keycloak-aplcache
Changes
testsuite/integration-arquillian/tests/adapters/wildfly-relative/src/main/xslt/standalone.xsl 2(+2 -0)
testsuite/integration-arquillian/tests/adapters/wildfly-relative/src/test/java/org/keycloak/testsuite/adapter/example/WildflyRelativeSAMLExampleAdapterTest.java 12(+12 -0)
testsuite/integration-arquillian/tests/adapters/wildfly-relative/src/test/java/org/keycloak/testsuite/adapter/servlet/WildflyRelativeSAMLServletsAdapterTest.java 11(+11 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadClientSalesPostSigServlet.java 22(+22 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadRealmSalesPostSigServlet.java 22(+22 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/Employee2Servlet.java 22(+22 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigFrontServlet.java 22(+22 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigServlet.java 22(+22 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesMetadataServlet.java 22(+22 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostEncServlet.java 22(+22 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostPassiveServlet.java 22(+22 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostServlet.java 22(+22 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigEmailServlet.java 22(+22 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigPersistentServlet.java 22(+22 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigServlet.java 22(+22 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigTransientServlet.java 22(+22 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLPostEncExample.java 32(+32 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLPostSigExample.java 32(+32 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLRedirectSigExample.java 32(+32 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLServletWithLogout.java 17(+17 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/servlet/SendUsernameServlet.java 77(+77 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java 78(+52 -26)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/auth/page/AuthRealm.java 2(+2 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/auth/page/login/Login.java 9(+5 -4)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/auth/page/login/SAMLLogin.java 10(+10 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/IOUtil.java 52(+47 -5)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java 24(+18 -6)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java 42(+30 -12)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractServletsAdapterTest.java 46(+43 -3)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractSAMLExampleAdapterTest.java 104(+104 -0)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.java 419(+419 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-sales-post-sig/WEB-INF/keycloak-saml.xml 40(+40 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-sales-post-sig/WEB-INF/keystore.jks 0(+0 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-signed-post/WEB-INF/keycloak-saml.xml 40(+40 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-signed-post/WEB-INF/keystore.jks 0(+0 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-sales-post-sig/WEB-INF/keycloak-saml.xml 45(+45 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-sales-post-sig/WEB-INF/keystore.jks 0(+0 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-signed-post/WEB-INF/keycloak-saml.xml 45(+45 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-signed-post/WEB-INF/keystore.jks 0(+0 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee2/WEB-INF/keycloak-saml.xml 25(+25 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig/WEB-INF/keycloak-saml.xml 44(+44 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig/WEB-INF/keystore.jks 0(+0 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig-front/WEB-INF/keycloak-saml.xml 44(+44 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig-front/WEB-INF/keystore.jks 0(+0 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/encrypted-post/WEB-INF/keycloak-saml.xml 45(+45 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/encrypted-post/WEB-INF/keystore.jks 0(+0 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/mappers/WEB-INF/keycloak-saml.xml 25(+25 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-metadata/WEB-INF/keycloak-saml.xml 45(+45 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-metadata/WEB-INF/keystore.jks 0(+0 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post/WEB-INF/keycloak-saml.xml 24(+24 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-enc/WEB-INF/keycloak-saml.xml 45(+45 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-enc/WEB-INF/keystore.jks 0(+0 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-passive/WEB-INF/keycloak-saml.xml 25(+25 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig/WEB-INF/keycloak-saml.xml 40(+40 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig/WEB-INF/keystore.jks 0(+0 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-email/WEB-INF/keycloak-saml.xml 44(+44 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-email/WEB-INF/keystore.jks 0(+0 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-persistent/WEB-INF/keycloak-saml.xml 45(+45 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-persistent/WEB-INF/keystore.jks 0(+0 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-transient/WEB-INF/keycloak-saml.xml 45(+45 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-transient/WEB-INF/keystore.jks 0(+0 -0)
testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sp-metadata.xml 38(+38 -0)
Details
diff --git a/testsuite/integration-arquillian/servers/wildfly/pom.xml b/testsuite/integration-arquillian/servers/wildfly/pom.xml
index cc5918d..f30d6c2 100644
--- a/testsuite/integration-arquillian/servers/wildfly/pom.xml
+++ b/testsuite/integration-arquillian/servers/wildfly/pom.xml
@@ -170,6 +170,11 @@
<artifactId>keycloak-wildfly-adapter-dist</artifactId>
<type>zip</type>
</dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-wildfly-adapter-dist</artifactId>
+ <type>zip</type>
+ </dependency>
</dependencies>
<build>
<plugins>
@@ -192,6 +197,13 @@
<type>zip</type>
<outputDirectory>${keycloak.server.home}</outputDirectory>
</artifactItem>
+ <artifactItem>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-wildfly-adapter-dist</artifactId>
+ <version>${project.version}</version>
+ <type>zip</type>
+ <outputDirectory>${keycloak.server.home}</outputDirectory>
+ </artifactItem>
</artifactItems>
</configuration>
</execution>
diff --git a/testsuite/integration-arquillian/servers/wildfly/src/main/xslt/standalone.xsl b/testsuite/integration-arquillian/servers/wildfly/src/main/xslt/standalone.xsl
index a483717..9239d67 100644
--- a/testsuite/integration-arquillian/servers/wildfly/src/main/xslt/standalone.xsl
+++ b/testsuite/integration-arquillian/servers/wildfly/src/main/xslt/standalone.xsl
@@ -16,6 +16,7 @@
<xsl:copy>
<xsl:apply-templates select="node()|@*"/>
<extension module="org.keycloak.keycloak-adapter-subsystem"/>
+ <extension module="org.keycloak.keycloak-saml-adapter-subsystem"/>
</xsl:copy>
</xsl:template>
@@ -23,6 +24,7 @@
<xsl:copy>
<xsl:apply-templates select="node()|@*"/>
<subsystem xmlns="urn:jboss:domain:keycloak:1.1"/>
+ <subsystem xmlns="urn:jboss:domain:keycloak-saml:1.1"/>
</xsl:copy>
</xsl:template>
diff --git a/testsuite/integration-arquillian/tests/adapters/pom.xml b/testsuite/integration-arquillian/tests/adapters/pom.xml
index 07aae0d..865f8fc 100644
--- a/testsuite/integration-arquillian/tests/adapters/pom.xml
+++ b/testsuite/integration-arquillian/tests/adapters/pom.xml
@@ -248,6 +248,24 @@
<version>${project.version}</version>
<type>war</type>
</artifactItem>
+ <artifactItem>
+ <groupId>org.keycloak</groupId>
+ <artifactId>saml-post-signatures</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ </artifactItem>
+ <artifactItem>
+ <groupId>org.keycloak</groupId>
+ <artifactId>saml-post-encryption</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ </artifactItem>
+ <artifactItem>
+ <groupId>org.keycloak</groupId>
+ <artifactId>saml-redirect-signatures</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ </artifactItem>
</artifactItems>
<outputDirectory>${examples.home}</outputDirectory>
<overWriteIfNewer>true</overWriteIfNewer>
@@ -268,6 +286,13 @@
<type>zip</type>
<includes>**/*realm.json</includes>
</artifactItem>
+ <artifactItem>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-examples-dist</artifactId>
+ <version>${project.version}</version>
+ <type>zip</type>
+ <includes>**/testsaml.json</includes>
+ </artifactItem>
</artifactItems>
<outputDirectory>${examples.home}</outputDirectory>
<overWriteIfNewer>true</overWriteIfNewer>
diff --git a/testsuite/integration-arquillian/tests/adapters/wildfly-relative/pom.xml b/testsuite/integration-arquillian/tests/adapters/wildfly-relative/pom.xml
index 30cf25a..20a43e2 100644
--- a/testsuite/integration-arquillian/tests/adapters/wildfly-relative/pom.xml
+++ b/testsuite/integration-arquillian/tests/adapters/wildfly-relative/pom.xml
@@ -30,6 +30,11 @@
<artifactId>keycloak-wildfly-adapter-dist</artifactId>
<type>zip</type>
</dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-wildfly-adapter-dist</artifactId>
+ <type>zip</type>
+ </dependency>
</dependencies>
<profiles>
@@ -48,7 +53,7 @@
<executions>
<execution>
<id>unpack-adapter</id>
- <phase>generate-resources</phase>
+ <phase>process-resources</phase>
<goals>
<goal>unpack</goal>
</goals>
@@ -61,12 +66,44 @@
<type>zip</type>
<outputDirectory>${adapter.libs.wildfly}</outputDirectory>
</artifactItem>
+ <artifactItem>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-wildfly-adapter-dist</artifactId>
+ <version>${project.version}</version>
+ <type>zip</type>
+ <outputDirectory>${adapter.libs.wildfly}</outputDirectory>
+ </artifactItem>
</artifactItems>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>xml-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>configure-adapter-subsystem</id>
+ <phase>process-resources</phase>
+ <goals>
+ <goal>transform</goal>
+ </goals>
+ <configuration>
+ <transformationSets>
+ <transformationSet>
+ <dir>${auth.server.container}/standalone/configuration</dir>
+ <includes>
+ <include>standalone.xml</include>
+ </includes>
+ <stylesheet>src/main/xslt/standalone.xsl</stylesheet>
+ <outputDir>${auth.server.container}/standalone/configuration</outputDir>
+ </transformationSet>
+ </transformationSets>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
diff --git a/testsuite/integration-arquillian/tests/adapters/wildfly-relative/src/main/xslt/standalone.xsl b/testsuite/integration-arquillian/tests/adapters/wildfly-relative/src/main/xslt/standalone.xsl
index a483717..9239d67 100644
--- a/testsuite/integration-arquillian/tests/adapters/wildfly-relative/src/main/xslt/standalone.xsl
+++ b/testsuite/integration-arquillian/tests/adapters/wildfly-relative/src/main/xslt/standalone.xsl
@@ -16,6 +16,7 @@
<xsl:copy>
<xsl:apply-templates select="node()|@*"/>
<extension module="org.keycloak.keycloak-adapter-subsystem"/>
+ <extension module="org.keycloak.keycloak-saml-adapter-subsystem"/>
</xsl:copy>
</xsl:template>
@@ -23,6 +24,7 @@
<xsl:copy>
<xsl:apply-templates select="node()|@*"/>
<subsystem xmlns="urn:jboss:domain:keycloak:1.1"/>
+ <subsystem xmlns="urn:jboss:domain:keycloak-saml:1.1"/>
</xsl:copy>
</xsl:template>
diff --git a/testsuite/integration-arquillian/tests/adapters/wildfly-relative/src/test/java/org/keycloak/testsuite/adapter/example/WildflyRelativeSAMLExampleAdapterTest.java b/testsuite/integration-arquillian/tests/adapters/wildfly-relative/src/test/java/org/keycloak/testsuite/adapter/example/WildflyRelativeSAMLExampleAdapterTest.java
new file mode 100644
index 0000000..6e0c6df
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/adapters/wildfly-relative/src/test/java/org/keycloak/testsuite/adapter/example/WildflyRelativeSAMLExampleAdapterTest.java
@@ -0,0 +1,12 @@
+package org.keycloak.testsuite.adapter.example;
+
+import org.keycloak.testsuite.arquillian.annotation.AdapterLibsLocationProperty;
+
+/**
+ *
+ * @author mhajas
+ */
+@AdapterLibsLocationProperty("adapter.libs.wildfly")
+public class WildflyRelativeSAMLExampleAdapterTest extends AbstractSAMLExampleAdapterTest {
+
+}
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/adapters/wildfly-relative/src/test/java/org/keycloak/testsuite/adapter/servlet/WildflyRelativeSAMLServletsAdapterTest.java b/testsuite/integration-arquillian/tests/adapters/wildfly-relative/src/test/java/org/keycloak/testsuite/adapter/servlet/WildflyRelativeSAMLServletsAdapterTest.java
new file mode 100644
index 0000000..9fbdf5a
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/adapters/wildfly-relative/src/test/java/org/keycloak/testsuite/adapter/servlet/WildflyRelativeSAMLServletsAdapterTest.java
@@ -0,0 +1,11 @@
+package org.keycloak.testsuite.adapter.servlet;
