package org.keycloak.testsuite.broker;

import java.net.URI;
import java.util.Arrays;
import java.util.Collections;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Collectors;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Response;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.resource.IdentityProviderResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.common.util.Time;
import org.keycloak.models.IdentityProviderMapperSyncMode;
import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.Urls;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.util.RealmBuilder;
import org.openqa.selenium.TimeoutException;

/* loaded from: input_file:org/keycloak/testsuite/broker/AbstractAdvancedBrokerTest.class */
public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
    /* JADX INFO: Access modifiers changed from: protected */
    public void createRoleMappersForConsumerRealm() {
        createRoleMappersForConsumerRealm(IdentityProviderMapperSyncMode.FORCE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void createRoleMappersForConsumerRealm(IdentityProviderMapperSyncMode identityProviderMapperSyncMode) {
        this.log.debug("adding mappers to identity provider in realm " + this.bc.consumerRealmName());
        IdentityProviderResource identityProviderResource = this.adminClient.realm(this.bc.consumerRealmName()).identityProviders().get(this.bc.getIDPAlias());
        for (IdentityProviderMapperRepresentation identityProviderMapperRepresentation : createIdentityProviderMappers(identityProviderMapperSyncMode)) {
            identityProviderMapperRepresentation.setIdentityProviderAlias(this.bc.getIDPAlias());
            identityProviderResource.addMapper(identityProviderMapperRepresentation).close();
        }
    }

    protected abstract Iterable<IdentityProviderMapperRepresentation> createIdentityProviderMappers(IdentityProviderMapperSyncMode identityProviderMapperSyncMode);

    protected abstract void createAdditionalMapperWithCustomSyncMode(IdentityProviderMapperSyncMode identityProviderMapperSyncMode);

    @Test
    public void testAccountManagementLinkIdentity() {
        createUser("consumer");
        this.accountFederatedIdentityPage.realm(this.bc.consumerRealmName());
        this.accountFederatedIdentityPage.open();
        this.loginPage.login("consumer", "password");
        Assert.assertTrue(this.accountFederatedIdentityPage.isCurrent());
        this.accountFederatedIdentityPage.clickAddProvider(this.bc.getIDPAlias());
        this.loginPage.login(this.bc.getUserLogin(), this.bc.getUserPassword());
        Assert.assertTrue(this.accountFederatedIdentityPage.isCurrent());
        Assert.assertTrue(this.accountFederatedIdentityPage.isLinked(this.bc.getIDPAlias()));
        this.accountFederatedIdentityPage.clickRemoveProvider(this.bc.getIDPAlias());
        this.accountFederatedIdentityPage.logout();
        logInWithBroker(this.bc);
        BrokerTestTools.waitForPage(this.driver, "update account information", false);
        this.updateAccountInformationPage.assertCurrent();
        this.updateAccountInformationPage.updateAccountInformation("FirstName", "LastName");
        BrokerTestTools.waitForPage(this.driver, "account already exists", false);
        this.idpConfirmLinkPage.assertCurrent();
        this.idpConfirmLinkPage.clickLinkAccount();
        this.loginPage.login(this.bc.getUserPassword());
        this.accountFederatedIdentityPage.assertCurrent();
        Assert.assertTrue(this.accountFederatedIdentityPage.isLinked(this.bc.getIDPAlias()));
        this.accountFederatedIdentityPage.clickRemoveProvider(this.bc.getIDPAlias());
        Assert.assertFalse(this.accountFederatedIdentityPage.isLinked(this.bc.getIDPAlias()));
        this.accountFederatedIdentityPage.logout();
        this.loginPage.clickSocial(this.bc.getIDPAlias());
        this.loginPage.login(this.bc.getUserLogin(), this.bc.getUserPassword());
        BrokerTestTools.waitForPage(this.driver, "update account information", false);
        this.updateAccountInformationPage.assertCurrent();
    }

