keycloak-uncached
Changes
testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker/mellon/http_localhost_auth.xml 3(+0 -3)
testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/mellon/http_localhost_auth_.cert 17(+17 -0)
testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/mellon/http_localhost_auth_.key 28(+28 -0)
testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/mellon/http_localhost_auth_.xml 72(+72 -0)
testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/mellon/idp-metadata.xml 51(+51 -0)
testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/www/auth2/index.html 20(+20 -0)
testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonProtectedResource.java 4(+2 -2)
testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonProtectedResource2.java 32(+32 -0)
testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonUnprotectedResource.java 4(+2 -2)
testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonUnprotectedResource2.java 23(+23 -0)
testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/test/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonTest.java 57(+50 -7)
Details
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker/auth_mellon.conf b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker/auth_mellon.conf
index 4ab4785..6a0af54 100644
--- a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker/auth_mellon.conf
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker/auth_mellon.conf
@@ -20,8 +20,10 @@ MellonLockFile "/run/mod_auth_mellon/lock"
# It is the URL to this location that is used as the second parameter to the metadata generation script.
# This path is relative to the root of the web server.
MellonEndpointPath /mellon
+
+ MellonSessionLength 2
</Location>
<Location /auth>
- MellonEnable "auth"
+ MellonEnable "auth"
</Location>
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker/mellon/http_localhost_auth.xml b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker/mellon/http_localhost_auth.xml
index 45a3a88..8e1ebde 100644
--- a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker/mellon/http_localhost_auth.xml
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker/mellon/http_localhost_auth.xml
@@ -71,9 +71,6 @@
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://localhost:8380/mellon/logout"/>
<SingleLogoutService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
- Location="http://localhost:8380/mellon/logout"/>
- <SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://localhost:8380/mellon/logout"/>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/auth_mellon.conf b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/auth_mellon.conf
new file mode 100644
index 0000000..31bd552
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/auth_mellon.conf
@@ -0,0 +1,31 @@
+MellonCacheSize 100
+MellonLockFile "/run/mod_auth_mellon/lock"
+
+# This is a server-wide configuration that will add information from the Mellon session to all requests.
+<Location />
+ # Add information from the mod_auth_mellon session to the request.
+ MellonEnable "info"
+
+ # Configure the SP metadata
+ # This should be the files which were created when creating SP metadata.
+ MellonSPPrivateKeyFile /etc/apache2/mellon/http_localhost_auth_.key
+
+ MellonSPCertFile /etc/apache2/mellon/http_localhost_auth_.cert
+ MellonSPMetadataFile /etc/apache2/mellon/http_localhost_auth_.xml
+
+ # IdP metadata. This should be the metadata file you got from the IdP.
+ MellonIdPMetadataFile /etc/apache2/mellon/idp-metadata.xml
+
+ # The location all endpoints should be located under.
+ # It is the URL to this location that is used as the second parameter to the metadata generation script.
+ # This path is relative to the root of the web server.
+ MellonEndpointPath /mellon
+
+ MellonVariable "cookie2"
+</Location>
+
+<Location /auth2>
+ MellonEnable "auth"
+
+ MellonCond "Role" "manager"
+</Location>
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/Dockerfile b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/Dockerfile
new file mode 100644
index 0000000..56becef
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/Dockerfile
@@ -0,0 +1,17 @@
+FROM ubuntu
+
+RUN apt-get update && apt-get install -y apache2 && apt-get install -y libapache2-mod-auth-mellon
+
+RUN mkdir /etc/apache2/mellon
+
+COPY mellon/* /etc/apache2/mellon/
+
+COPY auth_mellon.conf /etc/apache2/mods-enabled/
+
+COPY www/* /var/www/html/
+
+RUN mkdir /var/www/html/auth2
+
+COPY www/auth2/* /var/www/html/auth2/
+
+CMD /usr/sbin/apache2ctl -D FOREGROUND
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/mellon/http_localhost_auth_.cert b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/mellon/http_localhost_auth_.cert
new file mode 100644
index 0000000..b5f9541
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/mellon/http_localhost_auth_.cert
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrjCCAZYCCQCrriL//w2/KDANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5s
+b2NhbGhvc3Q6ODQ4MDAeFw0xNjAyMTcxMDQzMjhaFw0yNjAyMTYxMDQzMjhaMBkx
+FzAVBgNVBAMMDmxvY2FsaG9zdDo4NDgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAw0VE8Q0jNc2bl0OSZWvKQQIIowBie3rGgRfBB0TzO5sjBbJSQYPh
+HBWb61gB4Cx1TvCQdefgVvhB1Heq9VFdRKRtZLl2I9RaOYPpLpBXLl10yHLGUKMz
+KVT1bpKNY4hCDN46nrxiYcbi+ZLsiezAITLEsPls2KWq5IFb0Nh/8aLRv3glk1aL
+aUtSSM1c/qGk7al9rfjG6HuUutaOYtpy4dTTsMkKUmHwBTeMkSYzLnmNVgyRFN8Q
+WPf02B1TtL5cEfrm7frWsSKxUmVcmz5pz3akjd5HD3tNJC1RGCoWQG61g7hW25y1