+
+import org.keycloak.testsuite.arquillian.annotation.AdapterLibsLocationProperty;
+
+/**
+ * @author mhajas
+ */
+@AdapterLibsLocationProperty("adapter.libs.wildfly")
+public class WildflyRelativeSAMLServletsAdapterTest extends AbstractSAMLServletsAdapterTest {
+
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadClientSalesPostSigServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadClientSalesPostSigServlet.java
new file mode 100644
index 0000000..1fdd1f3
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadClientSalesPostSigServlet.java
@@ -0,0 +1,22 @@
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class BadClientSalesPostSigServlet extends SAMLServletWithLogout {
+ public static final String DEPLOYMENT_NAME = "bad-client-sales-post-sig";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadRealmSalesPostSigServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadRealmSalesPostSigServlet.java
new file mode 100644
index 0000000..fa56850
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/BadRealmSalesPostSigServlet.java
@@ -0,0 +1,22 @@
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class BadRealmSalesPostSigServlet extends SAMLServletWithLogout {
+ public static final String DEPLOYMENT_NAME = "bad-realm-sales-post-sig";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/Employee2Servlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/Employee2Servlet.java
new file mode 100644
index 0000000..85ea7e2
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/Employee2Servlet.java
@@ -0,0 +1,22 @@
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class Employee2Servlet extends SAMLServletWithLogout {
+ public static final String DEPLOYMENT_NAME = "employee2";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigFrontServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigFrontServlet.java
new file mode 100644
index 0000000..60b0398
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigFrontServlet.java
@@ -0,0 +1,22 @@
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class EmployeeSigFrontServlet extends SAMLServletWithLogout {
+ public static final String DEPLOYMENT_NAME = "employee-sig-front";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigServlet.java
new file mode 100644
index 0000000..fc7780b
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/EmployeeSigServlet.java
@@ -0,0 +1,22 @@
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class EmployeeSigServlet extends SAMLServletWithLogout {
+ public static final String DEPLOYMENT_NAME = "employee-sig";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesMetadataServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesMetadataServlet.java
new file mode 100644
index 0000000..e4ed1c7
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesMetadataServlet.java
@@ -0,0 +1,22 @@
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class SalesMetadataServlet extends SAMLServletWithLogout {
+ public static final String DEPLOYMENT_NAME = "sales-metadata";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostEncServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostEncServlet.java
new file mode 100644
index 0000000..a77f9b1
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostEncServlet.java
@@ -0,0 +1,22 @@
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class SalesPostEncServlet extends SAMLServletWithLogout {
+ public static final String DEPLOYMENT_NAME = "sales-post-enc";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostPassiveServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostPassiveServlet.java
new file mode 100644
index 0000000..828b52d
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostPassiveServlet.java
@@ -0,0 +1,22 @@
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class SalesPostPassiveServlet extends SAMLServletWithLogout {
+ public static final String DEPLOYMENT_NAME = "sales-post-passive";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostServlet.java
new file mode 100644
index 0000000..d2ef1be
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostServlet.java
@@ -0,0 +1,22 @@
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class SalesPostServlet extends SAMLServletWithLogout {
+ public static final String DEPLOYMENT_NAME = "sales-post";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigEmailServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigEmailServlet.java
new file mode 100644
index 0000000..f3bf86c
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigEmailServlet.java
@@ -0,0 +1,22 @@
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class SalesPostSigEmailServlet extends SAMLServletWithLogout {
+ public static final String DEPLOYMENT_NAME = "sales-post-sig-email";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigPersistentServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigPersistentServlet.java
new file mode 100644
index 0000000..68bed8d
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigPersistentServlet.java
@@ -0,0 +1,22 @@
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class SalesPostSigPersistentServlet extends SAMLServletWithLogout {
+ public static final String DEPLOYMENT_NAME = "sales-post-sig-persistent";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigServlet.java
new file mode 100644
index 0000000..a579712
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigServlet.java
@@ -0,0 +1,22 @@
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class SalesPostSigServlet extends SAMLServletWithLogout {
+ public static final String DEPLOYMENT_NAME = "sales-post-sig";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigTransientServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigTransientServlet.java
new file mode 100644
index 0000000..e3987b3
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SalesPostSigTransientServlet.java
@@ -0,0 +1,22 @@
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class SalesPostSigTransientServlet extends SAMLServletWithLogout {
+ public static final String DEPLOYMENT_NAME = "sales-post-sig-transient";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLPostEncExample.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLPostEncExample.java
new file mode 100644
index 0000000..cf67a15
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLPostEncExample.java
@@ -0,0 +1,32 @@
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class SAMLPostEncExample extends AbstractPageWithInjectedUrl {
+ public static final String DEPLOYMENT_NAME = "saml-post-encryption";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @FindBy(tagName = "a")
+ WebElement logoutButton;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+
+ public void logout() {
+ logoutButton.click();
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLPostSigExample.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLPostSigExample.java
new file mode 100644
index 0000000..04fc999
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLPostSigExample.java
@@ -0,0 +1,32 @@
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class SAMLPostSigExample extends AbstractPageWithInjectedUrl {
+ public static final String DEPLOYMENT_NAME = "saml-post-signatures";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @FindBy(tagName = "a")
+ WebElement logoutButton;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+
+ public void logout() {
+ logoutButton.click();
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLRedirectSigExample.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLRedirectSigExample.java
new file mode 100644
index 0000000..5260a24
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLRedirectSigExample.java
@@ -0,0 +1,32 @@
+package org.keycloak.testsuite.adapter.page;
+
+import org.jboss.arquillian.container.test.api.OperateOnDeployment;
+import org.jboss.arquillian.test.api.ArquillianResource;
+import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class SAMLRedirectSigExample extends AbstractPageWithInjectedUrl {
+ public static final String DEPLOYMENT_NAME = "saml-redirect-signatures";
+
+ @ArquillianResource
+ @OperateOnDeployment(DEPLOYMENT_NAME)
+ private URL url;
+
+ @FindBy(tagName = "a")
+ WebElement logoutButton;
+
+ @Override
+ public URL getInjectedUrl() {
+ return url;
+ }
+
+ public void logout() {
+ logoutButton.click();
+ }
+}
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLServletWithLogout.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLServletWithLogout.java
new file mode 100644
index 0000000..2656fd4
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/SAMLServletWithLogout.java
@@ -0,0 +1,17 @@
+package org.keycloak.testsuite.adapter.page;
+
+import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
+
+import static org.keycloak.testsuite.util.WaitUtils.pause;
+
+/**
+ * @author mhajas
+ */
+public abstract class SAMLServletWithLogout extends AbstractPageWithInjectedUrl {
+
+ public void logout() {
+ driver.navigate().to(getUriBuilder().queryParam("GLO", "true").build().toASCIIString());
+ getUriBuilder().replaceQueryParam("GLO", null);
+ pause(300);
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/servlet/SendUsernameServlet.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/servlet/SendUsernameServlet.java
new file mode 100755
index 0000000..990777a
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/servlet/SendUsernameServlet.java
@@ -0,0 +1,77 @@
+package org.keycloak.testsuite.adapter.servlet;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.security.Principal;
+import java.util.List;
+
+/**
+* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+* @version $Revision: 1 $
+*/
+public class SendUsernameServlet extends HttpServlet {
+
+ public static Principal sentPrincipal;
+ public static List<String> checkRoles;
+
+ @Override
+ protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
+ System.out.println("In SendUsername Servlet doGet()");
+ if (checkRoles != null) {
+ for (String role : checkRoles) {
+ System.out.println("check role: " + role);
+ //Assert.assertTrue(req.isUserInRole(role));
+ if (!req.isUserInRole(role)) {
+ resp.sendError(403);
+ return;
+ }
+ }
+
+ }
+ resp.setContentType("text/plain");
+ OutputStream stream = resp.getOutputStream();
+ Principal principal = req.getUserPrincipal();
+ stream.write("request-path: ".getBytes());
+ stream.write(req.getServletPath().getBytes());
+ stream.write("\n".getBytes());
+ stream.write("principal=".getBytes());
+ if (principal == null) {
+ stream.write("null".getBytes());
+ return;
+ }
+ String name = principal.getName();
+ stream.write(name.getBytes());
+ sentPrincipal = principal;
+
+ }
+ @Override
+ protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
+ System.out.println("In SendUsername Servlet doPost()");
+ if (checkRoles != null) {
+ for (String role : checkRoles) {
+ System.out.println("check role: " + role);
+ if (!req.isUserInRole(role)) {
+ throw new RuntimeException("User: " + req.getUserPrincipal() + " is not in Role: " + role);
+ }
+ }
+ }
+ resp.setContentType("text/plain");
+ OutputStream stream = resp.getOutputStream();
+ Principal principal = req.getUserPrincipal();
+ stream.write("request-path: ".getBytes());
+ stream.write(req.getServletPath().getBytes());
+ stream.write("\n".getBytes());
+ stream.write("principal=".getBytes());
+ if (principal == null) {
+ stream.write("null".getBytes());
+ return;
+ }
+ String name = principal.getName();
+ stream.write(name.getBytes());
+ sentPrincipal = principal;
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java
index 2be45f7..1f74b30 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/DeploymentArchiveProcessor.java
@@ -1,9 +1,5 @@
package org.keycloak.testsuite.arquillian;
-import java.io.File;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
import org.apache.commons.io.IOUtils;
import org.apache.tools.ant.DirectoryScanner;
import org.jboss.arquillian.container.test.spi.client.deployment.ApplicationArchiveProcessor;
@@ -14,13 +10,23 @@ import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.keycloak.representations.adapters.config.BaseAdapterConfig;
-import static org.keycloak.testsuite.arquillian.ContainersTestEnricher.*;
import org.keycloak.testsuite.adapter.AdapterLibsMode;
-import static org.keycloak.testsuite.util.IOUtil.loadJson;;
+import org.keycloak.testsuite.util.IOUtil;
import org.keycloak.util.JsonSerialization;
+import org.w3c.dom.Document;
+
+import javax.xml.transform.TransformerException;
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.keycloak.testsuite.arquillian.ContainersTestEnricher.*;
+import static org.keycloak.testsuite.util.IOUtil.*;
+
+;
/**
- *
* @author tkyjovsk
*/
public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
@@ -34,6 +40,7 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
public static final String ADAPTER_CONFIG_PATH_TENANT1 = "/WEB-INF/classes/tenant1-keycloak.json";
