suiteContext, config, syncMode);
|
||||
protected void applyDefaultConfiguration(final Map<String, String> config, IdentityProviderSyncMode syncMode) {
|
||||
super.applyDefaultConfiguration(config, syncMode);
|
||||
config.remove("prompt");
|
||||
config.put("acceptsPromptNoneForwardFromClient", "true");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,12 +5,12 @@ import org.keycloak.models.IdentityProviderSyncMode;
|
|||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
public class KcOidcBrokerPromptParameterTest extends AbstractBrokerTest {
|
||||
|
||||
|
|
@ -25,7 +25,7 @@ public class KcOidcBrokerPromptParameterTest extends AbstractBrokerTest {
|
|||
|
||||
@Override
|
||||
protected void loginUser() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
driver.navigate().to(driver.getCurrentUrl() + "&" + OIDCLoginProtocol.PROMPT_PARAM + "=" + PROMPT_CONSENT);
|
||||
|
||||
|
|
@ -77,8 +77,8 @@ public class KcOidcBrokerPromptParameterTest extends AbstractBrokerTest {
|
|||
|
||||
private class KcOidcBrokerConfiguration2 extends KcOidcBrokerConfiguration {
|
||||
@Override
|
||||
protected void applyDefaultConfiguration(final SuiteContext suiteContext, final Map<String, String> config, IdentityProviderSyncMode syncMode) {
|
||||
super.applyDefaultConfiguration(suiteContext, config, syncMode);
|
||||
protected void applyDefaultConfiguration(final Map<String, String> config, IdentityProviderSyncMode syncMode) {
|
||||
super.applyDefaultConfiguration(config, syncMode);
|
||||
config.remove("prompt");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,22 +1,16 @@
|
|||
package org.keycloak.testsuite.broker;
|
||||
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.util.ProtocolMapperUtil.createHardcodedClaim;
|
||||
import org.junit.Ignore;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
|
||||
import org.keycloak.testsuite.util.ClientBuilder;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.junit.Assert;
|
||||
import org.junit.Ignore;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.jose.jws.JWSInput;
|
||||
import org.keycloak.jose.jws.JWSInputException;
|
||||
import org.keycloak.representations.IDToken;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
import org.keycloak.testsuite.util.ClientBuilder;
|
||||
import org.keycloak.testsuite.util.OAuthClient;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.util.ProtocolMapperUtil.createHardcodedClaim;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
public class KcOidcBrokerSubMatchIntrospectionest extends AbstractBrokerTest {
|
||||
|
||||
|
|
@ -24,20 +18,20 @@ public class KcOidcBrokerSubMatchIntrospectionest extends AbstractBrokerTest {
|
|||
protected BrokerConfiguration getBrokerConfiguration() {
|
||||
return new KcOidcBrokerConfiguration() {
|
||||
@Override
|
||||
public List<ClientRepresentation> createConsumerClients(SuiteContext suiteContext) {
|
||||
List<ClientRepresentation> clients = new ArrayList<>(super.createConsumerClients(suiteContext));
|
||||
public List<ClientRepresentation> createConsumerClients() {
|
||||
List<ClientRepresentation> clients = new ArrayList<>(super.createConsumerClients());
|
||||
|
||||
clients.add(ClientBuilder.create().clientId("consumer-client")
|
||||
.publicClient()
|
||||
.redirectUris("http://localhost:8180/auth/realms/master/app/auth/*", "https://localhost:8543/auth/realms/master/app/auth/*")
|
||||
.redirectUris(getConsumerRoot() + "/auth/realms/master/app/auth/*")
|
||||
.publicClient().build());
|
||||
|
||||
return clients;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<ClientRepresentation> createProviderClients(SuiteContext suiteContext) {
|
||||
List<ClientRepresentation> clients = super.createProviderClients(suiteContext);
|
||||
public List<ClientRepresentation> createProviderClients() {
|
||||
List<ClientRepresentation> clients = super.createProviderClients();
|
||||
List<ProtocolMapperRepresentation> mappers = new ArrayList<>();
|
||||
|
||||
mappers.add(createHardcodedClaim("sub-override", "sub", "overriden", "String", true, true));
|
||||
|
|
@ -51,7 +45,7 @@ public class KcOidcBrokerSubMatchIntrospectionest extends AbstractBrokerTest {
|
|||
|
||||
@Override
|
||||
public void testLogInAsUserInIDP() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
oauth.realm(bc.consumerRealmName());
|
||||
oauth.clientId("consumer-client");
|
||||
|
|
|
|||
|
|
@ -36,9 +36,10 @@ import static org.junit.Assert.assertThat;
|
|||
import static org.keycloak.testsuite.admin.ApiUtil.removeUserByUsername;
|
||||
import static org.keycloak.testsuite.broker.BrokerRunOnServerUtil.configurePostBrokerLoginWithOTP;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestConstants.REALM_PROV_NAME;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getAuthRoot;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.util.ProtocolMapperUtil.createHardcodedClaim;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot;
|
||||
|
||||
/**
|
||||
* Final class as it's not intended to be overriden. Feel free to remove "final" if you really know what you are doing.
|
||||
|
|
@ -113,7 +114,7 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
assertThat(currentRoles, hasItems(ROLE_MANAGER));
|
||||
assertThat(currentRoles, not(hasItems(ROLE_USER)));
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
|
||||
userResource.roles().realmLevel().add(Collections.singletonList(userRole));
|
||||
|
|
@ -126,8 +127,8 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
assertThat(currentRoles, hasItems(ROLE_MANAGER));
|
||||
assertThat(currentRoles, not(hasItems(ROLE_USER)));
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(bc.providerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -140,14 +141,14 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
IdentityProviderResource identityProviderResource = realmsResouce().realm(bc.consumerRealmName()).identityProviders().get(bc.getIDPAlias());
|
||||
IdentityProviderRepresentation idp = identityProviderResource.toRepresentation();
|
||||
|
||||
idp.getConfig().put(OIDCIdentityProviderConfig.JWKS_URL, getAuthRoot(suiteContext) + "/auth/realms/" + REALM_PROV_NAME + "/protocol/openid-connect/certs");
|
||||
idp.getConfig().put(OIDCIdentityProviderConfig.JWKS_URL, getProviderRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/openid-connect/certs");
|
||||
identityProviderResource.update(idp);
|
||||
|
||||
brokerApp.getAttributes().put(OIDCConfigAttributes.USER_INFO_RESPONSE_SIGNATURE_ALG, Algorithm.RS256);
|
||||
brokerApp.getAttributes().put("validateSignature", Boolean.TRUE.toString());
|
||||
clients.get(brokerApp.getId()).update(brokerApp);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
waitForPage(driver, "update account information", false);
|
||||
|
|
@ -221,8 +222,8 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
@Test
|
||||
public void testReauthenticationSamlBrokerWithOTPRequired() throws Exception {
|
||||
KcSamlBrokerConfiguration samlBrokerConfig = KcSamlBrokerConfiguration.INSTANCE;
|
||||
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients(suiteContext).get(0);
|
||||
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider(suiteContext);
|
||||
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients().get(0);
|
||||
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider();
|
||||
RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
|
||||
|
||||
try {
|
||||
|
|
@ -230,14 +231,14 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
|
||||
consumerRealm.identityProviders().create(samlBroker);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
testingClient.server(bc.consumerRealmName()).run(configurePostBrokerLoginWithOTP(samlBrokerConfig.getIDPAlias()));
|
||||
logInWithBroker(samlBrokerConfig);
|
||||
|
||||
totpPage.assertCurrent();
|
||||
String totpSecret = totpPage.getTotpSecret();
|
||||
totpPage.configure(totp.generateTOTP(totpSecret));
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
logInWithBroker(bc);
|
||||
|
||||
|
|
@ -263,8 +264,8 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
@Test
|
||||
public void testReauthenticationOIDCBrokerWithOTPRequired() throws Exception {
|
||||
KcSamlBrokerConfiguration samlBrokerConfig = KcSamlBrokerConfiguration.INSTANCE;
|
||||
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients(suiteContext).get(0);
|
||||
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider(suiteContext);
|
||||
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients().get(0);
|
||||
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider();
|
||||
RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
|
||||
|
||||
try {
|
||||
|
|
@ -272,9 +273,9 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
|
||||
consumerRealm.identityProviders().create(samlBroker);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(samlBrokerConfig);
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
testingClient.server(bc.consumerRealmName()).run(configurePostBrokerLoginWithOTP(bc.getIDPAlias()));
|
||||
logInWithBroker(bc);
|
||||
|
|
@ -282,7 +283,7 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
waitForPage(driver, "account already exists", false);
|
||||
idpConfirmLinkPage.assertCurrent();
|
||||
idpConfirmLinkPage.clickLinkAccount();
|
||||
logoutFromRealm(bc.providerRealmName());
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
|
||||
driver.navigate().back();
|
||||
logInWithBroker(samlBrokerConfig);
|
||||
|
|
@ -290,7 +291,7 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
totpPage.assertCurrent();
|
||||
String totpSecret = totpPage.getTotpSecret();
|
||||
totpPage.configure(totp.generateTOTP(totpSecret));
