Commit graph

443 commits

Author SHA1 Message Date
Hynek Mlnarik
3c537f5f28 KEYCLOAK-4446 Do not encrypt SAML status messages
SAML status messages are not encryptable per Chapter 6 of
saml-core-2.0-os.pdf. Only assertions, attributes, base ID and name ID
can be encrypted.
2017-07-26 11:22:56 +02:00
Hynek Mlnarik
c7046b6325 KEYCLOAK-4189 Preparation for cross-DC SAML testing 2017-07-25 09:44:36 +02:00
mhajas
b86079c589 KEYCLOAK-3297 Add test for Access-Control-Expose-Headers 2017-07-13 14:40:43 +02:00
Stian Thorgersen
9a9f4137e5 KEYCLOAK-4556 KEYCLOAK-5022 Only cache keycloak.js and iframe if specific version is requested (#4289) 2017-07-04 21:18:34 +02:00
Stan Silvert
32b16717a7 KEYCLOAK-4234: Link to app in acct mgt doesn't use root url (#4285)
* KEYCLOAK-4234: Link to app in acct mgt not use root url

* Add tests.
2017-07-04 07:01:58 +02:00
Josh Cain
89fcddd605 KEYCLOAK-3592 Docker auth implementation 2017-06-29 06:37:34 +02:00
Stian Thorgersen
ce4506f367 Merge pull request #4261 from hmlnarik/KEYCLOAK-4377-null
KEYCLOAK-4377
2017-06-28 08:21:20 +02:00
Hynek Mlnarik
a3ccac2012 KEYCLOAK-4377 2017-06-27 14:34:47 +02:00
Pavel Drozd
947254e14f Merge pull request #4222 from vmuzikar/KEYCLOAK-5055
KEYCLOAK-4787, KEYCLOAK-5055 Stabilize UI tests
2017-06-27 11:42:21 +02:00
Bruno Oliveira
361ab1c988 [KEYCLOAK-4444] Allow sending test email 2017-06-27 08:38:36 +02:00
Bill Burke
d08ddade2e merge 2017-06-21 17:43:54 -04:00
Bill Burke
52e40922bc removal 2017-06-21 17:42:57 -04:00
Marek Posolda
be5291f710 Merge pull request #4242 from mposolda/master
KEYCLOAK-4438 Disable kerberos flow when provider removed
2017-06-21 11:54:50 +02:00
Marek Posolda
3fd6fc250d Merge pull request #4240 from hmlnarik/KEYCLOAK-4189-Cross-DC-testing
KEYCLOAK-4189 Infinispan cache and channel statistics for Cross-DC testing
2017-06-21 10:22:43 +02:00
mposolda
e91dd011c5 KEYCLOAK-4438 Disable kerberos flow when provider removed 2017-06-21 09:38:20 +02:00
mposolda
32cf8b7cad KEYCLOAK-3316 Fixes for OAuth2 requests without 'scope=openid' 2017-06-20 17:17:43 +02:00
Hynek Mlnarik
2e2d15be9f KEYCLOAK-4189 Infinispan cache and channel statistics for Cross-DC-testing 2017-06-20 12:48:08 +02:00
mposolda
f363dbcad0 KEYCLOAK-4327 Switching language on User consent gives error 2017-06-20 09:21:41 +02:00
Bill Burke
57cb46148f tests 2017-06-19 11:21:59 -04:00
Vaclav Muzikar
35857bf649 KEYCLOAK-5055 Stabilize UI tests 2017-06-13 11:24:45 +02:00
Hynek Mlnarik
a0f3a6469f KEYCLOAK-4189 - Cross DC testing 2017-06-12 11:14:28 +02:00
Stian Thorgersen
6cccd66162 Merge pull request #4192 from hokuda/KEYCLOAK-4980
KEYCLOAK-4980 SAML adapter should return 403 when unauthenticated Aja…
2017-06-09 04:40:26 +02:00
Hisanobu Okuda
9135ba7c40 KEYCLOAK-4980 SAML adapter should return 401 when unauthenticated Ajax client accesses 2017-06-08 23:36:25 +09:00
Bill Burke
b9f7a43a72 group permissions 2017-06-01 20:16:35 -04:00
Pavel Drozd
a52a1f4618 Merge pull request #4196 from vramik/KEYCLOAK-4481
KEYCLOAK-4481 some authz export tests
2017-05-30 16:56:54 +02:00
vramik
8f1938c28d KEYCLOAK-4481 Role based permission test 2017-05-30 13:10:09 +02:00
Stian Thorgersen
8c53c5a90e KEYCLOAK-4888
Change default hashing provider for realm
2017-05-30 09:54:05 +02:00
Stian Thorgersen
c00a64208a Merge pull request #4136 from frelibert/KEYCLOAK-4897
KEYCLOAK-4897
2017-05-23 14:10:34 +02:00
Pavel Drozd
06152d9883 Merge pull request #4165 from vmuzikar/google-fix
KEYCLOAK-4944 Fix SocialLoginTest to reflect new Google Login screen
2017-05-23 14:03:08 +02:00
mposolda
8adde64e2c KEYCLOAK-4016 Provide a Link to go Back to The Application on a Timeout 2017-05-23 09:08:58 +02:00