public static final String ADAPTER_CONFIG_PATH_TENANT2 = "/WEB-INF/classes/tenant2-keycloak.json";
public static final String ADAPTER_CONFIG_PATH_JS = "/keycloak.json";
+ public static final String SAML_ADAPTER_CONFIG_PATH = "/WEB-INF/keycloak-saml.xml";
@Override
public void process(Archive<?> archive, TestClass testClass) {
@@ -46,7 +53,7 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
// log.info(testClass.getJavaClass().getSimpleName() + " is not an AdapterTest");
// }
}
-
+
public static boolean isAdapterTest(TestClass testClass) {
return hasAppServerContainerAnnotation(testClass.getJavaClass());
}
@@ -57,32 +64,51 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
modifyAdapterConfig(archive, ADAPTER_CONFIG_PATH_TENANT1, relative);
modifyAdapterConfig(archive, ADAPTER_CONFIG_PATH_TENANT2, relative);
modifyAdapterConfig(archive, ADAPTER_CONFIG_PATH_JS, relative);
+ modifyAdapterConfig(archive, SAML_ADAPTER_CONFIG_PATH, relative);
}
protected void modifyAdapterConfig(Archive<?> archive, String adapterConfigPath, boolean relative) {
if (archive.contains(adapterConfigPath)) {
log.info("Modifying adapter config " + adapterConfigPath + " in " + archive.getName());
- try {
- BaseAdapterConfig adapterConfig = loadJson(archive.get(adapterConfigPath)
- .getAsset().openStream(), BaseAdapterConfig.class);
+ if (adapterConfigPath.equals(SAML_ADAPTER_CONFIG_PATH)) {
+ log.info("Modyfying saml adapter config in " + archive.getName());
- log.info(" setting " + (relative ? "" : "non-") + "relative auth-server-url");
- if (relative) {
- adapterConfig.setAuthServerUrl("/auth");
-// ac.setRealmKey(null); // TODO verify if realm key is required for relative scneario
- } else {
- adapterConfig.setAuthServerUrl(getAuthServerContextRootFromSystemProperty() + "/auth");
- adapterConfig.setRealmKey(REALM_KEY);
- }
- if ("true".equals(System.getProperty("app.server.ssl.required"))) {
- adapterConfig.setSslRequired("all");
- }
+ Document doc = loadXML(archive.get("WEB-INF/keycloak-saml.xml").getAsset().openStream());
- archive.add(new StringAsset(JsonSerialization.writeValueAsPrettyString(adapterConfig)),
- adapterConfigPath);
+ modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.http.port", null));
+ modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.http.port", null));
+ modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "8080", System.getProperty("auth.server.http.port", null));
- } catch (IOException ex) {
- log.log(Level.FATAL, "Cannot serialize adapter config to JSON.", ex);
+ try {
+ archive.add(new StringAsset(IOUtil.documentToString(doc)), adapterConfigPath);
+ } catch (TransformerException e) {
+ log.error("Can't transform document to String");
+ throw new RuntimeException(e);
+ }
+ } else {
+ try {
+ BaseAdapterConfig adapterConfig = loadJson(archive.get(adapterConfigPath)
+ .getAsset().openStream(), BaseAdapterConfig.class);
+
+ log.info(" setting " + (relative ? "" : "non-") + "relative auth-server-url");
+ if (relative) {
+ adapterConfig.setAuthServerUrl("/auth");
+// ac.setRealmKey(null); // TODO verify if realm key is required for relative scneario
+ } else {
+ adapterConfig.setAuthServerUrl(getAuthServerContextRootFromSystemProperty() + "/auth");
+ adapterConfig.setRealmKey(REALM_KEY);
+ }
+
+ if ("true".equals(System.getProperty("app.server.ssl.required"))) {
+ adapterConfig.setSslRequired("all");
+ }
+
+ archive.add(new StringAsset(JsonSerialization.writeValueAsPrettyString(adapterConfig)),
+ adapterConfigPath);
+
+ } catch (IOException ex) {
+ log.log(Level.FATAL, "Cannot serialize adapter config to JSON.", ex);
+ }
}
}
}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/auth/page/AuthRealm.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/auth/page/AuthRealm.java
index f6ba6b4..9d19546 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/auth/page/AuthRealm.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/auth/page/AuthRealm.java
@@ -21,6 +21,8 @@ public class AuthRealm extends AuthServer implements PageWithLoginUrl {
public static final String TEST = "test";
public static final String DEMO = "demo";
public static final String EXAMPLE = "example";
+ public static final String SAMLDEMO = "saml-demo";
+ public static final String SAMLSERVLETDEMO = "demo";
public static final String ADMIN = "admin";
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/auth/page/login/Login.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/auth/page/login/Login.java
index adb5759..e1f549d 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/auth/page/login/Login.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/auth/page/login/Login.java
@@ -17,13 +17,15 @@
*/
package org.keycloak.testsuite.auth.page.login;
-import javax.ws.rs.core.UriBuilder;
import org.jboss.arquillian.graphene.page.Page;
import org.keycloak.testsuite.auth.page.AuthRealm;
-import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
+import javax.ws.rs.core.UriBuilder;
+
+import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
+
/**
*
* @author Petr Mensik
@@ -35,11 +37,10 @@ public abstract class Login extends AuthRealm {
public static final String OIDC = "openid-connect";
public static final String SAML = "saml";
-
@Override
public UriBuilder createUriBuilder() {
return super.createUriBuilder()
- .path("protocol/{" + PROTOCOL + "}/auth");
+ .path("protocol/{" + PROTOCOL + "}" + (getProtocol().equals(OIDC) ? "/auth" : ""));
}
public void setProtocol(String protocol) {
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/auth/page/login/SAMLLogin.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/auth/page/login/SAMLLogin.java
new file mode 100644
index 0000000..12946f7
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/auth/page/login/SAMLLogin.java
@@ -0,0 +1,10 @@
+package org.keycloak.testsuite.auth.page.login;
+
+/**
+ * @author mhajas
+ */
+public class SAMLLogin extends Login {
+ SAMLLogin() {
+ setProtocol(SAML);
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/IOUtil.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/IOUtil.java
index 9ff2bcf..e949784 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/IOUtil.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/IOUtil.java
@@ -1,12 +1,21 @@
package org.keycloak.testsuite.util;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.util.JsonSerialization;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.SAXException;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import java.io.*;
/**
*
@@ -40,4 +49,37 @@ public class IOUtil {
return realm;
}
+ public static Document loadXML(InputStream is) {
+ try {
+ DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
+ DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
+ return dBuilder.parse(is);
+ } catch (ParserConfigurationException|SAXException|IOException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static String documentToString(Document newDoc) throws TransformerException {
+ DOMSource domSource = new DOMSource(newDoc);
+ Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ StringWriter sw = new StringWriter();
+ StreamResult sr = new StreamResult(sw);
+ transformer.transform(domSource, sr);
+ return sw.toString();
+ }
+
+ public static void modifyDocElementAttribute(Document doc, String tagName, String attributeName, String regex, String replacement) {
+ NodeList nodes = doc.getElementsByTagName(tagName);
+ if (nodes.getLength() != 1) {
+ System.out.println("Not able to find element: " + tagName);
+ return;
+ }
+
+ Node node = nodes.item(0).getAttributes().getNamedItem(attributeName);
+ if (node == null) {
+ System.out.println("Not able to find attribute " + attributeName + " within element: " + tagName);
+ return;
+ }
+ node.setTextContent(node.getTextContent().replace(regex, replacement));
+ }
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java
index 337a504..c00d89d 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java
@@ -17,21 +17,25 @@
*/
package org.keycloak.testsuite;
-import java.text.MessageFormat;
-import java.util.List;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Before;
import org.keycloak.admin.client.resource.RealmResource;
-import static org.keycloak.representations.idm.CredentialRepresentation.PASSWORD;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
-import static org.keycloak.testsuite.admin.ApiUtil.*;
-import static org.keycloak.testsuite.admin.Users.setPasswordFor;
import org.keycloak.testsuite.auth.page.AuthRealm;
-import static org.keycloak.testsuite.auth.page.AuthRealm.TEST;
import org.keycloak.testsuite.auth.page.login.OIDCLogin;
+import org.keycloak.testsuite.auth.page.login.SAMLLogin;
import org.openqa.selenium.Cookie;
+import java.text.MessageFormat;
+import java.util.List;
+
+import static org.keycloak.representations.idm.CredentialRepresentation.PASSWORD;
+import static org.keycloak.testsuite.admin.ApiUtil.assignClientRoles;
+import static org.keycloak.testsuite.admin.ApiUtil.createUserAndResetPasswordWithAdminClient;
+import static org.keycloak.testsuite.admin.Users.setPasswordFor;
+import static org.keycloak.testsuite.auth.page.AuthRealm.TEST;
+
/**
*
* @author tkyjovsk
@@ -43,8 +47,13 @@ public abstract class AbstractAuthTest extends AbstractKeycloakTest {
@Page
protected OIDCLogin testRealmLoginPage;
+ @Page
+ protected SAMLLogin testRealmSAMLLoginPage;
+
protected UserRepresentation testUser;
+ protected UserRepresentation bburkeUser;
+
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
RealmRepresentation testRealmRep = new RealmRepresentation();
@@ -60,6 +69,9 @@ public abstract class AbstractAuthTest extends AbstractKeycloakTest {
testUser = createUserRepresentation("test", "test@email.test", "test", "user", true);
setPasswordFor(testUser, PASSWORD);
+ bburkeUser = createUserRepresentation("bburke", "bburke@redhat.com", "Bill", "Burke", true);
+ setPasswordFor(bburkeUser, PASSWORD);
+
deleteAllCookiesForTestRealm();
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java
index 9c33410..056a489 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java
@@ -1,9 +1,5 @@
package org.keycloak.testsuite.adapter;
-import java.io.IOException;
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.List;
import org.apache.commons.io.IOUtils;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.shrinkwrap.api.Archive;
@@ -11,9 +7,14 @@ import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractAuthTest;
+import org.keycloak.testsuite.adapter.page.AppServerContextRoot;
import org.keycloak.testsuite.arquillian.ContainersTestEnricher;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
-import org.keycloak.testsuite.adapter.page.AppServerContextRoot;
+
+import java.io.IOException;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
/**
*
@@ -45,6 +46,7 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
modifyClientRedirectUris(tr, appServerContextRootPage.toString(), "");
modifyClientUrls(tr, appServerContextRootPage.toString(), "");
modifyClientWebOrigins(tr, "8080", System.getProperty("auth.server.http.port", null));
+ modifySamlMasterURLs(tr, "/", "http://localhost:" + System.getProperty("auth.server.http.port", null) + "/");
} else {
modifyClientRedirectUris(tr, "^(/.*/\\*)", appServerContextRootPage.toString() + "$1");
modifyClientUrls(tr, "^(/.*)", appServerContextRootPage.toString() + "$1");
@@ -62,14 +64,16 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
}
protected void modifyClientRedirectUris(RealmRepresentation realm, String regex, String replacement) {
- for (ClientRepresentation client : realm.getClients()) {
- List<String> redirectUris = client.getRedirectUris();
- if (redirectUris != null) {
- List<String> newRedirectUris = new ArrayList<>();
- for (String uri : redirectUris) {
- newRedirectUris.add(uri.replaceAll(regex, replacement));
+ if (realm.getClients() != null) {
+ for (ClientRepresentation client : realm.getClients()) {
+ List<String> redirectUris = client.getRedirectUris();
+ if (redirectUris != null) {
+ List<String> newRedirectUris = new ArrayList<>();
+ for (String uri : redirectUris) {
+ newRedirectUris.add(uri.replaceAll(regex, replacement));
+ }
+ client.setRedirectUris(newRedirectUris);
}
- client.setRedirectUris(newRedirectUris);
}
}
}
@@ -100,6 +104,20 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
}
}
+ protected void modifySamlMasterURLs(RealmRepresentation realm, String regex, String replacement) {
+ for (ClientRepresentation client : realm.getClients()) {
+ if (client.getProtocol() != null && client.getProtocol().equals("saml")) {
+ log.info("Modifying master URL of SAML client: " + client.getClientId());
+ String masterUrl = client.getAdminUrl();
+ if (masterUrl == null) {
+ masterUrl = client.getBaseUrl();
+ }
+ masterUrl = masterUrl.replaceFirst(regex, replacement);
+ client.setAdminUrl(masterUrl);
+ }
+ }
+ }
+
/**
* Modifies baseUrl, adminUrl and redirectUris for client based on real
* deployment url of the app.