+MRHcYXlJajSFp9KmGbkB30OpTJgky7NpGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
+AQApi0LyRNInVXfKqdAo1dMRzVso5CPSVuNUd/YwdRS5aYtGUx44SA2kGnuzo9XP
+c0OSJzuMMPRuwkL91Du8283rQT1wERvJrt1Zbs90RAwNNvpTZ4uzgZp/Kxlr8tQ8
+LuUsUcbBgNuI9LV51po0yZlxXGu/pfs7HNRVV2zfItkAO7OKj00f+Mn0+JLhJ9PJ
+oYvfPFQnAU3oFkYlc7FIYUeFKbFFG9KCkwb39vkuIHjcCEVFBCkdERefTBBptmXd
+emOI+tY7m1pzpkVzNDGX0OtEoGDokZHKL9xJUPU5Ao15OhVY0bp84uf1wjVvDVrg
+/8HfSSKirVjrlumRGariq8aw
+-----END CERTIFICATE-----
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/mellon/http_localhost_auth_.key b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/mellon/http_localhost_auth_.key
new file mode 100644
index 0000000..4393127
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/mellon/http_localhost_auth_.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDDRUTxDSM1zZuX
+Q5Jla8pBAgijAGJ7esaBF8EHRPM7myMFslJBg+EcFZvrWAHgLHVO8JB15+BW+EHU
+d6r1UV1EpG1kuXYj1Fo5g+kukFcuXXTIcsZQozMpVPVuko1jiEIM3jqevGJhxuL5
+kuyJ7MAhMsSw+WzYparkgVvQ2H/xotG/eCWTVotpS1JIzVz+oaTtqX2t+Mboe5S6
+1o5i2nLh1NOwyQpSYfAFN4yRJjMueY1WDJEU3xBY9/TYHVO0vlwR+ubt+taxIrFS
+ZVybPmnPdqSN3kcPe00kLVEYKhZAbrWDuFbbnLUxEdxheUlqNIWn0qYZuQHfQ6lM
+mCTLs2kZAgMBAAECggEARTJu090L9Sz/TgMsBbTE33SRCvI/8/H2FhkM1j6g0yaO
+qp4eeAj75K/jqOpu/7nBeE/XYXDiFu+ypFAjzPsgSgramS7/poLB1k/gehe8TTnh
+AIdrr3el0afBsYVNhU/r2BOIQmgPlQaduENQfy/eheUvvmclI0DR5lfQ6ZlO/ZlO
+s/agiziupR9ceHYCTkQpc9GI/byvVBdXIp9PSMjNhBcYv3SUP1FnhWoV2tlAZwOm
+VfB6yvZtNLp952AvsKxun6lmQQDsNhiWzCGw6cHf/aFPjEttLKHv0u6mobpM/d95
+AF+bifCweJZnfrYCE2sHTX8rzXoQ6laP6m0d8bYlgQKBgQDgsHUXSGCQYTvcmwQF
+CMhk5arQGjg7PHzFj0Mv/45b1X19MYnTRNpFx5G2Rpa4+5EKEVguUZlUXeVAxfx5
+nn/R6GCSqcOqf+Fb4nRDJrYABJIVCywEeUqRdZjt3VsFBIcXykTItVC4eBDlwNIy
+5ELB8QL7pgRAso3LVBfRdv+SjQKBgQDee1UEkncP9JfzslhCqSUXjgCnPGMDmCsh
+bMLhE5PNiVYMymjitJPY50weBOeJt2e0SBGWwPdWF7yEm11bWyjEDgA0lOndiuLV
+hHvCHUmbRQOh968+4dzSBvUb4llxcQfncs8MPI+ZJeyXghSENY1KzqNLbQcMb49k
+y0uWRqLTvQKBgQCST9Wvl53p5qdIfFkdvh5gNX4JjUlYqYbGTwf9VXiqLFdPEtch
+EBDip5YnD8hOJOLJn4nAf7pMyefjSgmiWKf7VEqutoWHnUZuwwPaRnb1hARsV54O
+O71nAyDWo/IFTnF5+GjaGde6h9TZB7rZEPK3v+2lWPIj/yF+agAokkjScQKBgQCs
+KVAe26AazrGPOSEnZHB5i79hqk8MhwJJOTqMpXOoh2/5MeB8HjSSklnKmQz6+tvb
+HDHQML609mVBUGCrwx0Gqbbq+ZkHgOQLShvimHtPFda7zUjlJi6UsCGYVE3WhRsS
+tTsXQv30Cu7MRzLNJAuUKdcfFN1xeBrEarSxMzPpGQKBgQCGyCSxoHafI78fuLB8
+lfMif3QcILxn409GxypMEc5G7iWyo+vfoMmRNjcr6zZ1luvmTqHl7mAroUpJ9X33
+6Ctw4O3r/utS03AwwOaEfpmlxMQVu5ySFICqZjMHHjvbUFQE2KPlQOqcjChT4S3n
+2vRK05BKbdFqlCprQtFtkA3q+g==
+-----END PRIVATE KEY-----
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/mellon/http_localhost_auth_.xml b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/mellon/http_localhost_auth_.xml
new file mode 100644
index 0000000..d69e131
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/mellon/http_localhost_auth_.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<EntityDescriptor
+ entityID="http://localhost:8480/auth2"
+ xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+ <SPSSODescriptor
+ AuthnRequestsSigned="false"
+ WantAssertionsSigned="false"
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>MIICrjCCAZYCCQCrriL//w2/KDANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5s
+b2NhbGhvc3Q6ODQ4MDAeFw0xNjAyMTcxMDQzMjhaFw0yNjAyMTYxMDQzMjhaMBkx
+FzAVBgNVBAMMDmxvY2FsaG9zdDo4NDgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAw0VE8Q0jNc2bl0OSZWvKQQIIowBie3rGgRfBB0TzO5sjBbJSQYPh
+HBWb61gB4Cx1TvCQdefgVvhB1Heq9VFdRKRtZLl2I9RaOYPpLpBXLl10yHLGUKMz
+KVT1bpKNY4hCDN46nrxiYcbi+ZLsiezAITLEsPls2KWq5IFb0Nh/8aLRv3glk1aL
+aUtSSM1c/qGk7al9rfjG6HuUutaOYtpy4dTTsMkKUmHwBTeMkSYzLnmNVgyRFN8Q
+WPf02B1TtL5cEfrm7frWsSKxUmVcmz5pz3akjd5HD3tNJC1RGCoWQG61g7hW25y1
+MRHcYXlJajSFp9KmGbkB30OpTJgky7NpGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
+AQApi0LyRNInVXfKqdAo1dMRzVso5CPSVuNUd/YwdRS5aYtGUx44SA2kGnuzo9XP
+c0OSJzuMMPRuwkL91Du8283rQT1wERvJrt1Zbs90RAwNNvpTZ4uzgZp/Kxlr8tQ8
+LuUsUcbBgNuI9LV51po0yZlxXGu/pfs7HNRVV2zfItkAO7OKj00f+Mn0+JLhJ9PJ
+oYvfPFQnAU3oFkYlc7FIYUeFKbFFG9KCkwb39vkuIHjcCEVFBCkdERefTBBptmXd
+emOI+tY7m1pzpkVzNDGX0OtEoGDokZHKL9xJUPU5Ao15OhVY0bp84uf1wjVvDVrg
+/8HfSSKirVjrlumRGariq8aw</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <KeyDescriptor use="encryption">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>MIICrjCCAZYCCQCrriL//w2/KDANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5s
+b2NhbGhvc3Q6ODQ4MDAeFw0xNjAyMTcxMDQzMjhaFw0yNjAyMTYxMDQzMjhaMBkx
+FzAVBgNVBAMMDmxvY2FsaG9zdDo4NDgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAw0VE8Q0jNc2bl0OSZWvKQQIIowBie3rGgRfBB0TzO5sjBbJSQYPh
+HBWb61gB4Cx1TvCQdefgVvhB1Heq9VFdRKRtZLl2I9RaOYPpLpBXLl10yHLGUKMz
+KVT1bpKNY4hCDN46nrxiYcbi+ZLsiezAITLEsPls2KWq5IFb0Nh/8aLRv3glk1aL
+aUtSSM1c/qGk7al9rfjG6HuUutaOYtpy4dTTsMkKUmHwBTeMkSYzLnmNVgyRFN8Q
+WPf02B1TtL5cEfrm7frWsSKxUmVcmz5pz3akjd5HD3tNJC1RGCoWQG61g7hW25y1
+MRHcYXlJajSFp9KmGbkB30OpTJgky7NpGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
+AQApi0LyRNInVXfKqdAo1dMRzVso5CPSVuNUd/YwdRS5aYtGUx44SA2kGnuzo9XP
+c0OSJzuMMPRuwkL91Du8283rQT1wERvJrt1Zbs90RAwNNvpTZ4uzgZp/Kxlr8tQ8
+LuUsUcbBgNuI9LV51po0yZlxXGu/pfs7HNRVV2zfItkAO7OKj00f+Mn0+JLhJ9PJ
+oYvfPFQnAU3oFkYlc7FIYUeFKbFFG9KCkwb39vkuIHjcCEVFBCkdERefTBBptmXd
+emOI+tY7m1pzpkVzNDGX0OtEoGDokZHKL9xJUPU5Ao15OhVY0bp84uf1wjVvDVrg
+/8HfSSKirVjrlumRGariq8aw</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <SingleLogoutService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+ Location="http://localhost:8480/mellon/logout" />
