/*
* Copyright 2013-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.cloudfoundry.reactor.uaa.identityproviders;
import org.cloudfoundry.reactor.InteractionContext;
import org.cloudfoundry.reactor.TestRequest;
import org.cloudfoundry.reactor.TestResponse;
import org.cloudfoundry.reactor.uaa.AbstractUaaApiTest;
import org.cloudfoundry.uaa.identityproviders.AttributeMappings;
import org.cloudfoundry.uaa.identityproviders.CreateIdentityProviderRequest;
import org.cloudfoundry.uaa.identityproviders.CreateIdentityProviderResponse;
import org.cloudfoundry.uaa.identityproviders.DeleteIdentityProviderRequest;
import org.cloudfoundry.uaa.identityproviders.DeleteIdentityProviderResponse;
import org.cloudfoundry.uaa.identityproviders.ExternalGroupMappingMode;
import org.cloudfoundry.uaa.identityproviders.GetIdentityProviderRequest;
import org.cloudfoundry.uaa.identityproviders.GetIdentityProviderResponse;
import org.cloudfoundry.uaa.identityproviders.IdentityProvider;
import org.cloudfoundry.uaa.identityproviders.InternalConfiguration;
import org.cloudfoundry.uaa.identityproviders.LdapConfiguration;
import org.cloudfoundry.uaa.identityproviders.LdapGroupFile;
import org.cloudfoundry.uaa.identityproviders.LdapProfileFile;
import org.cloudfoundry.uaa.identityproviders.ListIdentityProvidersRequest;
import org.cloudfoundry.uaa.identityproviders.ListIdentityProvidersResponse;
import org.cloudfoundry.uaa.identityproviders.LockoutPolicy;
import org.cloudfoundry.uaa.identityproviders.OAuth2Configuration;
import org.cloudfoundry.uaa.identityproviders.SamlConfiguration;
import org.cloudfoundry.uaa.identityproviders.Type;
import org.cloudfoundry.uaa.identityproviders.UpdateIdentityProviderRequest;
import org.cloudfoundry.uaa.identityproviders.UpdateIdentityProviderResponse;
import org.junit.Test;
import reactor.test.StepVerifier;
import java.time.Duration;
import java.util.Collections;
import static io.netty.handler.codec.http.HttpMethod.DELETE;
import static io.netty.handler.codec.http.HttpMethod.GET;
import static io.netty.handler.codec.http.HttpMethod.POST;
import static io.netty.handler.codec.http.HttpMethod.PUT;
import static io.netty.handler.codec.http.HttpResponseStatus.CREATED;
import static io.netty.handler.codec.http.HttpResponseStatus.OK;
public final class ReactorIdentityProvidersTest extends AbstractUaaApiTest {
private final ReactorIdentityProviders identityProviders = new ReactorIdentityProviders(CONNECTION_CONTEXT, this.root, TOKEN_PROVIDER);
@Test
public void createLdap() {
mockRequest(InteractionContext.builder()
.request(TestRequest.builder()
.method(POST).path("/identity-providers?rawConfig=true")
.header("X-Identity-Zone-Id", "test-identity-zone-id")
.payload("fixtures/uaa/identity-providers/POST_request_ldap.json")
.build())
.response(TestResponse.builder()
.status(CREATED)
.payload("fixtures/uaa/identity-providers/POST_response_ldap.json")
.build())
.build());
this.identityProviders
.create(CreateIdentityProviderRequest.builder()
.active(true)
.configuration(LdapConfiguration.builder()
.attributeMappings(AttributeMappings.builder()
.build())
.ldapProfileFile(LdapProfileFile.SIMPLE_BIND)
.ldapGroupFile(LdapGroupFile.NO_GROUP)
.baseUrl("ldap://localhost:33389")
.skipSSLVerification(false)
.mailAttributeName("mail")
.mailSubstituteOverridesLdap(false)
.build())
.name("ldap name")
.originKey("ldap")
.type(Type.LDAP)
.identityZoneId("test-identity-zone-id")
.build())
.as(StepVerifier::create)
.expectNext(CreateIdentityProviderResponse.builder()
