keycloak-aplcache
Changes
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java 249(+222 -27)
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java 62(+29 -33)
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java 45(+45 -0)
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java 25(+21 -4)
testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java 25(+21 -4)
Details
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
index fdf0dbe..0367bb7 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/AbstractIdentityProviderTest.java
@@ -18,11 +18,17 @@
package org.keycloak.testsuite.broker;
import org.codehaus.jackson.map.ObjectMapper;
+import org.junit.After;
+import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
+import org.junit.Test;
+import org.keycloak.models.FederatedIdentityModel;
+import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
+import org.keycloak.representations.IDToken;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.broker.util.UserSessionStatusServlet;
import org.keycloak.testsuite.broker.util.UserSessionStatusServlet.UserSessionStatus;
@@ -31,11 +37,17 @@ import org.keycloak.testsuite.pages.LoginUpdateProfilePage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
+import org.openqa.selenium.By;
+import org.openqa.selenium.NoSuchElementException;
import org.openqa.selenium.WebDriver;
+import org.openqa.selenium.WebElement;
import java.io.IOException;
import java.net.URL;
+import java.util.List;
+import java.util.Set;
+import static com.thoughtworks.selenium.SeleneseTestBase.fail;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
@@ -54,6 +66,11 @@ public abstract class AbstractIdentityProviderTest {
URL url = getClass().getResource("/broker-test/test-app-keycloak.json");
deployApplication("test-app", "/test-app", UserSessionStatusServlet.class, url.getPath(), "manager");
}
+
+ @Override
+ protected String[] getTestRealms() {
+ return new String[] {"realm-with-broker"};
+ }
};
@Rule
@@ -68,53 +85,217 @@ public abstract class AbstractIdentityProviderTest {
@WebResource
private LoginUpdateProfilePage updateProfilePage;
- protected void assertSuccessfulAuthentication(String providerId) {
+ private KeycloakSession session;
+
+ @Before
+ public void onBefore() {
+ this.session = brokerServerRule.startSession();
+ removeTestUsers();
+ brokerServerRule.stopSession(this.session, true);
+ this.session = brokerServerRule.startSession();
+ }
+
+ @After
+ public void onAfter() {
+ brokerServerRule.stopSession(this.session, true);
+ }
+
+ @Test
+ public void testSuccessfulAuthentication() {
+ IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+
+ identityProviderModel.setUpdateProfileFirstLogin(true);
+
+ assertSuccessfulAuthentication(identityProviderModel);
+ }
+
+ @Test
+ public void testSuccessfulAuthenticationWithoutUpdateProfile() {
+ IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+
+ identityProviderModel.setUpdateProfileFirstLogin(false);
+
+ assertSuccessfulAuthentication(identityProviderModel);
+ }
+
+ @Test
+ public void testDisabled() {
+ IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+
+ identityProviderModel.setEnabled(false);
+
+ this.driver.navigate().to("http://localhost:8081/test-app/");
+
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
+
+ try {
+ this.driver.findElement(By.className(getProviderId()));
+ fail("Provider [" + getProviderId() + "] not disabled.");
+ } catch (NoSuchElementException nsee) {
+
+ }
+ }
+
+ @Test
+ public void testUserAlreadyExistsWhenUpdatingProfile() {
+ IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+
+ identityProviderModel.setUpdateProfileFirstLogin(true);
+
this.driver.navigate().to("http://localhost:8081/test-app/");
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
// choose the identity provider
- this.loginPage.clickSocial(providerId);
+ this.loginPage.clickSocial(getProviderId());
- assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml"));