+ <SingleLogoutService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ Location="http://localhost:8480/mellon/logout"/>
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+ <AssertionConsumerService
+ index="0"
+ isDefault="true"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ Location="http://localhost:8480/mellon/postResponse" />
+ <AssertionConsumerService
+ index="1"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
+ Location="http://localhost:8480/mellon/artifactResponse" />
+ <AssertionConsumerService
+ index="2"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
+ Location="http://localhost:8480/mellon/paosResponse" />
+ </SPSSODescriptor>
+</EntityDescriptor>
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/mellon/idp-metadata.xml b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/mellon/idp-metadata.xml
new file mode 100755
index 0000000..da74978
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/mellon/idp-metadata.xml
@@ -0,0 +1,51 @@
+<!--
+ ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+ ~ and other contributors as indicated by the @author tags.
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" Name="urn:keycloak">
+ <EntityDescriptor entityID="http://localhost:8180/auth/realms/mellon-test">
+ <IDPSSODescriptor WantAuthnRequestsSigned="true"
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <NameIDFormat>
+ urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+ </NameIDFormat>
+ <NameIDFormat>
+ urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+ </NameIDFormat>
+ <NameIDFormat>
+ urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+ </NameIDFormat>
+ <NameIDFormat>
+ urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+ </NameIDFormat>
+ <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ Location="http://localhost:8180/auth/realms/mellon-test/protocol/saml"/>
+ <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ Location="http://localhost:8180/auth/realms/mellon-test/protocol/saml"/>
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ Location="http://localhost:8180/auth/realms/mellon-test/protocol/saml"/>
+ <KeyDescriptor use="signing">
+ <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:X509Data>
+ <dsig:X509Certificate>
+ MIICpTCCAY0CBgFSP3CJrTANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAttZWxsb24tdGVzdDAeFw0xNjAxMTQwOTE5NDVaFw0yNjAxMTQwOTIxMjVaMBYxFDASBgNVBAMMC21lbGxvbi10ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaZ6nndLegc+aKXNog08KdWOIZfr393e0nlqZ3SzNCYJ+IrSAWepCNvUW4W0samrtC47XBYNJwBSw9KCLNcpOeR7IC+gtmm8t9VH0QRxDEOvoLoj0zMkuaBhF+1NZdt6kc5gYVSeymkFSG/Eyz06Zo9zfhb52tUK83hYPcRE2azBDAuffnnHGg+fiCMZtMz7qCYXSoGy15odM1AypILDGxCtDpk0nPmwp6AlA7LpWLKYFEXrXhPmZGw2eDA6FqLFYgBovffJzFy1WzqpAzpKbYqVbb/yKUbv5NI4ELlOdjvXfoB7wOp3cHwnuq1G8YjR7OKLeVtszKXUPCjwFSZnFwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBwRkPh3pSAG1UWr1rJW9LMVdfu6KFsVTCMqExuJKUrH4hAPKXXi9iEAyiB/+NdnG8bgvU0xhdH9lW51J1JpH3xRtOMV+1CAZB41RFx1r/zJg0Zrdbfodv1UFJtLhSIKhKnfoSdlml2O9SHwd4VQmwz/QQqzBIS+yJDv7cOxMRszryWq5aWCPMosxwuAJzjwlF6jBHqidkd4EGTNMDK1pDZN1voiYS0ry7h7Lcq2ZbrBFzBqzHvXieym68ACDHr5hkKe065ne1hCgO/+POsAi6VU+qlSbzsD9NenHP60c9+Dt/IY9DeX6IubXChcW5A+qnb5qRWBtwXshfcsDFHYkBJ
+ </dsig:X509Certificate>
+ </dsig:X509Data>
+ </dsig:KeyInfo>
+ </KeyDescriptor>
+ </IDPSSODescriptor>
+ </EntityDescriptor>
+</EntitiesDescriptor>
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/www/auth2/index.html b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/www/auth2/index.html
new file mode 100644
index 0000000..31dfbbc
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/www/auth2/index.html
@@ -0,0 +1,20 @@
+<!--
+ ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+ ~ and other contributors as indicated by the @author tags.
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<a href="/">Go to unprotected resource</a>
+<a href="/mellon/logout?ReturnTo=/">logout</a>
+Protected resource 2
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/www/index.html b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/www/index.html
new file mode 100755
index 0000000..ff4e068
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker2/www/index.html
@@ -0,0 +1,19 @@
+<!--
+ ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+ ~ and other contributors as indicated by the @author tags.
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<a href="/auth2">Go to protected resource</a>
+Unprotected resource 2
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/pom.xml b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/pom.xml
index f272a34..05fb8c6 100644
--- a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/pom.xml
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/pom.xml
@@ -31,4 +31,9 @@
<name>Mod_auth_mellon tests</name>
+ <properties>
+ <apache.mod_auth_mellon.url>http://localhost:8380</apache.mod_auth_mellon.url>
+ <apache.mod_auth_mellon2.url>http://localhost:8480</apache.mod_auth_mellon2.url>
+ </properties>
+
</project>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/README.md b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/README.md
index b6fa06b..2887ae5 100644
--- a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/README.md
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/README.md
@@ -1,17 +1,19 @@
# Mod_auth_mellon test
-## Docker image
+## Docker images
-Docker image contains apache + mod_auth_mellon and two html files unprotected (/) and protected (/auth).