Bill Burke
ab763e7c5b fixes after merge 2017-05-19 15:54:36 -04:00
Vaclav Muzikar
c2379dbe49 KEYCLOAK-4944 Fix SocialLoginTest to reflect new Google Login screen 2017-05-19 18:07:05 +02:00
Hynek Mlnarik
10c9e0f00f KEYCLOAK-4897 Tests for assertion-only signatures with encrypted assertions 2017-05-17 15:56:49 +02:00
mposolda
7d8796e614 KEYCLOAK-4626 Support for sticky sessions with AUTH_SESSION_ID cookie. Clustering tests with embedded undertow. Last fixes. 2017-05-11 22:24:07 +02:00
mposolda
168153c6e7 KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes 2017-05-11 22:16:26 +02:00
Hynek Mlnarik
47aaa5a636 KEYCLOAK-4627 reset credentials and admin e-mails use action tokens. E-mail verification via action tokens. 2017-05-11 22:16:26 +02:00
mposolda
e7272dc05a KEYCLOAK-4626 AuthenticationSessions - brokering works. Few other fixes and tests added 2017-05-11 22:16:26 +02:00
Bill Burke
a8a8ea4bcd Merge remote-tracking branch 'upstream/master' 2017-05-08 13:49:03 -04:00
Bill Burke
f760427c5c fine grain tests 2017-05-08 13:48:51 -04:00
mhajas
618a8e7f90 KEYCLOAK-4650 Add cancel warning test 2017-04-28 14:18:01 +02:00
Hynek Mlnarik
d7615d6a68 KEYCLOAK-2122 Configuration of AssertionConsumerServiceUrl in SAML adapter 2017-04-26 11:59:37 +02:00
Pedro Igor
38ae6c981b Merge pull request #4068 from pedroigor/KEYCLOAK-3135
[KEYCLOAK-3135] - Scope permission UI tests and reusable ui-select2 component
2017-04-25 08:19:32 -03:00
mposolda
b81891f89b KEYCLOAK-4271 Migration test for offline tokens - manual mode 2017-04-25 09:18:33 +02:00
Pedro Igor
49547ccfbc [KEYCLOAK-3135] - Scope permission UI tests and reusable ui-select2 component 2017-04-24 23:12:46 -03:00
Pavel Drozd
f50e08d111 Merge pull request #4044 from vmuzikar/adapter-compat-upstream
KEYCLOAK-4761 Support for Java adapter backward compatibility testing
2017-04-21 13:49:17 +02:00
Vaclav Muzikar
c7a97cfd21 KEYCLOAK-4761 Prepare the testsuite for Java adapter backward compatibility testing 2017-04-19 13:51:24 +02:00
Vaclav Muzikar
32b62b2a70 KEYCLOAK-4624 Fix, stabilize and revamp SocialLoginTest 2017-04-13 13:41:30 +02:00
Pedro Igor
eec712a259 [KEYCLOAK-3135] - Role and user policies apis 2017-04-12 00:52:14 -03:00
Pavel Drozd
bfd76d7813 Merge pull request #3962 from mhajas/KEYCLOAK-4366
KEYCLOAK-4366
2017-04-10 08:44:52 +02:00
Stian Thorgersen
83d0f313ce Merge pull request #4011 from mstruk/KEYCLOAK-4719
KEYCLOAK-4719 CLI tests fail when run from within the IDE
2017-04-07 09:17:19 +02:00
Bill Burke
3ce0c57e17 Merge pull request #3831 from Hitachi/master
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients
2017-04-06 15:36:08 -04:00
Marko Strukelj
0269db0e85 KEYCLOAK-4719 CLI tests fail when run from within the IDE 2017-04-06 12:46:05 +02:00
Vaclav Muzikar
5e360cf919 KEYCLOAK-4351 Stabilize TermsAndConditions test in IE 2017-04-04 07:40:16 +02:00
Takashi Norimatsu
ef3aef9381 Merge branch 'master' into master 2017-03-28 16:21:40 +09:00
mhajas
36fc643bfb KEYCLOAK-4366 2017-03-27 11:22:01 +02:00
Pavel Drozd
4aa996c2db Merge pull request #3959 from mhajas/KEYCLOAK-4141
KEYCLOAK-4141 Added saml tests
2017-03-27 09:36:41 +02:00
mhajas
7c1eb5582a KEYCLOAK-4141 Added saml tests 2017-03-21 10:41:06 +01:00
Peter Nalyvayko
b2f10359c8 KEYCLOAK-4335: x509 client certificate authentication
Started on implementing cert thumbprint validation as a part of x509 auth flow. Added a prompt screen to give users a choice to either log in based on the identity extracted from X509 cert or to continue with normal browser login flow authentication; clean up some of the comments