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/"));
// log in to identity provider
- this.loginPage.login("saml.user", "password");
+ this.loginPage.login("test-user", "password");
- assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/broker/realm-with-broker/" + providerId));
+ doAfterProviderAuthentication();
- // update profile
this.updateProfilePage.assertCurrent();
+ this.updateProfilePage.update("Test", "User", "psilva@redhat.com");
- String userEmail = "new@email.com";
- String userFirstName = "New first";
- String userLastName = "New last";
+ WebElement element = this.driver.findElement(By.className("kc-feedback-text"));
- this.updateProfilePage.update(userFirstName, userLastName, userEmail);
+ assertNotNull(element);
- // authenticated and redirected to app
- assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app/"));
+ assertEquals("Email already exists", element.getText());
- KeycloakSession samlServerSession = brokerServerRule.startSession();
- RealmModel brokerRealm = samlServerSession.realms().getRealm("realm-with-broker");
+ this.updateProfilePage.assertCurrent();
+ this.updateProfilePage.update("Test", "User", "test-user@redhat.com");
+
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app"));
- UserModel federatedUser = samlServerSession.users().getUserByEmail(userEmail, brokerRealm);
+ UserModel federatedUser = getFederatedUser();
- // user created
assertNotNull(federatedUser);
- assertEquals(userFirstName, federatedUser.getFirstName());
- assertEquals(userLastName, federatedUser.getLastName());
+ }
- driver.navigate().to("http://localhost:8081/test-app/logout");
- driver.navigate().to("http://localhost:8081/test-app/");
+ @Test
+ public void testUserAlreadyExistsWhenNotUpdatingProfile() {
+ IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+
+ identityProviderModel.setUpdateProfileFirstLogin(false);
+
+ this.driver.navigate().to("http://localhost:8081/test-app/");
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
// choose the identity provider
- this.loginPage.clickSocial(providerId);
+ this.loginPage.clickSocial(getProviderId());
+
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/"));
+
+ // log in to identity provider
+ this.loginPage.login("pedroigor", "password");
+
+ doAfterProviderAuthentication();
- // already authenticated in saml idp and redirected to app
- assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app/"));
+ WebElement element = this.driver.findElement(By.className("kc-feedback-text"));
+
+ assertNotNull(element);
+
+ assertEquals("User with email already exists. Please login to account management to link the account.", element.getText());
+ }
+
+ private void assertSuccessfulAuthentication(IdentityProviderModel identityProviderModel) {
+ driver.navigate().to("http://localhost:8081/test-app");
+
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
+
+ // choose the identity provider
+ this.loginPage.clickSocial(getProviderId());
+
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/"));
+
+ // log in to identity provider
+ this.loginPage.login("test-user", "password");
+
+ doAfterProviderAuthentication();
+
+ if (identityProviderModel.isUpdateProfileFirstLogin()) {
+ String userEmail = "new@email.com";
+ String userFirstName = "New first";
+ String userLastName = "New last";
+
+ // update profile
+ this.updateProfilePage.assertCurrent();
+ this.updateProfilePage.update(userFirstName, userLastName, userEmail);
+ }
+
+ // authenticated and redirected to app
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/test-app"));
+
+ UserModel federatedUser = getFederatedUser();
+
+ assertNotNull(federatedUser);
+
+ doAssertFederatedUser(federatedUser);
+
+ RealmModel realm = getRealm();
+
+ Set<FederatedIdentityModel> federatedIdentities = this.session.users().getFederatedIdentities(federatedUser, realm);
+
+ assertEquals(1, federatedIdentities.size());