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
assertNumFederatedIdentities(consumerRealm.users().search(samlBrokerConfig.getUserLogin()).get(0).getId(), 2);
|
||||
} finally {
|
||||
|
|
@ -305,8 +306,8 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
@Test
|
||||
public void testReauthenticationBothBrokersWithOTPRequired() throws Exception {
|
||||
KcSamlBrokerConfiguration samlBrokerConfig = KcSamlBrokerConfiguration.INSTANCE;
|
||||
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients(suiteContext).get(0);
|
||||
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider(suiteContext);
|
||||
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients().get(0);
|
||||
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider();
|
||||
RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
|
||||
|
||||
try {
|
||||
|
|
@ -314,13 +315,13 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
|
||||
consumerRealm.identityProviders().create(samlBroker);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
testingClient.server(bc.consumerRealmName()).run(configurePostBrokerLoginWithOTP(samlBrokerConfig.getIDPAlias()));
|
||||
logInWithBroker(samlBrokerConfig);
|
||||
totpPage.assertCurrent();
|
||||
String totpSecret = totpPage.getTotpSecret();
|
||||
totpPage.configure(totp.generateTOTP(totpSecret));
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
testingClient.server(bc.consumerRealmName()).run(configurePostBrokerLoginWithOTP(bc.getIDPAlias()));
|
||||
logInWithBroker(bc);
|
||||
|
|
@ -328,15 +329,15 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
waitForPage(driver, "account already exists", false);
|
||||
idpConfirmLinkPage.assertCurrent();
|
||||
idpConfirmLinkPage.clickLinkAccount();
|
||||
logoutFromRealm(bc.providerRealmName());
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
|
||||
driver.navigate().back();
|
||||
logInWithBroker(samlBrokerConfig);
|
||||
|
||||
loginTotpPage.assertCurrent();
|
||||
loginTotpPage.login(totp.generateTOTP(totpSecret));
|
||||
logoutFromRealm(bc.providerRealmName());
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
logInWithBroker(bc);
|
||||
|
||||
|
|
@ -355,8 +356,8 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
@Test
|
||||
public void testInvalidIssuedFor() {
|
||||
loginUser();
|
||||
logoutFromRealm(bc.providerRealmName());
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
log.debug("Clicking social " + bc.getIDPAlias());
|
||||
loginPage.clickSocial(bc.getIDPAlias());
|
||||
|
|
@ -376,8 +377,8 @@ public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
@Test
|
||||
public void testInvalidAudience() {
|
||||
loginUser();
|
||||
logoutFromRealm(bc.providerRealmName());
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
log.debug("Clicking social " + bc.getIDPAlias());
|
||||
loginPage.clickSocial(bc.getIDPAlias());
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ import org.keycloak.models.IdentityProviderSyncMode;
|
|||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
|
@ -18,6 +17,7 @@ import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_ALIAS;
|
|||
import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_PROVIDER_ID;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.createIdentityProvider;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
public class KcOidcBrokerUiLocalesDisabledTest extends AbstractBrokerTest {
|
||||
|
||||
|
|
@ -29,10 +29,10 @@ public class KcOidcBrokerUiLocalesDisabledTest extends AbstractBrokerTest {
|
|||
private class KcOidcBrokerConfigurationWithUiLocalesDisabled extends KcOidcBrokerConfiguration {
|
||||
|
||||
@Override
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext, IdentityProviderSyncMode syncMode) {
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode syncMode) {
|
||||
IdentityProviderRepresentation idp = createIdentityProvider(IDP_OIDC_ALIAS, IDP_OIDC_PROVIDER_ID);
|
||||
Map<String, String> config = idp.getConfig();
|
||||
applyDefaultConfiguration(suiteContext, config, syncMode);
|
||||
applyDefaultConfiguration(config, syncMode);
|
||||
config.put("uiLocales", "false");
|
||||
return idp;
|
||||
}
|
||||
|
|
@ -40,7 +40,7 @@ public class KcOidcBrokerUiLocalesDisabledTest extends AbstractBrokerTest {
|
|||
|
||||
@Override
|
||||
protected void loginUser() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
driver.navigate().to(driver.getCurrentUrl());
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ import org.keycloak.models.IdentityProviderSyncMode;
|
|||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
|
@ -17,6 +16,7 @@ import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_ALIAS;
|
|||
import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_PROVIDER_ID;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.createIdentityProvider;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
public class KcOidcBrokerUiLocalesEnabledTest extends AbstractBrokerTest {
|
||||
|
||||
|
|
@ -28,10 +28,10 @@ public class KcOidcBrokerUiLocalesEnabledTest extends AbstractBrokerTest {
|
|||
private class KcOidcBrokerConfigurationWithUiLocalesEnabled extends KcOidcBrokerConfiguration {
|
||||
|
||||
@Override
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext, IdentityProviderSyncMode syncMode) {
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode syncMode) {
|
||||
IdentityProviderRepresentation idp = createIdentityProvider(IDP_OIDC_ALIAS, IDP_OIDC_PROVIDER_ID);
|
||||
Map<String, String> config = idp.getConfig();
|
||||
applyDefaultConfiguration(suiteContext, config, syncMode);
|
||||
applyDefaultConfiguration(config, syncMode);
|
||||
config.put("uiLocales", "true");
|
||||
return idp;
|
||||
}
|
||||
|
|
@ -39,7 +39,7 @@ public class KcOidcBrokerUiLocalesEnabledTest extends AbstractBrokerTest {
|
|||
|
||||
@Override
|
||||
protected void loginUser() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
driver.navigate().to(driver.getCurrentUrl());
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@ package org.keycloak.testsuite.broker;
|
|||
|
||||
import org.keycloak.models.IdentityProviderSyncMode;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
|
||||
import static org.keycloak.testsuite.broker.BrokerTestConstants.VAULT_CLIENT_SECRET;
|
||||
|
||||
|
|
@ -14,8 +13,8 @@ public class KcOidcBrokerVaultConfiguration extends KcOidcBrokerConfiguration {
|
|||
public static final KcOidcBrokerVaultConfiguration INSTANCE = new KcOidcBrokerVaultConfiguration();
|
||||
|
||||
@Override
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext, IdentityProviderSyncMode syncMode) {
|
||||
IdentityProviderRepresentation idpRep = super.setUpIdentityProvider(suiteContext, syncMode);
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode syncMode) {
|
||||
IdentityProviderRepresentation idpRep = super.setUpIdentityProvider(syncMode);
|
||||
|
||||
idpRep.getConfig().put("clientSecret", VAULT_CLIENT_SECRET);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package org.keycloak.testsuite.broker;
|
|||
import static org.junit.Assert.assertEquals;
|
||||
import static org.keycloak.testsuite.broker.BrokerRunOnServerUtil.removeBrokerExpiredSessions;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
|
|
@ -45,7 +46,7 @@ public class KcOidcBrokerWithConsentTest extends AbstractInitializedBaseBrokerTe
|
|||
*/
|
||||
@Test
|
||||
public void testConsentDeniedWithExpiredClientSession() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
log.debug("Clicking social " + bc.getIDPAlias());
|
||||
loginPage.clickSocial(bc.getIDPAlias());
|
||||
waitForPage(driver, "log in to", true);
|
||||
|
|
@ -72,7 +73,7 @@ public class KcOidcBrokerWithConsentTest extends AbstractInitializedBaseBrokerTe
|
|||
*/
|
||||
@Test
|
||||
public void testConsentDeniedWithExpiredAndClearedClientSession() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
// Set time offset
|
||||
|
|
@ -101,7 +102,7 @@ public class KcOidcBrokerWithConsentTest extends AbstractInitializedBaseBrokerTe
|
|||
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
|
||||
createUser(bc.consumerRealmName(), "consumer", "password", "FirstName", "LastName", "consumer@localhost.com");
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
loginPage.login("consumer", "password");
|
||||
|
||||
accountPage.federatedIdentity();
|
||||
|
|
@ -147,7 +148,7 @@ public class KcOidcBrokerWithConsentTest extends AbstractInitializedBaseBrokerTe
|
|||
@Test
|
||||
public void testLoginCancelConsent() {
|
||||
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(bc);
|
||||
|
||||
// User rejected consent
|
||||
|
|
@ -165,7 +166,7 @@ public class KcOidcBrokerWithConsentTest extends AbstractInitializedBaseBrokerTe
|
|||
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
|
||||
createUser(bc.consumerRealmName(), "consumer", "password", "FirstName", "LastName", "consumer@localhost.com");
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
loginPage.login("consumer", "password");
|
||||
|
||||
accountPage.federatedIdentity();
|
||||
|
|
|
|||
|
|
@ -12,11 +12,11 @@ import org.keycloak.testsuite.admin.ApiUtil;
|
|||
import org.keycloak.testsuite.pages.PasswordPage;
|
||||
import org.keycloak.testsuite.pages.SelectAuthenticatorPage;
|
||||
import org.keycloak.testsuite.util.UserBuilder;
|
||||
import org.keycloak.testsuite.util.WaitUtils;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
/**
|
||||
* Tests first-broker-login flow with new authenticators.
|
||||
|
|
@ -195,7 +195,7 @@ public class KcOidcFirstBrokerLoginNewAuthTest extends AbstractInitializedBaseBr
|
|||
user.update(userRep);
|
||||
|
||||
// Login. TOTP will be required at login time.