    @Test
    public void testAccountManagementLinkedIdentityAlreadyExists() {
        updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
        createUser(this.bc.consumerRealmName(), "consumer", "password", "FirstName", "LastName", "consumer@localhost.com");
        this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
        logInWithBroker(this.bc);
        waitForAccountManagementTitle();
        this.accountUpdateProfilePage.assertCurrent();
        logoutFromRealm(BrokerTestTools.getProviderRoot(), this.bc.providerRealmName());
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
        this.accountFederatedIdentityPage.realm(this.bc.consumerRealmName());
        this.accountFederatedIdentityPage.open();
        this.loginPage.login("consumer", "password");
        Assert.assertTrue(this.accountFederatedIdentityPage.isCurrent());
        this.accountFederatedIdentityPage.clickAddProvider(this.bc.getIDPAlias());
        this.loginPage.login(this.bc.getUserLogin(), this.bc.getUserPassword());
        Assert.assertTrue(this.accountFederatedIdentityPage.isCurrent());
        Assert.assertEquals("Federated identity returned by " + this.bc.getIDPAlias() + " is already linked to another user.", this.accountFederatedIdentityPage.getError());
    }

    @Test
    public void testRetrieveToken() throws Exception {
        Throwable th;
        updateExecutions(AbstractBrokerTest::enableRequirePassword);
        updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
        IdentityProviderRepresentation representation = this.identityProviderResource.toRepresentation();
        representation.setStoreToken(true);
        this.identityProviderResource.update(representation);
        this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
        logInWithBroker(this.bc);
        this.updatePasswordPage.updatePasswords("password", "password");
        waitForAccountManagementTitle();
        this.accountUpdateProfilePage.assertCurrent();
        String userLogin = this.bc.getUserLogin();
        this.testingClient.server(this.bc.consumerRealmName()).run(BrokerRunOnServerUtil.grantReadTokenRole(userLogin));
        AtomicReference atomicReference = new AtomicReference(this.oauth.realm(this.bc.consumerRealmName()).clientId("broker-app").doGrantAccessTokenRequest("broker-app-secret", this.bc.getUserLogin(), this.bc.getUserPassword()).getAccessToken());
        Client build = ClientBuilder.newBuilder().register(clientRequestContext -> {
            clientRequestContext.getHeaders().add("Authorization", "Bearer " + ((String) atomicReference.get()));
        }).build();
        try {
            WebTarget target = build.target(Urls.identityProviderRetrieveToken(URI.create(BrokerTestTools.getConsumerRoot() + "/auth"), this.bc.getIDPAlias(), this.bc.consumerRealmName()));
            Response response = target.request().get();
            Throwable th2 = null;
            try {
                try {
                    Assert.assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
                    Assert.assertNotNull(response.readEntity(String.class));
                    if (response != null) {
                        if (0 != 0) {
                            try {
                                response.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            response.close();
                        }
                    }
                    this.testingClient.server(this.bc.consumerRealmName()).run(BrokerRunOnServerUtil.revokeReadTokenRole(userLogin));
                    atomicReference.set(this.oauth.realm(this.bc.consumerRealmName()).clientId("broker-app").doGrantAccessTokenRequest("broker-app-secret", this.bc.getUserLogin(), this.bc.getUserPassword()).getAccessToken());
                    response = target.request().get();
                    th = null;
                } finally {
                }
                try {
                    try {
                        Assert.assertEquals(Response.Status.FORBIDDEN.getStatusCode(), response.getStatus());
                        if (response != null) {
                            if (0 != 0) {
                                try {
                                    response.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                response.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            build.close();
        }
    }