+
+ FederatedIdentityModel federatedIdentityModel = federatedIdentities.iterator().next();
+
+ assertEquals(getProviderId(), federatedIdentityModel.getIdentityProvider());
+ assertEquals(federatedUser.getUsername(), federatedIdentityModel.getUserName());
+
+ driver.navigate().to("http://localhost:8081/test-app/logout");
+ driver.navigate().to("http://localhost:8081/test-app");
+
+ assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
+ }
+
+ protected UserModel getFederatedUser() {
+ UserSessionStatus userSessionStatus = retrieveSessionStatus();
+ IDToken idToken = userSessionStatus.getIdToken();
+ KeycloakSession samlServerSession = brokerServerRule.startSession();
+ RealmModel brokerRealm = samlServerSession.realms().getRealm("realm-with-broker");
+
+ return samlServerSession.users().getUserById(idToken.getSubject(), brokerRealm);
+ }
+
+ protected void doAfterProviderAuthentication() {
+
+ }
+
+ protected abstract String getProviderId();
+
+ protected IdentityProviderModel getIdentityProviderModel() {
+ IdentityProviderModel identityProviderModel = getRealm().getIdentityProviderById(getProviderId());
+
+ assertNotNull(identityProviderModel);
+
+ return identityProviderModel;
+ }
+
+ private RealmModel getRealm() {
+ return this.session.realms().getRealm("realm-with-broker");
+ }
+
+ protected void doAssertFederatedUser(UserModel federatedUser) {
+ IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+
+ if (identityProviderModel.isUpdateProfileFirstLogin()) {
+ String userEmail = "new@email.com";
+ String userFirstName = "New first";
+ String userLastName = "New last";
+
+ assertEquals(userEmail, federatedUser.getEmail());
+ assertEquals(userFirstName, federatedUser.getFirstName());
+ assertEquals(userLastName, federatedUser.getLastName());
+ } else {
+ assertEquals("test-user@localhost", federatedUser.getEmail());
+ assertEquals("Test", federatedUser.getFirstName());
+ assertEquals("User", federatedUser.getLastName());
+ }
}
private UserSessionStatus retrieveSessionStatus() {
@@ -125,13 +306,27 @@ public abstract class AbstractIdentityProviderTest {
String pageSource = this.driver.getPageSource();
sessionStatus = objectMapper.readValue(pageSource.getBytes(), UserSessionStatus.class);
-
- assertNotNull(retrieveSessionStatus());
- } catch (IOException e) {
- throw new RuntimeException("Could not retrieve session status.", e);
+ } catch (IOException ignore) {
+ ignore.printStackTrace();
}
return sessionStatus;
}
+ private void removeTestUsers() {
+ RealmModel realm = getRealm();
+ List<UserModel> users = this.session.users().getUsers(realm);
+
+ for (UserModel user : users) {
+ Set<FederatedIdentityModel> identities = this.session.users().getFederatedIdentities(user, realm);
+
+ for (FederatedIdentityModel fedIdentity : identities) {
+ this.session.users().removeFederatedIdentity(realm, user, fedIdentity.getIdentityProvider());
+ }
+
+ if (!user.getUsername().equals("pedroigor")) {
+ this.session.users().removeUser(realm, user);
+ }
+ }
+ }
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java
index 7ef78c0..d8e7594 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/ImportIdentityProviderTest.java
@@ -60,14 +60,6 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
assertIdentityProviderConfig(realm.getIdentityProviders());
assertTrue(realm.isIdentityFederationEnabled());
-
- this.realmManager.removeRealm(realm);
-
- commit();
-
- realm = this.realmManager.getRealm(realm.getId());
-
- assertNull(realm);
}
@Test
@@ -141,27 +133,27 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
Set<String> checkedProviders = new HashSet<String>(getExpectedProviders());
for (IdentityProviderModel identityProvider : identityProviders) {
- String providerId = identityProvider.getProviderId();
+ if (identityProvider.getId().startsWith("model-")) {
+ String providerId = identityProvider.getProviderId();