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
loginPage.login(username, "password");
|
||||
|
||||
totpPage.assertCurrent();
|
||||
|
|
@ -211,7 +211,7 @@ public class KcOidcFirstBrokerLoginNewAuthTest extends AbstractInitializedBaseBr
|
|||
|
||||
// Login with broker and click "Link account"
|
||||
private void loginWithBrokerAndConfirmLinkAccount() {
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
logInWithBroker(bc);
|
||||
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ import static org.junit.Assert.assertEquals;
|
|||
import static org.junit.Assert.assertTrue;
|
||||
import static org.keycloak.testsuite.admin.ApiUtil.removeUserByUsername;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
|
|
@ -35,7 +36,7 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
|
|||
String username = "firstandlastname";
|
||||
createUser(bc.providerRealmName(), username, BrokerTestConstants.USER_PASSWORD, firstname, lastname, "firstnamelastname@example.org");
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithIdp(bc.getIDPAlias(), username, BrokerTestConstants.USER_PASSWORD);
|
||||
|
||||
accountUpdateProfilePage.assertCurrent();
|
||||
|
|
@ -52,8 +53,8 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
|
|||
@Test
|
||||
public void testLinkAccountByReauthenticationWithDifferentBroker() {
|
||||
KcSamlBrokerConfiguration samlBrokerConfig = KcSamlBrokerConfiguration.INSTANCE;
|
||||
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients(suiteContext).get(0);
|
||||
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider(suiteContext);
|
||||
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients().get(0);
|
||||
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider();
|
||||
RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
|
||||
|
||||
try {
|
||||
|
|
@ -61,12 +62,12 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
|
|||
adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
|
||||
consumerRealm.identityProviders().create(samlBroker);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
logInWithBroker(samlBrokerConfig);
|
||||
waitForAccountManagementTitle();
|
||||
accountUpdateProfilePage.assertCurrent();
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
logInWithBroker(bc);
|
||||
|
||||
|
|
@ -98,14 +99,14 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
|
|||
@Test
|
||||
public void testFilterMultipleBrokerWhenReauthenticating() {
|
||||
KcSamlBrokerConfiguration samlBrokerConfig = KcSamlBrokerConfiguration.INSTANCE;
|
||||
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients(suiteContext).get(0);
|
||||
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider(suiteContext);
|
||||
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients().get(0);
|
||||
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider();
|
||||
RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
|
||||
|
||||
// create another oidc broker
|
||||
KcOidcBrokerConfiguration oidcBrokerConfig = KcOidcBrokerConfiguration.INSTANCE;
|
||||
ClientRepresentation oidcClient = oidcBrokerConfig.createProviderClients(suiteContext).get(0);
|
||||
IdentityProviderRepresentation oidcBroker = oidcBrokerConfig.setUpIdentityProvider(suiteContext);
|
||||
ClientRepresentation oidcClient = oidcBrokerConfig.createProviderClients().get(0);
|
||||
IdentityProviderRepresentation oidcBroker = oidcBrokerConfig.setUpIdentityProvider();
|
||||
oidcBroker.setAlias("kc-oidc-idp2");
|
||||
oidcBroker.setDisplayName("kc-oidc-idp2");
|
||||
|
||||
|
|
@ -116,12 +117,12 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
|
|||
consumerRealm.identityProviders().create(samlBroker);
|
||||
consumerRealm.identityProviders().create(oidcBroker);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
logInWithBroker(samlBrokerConfig);
|
||||
waitForAccountManagementTitle();
|
||||
accountUpdateProfilePage.assertCurrent();
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
logInWithBroker(bc);
|
||||
|
||||
|
|
@ -162,8 +163,8 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
|
|||
@Test
|
||||
public void testNestedFirstBrokerFlow() {
|
||||
KcSamlBrokerConfiguration samlBrokerConfig = KcSamlBrokerConfiguration.INSTANCE;
|
||||
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients(suiteContext).get(0);
|
||||
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider(suiteContext);
|
||||
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients().get(0);
|
||||
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider();
|
||||
RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
|
||||
|
||||
try {
|
||||
|
|
@ -171,7 +172,7 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
|
|||
adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
|
||||
consumerRealm.identityProviders().create(samlBroker);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
|
||||
createUser(bc.getUserLogin());
|
||||
|
||||
|
|
@ -207,8 +208,8 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
|
|||
@Test
|
||||
public void testLoginWithDifferentBrokerWhenUpdatingProfile() {
|
||||
KcSamlBrokerConfiguration samlBrokerConfig = KcSamlBrokerConfiguration.INSTANCE;
|
||||
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients(suiteContext).get(0);
|
||||
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider(suiteContext);
|
||||
ClientRepresentation samlClient = samlBrokerConfig.createProviderClients().get(0);
|
||||
IdentityProviderRepresentation samlBroker = samlBrokerConfig.setUpIdentityProvider();
|
||||
RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
|
||||
|
||||
try {
|
||||
|
|
@ -216,11 +217,11 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
|
|||
adminClient.realm(bc.providerRealmName()).clients().create(samlClient);
|
||||
consumerRealm.identityProviders().create(samlBroker);
|
||||
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
logInWithBroker(samlBrokerConfig);
|
||||
waitForPage(driver, "update account information", false);
|
||||
updateAccountInformationPage.updateAccountInformation("FirstName", "LastName");
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
logInWithBroker(bc);
|
||||
|
||||
|
|
@ -246,7 +247,7 @@ public class KcOidcFirstBrokerLoginTest extends AbstractFirstBrokerLoginTest {
|
|||
updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
|
||||
|
||||
createUser(bc.providerRealmName(), "no-first-name", "password", null, "LastName", "no-first-name@localhost.com");
|
||||
driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
|
||||
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
|
||||
log.debug("Clicking social " + bc.getIDPAlias());
|
||||
loginPage.clickSocial(bc.getIDPAlias());
|
||||
waitForPage(driver, "log in to", true);
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ public class KcSamlBrokerAllowedClockSkewTest extends AbstractInitializedBaseBro
|
|||
Document doc = SAML2Request.convert(loginRep);
|
||||
|
||||
new SamlClientBuilder()
|
||||
.authnRequest(getAuthServerSamlEndpoint(bc.consumerRealmName()), doc, SamlClient.Binding.POST).build() // Request to consumer IdP
|
||||
.authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, SamlClient.Binding.POST).build() // Request to consumer IdP
|
||||
.login().idp(bc.getIDPAlias()).build()
|
||||
|
||||
.processSamlResponse(SamlClient.Binding.POST) // AuthnRequest to producer IdP
|
||||
|
|
@ -79,7 +79,7 @@ public class KcSamlBrokerAllowedClockSkewTest extends AbstractInitializedBaseBro
|
|||
Document doc = SAML2Request.convert(loginRep);
|
||||
|
||||
SAMLDocumentHolder samlResponse = new SamlClientBuilder()
|
||||
.authnRequest(getAuthServerSamlEndpoint(bc.consumerRealmName()), doc, SamlClient.Binding.POST).build() // Request to consumer IdP
|
||||
.authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, SamlClient.Binding.POST).build() // Request to consumer IdP
|
||||
.login().idp(bc.getIDPAlias()).build()
|
||||
|
||||
.processSamlResponse(SamlClient.Binding.POST) // AuthnRequest to producer IdP
|
||||
|
|
|
|||
|
|
@ -17,7 +17,6 @@ import org.keycloak.representations.idm.ClientRepresentation;
|
|||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
|
||||
import org.keycloak.testsuite.saml.AbstractSamlTest;
|
||||
import org.keycloak.testsuite.util.ClientBuilder;
|
||||
|
|
@ -59,28 +58,28 @@ public class KcSamlBrokerConfiguration implements BrokerConfiguration {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<ClientRepresentation> createProviderClients(SuiteContext suiteContext) {
|
||||
String clientId = getIDPClientIdInProviderRealm(suiteContext);
|
||||