    @Test
    public void loginWithExistingUserWithBruteForceEnabled() {
        this.adminClient.realm(this.bc.consumerRealmName()).update(RealmBuilder.create().bruteForceProtected(true).failureFactor(2).build());
        loginWithExistingUser();
        this.driver.navigate().to(getAccountPasswordUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
        this.accountPasswordPage.changePassword("password", "password");
        logoutFromRealm(BrokerTestTools.getProviderRoot(), this.bc.providerRealmName());
        this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
        try {
            BrokerTestTools.waitForPage(this.driver, "sign in to", true);
        } catch (TimeoutException e) {
            this.log.debug(this.driver.getTitle());
            this.log.debug(this.driver.getPageSource());
            org.keycloak.testsuite.Assert.fail("Timeout while waiting for login page");
        }
        for (int i = 0; i < 3; i++) {
            try {
                BrokerTestTools.waitForElementEnabled(this.driver, "login");
            } catch (TimeoutException e2) {
                org.keycloak.testsuite.Assert.fail("Timeout while waiting for login element enabled");
            }
            this.loginPage.login(this.bc.getUserLogin(), "invalid");
        }
        Assert.assertEquals("Invalid username or password.", this.loginPage.getInputError());
        this.loginPage.clickSocial(this.bc.getIDPAlias());
        try {
            BrokerTestTools.waitForPage(this.driver, "sign in to", true);
        } catch (TimeoutException e3) {
            this.log.debug(this.driver.getTitle());
            this.log.debug(this.driver.getPageSource());
            org.keycloak.testsuite.Assert.fail("Timeout while waiting for login page");
        }
        org.keycloak.testsuite.Assert.assertTrue("Driver should be on the provider realm page right now", this.driver.getCurrentUrl().contains("/auth/realms/" + this.bc.providerRealmName() + "/"));
        this.loginPage.login(this.bc.getUserLogin(), this.bc.getUserPassword());
        Assert.assertEquals("Account is disabled, contact your administrator.", this.errorPage.getError());
    }

    @Test
    public void loginWithExistingUserWithErrorFromProviderIdP() {
        ClientRepresentation clientRepresentation = (ClientRepresentation) this.adminClient.realm(this.bc.providerRealmName()).clients().findByClientId(this.bc.getIDPClientIdInProviderRealm()).get(0);
        this.adminClient.realm(this.bc.providerRealmName()).clients().get(clientRepresentation.getId()).update(org.keycloak.testsuite.util.ClientBuilder.edit(clientRepresentation).consentRequired(true).build());
        this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
        logInWithBroker(this.bc);
        this.driver.manage().timeouts().pageLoadTimeout(30L, TimeUnit.MINUTES);
        BrokerTestTools.waitForPage(this.driver, "grant access", false);
        this.consentPage.cancel();
        BrokerTestTools.waitForPage(this.driver, "sign in to", true);
        this.adminClient.realm(this.bc.providerRealmName()).clients().get(clientRepresentation.getId()).update(org.keycloak.testsuite.util.ClientBuilder.edit(clientRepresentation).consentRequired(false).build());
    }

    @Test
    public void testDisabledUser() {
        loginUser();
        logoutFromRealm(BrokerTestTools.getProviderRoot(), this.bc.providerRealmName());
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
        RealmResource realm = this.adminClient.realm(this.bc.consumerRealmName());
        UserRepresentation userRepresentation = (UserRepresentation) realm.users().search(this.bc.getUserLogin()).get(0);
        UserResource userResource = realm.users().get(userRepresentation.getId());
        userRepresentation.setEnabled(false);
        userResource.update(userRepresentation);
        logInWithBroker(this.bc);
        this.errorPage.assertCurrent();
        Assert.assertEquals("Account is disabled, contact your administrator.", this.errorPage.getError());
    }

    @Test
    public void mapperDoesNotGrantNewRoleFromTokenWithSyncModeImport() {
        testMapperAssigningRoles(IdentityProviderMapperSyncMode.IMPORT, false);
    }

    @Test
    public void mapperGrantsNewRoleFromTokenWithInheritedSyncModeForce() {
        this.adminClient.realm(this.bc.consumerRealmName()).identityProviders().get(this.bc.getIDPAlias()).update(this.bc.setUpIdentityProvider(IdentityProviderSyncMode.FORCE));
        testMapperAssigningRoles(IdentityProviderMapperSyncMode.INHERIT, true);
    }