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractServletsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractServletsAdapterTest.java
index 7dc58c0..c13db8d 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractServletsAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractServletsAdapterTest.java
@@ -1,12 +1,17 @@
package org.keycloak.testsuite.adapter;
-import java.net.URL;
-import java.util.List;
+import org.apache.commons.io.IOUtils;
import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.keycloak.representations.idm.RealmRepresentation;
-import static org.keycloak.testsuite.util.IOUtil.*;
+
+import java.io.IOException;
+import java.net.URL;
+import java.util.List;
+
import static org.keycloak.testsuite.auth.page.AuthRealm.DEMO;
+import static org.keycloak.testsuite.util.IOUtil.loadRealm;
public abstract class AbstractServletsAdapterTest extends AbstractAdapterTest {
@@ -31,6 +36,41 @@ public abstract class AbstractServletsAdapterTest extends AbstractAdapterTest {
return deployment;
}
+ protected static WebArchive samlServletDeployment(String name, Class... servletClasses) {
+ return samlServletDeployment(name, "keycloak-saml.xml", servletClasses);
+ }
+
+ protected static WebArchive samlServletDeployment(String name, String adapterConfig ,Class... servletClasses) {
+ String baseSAMLPath = "/adapter-test/keycloak-saml/";
+ String webInfPath = baseSAMLPath + name + "/WEB-INF/";
+
+ URL keycloakSAMLConfig = AbstractServletsAdapterTest.class.getResource(webInfPath + adapterConfig);
+ URL webXML = AbstractServletsAdapterTest.class.getResource(baseSAMLPath + "web.xml");
+
+ WebArchive deployment = ShrinkWrap.create(WebArchive.class, name + ".war")
+ .addClasses(servletClasses)
+ .addAsWebInfResource(keycloakSAMLConfig, "keycloak-saml.xml")
+ .addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML);
+
+ String webXMLContent;
+ try {
+ webXMLContent = IOUtils.toString(webXML.openStream())
+ .replace("%CONTEXT_PATH%", name);
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ deployment.add(new StringAsset(webXMLContent), "/WEB-INF/web.xml");
+
+ URL keystore = AbstractServletsAdapterTest.class.getResource(webInfPath + "keystore.jks");
+ if (keystore != null) {
+ deployment.addAsWebInfResource(keystore, "keystore.jks");
+ }
+
+ addContextXml(deployment, name);
+
+ return deployment;
+ }
+
@Override
public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add(loadRealm("/adapter-test/demorealm.json"));
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractSAMLExampleAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractSAMLExampleAdapterTest.java
new file mode 100644
index 0000000..1916ffd
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/AbstractSAMLExampleAdapterTest.java
@@ -0,0 +1,104 @@
+package org.keycloak.testsuite.adapter.example;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.graphene.page.Page;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.Test;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
+import org.keycloak.testsuite.adapter.page.SAMLPostEncExample;
+import org.keycloak.testsuite.adapter.page.SAMLPostSigExample;
+import org.keycloak.testsuite.adapter.page.SAMLRedirectSigExample;
+import org.keycloak.testsuite.util.URLAssert;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.List;
+
+import static org.junit.Assert.assertTrue;
+import static org.keycloak.testsuite.auth.page.AuthRealm.SAMLDEMO;
+import static org.keycloak.testsuite.util.IOUtil.loadRealm;
+
+/**
+ * @author mhajas
+ */
+public abstract class AbstractSAMLExampleAdapterTest extends AbstractExampleAdapterTest {
+
+ @Page
+ private SAMLPostSigExample samlPostSigExamplePage;
+
+ @Page
+ private SAMLPostEncExample samlPostEncExamplePage;
+
+ @Page
+ private SAMLRedirectSigExample samlRedirectSigExamplePage;
+
+ @Override
+ public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
+ RealmRepresentation samlRealm = loadRealm(new File(EXAMPLES_HOME_DIR + "/saml/testsaml.json"));
+ testRealms.add(samlRealm);
+ }
+
+ @Override
+ public void setDefaultPageUriParameters() {
+ super.setDefaultPageUriParameters();
+ testRealmPage.setAuthRealm(SAMLDEMO);
+ testRealmSAMLLoginPage.setAuthRealm(SAMLDEMO);
+ }
+
+ @Deployment(name = SAMLPostSigExample.DEPLOYMENT_NAME)
+ private static WebArchive samlPostSigExampleDeployment() throws IOException {
+ return exampleDeployment(SAMLPostSigExample.DEPLOYMENT_NAME);
+ }
+
+ @Deployment(name = SAMLPostEncExample.DEPLOYMENT_NAME)
+ private static WebArchive samlPostEncExampleDeployment() throws IOException {
+ return exampleDeployment(SAMLPostEncExample.DEPLOYMENT_NAME);
+ }
+
+ @Deployment(name = SAMLRedirectSigExample.DEPLOYMENT_NAME)
+ private static WebArchive samlRedirectSigExampleDeployment() throws IOException {
+ return exampleDeployment(SAMLRedirectSigExample.DEPLOYMENT_NAME);
+ }
+
+ @Test
+ public void samlPostWithSignatureExampleTest() {
+ samlPostSigExamplePage.navigateTo();
+ testRealmSAMLLoginPage.form().login(bburkeUser);
+
+ assertTrue(driver.getPageSource().contains("Welcome to the Sales Tool, " + bburkeUser.getUsername()));
+
+ samlPostSigExamplePage.logout();
+
+ samlPostSigExamplePage.navigateTo();
+ URLAssert.assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+ }
+
+ @Test
+ public void samlPostWithEncryptionExampleTest() {
+ samlPostEncExamplePage.navigateTo();
+
+ testRealmSAMLLoginPage.form().login(bburkeUser);
+
+ assertTrue(driver.getPageSource().contains("Welcome to the Sales Tool, " + bburkeUser.getUsername()));
+
+ samlPostEncExamplePage.logout();
+
+ samlPostEncExamplePage.navigateTo();
+ URLAssert.assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+ }
+
+ @Test
+ public void samlRedirectWithSignatureExampleTest() {
+ samlRedirectSigExamplePage.navigateTo();
+
+ testRealmSAMLLoginPage.form().login(bburkeUser);
+
+ assertTrue(driver.getPageSource().contains("Welcome to the Employee Tool,"));
+
+ samlRedirectSigExamplePage.logout();
+
+ samlRedirectSigExamplePage.navigateTo();
+ URLAssert.assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.java
new file mode 100644
index 0000000..a5e67ab
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.java
@@ -0,0 +1,419 @@
+package org.keycloak.testsuite.adapter.servlet;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.graphene.page.Page;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.Test;
+import org.keycloak.admin.client.resource.ClientResource;
+import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
+import org.keycloak.testsuite.adapter.page.*;
+import org.keycloak.testsuite.admin.ApiUtil;
+import org.keycloak.testsuite.util.IOUtil;
+import org.w3c.dom.Document;
+
+import javax.ws.rs.core.Response;
+import java.util.List;
+
+import static com.mongodb.util.MyAsserts.assertFalse;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.keycloak.testsuite.auth.page.AuthRealm.SAMLSERVLETDEMO;
+import static org.keycloak.testsuite.util.IOUtil.*;
+import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
+
+/**
+ * @author mhajas
+ */
+public abstract class AbstractSAMLServletsAdapterTest extends AbstractServletsAdapterTest {
+ @Page
+ private BadClientSalesPostSigServlet badClientSalesPostSigServletPage;
+
+ @Page
+ private BadRealmSalesPostSigServlet badRealmSalesPostSigServletPage;
+
+ @Page
+ private Employee2Servlet employee2ServletPage;
+
+ @Page
+ private EmployeeSigServlet employeeSigServletPage;
+
+ @Page
+ private EmployeeSigFrontServlet employeeSigFrontServletPage;
+
+ @Page
+ private SalesMetadataServlet salesMetadataServletPage;
+
+ @Page
+ private SalesPostServlet salesPostServletPage;
+
+ @Page
+ private SalesPostEncServlet salesPostEncServletPage;
+
+ @Page
+ private SalesPostPassiveServlet salesPostPassiveServletPage;
+
+ @Page
+ private SalesPostSigServlet salesPostSigServletPage;
+
+ @Page
+ private SalesPostSigEmailServlet salesPostSigEmailServletPage;
+
+ @Page
+ private SalesPostSigPersistentServlet salesPostSigPersistentServletPage;
+
+ @Page
+ private SalesPostSigTransientServlet salesPostSigTransientServletPage;
+
+ @Deployment(name = BadClientSalesPostSigServlet.DEPLOYMENT_NAME)
+ protected static WebArchive badClientSalesPostSig() {
+ return samlServletDeployment(BadClientSalesPostSigServlet.DEPLOYMENT_NAME, SendUsernameServlet.class);
+ }
+
+ @Deployment(name = BadRealmSalesPostSigServlet.DEPLOYMENT_NAME)
+ protected static WebArchive badRealmSalesPostSig() {
+ return samlServletDeployment(BadRealmSalesPostSigServlet.DEPLOYMENT_NAME, SendUsernameServlet.class);
+ }
+
+ @Deployment(name = Employee2Servlet.DEPLOYMENT_NAME)
+ protected static WebArchive employee2() {
+ return samlServletDeployment(Employee2Servlet.DEPLOYMENT_NAME, SendUsernameServlet.class);
+ }
+
+ @Deployment(name = EmployeeSigServlet.DEPLOYMENT_NAME)
+ protected static WebArchive employeeSig() {
+ return samlServletDeployment(EmployeeSigServlet.DEPLOYMENT_NAME, SendUsernameServlet.class);
+ }
+
+ @Deployment(name = EmployeeSigFrontServlet.DEPLOYMENT_NAME)
+ protected static WebArchive employeeSigFront() {
+ return samlServletDeployment(EmployeeSigFrontServlet.DEPLOYMENT_NAME, SendUsernameServlet.class);
+ }
+
+ @Deployment(name = SalesMetadataServlet.DEPLOYMENT_NAME)
+ protected static WebArchive salesMetadata() {
+ return samlServletDeployment(SalesMetadataServlet.DEPLOYMENT_NAME, SendUsernameServlet.class);
+ }
+
+ @Deployment(name = SalesPostServlet.DEPLOYMENT_NAME)
+ protected static WebArchive salesPost() {
+ return samlServletDeployment(SalesPostServlet.DEPLOYMENT_NAME, SendUsernameServlet.class);
+ }
+
+ @Deployment(name = SalesPostEncServlet.DEPLOYMENT_NAME)
+ protected static WebArchive salesPostEnc() {
+ return samlServletDeployment(SalesPostEncServlet.DEPLOYMENT_NAME, SendUsernameServlet.class);
+ }
+
+ @Deployment(name = SalesPostPassiveServlet.DEPLOYMENT_NAME)
+ protected static WebArchive salesPostPassive() {
+ return samlServletDeployment(SalesPostPassiveServlet.DEPLOYMENT_NAME, SendUsernameServlet.class);
+ }
+
+ @Deployment(name = SalesPostSigServlet.DEPLOYMENT_NAME)
+ protected static WebArchive salesPostSig() {
+ return samlServletDeployment(SalesPostSigServlet.DEPLOYMENT_NAME, SendUsernameServlet.class);
+ }
+
+ @Deployment(name = SalesPostSigEmailServlet.DEPLOYMENT_NAME)
+ protected static WebArchive salesPostSigEmail() {
+ return samlServletDeployment(SalesPostSigEmailServlet.DEPLOYMENT_NAME, SendUsernameServlet.class);
+ }
+
+ @Deployment(name = SalesPostSigPersistentServlet.DEPLOYMENT_NAME)
+ protected static WebArchive salesPostSigPersistent() {
+ return samlServletDeployment(SalesPostSigPersistentServlet.DEPLOYMENT_NAME, SendUsernameServlet.class);
+ }
+
+ @Deployment(name = SalesPostSigTransientServlet.DEPLOYMENT_NAME)
+ protected static WebArchive salesPostSigTransient() {
+ return samlServletDeployment(SalesPostSigTransientServlet.DEPLOYMENT_NAME, SendUsernameServlet.class);
+ }
+
+ @Override
+ public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
+ testRealms.add(loadRealm("/adapter-test/keycloak-saml/testsaml.json"));
+ }
+
+ @Override
+ public void setDefaultPageUriParameters() {
+ super.setDefaultPageUriParameters();
+ testRealmPage.setAuthRealm(SAMLSERVLETDEMO);
+ testRealmSAMLLoginPage.setAuthRealm(SAMLSERVLETDEMO);
+ }
+
+ @Test
+ public void disabledClientTest() {
+ ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), "http://localhost:8081/sales-post-sig/");
+ ClientRepresentation client = clientResource.toRepresentation();
+ client.setEnabled(false);
+ clientResource.update(client);
+
+ salesPostSigServletPage.navigateTo();
+ assertTrue(driver.getPageSource().contains("Login requester not enabled"));
+
+ client.setEnabled(true);
+ clientResource.update(client);
+ }
+
+ @Test
+ public void unauthorizedSSOTest() {
+ salesPostServletPage.navigateTo();
+ testRealmSAMLLoginPage.form().login("unauthorized", "password");
+
+ assertFalse(driver.getPageSource().contains("principal="));
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+
+ employee2ServletPage.navigateTo();
+ assertFalse(driver.getPageSource().contains("principal="));
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+
+ employeeSigFrontServletPage.navigateTo();
+ assertFalse(driver.getPageSource().contains("principal="));
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+
+ salesPostSigPersistentServletPage.navigateTo();
+ assertFalse(driver.getPageSource().contains("principal="));
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+
+ salesPostServletPage.logout();
+ }
+
+ @Test
+ public void singleLoginAndLogoutSAMLTest() {
+ salesPostServletPage.navigateTo();
+ testRealmSAMLLoginPage.form().login(bburkeUser);
+ assertTrue(driver.getPageSource().contains("principal=bburke"));
+
+ salesPostSigServletPage.navigateTo();
+ assertTrue(driver.getPageSource().contains("principal=bburke"));
+
+ employee2ServletPage.navigateTo();
+ assertTrue(driver.getPageSource().contains("principal=bburke"));
+
+ salesPostEncServletPage.navigateTo();
+ assertTrue(driver.getPageSource().contains("principal=bburke"));
+
+ employeeSigFrontServletPage.logout();
+
+ employeeSigFrontServletPage.navigateTo();
+ assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+
+ employeeSigServletPage.navigateTo();
+ assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+
+ salesPostPassiveServletPage.navigateTo();
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+
+ salesPostSigEmailServletPage.navigateTo();
+ assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+ }
+
+ @Test
+ public void badClientSalesPostSigTest() {
+ badClientSalesPostSigServletPage.navigateTo();
+ assertTrue(driver.getPageSource().contains("invalidRequesterMessage"));
+ }
+
+ @Test
+ public void badRealmSalesPostSigTest() {
+ badRealmSalesPostSigServletPage.navigateTo();
+ testRealmSAMLLoginPage.form().login(bburkeUser);
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+ }
+
+ @Test
+ public void employee2Test() {
+ employee2ServletPage.navigateTo();
+ testRealmSAMLLoginPage.form().login(bburkeUser);
+ assertTrue(driver.getPageSource().contains("principal=bburke"));
+
+ employee2ServletPage.logout();
+ employee2ServletPage.navigateTo();
+ assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+
+ testRealmSAMLLoginPage.form().login("unauthorized", "password");
+ assertFalse(driver.getPageSource().contains("principal="));
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+ employee2ServletPage.logout();
+ }
+
+ @Test
+ public void employeeSigTest() {
+ employeeSigServletPage.navigateTo();
+ testRealmSAMLLoginPage.form().login(bburkeUser);
+ assertTrue(driver.getPageSource().contains("principal=bburke"));
+
+ employeeSigServletPage.logout();
+ employeeSigServletPage.navigateTo();
+ assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+
+ testRealmSAMLLoginPage.form().login("unauthorized", "password");
+ assertFalse(driver.getPageSource().contains("principal="));
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+ employeeSigServletPage.logout();
+ }
+
+ @Test
+ public void employeeSigFrontTest() {
+ employeeSigFrontServletPage.navigateTo();
+ testRealmSAMLLoginPage.form().login(bburkeUser);
+ assertTrue(driver.getPageSource().contains("principal=bburke"));
+
+ employeeSigFrontServletPage.logout();
+ employeeSigFrontServletPage.navigateTo();
+ assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+
+ testRealmSAMLLoginPage.form().login("unauthorized", "password");
+ assertFalse(driver.getPageSource().contains("principal="));
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+ employeeSigFrontServletPage.logout();
+ }
+
+ @Test
+ public void salesMetadataTest() throws Exception {
+ Document doc = loadXML(AbstractSAMLServletsAdapterTest.class.getResourceAsStream("/adapter-test/keycloak-saml/sp-metadata.xml"));
+
+ modifyDocElementAttribute(doc, "SingleLogoutService", "Location", "8080", System.getProperty("auth.server.http.port", null));
+ modifyDocElementAttribute(doc, "AssertionConsumerService", "Location", "8080", System.getProperty("auth.server.http.port", null));
+
+ ClientRepresentation clientRep = testRealmResource().convertClientDescription(IOUtil.documentToString(doc));
+ Response response = testRealmResource().clients().create(clientRep);
+ assertEquals(201, response.getStatus());
+
+ salesMetadataServletPage.navigateTo();
+ testRealmSAMLLoginPage.form().login(bburkeUser);
+ assertTrue(driver.getPageSource().contains("principal=bburke"));
+
+ salesMetadataServletPage.logout();
+ salesMetadataServletPage.navigateTo();
+ assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+
+ testRealmSAMLLoginPage.form().login("unauthorized", "password");
+ assertFalse(driver.getPageSource().contains("principal="));
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+ salesMetadataServletPage.logout();
+ }
+
+ @Test
+ public void salesPostTest() {
+ salesPostServletPage.navigateTo();
+ testRealmSAMLLoginPage.form().login(bburkeUser);
+ assertTrue(driver.getPageSource().contains("principal=bburke"));
+
+ salesPostServletPage.logout();
+ salesPostServletPage.navigateTo();
+ assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+
+ testRealmSAMLLoginPage.form().login("unauthorized", "password");
+ assertFalse(driver.getPageSource().contains("principal="));
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+ salesPostServletPage.logout();
+ }
+
+ @Test
+ public void salesPostEncTest() {
+ salesPostEncServletPage.navigateTo();
+ testRealmSAMLLoginPage.form().login(bburkeUser);
+ assertTrue(driver.getPageSource().contains("principal=bburke"));
+
+ salesPostEncServletPage.logout();
+ salesPostEncServletPage.navigateTo();
+ assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+
+ testRealmSAMLLoginPage.form().login("unauthorized", "password");
+ assertFalse(driver.getPageSource().contains("principal="));
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+ salesPostEncServletPage.logout();
+ }
+
+ @Test
+ public void salesPostPassiveTest() {
+ salesPostPassiveServletPage.navigateTo();
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+
+ salesPostServletPage.navigateTo();
+ testRealmSAMLLoginPage.form().login(bburkeUser);
+
+ salesPostPassiveServletPage.navigateTo();
+ assertTrue(driver.getPageSource().contains("principal=bburke"));
+
+ salesPostPassiveServletPage.logout();
+ salesPostPassiveServletPage.navigateTo();
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+
+ salesPostServletPage.navigateTo();
+ testRealmSAMLLoginPage.form().login("unauthorized", "password");
+ salesPostPassiveServletPage.navigateTo();
+ assertFalse(driver.getPageSource().contains("principal="));
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+ salesPostPassiveServletPage.logout();
+ }
+
+ @Test
+ public void salesPostSigTest() {
+ salesPostEncServletPage.navigateTo();
+ testRealmSAMLLoginPage.form().login(bburkeUser);
+ assertTrue(driver.getPageSource().contains("principal=bburke"));
+
+ salesPostEncServletPage.logout();
+ salesPostEncServletPage.navigateTo();
+ assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+
+ testRealmSAMLLoginPage.form().login("unauthorized", "password");
+ assertFalse(driver.getPageSource().contains("principal="));
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+ salesPostEncServletPage.logout();
+ }
+
+ @Test
+ public void salesPostSigEmailTest() {
+ salesPostSigEmailServletPage.navigateTo();
+ testRealmSAMLLoginPage.form().login(bburkeUser);
+ assertTrue(driver.getPageSource().contains("principal=bburke"));
+
+ salesPostSigEmailServletPage.logout();
+ salesPostSigEmailServletPage.navigateTo();
+ assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+
+ testRealmSAMLLoginPage.form().login("unauthorized", "password");
+ assertFalse(driver.getPageSource().contains("principal="));
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+ salesPostSigEmailServletPage.logout();
+ }
+
+ @Test
+ public void salesPostSigPersistentTest() {
+ salesPostSigPersistentServletPage.navigateTo();
+ testRealmSAMLLoginPage.form().login(bburkeUser);
+ assertFalse(driver.getPageSource().contains("bburke"));
+ assertTrue(driver.getPageSource().contains("principal=G-"));
+
+ salesPostSigPersistentServletPage.logout();
+ salesPostSigPersistentServletPage.navigateTo();
+ assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+
+ testRealmSAMLLoginPage.form().login("unauthorized", "password");
+ assertFalse(driver.getPageSource().contains("principal="));
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+ salesPostSigPersistentServletPage.logout();
+ }
+
+ @Test
+ public void salesPostSigTransientTest() {
+ salesPostSigTransientServletPage.navigateTo();
+ testRealmSAMLLoginPage.form().login(bburkeUser);
+ assertFalse(driver.getPageSource().contains("bburke"));
+ assertTrue(driver.getPageSource().contains("principal=G-"));
+
+ salesPostSigTransientServletPage.logout();
+ salesPostSigTransientServletPage.navigateTo();
+ assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+
+ testRealmSAMLLoginPage.form().login("unauthorized", "password");
+ assertFalse(driver.getPageSource().contains("principal="));
+ assertTrue(driver.getPageSource().contains("Forbidden"));
+ salesPostSigTransientServletPage.logout();
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-sales-post-sig/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-sales-post-sig/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..96084c8
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-sales-post-sig/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,40 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8081/bad-client-sales-post-sig/"
+ sslPolicy="EXTERNAL"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ logoutPage="/logout.jsp"
+ forceAuthentication="false">
+ <Keys>
+ <Key signing="true" >
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <PrivateKey alias="http://localhost:8081/bad-client-sales-post-sig/" password="test123"/>
+ <Certificate alias="http://localhost:8081/bad-client-sales-post-sig/"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleIdentifiers>
+ <Attribute name="Role"/>
+ </RoleIdentifiers>
+ <IDP entityID="idp"
+ signaturesRequired="true">
+ <SingleSignOnService requestBinding="POST"
+ bindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ requestBinding="POST"
+ responseBinding="POST"
+ postBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ redirectBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+ <Keys>
+ <Key signing="true">
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <Certificate alias="demo"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-sales-post-sig/WEB-INF/keystore.jks b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-sales-post-sig/WEB-INF/keystore.jks
new file mode 100755
index 0000000..6a3e3ba
Binary files /dev/null and b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-sales-post-sig/WEB-INF/keystore.jks differ
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-signed-post/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-signed-post/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..e042f3c
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-signed-post/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,40 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8081/bad-client-sales-post-sig/"
+ sslPolicy="EXTERNAL"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ logoutPage="/logout.jsp"
+ forceAuthentication="false">
+ <Keys>
+ <Key signing="true" >
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <PrivateKey alias="http://localhost:8081/bad-client-sales-post-sig/" password="test123"/>
+ <Certificate alias="http://localhost:8081/bad-client-sales-post-sig/"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleIdentifiers>
+ <Attribute name="Role"/>
+ </RoleIdentifiers>
+ <IDP entityID="idp"
+ signaturesRequired="true">
+ <SingleSignOnService requestBinding="POST"
+ bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ requestBinding="POST"
+ responseBinding="POST"
+ postBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
+ redirectBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
+ />
+ <Keys>
+ <Key signing="true">
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <Certificate alias="demo"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-signed-post/WEB-INF/keystore.jks b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-signed-post/WEB-INF/keystore.jks
new file mode 100755
index 0000000..6a3e3ba
Binary files /dev/null and b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-signed-post/WEB-INF/keystore.jks differ
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-sales-post-sig/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-sales-post-sig/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..b2325fa
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-sales-post-sig/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,45 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8081/bad-realm-sales-post-sig/"
+ sslPolicy="EXTERNAL"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ logoutPage="/logout.jsp"
+ forceAuthentication="false">
+ <Keys>
+ <Key signing="true" >
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <PrivateKey alias="http://localhost:8081/bad-realm-sales-post-sig/" password="test123"/>
+ <Certificate alias="http://localhost:8081/bad-realm-sales-post-sig/"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleIdentifiers>
+ <Attribute name="Role"/>
+ </RoleIdentifiers>
+ <IDP entityID="idp">
+ <SingleSignOnService signRequest="true"
+ validateResponseSignature="true"
+ requestBinding="POST"
+ bindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ validateRequestSignature="true"
+ validateResponseSignature="true"
+ signRequest="true"
+ signResponse="true"
+ requestBinding="POST"
+ responseBinding="POST"
+ postBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ redirectBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+ <Keys>
+ <Key signing="true">
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <Certificate alias="demo"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-sales-post-sig/WEB-INF/keystore.jks b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-sales-post-sig/WEB-INF/keystore.jks
new file mode 100755
index 0000000..215384c
Binary files /dev/null and b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-sales-post-sig/WEB-INF/keystore.jks differ
