From 93149d6b478d313e60e970ea4970fa6fb342fe0a Mon Sep 17 00:00:00 2001 From: mhajas Date: Mon, 29 Jun 2020 09:03:56 +0200 Subject: [PATCH] KEYCLOAK-14234 Adjust Adapter testsuite to work with app/auth.server.host including TLS configured --- .../integration-arquillian/HOW-TO-RUN.md | 9 +- .../common/cli/add-secured-deployments.cli | 4 +- .../jboss/common/keystore/adapter.jks | Bin 2273 -> 2290 bytes .../jboss/common/keystore/keycloak.truststore | Bin 1897 -> 1914 bytes .../config/cli/add-secured-deployments.cli | 4 +- .../common/common-files/keystore/adapter.jks | Bin 2273 -> 2290 bytes .../common-files/keystore/keycloak.truststore | Bin 1897 -> 1914 bytes .../common-files/tomcat-add-connector.xsl | 4 +- .../servers/app-server/tomcat/pom.xml | 2 +- .../jboss/common/keystore/keycloak.truststore | Bin 215730 -> 215747 bytes .../keycloak/testsuite/util/ServerURLs.java | 14 +- .../angular-product/src/main/webapp/js/app.js | 3 +- .../src/main/webapp/logout-include.jsp | 3 +- .../src/main/webapp/logout-include.jsp | 3 +- .../adapter/servlet/CustomerServlet.java | 6 +- .../servlet/CustomerServletNoConf.java | 8 +- .../adapter/servlet/InputServlet.java | 2 +- .../adapter/servlet/OfflineTokenServlet.java | 8 +- .../adapter/servlet/SamlSPFacade.java | 2 +- .../adapter/servlet/ServletTestUtils.java | 38 ++--- .../integration-arquillian/tests/base/pom.xml | 47 ++++++- .../arquillian/AppServerTestEnricher.java | 79 ++++++++++- .../SelfManagedAppContainerLifecycle.java | 9 +- .../arquillian/provider/URLProvider.java | 77 +++------- .../page/AbstractPageWithInjectedUrl.java | 7 +- .../testsuite/util/ContainerAssume.java | 6 +- .../adapter/AbstractAdapterClusteredTest.java | 9 +- .../adapter/AbstractAdapterTest.java | 100 +++++-------- .../AbstractSAMLAdapterClusteredTest.java | 28 ++++ .../DefaultAuthzConfigAdapterTest.java | 3 +- .../ServletPolicyEnforcerTest.java | 3 +- .../example/cors/CorsExampleAdapterTest.java | 12 -- .../fuse/EAP6Fuse6HawtioAdapterTest.java | 2 + .../servlet/DemoServletsAdapterTest.java | 14 +- .../servlet/SAMLFilterServletAdapterTest.java | 7 + .../adapter/servlet/SAMLSameSiteTest.java | 132 ------------------ .../servlet/SAMLServletAdapterTest.java | 21 ++- .../SecuredDeploymentsAdapterTest.java | 22 ++- .../cluster/OIDCAdapterClusterTest.java | 23 +++ .../resources/keystore/keycloak.truststore | Bin 213158 -> 213175 bytes .../integration-arquillian/tests/pom.xml | 27 +++- .../DeploymentArchiveProcessorUtils.java | 25 +++- .../TomcatAppServerConfigurationUtils.java | 3 +- 43 files changed, 394 insertions(+), 372 deletions(-) delete mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLSameSiteTest.java diff --git a/testsuite/integration-arquillian/HOW-TO-RUN.md b/testsuite/integration-arquillian/HOW-TO-RUN.md index c2dd67bb533..e704c85c672 100644 --- a/testsuite/integration-arquillian/HOW-TO-RUN.md +++ b/testsuite/integration-arquillian/HOW-TO-RUN.md @@ -999,4 +999,11 @@ because this is not UI testing). For debugging purposes you can override the hea mvn clean install -f testsuite/integration-arquillian/tests/base \ -Pfirefox-strict-cookies \ -Dtest=**.javascript.** \ - -Dauth.server.host=[some_host] -Dauth.server.host2=[some_other_host] \ No newline at end of file + -Dauth.server.host=[some_host] -Dauth.server.host2=[some_other_host] + +**General adapter tests** + + mvn clean install -f testsuite/integration-arquillian/tests/base \ + -Pfirefox-strict-cookies \ + -Dtest=**.adapter.** \ + -Dauth.server.host=[some_host] -Dauth.server.host2=[some_other_host] \ No newline at end of file diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/common/cli/add-secured-deployments.cli b/testsuite/integration-arquillian/servers/app-server/jboss/common/cli/add-secured-deployments.cli index 10aef026fea..437691a70bc 100644 --- a/testsuite/integration-arquillian/servers/app-server/jboss/common/cli/add-secured-deployments.cli +++ b/testsuite/integration-arquillian/servers/app-server/jboss/common/cli/add-secured-deployments.cli @@ -3,7 +3,7 @@ embed-server --server-config=standalone.xml /subsystem=keycloak/secure-deployment=customer-portal-subsystem.war/:add( \ realm=demo, \ resource=customer-portal-subsystem, \ - auth-server-url=${auth.server.actual.protocol:https}://localhost:${auth.server.actual.https.port:8543}/auth, \ + auth-server-url=${auth.server.actual.protocol:https}://${auth.server.host:localhost}:${auth.server.https.port:8543}/auth, \ ssl-required=EXTERNAL, \ disable-trust-manager=true, \ realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB \ @@ -13,7 +13,7 @@ embed-server --server-config=standalone.xml /subsystem=keycloak/secure-deployment=product-portal-subsystem.war/:add( \ realm=demo, \ resource=product-portal-subsystem, \ - auth-server-url=${auth.server.actual.protocol:https}://localhost:${auth.server.actual.https.port:8543}/auth, \ + auth-server-url=${auth.server.actual.protocol:https}://${auth.server.host:localhost}:${auth.server.https.port:8543}/auth, \ ssl-required=EXTERNAL, \ disable-trust-manager=true, \ realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB \ diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/common/keystore/adapter.jks b/testsuite/integration-arquillian/servers/app-server/jboss/common/keystore/adapter.jks index 0eb0dc07b9040d12014fe2c9be2944bd20c33fd1..522dc59bfd97c6628aa78654192c16a9c97d6649 100644 GIT binary patch delta 2034 zcmVCMoYULx6q@DPk70J51P67>zX; z)fT*;Yx5(@kE;PpS!sm>U=JB?*~tXb6MHW@D7)faDi?dMMr(tttY@633D#8S&2dFB z;a_5(2a?7ksEWv+?pAU2U1LJ}Ntk5 z*3GpriO($?!wWAtam^(n{J4B|1u;Sq-5F1h>Ef|1wn&-xvCSbm4DRHSxPap0es9*< z~Hj#-V2lJOxdKc zoqovLWbw^(EEsO3rpjABj3z4Gr*uDIp%h5&b7#ofP3w_5hYQSfi~f)oC(k#<7k6GM zfl#!676Z10$%G!dzuEkjXf~+c6;&hs*9U9PUSy9fxRrk)YflNtnd#m{km?e3=VabC zAfa}wJOAgx6a{<(jsx%a=pN5}^joV9xSl+3Z+ewQiQwxONLyl0)Klqy0lfMv$xIcNIBe8JOmhFp9nnW$*#5IA zMunv%J0&V4=mi~)=9U}^pu%}}mHwZ<2|?!^tdI7PHz-NE zN+>!lxX6NK-c9epwTYqZ>nI;eSn zVp8BKae*V>&IhV+d^t;RE;zGKLJ9zC5JFT4v%cNB!+h9ltij5K%}QOEGI-Dqqb6ox zDV_sB>&@vG(jUTE@UPEJ)8sbt%}yhQZ)p);Fn9zUI86TvhVqC1iwA+9zU4vH>tIVF ze)mR=U6or5oJvP3=wv^xIT{(3t`g9H;`mL=>+`-eJY#Axzlr0T<%K>XkrM(eDMbuF zg_e3@s4Ew>sUJR#Hr1559uVh)Fqh9sZx^K$NAxT5Q-i>I`|OFRa-8H^d{ut_WEiY<&~L5&oT&-tKS#%4v{u2N!{sxjD@YP zu*w|E4PoJU(6%x(fb3A)@ggm9U|)(cIXQz6E??q=ijZSF@^4(IHz)A}S^ypr3>Wux z!6$6_y{KaFaM7%aSvh)*DM!~^<(1t#$40LI^!?38lIT_}Vv{Y9eS-HZGtld5eE#Rh zBlk`yP4krFn<4P&)KYP)N!D@3;;IM(w2VSVxH{UA~(_HY~ zm+i0rIvO@m_H5+D3Mf#I{3s>ph+#s(8nJ*GTyd!lLz_4Fqk^T3N1SF=k<=toI}U5_ z=C8U_NsQHJ7#u5YK%x4JnSD?R?0QYQiJi04y_VBVszz83*%V2fV#wzJ000311z0XM zFgXAK1Ew&71EMg30*asm0s#U71PLcNLX%4ceHk_~Gch(YH8n9>7!NczH8?OeGB7bV zGBq`m;RT9+oGu3`;8|S)gpcY z4(Al4S8@8dx^n{7bkq68#QVWeN^s|PO=1eM8^mFMe~K~yRIbYDM-Gjal$R~c>GgKg z4$|M6m!1p!C1*NQ)a3QC949QINf3XY7*|>vL^hki38SBr1eq}$)r~;NP>_2dn#JU_ zX}AI`zudPSc@*(2Q^?OIn{o=Y_NGSnW2`u#5P4?A@#|r&E+|LbF9YJ)&;8YKzJLX5;^{nG)#9 zJ?MX_Vc=Mnf1YVEE393CH!XL`-_laRfhy|Nr`%x3BE;JF`_X_inDS}8V-jDzsxa)Y z6SOv#$AYjSGEjAx**(KnNFnT!;=CwR3|LsXm+=j zEy_XEyW^P0V8fj?ozm-8f#o{tGSb+>3#nR*DDK@+$=9 zrk8EW9a{exYe^_@Oqe%W8-)&uu@q+bH@9UOMrP@GZV!%s(18I%hFI);%={svoz@onA zLs@(QnMLq+KkLxKnCJZsI(K~)(RUL$Co8u)ruGxgq&JkpU%qF8G(t<}B|j0ltWz=e z0l~qms4*Y4YB58v%ugjhSq{0Zo!F2??T5u*4bA0hS&v{d;PY{c%xe)aw26j=P!V;p zNKnUXpg077aj{z)2iIUN(gzJFW`8)5RtNKW&XNyf{-11NwzOAswS+zTctXPK$g|J? zblu>7yxRZ$4`30$u60S zl3P`Owra{%$(b;#&^B%p*};!(W>AvW?{3nYrq5rd*!PnizfEdnTv_y42;DGkKFYOS zL}*(92K-&y%zGy+N4KPf{M8L z{3Vfi=Qm%GMjSTxJ&<~Pu5tB0;LZbx^UY>$q=#Ea;CH}mX|zrx)4mvPk8Q1{VTClo zPE`>gHRA@JgSJxPBw>5209$rk)wKKLN6k~C>Q;M66i0z2^VEHptL(F}q~25WDZNar{&boV3QH_T{Mj8rknS3Dmt zQsvaXu31C-)TGf0cshA(;NJMPdir-mTq2`?!~}drw5P!|bDCB5YgK-xS!~oc#@5O4{V9m!o$?PHT89E=P&aeFN@H((Wa>$b2O6>iw{1> zmK7az$r&g?m~}F-OTR{}|E%6pT3dj!bK84(e9sDrO1473e=&hW4b84@9bC_UB06IN z!EYq2+bW-GVpv94PE3*N(QSQbMdE4+Wvt7%V(K^qW4{WV(OLf!m5TJq|BID$5|rm% zPTrRzA`DV?Jo93#wZbA3Ga;&@X?goct&*3NlmSzF zS^&aucH4Lo(j^Lk!$UfJBntvGqBHE~VA=e@H+Vl-T&db2{}{T0Gbc&m*6lkqiJOT000311z0XM zFgXAK1C=m>1CcO-0(qbV0s#U71UzrnY?Dg`eHk?}H!(IfHZw6=7!NWsIW#acF)=YV zH8wMo;RT9+h^!io0<%6AkvtuFg!?}nVYmAM(%hT0Fi~1ZK-VoiqLzkkc#1f}Z5B>U=aMsgT%(;5*#mdr(@E;=*r^=qgPe1q%NmsZshvymSQ4?@DF`zfI(?n?Rsy# z)E2eXvF4HGs|81i+2?%F^OdD49u$Eub~_CwLH5Xk&mzX?lvk*c)voXvjU#h-aa)#1fpAwp z#cGxoaE$^30RRD`M=(V&BnAUj9T5Z_FdLJ92OEDd9R>qc9S#H*1QZTDGP76ynX6|J z5yp;GpISooke4tG1_>&LNQUGyN9 zj;oe_Bls+-YTH1n2QG>|gKQRf$tHvYXfi3w+pHn1zQCHuaC#DPH0xTKRGoh{1LjJI zLJ3TRyj%$a@XjH<%7s+*Upin^+*FmOl?zG2-l$+gs&o_4a885S4^Xw7Fi4UJ5I50IbFfleVH8n9>kx^)q`2-+;oGu3`;8|S)gpcY4(Al4S8@8dx^n{7bkq68#QVWe zN^s|PO=1eM8^mFMe~K~yRIbYDM-Gjal$R~c>GgKg4$|M6m!1p!C1*NQ)a3QC949QI zNf3XY7*|>vL^hki38SBr1eq}$)r~;NP>_2dn#JU_X}AI`zudPSc@*(2Q^?OIn{o=Y z_NGcxSZ-NPIZ)0I>Xm4|LhXj8B00A%^ z1_M zbPc#z?Kab}i}-o$-K;RDQ0HeZ**V8|lG+V}g>fHRo#X}x0-U%jd@?5`8FHkQYNupu&2mhofZOI*4{~2pZC~!=e zH(48n4vDc8XB;~}ZRetx^&wwccq{qI9D1Ok83K5#v%~|D0~F1CcO-0(qbV0s#U71Uzrn zY>`5J8#OXFF*Y?eGcj5i4>B@2G%zzUF)=nZHZw6=kx^)q3I!m4h^!io0<%6AkvtuF zg!?}nVYmAM(%hT0Fi~1ZK-VoiqLzkkc#1f}Z5B>U=aMsgT%(;5*#mdr(@E; z=*r^=qgPe1q%NmsZshvymSQ4?