    @Test
    public void mapperDoesNotGrantNewRoleFromTokenWithInheritedSyncModeImport() {
        this.adminClient.realm(this.bc.consumerRealmName()).identityProviders().get(this.bc.getIDPAlias()).update(this.bc.setUpIdentityProvider(IdentityProviderSyncMode.IMPORT));
        testMapperAssigningRoles(IdentityProviderMapperSyncMode.INHERIT, false);
    }

    private void testMapperAssigningRoles(IdentityProviderMapperSyncMode identityProviderMapperSyncMode, boolean z) {
        createRolesForRealm(this.bc.providerRealmName());
        createRolesForRealm(this.bc.consumerRealmName());
        createRoleMappersForConsumerRealm(identityProviderMapperSyncMode);
        RoleRepresentation representation = this.adminClient.realm(this.bc.providerRealmName()).roles().get(AbstractBrokerTest.ROLE_MANAGER).toRepresentation();
        RoleRepresentation representation2 = this.adminClient.realm(this.bc.providerRealmName()).roles().get("user").toRepresentation();
        UserResource userResource = this.adminClient.realm(this.bc.providerRealmName()).users().get(this.userId);
        userResource.roles().realmLevel().add(Collections.singletonList(representation));
        logInAsUserInIDPForFirstTime();
        UserResource userResource2 = this.adminClient.realm(this.bc.consumerRealmName()).users().get(((UserRepresentation) this.adminClient.realm(this.bc.consumerRealmName()).users().search(this.bc.getUserLogin()).get(0)).getId());
        Set set = (Set) userResource2.roles().realmLevel().listAll().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet());
        Assert.assertThat(set, Matchers.hasItems(new String[]{AbstractBrokerTest.ROLE_MANAGER}));
        Assert.assertThat(set, Matchers.not(Matchers.hasItems(new String[]{"user"})));
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
        userResource.roles().realmLevel().add(Collections.singletonList(representation2));
        logInAsUserInIDP();
        Set set2 = (Set) userResource2.roles().realmLevel().listAll().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet());
        if (z) {
            Assert.assertThat(set2, Matchers.hasItems(new String[]{AbstractBrokerTest.ROLE_MANAGER, "user"}));
        } else {
            Assert.assertThat(set2, Matchers.hasItems(new String[]{AbstractBrokerTest.ROLE_MANAGER}));
            Assert.assertThat(set2, Matchers.not(Matchers.hasItems(new String[]{"user"})));
        }
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
        logoutFromRealm(BrokerTestTools.getProviderRoot(), this.bc.providerRealmName());
    }

    @Test
    public void differentMappersCanHaveDifferentSyncModes() {
        createRolesForRealm(this.bc.providerRealmName());
        createRolesForRealm(this.bc.consumerRealmName());
        createRoleMappersForConsumerRealm(IdentityProviderMapperSyncMode.INHERIT);
        createAdditionalMapperWithCustomSyncMode(IdentityProviderMapperSyncMode.FORCE);
        RoleRepresentation representation = this.adminClient.realm(this.bc.providerRealmName()).roles().get(AbstractBrokerTest.ROLE_MANAGER).toRepresentation();
        RoleRepresentation representation2 = this.adminClient.realm(this.bc.providerRealmName()).roles().get("user").toRepresentation();
        RoleRepresentation representation3 = this.adminClient.realm(this.bc.providerRealmName()).roles().get(AbstractBrokerTest.ROLE_FRIENDLY_MANAGER).toRepresentation();
        UserResource userResource = this.adminClient.realm(this.bc.providerRealmName()).users().get(this.userId);
        userResource.roles().realmLevel().add(Collections.singletonList(representation));
        logInAsUserInIDPForFirstTime();
        UserResource userResource2 = this.adminClient.realm(this.bc.consumerRealmName()).users().get(((UserRepresentation) this.adminClient.realm(this.bc.consumerRealmName()).users().search(this.bc.getUserLogin()).get(0)).getId());
        Set set = (Set) userResource2.roles().realmLevel().listAll().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet());
        Assert.assertThat(set, Matchers.hasItems(new String[]{AbstractBrokerTest.ROLE_MANAGER}));
        Assert.assertThat(set, Matchers.not(Matchers.hasItems(new String[]{"user", AbstractBrokerTest.ROLE_FRIENDLY_MANAGER})));
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
        userResource.roles().realmLevel().add(Arrays.asList(representation2, representation3));
        logInAsUserInIDP();
        Set set2 = (Set) userResource2.roles().realmLevel().listAll().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet());
        Assert.assertThat(set2, Matchers.hasItems(new String[]{AbstractBrokerTest.ROLE_MANAGER, AbstractBrokerTest.ROLE_FRIENDLY_MANAGER}));
        Assert.assertThat(set2, Matchers.not(Matchers.hasItems(new String[]{"user"})));
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
        logoutFromRealm(BrokerTestTools.getProviderRoot(), this.bc.providerRealmName());
    }