return Arrays.asList(createProviderClient(suiteContext, clientId));
|
||||
public List<ClientRepresentation> createProviderClients() {
|
||||
String clientId = getIDPClientIdInProviderRealm();
|
||||
return Arrays.asList(createProviderClient(clientId));
|
||||
}
|
||||
|
||||
private ClientRepresentation createProviderClient(SuiteContext suiteContext, String clientId) {
|
||||
private ClientRepresentation createProviderClient(String clientId) {
|
||||
ClientRepresentation client = new ClientRepresentation();
|
||||
|
||||
client.setClientId(clientId);
|
||||
client.setEnabled(true);
|
||||
client.setProtocol(IDP_SAML_PROVIDER_ID);
|
||||
client.setRedirectUris(Collections.singletonList(
|
||||
getAuthRoot(suiteContext) + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint"
|
||||
getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint"
|
||||
));
|
||||
|
||||
Map<String, String> attributes = new HashMap<>();
|
||||
|
||||
attributes.put(SamlConfigAttributes.SAML_AUTHNSTATEMENT, "true");
|
||||
attributes.put(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE,
|
||||
getAuthRoot(suiteContext) + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
|
||||
getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
|
||||
attributes.put(SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE,
|
||||
getAuthRoot(suiteContext) + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
|
||||
getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
|
||||
attributes.put(SamlConfigAttributes.SAML_FORCE_NAME_ID_FORMAT_ATTRIBUTE, "true");
|
||||
attributes.put(SamlConfigAttributes.SAML_NAME_ID_FORMAT_ATTRIBUTE, "username");
|
||||
attributes.put(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, "false");
|
||||
|
|
@ -149,16 +148,15 @@ public class KcSamlBrokerConfiguration implements BrokerConfiguration {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<ClientRepresentation> createConsumerClients(SuiteContext suiteContext) {
|
||||
public List<ClientRepresentation> createConsumerClients() {
|
||||
return Arrays.asList(
|
||||
ClientBuilder.create()
|
||||
.clientId(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST)
|
||||
.enabled(true)
|
||||
.fullScopeEnabled(true)
|
||||
.protocol(SamlProtocol.LOGIN_PROTOCOL)
|
||||
.baseUrl("http://localhost:8080/sales-post")
|
||||
.addRedirectUri("http://localhost:8180/sales-post/*")
|
||||
.addRedirectUri("https://localhost:8543/sales-post/*")
|
||||
.baseUrl(getConsumerRoot() + "/sales-post")
|
||||
.addRedirectUri(getConsumerRoot() + "/sales-post/*")
|
||||
.attribute(SamlConfigAttributes.SAML_AUTHNSTATEMENT, SamlProtocol.ATTRIBUTE_TRUE_VALUE)
|
||||
.attribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, SamlProtocol.ATTRIBUTE_FALSE_VALUE)
|
||||
.build(),
|
||||
|
|
@ -167,13 +165,12 @@ public class KcSamlBrokerConfiguration implements BrokerConfiguration {
|
|||
.enabled(true)
|
||||
.fullScopeEnabled(true)
|
||||
.protocol(SamlProtocol.LOGIN_PROTOCOL)
|
||||
.baseUrl("http://localhost:8080/sales-post")
|
||||
.addRedirectUri("http://localhost:8180/sales-post/*")
|
||||
.addRedirectUri("https://localhost:8543/sales-post/*")
|
||||
.baseUrl(getConsumerRoot() + "/sales-post")
|
||||
.addRedirectUri(getConsumerRoot() + "/sales-post/*")
|
||||
.attribute(SamlConfigAttributes.SAML_AUTHNSTATEMENT, SamlProtocol.ATTRIBUTE_TRUE_VALUE)
|
||||
.attribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, SamlProtocol.ATTRIBUTE_FALSE_VALUE)
|
||||
.attribute(SAML_IDP_INITIATED_SSO_URL_NAME, "sales-post")
|
||||
.attribute(SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE, "https://localhost:8180/sales-post/saml")
|
||||
.attribute(SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE, getConsumerRoot() + "/sales-post/saml")
|
||||
.build(),
|
||||
ClientBuilder.create()
|
||||
.id("broker-app")
|
||||
|
|
@ -182,14 +179,14 @@ public class KcSamlBrokerConfiguration implements BrokerConfiguration {
|
|||
.secret("broker-app-secret")
|
||||
.enabled(true)
|
||||
.directAccessGrants()
|
||||
.addRedirectUri(getAuthRoot(suiteContext) + "/auth/*")
|
||||
.baseUrl(getAuthRoot(suiteContext) + "/auth/realms/" + REALM_CONS_NAME + "/app")
|
||||
.addRedirectUri(getConsumerRoot() + "/auth/*")
|
||||
.baseUrl(getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/app")
|
||||
.build()
|
||||
);
|
||||
}
|
||||
|
||||
@Override
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext, IdentityProviderSyncMode syncMode) {
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode syncMode) {
|
||||
IdentityProviderRepresentation idp = createIdentityProvider(IDP_SAML_ALIAS, IDP_SAML_PROVIDER_ID);
|
||||
|
||||
idp.setTrustEmail(true);
|
||||
|
|
@ -199,8 +196,8 @@ public class KcSamlBrokerConfiguration implements BrokerConfiguration {
|
|||
Map<String, String> config = idp.getConfig();
|
||||
|
||||
config.put(IdentityProviderModel.SYNC_MODE, syncMode.toString());
|
||||
config.put(SINGLE_SIGN_ON_SERVICE_URL, getAuthRoot(suiteContext) + "/auth/realms/" + REALM_PROV_NAME + "/protocol/saml");
|
||||
config.put(SINGLE_LOGOUT_SERVICE_URL, getAuthRoot(suiteContext) + "/auth/realms/" + REALM_PROV_NAME + "/protocol/saml");
|
||||
config.put(SINGLE_SIGN_ON_SERVICE_URL, getProviderRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/saml");
|
||||
config.put(SINGLE_LOGOUT_SERVICE_URL, getProviderRoot() + "/auth/realms/" + REALM_PROV_NAME + "/protocol/saml");
|
||||
config.put(NAME_ID_POLICY_FORMAT, "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
|
||||
config.put(FORCE_AUTHN, "false");
|
||||
config.put(POST_BINDING_RESPONSE, "true");
|
||||
|
|
@ -223,8 +220,8 @@ public class KcSamlBrokerConfiguration implements BrokerConfiguration {
|
|||
}
|
||||
|
||||
@Override
|
||||
public String getIDPClientIdInProviderRealm(SuiteContext suiteContext) {
|
||||
return getAuthRoot(suiteContext) + "/auth/realms/" + consumerRealmName();
|
||||
public String getIDPClientIdInProviderRealm() {
|
||||
return getConsumerRoot() + "/auth/realms/" + consumerRealmName();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ public class KcSamlBrokerSessionNotOnOrAfterTest extends AbstractBrokerTest {
|
|||
@Test
|
||||
public void testConsumerIdpInitiatedLoginContainsSessionNotOnOrAfter() throws Exception {
|
||||
SAMLDocumentHolder samlResponse = new SamlClientBuilder()
|
||||
.idpInitiatedLogin(getAuthServerSamlEndpoint(REALM_CONS_NAME), "sales-post").build()
|
||||
.idpInitiatedLogin(getConsumerSamlEndpoint(REALM_CONS_NAME), "sales-post").build()
|
||||
// Request login via kc-saml-idp
|
||||
.login().idp(IDP_SAML_ALIAS).build()
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ import org.keycloak.admin.client.resource.IdentityProviderResource;
|
|||
import org.keycloak.admin.client.resource.RealmResource;
|
||||
import org.keycloak.admin.client.resource.UserResource;
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
import org.keycloak.broker.oidc.mappers.ExternalKeycloakRoleToRoleMapper;
|
||||
import org.keycloak.broker.saml.mappers.AttributeToRoleMapper;
|
||||
import org.keycloak.broker.saml.mappers.UserAttributeMapper;
|
||||
import org.keycloak.dom.saml.v2.assertion.AssertionType;
|
||||
|
|
@ -15,7 +14,6 @@ import org.keycloak.dom.saml.v2.protocol.AuthnRequestType;
|
|||
import org.keycloak.dom.saml.v2.protocol.ResponseType;
|
||||
import org.keycloak.models.IdentityProviderMapperModel;
|
||||
import org.keycloak.models.IdentityProviderMapperSyncMode;
|
||||
import org.keycloak.models.IdentityProviderSyncMode;
|
||||
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
|
|
@ -43,14 +41,13 @@ import org.w3c.dom.Document;
|
|||
import static org.hamcrest.Matchers.hasItems;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
import static org.junit.Assert.assertThat;
|
||||
import static org.keycloak.testsuite.arquillian.AuthServerTestEnricher.getAuthServerContextRoot;
|
||||
import static org.keycloak.testsuite.broker.AbstractBrokerTest.ROLE_MANAGER;
|
||||
import static org.keycloak.testsuite.broker.AbstractBrokerTest.ROLE_USER;
|
||||
import static org.keycloak.testsuite.saml.RoleMapperTest.ROLE_ATTRIBUTE_NAME;
|
||||
import static org.keycloak.testsuite.util.Matchers.isSamlResponse;
|
||||
import static org.keycloak.testsuite.util.SamlStreams.assertionsUnencrypted;
|
||||
import static org.keycloak.testsuite.util.SamlStreams.attributeStatements;
|
||||
import static org.keycloak.testsuite.util.SamlStreams.attributesUnecrypted;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot;
|
||||
|
||||
/**
|
||||
* Final class as it's not intended to be overriden. Feel free to remove "final" if you really know what you are doing.