- if (SAMLIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- if (identityProvider.getId().equals("saml-signed-idp")) {
+ if (SAMLIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
assertSamlIdentityProviderConfig(identityProvider);
+ } else if (GoogleIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+ assertGoogleIdentityProviderConfig(identityProvider);
+ } else if (OIDCIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+ assertOidcIdentityProviderConfig(identityProvider);
+ } else if (FacebookIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+ assertFacebookIdentityProviderConfig(identityProvider);
+ } else if (GitHubIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+ assertGitHubIdentityProviderConfig(identityProvider);
+ } else if (TwitterIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
+ assertTwitterIdentityProviderConfig(identityProvider);
} else {
continue;
}
- } else if (GoogleIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- assertGoogleIdentityProviderConfig(identityProvider);
- } else if (OIDCIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- assertOidcIdentityProviderConfig(identityProvider);
- } else if (FacebookIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- assertFacebookIdentityProviderConfig(identityProvider);
- } else if (GitHubIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- assertGitHubIdentityProviderConfig(identityProvider);
- } else if (TwitterIdentityProviderFactory.PROVIDER_ID.equals(providerId)) {
- assertTwitterIdentityProviderConfig(identityProvider);
- }
- checkedProviders.remove(providerId);
+ checkedProviders.remove(providerId);
+ }
}
assertTrue(checkedProviders.isEmpty());
@@ -171,7 +163,7 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
GoogleIdentityProvider googleIdentityProvider = new GoogleIdentityProviderFactory().create(identityProvider);
OIDCIdentityProviderConfig config = googleIdentityProvider.getConfig();
- assertEquals("google", config.getId());
+ assertEquals("model-google", config.getId());
assertEquals(GoogleIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
assertEquals("Google", config.getName());
assertEquals(true, config.isEnabled());
@@ -188,7 +180,7 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
SAMLIdentityProvider samlIdentityProvider = new SAMLIdentityProviderFactory().create(identityProvider);
SAMLIdentityProviderConfig config = samlIdentityProvider.getConfig();
- assertEquals("saml-signed-idp", config.getId());
+ assertEquals("model-saml-signed-idp", config.getId());
assertEquals(SAMLIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
assertEquals("SAML Signed IdP", config.getName());
assertEquals(true, config.isEnabled());
@@ -207,7 +199,7 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
OIDCIdentityProvider googleIdentityProvider = new OIDCIdentityProviderFactory().create(identityProvider);
OIDCIdentityProviderConfig config = googleIdentityProvider.getConfig();
- assertEquals("oidc-idp", config.getId());
+ assertEquals("model-oidc-idp", config.getId());
assertEquals(OIDCIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
assertEquals("OIDC IdP", config.getName());
assertEquals(false, config.isEnabled());
@@ -220,7 +212,7 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
FacebookIdentityProvider facebookIdentityProvider = new FacebookIdentityProviderFactory().create(identityProvider);
OAuth2IdentityProviderConfig config = facebookIdentityProvider.getConfig();
- assertEquals("facebook", config.getId());
+ assertEquals("model-facebook", config.getId());
assertEquals(FacebookIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
assertEquals("Facebook", config.getName());
assertEquals(true, config.isEnabled());
@@ -236,7 +228,7 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
GitHubIdentityProvider gitHubIdentityProvider = new GitHubIdentityProviderFactory().create(identityProvider);
OAuth2IdentityProviderConfig config = gitHubIdentityProvider.getConfig();