+Each docker image contains apache + mod_auth_mellon and two html files unprotected (/) and protected (/auth).
-## Build docker image
+## Build docker images
docker build -t apache-mellon docker/
+docker build -t apache-mellon2 docker2/
## Run docker image
docker run -d -p 8380:80 apache-mellon
+docker run -d -p 8480:80 apache-mellon2
## Run tests
-mvn clean install [-Dapache.mod_auth_mellon.url=http://localhost:8380]
\ No newline at end of file
+mvn clean install [-Dapache.mod_auth_mellon.url=http://localhost:8380 -Dapache.mod_auth_mellon2.url=http://localhost:8480]
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonProtectedResource.java b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonProtectedResource.java
index fafecf7..3e8d42b 100644
--- a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonProtectedResource.java
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonProtectedResource.java
@@ -10,7 +10,7 @@ import java.net.URL;
/**
* @author mhajas
*/
-public class ModAuthMellonProtectedResource extends AbstractPageWithInjectedUrl{
+public class ModAuthMellonProtectedResource extends AbstractPageWithInjectedUrl {
@FindBy(linkText = "logout")
private WebElement logoutButton;
@@ -18,7 +18,7 @@ public class ModAuthMellonProtectedResource extends AbstractPageWithInjectedUrl{
@Override
public URL getInjectedUrl() {
try {
- return new URL(System.getProperty("apache.mod_auth_mellon.url","http://localhost:8380") + "/auth");
+ return new URL(System.getProperty("apache.mod_auth_mellon.url", "http://localhost:8380") + "/auth");
} catch (MalformedURLException e) {
e.printStackTrace();
}
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonProtectedResource2.java b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonProtectedResource2.java
new file mode 100644
index 0000000..7fd6c1b
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonProtectedResource2.java
@@ -0,0 +1,32 @@
+package org.keycloak.testsuite.mod_auth_mellon;
+
+import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class ModAuthMellonProtectedResource2 extends AbstractPageWithInjectedUrl {
+
+ @FindBy(linkText = "logout")
+ private WebElement logoutButton;
+
+ @Override
+ public URL getInjectedUrl() {
+ try {
+ return new URL(System.getProperty("apache.mod_auth_mellon2.url", "http://localhost:8480") + "/auth2");
+ } catch (MalformedURLException e) {
+ e.printStackTrace();
+ }
+
+ return null;
+ }
+
+ public void logout() {
+ logoutButton.click();
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonUnprotectedResource.java b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonUnprotectedResource.java
index 76170bf..311e592 100644
--- a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonUnprotectedResource.java
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonUnprotectedResource.java
@@ -8,12 +8,12 @@ import java.net.URL;
/**
* @author mhajas
*/
-public class ModAuthMellonUnprotectedResource extends AbstractPageWithInjectedUrl{
+public class ModAuthMellonUnprotectedResource extends AbstractPageWithInjectedUrl {
@Override
public URL getInjectedUrl() {
try {
- return new URL(System.getProperty("apache.mod_auth_mellon.url","http://localhost:8380/"));
+ return new URL(System.getProperty("apache.mod_auth_mellon.url", "http://localhost:8380/"));
} catch (MalformedURLException e) {
e.printStackTrace();
}
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonUnprotectedResource2.java b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonUnprotectedResource2.java
new file mode 100644
index 0000000..1b5482e
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonUnprotectedResource2.java
@@ -0,0 +1,23 @@
+package org.keycloak.testsuite.mod_auth_mellon;
+
+import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class ModAuthMellonUnprotectedResource2 extends AbstractPageWithInjectedUrl {
+
+ @Override
+ public URL getInjectedUrl() {
+ try {
+ return new URL(System.getProperty("apache.mod_auth_mellon2.url", "http://localhost:8480/"));
+ } catch (MalformedURLException e) {
+ e.printStackTrace();
+ }
+
+ return null;
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/test/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonTest.java b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/test/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonTest.java
index f19b57b..8166a22 100644
--- a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/test/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonTest.java
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/test/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonTest.java
@@ -6,11 +6,11 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractAuthTest;
import org.keycloak.testsuite.util.URLAssert;
-import javax.xml.transform.TransformerException;
import java.util.List;
import static org.junit.Assert.assertTrue;
import static org.keycloak.testsuite.util.IOUtil.loadRealm;
+import static org.keycloak.testsuite.util.WaitUtils.pause;
/**
* @author mhajas
@@ -22,26 +22,69 @@ public class ModAuthMellonTest extends AbstractAuthTest {
@Page
private ModAuthMellonUnprotectedResource modAuthMellonUnprotectedResourcePage;
+ @Page
+ private ModAuthMellonProtectedResource2 modAuthMellonProtectedResourcePage2;
+
+ @Page
+ private ModAuthMellonUnprotectedResource2 modAuthMellonUnprotectedResourcePage2;
+
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add(loadRealm("/mellon-realm.json"));
}
- @Test
- public void modAuthMellonTest() throws TransformerException {
+ @Override