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-signed-post/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-signed-post/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..62c1b07
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-signed-post/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,45 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8081/bad-realm-sales-post-sig/"
+ sslPolicy="EXTERNAL"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ logoutPage="/logout.jsp"
+ forceAuthentication="false">
+ <Keys>
+ <Key signing="true" >
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <PrivateKey alias="http://localhost:8081/bad-realm-sales-post-sig/" password="test123"/>
+ <Certificate alias="http://localhost:8081/bad-realm-sales-post-sig/"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleIdentifiers>
+ <Attribute name="Role"/>
+ </RoleIdentifiers>
+ <IDP entityID="idp">
+ <SingleSignOnService signRequest="true"
+ validateResponseSignature="true"
+ requestBinding="POST"
+ bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ validateRequestSignature="true"
+ validateResponseSignature="true"
+ signRequest="true"
+ signResponse="true"
+ requestBinding="POST"
+ responseBinding="POST"
+ postBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
+ redirectBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
+ />
+ <Keys>
+ <Key signing="true">
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <Certificate alias="demo"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-signed-post/WEB-INF/keystore.jks b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-signed-post/WEB-INF/keystore.jks
new file mode 100755
index 0000000..215384c
Binary files /dev/null and b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-signed-post/WEB-INF/keystore.jks differ
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee2/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee2/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..c334ccf
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee2/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,25 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8081/employee2/"
+ sslPolicy="EXTERNAL"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ logoutPage="/logout.jsp"
+ forceAuthentication="false">
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleIdentifiers>
+ <Attribute name="memberOf"/>
+ <Attribute name="Role"/>
+ </RoleIdentifiers>
+ <IDP entityID="idp">
+ <SingleSignOnService requestBinding="POST"
+ bindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ requestBinding="POST"
+ responseBinding="POST"
+ postBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ redirectBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..4da78b3
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,44 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8081/employee-sig/"
+ sslPolicy="EXTERNAL"
+ logoutPage="/logout.jsp"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ forceAuthentication="false">
+ <Keys>
+ <Key signing="true" >
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <PrivateKey alias="http://localhost:8080/employee-sig/" password="test123"/>
+ <Certificate alias="http://localhost:8080/employee-sig/"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleIdentifiers>
+ <Attribute name="Role"/>
+ </RoleIdentifiers>
+ <IDP entityID="idp">
+ <SingleSignOnService signRequest="true"
+ validateResponseSignature="true"
+ requestBinding="REDIRECT"
+ bindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ validateRequestSignature="true"
+ validateResponseSignature="true"
+ signRequest="true"
+ signResponse="true"
+ requestBinding="REDIRECT"
+ responseBinding="REDIRECT"
+ redirectBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+ <Keys>
+ <Key signing="true">
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <Certificate alias="demo"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig/WEB-INF/keystore.jks b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig/WEB-INF/keystore.jks
new file mode 100755
index 0000000..4daad21
Binary files /dev/null and b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig/WEB-INF/keystore.jks differ
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig-front/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig-front/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..c0cf5cf
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig-front/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,44 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8081/employee-sig-front/"
+ sslPolicy="EXTERNAL"
+ logoutPage="/logout.jsp"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ forceAuthentication="false">
+ <Keys>
+ <Key signing="true" >
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <PrivateKey alias="http://localhost:8080/employee-sig/" password="test123"/>
+ <Certificate alias="http://localhost:8080/employee-sig/"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleIdentifiers>
+ <Attribute name="Role"/>
+ </RoleIdentifiers>
+ <IDP entityID="idp">
+ <SingleSignOnService signRequest="true"
+ validateResponseSignature="true"
+ requestBinding="REDIRECT"
+ bindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ validateRequestSignature="true"
+ validateResponseSignature="true"
+ signRequest="true"
+ signResponse="true"
+ requestBinding="REDIRECT"
+ responseBinding="REDIRECT"
+ redirectBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+ <Keys>
+ <Key signing="true">
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <Certificate alias="demo"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig-front/WEB-INF/keystore.jks b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig-front/WEB-INF/keystore.jks
new file mode 100755
index 0000000..4daad21
Binary files /dev/null and b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig-front/WEB-INF/keystore.jks differ
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/encrypted-post/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/encrypted-post/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..c4aece9
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/encrypted-post/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,45 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8081/sales-post-enc/"
+ sslPolicy="EXTERNAL"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ logoutPage="/logout.jsp"
+ forceAuthentication="false">
+ <Keys>
+ <Key signing="true" encryption="true">
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <PrivateKey alias="http://localhost:8080/sales-post-enc/" password="test123"/>
+ <Certificate alias="http://localhost:8080/sales-post-enc/"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleIdentifiers>
+ <Attribute name="Role"/>
+ </RoleIdentifiers>
+ <IDP entityID="idp">
+ <SingleSignOnService signRequest="true"
+ validateResponseSignature="true"
+ requestBinding="POST"
+ bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ validateRequestSignature="true"
+ validateResponseSignature="true"
+ signRequest="true"
+ signResponse="true"
+ requestBinding="POST"
+ responseBinding="POST"
+ postBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
+ redirectBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
+ />
+ <Keys>
+ <Key signing="true" >
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <Certificate alias="demo"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/encrypted-post/WEB-INF/keystore.jks b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/encrypted-post/WEB-INF/keystore.jks
new file mode 100755
index 0000000..822162c
Binary files /dev/null and b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/encrypted-post/WEB-INF/keystore.jks differ
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/mappers/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/mappers/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..72cf80b
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/mappers/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,25 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8081/employee2/"
+ sslPolicy="EXTERNAL"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ logoutPage="/logout.jsp"
+ forceAuthentication="false">
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleIdentifiers>
+ <Attribute name="memberOf"/>
+ <Attribute name="Role"/>
+ </RoleIdentifiers>
+ <IDP entityID="idp">
+ <SingleSignOnService requestBinding="POST"
+ bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ requestBinding="POST"
+ responseBinding="POST"
+ postBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
+ redirectBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
+ />
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-metadata/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-metadata/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..f3f0b85
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-metadata/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,45 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8081/sales-metadata/"
+ sslPolicy="EXTERNAL"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ logoutPage="/logout.jsp"
+ forceAuthentication="false">
+ <Keys>
+ <Key signing="true" >
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <PrivateKey alias="http://localhost:8080/sales-post-sig/" password="test123"/>
+ <Certificate alias="http://localhost:8080/sales-post-sig/"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleIdentifiers>
+ <Attribute name="Role"/>
+ </RoleIdentifiers>
+ <IDP entityID="idp">
+ <SingleSignOnService signRequest="true"
+ validateResponseSignature="true"
+ requestBinding="POST"
+ bindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ validateRequestSignature="true"
+ validateResponseSignature="true"
+ signRequest="true"
+ signResponse="true"
+ requestBinding="POST"
+ responseBinding="POST"
+ postBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ redirectBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+ <Keys>
+ <Key signing="true">
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <Certificate alias="demo"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-metadata/WEB-INF/keystore.jks b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-metadata/WEB-INF/keystore.jks
new file mode 100755
index 0000000..144830b
Binary files /dev/null and b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-metadata/WEB-INF/keystore.jks differ
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..c5d63ef
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,24 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8081/sales-post/"
+ sslPolicy="EXTERNAL"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ logoutPage="/logout.jsp"
+ forceAuthentication="false">
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleIdentifiers>
+ <Attribute name="Role"/>
+ </RoleIdentifiers>
+ <IDP entityID="idp">
+ <SingleSignOnService requestBinding="POST"
+ bindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ requestBinding="POST"
+ responseBinding="POST"
+ postBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ redirectBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-enc/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-enc/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..be6ef07
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-enc/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,45 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8081/sales-post-enc/"
+ sslPolicy="EXTERNAL"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ logoutPage="/logout.jsp"
+ forceAuthentication="false">
+ <Keys>
+ <Key signing="true" encryption="true">
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <PrivateKey alias="http://localhost:8080/sales-post-enc/" password="test123"/>
+ <Certificate alias="http://localhost:8080/sales-post-enc/"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleIdentifiers>
+ <Attribute name="Role"/>
+ </RoleIdentifiers>
+ <IDP entityID="idp">
+ <SingleSignOnService signRequest="true"
+ validateResponseSignature="true"
+ requestBinding="POST"
+ bindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ validateRequestSignature="true"
+ validateResponseSignature="true"
+ signRequest="true"
+ signResponse="true"
+ requestBinding="POST"
+ responseBinding="POST"
+ postBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ redirectBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+ <Keys>
+ <Key signing="true" >
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <Certificate alias="demo"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-enc/WEB-INF/keystore.jks b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-enc/WEB-INF/keystore.jks
new file mode 100755
index 0000000..822162c
Binary files /dev/null and b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-enc/WEB-INF/keystore.jks differ
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-passive/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-passive/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..4077ca7
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-passive/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,25 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8081/sales-post-passive/"