- assertEquals("github", config.getId());
+ assertEquals("model-github", config.getId());
assertEquals(GitHubIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
assertEquals("GitHub", config.getName());
assertEquals(true, config.isEnabled());
@@ -252,7 +244,7 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
TwitterIdentityProvider gitHubIdentityProvider = new TwitterIdentityProviderFactory().create(identityProvider);
OAuth2IdentityProviderConfig config = gitHubIdentityProvider.getConfig();
- assertEquals("twitter", config.getId());
+ assertEquals("model-twitter", config.getId());
assertEquals(TwitterIdentityProviderFactory.PROVIDER_ID, config.getProviderId());
assertEquals("Twitter", config.getName());
assertEquals(true, config.isEnabled());
@@ -267,13 +259,17 @@ public class ImportIdentityProviderTest extends AbstractIdentityProviderModelTes
assertNotNull(realmRepresentation);
assertEquals("realm-with-broker", realmRepresentation.getRealm());
- RealmModel realmModel = this.realmManager.importRealm(realmRepresentation);
+ RealmModel realmModel = this.realmManager.getRealm("realm-with-broker");
- commit();
+ if (realmModel == null) {
+ realmModel = this.realmManager.importRealm(realmRepresentation);
- realmModel = this.realmManager.getRealm(realmModel.getId());
+ commit();
- assertNotNull(realmModel);
+ realmModel = this.realmManager.getRealm(realmModel.getId());
+
+ assertNotNull(realmModel);
+ }
return realmModel;
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java
new file mode 100755
index 0000000..011af1b
--- /dev/null
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/OIDCKeyCloakServerBrokerBasicTest.java
@@ -0,0 +1,45 @@
+package org.keycloak.testsuite.broker;
+
+import org.junit.ClassRule;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.services.managers.RealmManager;
+import org.keycloak.testsuite.pages.OAuthGrantPage;
+import org.keycloak.testsuite.rule.AbstractKeycloakRule;
+import org.keycloak.testsuite.rule.WebResource;
+import org.keycloak.testutils.KeycloakServer;
+
+/**
+ * @author pedroigor
+ */
+public class OIDCKeyCloakServerBrokerBasicTest extends AbstractIdentityProviderTest {
+
+ @ClassRule
+ public static AbstractKeycloakRule samlServerRule = new AbstractKeycloakRule() {
+
+ @Override
+ protected void configureServer(KeycloakServer server) {
+ server.getConfig().setPort(8082);
+ }
+
+ @Override
+ protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
+ server.importRealm(getClass().getResourceAsStream("/broker-test/test-broker-realm-with-kc-oidc.json"));
+ }
+ };
+
+ @WebResource
+ private OAuthGrantPage grantPage;
+
+ @Override
+ protected void doAfterProviderAuthentication() {
+ // grant access to broker-app
+ grantPage.assertCurrent();
+ grantPage.accept();
+ }
+
+ @Override
+ protected String getProviderId() {
+ return "kc-oidc-idp";
+ }
+}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java
index d51eb0e..b14328a 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerBasicTest.java
@@ -1,13 +1,17 @@
package org.keycloak.testsuite.broker;
import org.junit.ClassRule;
-import org.junit.Test;
+import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testutils.KeycloakServer;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+
/**
* @author pedroigor
*/
@@ -27,8 +31,21 @@ public class SAMLKeyCloakServerBrokerBasicTest extends AbstractIdentityProviderT
}
};
- @Test
- public void testSuccessfulAuthentication() {
- assertSuccessfulAuthentication("saml-idp-basic");
+ @Override
+ protected String getProviderId() {
+ return "kc-saml-idp-basic";
+ }
+
+ @Override
+ protected void doAssertFederatedUser(UserModel federatedUser) {
+ IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+
+ if (identityProviderModel.isUpdateProfileFirstLogin()) {
+ super.doAssertFederatedUser(federatedUser);
+ } else {
+ assertEquals("test-user@localhost", federatedUser.getEmail());