|
||||
|
|
@ -158,7 +155,7 @@ public final class KcSamlBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
assertThat(currentRoles, hasItems(ROLE_MANAGER));
|
||||
assertThat(currentRoles, not(hasItems(ROLE_USER, ROLE_FRIENDLY_MANAGER)));
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
|
||||
userResource.roles().realmLevel().add(Collections.singletonList(userRole));
|
||||
|
|
@ -171,7 +168,7 @@ public final class KcSamlBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
.collect(Collectors.toSet());
|
||||
assertThat(currentRoles, hasItems(ROLE_MANAGER, ROLE_USER, ROLE_FRIENDLY_MANAGER));
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
|
||||
userResource.roles().realmLevel().remove(Collections.singletonList(friendlyManagerRole));
|
||||
|
|
@ -184,8 +181,8 @@ public final class KcSamlBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
assertThat(currentRoles, hasItems(ROLE_MANAGER, ROLE_USER));
|
||||
assertThat(currentRoles, not(hasItems(ROLE_FRIENDLY_MANAGER)));
|
||||
|
||||
logoutFromRealm(bc.providerRealmName());
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -214,7 +211,7 @@ public final class KcSamlBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
assertThat(currentRoles, hasItems(ROLE_MANAGER));
|
||||
assertThat(currentRoles, not(hasItems(ROLE_USER, ROLE_FRIENDLY_MANAGER, ROLE_USER_DOT_GUIDE)));
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
|
||||
UserRepresentation urp = userResourceProv.toRepresentation();
|
||||
|
|
@ -231,7 +228,7 @@ public final class KcSamlBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
.collect(Collectors.toSet());
|
||||
assertThat(currentRoles, hasItems(ROLE_MANAGER, ROLE_USER, ROLE_USER_DOT_GUIDE, ROLE_FRIENDLY_MANAGER));
|
||||
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
|
||||
|
||||
urp = userResourceProv.toRepresentation();
|
||||
|
|
@ -246,19 +243,19 @@ public final class KcSamlBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
assertThat(currentRoles, hasItems(ROLE_MANAGER, ROLE_USER, ROLE_USER_DOT_GUIDE));
|
||||
assertThat(currentRoles, not(hasItems(ROLE_FRIENDLY_MANAGER)));
|
||||
|
||||
logoutFromRealm(bc.providerRealmName());
|
||||
logoutFromRealm(bc.consumerRealmName());
|
||||
logoutFromRealm(getProviderRoot(), bc.providerRealmName());
|
||||
logoutFromRealm(getConsumerRoot(), bc.consumerRealmName());
|
||||
}
|
||||
|
||||
// KEYCLOAK-6106
|
||||
@Test
|
||||
public void loginClientWithDotsInName() throws Exception {
|
||||
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getAuthServerContextRoot() + "/sales-post/saml", null);
|
||||
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
|
||||
|
||||
Document doc = SAML2Request.convert(loginRep);
|
||||
|
||||
SAMLDocumentHolder samlResponse = new SamlClientBuilder()
|
||||
.authnRequest(getAuthServerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build() // Request to consumer IdP
|
||||
.authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build() // Request to consumer IdP
|
||||
.login().idp(bc.getIDPAlias()).build()
|
||||
|
||||
.processSamlResponse(Binding.POST) // AuthnRequest to producer IdP
|
||||
|
|
@ -285,12 +282,12 @@ public final class KcSamlBrokerTest extends AbstractAdvancedBrokerTest {
|
|||
createRolesForRealm(bc.consumerRealmName());
|
||||
createRoleMappersForConsumerRealm();
|
||||
|
||||
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getAuthServerContextRoot() + "/sales-post/saml", null);
|
||||
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
|
||||
|
||||
Document doc = SAML2Request.convert(loginRep);
|
||||
|
||||
SAMLDocumentHolder samlResponse = new SamlClientBuilder()
|
||||
.authnRequest(getAuthServerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build() // Request to consumer IdP
|
||||
.authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build() // Request to consumer IdP
|
||||
.login().idp(bc.getIDPAlias()).build()
|
||||
|
||||
.processSamlResponse(Binding.POST) // AuthnRequest to producer IdP
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ import org.keycloak.saml.processing.api.saml.v2.request.SAML2Request;
|
|||
import org.keycloak.saml.processing.core.parsers.saml.assertion.SAMLAssertionQNames;
|
||||
import org.keycloak.saml.processing.core.parsers.saml.protocol.SAMLProtocolQNames;
|
||||
import org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
|
||||
import org.keycloak.testsuite.saml.AbstractSamlTest;
|
||||
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
|
||||
|
|
@ -53,88 +52,17 @@ import org.w3c.dom.NodeList;
|
|||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
import static org.junit.Assert.assertThat;
|
||||
import static org.keycloak.testsuite.arquillian.AuthServerTestEnricher.getAuthServerContextRoot;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestConstants.*;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot;
|
||||
import static org.keycloak.testsuite.util.Matchers.bodyHC;
|
||||
import static org.keycloak.testsuite.util.Matchers.isSamlResponse;
|
||||
import static org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot;
|
||||
|
||||
public class KcSamlSignedBrokerTest extends AbstractBrokerTest {
|
||||
|
||||
private static final String PRIVATE_KEY = "MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAs46ICYPRIkmr8diECmyT59cChTWIEiXYBY3T6OLlZrF8ofVCzbEeoUOmhrtHijxxuKSoqLWP4nNOt3rINtQNBQIDAQABAkBL2nyxuFQTLhhLdPJjDPd2y6gu6ixvrjkSL5ZEHgZXWRHzhTzBT0eRxg/5rJA2NDRMBzTTegaEGkWUt7lF5wDJAiEA5pC+h9NEgqDJSw42I52BOml3II35Z6NlNwl6OMfnD1sCIQDHXUiOIJy4ZcSgv5WGue1KbdNVOT2gop1XzfuyWgtjHwIhAOCjLb9QC3PqC7Tgx8azcnDiyHojWVesTrTsuvQPcAP5AiAkX5OeQrr1NbQTNAEe7IsrmjAFi4T/6stUOsOiPaV4NwIhAJIeyh4foIXIVQ+M4To2koaDFRssxKI9/O72vnZSJ+uA";
|
||||
private static final String PUBLIC_KEY = "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALOOiAmD0SJJq/HYhApsk+fXAoU1iBIl2AWN0+ji5WaxfKH1Qs2xHqFDpoa7R4o8cbikqKi1j+JzTrd6yDbUDQUCAwEAAQ==";
|
||||
|
||||
public class KcSamlSignedBrokerConfiguration extends KcSamlBrokerConfiguration {
|
||||
|
||||
@Override
|
||||
public RealmRepresentation createProviderRealm() {
|
||||
RealmRepresentation realm = super.createProviderRealm();
|
||||
|
||||
realm.setPublicKey(REALM_PUBLIC_KEY);
|
||||
realm.setPrivateKey(REALM_PRIVATE_KEY);
|
||||
|
||||
return realm;
|
||||
}
|
||||
|
||||
@Override
|
||||
public RealmRepresentation createConsumerRealm() {