@DF`zfI(?n?Rsy#)E2eXvF4H zGs|81i+2?%F^OdD49u$Eub~_CwLH5Xk&mzX?lvk*c)voXvjU#h-aa)#1fpAwp#cGyNaE$^30RRD`M=(V&BnAUj z9T5Z_FdKpyVQ_FQb75_4Eip1TEif%GEio=`X>cxSZ!jGO163Uk1QrAo4m>imSN@r+ zXAu#`j#QsoLiLcBlfeQMe-PFH@kxRK{);^Bi}4wp?-X31ad;m^7$((~iJA5r^&-iI zKV!cuoIVy2j(|y-uDpTDAjFKVnJCR1Lol@(AvEzf1+ZMAqS)OEbLu_WY~64M{918s z80Espyqoqsh0=1Pb{2~2~$TnPg3&LO?Z zg;e!lI$%`XRF$Tc3&P&0U_z>N6VY%^gV_&IwVW_WpkxOl2+c<04t~dXgOiQ4w@3!N s%kKPew$de^CMoYULx6q@DPk70J51P67>zX; z)fT*;Yx5(@kE;PpS!sm>U=JB?*~tXb6MHW@D7)faDi?dMMr(tttY@633D#8S&2dFB z;a_5(2a?7ksEWv+?pAU2U1LJ}Ntk5 z*3GpriO($?!wWAtam^(n{J4B|1u;Sq-5F1h>Ef|1wn&-xvCSbm4DRHSxPap0es9*< z~Hj#-V2lJOxdKc zoqovLWbw^(EEsO3rpjABj3z4Gr*uDIp%h5&b7#ofP3w_5hYQSfi~f)oC(k#<7k6GM zfl#!676Z10$%G!dzuEkjXf~+c6;&hs*9U9PUSy9fxRrk)YflNtnd#m{km?e3=VabC zAfa}wJOAgx6a{<(jsx%a=pN5}^joV9xSl+3Z+ewQiQwxONLyl0)Klqy0lfMv$xIcNIBe8JOmhFp9nnW$*#5IA zMunv%J0&V4=mi~)=9U}^pu%}}mHwZ<2|?!^tdI7PHz-NE zN+>!lxX6NK-c9epwTYqZ>nI;eSn zVp8BKae*V>&IhV+d^t;RE;zGKLJ9zC5JFT4v%cNB!+h9ltij5K%}QOEGI-Dqqb6ox zDV_sB>&@vG(jUTE@UPEJ)8sbt%}yhQZ)p);Fn9zUI86TvhVqC1iwA+9zU4vH>tIVF ze)mR=U6or5oJvP3=wv^xIT{(3t`g9H;`mL=>+`-eJY#Axzlr0T<%K>XkrM(eDMbuF zg_e3@s4Ew>sUJR#Hr1559uVh)Fqh9sZx^K$NAxT5Q-i>I`|OFRa-8H^d{ut_WEiY<&~L5&oT&-tKS#%4v{u2N!{sxjD@YP zu*w|E4PoJU(6%x(fb3A)@ggm9U|)(cIXQz6E??q=ijZSF@^4(IHz)A}S^ypr3>Wux z!6$6_y{KaFaM7%aSvh)*DM!~^<(1t#$40LI^!?38lIT_}Vv{Y9eS-HZGtld5eE#Rh zBlk`yP4krFn<4P&)KYP)N!D@3;;IM(w2VSVxH{UA~(_HY~ zm+i0rIvO@m_H5+D3Mf#I{3s>ph+#s(8nJ*GTyd!lLz_4Fqk^T3N1SF=k<=toI}U5_ z=C8U_NsQHJ7#u5YK%x4JnSD?R?0QYQiJi04y_VBVszz83*%V2fV#wzJ000311z0XM zFgXAK1Ew&71EMg30*asm0s#U71PLcNLX%4ceHk_~Gch(YH8n9>7!NczH8?OeGB7bV zGBq`m;RT9+oGu3`;8|S)gpcY z4(Al4S8@8dx^n{7bkq68#QVWeN^s|PO=1eM8^mFMe~K~yRIbYDM-Gjal$R~c>GgKg z4$|M6m!1p!C1*NQ)a3QC949QINf3XY7*|>vL^hki38SBr1eq}$)r~;NP>_2dn#JU_ zX}AI`zudPSc@*(2Q^?OIn{o=Y_NGSnW2`u#5P4?A@#|r&E+|LbF9YJ)&;8YKzJLX5;^{nG)#9 zJ?MX_Vc=Mnf1YVEE393CH!XL`-_laRfhy|Nr`%x3BE;JF`_X_inDS}8V-jDzsxa)Y z6SOv#$AYjSGEjAx**(KnNFnT!;=CwR3|LsXm+=j zEy_XEyW^P0V8fj?ozm-8f#o{tGSb+>3#nR*DDK@+$=9 zrk8EW9a{exYe^_@Oqe%W8-)&uu@q+gqR7Z%%Om+sdXZh+IeveZJOG(@c0slMtx3G@|r`(0C-ct&^_ z7VF#~4}_$;jDT9q&;I0;T9%TUs&7Iz9c2U-*PG*`8dvCv8{K<(O$Li)QdZxM5nr63 z57Ug}{DSv?{Ey@1@6)UtJVG2B2$m7oNM*JAZT9mAd|s)-D?!ibGEmO_txCjsem8(x z2mz%-DopA5pM>K4Rn-^GY#{Qf*Kg#yu}{-I>PA(SrJ|c4!!pg3z{DI1E(bK2V#~@W zPXTRq1Mte60tf0Lm0AEe@71#(+0}Oosf})QZ}I(Z2b*L7ntV?jV-}GZK`G7>RwzBFusI|2yiAg%*C;r7aI6FwraZcW=;6nSKyB zd`YjJ5uM}LUO=cWPp9nhpbO>N8^umQ80Fd7th^E1G>(ZnhhDB3boN_sG}E%_{lO#W zoM9(_E_bwo&0$({s1X`q#3w(tN1P$_cwIL^_dRr4+6jiXse#3=Hx?-O-G5ei)6Ssyfk4rA9C&Ew{iX46Ruxr!zj;b7Em^Gb#<=O zw7rc+W=Zwws~+L*TAU+|Ko=+_6pGdu6yR-tW^vo7osf1a1h>K{NbK>$$cxE@hec;u zF0!E!*D3z3CHn1 zgoRX~ovu=miQVFV zpmYp4pDAKRL8)chB@+(yi~haJdM{%MRhfwO9r;lTNLwkmu;nyB>NC-ocNAAsKAIxe zu0Qx7p$2_urI%X~@Pv6ZLrbSKyufFUF#H^O7Hzx9E-T&u@PD zCPcvVm>OJvw))KoQ30In`Jm9ybVXQ2%tr;#vgA0^IYVSAqM*G}uCCMe5abNUY#J=( zkdBHyeesS=(kc5%ZfjuCF70^tecVwtlMwc-_8n8ofDb#;jV)}C3wf22GPNInr|N>Z z7Pw`7z$>hO@cEi&sA{*^+s8!BV|OvYl1x!VyJfB}aO((auc^2=BSR&B_c=q03_&ql zH0?3n-2*vjd1|Bc!6QV`6y_~02ec>|=Y)kl9CfTp@gDWo)bNoRtE;aZwKU|;cccqn zgsc2Ofql}$(%;}yB}l1E5kAR(+Uv-0r{KyWYni&-(rMKx{4gI%BL|)<+HmmlKKyjK zulCY|tF#MAe&~-4l-KGul<~4xKx-wVVe`?f%6^{)0tSX25-s;W^16PFJmD^X*6M97i~-T&db2{}{T0Gbc&m*6lkqiJOT000311z0XM zFgXAK1C=m>1CcO-0(qbV0s#U71UzrnY?Dg`eHk?}H!(IfHZw6=7!NWsIW#acF)=YV zH8wMo;RT9+h^!io0<%6AkvtuFg!?}nVYmAM(%hT0Fi~1ZK-VoiqLzkkc#1f}Z5B>U=aMsgT%(;5*#mdr(@E;=*r^=qgPe1q%NmsZshvymSQ4?@DF`zfI(?n?Rsy# z)E2eXvF4HGs|81i+2?%F^OdD49u$Eub~_CwLH5Xk&mzX?lvk*c)voXvjU#h-aa)#1fpAwp z#cGxoaE$^30RRD`M=(V&BnAUj9T5Z_FdLJ92OEDd9R>qc9S#H*1QZTDGP76ynX6|J z5yp;GpISooke4tG1_>&LNQUGyN9 zj;oe_Bls+-YTH1n2QG>|gKQRf$tHvYXfi3w+pHn1zQCHuaC#DPH0xTKRGoh{1LjJI zLJ3TRyj%$a@XjH<%7s+*Upin^+*FmOl?zG2-l$+gs&o_4a885S4^Xw7Fi4UJ5I50IbFfleVH8n9>kx^)q`2-+;oGu3`;8|S)gpcY4(Al4S8@8dx^n{7bkq68#QVWe zN^s|PO=1eM8^mFMe~K~yRIbYDM-Gjal$R~c>GgKg4$|M6m!1p!C1*NQ)a3QC949QI zNf3XY7*|>vL^hki38SBr1eq}$)r~;NP>_2dn#JU_X}AI`zudPSc@*(2Q^?OIn{o=Y z_NGcxSZ-NPIZ)0I>Xm4|LhXj8B00A%^ z1_M zbPc#z?Kab}i}-o$-K;RDQ0HeZ**V8|lG+V}g>fHRo#X}x0-U%jd@?5`8FHkQYNupu&2mhofZOI*4{~2pZC~!=e zH(48n4vDc8XB;~}ZRetx^&wwccq{qI9D1Ok83K5#v%~|D0~F1CcO-0(qbV0s#U71Uzrn zY>`5J8#OXFF*Y?eGcj5i4>B@2G%zzUF)=nZHZw6=kx^)q3I!m4h^!io0<%6AkvtuF zg!?}nVYmAM(%hT0Fi~1ZK-VoiqLzkkc#1f}Z5B>U=aMsgT%(;5*#mdr(@E; z=*r^=qgPe1q%NmsZshvymSQ4?@DF`zfI(?n?Rsy#)E2eXvF4H zGs|81i+2?%F^OdD49u$Eub~_CwLH5Xk&mzX?lvk*c)voXvjU#h-aa)#1fpAwp#cGyNaE$^30RRD`M=(V&BnAUj z9T5Z_FdKpyVQ_FQb75_4Eip1TEif%GEio=`X>cxSZ!jGO163Uk1QrAo4m>imSN@r+ zXAu#`j#QsoLiLcBlfeQMe-PFH@kxRK{);^Bi}4wp?-X31ad;m^7$((~iJA5r^&-iI zKV!cuoIVy2j(|y-uDpTDAjFKVnJCR1Lol@(AvEzf1+ZMAqS)OEbLu_WY~64M{918s z80Espyqoqsh0=1Pb{2~2~$TnPg3&LO?Z zg;e!lI$%`XRF$Tc3&P&0U_z>N6VY%^gV_&IwVW_WpkxOl2+c<04t~dXgOiQ4w@3!N s%kKPew$de^ + keystoreFile="lib/adapter.jks" keystorePass="secret" + truststoreFile="lib/keycloak.truststore" truststorePass="secret"/> diff --git a/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml b/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml index 3a91985f33a..1f8f6bd5815 100644 --- a/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml @@ -363,7 +363,7 @@ copy-resources - ${app.server.tomcat.home}/conf + ${app.server.tomcat.home}/lib ${common.resources}/keystore diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/keystore/keycloak.truststore b/testsuite/integration-arquillian/servers/auth-server/jboss/common/keystore/keycloak.truststore index d0177a3ccc742240522f696c35557fd52bbc292f..dc1610b14e50a59fe5b58fddb6debb4a892d1c72 100644 GIT binary patch delta 715 zcmV;+0yO=yl?}s{4S<9JgaWh!(<%hw1_4f&uY>{_1q2BvI6{|B4gw#So&f_0mmDht zRvk7nGch(YH8n9>7!NczH8?OeGB7bVGBq_ZS}B7Ol5=M)(^(%+hwo(udXXF5~V zI5atgHerd9Gh&fOxfpM@76nLNvZ6$2PbBrF-?!t3wHH{@c)b8i-%~z^X3EK%JG*te^0VVv=PsEo~I_fgg*uo2` zizxK3+pF|Fi|zC1iGQK4>UdcEM)E5J=BAfz$sJn%8EZ)>a7>stSsR58iLn%C96LX4 x=c1VPAzxZ}EBVPBdZ3{h0(h&pcP;}b926t?{4jBbVAmpzjV&BO8bkRjTgT>QM0NlG delta 708 zcmV;#0z3V~l?}3$4S<9JgaWh!(<&l*kyo<-1z0XMFgXAK1C=m>1CcO-0(qbV0s#U7 z1UzrnY?r<+19u}J7Y#BnFf}qaF*Y?eGcj5i4>B@2G%zzUF)=nZHZw6=FlCpJ0RtA7 zY%c?Fe~7FajRLbi7Lhz1d4&5v9AUTn0n*%?v@lUxM?lvtJffC{Zg`3~!fhQL{<>^x zxnL0d$b-bj;}RS%bf;s|zv#;22%}e3u%s@hW^UyA?UrI9hVT!4YJfp$TkU#pywo0v z@Kvm&rOmLjKEysHB^9={nQm}9$&hC%dQi{Xe@>!`Y(%_^(-h}gnasf@y2XB`o47&3 z5h2CeLrTX5HE{Jaj%dW@QZvh4`HOcIDKUv;?F`JS->;z?^tC*@9+8q|(4N@uHH~8G z-?|l~TOy#{I*)JpYsPwI3*0&RHi^K`>+2(NA(U6Bk=3s78I2=zcyU{nNP%!yKgDX6 z7I2LM0|5X5qen1BFeC;8RUHuo9WWc0DJ=sVA21yT163Uk1QrAo4m>imSN@r+XAu#` zj#QsoLiLcBmr| zgKQRf$tHvYXfi3w+pHn1zQCHuaC#DPH0xTKRGoh{1LjJILJ3TRyj%$a@XjH<%7s+* zUpin^+*FmOl?%e&s9-{>bQ95VPJ`JGP_>*eNT6f~BM8k#;|_kucY~9Sw6{nGyUXtU qaJJGVpW~nLt^)Y2w}>tSCma;MzUDO}NbjB{YHTlWeef|RIpCRtGdMZ` diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/util/ServerURLs.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/util/ServerURLs.java index bf4e7059769..10a9ff5f9d4 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/util/ServerURLs.java +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/util/ServerURLs.java @@ -26,6 +26,11 @@ public class ServerURLs { public static final String AUTH_SERVER_HOST = System.getProperty("auth.server.host", "localhost"); public static final String AUTH_SERVER_HOST2 = System.getProperty("auth.server.host2", AUTH_SERVER_HOST); + public static final boolean APP_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("app.server.ssl.required", "false")); + public static final String APP_SERVER_PORT = APP_SERVER_SSL_REQUIRED ? System.getProperty("app.server.https.port", "8643") : System.getProperty("app.server.http.port", "8280"); + public static final String APP_SERVER_SCHEME = APP_SERVER_SSL_REQUIRED ? "https" : "http"; + public static final String APP_SERVER_HOST = System.getProperty("app.server.host", "localhost"); + public static String getAuthServerContextRoot() { return getAuthServerContextRoot(0); } @@ -39,14 +44,7 @@ public class ServerURLs { } public static String getAppServerContextRoot(int clusterPortOffset) { - String host = System.getProperty("app.server.host", "localhost"); - - boolean sslRequired = Boolean.parseBoolean(System.getProperty("app.server.ssl.required")); - - int port = sslRequired ? parsePort("app.server.https.port") : parsePort("app.server.http.port"); - String scheme = sslRequired ? "https" : "http"; - - return String.format("%s://%s:%s", scheme, host, port + clusterPortOffset); + return removeDefaultPorts(String.format("%s://%s:%s", APP_SERVER_SCHEME, APP_SERVER_HOST, parseInt(APP_SERVER_PORT) + clusterPortOffset)); } /** diff --git a/testsuite/integration-arquillian/test-apps/cors/angular-product/src/main/webapp/js/app.js b/testsuite/integration-arquillian/test-apps/cors/angular-product/src/main/webapp/js/app.js index e704283e6cf..f42022f109e 100755 --- a/testsuite/integration-arquillian/test-apps/cors/angular-product/src/main/webapp/js/app.js +++ b/testsuite/integration-arquillian/test-apps/cors/angular-product/src/main/webapp/js/app.js @@ -18,7 +18,8 @@ var module = angular.module('product', []); function getAuthServerUrl() { - var url = 'https://localhost-auth-127.0.0.1.nip.io:8543'; + let authUrl = auth.authz.authServerUrl + var url = authUrl.substring(0, authUrl.length - 5); return url; } diff --git a/testsuite/integration-arquillian/test-apps/servlet-authz/src/main/webapp/logout-include.jsp b/testsuite/integration-arquillian/test-apps/servlet-authz/src/main/webapp/logout-include.jsp index 25a08817978..eedc4e9731c 100644 --- a/testsuite/integration-arquillian/test-apps/servlet-authz/src/main/webapp/logout-include.jsp +++ b/testsuite/integration-arquillian/test-apps/servlet-authz/src/main/webapp/logout-include.jsp @@ -11,7 +11,8 @@ boolean isTLSEnabled = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required", "true")); String authPort = isTLSEnabled ? System.getProperty("auth.server.https.port", "8543") : System.getProperty("auth.server.http.port", "8180"); String authScheme = isTLSEnabled ? "https" : "http"; - String authUri = authScheme + "://localhost:" + authPort + "/auth"; + String authHost = System.getProperty("auth.server.host", "localhost"); + String authUri = authScheme + "://" + authHost + ":" + authPort + "/auth"; %>