+ assertNull(federatedUser.getFirstName());
+ assertNull(federatedUser.getLastName());
+ }
}
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
index 8c2d341..47ddb14 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/broker/SAMLKeyCloakServerBrokerWithSignatureTest.java
@@ -1,13 +1,17 @@
package org.keycloak.testsuite.broker;
import org.junit.ClassRule;
-import org.junit.Test;
+import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testutils.KeycloakServer;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+
/**
* @author pedroigor
*/
@@ -27,8 +31,21 @@ public class SAMLKeyCloakServerBrokerWithSignatureTest extends AbstractIdentityP
}
};
- @Test
- public void testSuccessfulAuthentication() {
- assertSuccessfulAuthentication("saml-signed-idp");
+ @Override
+ protected String getProviderId() {
+ return "kc-saml-signed-idp";
+ }
+
+ @Override
+ protected void doAssertFederatedUser(UserModel federatedUser) {
+ IdentityProviderModel identityProviderModel = getIdentityProviderModel();
+
+ if (identityProviderModel.isUpdateProfileFirstLogin()) {
+ super.doAssertFederatedUser(federatedUser);
+ } else {
+ assertEquals("test-user@localhost", federatedUser.getEmail());
+ assertNull(federatedUser.getFirstName());
+ assertNull(federatedUser.getLastName());
+ }
}
}
diff --git a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-kc-oidc.json b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-kc-oidc.json
new file mode 100755
index 0000000..d7831a7
--- /dev/null
+++ b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-kc-oidc.json
@@ -0,0 +1,56 @@
+{
+ "id": "realm-with-oidc-identity-provider",
+ "realm": "realm-with-oidc-identity-provider",
+ "enabled": true,
+ "requiredCredentials": [ "password" ],
+ "defaultRoles": [ "foo", "bar" ],
+ "privateKey": "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCCPyvTTb14vSMkpe/pds2P5Cqxk7bkeFnQiNMS1vyZ+HS2O79fxzp1eAguHnBTs4XTRT7SZJhIT/6utgqZjmDigKV5N7X5ptq8BM/W1qa1cYBRip261pc+tWf3IywJYQ9yFI9mUQarmIEl0D7GH16NSZklheaWfbodRVarvX+ML0amNtGYVDft/RftYmgbKKrK218qQp9R4GZFtf/Q/RmboNXN7weMINU8GWVkTRrccKBIXSunT6zXGfuj3Wp1YpVq20BWwY2OMM/P+yDAc7LKEO1LJqPBdT4r9BRn2lXiaga3AL24gTKZPKU/tu7uqfFciF+i4Rr58SMDNOzQcnklAgMBAAECggEAc0eibJYEO5d8QXW1kPgcHV2gBChv2mxDYnWYDLbIQSdNdfYP/qABt/MTmm5KkWr16fcCEYoD1w0mqFBrtVn1msSusUmEAYGTXJMNumOmjjX1kzaTQMmqeFBrwqwYz/xehWR5P+A7fSmwNV3KEeW19GvN5w5K96w0TLAQdFV3TQVPSytusDunwuR1yltMe1voaEDZ9z0Pi08YiEk2f6xhj5CMkoiw3mNImzfruphHullxU4FD05fH6tDeJ381527ILpAzDsgYZh4aFLKjUHem96bX4EL7FIzBJ6okgN78AZnUC/EaVfgFTw0qfhoWvZV4ruVXXiMhCg4CMMRDq/k9iQKBgQDBNWsJMT84OnnWmQoJmZogkFV+tsGrSK6Re+aJxLWpishh7dwAnT2OcagZvVdUb0FwNWu1D0B9/SKDDMRnnHBhOGDpH57m/eQdRU0oX1BD27xvffk0lLcfD4BTxnR5e9jss8K4twc9jf0P1rxC/loGJ2NtCH0BrPHgz54Ea+96ewKBgQCsk3JDaaPnFwzVYm2BXlhxOxLPsF4wvD2rIRAswZV4C5xebjand8nwiMmVpNd0PRLkEnkI+waURGv2EY/P3JsssoiY8Xqe8f/1G+SQKre7lbqOas8rFoALepC0BYDiZDFy0Z9ZnRAFzRI5sgIt7jpoMRD4xDNlmiV8X+yBxc3Y3wKBgQChDQsU1YUyNKQ8+sLAL9anEEkD4Ald4q8JPHN2IY+gLLxNzT0XEfsu0pTiJ8805axxgUYv3e/PVYNAJBNPnrqaf6lgiegl+jr9Hzhqz9CTUAYqFaL2boSakoxQyNtsLI0s+cb1vDN/3uy0GDZDzcty18BsMagqDmRtFgNNAj/UIwKBgQCahbeFBv0cOPZjxisY8Bou4N8aGehsqNBq/0LVYExuXa8YmoTTdJ3bgw9Er4G/ccQNdUDsuqAMeCtW/CiRzQ0ge4d1sprB4Rv3I4+HSsiS7SFKzfZLtWzXWlpg5qCdlWr1TR7qhYjIOPO9t1beO3YOvwhcRoliyyAPenBxTmTfbwKBgDtm2WJ5VlQgNpIdOs1CCiqd0DFmWOmvBPspPC1kySiy+Ndr9jNohRZkR7pEjgqA5E8rdzc88LirUN7bY5HFHRWN9KXrs5/o3O1K3GFCp64N6nvnPEYZ2zSJalcMC2fjSsJg26z8Dg1H+gfTIDUMoGiEAAnJXuqk+WayPU+fZMLn",
+ "publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj8r0029eL0jJKXv6XbNj+QqsZO25HhZ0IjTEtb8mfh0tju/X8c6dXgILh5wU7OF00U+0mSYSE/+rrYKmY5g4oCleTe1+abavATP1tamtXGAUYqdutaXPrVn9yMsCWEPchSPZlEGq5iBJdA+xh9ejUmZJYXmln26HUVWq71/jC9GpjbRmFQ37f0X7WJoGyiqyttfKkKfUeBmRbX/0P0Zm6DVze8HjCDVPBllZE0a3HCgSF0rp0+s1xn7o91qdWKVattAVsGNjjDPz/sgwHOyyhDtSyajwXU+K/QUZ9pV4moGtwC9uIEymTylP7bu7qnxXIhfouEa+fEjAzTs0HJ5JQIDAQAB",
+ "oauthClients" : [
+ {
+ "name": "broker-app",
+ "enabled": true,
+ "secret": "secret",