+ public void setDefaultPageUriParameters() {
+ super.setDefaultPageUriParameters();
testRealmPage.setAuthRealm("mellon-test");
testRealmSAMLRedirectLoginPage.setAuthRealm("mellon-test");
+ }
- modAuthMellonUnprotectedResourcePage.navigateTo();
- assertTrue(driver.getPageSource().contains("Unprotected resource"));
-
+ @Test
+ public void singleLoginAndLogoutTest() {
modAuthMellonProtectedResourcePage.navigateTo();
URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);
testRealmSAMLRedirectLoginPage.form().login(bburkeUser);
assertTrue(driver.getPageSource().contains("Protected resource"));
+ modAuthMellonProtectedResourcePage2.navigateTo();
+ assertTrue(driver.getPageSource().contains("Protected resource 2"));
+
+ modAuthMellonProtectedResourcePage2.logout();
+ assertTrue(driver.getPageSource().contains("Unprotected resource 2"));
+
+ modAuthMellonProtectedResourcePage2.navigateTo();
+ URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);
+
+ pause(2000); //session length
+
+ modAuthMellonProtectedResourcePage.navigateTo();
+ URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);
+ }
+
+ @Test
+ public void unauthorizedSSO() {
+ modAuthMellonProtectedResourcePage2.navigateTo();
+ URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);
+ testRealmSAMLRedirectLoginPage.form().login("unauthorized", "password");
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+
+ modAuthMellonProtectedResourcePage.navigateTo();
+ assertTrue(driver.getPageSource().contains("Protected resource"));
modAuthMellonProtectedResourcePage.logout();
- assertTrue(driver.getPageSource().contains("Unprotected resource"));
+ }
+
+ @Test
+ public void sessionExpiration() {
+ RealmRepresentation realm = testRealmResource().toRepresentation();
+ realm.setSsoSessionIdleTimeout(2);
+ testRealmResource().update(realm);
+
+ modAuthMellonProtectedResourcePage.navigateTo();
+ testRealmSAMLRedirectLoginPage.form().login(bburkeUser);
+ assertTrue(driver.getPageSource().contains("Protected resource"));
+
+ pause(2000); //session length
modAuthMellonProtectedResourcePage.navigateTo();
URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);
diff --git a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/test/resources/mellon-realm.json b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/test/resources/mellon-realm.json
index 7c2c624..05c6caa 100644
--- a/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/test/resources/mellon-realm.json
+++ b/testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/test/resources/mellon-realm.json
@@ -1,11 +1,11 @@
{
"id" : "mellon-test",
"realm" : "mellon-test",
- "notBefore" : 1453206021,
+ "notBefore" : 1455704705,
"revokeRefreshToken" : false,
"accessTokenLifespan" : 300,
"accessTokenLifespanForImplicitFlow" : 900,
- "ssoSessionIdleTimeout" : 1800,
+ "ssoSessionIdleTimeout" : 2,
"ssoSessionMaxLifespan" : 36000,
"offlineSessionIdleTimeout" : 2592000,
"accessCodeLifespan" : 60,
@@ -32,8 +32,8 @@
"codeSecret" : "6ed3c059-96b4-46d2-a385-c25ea96853ca",
"roles" : {
"realm" : [ {
- "id" : "6314a145-4654-45b8-bc05-3b6a01e76236",
- "name" : "test-Role",
+ "id" : "a0d0115b-3baf-484c-88ce-99de03bf6c78",
+ "name" : "manager",
"scopeParamRequired" : false,
"composite" : false
}, {
@@ -130,6 +130,7 @@
} ],
"http://localhost:8380/auth" : [ ],
"security-admin-console" : [ ],
+ "http://localhost:8480/auth2" : [ ],
"admin-cli" : [ ],
"broker" : [ {
"id" : "b0fbb4b2-6632-4c26-8292-c90a64dbf145",
@@ -163,16 +164,39 @@
"otpPolicyLookAheadWindow" : 1,
"otpPolicyPeriod" : 30,
"users" : [ {
- "id" : "df34636d-0ade-4843-9d85-68784c541bc9",
- "createdTimestamp" : 1452774520942,
+ "id" : "b35d3909-3549-4f35-ad0f-918a7c1febb1",
+ "createdTimestamp" : 1455795133502,
"username" : "bburke",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"type" : "password",
- "hashedSaltedValue" : "J53IPqrQcatayK0PB3vY+sxz6Zc9rUwdFiSbMyaLNmvtcCkJ3WElIFAcsLoA7i+rwvQu/VrN+JGi32sxEzQVNg==",
- "salt" : "sfDAWuC3Ue2DB9+WNmRWRw==",
+ "hashedSaltedValue" : "EpVg7wGyRQ4RnG3aCLmytH+zdTp+qCUEvJ9Yqsxm30i8gJmEsXRMjbRkyU58ewcXMB4ZyJsmQJsWPGdANRvAww==",
+ "salt" : "2UuR1SdDCrhQ89UBFmEMuw==",
+ "hashIterations" : 1,
+ "counter" : 0,
+ "algorithm" : "pbkdf2",
+ "digits" : 0
+ } ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "manager", "offline_access" ],
+ "clientRoles" : {
+ "account" : [ "view-profile", "manage-account" ]
+ },
+ "groups" : [ ]
+ }, {
+ "id" : "1dd66fff-71b5-4849-b782-cf612198f53e",
+ "createdTimestamp" : 1455795084424,
+ "username" : "unauthorized",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "email" : "",
+ "credentials" : [ {
+ "type" : "password",
+ "hashedSaltedValue" : "IYB496W8mrwAzUDz8ehqiY6SnzjZs3OvLLrUdJwXUwbOBkRFUJqsCPbEsFlDUSX7BK8MZmD7cdPIBWT/g1m9XA==",
+ "salt" : "qRdAqSdsUCR3bO9VJU47JA==",
"hashIterations" : 1,
"counter" : 0,
"algorithm" : "pbkdf2",
@@ -299,12 +323,13 @@
"useTemplateScope" : false,
"useTemplateMappers" : false
}, {
- "id" : "23254f13-034e-4aa2-8d11-f475c48c5469",
+ "id" : "cb6eb8e4-73bf-4ccc-b817-c4f8547ae5eb",
"clientId" : "http://localhost:8380/auth",
+ "adminUrl" : "http://localhost:8380/mellon",
"surrogateAuthRequired" : false,
"enabled" : true,
"clientAuthenticatorType" : "client-secret",
- "secret" : "c2ffb410-6f8b-4f76-a3c7-c5ab21349fa5",
+ "secret" : "0f0aff29-3677-4b88-920f-90cce19230aa",
"redirectUris" : [ "http://localhost:8380/mellon/postResponse" ],
"webOrigins" : [ "http://localhost:8380" ],
"notBefore" : 0,
@@ -321,6 +346,7 @@
"saml.assertion.signature" : "true",
"saml.force.post.binding" : "true",
