private void loginToTokenMinTtlApp() { tokenMinTTLPage.navigateTo(); testRealmLoginPage.form().waitForUsernameInputPresent(); assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); testRealmLoginPage.form().login("*****@*****.**", "password"); assertCurrentUrlEquals(tokenMinTTLPage); AccessToken token = tokenMinTTLPage.getAccessToken(); Assert.assertEquals("*****@*****.**", token.getPreferredUsername()); }
@Test public void testRealmKeyRotationWithNewKeyDownload() throws Exception { // Login success first loginToTokenMinTtlApp(); // Logout String logoutUri = OIDCLoginProtocolService.logoutUrl(authServerPage.createUriBuilder()) .queryParam(OAuth2Constants.REDIRECT_URI, tokenMinTTLPage.toString()) .build("demo") .toString(); driver.navigate().to(logoutUri); assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); // Generate new realm key generateNewRealmKey(); // Try to login again. It should fail now because not yet allowed to download new keys tokenMinTTLPage.navigateTo(); testRealmLoginPage.form().waitForUsernameInputPresent(); assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); testRealmLoginPage.form().login("*****@*****.**", "password"); URLAssert.assertCurrentUrlStartsWith(driver, tokenMinTTLPage.getInjectedUrl().toString()); Assert.assertNull(tokenMinTTLPage.getAccessToken()); driver.navigate().to(logoutUri); assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); setAdapterAndServerTimeOffset(300, tokenMinTTLPage.toString() + "/unsecured/foo"); // Try to login. Should work now due to realm key change loginToTokenMinTtlApp(); driver.navigate().to(logoutUri); // Revert public keys change resetKeycloakDeploymentForAdapter(tokenMinTTLPage.toString() + "/unsecured/foo"); }
@Test public void testClientWithJwksUri() throws Exception { // Set client to bad JWKS URI ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), "secure-portal"); ClientRepresentation client = clientResource.toRepresentation(); OIDCAdvancedConfigWrapper wrapper = OIDCAdvancedConfigWrapper.fromClientRepresentation(client); wrapper.setUseJwksUrl(true); wrapper.setJwksUrl(securePortal + "/bad-jwks-url"); clientResource.update(client); // Login should fail at the code-to-token securePortal.navigateTo(); assertCurrentUrlStartsWithLoginUrlOf(testRealmPage); testRealmLoginPage.form().login("*****@*****.**", "password"); String pageSource = driver.getPageSource(); assertCurrentUrlStartsWith(securePortal); assertFalse(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen")); // Set client to correct JWKS URI client = clientResource.toRepresentation(); wrapper = OIDCAdvancedConfigWrapper.fromClientRepresentation(client); wrapper.setUseJwksUrl(true); wrapper.setJwksUrl(securePortal + "/" + AdapterConstants.K_JWKS); clientResource.update(client); // Login to secure-portal should be fine now. Client keys downloaded from JWKS URI securePortal.navigateTo(); assertCurrentUrlEquals(securePortal); pageSource = driver.getPageSource(); assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen")); // Logout String logoutUri = OIDCLoginProtocolService.logoutUrl(authServerPage.createUriBuilder()) .queryParam(OAuth2Constants.REDIRECT_URI, securePortal.toString()) .build("demo") .toString(); driver.navigate().to(logoutUri); }