// Test that when I update identityProvier, then the record in publicKey cache is cleared and it's
  // not possible to authenticate with it anymore
  @Test
  public void testPublicKeyCacheInvalidatedWhenProviderUpdated() throws Exception {
    // Configure OIDC identity provider with JWKS URL
    updateIdentityProviderWithJwksUrl();

    // Check that user is able to login
    logInAsUserInIDPForFirstTime();
    assertLoggedInAccountManagement();

    logoutFromRealm(bc.consumerRealmName());

    // Check that key is cached
    IdentityProviderRepresentation idpRep = getIdentityProvider();
    String expectedCacheKey =
        PublicKeyStorageUtils.getIdpModelCacheKey(
            consumerRealm().toRepresentation().getId(), idpRep.getInternalId());
    TestingCacheResource cache =
        testingClient
            .testing(bc.consumerRealmName())
            .cache(InfinispanConnectionProvider.KEYS_CACHE_NAME);
    Assert.assertTrue(cache.contains(expectedCacheKey));

    // Update identityProvider to some bad JWKS_URL
    OIDCIdentityProviderConfigRep cfg = new OIDCIdentityProviderConfigRep(idpRep);
    cfg.setJwksUrl("http://localhost:43214/non-existent");
    updateIdentityProvider(idpRep);

    // Check that key is not cached anymore
    Assert.assertFalse(cache.contains(expectedCacheKey));

    // Check that user is not able to login with IDP
    setTimeOffset(20);
    logInAsUserInIDP();
    assertErrorPage("Unexpected error when authenticating with identity provider");
  }
  @Test
  public void testClearKeysCache() throws Exception {
    // Configure OIDC identity provider with JWKS URL
    updateIdentityProviderWithJwksUrl();

    // Check that user is able to login
    logInAsUserInIDPForFirstTime();
    assertLoggedInAccountManagement();

    logoutFromRealm(bc.consumerRealmName());

    // Check that key is cached
    IdentityProviderRepresentation idpRep = getIdentityProvider();
    String expectedCacheKey =
        PublicKeyStorageUtils.getIdpModelCacheKey(
            consumerRealm().toRepresentation().getId(), idpRep.getInternalId());
    TestingCacheResource cache =
        testingClient
            .testing(bc.consumerRealmName())
            .cache(InfinispanConnectionProvider.KEYS_CACHE_NAME);
    Assert.assertTrue(cache.contains(expectedCacheKey));

    // Clear cache and check nothing cached
    consumerRealm().clearKeysCache();
    Assert.assertFalse(cache.contains(expectedCacheKey));
    Assert.assertEquals(cache.size(), 0);
  }
Example #3
0
  private void testSingleLogout() {
    log.debug("Testing single log out");

    driver.navigate().to(getAccountUrl(providerRealmName()));

    Assert.assertTrue(
        "Should be logged in the account page", driver.getTitle().endsWith("Account Management"));

    driver
        .navigate()
        .to(
            getAuthRoot()
                + "/auth/realms/"
                + providerRealmName()
                + "/protocol/"
                + "openid-connect"
                + "/logout?redirect_uri="
                + encodeUrl(getAccountUrl(providerRealmName())));

    waitForPage("log in to " + providerRealmName());

    Assert.assertTrue(
        "Should be on " + providerRealmName() + " realm",
        driver.getCurrentUrl().contains("/auth/realms/" + providerRealmName()));

    driver.navigate().to(getAccountUrl(consumerRealmName()));

    Assert.assertTrue(
        "Should be on " + consumerRealmName() + " realm on login page",
        driver
            .getCurrentUrl()
            .contains("/auth/realms/" + consumerRealmName() + "/protocol/openid-connect/"));
  }
Example #4
0
  @Test
  public void loginWithExistingUser() {
    logInAsUserInIDP();

    Integer userCount = adminClient.realm(consumerRealmName()).users().count();

    driver.navigate().to(getAccountUrl(consumerRealmName()));

    log.debug("Clicking social " + getIDPAlias());
    accountLoginPage.clickSocial(getIDPAlias());

    waitForPage("log in to");

