// Test that when I update identityProvier, then the record in publicKey cache is cleared and it's // not possible to authenticate with it anymore @Test public void testPublicKeyCacheInvalidatedWhenProviderUpdated() throws Exception { // Configure OIDC identity provider with JWKS URL updateIdentityProviderWithJwksUrl(); // Check that user is able to login logInAsUserInIDPForFirstTime(); assertLoggedInAccountManagement(); logoutFromRealm(bc.consumerRealmName()); // Check that key is cached IdentityProviderRepresentation idpRep = getIdentityProvider(); String expectedCacheKey = PublicKeyStorageUtils.getIdpModelCacheKey( consumerRealm().toRepresentation().getId(), idpRep.getInternalId()); TestingCacheResource cache = testingClient .testing(bc.consumerRealmName()) .cache(InfinispanConnectionProvider.KEYS_CACHE_NAME); Assert.assertTrue(cache.contains(expectedCacheKey)); // Update identityProvider to some bad JWKS_URL OIDCIdentityProviderConfigRep cfg = new OIDCIdentityProviderConfigRep(idpRep); cfg.setJwksUrl("http://localhost:43214/non-existent"); updateIdentityProvider(idpRep); // Check that key is not cached anymore Assert.assertFalse(cache.contains(expectedCacheKey)); // Check that user is not able to login with IDP setTimeOffset(20); logInAsUserInIDP(); assertErrorPage("Unexpected error when authenticating with identity provider"); }
// Configure OIDC identity provider with JWKS URL and validateSignature=true private void updateIdentityProviderWithJwksUrl() { IdentityProviderRepresentation idpRep = getIdentityProvider(); OIDCIdentityProviderConfigRep cfg = new OIDCIdentityProviderConfigRep(idpRep); cfg.setValidateSignature(true); cfg.setUseJwksUrl(true); UriBuilder b = OIDCLoginProtocolService.certsUrl(UriBuilder.fromUri(OAuthClient.AUTH_SERVER_ROOT)); String jwksUrl = b.build(bc.providerRealmName()).toString(); cfg.setJwksUrl(jwksUrl); updateIdentityProvider(idpRep); }