+ "redirectUris": [
+ "http://localhost:8081/auth/broker/realm-with-broker/kc-oidc-idp"
+ ],
+ "claims": {
+ "name" : true,
+ "email" : true,
+ "username" : true
+ }
+ }
+ ],
+ "users": [
+ {
+ "username" : "test-user",
+ "enabled": true,
+ "email" : "test-user@localhost",
+ "firstName" : "Test",
+ "lastName" : "User",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["manager"]
+ },
+ {
+ "username" : "pedroigor",
+ "enabled": true,
+ "email" : "psilva@redhat.com",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["manager"]
+ }
+ ],
+ "roles" : {
+ "realm" : [
+ {
+ "name": "manager",
+ "description": "Have Manager privileges"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml.json b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml.json
index 058a463..4bf96ff 100755
--- a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml.json
+++ b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml.json
@@ -1,6 +1,6 @@
{
- "id": "realm-with-saml-identity-provider",
- "realm": "realm-with-saml-identity-provider",
+ "id": "realm-with-saml-idp-basic",
+ "realm": "realm-with-saml-idp-basic",
"enabled": true,
"requiredCredentials": [ "password" ],
"defaultRoles": [ "foo", "bar" ],
@@ -11,7 +11,7 @@
"name": "http://localhost:8081/auth/",
"enabled": true,
"redirectUris": [
- "http://localhost:8081/auth/broker/realm-with-broker/saml-idp-basic"
+ "http://localhost:8081/auth/broker/realm-with-broker/kc-saml-idp-basic"
],
"attributes": {
"saml.authnstatement": "true"
@@ -19,15 +19,28 @@
}
],
"users": [
- {
- "username" : "saml.user",
- "enabled": true,
- "credentials" : [
- { "type" : "password",
- "value" : "password" }
- ],
- "realmRoles": ["manager"]
- }
+ {
+ "username" : "test-user",
+ "enabled": true,
+ "email" : "test-user@localhost",
+ "firstName" : "Test",
+ "lastName" : "User",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["manager"]
+ },
+ {
+ "username" : "pedroigor",
+ "enabled": true,
+ "email" : "psilva@redhat.com",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["manager"]
+ }
],
"roles" : {
"realm" : [
diff --git a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml-with-signature.json b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml-with-signature.json
index 50eda96..82db4ea 100755
--- a/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml-with-signature.json
+++ b/testsuite/integration/src/test/resources/broker-test/test-broker-realm-with-saml-with-signature.json
@@ -1,6 +1,6 @@
{
- "id": "realm-with-saml-identity-provider",
- "realm": "realm-with-saml-identity-provider",
+ "id": "realm-with-saml-signed-idp",
+ "realm": "realm-with-saml-signed-idp",
"enabled": true,
"requiredCredentials": [ "password" ],
"defaultRoles": [ "foo", "bar" ],
@@ -11,7 +11,7 @@
"name": "http://localhost:8081/auth/",
"enabled": true,
"redirectUris": [
- "http://localhost:8081/auth/broker/realm-with-broker/saml-signed-idp"
+ "http://localhost:8081/auth/broker/realm-with-broker/kc-saml-signed-idp"
],
"attributes": {
"saml.assertion.signature": "true",
@@ -25,15 +25,28 @@
}
],
"users": [
- {
- "username" : "saml.user",
- "enabled": true,
- "credentials" : [
- { "type" : "password",
- "value" : "password" }
- ],
- "realmRoles": ["manager"]
- }
+ {
+ "username" : "test-user",
+ "enabled": true,
+ "email" : "test-user@localhost",
+ "firstName" : "Test",
+ "lastName" : "User",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["manager"]
+ },
+ {
+ "username" : "pedroigor",
+ "enabled": true,
+ "email" : "psilva@redhat.com",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "realmRoles": ["manager"]
+ }
],
"roles" : {
"realm" : [
diff --git a/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json b/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json
index 21bd22a..d5865c1 100755
--- a/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json
+++ b/testsuite/integration/src/test/resources/broker-test/test-realm-with-broker.json