|
||||
RealmRepresentation realm = super.createConsumerRealm();
|
||||
|
||||
realm.setPublicKey(REALM_PUBLIC_KEY);
|
||||
realm.setPrivateKey(REALM_PRIVATE_KEY);
|
||||
|
||||
return realm;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<ClientRepresentation> createProviderClients(SuiteContext suiteContext) {
|
||||
List<ClientRepresentation> clientRepresentationList = super.createProviderClients(suiteContext);
|
||||
|
||||
String consumerCert = KeyUtils.getActiveKey(adminClient.realm(consumerRealmName()).keys().getKeyMetadata(), Algorithm.RS256).getCertificate();
|
||||
Assert.assertThat(consumerCert, Matchers.notNullValue());
|
||||
|
||||
for (ClientRepresentation client : clientRepresentationList) {
|
||||
client.setClientAuthenticatorType("client-secret");
|
||||
client.setSurrogateAuthRequired(false);
|
||||
|
||||
Map<String, String> attributes = client.getAttributes();
|
||||
if (attributes == null) {
|
||||
attributes = new HashMap<>();
|
||||
client.setAttributes(attributes);
|
||||
}
|
||||
|
||||
attributes.put(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, "true");
|
||||
attributes.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "true");
|
||||
attributes.put(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "true");
|
||||
attributes.put(SamlConfigAttributes.SAML_SIGNATURE_ALGORITHM, "RSA_SHA256");
|
||||
attributes.put(SamlConfigAttributes.SAML_SIGNING_CERTIFICATE_ATTRIBUTE, consumerCert);
|
||||
}
|
||||
|
||||
return clientRepresentationList;
|
||||
}
|
||||
|
||||
@Override
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext, IdentityProviderSyncMode syncMode) {
|
||||
IdentityProviderRepresentation result = super.setUpIdentityProvider(suiteContext, syncMode);
|
||||
|
||||
String providerCert = KeyUtils.getActiveKey(adminClient.realm(providerRealmName()).keys().getKeyMetadata(), Algorithm.RS256).getCertificate();
|
||||
Assert.assertThat(providerCert, Matchers.notNullValue());
|
||||
|
||||
Map<String, String> config = result.getConfig();
|
||||
|
||||
config.put(SAMLIdentityProviderConfig.VALIDATE_SIGNATURE, "true");
|
||||
config.put(SAMLIdentityProviderConfig.WANT_ASSERTIONS_SIGNED, "true");
|
||||
config.put(SAMLIdentityProviderConfig.WANT_AUTHN_REQUESTS_SIGNED, "true");
|
||||
config.put(SAMLIdentityProviderConfig.SIGNING_CERTIFICATE_KEY, providerCert);
|
||||
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected BrokerConfiguration getBrokerConfiguration() {
|
||||
return new KcSamlSignedBrokerConfiguration();
|
||||
}
|
||||
|
||||
public void withSignedEncryptedAssertions(Runnable testBody, boolean signedDocument, boolean signedAssertion, boolean encryptedAssertion) throws Exception {
|
||||
String providerCert = KeyUtils.getActiveKey(adminClient.realm(bc.providerRealmName()).keys().getKeyMetadata(), Algorithm.RS256).getCertificate();
|
||||
Assert.assertThat(providerCert, Matchers.notNullValue());
|
||||
|
|
@ -150,7 +78,7 @@ public class KcSamlSignedBrokerTest extends AbstractBrokerTest {
|
|||
.setAttribute(SAMLIdentityProviderConfig.ENCRYPTION_PUBLIC_KEY, PUBLIC_KEY)
|
||||
.setAttribute(SAMLIdentityProviderConfig.SIGNING_CERTIFICATE_KEY, providerCert)
|
||||
.update();
|
||||
Closeable clientUpdater = ClientAttributeUpdater.forClient(adminClient, bc.providerRealmName(), bc.getIDPClientIdInProviderRealm(suiteContext))
|
||||
Closeable clientUpdater = ClientAttributeUpdater.forClient(adminClient, bc.providerRealmName(), bc.getIDPClientIdInProviderRealm())
|
||||
.setAttribute(SamlConfigAttributes.SAML_ENCRYPT, Boolean.toString(encryptedAssertion))
|
||||
.setAttribute(SamlConfigAttributes.SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE, consumerCert)
|
||||
.setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, Boolean.toString(signedDocument))
|
||||
|
|
@ -163,6 +91,43 @@ public class KcSamlSignedBrokerTest extends AbstractBrokerTest {
|
|||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected BrokerConfiguration getBrokerConfiguration() {
|
||||
return new KcSamlSignedBrokerConfiguration();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testWithExpiredBrokerCertificate() throws Exception {
|
||||
try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource)
|
||||
.setAttribute(SAMLIdentityProviderConfig.VALIDATE_SIGNATURE, Boolean.toString(true))
|
||||
.setAttribute(SAMLIdentityProviderConfig.WANT_ASSERTIONS_SIGNED, Boolean.toString(true))
|
||||
.setAttribute(SAMLIdentityProviderConfig.WANT_ASSERTIONS_ENCRYPTED, Boolean.toString(false))
|
||||
.setAttribute(SAMLIdentityProviderConfig.WANT_AUTHN_REQUESTS_SIGNED, "true")
|
||||
.setAttribute(SAMLIdentityProviderConfig.SIGNING_CERTIFICATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_EXPIRED_CERTIFICATE)
|
||||
.update();
|
||||
Closeable clientUpdater = ClientAttributeUpdater.forClient(adminClient, bc.providerRealmName(), bc.getIDPClientIdInProviderRealm())
|
||||
.setAttribute(SamlConfigAttributes.SAML_ENCRYPT, Boolean.toString(false))
|
||||
.setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "true")
|
||||
.setAttribute(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, Boolean.toString(true))
|
||||
.setAttribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false")
|
||||
.update();
|
||||
Closeable realmUpdater = new RealmAttributeUpdater(adminClient.realm(bc.providerRealmName()))
|
||||
.setPublicKey(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_EXPIRED_PUBLIC_KEY)
|
||||
.setPrivateKey(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_EXPIRED_PRIVATE_KEY)
|
||||
.update())
|
||||
{
|
||||
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST, null);
|
||||
|
||||
Document doc = SAML2Request.convert(loginRep);
|
||||
new SamlClientBuilder()
|
||||
.authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build() // Request to consumer IdP
|
||||
.login().idp(bc.getIDPAlias()).build()
|
||||
|
||||
.assertResponse(org.keycloak.testsuite.util.Matchers.statusCodeIsHC(Status.BAD_REQUEST));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSignedEncryptedAssertions() throws Exception {
|
||||
withSignedEncryptedAssertions(this::testAssertionSignatureRespected, false, true, true);
|
||||
|
|
@ -178,7 +143,7 @@ public class KcSamlSignedBrokerTest extends AbstractBrokerTest {
|
|||
loginUser();
|
||||
|
||||
// Logout should fail because logout response is not signed.