    @Test
    public void testExpiredCode() {
        this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
        this.log.debug("Expire all browser cookies");
        this.driver.manage().deleteAllCookies();
        this.log.debug("Clicking social " + this.bc.getIDPAlias());
        this.loginPage.clickSocial(this.bc.getIDPAlias());
        BrokerTestTools.waitForPage(this.driver, "sorry", false);
        this.errorPage.assertCurrent();
        org.keycloak.testsuite.Assert.assertTrue(this.errorPage.getBackToApplicationLink().endsWith("/auth/realms/consumer/account/"));
    }

    @Test
    public void testPostBrokerLoginFlowWithOTP() {
        updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
        this.testingClient.server(this.bc.consumerRealmName()).run(BrokerRunOnServerUtil.configurePostBrokerLoginWithOTP(this.bc.getIDPAlias()));
        this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
        logInWithBroker(this.bc);
        this.totpPage.assertCurrent();
        String totpSecret = this.totpPage.getTotpSecret();
        this.totpPage.configure(this.totp.generateTOTP(totpSecret));
        assertNumFederatedIdentities(((UserRepresentation) this.adminClient.realm(this.bc.consumerRealmName()).users().search(this.bc.getUserLogin()).get(0)).getId(), 1);
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
        logInWithBroker(this.bc);
        this.loginTotpPage.assertCurrent();
        this.loginTotpPage.login(this.totp.generateTOTP(totpSecret));
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
        this.testingClient.server(this.bc.consumerRealmName()).run(BrokerRunOnServerUtil.disablePostBrokerLoginFlow(this.bc.getIDPAlias()));
        logInWithBroker(this.bc);
        waitForAccountManagementTitle();
        this.accountUpdateProfilePage.assertCurrent();
    }

    @Test
    public void testPostBrokerLoginFlowWithOTP_bruteForceEnabled() {
        updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
        this.testingClient.server(this.bc.consumerRealmName()).run(BrokerRunOnServerUtil.configurePostBrokerLoginWithOTP(this.bc.getIDPAlias()));
        RealmResource realm = this.adminClient.realm(this.bc.consumerRealmName());
        RealmRepresentation representation = realm.toRepresentation();
        representation.setBruteForceProtected(true);
        representation.setFailureFactor(2);
        representation.setMaxDeltaTimeSeconds(20);
        representation.setMaxFailureWaitSeconds(100);
        representation.setWaitIncrementSeconds(5);
        realm.update(representation);
        try {
            this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
            logInWithBroker(this.bc);
            this.totpPage.assertCurrent();
            String totpSecret = this.totpPage.getTotpSecret();
            this.totpPage.configure(this.totp.generateTOTP(totpSecret));
            assertNumFederatedIdentities(((UserRepresentation) realm.users().search(this.bc.getUserLogin()).get(0)).getId(), 1);
            logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
            logInWithBroker(this.bc);
            this.loginTotpPage.assertCurrent();
            this.loginTotpPage.login("bad-totp");
            org.keycloak.testsuite.Assert.assertEquals("Invalid authenticator code.", this.loginTotpPage.getInputError());
            this.loginTotpPage.login("bad-totp");
            org.keycloak.testsuite.Assert.assertEquals("Invalid authenticator code.", this.loginTotpPage.getInputError());
            this.loginTotpPage.login(this.totp.generateTOTP(totpSecret));
            org.keycloak.testsuite.Assert.assertEquals("Invalid authenticator code.", this.loginTotpPage.getInputError());
            realm.attackDetection().clearBruteForceForUser(ApiUtil.findUserByUsername(realm, this.bc.getUserLogin()).getId());
            this.loginTotpPage.login(this.totp.generateTOTP(totpSecret));
            waitForAccountManagementTitle();
            logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
            this.testingClient.server(this.bc.consumerRealmName()).run(BrokerRunOnServerUtil.disablePostBrokerLoginFlow(this.bc.getIDPAlias()));
            RealmRepresentation representation2 = realm.toRepresentation();
            representation2.setBruteForceProtected(false);
            realm.update(representation2);
        } catch (Throwable th) {
            this.testingClient.server(this.bc.consumerRealmName()).run(BrokerRunOnServerUtil.disablePostBrokerLoginFlow(this.bc.getIDPAlias()));
            RealmRepresentation representation3 = realm.toRepresentation();
            representation3.setBruteForceProtected(false);
            realm.update(representation3);
            throw th;
        }
    }