+ sslPolicy="EXTERNAL"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ logoutPage="/logout.jsp"
+ forceAuthentication="false"
+ isPassive="true">
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleIdentifiers>
+ <Attribute name="Role"/>
+ </RoleIdentifiers>
+ <IDP entityID="idp">
+ <SingleSignOnService requestBinding="POST"
+ bindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ requestBinding="POST"
+ responseBinding="POST"
+ postBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ redirectBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..e797be6
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,40 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8081/sales-post-sig/"
+ sslPolicy="EXTERNAL"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ logoutPage="/logout.jsp"
+ forceAuthentication="false">
+ <Keys>
+ <Key signing="true" >
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <PrivateKey alias="http://localhost:8080/sales-post-sig/" password="test123"/>
+ <Certificate alias="http://localhost:8080/sales-post-sig/"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleIdentifiers>
+ <Attribute name="Role"/>
+ </RoleIdentifiers>
+ <IDP entityID="idp"
+ signaturesRequired="true">
+ <SingleSignOnService requestBinding="POST"
+ bindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ requestBinding="POST"
+ responseBinding="POST"
+ postBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ redirectBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+ <Keys>
+ <Key signing="true">
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <Certificate alias="demo"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig/WEB-INF/keystore.jks b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig/WEB-INF/keystore.jks
new file mode 100755
index 0000000..144830b
Binary files /dev/null and b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig/WEB-INF/keystore.jks differ
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-email/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-email/WEB-INF/keycloak-saml.xml
new file mode 100644
index 0000000..981606b
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-email/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,44 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8081/sales-post-sig-email/"
+ sslPolicy="EXTERNAL"
+ logoutPage="/logout.jsp"
+ forceAuthentication="false">
+ <Keys>
+ <Key signing="true" >
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <PrivateKey alias="http://localhost:8080/sales-post-sig/" password="test123"/>
+ <Certificate alias="http://localhost:8080/sales-post-sig/"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleIdentifiers>
+ <Attribute name="Role"/>
+ </RoleIdentifiers>
+ <IDP entityID="idp">
+ <SingleSignOnService signRequest="true"
+ validateResponseSignature="true"
+ requestBinding="POST"
+ bindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ validateRequestSignature="true"
+ validateResponseSignature="true"
+ signRequest="true"
+ signResponse="true"
+ requestBinding="POST"
+ responseBinding="POST"
+ postBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ redirectBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+ <Keys>
+ <Key signing="true">
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <Certificate alias="demo"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-email/WEB-INF/keystore.jks b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-email/WEB-INF/keystore.jks
new file mode 100644
index 0000000..144830b
Binary files /dev/null and b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-email/WEB-INF/keystore.jks differ
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-persistent/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-persistent/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..e2a9ef5
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-persistent/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,45 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8081/sales-post-sig-persistent/"
+ sslPolicy="EXTERNAL"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
+ logoutPage="/logout.jsp"
+ forceAuthentication="false">
+ <Keys>
+ <Key signing="true" >
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <PrivateKey alias="http://localhost:8080/sales-post-sig/" password="test123"/>
+ <Certificate alias="http://localhost:8080/sales-post-sig/"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleIdentifiers>
+ <Attribute name="Role"/>
+ </RoleIdentifiers>
+ <IDP entityID="idp">
+ <SingleSignOnService signRequest="true"
+ validateResponseSignature="true"
+ requestBinding="POST"
+ bindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ validateRequestSignature="true"
+ validateResponseSignature="true"
+ signRequest="true"
+ signResponse="true"
+ requestBinding="POST"
+ responseBinding="POST"
+ postBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ redirectBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+ <Keys>
+ <Key signing="true">
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <Certificate alias="demo"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-persistent/WEB-INF/keystore.jks b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-persistent/WEB-INF/keystore.jks
new file mode 100755
index 0000000..144830b
Binary files /dev/null and b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-persistent/WEB-INF/keystore.jks differ
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-transient/WEB-INF/keycloak-saml.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-transient/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..cc0229b
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-transient/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,45 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8081/sales-post-sig-transient/"
+ sslPolicy="EXTERNAL"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
+ logoutPage="/logout.jsp"
+ forceAuthentication="false">
+ <Keys>
+ <Key signing="true" >
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <PrivateKey alias="http://localhost:8080/sales-post-sig/" password="test123"/>
+ <Certificate alias="http://localhost:8080/sales-post-sig/"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleIdentifiers>
+ <Attribute name="Role"/>
+ </RoleIdentifiers>
+ <IDP entityID="idp">
+ <SingleSignOnService signRequest="true"
+ validateResponseSignature="true"
+ requestBinding="POST"
+ bindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ validateRequestSignature="true"
+ validateResponseSignature="true"
+ signRequest="true"
+ signResponse="true"
+ requestBinding="POST"
+ responseBinding="POST"
+ postBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ redirectBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
+ />
+ <Keys>
+ <Key signing="true">
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <Certificate alias="demo"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-transient/WEB-INF/keystore.jks b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-transient/WEB-INF/keystore.jks
new file mode 100755
index 0000000..144830b
Binary files /dev/null and b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sales-post-sig-transient/WEB-INF/keystore.jks differ
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sp-metadata.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sp-metadata.xml
new file mode 100755
index 0000000..948d24a
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/sp-metadata.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor Name="urn:mace:shibboleth:testshib:two"
+ xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ >
+ <EntityDescriptor entityID="http://localhost:8081/sales-metadata/">
+ <SPSSODescriptor AuthnRequestsSigned="true"
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext">
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+ </NameIDFormat>
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8080/sales-metadata/"/>
+ <AssertionConsumerService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8080/sales-metadata/"
+ index="1" isDefault="true" />
+ <KeyDescriptor use="signing">
+ <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:X509Data>
+ <dsig:X509Certificate>
+ MIIB1DCCAT0CBgFJGP5dZDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1zaWcvMB4XDTE0MTAxNjEyNDQyM1oXDTI0MTAxNjEyNDYwM1owMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3Qtc2lnLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1RvGu8RjemSJA23nnMksoHA37MqY1DDTxOECY4rPAd9egr7GUNIXE0y1MokaR5R2crNpN8RIRwR8phQtQDjXL82c6W+NLQISxztarQJ7rdNJIYwHY0d5ri1XRpDP8zAuxubPYiMAVYcDkIcvlbBpwh/dRM5I2eElRK+eSiaMkCUCAwEAATANBgkqhkiG9w0BAQsFAAOBgQCLms6htnPaY69k1ntm9a5jgwSn/K61cdai8R8B0ccY7zvinn9AfRD7fiROQpFyY29wKn8WCLrJ86NBXfgFUGyR5nLNHVy3FghE36N2oHy53uichieMxffE6vhkKJ4P8ChfJMMOZlmCPsQPDvjoAghHt4mriFiQgRdPgIy/zDjSNw==
+ </dsig:X509Certificate>
+ </dsig:X509Data>
+ </dsig:KeyInfo>
+ </KeyDescriptor>
+ </SPSSODescriptor>
+ <Organization>
+ <OrganizationName xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xml:lang="en">JBoss</OrganizationName>
+ <OrganizationDisplayName xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xml:lang="en">JBoss by Red Hat</OrganizationDisplayName>
+ <OrganizationURL xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xml:lang="en">http://localhost:8080/sales-metadata/</OrganizationURL>
+ </Organization>
+ <ContactPerson contactType="technical">
+ <GivenName>The</GivenName>
+ <SurName>Admin</SurName>
+ <EmailAddress>admin@mycompany.com</EmailAddress>
+ </ContactPerson>
+ </EntityDescriptor>
+</EntitiesDescriptor>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/testsaml.json b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/testsaml.json
new file mode 100755
index 0000000..f7e565c
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/testsaml.json
@@ -0,0 +1,407 @@
+{
+ "id": "demo",
+ "realm": "demo",
+ "enabled": true,
+ "sslRequired": "external",
+ "registrationAllowed": true,
+ "resetPasswordAllowed": true,
+ "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
+ "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+ "requiredCredentials": [ "password" ],
+ "defaultRoles": [ "user" ],
+ "smtpServer": {
+ "from": "auto@keycloak.org",
+ "host": "localhost",
+ "port":"3025"
+ },
+ "users" : [
+ {
+ "username" : "bburke",
+ "enabled": true,
+ "email" : "bburke@redhat.com",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "attributes" : {
+ "phone": "617"
+ },
+ "realmRoles": ["manager", "user"],
+ "applicationRoles": {
+ "http://localhost:8081/employee/": [ "employee" ],
+ "http://localhost:8081/employee2/": [ "employee" ]
+ }
+ },
+ {
+ "username" : "unauthorized",
+ "enabled": true,
+ "email" : "unauthorized@redhat.com",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ]
+ },
+ {
+ "username" : "topGroupUser",
+ "enabled": true,
+ "email" : "top@redhat.com",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "groups": [
+ "/top"
+ ]
+ },
+ {
+ "username" : "level2GroupUser",
+ "enabled": true,
+ "email" : "level2@redhat.com",
+ "credentials" : [
+ { "type" : "password",
+ "value" : "password" }
+ ],
+ "groups": [
+ "/top/level2"
+ ]
+ }
+ ],
+ "clients": [
+ {
+ "clientId": "http://localhost:8081/sales-post/",
+ "enabled": true,
+ "fullScopeAllowed": true,
+ "protocol": "saml",
+ "baseUrl": "http://localhost:8080/sales-post",
+ "redirectUris": [
+ "http://localhost:8080/sales-post/*"
+ ],
+ "attributes": {
+ "saml.authnstatement": "true",
+ "saml_idp_initiated_sso_url_name": "sales-post"
+ }
+ },
+ {
+ "clientId": "http://localhost:8081/sales-post-passive/",
+ "enabled": true,
+ "fullScopeAllowed": true,
+ "protocol": "saml",
+ "baseUrl": "http://localhost:8080/sales-post-passive",
+ "redirectUris": [
+ "http://localhost:8080/sales-post-passive/*"
+ ],
+ "attributes": {
+ "saml.authnstatement": "true",
+ "saml_idp_initiated_sso_url_name": "sales-post-passive"
+ }
+ },
+ {
+ "clientId": "http://localhost:8081/sales-post-sig/",
+ "enabled": true,
+ "protocol": "saml",
+ "fullScopeAllowed": true,
+ "baseUrl": "http://localhost:8080/sales-post-sig",
+ "redirectUris": [
+ "http://localhost:8080/sales-post-sig/*"
+ ],
+ "attributes": {
+ "saml.server.signature": "true",
+ "saml.signature.algorithm": "RSA_SHA256",
+ "saml.client.signature": "true",
+ "saml.authnstatement": "true",
+ "saml.signing.certificate": "MIIB1DCCAT0CBgFJGP5dZDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1zaWcvMB4XDTE0MTAxNjEyNDQyM1oXDTI0MTAxNjEyNDYwM1owMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3Qtc2lnLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1RvGu8RjemSJA23nnMksoHA37MqY1DDTxOECY4rPAd9egr7GUNIXE0y1MokaR5R2crNpN8RIRwR8phQtQDjXL82c6W+NLQISxztarQJ7rdNJIYwHY0d5ri1XRpDP8zAuxubPYiMAVYcDkIcvlbBpwh/dRM5I2eElRK+eSiaMkCUCAwEAATANBgkqhkiG9w0BAQsFAAOBgQCLms6htnPaY69k1ntm9a5jgwSn/K61cdai8R8B0ccY7zvinn9AfRD7fiROQpFyY29wKn8WCLrJ86NBXfgFUGyR5nLNHVy3FghE36N2oHy53uichieMxffE6vhkKJ4P8ChfJMMOZlmCPsQPDvjoAghHt4mriFiQgRdPgIy/zDjSNw=="
+ }
+ },
+ {
+ "clientId": "http://localhost:8081/sales-post-sig-transient/",
+ "enabled": true,
+ "protocol": "saml",
+ "fullScopeAllowed": true,
+ "baseUrl": "http://localhost:8080/sales-post-sig-transient",
+ "adminUrl": "http://localhost:8080/sales-post-sig-transient",