"saml.multivalued.roles" : "false",
+ "saml_single_logout_service_url_post" : "",
"saml.encrypt" : "true",
"saml_assertion_consumer_url_post" : "http://localhost:8380/mellon/postResponse",
"saml.server.signature" : "true",
@@ -337,46 +363,35 @@
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"protocolMappers" : [ {
- "id" : "e9cc0f08-519b-445f-9134-38811bf94b0c",
- "name" : "username",
+ "id" : "d625890e-1a84-49a7-9bac-bad1db194882",
+ "name" : "family name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : true,
- "consentText" : "${username}",
+ "consentText" : "${familyName}",
"config" : {
- "user.attribute" : "username",
+ "user.attribute" : "lastName",
"id.token.claim" : "true",
"access.token.claim" : "true",
- "claim.name" : "preferred_username",
+ "claim.name" : "family_name",
"jsonType.label" : "String"
}
}, {
- "id" : "f4663aad-3083-42b0-b6cb-6f88f623a8be",
- "name" : "full name",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-full-name-mapper",
- "consentRequired" : true,
- "consentText" : "${fullName}",
- "config" : {
- "id.token.claim" : "true",
- "access.token.claim" : "true"
- }
- }, {
- "id" : "adb045fd-1f27-41cc-b80f-99592899cef7",
- "name" : "family name",
+ "id" : "b567a20e-2e03-4b64-917b-2793a74b4244",
+ "name" : "email",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : true,
- "consentText" : "${familyName}",
+ "consentText" : "${email}",
"config" : {
- "user.attribute" : "lastName",
+ "user.attribute" : "email",
"id.token.claim" : "true",
"access.token.claim" : "true",
- "claim.name" : "family_name",
+ "claim.name" : "email",
"jsonType.label" : "String"
}
}, {
- "id" : "bcfb2c33-8da8-49ad-9166-cbadd0079bd5",
+ "id" : "4be3487c-c7ff-409f-a672-138d604eed4b",
"name" : "given name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
@@ -390,21 +405,32 @@
"jsonType.label" : "String"
}
}, {
- "id" : "0d969f92-4339-427a-9160-94ce11220628",
- "name" : "email",
+ "id" : "8819f0d3-4db4-42a4-aed4-27b8dea9bbf7",
+ "name" : "username",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : true,
- "consentText" : "${email}",
+ "consentText" : "${username}",
"config" : {
- "user.attribute" : "email",
+ "user.attribute" : "username",
"id.token.claim" : "true",
"access.token.claim" : "true",
- "claim.name" : "email",
+ "claim.name" : "preferred_username",
"jsonType.label" : "String"
}
}, {
- "id" : "31edca8e-05fa-492c-b586-e66f12726398",
+ "id" : "d74f0c8f-7b6d-4ef5-ac57-31cef5d125e7",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ }, {
+ "id" : "6353424c-e417-47d3-95b1-878e649e7e49",
"name" : "role list",
"protocol" : "saml",
"protocolMapper" : "saml-role-list-mapper",
@@ -538,6 +564,128 @@
"useTemplateScope" : false,
"useTemplateMappers" : false
}, {
+ "id" : "cda86e1f-00bd-4727-b4b3-b35357161964",
+ "clientId" : "http://localhost:8480/auth2",
+ "adminUrl" : "http://localhost:8480/mellon",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "e75b6e1b-030f-4630-8e6f-631f4891c79a",
+ "redirectUris" : [ "http://localhost:8480/mellon/postResponse" ],
+ "webOrigins" : [ "http://localhost:8480" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : true,
+ "protocol" : "saml",
+ "attributes" : {
+ "saml.assertion.signature" : "false",
+ "saml.force.post.binding" : "true",
+ "saml.multivalued.roles" : "false",
+ "saml_single_logout_service_url_post" : "",
+ "saml.encrypt" : "false",
+ "saml_assertion_consumer_url_post" : "http://localhost:8480/mellon/postResponse",
+ "saml.server.signature" : "true",
+ "saml.signing.certificate" : "MIICrjCCAZYCCQCrriL//w2/KDANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5sb2NhbGhvc3Q6ODQ4MDAeFw0xNjAyMTcxMDQzMjhaFw0yNjAyMTYxMDQzMjhaMBkxFzAVBgNVBAMMDmxvY2FsaG9zdDo4NDgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0VE8Q0jNc2bl0OSZWvKQQIIowBie3rGgRfBB0TzO5sjBbJSQYPhHBWb61gB4Cx1TvCQdefgVvhB1Heq9VFdRKRtZLl2I9RaOYPpLpBXLl10yHLGUKMzKVT1bpKNY4hCDN46nrxiYcbi+ZLsiezAITLEsPls2KWq5IFb0Nh/8aLRv3glk1aLaUtSSM1c/qGk7al9rfjG6HuUutaOYtpy4dTTsMkKUmHwBTeMkSYzLnmNVgyRFN8QWPf02B1TtL5cEfrm7frWsSKxUmVcmz5pz3akjd5HD3tNJC1RGCoWQG61g7hW25y1MRHcYXlJajSFp9KmGbkB30OpTJgky7NpGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQApi0LyRNInVXfKqdAo1dMRzVso5CPSVuNUd/YwdRS5aYtGUx44SA2kGnuzo9XPc0OSJzuMMPRuwkL91Du8283rQT1wERvJrt1Zbs90RAwNNvpTZ4uzgZp/Kxlr8tQ8LuUsUcbBgNuI9LV51po0yZlxXGu/pfs7HNRVV2zfItkAO7OKj00f+Mn0+JLhJ9PJoYvfPFQnAU3oFkYlc7FIYUeFKbFFG9KCkwb39vkuIHjcCEVFBCkdERefTBBptmXdemOI+tY7m1pzpkVzNDGX0OtEoGDokZHKL9xJUPU5Ao15OhVY0bp84uf1wjVvDVrg/8HfSSKirVjrlumRGariq8aw",
+ "saml_single_logout_service_url_redirect" : "http://localhost:8480/mellon/logout",
+ "saml.signature.algorithm" : "RSA_SHA1",
+ "saml_force_name_id_format" : "false",
+ "saml.client.signature" : "true",
+ "saml.encryption.certificate" : "MIICrjCCAZYCCQCrriL//w2/KDANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5sb2NhbGhvc3Q6ODQ4MDAeFw0xNjAyMTcxMDQzMjhaFw0yNjAyMTYxMDQzMjhaMBkxFzAVBgNVBAMMDmxvY2FsaG9zdDo4NDgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0VE8Q0jNc2bl0OSZWvKQQIIowBie3rGgRfBB0TzO5sjBbJSQYPhHBWb61gB4Cx1TvCQdefgVvhB1Heq9VFdRKRtZLl2I9RaOYPpLpBXLl10yHLGUKMzKVT1bpKNY4hCDN46nrxiYcbi+ZLsiezAITLEsPls2KWq5IFb0Nh/8aLRv3glk1aLaUtSSM1c/qGk7al9rfjG6HuUutaOYtpy4dTTsMkKUmHwBTeMkSYzLnmNVgyRFN8QWPf02B1TtL5cEfrm7frWsSKxUmVcmz5pz3akjd5HD3tNJC1RGCoWQG61g7hW25y1MRHcYXlJajSFp9KmGbkB30OpTJgky7NpGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQApi0LyRNInVXfKqdAo1dMRzVso5CPSVuNUd/YwdRS5aYtGUx44SA2kGnuzo9XPc0OSJzuMMPRuwkL91Du8283rQT1wERvJrt1Zbs90RAwNNvpTZ4uzgZp/Kxlr8tQ8LuUsUcbBgNuI9LV51po0yZlxXGu/pfs7HNRVV2zfItkAO7OKj00f+Mn0+JLhJ9PJoYvfPFQnAU3oFkYlc7FIYUeFKbFFG9KCkwb39vkuIHjcCEVFBCkdERefTBBptmXdemOI+tY7m1pzpkVzNDGX0OtEoGDokZHKL9xJUPU5Ao15OhVY0bp84uf1wjVvDVrg/8HfSSKirVjrlumRGariq8aw",