x509 authentication for browser and direct grant flows. Implemented certificate to user mapping based on user attribute

Implemented CRL and OCSP certificate revocation checking and added corresponding configuration settings to set up responderURI (OCSP), a location of a file containing X509CRL entries and switiches to enable/disable revocation checking; reworked the certificate validation; removed superflous logging; changed the certificate authentication prompt page to automatically log in the user after 10 seconds if no response from user is received

Support for loading CRL from LDAP directory; finished the CRL checking using the distribution points in the certificate; updated the instructions how to add X509 authentication to keycloak authentication flows; minor styling changes

Stashing x509 unit test related changes; added the steps to configure mutual SSL in WildFly to the summary document

A minor fix to throw a security exception when unable to check cert revocation status using OCSP; continue working on README

Changes to the formating of the readme

Added a list of features to readme

Fixed a potential bug in X509 cert user authenticator that may cause NPE if the client certificate does not define keyusage or extended key usage extensions

Fixed compile time errors in X509 validators caused by the changes to the user credentials model in upstream master

Removed a superfluous file created when merging x509 and main branches

X509 authentication: removed the PKIX path validation as superflous

Reverted changes to the AbstractAttributeMapper introduced during merging of x509 branch into main

Merge the unit tests from x509 branch

added mockito dependency to services project; changes to the x509 authenticators to expose methods in order to support unit tests; added a default ctor to CertificateValidator class to support unit testing; updated the direct grant and browser x509 authenticators to report consistent status messages; unit tests to validate X509 direct grant and browser authenticators; fixed OCSP validation to throw an exception if the certificate chain contains a single certificate; fixed the CRL revocation validation to only use CRL distribution point validation only if configured

CRL and OSCP mock tests using mock netty server. Changed the certificate validator to better support unit testing.

changes to the mockserver dependency to explicitly exclude xercesImpl that was causing SAMLParsingTest to fail

Added a utility class to build v3 certificates with optional extensions to facilitate X509 unit testing; removed supoerfluous certificate date validity check (undertow should be checking the certificate dates during PKIX path validation anyway)

X509: changes to make configuring the user identity extraction simplier for users - new identity sources to map certificate CN and email (E) attributes from X500 subject and issuer names directly rather than using regular expressions to parse them

X509 fixed a compile error caused by the changes to the user model in master

Integration tests to validate X509 client certificate authentication

Minor tweaks to X509 client auth related integration tests

CRLs to support x509 client cert auth integration tests

X509: reverted the changes to testrealm.json and updated the test to configure the realm at runtime

X509 - changes to the testsuite project configuration to specify a path to a trust store used to test x509 direct grant flow; integration tests to validate x509 authentication in browser and direct grant flows; updated the client certificate to extend its validatity dates; x509 integration tests and authenticators have been refactored to use a common configuration class

X509 separated the browser and direct grant x509 authenction integration tests

x509 updated the authenticator provider test to remove no longer supported cert thumbprint authenticator

x509 removed the dependency on mockito

x509 re-implemented OCSP certificate revocation client used to check revocation status when logging in with x509 certificate to work around the dependency on Sun OCSP implementation; integration tests to verify OCSP revocation requests

index.txt.attr is needed by openssl to run a simple OCSP server

x509: minor grammar fixes

Add OCSP stub responder to integration tests

This commit adds OCSP stub responder needed for the integration tests,
and eliminates the need to run external OCSP responder in order to run
the OCSP in X509OCSPResponderTest.