Click here ">Sign Out

\ No newline at end of file diff --git a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/logout-include.jsp b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/logout-include.jsp index 54b851fc88b..006e0bf1c7a 100644 --- a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/logout-include.jsp +++ b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/logout-include.jsp @@ -11,7 +11,8 @@ boolean isTLSEnabled = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required", "true")); String authPort = isTLSEnabled ? System.getProperty("auth.server.https.port", "8543") : System.getProperty("auth.server.http.port", "8180"); String authScheme = isTLSEnabled ? "https" : "http"; - String authUri = authScheme + "://localhost:" + authPort + "/auth"; + String authHost = System.getProperty("auth.server.host", "localhost"); + String authUri = authScheme + "://" + authHost + ":" + authPort + "/auth"; %>

Click here ">Sign Out

\ No newline at end of file diff --git a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServlet.java b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServlet.java index e58a905709b..35ecd0fb928 100644 --- a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServlet.java +++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServlet.java @@ -18,7 +18,6 @@ package org.keycloak.testsuite.adapter.servlet; import org.keycloak.KeycloakSecurityContext; -import org.keycloak.common.util.UriUtils; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; @@ -53,7 +52,7 @@ public class CustomerServlet extends HttpServlet { //Clear principal form database-service by calling logout StringBuilder result = new StringBuilder(); - String urlBase = ServletTestUtils.getUrlBase(req); + String urlBase = ServletTestUtils.getUrlBase(); URL url = new URL(urlBase + "/customer-db/"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); @@ -74,7 +73,7 @@ public class CustomerServlet extends HttpServlet { //try { - String urlBase = ServletTestUtils.getUrlBase(req); + String urlBase = ServletTestUtils.getUrlBase(); // Decide what to call based on the URL suffix String serviceUrl; @@ -105,7 +104,6 @@ public class CustomerServlet extends HttpServlet { // } } - private String invokeService(String serviceUrl, KeycloakSecurityContext context) throws IOException { StringBuilder result = new StringBuilder(); diff --git a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServletNoConf.java b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServletNoConf.java index c353532dc55..0710814d01c 100644 --- a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServletNoConf.java +++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServletNoConf.java @@ -56,13 +56,7 @@ public class CustomerServletNoConf extends HttpServlet { //try { StringBuilder result = new StringBuilder(); - String urlBase; - - if (System.getProperty("app.server.ssl.required", "false").equals("true")) { - urlBase = System.getProperty("app.server.ssl.base.url", "https://localhost:8643"); - } else { - urlBase = System.getProperty("app.server.base.url", "http://localhost:8280"); - } + String urlBase = ServletTestUtils.getUrlBase(); URL url = new URL(urlBase + "/customer-db/"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); diff --git a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/InputServlet.java b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/InputServlet.java index 8152e57c51e..f945729bcc4 100644 --- a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/InputServlet.java +++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/InputServlet.java @@ -37,7 +37,7 @@ public class InputServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - String appBase = ServletTestUtils.getUrlBase(req); + String appBase = ServletTestUtils.getUrlBase(); String actionUrl = appBase + "/input-portal/secured/post"; if (req.getRequestURI().endsWith("insecure")) { diff --git a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/OfflineTokenServlet.java b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/OfflineTokenServlet.java index f1a0a2b638a..24254304456 100644 --- a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/OfflineTokenServlet.java +++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/OfflineTokenServlet.java @@ -13,22 +13,18 @@ import java.io.IOException; */ public class OfflineTokenServlet extends AbstractShowTokensServlet { - private static final String ADAPTER_ROOT_URL = (System.getProperty("auth.server.ssl.required", "false").equals("true")) ? - System.getProperty("auth.server.ssl.base.url", "https://localhost:8543") : - System.getProperty("auth.server.base.url", "http://localhost:8180"); - @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { if (req.getRequestURI().endsWith("logout")) { - UriBuilder redirectUriBuilder = UriBuilder.fromUri(ServletTestUtils.getUrlBase(req) + "/offline-client"); + UriBuilder redirectUriBuilder = UriBuilder.fromUri(ServletTestUtils.getUrlBase() + "/offline-client"); if (req.getParameter(OAuth2Constants.SCOPE) != null) { redirectUriBuilder.queryParam(OAuth2Constants.SCOPE, req.getParameter(OAuth2Constants.SCOPE)); } String redirectUri = redirectUriBuilder.build().toString(); - String serverLogoutRedirect = UriBuilder.fromUri(ADAPTER_ROOT_URL + "/auth/realms/test/protocol/openid-connect/logout") + String serverLogoutRedirect = UriBuilder.fromUri(ServletTestUtils.getAuthServerUrlBase() + "/auth/realms/test/protocol/openid-connect/logout") .queryParam("redirect_uri", redirectUri) .build().toString(); diff --git a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/SamlSPFacade.java b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/SamlSPFacade.java index ec2e307a3be..c2ae10e6e97 100755 --- a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/SamlSPFacade.java +++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/SamlSPFacade.java @@ -99,7 +99,7 @@ public class SamlSPFacade extends HttpServlet { try { BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder(); SAML2Request samlReq = new SAML2Request(); - String appServerUrl = ServletTestUtils.getUrlBase(req) + "/employee/"; + String appServerUrl = ServletTestUtils.getUrlBase() + "/employee/"; String authServerUrl = ServletTestUtils.getAuthServerUrlBase() + "/auth/realms/demo/protocol/saml"; AuthnRequestType loginReq; loginReq = samlReq.createAuthnRequestType(UUID.randomUUID().toString(), appServerUrl, authServerUrl, "http://localhost:8280/employee/"); diff --git a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/ServletTestUtils.java b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/ServletTestUtils.java index 8a064a66eec..7dd226b0ace 100644 --- a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/ServletTestUtils.java +++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/ServletTestUtils.java @@ -17,40 +17,32 @@ package org.keycloak.testsuite.adapter.servlet; -import javax.servlet.http.HttpServletRequest; - -import org.keycloak.common.util.UriUtils; +import static java.lang.Integer.parseInt; /** * @author Marek Posolda */ public class ServletTestUtils { - // TODO: Couldn't just always read urlBase from req.getRequestURI() ? - public static String getUrlBase(HttpServletRequest req) { - if (System.getProperty("app.server.ssl.required", "false").equals("true")) { - return System.getProperty("app.server.ssl.base.url", "https://localhost:8643"); - } + public static final boolean AUTH_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required", "true")); + public static final String AUTH_SERVER_PORT = AUTH_SERVER_SSL_REQUIRED ? System.getProperty("auth.server.https.port", "8543") : System.getProperty("auth.server.http.port", "8180"); + public static final String AUTH_SERVER_SCHEME = AUTH_SERVER_SSL_REQUIRED ? "https" : "http"; + public static final String AUTH_SERVER_HOST = System.getProperty("auth.server.host", "localhost"); - String urlBase = System.getProperty("app.server.base.url"); + public static final boolean APP_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("app.server.ssl.required", "false")); + public static final String APP_SERVER_PORT = APP_SERVER_SSL_REQUIRED ? System.getProperty("app.server.https.port", "8643") : System.getProperty("app.server.http.port", "8280"); + public static final String APP_SERVER_SCHEME = APP_SERVER_SSL_REQUIRED ? "https" : "http"; + public static final String APP_SERVER_HOST = System.getProperty("app.server.host", "localhost"); - if (urlBase == null) { - String authServer = System.getProperty("auth.server.container", "auth-server-undertow"); - if (authServer.contains("undertow")) { - urlBase = UriUtils.getOrigin(req.getRequestURL().toString()); - } else { - urlBase = "http://localhost:8280"; - } - } - - return urlBase; + public static String getUrlBase() { + return removeDefaultPorts(String.format("%s://%s:%s", APP_SERVER_SCHEME, APP_SERVER_HOST, parseInt(APP_SERVER_PORT))); } public static String getAuthServerUrlBase() { - if (System.getProperty("auth.server.ssl.required", "false").equals("true")) { - return System.getProperty("auth.server.ssl.base.url", "https://localhost:8543"); - } + return removeDefaultPorts(String.format("%s://%s:%s", AUTH_SERVER_SCHEME, AUTH_SERVER_HOST, parseInt(AUTH_SERVER_PORT))); + } - return System.getProperty("auth.server.base.url", "http://localhost:8180"); + public static String removeDefaultPorts(String url) { + return url != null ? url.replaceFirst("(.*)(:80)(\\/.*)?$", "$1$3").replaceFirst("(.*)(:443)(\\/.*)?$", "$1$3") : null; } } diff --git a/testsuite/integration-arquillian/tests/base/pom.xml b/testsuite/integration-arquillian/tests/base/pom.xml index caaa0681c5b..4a59ab321a6 100644 --- a/testsuite/integration-arquillian/tests/base/pom.xml +++ b/testsuite/integration-arquillian/tests/base/pom.xml @@ -854,7 +854,7 @@ 0 8080 9990 - ${app.server.home}/conf + ${app.server.home}/lib @@ -888,7 +888,7 @@ 0 8080 9990 - ${app.server.home}/conf + ${app.server.home}/lib @@ -922,7 +922,7 @@ 0 8080 9990 - ${app.server.home}/conf + ${app.server.home}/lib @@ -982,7 +982,7 @@ ${app.server.keystore} ${app.server.keystore.password} - localhost + localhost3 ${app.server.skip.unpack} @@ -1042,7 +1042,7 @@ copy-resources - ${app.server.home} + ${app.server.keystore.dir} ${dependency.keystore.root} @@ -1052,6 +1052,43 @@ ${app.server.skip.unpack} + + copy-processed-truststore-to-secured-deployment-app-server-config + process-test-resources + + copy-resources + + + ${app.server.home}/standalone-secured-deployments/configuration + + + ${dependency.keystore.root} + + + true + ${app.server.skip.unpack} + + + + copy-processed-keystore-to-secured-deployment-app-server-config + process-test-resources + + copy-resources + + + ${app.server.home}/standalone-secured-deployments/configuration + + + ${app.server.keystore.dir} + + adapter.jks + + + + true + ${app.server.skip.unpack} + + diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AppServerTestEnricher.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AppServerTestEnricher.java index 7eb7f66a6ec..74abf1f55ff 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AppServerTestEnricher.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AppServerTestEnricher.java @@ -27,15 +27,27 @@ import org.jboss.arquillian.core.api.annotation.Observes; import org.jboss.arquillian.test.spi.event.suite.AfterClass; import org.jboss.arquillian.test.spi.event.suite.BeforeClass; import org.jboss.logging.Logger; +import org.junit.Assume; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; import org.keycloak.testsuite.arquillian.annotation.AppServerContainers; import org.keycloak.testsuite.arquillian.containers.SelfManagedAppContainerLifecycle; import org.keycloak.testsuite.utils.arquillian.ContainerConstants; import org.keycloak.testsuite.utils.fuse.FuseUtils; +import org.wildfly.extras.creaper.commands.undertow.AddUndertowListener; +import org.wildfly.extras.creaper.commands.undertow.RemoveUndertowListener; +import org.wildfly.extras.creaper.commands.undertow.UndertowListenerType; +import org.wildfly.extras.creaper.commands.web.AddConnector; +import org.wildfly.extras.creaper.commands.web.AddConnectorSslConfig; +import org.wildfly.extras.creaper.core.CommandFailedException; import org.wildfly.extras.creaper.core.ManagementClient; +import org.wildfly.extras.creaper.core.online.CliException; import org.wildfly.extras.creaper.core.online.ManagementProtocol; import org.wildfly.extras.creaper.core.online.OnlineManagementClient; import org.wildfly.extras.creaper.core.online.OnlineOptions; +import org.wildfly.extras.creaper.core.online.operations.Address; +import org.wildfly.extras.creaper.core.online.operations.OperationException; +import org.wildfly.extras.creaper.core.online.operations.Operations; +import org.wildfly.extras.creaper.core.online.operations.admin.Administration; import java.io.IOException; import java.lang.reflect.Method; @@ -47,6 +59,7 @@ import java.util.Arrays; import java.util.HashSet; import java.util.List; import java.util.Set; +import java.util.concurrent.TimeoutException; import java.util.stream.Collectors; import static org.keycloak.testsuite.util.ServerURLs.getAppServerContextRoot; @@ -165,10 +178,14 @@ public class AppServerTestEnricher { } public static OnlineManagementClient getManagementClient() { + return getManagementClient(200); + } + + public static OnlineManagementClient getManagementClient(int portOffset) { try { return ManagementClient.online(OnlineOptions .standalone() - .hostAndPort(System.getProperty("app.server.host", "localhost"), System.getProperty("app.server","").startsWith("eap6") ? 10199 : 10190) + .hostAndPort(System.getProperty("app.server.host", "localhost"), System.getProperty("app.server","").startsWith("eap6") ? 9999 + portOffset : 9990 + portOffset) .protocol(System.getProperty("app.server","").startsWith("eap6") ? ManagementProtocol.REMOTE : ManagementProtocol.HTTP_REMOTING) .build() ); @@ -198,6 +215,66 @@ public class AppServerTestEnricher { } } + public static void enableHTTPSForManagementClient(OnlineManagementClient client) throws CommandFailedException, InterruptedException, TimeoutException, IOException, CliException, OperationException { + Administration administration = new Administration(client); + Operations operations = new Operations(client); + + if(!operations.exists(Address.coreService("management").and("security-realm", "UndertowRealm"))) { + client.execute("/core-service=management/security-realm=UndertowRealm:add()"); + client.execute("/core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-relative-to=jboss.server.config.dir,keystore-password=secret,keystore-path=adapter.jks"); + } + + client.execute("/system-property=javax.net.ssl.trustStore:add(value=${jboss.server.config.dir}/keycloak.truststore)"); + client.execute("/system-property=javax.net.ssl.trustStorePassword:add(value=secret)"); + + if (AppServerTestEnricher.isEAP6AppServer()) { + if(!operations.exists(Address.subsystem("web").and("connector", "https"))) { + client.apply(new AddConnector.Builder("https") + .protocol("HTTP/1.1") + .scheme("https") + .socketBinding("https") + .secure(true) + .build()); + + client.apply(new AddConnectorSslConfig.Builder("https") + .password("secret") + .certificateKeyFile("${jboss.server.config.dir}/adapter.jks") + .build()); + + + String appServerJavaHome = System.getProperty("app.server.java.home", ""); + if (appServerJavaHome.contains("ibm")) { + // Workaround for bug in IBM JDK: https://bugzilla.redhat.com/show_bug.cgi?id=1430730 + // Source: https://access.redhat.com/solutions/4133531 + client.execute("/subsystem=web/connector=https/configuration=ssl:write-attribute(name=cipher-suite, value=\"SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_AES_128_CBC_SHA\")"); + } + } + } else { + client.apply(new RemoveUndertowListener.Builder(UndertowListenerType.HTTPS_LISTENER, "https") + .forDefaultServer()); + + administration.reloadIfRequired(); + + client.apply(new AddUndertowListener.HttpsBuilder("https", "default-server", "https") + .securityRealm("UndertowRealm") + .build()); + } + + administration.reloadIfRequired(); + } + + public static void enableHTTPSForAppServer() throws CommandFailedException, InterruptedException, TimeoutException, IOException, CliException, OperationException { + try (OnlineManagementClient client = getManagementClient()) { + enableHTTPSForManagementClient(client); + } + } + + public static void enableHTTPSForAppServer(int portOffset) throws CommandFailedException, InterruptedException, TimeoutException, IOException, CliException, OperationException { + try (OnlineManagementClient client = AppServerTestEnricher.getManagementClient(portOffset)) { + enableHTTPSForManagementClient(client); + } + } + /* * For Fuse: precedence = 2 - app server has to be stopped * before AuthServerTestEnricher.afterClass is executed diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/SelfManagedAppContainerLifecycle.