    Assert.assertTrue(
        "Driver should be on the provider realm page right now",
        driver.getCurrentUrl().contains("/auth/realms/" + providerRealmName() + "/"));

    accountLoginPage.login(getUserLogin(), getUserPassword());

    assertEquals(
        accountPage.buildUri().toASCIIString().replace("master", "consumer") + "/",
        driver.getCurrentUrl());

    assertEquals(userCount, adminClient.realm(consumerRealmName()).users().count());
  }
Example #5
0
  @Test
  public void logInAsUserInIDP() {
    driver.navigate().to(getAccountUrl(consumerRealmName()));

    log.debug("Clicking social " + getIDPAlias());
    accountLoginPage.clickSocial(getIDPAlias());

    waitForPage("log in to");

    Assert.assertTrue(
        "Driver should be on the provider realm page right now",
        driver.getCurrentUrl().contains("/auth/realms/" + providerRealmName() + "/"));

    log.debug("Logging in");
    accountLoginPage.login(getUserLogin(), getUserPassword());

    waitForPage("update account information");

    Assert.assertTrue(updateAccountInformationPage.isCurrent());
    Assert.assertTrue(
        "We must be on correct realm right now",
        driver.getCurrentUrl().contains("/auth/realms/" + consumerRealmName() + "/"));

    log.debug("Updating info on updateAccount page");
    updateAccountInformationPage.updateAccountInformation("Firstname", "Lastname");

    UsersResource consumerUsers = adminClient.realm(consumerRealmName()).users();

    int userCount = consumerUsers.count();
    Assert.assertTrue("There must be at least one user", userCount > 0);

    List<UserRepresentation> users = consumerUsers.search("", 0, userCount);

    boolean isUserFound = false;
    for (UserRepresentation user : users) {
      if (user.getUsername().equals(getUserLogin()) && user.getEmail().equals(getUserEmail())) {
        isUserFound = true;
        break;
      }
    }

    Assert.assertTrue(
        "There must be user " + getUserLogin() + " in realm " + consumerRealmName(), isUserFound);

    testSingleLogout();
  }
Example #6
0
  // KEYCLOAK-3267
  @Test
  public void loginWithExistingUserWithBruteForceEnabled() {
    adminClient
        .realm(consumerRealmName())
        .update(RealmBuilder.create().bruteForceProtected(true).failureFactor(2).build());

    loginWithExistingUser();

    driver.navigate().to(getAccountPasswordUrl(consumerRealmName()));

    accountPasswordPage.changePassword("password", "password");

    driver
        .navigate()
        .to(
            getAuthRoot()
                + "/auth/realms/"
                + providerRealmName()
                + "/protocol/"
                + "openid-connect"
                + "/logout?redirect_uri="
                + encodeUrl(getAccountUrl(providerRealmName())));

    driver.navigate().to(getAccountUrl(consumerRealmName()));

    try {
      waitForPage("log in to");
    } catch (TimeoutException e) {
      log.debug(driver.getTitle());
      log.debug(driver.getPageSource());
      Assert.fail("Timeout while waiting for login page");
    }

    for (int i = 0; i < 3; i++) {
      try {
        waitForElementEnabled("login");
      } catch (TimeoutException e) {
        Assert.fail("Timeout while waiting for login element enabled");
      }

      accountLoginPage.login(getUserLogin(), "invalid");
    }

    assertEquals("Invalid username or password.", accountLoginPage.getError());

    accountLoginPage.clickSocial(getIDPAlias());

    try {
      waitForPage("log in to");
    } catch (TimeoutException e) {
      log.debug(driver.getTitle());
      log.debug(driver.getPageSource());
      Assert.fail("Timeout while waiting for login page");
    }

    Assert.assertTrue(
        "Driver should be on the provider realm page right now",
        driver.getCurrentUrl().contains("/auth/realms/" + providerRealmName() + "/"));

    accountLoginPage.login(getUserLogin(), getUserPassword());

    assertEquals("Account is disabled, contact admin.", errorPage.getError());
  }