diff --git a/spec/unit/puppet/type/keycloak_realm_spec.rb b/spec/unit/puppet/type/keycloak_realm_spec.rb
index a7024920..f28cbee3 100644
--- a/spec/unit/puppet/type/keycloak_realm_spec.rb
+++ b/spec/unit/puppet/type/keycloak_realm_spec.rb
@@ -57,9 +57,68 @@
     admin_events_enabled: :false,
     admin_events_details_enabled: :false,
     offline_session_max_lifespan_enabled: :false,
-    internationalization_enabled: :false
+    internationalization_enabled: :false,
+    permanent_lockout: :false,
+    max_failure_wait_seconds: 900,
+    minimum_quick_login_wait_seconds: 60,
+    wait_increment_seconds: 60,
+    quick_login_check_milli_seconds: 1_000,
+    max_delta_time_seconds: 43_200,
+    failure_factor: 30,
+    web_authn_policy_rp_entity_name: 'keycloak',
+    web_authn_policy_signature_algorithms: ['ES256'],
+    web_authn_policy_rp_id: '',
+    web_authn_policy_attestation_conveyance_preference: 'not specified',
+    web_authn_policy_authenticator_attachment: 'not specified',
+    web_authn_policy_require_resident_key: 'not specified',
+    web_authn_policy_user_verification_requirement: 'not specified',
+    web_authn_policy_create_timeout: 0,
+    web_authn_policy_avoid_same_authenticator_register: :false,
+    web_authn_policy_acceptable_aaguids: []
   }
 
+  # Test enumerable properties
+  describe 'enumerable properties' do
+    {
+      web_authn_policy_attestation_conveyance_preference: ['none', 'indirect', 'direct'],
+      web_authn_policy_authenticator_attachment: ['platform', 'cross-platform'],
+      web_authn_policy_require_resident_key: ['Yes', 'No'],
+      web_authn_policy_user_verification_requirement: ['required', 'preferred', 'discouraged']
+    }.each do |p, values|
+      values.each do |v|
+        it "accepts #{v} for #{p}" do
+          config[p] = v
+          expect(resource[p]).to eq(v)
+        end
+      end
+
+      it "does not accept foo for #{p}" do
+        config[p] = 'foo'
+        expect {
+          resource
+        }.to raise_error(%r{foo})
+      end
+
+      it "does not accept empty for #{p}" do
+        config[p] = ''
+        expect {
+          resource
+        }.to raise_error(%r{''})
+      end
+
+      it "does not accept nil for #{p}" do
+        config[p] = nil
+        expect {
+          resource
+        }.to raise_error(%r{nil})
+      end
+
+      it "has default for #{p}" do
+        expect(resource[p]).to eq(defaults[p])
+      end
+    end
+  end
+
   describe 'basic properties' do
     # Test basic properties
     [
@@ -85,7 +144,9 @@
       :smtp_server_from_display_name,
       :smtp_server_reply_to,
       :smtp_server_reply_to_display_name,
-      :default_locale
+      :default_locale,
+      :web_authn_policy_rp_entity_name,
+      :web_authn_policy_rp_id
     ].each do |p|
       it "accepts a #{p}" do
         config[p] = 'foo'
@@ -116,7 +177,14 @@
       :action_token_generated_by_user_lifespan,
       :offline_session_idle_timeout,
       :offline_session_max_lifespan,
-      :smtp_server_port
+      :smtp_server_port,
+      :max_failure_wait_seconds,
+      :minimum_quick_login_wait_seconds,
+      :wait_increment_seconds,
+      :quick_login_check_milli_seconds,
+      :max_delta_time_seconds,
+      :failure_factor,
+      :web_authn_policy_create_timeout
     ].each do |p|
       it "accepts a #{p}" do
         config[p] = 100
@@ -151,7 +219,8 @@
       :smtp_server_starttls,
       :smtp_server_ssl,
       :brute_force_protected,
-      :offline_session_max_lifespan_enabled
+      :offline_session_max_lifespan_enabled,
+      :permanent_lockout
     ].each do |p|
       it "accepts true for #{p}" do
         config[p] = true
@@ -195,7 +264,9 @@
       :optional_client_scopes,
       :events_listeners,
       :supported_locales,
-      :roles
+      :roles,
+      :web_authn_policy_create_timeout,
+      :web_authn_policy_acceptable_aaguids
     ].each do |p|
       it "accepts array for #{p}" do
         config[p] = ['foo', 'bar']