private void loginToTokenMinTtlApp() {
    tokenMinTTLPage.navigateTo();
    testRealmLoginPage.form().waitForUsernameInputPresent();
    assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
    testRealmLoginPage.form().login("*****@*****.**", "password");
    assertCurrentUrlEquals(tokenMinTTLPage);

    AccessToken token = tokenMinTTLPage.getAccessToken();
    Assert.assertEquals("*****@*****.**", token.getPreferredUsername());
  }
  @Test
  public void testRealmKeyRotationWithNewKeyDownload() throws Exception {
    // Login success first
    loginToTokenMinTtlApp();

    // Logout
    String logoutUri =
        OIDCLoginProtocolService.logoutUrl(authServerPage.createUriBuilder())
            .queryParam(OAuth2Constants.REDIRECT_URI, tokenMinTTLPage.toString())
            .build("demo")
            .toString();
    driver.navigate().to(logoutUri);
    assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);

    // Generate new realm key
    generateNewRealmKey();

    // Try to login again. It should fail now because not yet allowed to download new keys
    tokenMinTTLPage.navigateTo();
    testRealmLoginPage.form().waitForUsernameInputPresent();
    assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
    testRealmLoginPage.form().login("*****@*****.**", "password");
    URLAssert.assertCurrentUrlStartsWith(driver, tokenMinTTLPage.getInjectedUrl().toString());
    Assert.assertNull(tokenMinTTLPage.getAccessToken());

    driver.navigate().to(logoutUri);
    assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);

    setAdapterAndServerTimeOffset(300, tokenMinTTLPage.toString() + "/unsecured/foo");

    // Try to login. Should work now due to realm key change
    loginToTokenMinTtlApp();
    driver.navigate().to(logoutUri);

    // Revert public keys change
    resetKeycloakDeploymentForAdapter(tokenMinTTLPage.toString() + "/unsecured/foo");
  }
  @Test
  public void testClientWithJwksUri() throws Exception {
    // Set client to bad JWKS URI
    ClientResource clientResource =
        ApiUtil.findClientResourceByClientId(testRealmResource(), "secure-portal");
    ClientRepresentation client = clientResource.toRepresentation();
    OIDCAdvancedConfigWrapper wrapper = OIDCAdvancedConfigWrapper.fromClientRepresentation(client);
    wrapper.setUseJwksUrl(true);
    wrapper.setJwksUrl(securePortal + "/bad-jwks-url");
    clientResource.update(client);

    // Login should fail at the code-to-token
    securePortal.navigateTo();
    assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
    testRealmLoginPage.form().login("*****@*****.**", "password");
    String pageSource = driver.getPageSource();
    assertCurrentUrlStartsWith(securePortal);
    assertFalse(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));

    // Set client to correct JWKS URI
    client = clientResource.toRepresentation();
    wrapper = OIDCAdvancedConfigWrapper.fromClientRepresentation(client);
    wrapper.setUseJwksUrl(true);
    wrapper.setJwksUrl(securePortal + "/" + AdapterConstants.K_JWKS);
    clientResource.update(client);

    // Login to secure-portal should be fine now. Client keys downloaded from JWKS URI
    securePortal.navigateTo();
    assertCurrentUrlEquals(securePortal);
    pageSource = driver.getPageSource();
    assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));

    // Logout
    String logoutUri =
        OIDCLoginProtocolService.logoutUrl(authServerPage.createUriBuilder())
            .queryParam(OAuth2Constants.REDIRECT_URI, securePortal.toString())
            .build("demo")
            .toString();
    driver.navigate().to(logoutUri);
  }