.active(true)
.createdAt(1465001967988L)
.configuration(LdapConfiguration.builder()
.attributeMappings(AttributeMappings.builder()
.build())
.autoAddGroups(true)
.baseUrl("ldap://localhost:33389")
.externalGroupsWhitelist(Collections.emptyList())
.groupSearchDepthLimit(10)
.groupSearchSubTree(true)
.ldapProfileFile(LdapProfileFile.SIMPLE_BIND)
.ldapGroupFile(LdapGroupFile.NO_GROUP)
.mailAttributeName("mail")
.mailSubstituteOverridesLdap(false)
.skipSSLVerification(false)
.userDistinguishedNamePattern("cn={0},ou=Users,dc=test,dc=com")
.userDistinguishedNamePatternDelimiter(";")
.build())
.id("aaccbccb-1c85-4e8b-86ed-4ce66f91c856")
.identityZoneId("uaa")
.lastModified(1465001967988L)
.name("ldap name")
.originKey("ldap")
.type(Type.LDAP)
.version(0)
.build())
.expectComplete()
.verify(Duration.ofSeconds(5));
}
@Test
public void createOauth() {
mockRequest(InteractionContext.builder()
.request(TestRequest.builder()
.method(POST).path("/identity-providers?rawConfig=true")
.header("X-Identity-Zone-Id", "test-identity-zone-id")
.payload("fixtures/uaa/identity-providers/POST_request_oauth.json")
.build())
.response(TestResponse.builder()
.status(CREATED)
.payload("fixtures/uaa/identity-providers/POST_response_oauth.json")
.build())
.build());
this.identityProviders
.create(CreateIdentityProviderRequest.builder()
.active(true)
.configuration(OAuth2Configuration.builder()
.attributeMappings(AttributeMappings.builder()
.build())
.authUrl("http://auth.url")
.tokenUrl("http://token.url")
.tokenKey("token-key")
.showLinkText(false)
.skipSslVerification(false)
.relyingPartyId("uaa")
.relyingPartySecret("secret")
.addShadowUserOnLogin(true)
.build())
.name("UAA Provider")
.originKey("oauth2.0")
.type(Type.OAUTH2)
.identityZoneId("test-identity-zone-id")
.build())
.as(StepVerifier::create)
.expectNext(CreateIdentityProviderResponse.builder()
.active(true)
.createdAt(1465001966855L)
.configuration(OAuth2Configuration.builder()
.attributeMappings(AttributeMappings.builder()
.build())
.authUrl("http://auth.url")
.externalGroupsWhitelist(Collections.emptyList())
.tokenUrl("http://token.url")
.tokenKey("token-key")
.showLinkText(false)
.skipSslVerification(false)
.relyingPartyId("uaa")
.relyingPartySecret("secret")
.addShadowUserOnLogin(true)
.build())
.id("16506900-561d-411f-904b-15c3e2722cba")
.identityZoneId("uaa")
.lastModified(1465001966855L)
.name("UAA Provider")
.originKey("oauth2.0")
.type(Type.OAUTH2)
.version(0)
.build())
.expectComplete()
.verify(Duration.ofSeconds(5));
}
@Test
public void createSaml() {
mockRequest(InteractionContext.builder()
.request(TestRequest.builder()
.method(POST).path("/identity-providers?rawConfig=true")
.header("X-Identity-Zone-Id", "test-identity-zone-id")
.payload("fixtures/uaa/identity-providers/POST_request_saml.json")
.build())
.response(TestResponse.builder()
.status(CREATED)
.payload("fixtures/uaa/identity-providers/POST_response_saml.json")
.build())
.build());
this.identityProviders
.create(CreateIdentityProviderRequest.builder()
.active(true)
.configuration(SamlConfiguration.builder()
.addShadowUserOnLogin(true)
.assertionConsumerIndex(0)
.attributeMappings(AttributeMappings.builder()
.build())
.groupMappingMode(ExternalGroupMappingMode.EXPLICITLY_MAPPED)
.linkText("IDPEndpointsMockTests Saml Provider:SAML")
.metaDataLocation("<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"http://www.okta" +
".com/SAML\"><md:IDPSSODescriptor WantAuthnRequestsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:KeyDescriptor " +