|
||||
final String redirectUri = getAccountUrl(bc.providerRealmName());
|
||||
final String redirectUri = getAccountUrl(getProviderRoot(), bc.providerRealmName());
|
||||
final String logoutUri = oauth.realm(bc.providerRealmName()).getLogoutUrl().redirectUri(redirectUri).build();
|
||||
driver.navigate().to(logoutUri);
|
||||
|
||||
|
|
@ -231,7 +196,7 @@ public class KcSamlSignedBrokerTest extends AbstractBrokerTest {
|
|||
// KEYCLOAK-5581
|
||||
@Test
|
||||
public void loginUserAllNamespacesInTopElement() {
|
||||
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, getAuthServerContextRoot() + "/sales-post/saml", null);
|
||||
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, getConsumerRoot() + "/sales-post/saml", null);
|
||||
|
||||
Document doc;
|
||||
try {
|
||||
|
|
@ -241,7 +206,7 @@ public class KcSamlSignedBrokerTest extends AbstractBrokerTest {
|
|||
}
|
||||
|
||||
SAMLDocumentHolder samlResponse = new SamlClientBuilder()
|
||||
.authnRequest(getAuthServerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build() // Request to consumer IdP
|
||||
.authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build() // Request to consumer IdP
|
||||
.login().idp(bc.getIDPAlias()).build()
|
||||
|
||||
.processSamlResponse(Binding.POST) // AuthnRequest to producer IdP
|
||||
|
|
@ -280,36 +245,71 @@ public class KcSamlSignedBrokerTest extends AbstractBrokerTest {
|
|||
withSignedEncryptedAssertions(this::loginUserAllNamespacesInTopElement, false, false, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testWithExpiredBrokerCertificate() throws Exception {
|
||||
try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource)
|
||||
.setAttribute(SAMLIdentityProviderConfig.VALIDATE_SIGNATURE, Boolean.toString(true))
|
||||
.setAttribute(SAMLIdentityProviderConfig.WANT_ASSERTIONS_SIGNED, Boolean.toString(true))
|
||||
.setAttribute(SAMLIdentityProviderConfig.WANT_ASSERTIONS_ENCRYPTED, Boolean.toString(false))
|
||||
.setAttribute(SAMLIdentityProviderConfig.WANT_AUTHN_REQUESTS_SIGNED, "true")
|
||||
.setAttribute(SAMLIdentityProviderConfig.SIGNING_CERTIFICATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_EXPIRED_CERTIFICATE)
|
||||
.update();
|
||||
Closeable clientUpdater = ClientAttributeUpdater.forClient(adminClient, bc.providerRealmName(), bc.getIDPClientIdInProviderRealm(suiteContext))
|
||||
.setAttribute(SamlConfigAttributes.SAML_ENCRYPT, Boolean.toString(false))
|
||||
.setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "true")
|
||||
.setAttribute(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, Boolean.toString(true))
|
||||
.setAttribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false")
|
||||
.update();
|
||||
Closeable realmUpdater = new RealmAttributeUpdater(adminClient.realm(bc.providerRealmName()))
|
||||
.setPublicKey(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_EXPIRED_PUBLIC_KEY)
|
||||
.setPrivateKey(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_EXPIRED_PRIVATE_KEY)
|
||||
.update())
|
||||
{
|
||||
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST, null);
|
||||
public class KcSamlSignedBrokerConfiguration extends KcSamlBrokerConfiguration {
|
||||
|
||||
Document doc = SAML2Request.convert(loginRep);
|
||||
new SamlClientBuilder()
|
||||
.authnRequest(getAuthServerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build() // Request to consumer IdP
|
||||
.login().idp(bc.getIDPAlias()).build()
|
||||
@Override
|
||||
public RealmRepresentation createProviderRealm() {
|
||||
RealmRepresentation realm = super.createProviderRealm();
|
||||
|
||||
.assertResponse(org.keycloak.testsuite.util.Matchers.statusCodeIsHC(Status.BAD_REQUEST));
|
||||
realm.setPublicKey(REALM_PUBLIC_KEY);
|
||||
realm.setPrivateKey(REALM_PRIVATE_KEY);
|
||||
|
||||
return realm;
|
||||
}
|
||||
|
||||
@Override
|
||||
public RealmRepresentation createConsumerRealm() {
|
||||
RealmRepresentation realm = super.createConsumerRealm();
|
||||
|
||||
realm.setPublicKey(REALM_PUBLIC_KEY);
|
||||
realm.setPrivateKey(REALM_PRIVATE_KEY);
|
||||
|
||||
return realm;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<ClientRepresentation> createProviderClients() {
|
||||
List<ClientRepresentation> clientRepresentationList = super.createProviderClients();
|
||||
|
||||
String consumerCert = KeyUtils.getActiveKey(adminClient.realm(consumerRealmName()).keys().getKeyMetadata(), Algorithm.RS256).getCertificate();
|
||||
Assert.assertThat(consumerCert, Matchers.notNullValue());
|
||||
|
||||
for (ClientRepresentation client : clientRepresentationList) {
|
||||
client.setClientAuthenticatorType("client-secret");
|
||||
client.setSurrogateAuthRequired(false);
|
||||
|
||||
Map<String, String> attributes = client.getAttributes();
|
||||
if (attributes == null) {
|
||||
attributes = new HashMap<>();
|
||||
client.setAttributes(attributes);
|
||||
}
|
||||
|
||||
attributes.put(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, "true");
|
||||
attributes.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "true");
|
||||
attributes.put(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "true");
|
||||
attributes.put(SamlConfigAttributes.SAML_SIGNATURE_ALGORITHM, "RSA_SHA256");
|
||||
attributes.put(SamlConfigAttributes.SAML_SIGNING_CERTIFICATE_ATTRIBUTE, consumerCert);
|
||||
}
|
||||
|
||||
return clientRepresentationList;
|
||||
}
|
||||
|
||||
@Override
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode syncMode) {
|
||||
IdentityProviderRepresentation result = super.setUpIdentityProvider(syncMode);
|
||||
|
||||
String providerCert = KeyUtils.getActiveKey(adminClient.realm(providerRealmName()).keys().getKeyMetadata(), Algorithm.RS256).getCertificate();
|
||||
Assert.assertThat(providerCert, Matchers.notNullValue());
|
||||
|
||||
Map<String, String> config = result.getConfig();
|
||||
|
||||
config.put(SAMLIdentityProviderConfig.VALIDATE_SIGNATURE, "true");
|
||||
config.put(SAMLIdentityProviderConfig.WANT_ASSERTIONS_SIGNED, "true");
|
||||
config.put(SAMLIdentityProviderConfig.WANT_AUTHN_REQUESTS_SIGNED, "true");
|
||||
config.put(SAMLIdentityProviderConfig.SIGNING_CERTIFICATE_KEY, providerCert);
|
||||
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -426,12 +426,12 @@ public class KcSamlSignedBrokerTest extends AbstractBrokerTest {
|
|||
? bodyHC(containsString("Update Account Information"))
|
||||
: not(bodyHC(containsString("Update Account Information")));
|
||||
|
||||
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, getAuthServerContextRoot() + "/sales-post/saml", null);
|
||||
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, getConsumerRoot() + "/sales-post/saml", null);
|
||||
Document doc = SAML2Request.convert(loginRep);
|
||||
|
||||
withSignedEncryptedAssertions(() -> {
|
||||
new SamlClientBuilder()
|
||||
.authnRequest(getAuthServerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build() // Request to consumer IdP
|
||||
.authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build() // Request to consumer IdP
|
||||
|
||||
.login().idp(bc.getIDPAlias()).build()
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ import org.keycloak.models.IdentityProviderSyncMode;
|
|||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.IdentityProviderRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.testsuite.arquillian.SuiteContext;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
|
|
@ -37,8 +36,8 @@ public class KcSamlSignedDocumentOnlyBrokerTest extends AbstractBrokerTest {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<ClientRepresentation> createProviderClients(SuiteContext suiteContext) {
|
||||
List<ClientRepresentation> clientRepresentationList = super.createProviderClients(suiteContext);
|
||||
public List<ClientRepresentation> createProviderClients() {
|
||||
List<ClientRepresentation> clientRepresentationList = super.createProviderClients();
|
||||
|
||||
for (ClientRepresentation client : clientRepresentationList) {
|
||||
client.setClientAuthenticatorType("client-secret");
|
||||
|
|