+ "saml.authnstatement" : "true",
+ "saml_name_id_format" : "username",
+ "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
+ },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : -1,
+ "protocolMappers" : [ {
+ "id" : "875d9e9f-cd71-40d3-9e63-1c8d6665b63c",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${givenName}",
+ "config" : {
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "324e28d0-fb0a-4cc1-9916-d5cd10221b23",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : true,
+ "consentText" : "${fullName}",
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ }, {
+ "id" : "9d5b4f3f-79f0-4d62-a13b-53f44587fb1f",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${username}",
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "af50e3ab-8959-467f-84fe-f7a9ac9d4383",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${email}",
+ "config" : {
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "7a7a7fab-d464-451c-9025-bfc4f4629189",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : true,
+ "consentText" : "${familyName}",
+ "config" : {
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "86731f18-9114-428b-bf9e-102e2931adc6",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ } ],
+ "useTemplateConfig" : false,
+ "useTemplateScope" : false,
+ "useTemplateMappers" : false
+ }, {
"id" : "14abd995-d10a-4da3-85cf-0c6fbb65ce41",
"clientId" : "admin-cli",
"name" : "${client_admin-cli}",
@@ -860,310 +1008,9 @@
"smtpServer" : { },
"eventsEnabled" : true,
"eventsListeners" : [ "jboss-logging" ],
- "enabledEventTypes" : [ "SEND_RESET_PASSWORD", "UPDATE_TOTP", "REMOVE_TOTP", "REVOKE_GRANT", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", "CODE_TO_TOKEN_ERROR", "CUSTOM_REQUIRED_ACTION", "UPDATE_PROFILE_ERROR", "IMPERSONATE", "LOGIN", "UPDATE_PASSWORD_ERROR", "REGISTER", "LOGOUT", "CLIENT_REGISTER", "UPDATE_PASSWORD", "FEDERATED_IDENTITY_LINK_ERROR", "CLIENT_DELETE", "IDENTITY_PROVIDER_FIRST_LOGIN", "VERIFY_EMAIL", "CLIENT_DELETE_ERROR", "CLIENT_LOGIN_ERROR", "REMOVE_FEDERATED_IDENTITY_ERROR", "EXECUTE_ACTIONS", "SEND_IDENTITY_PROVIDER_LINK_ERROR", "SEND_VERIFY_EMAIL", "EXECUTE_ACTIONS_ERROR", "REMOVE_FEDERATED_IDENTITY", "IDENTITY_PROVIDER_POST_LOGIN", "UPDATE_EMAIL", "REGISTER_ERROR", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", "CLIENT_UPDATE_ERROR", "UPDATE_PROFILE", "FEDERATED_IDENTITY_LINK", "CLIENT_REGISTER_ERROR", "SEND_VERIFY_EMAIL_ERROR", "SEND_IDENTITY_PROVIDER_LINK", "RESET_PASSWORD", "REMOVE_TOTP_ERROR", "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "CUSTOM_REQUIRED_ACTION_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" ],
+ "enabledEventTypes" : [ ],
"adminEventsEnabled" : false,
"adminEventsDetailsEnabled" : false,
"internationalizationEnabled" : false,
- "supportedLocales" : [ ],
- "authenticationFlows" : [ {
- "alias" : "Handle Existing Account",
- "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "idp-confirm-link",
- "autheticatorFlow" : false,
- "requirement" : "REQUIRED",
- "userSetupAllowed" : false,
- "priority" : 10
- }, {
- "authenticator" : "idp-email-verification",
- "autheticatorFlow" : false,
- "requirement" : "ALTERNATIVE",
- "userSetupAllowed" : false,
- "priority" : 20
- }, {
- "flowAlias" : "Verify Existing Account by Re-authentication",
- "autheticatorFlow" : true,
- "requirement" : "ALTERNATIVE",
- "userSetupAllowed" : false,
- "priority" : 30
- } ]
- }, {
- "alias" : "Verify Existing Account by Re-authentication",
- "description" : "Reauthentication of existing account",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "idp-username-password-form",
- "autheticatorFlow" : false,
- "requirement" : "REQUIRED",
- "userSetupAllowed" : false,
- "priority" : 10
- }, {
- "authenticator" : "auth-otp-form",
- "autheticatorFlow" : false,
- "requirement" : "OPTIONAL",
- "userSetupAllowed" : false,
- "priority" : 20
- } ]
- }, {
- "alias" : "browser",
- "description" : "browser based authentication",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "auth-cookie",
- "autheticatorFlow" : false,
- "requirement" : "ALTERNATIVE",
- "userSetupAllowed" : false,
- "priority" : 10
- }, {
- "authenticator" : "auth-spnego",
- "autheticatorFlow" : false,
- "requirement" : "DISABLED",
- "userSetupAllowed" : false,
- "priority" : 20
- }, {
- "flowAlias" : "forms",
- "autheticatorFlow" : true,
- "requirement" : "ALTERNATIVE",
- "userSetupAllowed" : false,
- "priority" : 30
- } ]
- }, {
- "alias" : "clients",
- "description" : "Base authentication for clients",
- "providerId" : "client-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "client-secret",
- "autheticatorFlow" : false,
- "requirement" : "ALTERNATIVE",
- "userSetupAllowed" : false,
- "priority" : 10
- }, {
- "authenticator" : "client-jwt",
- "autheticatorFlow" : false,
- "requirement" : "ALTERNATIVE",
- "userSetupAllowed" : false,
- "priority" : 20
- } ]
- }, {
- "alias" : "direct grant",
- "description" : "OpenID Connect Resource Owner Grant",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "direct-grant-validate-username",
- "autheticatorFlow" : false,
- "requirement" : "REQUIRED",
- "userSetupAllowed" : false,
- "priority" : 10
- }, {
- "authenticator" : "direct-grant-validate-password",
- "autheticatorFlow" : false,
- "requirement" : "REQUIRED",
- "userSetupAllowed" : false,
- "priority" : 20
- }, {
- "authenticator" : "direct-grant-validate-otp",