"use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3" +
".org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIICmTCCAgKgAwIBAgIGAUPATqmEMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEG" +
"\nA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU\nMBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB1Bpdm90YWwxHDAaBgkqhkiG9w0BCQEWDWlu" +
"\nZm9Ab2t0YS5jb20wHhcNMTQwMTIzMTgxMjM3WhcNNDQwMTIzMTgxMzM3WjCBjzELMAkGA1UEBhMC\nVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM" +
"\nBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdQaXZvdGFsMRwwGgYJKoZIhvcN\nAQkBFg1pbmZvQG9rdGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeil67/TLOiTZU" +
"\nWWgW2XEGgFZ94bVO90v5J1XmcHMwL8v5Z/8qjdZLpGdwI7Ph0CyXMMNklpaR/Ljb8fsls3amdT5O\nBw92Zo8ulcpjw2wuezTwL0eC0wY/GQDAZiXL59npE6U+fH1lbJIq92hx0HJSru/0O1q3+A/+jjZL\n3tL" +
"/SwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAI5BoWZoH6Mz9vhypZPOJCEKa/K+biZQsA4Zqsuk\nvvphhSERhqk/Nv76Vkl8uvJwwHbQrR9KJx4L3PRkGCG24rix71jEuXVGZUsDNM3CUKnARx4MEab6\nGFHNkZ6DmoT" +
"/PFagngecHu+EwmuDtaG0rEkFrARwe+d8Ru0BN558abFb</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1" +
".1:nameid-format:emailAddress</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:SingleSignOnService " +
"Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://pivotal.oktapreview" +
".com/app/pivotal_pivotalcfstaging_1/k2lw4l5bPODCMIIDBRYZ/sso/saml\"/><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" " +
"Location=\"https://pivotal.oktapreview.com/app/pivotal_pivotalcfstaging_1/k2lw4l5bPODCMIIDBRYZ/sso/saml\"/></md:IDPSSODescriptor></md:EntityDescriptor>\n")
.metadataTrustCheck(false)
.nameId("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
.showSamlLink(false)
.socketFactoryClassName("org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory")
.build())
.name("SAML name")
.originKey("SAML")
.type(Type.SAML)
.identityZoneId("test-identity-zone-id")
.build())
.as(StepVerifier::create)
.expectNext(CreateIdentityProviderResponse.builder()
.active(true)
.createdAt(1465001965526L)
.configuration(SamlConfiguration.builder()
.addShadowUserOnLogin(true)
.assertionConsumerIndex(0)
.attributeMappings(AttributeMappings.builder()
.build())
.externalGroupsWhitelist(Collections.emptyList())
.groupMappingMode(ExternalGroupMappingMode.EXPLICITLY_MAPPED)
.idpEntityAlias("SAML")
.linkText("IDPEndpointsMockTests Saml Provider:SAML")
.metaDataLocation("<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"http://www.okta" +
".com/SAML\"><md:IDPSSODescriptor WantAuthnRequestsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:KeyDescriptor " +
"use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3" +
".org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIICmTCCAgKgAwIBAgIGAUPATqmEMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEG" +
"\nA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU\nMBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB1Bpdm90YWwxHDAaBgkqhkiG9w0BCQEWDWlu" +
"\nZm9Ab2t0YS5jb20wHhcNMTQwMTIzMTgxMjM3WhcNNDQwMTIzMTgxMzM3WjCBjzELMAkGA1UEBhMC\nVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM" +
"\nBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdQaXZvdGFsMRwwGgYJKoZIhvcN\nAQkBFg1pbmZvQG9rdGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeil67/TLOiTZU" +
"\nWWgW2XEGgFZ94bVO90v5J1XmcHMwL8v5Z/8qjdZLpGdwI7Ph0CyXMMNklpaR/Ljb8fsls3amdT5O\nBw92Zo8ulcpjw2wuezTwL0eC0wY/GQDAZiXL59npE6U+fH1lbJIq92hx0HJSru/0O1q3+A/+jjZL\n3tL" +