+ "redirectUris": [
+ "http://localhost:8080/sales-post-sig-transient/*"
+ ],
+ "attributes": {
+ "saml.server.signature": "true",
+ "saml.signature.algorithm": "RSA_SHA256",
+ "saml.client.signature": "true",
+ "saml.authnstatement": "true",
+ "saml.signing.certificate": "MIIB1DCCAT0CBgFJGP5dZDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1zaWcvMB4XDTE0MTAxNjEyNDQyM1oXDTI0MTAxNjEyNDYwM1owMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3Qtc2lnLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1RvGu8RjemSJA23nnMksoHA37MqY1DDTxOECY4rPAd9egr7GUNIXE0y1MokaR5R2crNpN8RIRwR8phQtQDjXL82c6W+NLQISxztarQJ7rdNJIYwHY0d5ri1XRpDP8zAuxubPYiMAVYcDkIcvlbBpwh/dRM5I2eElRK+eSiaMkCUCAwEAATANBgkqhkiG9w0BAQsFAAOBgQCLms6htnPaY69k1ntm9a5jgwSn/K61cdai8R8B0ccY7zvinn9AfRD7fiROQpFyY29wKn8WCLrJ86NBXfgFUGyR5nLNHVy3FghE36N2oHy53uichieMxffE6vhkKJ4P8ChfJMMOZlmCPsQPDvjoAghHt4mriFiQgRdPgIy/zDjSNw=="
+ }
+ },
+ {
+ "clientId": "http://localhost:8081/sales-post-sig-persistent/",
+ "enabled": true,
+ "protocol": "saml",
+ "fullScopeAllowed": true,
+ "baseUrl": "http://localhost:8080/sales-post-sig-persistent",
+ "redirectUris": [
+ "http://localhost:8080/sales-post-sig-persistent/*"
+ ],
+ "attributes": {
+ "saml.server.signature": "true",
+ "saml.signature.algorithm": "RSA_SHA256",
+ "saml.client.signature": "true",
+ "saml.authnstatement": "true",
+ "saml.signing.certificate": "MIIB1DCCAT0CBgFJGP5dZDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1zaWcvMB4XDTE0MTAxNjEyNDQyM1oXDTI0MTAxNjEyNDYwM1owMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3Qtc2lnLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1RvGu8RjemSJA23nnMksoHA37MqY1DDTxOECY4rPAd9egr7GUNIXE0y1MokaR5R2crNpN8RIRwR8phQtQDjXL82c6W+NLQISxztarQJ7rdNJIYwHY0d5ri1XRpDP8zAuxubPYiMAVYcDkIcvlbBpwh/dRM5I2eElRK+eSiaMkCUCAwEAATANBgkqhkiG9w0BAQsFAAOBgQCLms6htnPaY69k1ntm9a5jgwSn/K61cdai8R8B0ccY7zvinn9AfRD7fiROQpFyY29wKn8WCLrJ86NBXfgFUGyR5nLNHVy3FghE36N2oHy53uichieMxffE6vhkKJ4P8ChfJMMOZlmCPsQPDvjoAghHt4mriFiQgRdPgIy/zDjSNw=="
+ }
+ },
+ {
+ "clientId": "http://localhost:8081/sales-post-sig-email/",
+ "enabled": true,
+ "protocol": "saml",
+ "fullScopeAllowed": true,
+ "baseUrl": "http://localhost:8080/sales-post-sig-email",
+ "adminUrl": "http://localhost:8080/sales-post-sig-email",
+ "redirectUris": [
+ "http://localhost:8080/sales-post-sig-email/*"
+ ],
+ "attributes": {
+ "saml_force_name_id_format": "true",
+ "saml_name_id_format": "email",
+ "saml.server.signature": "true",
+ "saml.signature.algorithm": "RSA_SHA256",
+ "saml.client.signature": "true",
+ "saml.authnstatement": "true",
+ "saml.signing.certificate": "MIIB1DCCAT0CBgFJGP5dZDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1zaWcvMB4XDTE0MTAxNjEyNDQyM1oXDTI0MTAxNjEyNDYwM1owMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3Qtc2lnLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1RvGu8RjemSJA23nnMksoHA37MqY1DDTxOECY4rPAd9egr7GUNIXE0y1MokaR5R2crNpN8RIRwR8phQtQDjXL82c6W+NLQISxztarQJ7rdNJIYwHY0d5ri1XRpDP8zAuxubPYiMAVYcDkIcvlbBpwh/dRM5I2eElRK+eSiaMkCUCAwEAATANBgkqhkiG9w0BAQsFAAOBgQCLms6htnPaY69k1ntm9a5jgwSn/K61cdai8R8B0ccY7zvinn9AfRD7fiROQpFyY29wKn8WCLrJ86NBXfgFUGyR5nLNHVy3FghE36N2oHy53uichieMxffE6vhkKJ4P8ChfJMMOZlmCPsQPDvjoAghHt4mriFiQgRdPgIy/zDjSNw=="
+ }
+ },
+ {
+ "clientId": "http://localhost:8081/bad-realm-sales-post-sig/",
+ "enabled": true,
+ "protocol": "saml",
+ "fullScopeAllowed": true,
+ "baseUrl": "http://localhost:8080/bad-realm-sales-post-sig/",
+ "adminUrl": "http://localhost:8080/bad-realm-sales-post-sig/",
+ "redirectUris": [
+ "http://localhost:8080/bad-realm-sales-post-sig/*"
+ ],
+ "attributes": {
+ "saml.server.signature": "true",
+ "saml.client.signature": "true",
+ "saml.authnstatement": "true",
+ "saml.signing.certificate": "MIIB1DCCAT0CBgFJGP5dZDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1zaWcvMB4XDTE0MTAxNjEyNDQyM1oXDTI0MTAxNjEyNDYwM1owMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3Qtc2lnLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1RvGu8RjemSJA23nnMksoHA37MqY1DDTxOECY4rPAd9egr7GUNIXE0y1MokaR5R2crNpN8RIRwR8phQtQDjXL82c6W+NLQISxztarQJ7rdNJIYwHY0d5ri1XRpDP8zAuxubPYiMAVYcDkIcvlbBpwh/dRM5I2eElRK+eSiaMkCUCAwEAATANBgkqhkiG9w0BAQsFAAOBgQCLms6htnPaY69k1ntm9a5jgwSn/K61cdai8R8B0ccY7zvinn9AfRD7fiROQpFyY29wKn8WCLrJ86NBXfgFUGyR5nLNHVy3FghE36N2oHy53uichieMxffE6vhkKJ4P8ChfJMMOZlmCPsQPDvjoAghHt4mriFiQgRdPgIy/zDjSNw=="
+ }
+ },
+ {
+ "clientId": "http://localhost:8081/bad-client-sales-post-sig/",
+ "enabled": true,
+ "protocol": "saml",
+ "fullScopeAllowed": true,
+ "baseUrl": "http://localhost:8080/bad-client-sales-post-sig/",
+ "adminUrl": "http://localhost:8080/bad-client-sales-post-sig/",
+ "redirectUris": [
+ "http://localhost:8080/bad-client-sales-post-sig/*"
+ ],
+ "attributes": {
+ "saml.server.signature": "true",
+ "saml.client.signature": "true",
+ "saml.authnstatement": "true",
+ "saml.signing.certificate": "MIIB1DCCAT0CBgFJGVacCDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1lbmMvMB4XDTE0MTAxNjE0MjA0NloXDTI0MTAxNjE0MjIyNlowMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3QtZW5jLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2+5MCT5BnVN+IYnKZcH6ev1pjXGi4feE0nOycq/VJ3aeaZMi4G9AxOxCBPupErOC7Kgm/Bw5AdJyw+Q12wSRXfJ9FhqCrLXpb7YOhbVSTJ8De5O8mW35DxAlh/cxe9FXjqPb286wKTUZ3LfGYR+X235UQeCTAPS/Ufi21EXaEikCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBMrfGD9QFfx5v7ld/OAto5rjkTe3R1Qei8XRXfcs83vLaqEzjEtTuLGrJEi55kXuJgBpVmQpnwCCkkjSy0JxbqLDdVi9arfWUxEGmOr01ZHycELhDNaQcFqVMPr5kRHIHgktT8hK2IgCvd3Fy9/JCgUgCPxKfhwecyEOKxUc857g=="
+ }
+ },
+ {
+ "clientId": "http://localhost:8081/sales-post-enc/",
+ "enabled": true,
+ "protocol": "saml",
+ "fullScopeAllowed": true,
+ "baseUrl": "http://localhost:8080/sales-post-enc",
+ "redirectUris": [
+ "http://localhost:8080/sales-post-enc/*"
+ ],
+ "attributes": {
+ "saml.server.signature": "true",
+ "saml.signature.algorithm": "RSA_SHA512",
+ "saml.client.signature": "true",
+ "saml.encrypt": "true",
+ "saml.authnstatement": "true",
+ "saml.signing.certificate": "MIIB1DCCAT0CBgFJGVacCDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1lbmMvMB4XDTE0MTAxNjE0MjA0NloXDTI0MTAxNjE0MjIyNlowMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3QtZW5jLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2+5MCT5BnVN+IYnKZcH6ev1pjXGi4feE0nOycq/VJ3aeaZMi4G9AxOxCBPupErOC7Kgm/Bw5AdJyw+Q12wSRXfJ9FhqCrLXpb7YOhbVSTJ8De5O8mW35DxAlh/cxe9FXjqPb286wKTUZ3LfGYR+X235UQeCTAPS/Ufi21EXaEikCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBMrfGD9QFfx5v7ld/OAto5rjkTe3R1Qei8XRXfcs83vLaqEzjEtTuLGrJEi55kXuJgBpVmQpnwCCkkjSy0JxbqLDdVi9arfWUxEGmOr01ZHycELhDNaQcFqVMPr5kRHIHgktT8hK2IgCvd3Fy9/JCgUgCPxKfhwecyEOKxUc857g==",
+ "saml.encryption.certificate": "MIIB1DCCAT0CBgFJGVacCDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1lbmMvMB4XDTE0MTAxNjE0MjA0NloXDTI0MTAxNjE0MjIyNlowMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3QtZW5jLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2+5MCT5BnVN+IYnKZcH6ev1pjXGi4feE0nOycq/VJ3aeaZMi4G9AxOxCBPupErOC7Kgm/Bw5AdJyw+Q12wSRXfJ9FhqCrLXpb7YOhbVSTJ8De5O8mW35DxAlh/cxe9FXjqPb286wKTUZ3LfGYR+X235UQeCTAPS/Ufi21EXaEikCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBMrfGD9QFfx5v7ld/OAto5rjkTe3R1Qei8XRXfcs83vLaqEzjEtTuLGrJEi55kXuJgBpVmQpnwCCkkjSy0JxbqLDdVi9arfWUxEGmOr01ZHycELhDNaQcFqVMPr5kRHIHgktT8hK2IgCvd3Fy9/JCgUgCPxKfhwecyEOKxUc857g=="
+ }
+ },
+ {
+ "clientId": "http://localhost:8081/employee-sig/",
+ "enabled": true,
+ "protocol": "saml",
+ "fullScopeAllowed": true,
+ "baseUrl": "http://localhost:8080/employee-sig",
+ "redirectUris": [
+ "http://localhost:8080/employee-sig/*"
+ ],
+ "adminUrl": "http://localhost:8080/employee-sig/",
+ "attributes": {
+ "saml.server.signature": "true",
+ "saml.client.signature": "true",
+ "saml.signature.algorithm": "RSA_SHA256",
+ "saml.authnstatement": "true",
+ "saml.signing.certificate": "MIIB0DCCATkCBgFJH5u0EDANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNodHRwOi8vbG9jYWxob3N0OjgwODAvZW1wbG95ZWUtc2lnLzAeFw0xNDEwMTcxOTMzNThaFw0yNDEwMTcxOTM1MzhaMC4xLDAqBgNVBAMTI2h0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9lbXBsb3llZS1zaWcvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+9kVgPFpshjS2aT2g52lqTv2lqb1jgvXZVk7iFF4LAO6SdCXKXRZI4SuzIRkVNpE1a42V1kQRlaozoFklgvX5sje8tkpa9ylq+bxGXM9RRycqRu2B+oWUV7Aqq7Bs0Xud0WeHQYRcEoCjqsFKGy65qkLRDdT70FTJgpSHts+gDwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACKyPLGqMX8GsIrCfJU8eVnpaqzTXMglLVo/nTcfAnWe9UAdVe8N3a2PXpDBvuqNA/DEAhVcQgxdlOTWnB6s8/yLTRuH0bZgb3qGdySif+lU+E7zZ/SiDzavAvn+ABqemnzHcHyhYO+hNRGHvUbW5OAii9Vdjhm8BI32YF1NwhKp"
+ }
+ },
+ {
+ "clientId": "http://localhost:8081/employee/",
+ "enabled": true,
+ "protocol": "saml",
+ "fullScopeAllowed": true,
+ "baseUrl": "http://localhost:8080/employee/",
+ "redirectUris": [
+ "http://localhost:8080/employee/*"
+ ],
+ "adminUrl": "http://localhost:8080/employee/",
+ "attributes": {
+ "saml.authnstatement": "true"
+ },
+ "protocolMappers": [
+ {
+ "name": "email",
+ "protocol": "saml",
+ "protocolMapper": "saml-user-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "email",
+ "friendly.name": "email",
+ "attribute.name": "urn:oid:1.2.840.113549.1.9.1",
+ "attribute.nameformat": "URI Reference"
+ }
+ },
+ {
+ "name": "phone",
+ "protocol": "saml",
+ "protocolMapper": "saml-user-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "phone",
+ "attribute.name": "phone",
+ "attribute.nameformat": "Basic"
+ }
+ },
+ {
+ "name": "role-list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "attribute.name": "Role",
+ "attribute.nameformat": "Basic",
+ "single": "false"
+ }
+ }
+ ]
+ },
+ {
+ "clientId": "http://localhost:8081/employee2/",
+ "enabled": true,
+ "protocol": "saml",
+ "fullScopeAllowed": true,
+ "baseUrl": "http://localhost:8080/employee2/",
+ "redirectUris": [
+ "http://localhost:8080/employee2/*"
+ ],
+ "adminUrl": "http://localhost:8080/employee2/",
+ "attributes": {
+ "saml.authnstatement": "true"
+ },
+ "protocolMappers": [
+ {
+ "name": "email",
+ "protocol": "saml",
+ "protocolMapper": "saml-user-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "email",
+ "friendly.name": "email",
+ "attribute.name": "urn:oid:1.2.840.113549.1.9.1",
+ "attribute.nameformat": "URI Reference"
+ }
+ },
+ {
+ "name": "phone",
+ "protocol": "saml",
+ "protocolMapper": "saml-user-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "phone",
+ "attribute.name": "phone",
+ "attribute.nameformat": "Basic"
+ }
+ },
+ {
+ "name": "role-list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "attribute.name": "Role",
+ "attribute.nameformat": "Basic",
+ "single": "false"
+ }
+ }
+ ]
+ },
+ {
+ "clientId": "http://localhost:8081/employee-sig-front/",
+ "enabled": true,
+ "protocol": "saml",
+ "fullScopeAllowed": true,
+ "frontchannelLogout": true,
+ "baseUrl": "http://localhost:8080/employee-sig-front/",
+ "redirectUris": [
+ "http://localhost:8080/employee-sig-front/*"
+ ],
+ "attributes": {
+ "saml.server.signature": "true",
+ "saml.client.signature": "true",
+ "saml.signature.algorithm": "RSA_SHA1",
+ "saml.authnstatement": "true",
+ "saml.signing.certificate": "MIIB0DCCATkCBgFJH5u0EDANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNodHRwOi8vbG9jYWxob3N0OjgwODAvZW1wbG95ZWUtc2lnLzAeFw0xNDEwMTcxOTMzNThaFw0yNDEwMTcxOTM1MzhaMC4xLDAqBgNVBAMTI2h0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9lbXBsb3llZS1zaWcvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+9kVgPFpshjS2aT2g52lqTv2lqb1jgvXZVk7iFF4LAO6SdCXKXRZI4SuzIRkVNpE1a42V1kQRlaozoFklgvX5sje8tkpa9ylq+bxGXM9RRycqRu2B+oWUV7Aqq7Bs0Xud0WeHQYRcEoCjqsFKGy65qkLRDdT70FTJgpSHts+gDwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACKyPLGqMX8GsIrCfJU8eVnpaqzTXMglLVo/nTcfAnWe9UAdVe8N3a2PXpDBvuqNA/DEAhVcQgxdlOTWnB6s8/yLTRuH0bZgb3qGdySif+lU+E7zZ/SiDzavAvn+ABqemnzHcHyhYO+hNRGHvUbW5OAii9Vdjhm8BI32YF1NwhKp"
+ }
+ }
+ ],
+ "groups" : [
+ {
+ "name": "top",
+ "attributes": {
+ "topAttribute": ["true"]
+
+ },
+ "realmRoles": ["manager"],
+ "subGroups": [
+ {
+ "name": "level2",
+ "realmRoles": ["user"],
+ "attributes": {
+ "level2Attribute": ["true"]
+
+ }
+ }
+ ]
+ }
+ ],
+
+ "roles" : {
+ "realm" : [
+ {
+ "name": "manager",
+ "description": "Have Manager privileges"
+ },
+ {
+ "name": "user",
+ "description": "Have User privileges"
+ }
+ ],
+ "application" : {
+ "http://localhost:8081/employee/" : [
+ {
+ "name": "employee",
+ "description": "Have Employee privileges"
+ }
+ ],
+ "http://localhost:8081/employee2/" : [
+ {
+ "name": "employee",
+ "description": "Have Employee privileges"
+ }
+ ]
+ }
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/web.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/web.xml
new file mode 100644
index 0000000..aa74040
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/web.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>%CONTEXT_PATH%</module-name>
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.keycloak.testsuite.adapter.servlet.SendUsernameServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Application</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>manager</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>KEYCLOAK-SAML</auth-method>
+ <realm-name>demo</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>manager</role-name>
+ </security-role>
+</web-app>