    @Test
    public void testLogoutWorksWithTokenTimeout() {
        try {
            updateExecutions(AbstractBrokerTest::enableUpdateProfileOnFirstLogin);
            RealmRepresentation representation = this.adminClient.realm(this.bc.providerRealmName()).toRepresentation();
            Assert.assertNotNull(representation);
            representation.setAccessTokenLifespan(1);
            this.adminClient.realm(this.bc.providerRealmName()).update(representation);
            IdentityProviderRepresentation representation2 = this.adminClient.realm(this.bc.consumerRealmName()).identityProviders().get(this.bc.getIDPAlias()).toRepresentation();
            representation2.getConfig().put("backchannelSupported", "false");
            this.adminClient.realm(this.bc.consumerRealmName()).identityProviders().get(this.bc.getIDPAlias()).update(representation2);
            Time.setOffset(2);
            this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
            logInWithBroker(this.bc);
            BrokerTestTools.waitForPage(this.driver, "update account information", false);
            this.updateAccountInformationPage.assertCurrent();
            this.updateAccountInformationPage.updateAccountInformation("FirstName", "LastName");
            this.accountPage.logOut();
            BrokerTestTools.waitForPage(this.driver, "sign in to", true);
            this.log.debug("Logging in");
            Assert.assertTrue(this.driver.getCurrentUrl().contains("/auth/realms/" + this.bc.consumerRealmName() + "/protocol/openid-connect/auth"));
            Time.setOffset(0);
        } catch (Throwable th) {
            Time.setOffset(0);
            throw th;
        }
    }

    @Test
    public void testWithLinkedFederationProvider() {
        try {
            updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
            ComponentRepresentation componentRepresentation = new ComponentRepresentation();
            componentRepresentation.setId("dummy");
            componentRepresentation.setName("dummy");
            componentRepresentation.setProviderId("dummy");
            componentRepresentation.setProviderType(UserStorageProvider.class.getName());
            this.adminClient.realm(this.bc.consumerRealmName()).components().add(componentRepresentation);
            createUser(this.bc.providerRealmName(), "test-user", "password", "FirstName", "LastName", "test-user@localhost.com");
            this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
            this.loginPage.clickSocial(this.bc.getIDPAlias());
            this.loginPage.login("test-user", "password");
            waitForAccountManagementTitle();
            this.accountUpdateProfilePage.assertCurrent();
            this.accountPage.password();
            this.accountPasswordPage.changePassword("bad", "new-password", "new-password");
            Assert.assertEquals("Invalid existing password.", this.accountPasswordPage.getError());
            this.accountPasswordPage.changePassword("secret", "new-password", "new-password");
            Assert.assertEquals("Your password has been updated.", this.accountUpdateProfilePage.getSuccess());
            logoutFromRealm(BrokerTestTools.getProviderRoot(), this.bc.providerRealmName());
            logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
            createUser(this.bc.providerRealmName(), "test-user-noemail", "password", "FirstName", "LastName", "test-user-noemail@localhost.com");
            this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
            this.loginPage.clickSocial(this.bc.getIDPAlias());
            this.loginPage.login("test-user-noemail", "password");
            waitForAccountManagementTitle();
            this.accountUpdateProfilePage.assertCurrent();
            this.accountPage.password();
            this.accountPasswordPage.changePassword("new-password", "new-password");
            Assert.assertEquals("Your password has been updated.", this.accountUpdateProfilePage.getSuccess());
        } finally {
            ApiUtil.removeUserByUsername(this.adminClient.realm(this.bc.consumerRealmName()), "test-user");
            ApiUtil.removeUserByUsername(this.adminClient.realm(this.bc.consumerRealmName()), "test-user-noemail");
        }
    }
}