"/SwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAI5BoWZoH6Mz9vhypZPOJCEKa/K+biZQsA4Zqsuk\nvvphhSERhqk/Nv76Vkl8uvJwwHbQrR9KJx4L3PRkGCG24rix71jEuXVGZUsDNM3CUKnARx4MEab6\nGFHNkZ6DmoT" +
"/PFagngecHu+EwmuDtaG0rEkFrARwe+d8Ru0BN558abFb</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1" +
".1:nameid-format:emailAddress</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:SingleSignOnService " +
"Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://pivotal.oktapreview" +
".com/app/pivotal_pivotalcfstaging_1/k2lw4l5bPODCMIIDBRYZ/sso/saml\"/><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" " +
"Location=\"https://pivotal.oktapreview.com/app/pivotal_pivotalcfstaging_1/k2lw4l5bPODCMIIDBRYZ/sso/saml\"/></md:IDPSSODescriptor></md:EntityDescriptor>\n")
.metadataTrustCheck(false)
.nameId("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
.showSamlLink(false)
.socketFactoryClassName("org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory")
.zoneId("uaa")
.build())
.id("a2e96056-c777-40b8-95b8-ff81b441fcf1")
.identityZoneId("uaa")
.lastModified(1465001965526L)
.name("SAML name")
.originKey("SAML")
.type(Type.SAML)
.version(0)
.build())
.expectComplete()
.verify(Duration.ofSeconds(5));
}
@Test
public void delete() {
mockRequest(InteractionContext.builder()
.request(TestRequest.builder()
.method(DELETE).path("/identity-providers/test-identity-provider-id?rawConfig=true")
.header("X-Identity-Zone-Id", "test-identity-zone-id")
.build())
.response(TestResponse.builder()
.status(OK)
.payload("fixtures/uaa/identity-providers/DELETE_{id}_response.json")
.build())
.build());
this.identityProviders
.delete(DeleteIdentityProviderRequest.builder()
.identityProviderId("test-identity-provider-id")
.identityZoneId("test-identity-zone-id")
.build())
.as(StepVerifier::create)
.expectNext(DeleteIdentityProviderResponse.builder()
.active(true)
.createdAt(1466035298319L)
.configuration(SamlConfiguration.builder()
.addShadowUserOnLogin(true)
.assertionConsumerIndex(0)
.attributeMappings(AttributeMappings.builder()
.build())
.externalGroupsWhitelist(Collections.emptyList())
.groupMappingMode(ExternalGroupMappingMode.EXPLICITLY_MAPPED)
.idpEntityAlias("saml-for-delete")
.linkText("IDPEndpointsMockTests Saml Provider:saml-for-delete")
.metaDataLocation("<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"http://www.okta" +
".com/saml-for-delete\"><md:IDPSSODescriptor WantAuthnRequestsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:KeyDescriptor " +
"use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3" +
".org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIICmTCCAgKgAwIBAgIGAUPATqmEMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEG" +
"\nA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU\nMBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB1Bpdm90YWwxHDAaBgkqhkiG9w0BCQEWDWlu" +
"\nZm9Ab2t0YS5jb20wHhcNMTQwMTIzMTgxMjM3WhcNNDQwMTIzMTgxMzM3WjCBjzELMAkGA1UEBhMC\nVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM" +
"\nBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdQaXZvdGFsMRwwGgYJKoZIhvcN\nAQkBFg1pbmZvQG9rdGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeil67/TLOiTZU" +
"\nWWgW2XEGgFZ94bVO90v5J1XmcHMwL8v5Z/8qjdZLpGdwI7Ph0CyXMMNklpaR/Ljb8fsls3amdT5O\nBw92Zo8ulcpjw2wuezTwL0eC0wY/GQDAZiXL59npE6U+fH1lbJIq92hx0HJSru/0O1q3+A/+jjZL\n3tL" +
"/SwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAI5BoWZoH6Mz9vhypZPOJCEKa/K+biZQsA4Zqsuk\nvvphhSERhqk/Nv76Vkl8uvJwwHbQrR9KJx4L3PRkGCG24rix71jEuXVGZUsDNM3CUKnARx4MEab6\nGFHNkZ6DmoT" +