@@ -8,7 +8,7 @@
"publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj8r0029eL0jJKXv6XbNj+QqsZO25HhZ0IjTEtb8mfh0tju/X8c6dXgILh5wU7OF00U+0mSYSE/+rrYKmY5g4oCleTe1+abavATP1tamtXGAUYqdutaXPrVn9yMsCWEPchSPZlEGq5iBJdA+xh9ejUmZJYXmln26HUVWq71/jC9GpjbRmFQ37f0X7WJoGyiqyttfKkKfUeBmRbX/0P0Zm6DVze8HjCDVPBllZE0a3HCgSF0rp0+s1xn7o91qdWKVattAVsGNjjDPz/sgwHOyyhDtSyajwXU+K/QUZ9pV4moGtwC9uIEymTylP7bu7qnxXIhfouEa+fEjAzTs0HJ5JQIDAQAB",
"identityProviders" : [
{
- "id" : "google",
+ "id" : "model-google",
"providerId" : "google",
"name" : "Google",
"enabled": true,
@@ -19,7 +19,7 @@
}
},
{
- "id" : "facebook",
+ "id" : "model-facebook",
"providerId" : "facebook",
"name" : "Facebook",
"enabled": true,
@@ -33,7 +33,7 @@
}
},
{
- "id" : "github",
+ "id" : "model-github",
"providerId" : "github",
"name" : "GitHub",
"enabled": true,
@@ -47,7 +47,7 @@
}
},
{
- "id" : "twitter",
+ "id" : "model-twitter",
"providerId" : "twitter",
"name" : "Twitter",
"enabled": true,
@@ -61,13 +61,30 @@
}
},
{
- "id" : "saml-signed-idp",
+ "id" : "model-saml-signed-idp",
+ "providerId" : "saml",
+ "name" : "SAML Signed IdP",
+ "enabled": true,
+ "updateProfileFirstLogin" : "true",
+ "config": {
+ "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml",
+ "nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
+ "signingCertificate": "MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin",
+ "wantAuthnRequestsSigned": true,
+ "forceAuthn": true,
+ "validateSignature": true,
+ "postBindingResponse": true,
+ "postBindingAuthnRequest": true
+ }
+ },
+ {
+ "id" : "kc-saml-signed-idp",
"providerId" : "saml",
"name" : "SAML Signed IdP",
"enabled": true,
"updateProfileFirstLogin" : "true",
"config": {
- "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml",
+ "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-signed-idp/protocol/saml",
"nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"signingCertificate": "MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin",
"wantAuthnRequestsSigned": true,
@@ -78,13 +95,13 @@
}
},
{
- "id" : "saml-idp-basic",
+ "id" : "kc-saml-idp-basic",
"providerId" : "saml",
"name" : "SAML Signed IdP",
"enabled": true,
"updateProfileFirstLogin" : "true",
"config": {
- "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-identity-provider/protocol/saml",
+ "singleSignOnServiceUrl": "http://localhost:8082/auth/realms/realm-with-saml-idp-basic/protocol/saml",
"nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
"forceAuthn": true,
"postBindingResponse": true,
@@ -92,7 +109,7 @@
}
},
{
- "id" : "oidc-idp",
+ "id" : "model-oidc-idp",
"providerId" : "oidc",
"name" : "OIDC IdP",
"enabled": false,
@@ -101,11 +118,26 @@
"clientId": "clientId",
"clientSecret": "clientSecret",
"prompt": "prompt",
- "authorizationUrl": "authorizationUrl",
- "tokenUrl": "tokenUrl",
- "userInfoUrl": "userInfoUrl",
- "defaultScope": "defaultScope",
- "issuer": "issuer"
+ "authorizationUrl": "http://localhost:8082/auth/realms/realm-with-oidc-identity-provider/tokens/login",
+ "tokenUrl": "http://localhost:8081/auth/realms/realm-with-oidc-identity-provider/protocol/openid-connect/access/codes",
+ "userInfoUrl": "http://localhost:8081/auth/realms/realm-with-oidc-identity-provider/protocol/openid-connect/userinfo",
+ "defaultScope": "email profile"
+ }
+ },
+ {
+ "id" : "kc-oidc-idp",
+ "providerId" : "oidc",
+ "name" : "KeyCloak OIDC IdP",
+ "enabled": true,
+ "updateProfileFirstLogin" : "false",
+ "config": {
+ "clientId": "broker-app",
+ "clientSecret": "secret",
+ "prompt": "login",
+ "authorizationUrl": "http://localhost:8082/auth/realms/realm-with-oidc-identity-provider/tokens/login",
+ "tokenUrl": "http://localhost:8082/auth/realms/realm-with-oidc-identity-provider/protocol/openid-connect/access/codes",
+ "userInfoUrl": "http://localhost:8082/auth/realms/realm-with-oidc-identity-provider/protocol/openid-connect/userinfo",
+ "defaultScope": "email profile"
}
}
],