Replace printStackTrece with logging

This commit replaces call to printStackTrace that will end up going to
the stderr with logging statement of WARN severity.

Remove unused imports

Removed unused imports in
org.keycloak.authentication.authenticators.x509 package.

Parameterized Hashtable variable

Removed unused CertificateFactory variable

Declared serialVersionUID for Serializable class

Removed unused CertificateBuilder class

The CertificateBuilder was not used anywhere in the code, removing it to
prevent technical debt.

Removing unused variable declaration

`response` variable is not used in the test, removed it.

Made sure InputStreams are closed

Even though the InputStreams are memory based, added try-with-resources
to make sure that they are closed.

Removed deprecated usage of URLEncoder

Replaced invocation of deprecated method from URLEncoder with Encode
from Keycloak util package.

Made it more clear how to control OCSP stub responder in the tests

X509 Certificate user authentication: moved the integration unit tests into their own directory to fix a failing travis test job

KEYCLOAK-4335: reduced the logging level; added the instructions how to run X.509 related tests to HOW-TO-RUN.md doc; removed README.md from x509 folder; removed no longer used ocsp profile and fixed the exclusion filter; refactored the x509 base test class that was broken by the recent changes to the integration tests

KEYCLOAK-4335: fixed a few issues after rebasing
2017-03-17 05:24:57 -04:00
Pavel Drozd
b2d677256d Merge pull request #3877 from mhajas/KEYCLOAK-3955
KEYCLOAK-3955 Add CORS tests to integration arquillian testsuite
2017-03-15 23:52:03 +01:00
Pedro Igor
9d1d22565c Merge pull request #3938 from pedroigor/authz-fixes
AuthZ Services Fixes
2017-03-13 15:20:41 -03:00
Pedro Igor
e7e6314146 [KEYCLOAK-4555] - Fixes and improvements to evaluation code 2017-03-13 14:08:54 -03:00
Pavel Drozd
b5433720c1 KEYCLOAK-4304 Updated Kerberos tests to be able to run them on different environment 2017-03-13 08:00:41 +01:00
Bill Burke
0ff4223184 Merge pull request #3922 from hmlnarik/KEYCLOAK-4288-SAML-logouts-are-not-invalidating-the-sessions-for-all-the-logged-in-applications
KEYCLOAK-4288 Invalidate sessions in cluster for SAML logouts
2017-03-09 19:13:37 -05:00
mhajas
213ed6fa4b KEYCLOAK-3955 2017-03-06 10:22:06 +01:00
mhajas
280689055f KEYCLOAK-3961 2017-03-06 10:17:59 +01:00
Bill Burke
c6dc59f63e Merge remote-tracking branch 'upstream/master' 2017-03-03 11:00:32 -05:00
Hynek Mlnarik
27ba4eb978 KEYCLOAK-4288 Tests for EAP6 and Wildfly 2017-03-01 15:17:39 +01:00
mposolda
091b376624 KEYCLOAK-1590 Realm import per test class 2017-03-01 09:38:44 +01:00
Bill Burke
b4f625e1ce KEYCLOAK-4501 2017-02-27 18:46:00 -05:00
mposolda
f6bc0806d5 KEYCLOAK-4368 Switch default WebDriver impl to htmlUnit 2017-02-20 21:52:15 +01:00
Pavel Drozd
152b4f13e7 Merge pull request #3871 from mhajas/KEYCLOAK-4626
KEYCLOAK-4626 KEYCLOAK-4261 KEYCLOAK-4181 KEYCLOAK-4160 Add tests for SAML issues
2017-02-20 15:43:38 +01:00
Stian Thorgersen
3653d7ed9a Merge pull request #3762 from sldab/hide-providers
KEYCLOAK-4224 Allow hiding identity providers on login page
2017-02-17 12:04:35 +01:00
mhajas