"/PFagngecHu+EwmuDtaG0rEkFrARwe+d8Ru0BN558abFb</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1" +
".1:nameid-format:emailAddress</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:SingleSignOnService " +
"Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://pivotal.oktapreview" +
".com/app/pivotal_pivotalcfstaging_1/k2lw4l5bPODCMIIDBRYZ/sso/saml\"/><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" " +
"Location=\"https://pivotal.oktapreview.com/app/pivotal_pivotalcfstaging_1/k2lw4l5bPODCMIIDBRYZ/sso/saml\"/></md:IDPSSODescriptor></md:EntityDescriptor>\n")
.metadataTrustCheck(false)
.nameId("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
.showSamlLink(false)
.socketFactoryClassName("org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory")
.zoneId("uaa")
.build())
.id("3ba5978b-8db1-4f27-bfbd-f24f6773b52f")
.identityZoneId("uaa")
.lastModified(1466035298319L)
.name("saml-for-delete name")
.originKey("saml-for-delete")
.type(Type.SAML)
.version(0)
.build())
.expectComplete()
.verify(Duration.ofSeconds(5));
}
@Test
public void get() {
mockRequest(InteractionContext.builder()
.request(TestRequest.builder()
.method(GET).path("/identity-providers/test-identity-provider-id?rawConfig=true")
.header("X-Identity-Zone-Id", "test-identity-zone-id")
.build())
.response(TestResponse.builder()
.status(CREATED)
.payload("fixtures/uaa/identity-providers/GET_{id}_response.json")
.build())
.build());
this.identityProviders
.get(GetIdentityProviderRequest.builder()
.identityProviderId("test-identity-provider-id")
.identityZoneId("test-identity-zone-id")
.build())
.as(StepVerifier::create)
.expectNext(GetIdentityProviderResponse.builder()
.active(true)
.createdAt(1465001966715L)
.configuration(SamlConfiguration.builder()
.addShadowUserOnLogin(true)
.assertionConsumerIndex(0)
.attributeMappings(AttributeMappings.builder()
.build())
.externalGroupsWhitelist(Collections.emptyList())
.groupMappingMode(ExternalGroupMappingMode.EXPLICITLY_MAPPED)
.idpEntityAlias("saml-for-get")
.linkText("IDPEndpointsMockTests Saml Provider:saml-for-get")
.metaDataLocation("<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"http://www.okta" +
".com/saml-for-get\"><md:IDPSSODescriptor WantAuthnRequestsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:KeyDescriptor " +
"use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3" +
".org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIICmTCCAgKgAwIBAgIGAUPATqmEMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEG" +
"\nA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU\nMBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB1Bpdm90YWwxHDAaBgkqhkiG9w0BCQEWDWlu" +
"\nZm9Ab2t0YS5jb20wHhcNMTQwMTIzMTgxMjM3WhcNNDQwMTIzMTgxMzM3WjCBjzELMAkGA1UEBhMC\nVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM" +
"\nBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdQaXZvdGFsMRwwGgYJKoZIhvcN\nAQkBFg1pbmZvQG9rdGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeil67/TLOiTZU" +
"\nWWgW2XEGgFZ94bVO90v5J1XmcHMwL8v5Z/8qjdZLpGdwI7Ph0CyXMMNklpaR/Ljb8fsls3amdT5O\nBw92Zo8ulcpjw2wuezTwL0eC0wY/GQDAZiXL59npE6U+fH1lbJIq92hx0HJSru/0O1q3+A/+jjZL\n3tL" +
"/SwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAI5BoWZoH6Mz9vhypZPOJCEKa/K+biZQsA4Zqsuk\nvvphhSERhqk/Nv76Vkl8uvJwwHbQrR9KJx4L3PRkGCG24rix71jEuXVGZUsDNM3CUKnARx4MEab6\nGFHNkZ6DmoT" +
"/PFagngecHu+EwmuDtaG0rEkFrARwe+d8Ru0BN558abFb</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1" +
".1:nameid-format:emailAddress</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:SingleSignOnService " +
"Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://pivotal.oktapreview" +
".com/app/pivotal_pivotalcfstaging_1/k2lw4l5bPODCMIIDBRYZ/sso/saml\"/><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" " +
"Location=\"https://pivotal.oktapreview.com/app/pivotal_pivotalcfstaging_1/k2lw4l5bPODCMIIDBRYZ/sso/saml\"/></md:IDPSSODescriptor></md:EntityDescriptor>\n")
.metadataTrustCheck(false)
.nameId("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
.showSamlLink(false)
.socketFactoryClassName("org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory")
.zoneId("uaa")
.build())
.id("0077d56d-4e10-447a-9438-57d058e033ae")
.identityZoneId("uaa")
.lastModified(1465001966715L)
.name("saml-for-get name")
.originKey("saml-for-get")
.type(Type.SAML)
.version(0)
.build())
.expectComplete()
.verify(Duration.ofSeconds(5));
}
@Test
public void list() {
mockRequest(InteractionContext.builder()
.request(TestRequest.builder()
.method(GET).path("/identity-providers?rawConfig=true")
.header("X-Identity-Zone-Id", "test-identity-zone-id")
.build())
.response(TestResponse.builder()
.status(OK)
.payload("fixtures/uaa/identity-providers/GET_response.json")
.build())
.build());
this.identityProviders
.list(ListIdentityProvidersRequest.builder()
.identityZoneId("test-identity-zone-id")
.build())
.as(StepVerifier::create)
.expectNext(ListIdentityProvidersResponse.builder()
.identityProvider(IdentityProvider.builder()
.active(true)
.createdAt(1465001965526L)
.configuration(SamlConfiguration.builder()
.addShadowUserOnLogin(true)
.assertionConsumerIndex(0)
.attributeMappings(AttributeMappings.builder()
.build())
.externalGroupsWhitelist(Collections.emptyList())
.groupMappingMode(ExternalGroupMappingMode.EXPLICITLY_MAPPED)
.idpEntityAlias("SAML")
.linkText("IDPEndpointsMockTests Saml Provider:SAML")
.metaDataLocation("<?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"http://www.okta" +
".com/SAML\"><md:IDPSSODescriptor WantAuthnRequestsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:KeyDescriptor " +
"use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3" +
".org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIICmTCCAgKgAwIBAgIGAUPATqmEMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEG" +
"\nA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU\nMBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB1Bpdm90YWwxHDAaBgkqhkiG9w0BCQEWDWlu" +
"\nZm9Ab2t0YS5jb20wHhcNMTQwMTIzMTgxMjM3WhcNNDQwMTIzMTgxMzM3WjCBjzELMAkGA1UEBhMC\nVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM" +
"\nBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdQaXZvdGFsMRwwGgYJKoZIhvcN\nAQkBFg1pbmZvQG9rdGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeil67/TLOiTZU" +
"\nWWgW2XEGgFZ94bVO90v5J1XmcHMwL8v5Z/8qjdZLpGdwI7Ph0CyXMMNklpaR/Ljb8fsls3amdT5O\nBw92Zo8ulcpjw2wuezTwL0eC0wY/GQDAZiXL59npE6U+fH1lbJIq92hx0HJSru/0O1q3+A/+jjZL\n3tL" +
"/SwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAI5BoWZoH6Mz9vhypZPOJCEKa/K+biZQsA4Zqsuk\nvvphhSERhqk/Nv76Vkl8uvJwwHbQrR9KJx4L3PRkGCG24rix71jEuXVGZUsDNM3CUKnARx4MEab6\nGFHNkZ6DmoT" +
"/PFagngecHu+EwmuDtaG0rEkFrARwe+d8Ru0BN558abFb</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1" +
".1:nameid-format:emailAddress</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:SingleSignOnService " +
"Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://pivotal.oktapreview" +
".com/app/pivotal_pivotalcfstaging_1/k2lw4l5bPODCMIIDBRYZ/sso/saml\"/><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" " +