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/SelfManagedAppContainerLifecycle.java index 66c7c1bd789..465f1132c30 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/SelfManagedAppContainerLifecycle.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/SelfManagedAppContainerLifecycle.java @@ -16,6 +16,13 @@ */ package org.keycloak.testsuite.arquillian.containers; +import org.wildfly.extras.creaper.core.CommandFailedException; +import org.wildfly.extras.creaper.core.online.CliException; +import org.wildfly.extras.creaper.core.online.operations.OperationException; + +import java.io.IOException; +import java.util.concurrent.TimeoutException; + /** * The test implementing the interface is expected to maintain container lifecycle * itself. No app server container will be started. @@ -27,7 +34,7 @@ public interface SelfManagedAppContainerLifecycle { /** * Should be called @Before */ - void startServer(); + void startServer() throws InterruptedException, IOException, OperationException, TimeoutException, CommandFailedException, CliException; /** * Should be called @After diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/provider/URLProvider.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/provider/URLProvider.java index dabaf2c7c5a..9d754d61428 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/provider/URLProvider.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/provider/URLProvider.java @@ -17,6 +17,7 @@ package org.keycloak.testsuite.arquillian.provider; +import org.apache.http.client.utils.URIBuilder; import org.jboss.arquillian.container.test.api.OperateOnDeployment; import org.jboss.arquillian.container.test.impl.enricher.resource.URLResourceProvider; import org.jboss.arquillian.core.api.Instance; @@ -33,68 +34,44 @@ import org.keycloak.testsuite.arquillian.annotation.AuthServerContext; import java.lang.annotation.Annotation; import java.net.MalformedURLException; +import java.net.URISyntaxException; import java.net.URL; import java.util.HashSet; import java.util.List; import java.util.Set; import org.keycloak.testsuite.arquillian.ContainerInfo; +import org.keycloak.testsuite.util.ServerURLs; import org.keycloak.testsuite.util.URLUtils; +import static org.keycloak.testsuite.util.ServerURLs.APP_SERVER_HOST; +import static org.keycloak.testsuite.util.ServerURLs.APP_SERVER_PORT; +import static org.keycloak.testsuite.util.ServerURLs.APP_SERVER_SCHEME; + public class URLProvider extends URLResourceProvider { protected final Logger log = Logger.getLogger(this.getClass()); - public static final String BOUND_TO_ALL = "0.0.0.0"; - public static final String LOCALHOST_ADDRESS = "127.0.0.1"; - public static final String LOCALHOST_HOSTNAME = "localhost"; - - private final boolean appServerSslRequired = Boolean.parseBoolean(System.getProperty("app.server.ssl.required")); - @Inject Instance suiteContext; @Inject Instance testContext; - private static final Set fixedUrls = new HashSet<>(); - @Override public Object doLookup(ArquillianResource resource, Annotation... qualifiers) { URL url = (URL) super.doLookup(resource, qualifiers); if (url == null) { - String port = appServerSslRequired ? - System.getProperty("app.server.https.port", "8643") : - System.getProperty("app.server.http.port", "8280"); - String protocol = appServerSslRequired ? "https" : "http"; - + String appServerContextRoot = ServerURLs.getAppServerContextRoot(); try { for (Annotation a : qualifiers) { if (OperateOnDeployment.class.isAssignableFrom(a.annotationType())) { - return new URL(protocol + "://localhost:" + port + "/" + ((OperateOnDeployment) a).value() + "/"); + return new URL(appServerContextRoot + "/" + ((OperateOnDeployment) a).value() + "/"); } } } catch (MalformedURLException ex) { throw new RuntimeException(ex); } } - - // fix injected URL - if (url != null) { - try { - url = fixLocalhost(url); - url = fixBoundToAll(url); - if (appServerSslRequired) { - url = fixSsl(url); - } - } catch (MalformedURLException ex) { - log.log(Level.FATAL, null, ex); - } - - if (!fixedUrls.contains(url.toString())) { - fixedUrls.add(url.toString()); - log.debug("Fixed injected @ArquillianResource URL to: " + url); - } - } // inject context roots if annotation present for (Annotation a : qualifiers) { @@ -128,29 +105,19 @@ public class URLProvider extends URLResourceProvider { } } + // fix injected URL + if (url != null) { + try { + url = new URIBuilder(url.toURI()) + .setScheme(APP_SERVER_SCHEME) + .setHost(APP_SERVER_HOST) + .setPort(Integer.parseInt(APP_SERVER_PORT)) + .build().toURL(); + } catch (URISyntaxException | MalformedURLException ex) { + throw new RuntimeException(ex); + } + } + return url; } - - public URL fixBoundToAll(URL url) throws MalformedURLException { - URL fixedUrl = url; - if (url.getHost().contains(BOUND_TO_ALL)) { - fixedUrl = new URL(fixedUrl.toExternalForm().replace(BOUND_TO_ALL, LOCALHOST_HOSTNAME)); - } - return fixedUrl; - } - - public URL fixLocalhost(URL url) throws MalformedURLException { - URL fixedUrl = url; - if (url.getHost().contains(LOCALHOST_ADDRESS)) { - fixedUrl = new URL(fixedUrl.toExternalForm().replace(LOCALHOST_ADDRESS, LOCALHOST_HOSTNAME)); - } - return fixedUrl; - } - - public URL fixSsl(URL url) throws MalformedURLException { - URL fixedUrl = url; - String urlString = fixedUrl.toExternalForm().replace("http", "https").replace(System.getProperty("app.server.http.port", "8280"), System.getProperty("app.server.https.port", "8643")); - return new URL(urlString); - } - } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/AbstractPageWithInjectedUrl.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/AbstractPageWithInjectedUrl.java index d4f27f0c816..0007c072c3f 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/AbstractPageWithInjectedUrl.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/AbstractPageWithInjectedUrl.java @@ -17,6 +17,8 @@ package org.keycloak.testsuite.page; +import org.keycloak.testsuite.util.ServerURLs; + import javax.ws.rs.core.UriBuilder; import java.net.MalformedURLException; import java.net.URISyntaxException; @@ -36,10 +38,7 @@ public abstract class AbstractPageWithInjectedUrl extends AbstractPage { return null; } try { - if(Boolean.parseBoolean(System.getProperty("app.server.ssl.required"))) { - return new URL("https://localhost:" + System.getProperty("app.server.https.port", "8643") + "/" + url); - }; - return new URL("http://localhost:" + System.getProperty("app.server.http.port", "8280") + "/" + url); + return new URL(ServerURLs.getAppServerContextRoot() + "/" + url); } catch (MalformedURLException e) { e.printStackTrace(); } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/ContainerAssume.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/ContainerAssume.java index e7c31094fd5..566c6fc4cde 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/ContainerAssume.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/ContainerAssume.java @@ -54,7 +54,11 @@ public class ContainerAssume { } public static void assumeAppServerSSL() { - Assume.assumeTrue("Only works with the SSL configured", APP_SERVER_SSL_REQUIRED); + Assume.assumeTrue("Only works with the SSL configured for app server", APP_SERVER_SSL_REQUIRED); + } + + public static void assumeNotAppServerSSL() { + Assume.assumeFalse("Only works with the SSL disabled for app server", APP_SERVER_SSL_REQUIRED); } public static void assumeNotAuthServerQuarkus() { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterClusteredTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterClusteredTest.java index 61827f46a8d..2d5578a4325 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterClusteredTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterClusteredTest.java @@ -44,6 +44,8 @@ import org.junit.Before; import org.junit.BeforeClass; import org.keycloak.testsuite.arquillian.ContainerInfo; import org.keycloak.testsuite.auth.page.login.LoginActions; +import org.keycloak.testsuite.util.ContainerAssume; +import org.keycloak.testsuite.util.ServerURLs; /** * @@ -64,8 +66,8 @@ public abstract class AbstractAdapterClusteredTest extends AbstractServletsAdapt protected static final int HTTP_PORT_NODE_1 = 8080 + PORT_OFFSET_NODE_1; protected static final int PORT_OFFSET_NODE_2 = NumberUtils.toInt(System.getProperty("app.server.2.port.offset"), -1); protected static final int HTTP_PORT_NODE_2 = 8080 + PORT_OFFSET_NODE_2; - protected static final URI NODE_1_URI = URI.create("http://localhost:" + HTTP_PORT_NODE_1); - protected static final URI NODE_2_URI = URI.create("http://localhost:" + HTTP_PORT_NODE_2); + protected static final URI NODE_1_URI = URI.create("http://" + ServerURLs.APP_SERVER_HOST + ":" + HTTP_PORT_NODE_1); + protected static final URI NODE_2_URI = URI.create("http://" + ServerURLs.APP_SERVER_HOST + ":" + HTTP_PORT_NODE_2); protected LoadBalancingProxyClient loadBalancerToNodes; protected Undertow reverseProxyToNodes; @@ -84,6 +86,7 @@ public abstract class AbstractAdapterClusteredTest extends AbstractServletsAdapt Assume.assumeThat(PORT_OFFSET_NODE_1, not(is(-1))); Assume.assumeThat(PORT_OFFSET_NODE_2, not(is(-1))); Assume.assumeThat(PORT_OFFSET_NODE_REVPROXY, not(is(-1))); + ContainerAssume.assumeNotAppServerSSL(); } @Before @@ -91,7 +94,7 @@ public abstract class AbstractAdapterClusteredTest extends AbstractServletsAdapt loadBalancerToNodes = new LoadBalancingProxyClient().addHost(NODE_1_URI, NODE_1_NAME).setConnectionsPerThread(10); int maxTime = 3600000; // 1 hour for proxy request timeout, so we can debug the backend keycloak servers reverseProxyToNodes = Undertow.builder() - .addHttpListener(HTTP_PORT_NODE_REVPROXY, "localhost") + .addHttpListener(HTTP_PORT_NODE_REVPROXY, ServerURLs.APP_SERVER_HOST) .setIoThreads(2) .setHandler(new ProxyHandler(loadBalancerToNodes, maxTime, ResponseCodeHandler.HANDLE_404)).build(); reverseProxyToNodes.start(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java index 76e782e187d..5bd787d8e79 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java @@ -21,7 +21,12 @@ import org.apache.commons.io.IOUtils; import org.jboss.arquillian.graphene.page.Page; import org.jboss.shrinkwrap.api.Archive; import org.jboss.shrinkwrap.api.asset.StringAsset; +import org.junit.AfterClass; +import org.junit.Before; import org.junit.BeforeClass; +import org.junit.ClassRule; +import org.junit.Rule; +import org.junit.rules.TestName; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.testsuite.AbstractAuthTest; @@ -29,6 +34,7 @@ import org.keycloak.testsuite.adapter.page.AppServerContextRoot; import org.keycloak.testsuite.arquillian.AppServerTestEnricher; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; +import org.keycloak.testsuite.util.ServerURLs; import org.wildfly.extras.creaper.commands.undertow.AddUndertowListener; import org.wildfly.extras.creaper.commands.undertow.RemoveUndertowListener; import org.wildfly.extras.creaper.commands.undertow.UndertowListenerType; @@ -50,6 +56,9 @@ import java.util.Map; import java.util.concurrent.TimeoutException; import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.APP_SERVER_SSL_REQUIRED; +import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.CURRENT_APP_SERVER; +import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.enableHTTPSForAppServer; +import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_PORT; import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; @@ -66,8 +75,6 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest { @Page protected AppServerContextRoot appServerContextRootPage; - protected static final String APP_SERVER_CONTAINER = System.getProperty("app.server", ""); - public static final String JBOSS_DEPLOYMENT_STRUCTURE_XML = "jboss-deployment-structure.xml"; public static final URL jbossDeploymentStructure = AbstractServletsAdapterTest.class .getResource("/adapter-test/" + JBOSS_DEPLOYMENT_STRUCTURE_XML); @@ -78,13 +85,26 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest { public static final URL tomcatContext = AbstractServletsAdapterTest.class .getResource("/adapter-test/" + TOMCAT_CONTEXT_XML); - @BeforeClass - public static void setUpAppServer() throws Exception { - if (APP_SERVER_SSL_REQUIRED && (APP_SERVER_CONTAINER.contains("eap") || APP_SERVER_CONTAINER.contains("wildfly"))) { // Other containers need some external configuraiton to run SSL tests + protected static boolean sslConfigured = false; + + @Before + public void setUpAppServer() throws Exception { + if (!sslConfigured && shouldConfigureSSL()) { // Other containers need some external configuraiton to run SSL tests enableHTTPSForAppServer(); + + sslConfigured = true; } } + @AfterClass + public static void resetSSLConfig() { + sslConfigured = false; + } + + protected boolean shouldConfigureSSL() { + return APP_SERVER_SSL_REQUIRED && (CURRENT_APP_SERVER.contains("eap") || CURRENT_APP_SERVER.contains("wildfly")); + } + @Override public void addTestRealms(List testRealms) { addAdapterTestRealms(testRealms); @@ -93,30 +113,25 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest { modifyClientRedirectUris(tr, "http://localhost:8080", ""); modifyClientRedirectUris(tr, "^((?:/.*|)/\\*)", - "http://localhost:" + System.getProperty("app.server.http.port", "8280") + "$1", - "http://localhost:" + System.getProperty("auth.server.http.port", "8180") + "$1", - "https://localhost:" + System.getProperty("app.server.https.port", "8643") + "$1", - "https://localhost:" + System.getProperty("auth.server.http.port", "8543") + "$1"); + ServerURLs.getAppServerContextRoot() + "$1", + ServerURLs.getAuthServerContextRoot() + "$1"); - modifyClientWebOrigins(tr, "http://localhost:8080", - "http://localhost:" + System.getProperty("app.server.http.port", "8280"), - "http://localhost:" + System.getProperty("auth.server.http.port", "8180"), - "https://localhost:" + System.getProperty("app.server.https.port", "8643"), - "https://localhost:" + System.getProperty("auth.server.http.port", "8543")); + modifyClientWebOrigins(tr, "http://localhost:8080", ServerURLs.getAppServerContextRoot(), + ServerURLs.getAuthServerContextRoot()); modifyClientUrls(tr, "http://localhost:8080", ""); modifySamlMasterURLs(tr, "http://localhost:8080", ""); modifySAMLClientsAttributes(tr, "http://localhost:8080", ""); if (isRelative()) { - modifyClientUrls(tr, appServerContextRootPage.toString(), ""); - modifySamlMasterURLs(tr, "/", "http://localhost:" + System.getProperty("auth.server.http.port", null) + "/"); - modifySAMLClientsAttributes(tr, "8080", System.getProperty("auth.server.http.port", "8180")); + modifyClientUrls(tr, ServerURLs.getAppServerContextRoot().toString(), ""); + modifySamlMasterURLs(tr, "/", ServerURLs.getAppServerContextRoot() + "/"); + modifySAMLClientsAttributes(tr, "8080", AUTH_SERVER_PORT); } else { - modifyClientUrls(tr, "^(/.*)", appServerContextRootPage.toString() + "$1"); - modifySamlMasterURLs(tr, "^(/.*)", appServerContextRootPage.toString() + "$1"); - modifySAMLClientsAttributes(tr, "^(/.*)", appServerContextRootPage.toString() + "$1"); - modifyClientJWKSUrl(tr, "^(/.*)", appServerContextRootPage.toString() + "$1"); + modifyClientUrls(tr, "^(/.*)", ServerURLs.getAppServerContextRoot() + "$1"); + modifySamlMasterURLs(tr, "^(/.*)", ServerURLs.getAppServerContextRoot() + "$1"); + modifySAMLClientsAttributes(tr, "^(/.*)", ServerURLs.getAppServerContextRoot() + "$1"); + modifyClientJWKSUrl(tr, "^(/.*)", ServerURLs.getAppServerContextRoot() + "$1"); } if (AUTH_SERVER_SSL_REQUIRED) { tr.setSslRequired("all"); @@ -265,47 +280,4 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest { throw new RuntimeException(ex); } } - - private static void enableHTTPSForAppServer() throws CommandFailedException, InterruptedException, TimeoutException, IOException, CliException, OperationException { - try (OnlineManagementClient client = AppServerTestEnricher.getManagementClient()) { - Administration administration = new Administration(client); - Operations operations = new Operations(client); - - if(!operations.exists(Address.coreService("management").and("security-realm", "UndertowRealm"))) { - client.execute("/core-service=management/security-realm=UndertowRealm:add()"); - client.execute("/core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-relative-to=jboss.server.config.dir,keystore-password=secret,keystore-path=adapter.jks"); - } - - client.execute("/system-property=javax.net.ssl.trustStore:add(value=${jboss.server.config.dir}/keycloak.truststore)"); - client.execute("/system-property=javax.net.ssl.trustStorePassword:add(value=secret)"); - - if (APP_SERVER_CONTAINER.contains("eap6")) { - if(!operations.exists(Address.subsystem("web").and("connector", "https"))) { - client.apply(new AddConnector.Builder("https") - .protocol("HTTP/1.1") - .scheme("https") - .socketBinding("https") - .secure(true) - .build()); - - client.apply(new AddConnectorSslConfig.Builder("https") - .password("secret") - .certificateKeyFile("${jboss.server.config.dir}/adapter.jks") - .build()); - } - } else { - client.apply(new RemoveUndertowListener.Builder(UndertowListenerType.HTTPS_LISTENER, "https") - .forDefaultServer()); - - administration.reloadIfRequired(); - - client.apply(new AddUndertowListener.HttpsBuilder("https", "default-server", "https") - .securityRealm("UndertowRealm") - .build()); - } - - administration.reloadIfRequired(); - } - } - } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractSAMLAdapterClusteredTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractSAMLAdapterClusteredTest.java index bde61528d01..2eae5ee5fdc 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractSAMLAdapterClusteredTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractSAMLAdapterClusteredTest.java @@ -25,7 +25,11 @@ import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm; import java.net.URL; import java.util.List; +import java.util.Map; +import java.util.Optional; import java.util.function.BiConsumer; +import java.util.stream.Collectors; + import org.apache.http.client.methods.HttpGet; import org.jboss.arquillian.container.test.api.