b1510c43ff KEYCLOAK-4160 2017-02-16 08:09:11 +01:00
mhajas
119435ac76 KEYCLOAK-4262 Test for rejected consent 2017-02-16 08:04:06 +01:00
mhajas
91bcc24977 KEYCLOAK-4329 Add test for empty KeyInfo 2017-02-14 12:36:17 +01:00
Pavel Drozd
6602123b55 Merge pull request #3824 from mhajas/KEYCLOAK-4020
KEYCLOAK-4020 add test for boolean attribute
2017-02-13 10:41:04 +01:00
Stian Thorgersen
5b5dc3e442 KEYCLOAK-4265 Social login tests 2017-02-06 13:50:10 +01:00
Takashi Norimatsu
6bab704bba KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients - RFC
7636 - Arquillian Test Cases
2017-02-03 14:41:36 +09:00
mhajas
ddf9301ceb KEYCLOAK-4020 add test for boolean attribute 2017-02-02 09:47:52 +01:00
mposolda
f92dd6bd16 KEYCLOAK-4339 MigrationTest fails to run 2017-01-31 16:00:16 +01:00
mposolda
265522a2e3 KEYCLOAK-4285 Adapter tests for examples fail in Wildfly/EAP6 2017-01-27 14:26:21 +01:00
Stian Thorgersen
5fd3eb2990 KEYCLOAK-3729 Ability to run tests within Keycloak server 2017-01-27 12:14:19 +01:00
mposolda
42ad8aec64 KEYCLOAK-4271 Migration test for offline tokens 2017-01-26 17:19:03 +01:00
Stian Thorgersen
94ffeda62a Merge pull request #3773 from hmlnarik/KEYCLOAK-4181-SAML-Response-without-any-assertion-leads-to-an-exception
KEYCLOAK-4181 Fix handling of SAML error code in broker
2017-01-24 10:33:05 +01:00
Hynek Mlnarik
5da491c270 KEYCLOAK-4181 Fix handling of SAML error code in broker 2017-01-19 16:30:06 +01:00
Stian Thorgersen
212182ee34 Merge pull request #3765 from zschwarz/community
KEYCLOAK-4233 Run failing i18n tests with community profile
2017-01-18 08:52:17 +01:00
Stian Thorgersen
e364680792 Merge pull request #3721 from hmlnarik/KEYCLOAK-3399-End-session-endpoint-returns-error-when-keycloak-session-is-expired
KEYCLOAK-3399 Ignore user session expiration on OIDC logout
2017-01-18 08:38:53 +01:00
Slawomir Dabek
9bb65ba9b7 KEYCLOAK-4224 Allow hiding identity providers on login page 2017-01-17 14:32:59 +01:00
zschwarz
ae40bfb96e KEYCLOAK-4233 Run failing i18n tests with community profile 2017-01-16 15:27:39 +01:00
Pavel Drozd
3d9f11168e KEYCLOAK-4210: Added Fuse admin tests 2017-01-13 01:05:37 +01:00
Hynek Mlnarik
4df70c517d KEYCLOAK-4141 2017-01-10 09:02:36 +01:00
Pavel Drozd
cbd6f7e1d0 Merge pull request #3723 from mhajas/KEYCLOAK-3841
KEYCLOAK-3841 Unignore and fix fuse on eap test
2017-01-10 08:10:22 +01:00
mposolda
a09bc6520f KEYCLOAK-2888 KEYCLOAK-3927 Fully migrate kerberos tests to the new testsuite 2017-01-09 13:50:41 +01:00
Hynek Mlnarik
9fb3201c8b KEYCLOAK-3399 Ignore user session expiration on OIDC logout 2017-01-06 15:15:46 +01:00
mhajas
86c49f5e89 KEYCLOAK-3841 Unignore and fix fuse on eap test 2017-01-06 14:39:24 +01:00
mhajas
61e7936d79 KEYCLOAK-3704 Add missing test 2017-01-05 16:55:40 +01:00
Stian Thorgersen
04179c5681 Merge branch 'KEYCLOAK-4004' of https://github.com/l-robinson/keycloak into l-robinson-KEYCLOAK-4004 2016-12-22 06:13:41 +01:00
Vlasta Ramik
55d53214a1 KEYCLOAK-3777 added missing test 2016-12-20 11:50:37 +01:00
Stian Thorgersen
eb7ad07e31 KEYCLOAK-4109 Ability to disable impersonation 2016-12-20 08:46:21 +01:00
Stian Thorgersen
faeff029fa Merge pull request #3664 from mstruk/admin-cli
KEYCLOAK-912 Admin CLI
2016-12-19 15:46:17 +01:00