"Location=\"https://pivotal.oktapreview.com/app/pivotal_pivotalcfstaging_1/k2lw4l5bPODCMIIDBRYZ/sso/saml\"/></md:IDPSSODescriptor></md:EntityDescriptor>\n")
.metadataTrustCheck(false)
.nameId("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
.showSamlLink(false)
.socketFactoryClassName("org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory")
.zoneId("uaa")
.build())
.id("a2e96056-c777-40b8-95b8-ff81b441fcf1")
.identityZoneId("uaa")
.lastModified(1465001965526L)
.name("SAML name")
.originKey("SAML")
.type(Type.SAML)
.version(0)
.build())
.identityProvider(IdentityProvider.builder()
.active(false)
.createdAt(946713600000L)
.id("e6f15c2c-e5fa-46f6-a301-66b802d0102f")
.identityZoneId("uaa")
.lastModified(1465001954764L)
.name("keystone")
.originKey("keystone")
.type(Type.KEYSTONE)
.version(1)
.build())
.identityProvider(IdentityProvider.builder()
.active(false)
.createdAt(946713600000L)
.id("a3b9ef5d-e717-4ea9-91fa-371fa7a32f46")
.identityZoneId("uaa")
.lastModified(1465001955226L)
.name("ldap")
.originKey("ldap")
.type(Type.LDAP)
.version(1)
.build())
.identityProvider(IdentityProvider.builder()
.active(true)
.createdAt(1465001966855L)
.configuration(OAuth2Configuration.builder()
.attributeMappings(AttributeMappings.builder()
.build())
.authUrl("http://auth.url")
.externalGroupsWhitelist(Collections.emptyList())
.tokenUrl("http://token.url")
.tokenKey("token-key")
.showLinkText(false)
.skipSslVerification(false)
.relyingPartyId("uaa")
.relyingPartySecret("secret")
.addShadowUserOnLogin(true)
.build())
.id("16506900-561d-411f-904b-15c3e2722cba")
.identityZoneId("uaa")
.lastModified(1465001966855L)
.name("UAA Provider")
.originKey("oauth2.0")
.type(Type.OAUTH2)
.version(0)
.build())
.identityProvider(IdentityProvider.builder()
.active(true)
.createdAt(946713600000L)
.id("8d364146-ecb3-461e-b294-87580807a08f")
.identityZoneId("uaa")
.lastModified(1465001955249L)
.name("uaa")
.originKey("uaa")
.type(Type.INTERNAL)
.version(1)
.build())
.build())
.expectComplete()
.verify(Duration.ofSeconds(5));
}
@Test
public void update() {
mockRequest(InteractionContext.builder()
.request(TestRequest.builder()
.method(PUT).path("/identity-providers/test-identity-provider-id?rawConfig=true")
.header("X-Identity-Zone-Id", "test-identity-zone-id")
.payload("fixtures/uaa/identity-providers/PUT_{id}_request.json")
.build())
.response(TestResponse.builder()
.status(OK)
.payload("fixtures/uaa/identity-providers/PUT_{id}_response.json")
.build())
.build());
this.identityProviders
.update(UpdateIdentityProviderRequest.builder()
.active(true)
.configuration(InternalConfiguration.builder()
.disableInternalUserManagement(false)
.lockoutPolicy(LockoutPolicy.builder()
.lockAccountPeriodInSecond(8)
.lockoutPeriodInSecond(8)
.numberOfAllowedFailures(8)
.build())
.build())
.name("uaa")
.originKey("uaa")
.type(Type.INTERNAL)
.version(1)
.identityZoneId("test-identity-zone-id")
.identityProviderId("test-identity-provider-id")
.build())
.as(StepVerifier::create)
.expectNext(UpdateIdentityProviderResponse.builder()
.active(true)
.createdAt(946713600000L)
.configuration(InternalConfiguration.builder()
.disableInternalUserManagement(false)
.lockoutPolicy(LockoutPolicy.builder()
.lockAccountPeriodInSecond(8)
.lockoutPeriodInSecond(8)
.numberOfAllowedFailures(8)
.build())
.build())
.id("test-identity-provider-id")
.identityZoneId("uaa")
.lastModified(1465001967669L)
.name("uaa")
.originKey("uaa")
.type(Type.INTERNAL)
.version(2)
.build())
.expectComplete()
.verify(Duration.ofSeconds(5));
}
}