- "autheticatorFlow" : false,
- "requirement" : "OPTIONAL",
- "userSetupAllowed" : false,
- "priority" : 30
- } ]
- }, {
- "alias" : "first broker login",
- "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticatorConfig" : "review profile config",
- "authenticator" : "idp-review-profile",
- "autheticatorFlow" : false,
- "requirement" : "REQUIRED",
- "userSetupAllowed" : false,
- "priority" : 10
- }, {
- "authenticatorConfig" : "create unique user config",
- "authenticator" : "idp-create-user-if-unique",
- "autheticatorFlow" : false,
- "requirement" : "ALTERNATIVE",
- "userSetupAllowed" : false,
- "priority" : 20
- }, {
- "flowAlias" : "Handle Existing Account",
- "autheticatorFlow" : true,
- "requirement" : "ALTERNATIVE",
- "userSetupAllowed" : false,
- "priority" : 30
- } ]
- }, {
- "alias" : "forms",
- "description" : "Username, password, otp and other auth forms.",
- "providerId" : "basic-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "auth-username-password-form",
- "autheticatorFlow" : false,
- "requirement" : "REQUIRED",
- "userSetupAllowed" : false,
- "priority" : 10
- }, {
- "authenticator" : "auth-otp-form",
- "autheticatorFlow" : false,
- "requirement" : "OPTIONAL",
- "userSetupAllowed" : false,
- "priority" : 20
- } ]
- }, {
- "alias" : "registration",
- "description" : "registration flow",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "registration-page-form",
- "flowAlias" : "registration form",
- "autheticatorFlow" : true,
- "requirement" : "REQUIRED",
- "userSetupAllowed" : false,
- "priority" : 10
- } ]
- }, {
- "alias" : "registration form",
- "description" : "registration form",
- "providerId" : "form-flow",
- "topLevel" : false,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "registration-user-creation",
- "autheticatorFlow" : false,
- "requirement" : "REQUIRED",
- "userSetupAllowed" : false,
- "priority" : 20
- }, {
- "authenticator" : "registration-profile-action",
- "autheticatorFlow" : false,
- "requirement" : "REQUIRED",
- "userSetupAllowed" : false,
- "priority" : 40
- }, {
- "authenticator" : "registration-password-action",
- "autheticatorFlow" : false,
- "requirement" : "REQUIRED",
- "userSetupAllowed" : false,
- "priority" : 50
- }, {
- "authenticator" : "registration-recaptcha-action",
- "autheticatorFlow" : false,
- "requirement" : "DISABLED",
- "userSetupAllowed" : false,
- "priority" : 60
- } ]
- }, {
- "alias" : "reset credentials",
- "description" : "Reset credentials for a user if they forgot their password or something",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "reset-credentials-choose-user",
- "autheticatorFlow" : false,
- "requirement" : "REQUIRED",
- "userSetupAllowed" : false,
- "priority" : 10
- }, {
- "authenticator" : "reset-credential-email",
- "autheticatorFlow" : false,
- "requirement" : "REQUIRED",
- "userSetupAllowed" : false,
- "priority" : 20
- }, {
- "authenticator" : "reset-password",
- "autheticatorFlow" : false,
- "requirement" : "REQUIRED",
- "userSetupAllowed" : false,
- "priority" : 30
- }, {
- "authenticator" : "reset-otp",
- "autheticatorFlow" : false,
- "requirement" : "OPTIONAL",
- "userSetupAllowed" : false,
- "priority" : 40
- } ]
- }, {
- "alias" : "saml ecp",
- "description" : "SAML ECP Profile Authentication Flow",
- "providerId" : "basic-flow",
- "topLevel" : true,
- "builtIn" : true,
- "authenticationExecutions" : [ {
- "authenticator" : "http-basic-authenticator",
- "autheticatorFlow" : false,
- "requirement" : "REQUIRED",
- "userSetupAllowed" : false,
- "priority" : 10
- } ]
- } ],
- "authenticatorConfig" : [ {
- "alias" : "create unique user config",
- "config" : {
- "require.password.update.after.registration" : "false"
- }
- }, {
- "alias" : "review profile config",
- "config" : {
- "update.profile.on.first.login" : "missing"
- }
- } ],
- "requiredActions" : [ {
- "alias" : "CONFIGURE_TOTP",
- "name" : "Configure Totp",
- "providerId" : "CONFIGURE_TOTP",
- "enabled" : true,
- "defaultAction" : false,
- "config" : { }
- }, {
- "alias" : "UPDATE_PASSWORD",
- "name" : "Update Password",
- "providerId" : "UPDATE_PASSWORD",
- "enabled" : true,
- "defaultAction" : false,
- "config" : { }
- }, {
- "alias" : "UPDATE_PROFILE",
- "name" : "Update Profile",
- "providerId" : "UPDATE_PROFILE",
- "enabled" : true,
- "defaultAction" : false,
- "config" : { }
- }, {
- "alias" : "VERIFY_EMAIL",
- "name" : "Verify Email",
- "providerId" : "VERIFY_EMAIL",
- "enabled" : true,
- "defaultAction" : false,
- "config" : { }
- }, {
- "alias" : "terms_and_conditions",
- "name" : "Terms and Conditions",
- "providerId" : "terms_and_conditions",
- "enabled" : false,
- "defaultAction" : false,
- "config" : { }
- } ],
- "browserFlow" : "browser",
- "registrationFlow" : "registration",
- "directGrantFlow" : "direct grant",
- "resetCredentialsFlow" : "reset credentials",
- "clientAuthenticationFlow" : "clients"
+ "supportedLocales" : [ ]
}
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/pom.xml b/testsuite/integration-arquillian/tests/pom.xml
index e569881..7d6d1d7 100644
--- a/testsuite/integration-arquillian/tests/pom.xml
+++ b/testsuite/integration-arquillian/tests/pom.xml
@@ -52,7 +52,6 @@
<auth.server.management.port>10090</auth.server.management.port>
<auth.server.management.port.jmx>10099</auth.server.management.port.jmx>
<auth.server.ssl.required>false</auth.server.ssl.required>
- <apache.mod_auth_mellon.url>http://localhost:8380</apache.mod_auth_mellon.url>
<startup.timeout.sec>60</startup.timeout.sec>
<browser>phantomjs</browser>