@ -62,8 +61,8 @@ public class KcSamlSignedDocumentOnlyBrokerTest extends AbstractBrokerTest {
|
|||
}
|
||||
|
||||
@Override
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext, IdentityProviderSyncMode syncMode) {
|
||||
IdentityProviderRepresentation result = super.setUpIdentityProvider(suiteContext, syncMode);
|
||||
public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode syncMode) {
|
||||
IdentityProviderRepresentation result = super.setUpIdentityProvider(syncMode);
|
||||
|
||||
Map<String, String> config = result.getConfig();
|
||||
|
||||
|
|
|
|||
|
|
@ -18,9 +18,7 @@ import java.security.spec.X509EncodedKeySpec;
|
|||
import java.util.Base64;
|
||||
import java.util.List;
|
||||
|
||||
import static org.keycloak.testsuite.arquillian.AuthServerTestEnricher.AUTH_SERVER_PORT;
|
||||
import static org.keycloak.testsuite.arquillian.AuthServerTestEnricher.AUTH_SERVER_SCHEME;
|
||||
import static org.keycloak.testsuite.arquillian.AuthServerTestEnricher.AUTH_SERVER_SSL_REQUIRED;
|
||||
import static org.keycloak.testsuite.arquillian.AuthServerTestEnricher.getAuthServerContextRoot;
|
||||
import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
|
||||
|
||||
/**
|
||||
|
|
@ -33,13 +31,13 @@ public abstract class AbstractSamlTest extends AbstractAuthTest {
|
|||
public static final String REALM_PUBLIC_KEY = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB";
|
||||
public static final String REALM_SIGNING_CERTIFICATE = "MIIBkTCB+wIGAUkZB1wLMA0GCSqGSIb3DQEBCwUAMA8xDTALBgNVBAMTBGRlbW8wHhcNMTQxMDE2MTI1NDEzWhcNMjQxMDE2MTI1NTUzWjAPMQ0wCwYDVQQDEwRkZW1vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAI9moVwZxiEvzfvyL0zqyzRP4qnEdYQ/l/Nl78OAed25hdKpVpNv8i7DwM1QscWQhrtfGImD0480eoOUfe1rU9k6gNdNpR6kYAz17A/OsovpTFF0cIQE7HPqumpHfdbeW0jEjLNT2Od/PXdaIijVOdbJn8iF//nnItrwPbNUBU75";
|
||||
|
||||
public static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST = AUTH_SERVER_SCHEME + "://localhost:" + (AUTH_SERVER_SSL_REQUIRED ? AUTH_SERVER_PORT : 8080) + "/sales-post/saml";
|
||||
public static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST = getAuthServerContextRoot() + "/sales-post/saml";
|
||||
public static final String SAML_CLIENT_ID_SALES_POST = "http://localhost:8280/sales-post/";
|
||||
|
||||
public static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST2 = AUTH_SERVER_SCHEME + "://localhost:" + (AUTH_SERVER_SSL_REQUIRED ? AUTH_SERVER_PORT : 8080) + "/sales-post2/saml";
|
||||
public static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST2 = getAuthServerContextRoot() + "/sales-post2/saml";
|
||||
public static final String SAML_CLIENT_ID_SALES_POST2 = "http://localhost:8280/sales-post2/";
|
||||
|
||||
public static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST_SIG = AUTH_SERVER_SCHEME + "://localhost:" + (AUTH_SERVER_SSL_REQUIRED ? AUTH_SERVER_PORT : 8080) + "/sales-post-sig/";
|
||||
public static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST_SIG = getAuthServerContextRoot() + "/sales-post-sig/";
|
||||
public static final String SAML_CLIENT_ID_SALES_POST_SIG = "http://localhost:8280/sales-post-sig/";
|
||||
public static final String SAML_URL_SALES_POST_SIG = "http://localhost:8080/sales-post-sig/";
|
||||
public static final String SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY = "MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBANUbxrvEY3pkiQNt55zJLKBwN+zKmNQw08ThAmOKzwHfXoK+xlDSFxNMtTKJGkeUdnKzaTfESEcEfKYULUA41y/NnOlvjS0CEsc7Wq0Ce63TSSGMB2NHea4tV0aQz/MwLsbmz2IjAFWHA5CHL5WwacIf3UTOSNnhJUSvnkomjJAlAgMBAAECgYANpO2gb/5+g5lSIuNFYov86bJq8r2+ODIW1OE2Rljioc6HSHeiDRF1JuAjECwikRrUVTBTZbnK8jqY14neJsWAKBzGo+ToaQALsNZ9B91DxxL50K5oVOzw5shAS9TnRjN40+KIXFED4ydq4JRdoqb8+cN+N3i0+Cu7tdm+UaHTAQJBAOwFs3ZwqQEqmv9vmgmIFwFpJm1aIw25gEOf3Hy45GP4bL/j0FQgwcXYRbLE5bPqhw/liLKc1GQ97bVm6zs8SvUCQQDnJZA6TFRMiDjezinE1J4e0v4RupyDniVjbE5ArTK5/FRVkjw4Ny0AqZUEyIIqlTeZlCq45pCJy4a2hymDGVJxAj9gzfXNnmezEsZ//kYvoqHM8lPQhifaeTsigW7tuOf0GPCBw+6uksDnZM0xhZCxOoArBPoMSEbU1pGo1Y2lvhUCQF6E5sBgHAybm53Ich4Rz4LNRqWbSIstrR5F2I3sBRU2kInZXZSjQ1zE+7HUCB4/nFfJ1dp8NdiTCEg1Zw072pECQQDnxyQALmWhQbBTl0tq6CwYf9rZDwBzxuY+CXB8Ky1gOmXwan96KZvV4rK8MQQs6HIiYC/j+5lX3A3zlXTFldaz";
|
||||
|
|
|
|||
|
|
@ -38,6 +38,7 @@
|
|||
<property name="firefoxLegacy">${firefoxLegacyDriver}</property>
|
||||
<property name="firefoxDriverVersion">${firefoxDriverVersion}</property>
|
||||
<property name="firefoxUserPreferences">${firefoxUserPreferences}</property>
|
||||
<property name="firefoxHeadless">${firefoxHeadless}</property>
|
||||
|
||||
<!-- chrome -->
|
||||
<property name="chromeBinary">${chromeBinary}</property>
|
||||
|
|
@ -88,6 +89,7 @@
|
|||
<property name="firefoxLegacy">${firefoxLegacyDriver}</property>
|
||||
<property name="firefoxDriverVersion">${firefoxDriverVersion}</property>
|
||||
<property name="firefoxUserPreferences">${firefoxUserPreferences}</property>
|
||||
<property name="firefoxHeadless">${firefoxHeadless}</property>
|
||||
|
||||
<!-- chrome -->
|
||||
<property name="chromeBinary">${chromeBinary}</property>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,4 @@
|
|||
user_pref("network.cookie.sameSite.laxByDefault", true);
|
||||
user_pref("network.cookie.sameSite.laxPlusPOST.timeout", 0);
|
||||
user_pref("network.cookie.sameSite.noneRequiresSecure", true);
|
||||
user_pref("network.cookie.cookieBehavior", 1); // only accept from the originating site (block third party cookies)
|
||||
|
|
@ -93,6 +93,8 @@
|
|||
<auth.server.profile/>
|
||||
<auth.server.feature/>
|
||||
|
||||
<auth.server.host2>${auth.server.host}</auth.server.host2> <!-- for broker and JS adapter tests; defaults to auth.server.host -->
|
||||
|
||||
<app.server.skip.unpack>true</app.server.skip.unpack>
|
||||
<app.server.artifactId>integration-arquillian-servers-app-server-${app.server}</app.server.artifactId>
|
||||
<app.server.home>${containers.home}/app-server-${app.server}</app.server.home>
|
||||
|
|
@ -183,6 +185,7 @@
|
|||
<firefoxLegacyDriver>false</firefoxLegacyDriver>
|
||||
<firefoxDriverVersion/>
|
||||
<firefoxUserPreferences/>
|
||||
<firefoxHeadless>false</firefoxHeadless>
|
||||
<chromeBinary/>
|
||||
<chromeArguments/>
|
||||
<chromeDriverVersion/>
|
||||
|
|
@ -508,6 +511,8 @@
|
|||
<auth.server.profile>${auth.server.profile}</auth.server.profile>
|
||||
<auth.server.feature>${auth.server.feature}</auth.server.feature>
|
||||
|
||||
<auth.server.host2>${auth.server.host2}</auth.server.host2> <!-- for broker tests -->
|
||||
|
||||
<app.server>${app.server}</app.server>
|
||||
<app.server.home>${app.server.home}</app.server.home>
|
||||
<app.server.config.dir>${app.server.config.dir}</app.server.config.dir>
|
||||
|
|
@ -573,6 +578,7 @@
|
|||
<firefoxLegacyDriver>${firefoxLegacyDriver}</firefoxLegacyDriver>
|
||||
<firefoxDriverVersion>${firefoxDriverVersion}</firefoxDriverVersion>
|
||||
<firefoxUserPreferences>${firefoxUserPreferences}</firefoxUserPreferences>
|
||||
<firefoxHeadless>${firefoxHeadless}</firefoxHeadless>
|
||||
|
||||
<appium.platformName>${appium.platformName}</appium.platformName>
|
||||
<appium.deviceName>${appium.deviceName}</appium.deviceName>
|
||||
|
|
@ -1904,6 +1910,7 @@
|
|||
<storepass>${dependency.keystore.password}</storepass>
|
||||
<alias>${auth.server.host}</alias>
|
||||
<dname>CN=${auth.server.host}, OU=Keycloak, O=Red Hat, L=Westword, ST=MA, C=US</dname>
|
||||
<ext>SAN=dns:${auth.server.host},dns:${auth.server.host2}</ext> <!-- for broker tests; IdP is the same server as auth server -->
|
||||
<keyalg>RSA</keyalg>
|
||||
<keysize>2048</keysize>
|
||||
<sigalg>SHA256withRSA</sigalg>
|
||||
|
|
@ -1965,6 +1972,15 @@
|
|||
</build>
|
||||
</profile>
|
||||
|
||||
<profile>
|
||||
<id>firefox-strict-cookies</id>
|
||||
<properties>
|
||||
<browser>firefox</browser>
|
||||
<firefoxUserPreferences>${project.build.directory}/dependency/firefox-cookies-prefs.js</firefoxUserPreferences>
|
||||
<firefoxHeadless>true</firefoxHeadless>
|
||||
</properties>
|
||||
</profile>
|
||||
|
||||
</profiles>
|
||||
|
||||
</project>
|
||||
|
|
|
|||
Loading…
Reference in a new issue