*; import org.jboss.arquillian.test.api.ArquillianResource; @@ -39,6 +43,7 @@ import org.keycloak.testsuite.util.Matchers; import org.keycloak.testsuite.util.SamlClient; import org.keycloak.testsuite.util.SamlClient.Binding; import org.keycloak.testsuite.util.SamlClientBuilder; +import org.keycloak.testsuite.util.ServerURLs; /** * @@ -49,6 +54,29 @@ public abstract class AbstractSAMLAdapterClusteredTest extends AbstractAdapterCl @Override public void addTestRealms(List testRealms) { testRealms.add(loadRealm("/adapter-test/keycloak-saml/testsaml-behind-lb.json")); + + if (!"localhost".equals(ServerURLs.APP_SERVER_HOST)) { + for (RealmRepresentation realm : testRealms) { + Optional clientRepresentation = realm.getClients().stream() + .filter(c -> c.getClientId().equals("http://localhost:8580/employee-distributable/")) + .findFirst(); + + clientRepresentation.ifPresent(cr -> { + cr.setBaseUrl(cr.getBaseUrl().replace("localhost", ServerURLs.APP_SERVER_HOST)); + cr.setRedirectUris(cr.getRedirectUris() + .stream() + .map(url -> url.replace("localhost", ServerURLs.APP_SERVER_HOST)) + .collect(Collectors.toList()) + ); + cr.setAttributes(cr.getAttributes().entrySet().stream() + .collect(Collectors.toMap(Map.Entry::getKey, + entry -> entry.getValue().replace("localhost", ServerURLs.APP_SERVER_HOST)) + ) + ); + + }); + } + } } @Override diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/DefaultAuthzConfigAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/DefaultAuthzConfigAdapterTest.java index 7002313f4f8..a6d26ee4528 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/DefaultAuthzConfigAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/DefaultAuthzConfigAdapterTest.java @@ -29,6 +29,7 @@ import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.authorization.PolicyRepresentation; import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; +import org.keycloak.testsuite.util.ServerURLs; import org.keycloak.testsuite.utils.arquillian.ContainerConstants; import java.io.File; @@ -108,7 +109,7 @@ public class DefaultAuthzConfigAdapterTest extends AbstractExampleAdapterTest { } private URL getResourceServerUrl() throws MalformedURLException { - return this.appServerContextRootPage.getUriBuilder().path(RESOURCE_SERVER_ID).build().toURL(); + return new URL(ServerURLs.getAppServerContextRoot() + "/" + RESOURCE_SERVER_ID); } private void configureAuthorizationServices() { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletPolicyEnforcerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletPolicyEnforcerTest.java index 80f447f67df..783d4a6f62a 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletPolicyEnforcerTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletPolicyEnforcerTest.java @@ -47,6 +47,7 @@ import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; import org.keycloak.testsuite.arquillian.annotation.EnableFeature; +import org.keycloak.testsuite.util.ServerURLs; import org.keycloak.testsuite.utils.arquillian.ContainerConstants; import org.keycloak.testsuite.util.UIUtils; import org.openqa.selenium.By; @@ -591,7 +592,7 @@ public class ServletPolicyEnforcerTest extends AbstractExampleAdapterTest { private URL getResourceServerUrl() { try { - return new URL(this.appServerContextRootPage + "/" + RESOURCE_SERVER_ID); + return new URL(ServerURLs.getAppServerContextRoot() + "/" + RESOURCE_SERVER_ID); } catch (MalformedURLException e) { throw new RuntimeException("Could not obtain resource server url.", e); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/cors/CorsExampleAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/cors/CorsExampleAdapterTest.java index 8d994ef81ae..cf0b1683ff7 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/cors/CorsExampleAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/cors/CorsExampleAdapterTest.java @@ -78,8 +78,6 @@ import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement; public class CorsExampleAdapterTest extends AbstractExampleAdapterTest { public static final String CORS = "cors"; - public static final String AUTH_SERVER_HOST = "localhost-auth-127.0.0.1.nip.io"; - private static final String hostBackup; @ArquillianResource private Deployer deployer; @@ -130,10 +128,6 @@ public class CorsExampleAdapterTest extends AbstractExampleAdapterTest { deployer.undeploy(AngularCorsProductTestApp.DEPLOYMENT_NAME); } - static{ - hostBackup = System.getProperty("auth.server.host", "localhost"); - System.setProperty("auth.server.host", AUTH_SERVER_HOST); - } @Override public void setDefaultPageUriParameters() { @@ -190,7 +184,6 @@ public class CorsExampleAdapterTest extends AbstractExampleAdapterTest { "/auth/admin/master/console/#/server-info"); jsDriverTestRealmLoginPage.form().login("admin", "admin"); - WaitUtils.waitUntilElement(By.tagName("body")).is().visible(); Pattern pattern = Pattern.compile("]+>Server Version" + "\\s+]+>([^<]+)"); Matcher matcher = pattern.matcher(DroneUtils.getCurrentDriver().getPageSource()); @@ -201,9 +194,4 @@ public class CorsExampleAdapterTest extends AbstractExampleAdapterTest { return null; } - - @AfterClass - public static void afterCorsTest() { - System.setProperty("auth.server.host", hostBackup); - } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/fuse/EAP6Fuse6HawtioAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/fuse/EAP6Fuse6HawtioAdapterTest.java index 4e0e39d02a4..637e37e8ddf 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/fuse/EAP6Fuse6HawtioAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/fuse/EAP6Fuse6HawtioAdapterTest.java @@ -40,6 +40,7 @@ import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest; import org.keycloak.testsuite.adapter.page.HawtioPage; import org.keycloak.testsuite.arquillian.AppServerTestEnricher; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; +import org.keycloak.testsuite.util.ContainerAssume; import org.keycloak.testsuite.utils.arquillian.ContainerConstants; import org.keycloak.testsuite.arquillian.containers.SelfManagedAppContainerLifecycle; import org.keycloak.testsuite.auth.page.login.OIDCLogin; @@ -79,6 +80,7 @@ public class EAP6Fuse6HawtioAdapterTest extends AbstractExampleAdapterTest imple @BeforeClass public static void enabled() { Assume.assumeFalse(System.getProperty("os.name").startsWith("Windows")); + ContainerAssume.assumeNotAppServerSSL(); } @Before diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/DemoServletsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/DemoServletsAdapterTest.java index 182ce0e4846..cfb4c77a8cd 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/DemoServletsAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/DemoServletsAdapterTest.java @@ -76,6 +76,7 @@ import org.keycloak.testsuite.adapter.page.TokenMinTTLPage; import org.keycloak.testsuite.adapter.page.TokenRefreshPage; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; +import org.keycloak.testsuite.util.ServerURLs; import org.keycloak.testsuite.utils.arquillian.ContainerConstants; import org.keycloak.testsuite.auth.page.account.Applications; import org.keycloak.testsuite.auth.page.login.OAuthGrant; @@ -220,7 +221,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest { @Deployment(name = CustomerPortalNoConf.DEPLOYMENT_NAME) protected static WebArchive customerPortalNoConf() { - return servletDeployment(CustomerPortalNoConf.DEPLOYMENT_NAME, CustomerServletNoConf.class, ErrorServlet.class); + return servletDeployment(CustomerPortalNoConf.DEPLOYMENT_NAME, CustomerServletNoConf.class, ErrorServlet.class, ServletTestUtils.class); } @Deployment(name = SecurePortal.DEPLOYMENT_NAME) @@ -799,7 +800,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest { BasicCookieStore cookieStore = new BasicCookieStore(); BasicClientCookie jsessionid = new BasicClientCookie("JSESSIONID", driver.manage().getCookieNamed("JSESSIONID").getValue()); - jsessionid.setDomain("localhost"); + jsessionid.setDomain(ServerURLs.APP_SERVER_HOST); jsessionid.setPath("/"); cookieStore.addCookie(jsessionid); @@ -1113,13 +1114,6 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest { serverLogPath = System.getProperty("app.server.home") + "/standalone-test/log/server.log"; } - String appServerUrl; - if (Boolean.parseBoolean(System.getProperty("app.server.ssl.required"))) { - appServerUrl = "https://localhost:" + System.getProperty("app.server.https.port", "8543") + "/"; - } else { - appServerUrl = "http://localhost:" + System.getProperty("app.server.http.port", "8280") + "/"; - } - if (serverLogPath != null) { log.info("Checking app server log at: " + serverLogPath); File serverLog = new File(serverLogPath); @@ -1127,7 +1121,7 @@ public class DemoServletsAdapterTest extends AbstractServletsAdapterTest { UserRepresentation bburke = ApiUtil.findUserByUsername(testRealmResource(), "bburke@redhat.com"); //the expected log message has DEBUG level - assertThat(serverLogContent, containsString("User '" + bburke.getId() + "' invoking '" + appServerUrl + "customer-db/' on client 'customer-db'")); + assertThat(serverLogContent, containsString("User '" + bburke.getId() + "' invoking '" + ServerURLs.getAppServerContextRoot() + "/customer-db/' on client 'customer-db'")); } else { log.info("Checking app server log on app-server: \"" + System.getProperty("app.server") + "\" is not supported."); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletAdapterTest.java index a6c12dd4328..e2e2864c240 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletAdapterTest.java @@ -1,5 +1,6 @@ package org.keycloak.testsuite.adapter.servlet; +import org.jboss.arquillian.test.spi.execution.SkippedTestExecutionException; import org.junit.After; import org.junit.Assume; import org.junit.Before; @@ -7,6 +8,8 @@ import org.junit.BeforeClass; import org.junit.Ignore; import org.junit.Test; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; +import org.keycloak.testsuite.util.ContainerAssume; +import org.keycloak.testsuite.util.ServerURLs; import org.keycloak.testsuite.utils.annotation.UseServletFilter; import org.keycloak.testsuite.utils.arquillian.ContainerConstants; @@ -27,6 +30,10 @@ public class SAMLFilterServletAdapterTest extends SAMLServletAdapterTest { public static void enabled() { String appServerJavaHome = System.getProperty("app.server.java.home", ""); Assume.assumeFalse(appServerJavaHome.contains("1.7") || appServerJavaHome.contains("ibm-java-70")); + + // SAMLServletAdapterTest has too many deployments, with so many deployments (with filter dependency in each + // of them) it is impossible to reload container after TLS is enabled, GC time limit exceeds + ContainerAssume.assumeNotAppServerSSL(); } @Before diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLSameSiteTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLSameSiteTest.java deleted file mode 100644 index f34b7122056..00000000000 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLSameSiteTest.java +++ /dev/null @@ -1,132 +0,0 @@ -package org.keycloak.testsuite.adapter.servlet; - -import org.jboss.arquillian.container.test.api.Deployment; -import org.jboss.arquillian.graphene.page.Page; -import org.jboss.shrinkwrap.api.spec.WebArchive; -import org.junit.BeforeClass; -import org.junit.Test; -import org.keycloak.adapters.rotation.PublicKeyLocator; -import org.keycloak.testsuite.adapter.filter.AdapterActionsFilter; -import org.keycloak.testsuite.adapter.page.Employee2Servlet; -import org.keycloak.testsuite.adapter.page.EmployeeSigServlet; -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; -import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; -import org.keycloak.testsuite.auth.page.login.Login; -import org.keycloak.testsuite.updaters.ClientAttributeUpdater; -import org.keycloak.testsuite.util.ContainerAssume; -import org.keycloak.testsuite.utils.arquillian.ContainerConstants; -import org.openqa.selenium.By; - -import javax.ws.rs.core.UriBuilder; -import java.util.Collections; - -import static org.keycloak.testsuite.auth.page.AuthRealm.SAMLSERVLETDEMO; -import static org.keycloak.testsuite.saml.AbstractSamlTest.SAML_CLIENT_ID_EMPLOYEE_2; -import static org.keycloak.testsuite.saml.AbstractSamlTest.SAML_CLIENT_ID_EMPLOYEE_SIG; -import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith; -import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad; -import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement; -import static org.keycloak.testsuite.util.ServerURLs.getAppServerContextRoot; - -/** - * @author mhajas - */ -@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY) -// @AppServerContainer(ContainerConstants.APP_SERVER_EAP) // Should be added in: KEYCLOAK-14434 -// @AppServerContainer(ContainerConstants.APP_SERVER_EAP6) // Should be added in: KEYCLOAK-14435 -@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8) -@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9) -@AuthServerContainerExclude(AuthServerContainerExclude.AuthServer.REMOTE) -public class SAMLSameSiteTest extends AbstractSAMLServletAdapterTest { - // private static final String NIP_IO_URL = "app-saml-127-0-0-1.nip.io"; - private static final String NIP_IO_EMPLOYEE2_URL = getAppServerContextRoot() + "/employee2/"; - private static final String NIP_IO_EMPLOYEE_SIG_URL = getAppServerContextRoot() + "/employee-sig/"; - - @Deployment(name = Employee2Servlet.DEPLOYMENT_NAME) - protected static WebArchive employee2() { - return samlServletDeployment(Employee2Servlet.DEPLOYMENT_NAME, WEB_XML_WITH_ACTION_FILTER, SendUsernameServlet.class, AdapterActionsFilter.class, PublicKeyLocator.class) - .addAsWebInfResource(undertowHandlersConf, UNDERTOW_HANDLERS_CONF); - } - - @Deployment(name = EmployeeSigServlet.DEPLOYMENT_NAME) - protected static WebArchive employeeSig() { - return samlServletDeployment(EmployeeSigServlet.DEPLOYMENT_NAME, SendUsernameServlet.class) - .addAsWebInfResource(undertowHandlersConf, UNDERTOW_HANDLERS_CONF); - } - - @Page - protected Employee2Servlet employee2ServletPage; - - @BeforeClass - public static void enabledOnlyWithSSL() { - ContainerAssume.assumeAuthServerSSL(); - ContainerAssume.assumeAppServerSSL(); - } - - @Test - public void samlPostWorksWithSameSiteCookieTest() { - testLoginLogoutWithDifferentUrl(SAML_CLIENT_ID_EMPLOYEE_2, NIP_IO_EMPLOYEE2_URL, testRealmSAMLPostLoginPage); - } - - @Test - public void samlRedirectWorksWithSameSiteCookieTest() { - testLoginLogoutWithDifferentUrl(SAML_CLIENT_ID_EMPLOYEE_SIG, NIP_IO_EMPLOYEE_SIG_URL, testRealmSAMLRedirectLoginPage); - } - - @Test - public void testSSOPostRedirect() { - getCleanup(SAMLSERVLETDEMO).addCleanup(ClientAttributeUpdater.forClient(adminClient, SAMLSERVLETDEMO, SAML_CLIENT_ID_EMPLOYEE_SIG) - .setRedirectUris(Collections.singletonList(NIP_IO_EMPLOYEE_SIG_URL + "*")) - .setAdminUrl(NIP_IO_EMPLOYEE_SIG_URL + "saml") - .update()); - - getCleanup(SAMLSERVLETDEMO).addCleanup(ClientAttributeUpdater.forClient(adminClient, SAMLSERVLETDEMO, SAML_CLIENT_ID_EMPLOYEE_2) - .setRedirectUris(Collections.singletonList(NIP_IO_EMPLOYEE2_URL + "*")) - .setAdminUrl(NIP_IO_EMPLOYEE2_URL + "saml") - .update()); - - // Navigate to url with nip.io to trick browser the adapter lives on different domain - driver.navigate().to(NIP_IO_EMPLOYEE2_URL); - assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage); - - // Login and check the user is successfully logged in - testRealmSAMLPostLoginPage.form().login(bburkeUser); - waitUntilElement(By.xpath("//body")).text().contains("principal=bburke"); - - driver.navigate().to(NIP_IO_EMPLOYEE_SIG_URL); - waitUntilElement(By.xpath("//body")).text().contains("principal=bburke"); - - // Logout - driver.navigate().to(UriBuilder.fromUri(NIP_IO_EMPLOYEE_SIG_URL).queryParam("GLO", "true").build().toASCIIString()); - waitForPageToLoad(); - - // Check logged out - driver.navigate().to(NIP_IO_EMPLOYEE2_URL); - assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage); - } - - private void testLoginLogoutWithDifferentUrl(String clientId, String newUrl, Login loginPage) { - getCleanup(SAMLSERVLETDEMO).addCleanup(ClientAttributeUpdater.forClient(adminClient, SAMLSERVLETDEMO, clientId) - .setRedirectUris(Collections.singletonList(newUrl + "*")) - .setAdminUrl(newUrl + "saml") - .update()); - - // Navigate to url with nip.io to trick browser the adapter lives on different domain - driver.navigate().to(newUrl); - assertCurrentUrlStartsWith(loginPage); - - // Login and check the user is successfully logged in - loginPage.form().login(bburkeUser); - waitUntilElement(By.xpath("//body")).text().contains("principal=bburke"); - - // Logout - driver.navigate().to(UriBuilder.fromUri(newUrl).queryParam("GLO", "true").build().toASCIIString()); - waitForPageToLoad(); - - // Check logged out - driver.navigate().to(newUrl); - assertCurrentUrlStartsWith(loginPage); - } - - -} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLServletAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLServletAdapterTest.java index f262d99a561..46c544f86af 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLServletAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLServletAdapterTest.java @@ -143,6 +143,7 @@ import org.keycloak.testsuite.adapter.page.*; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; +import org.keycloak.testsuite.util.ServerURLs; import org.keycloak.testsuite.utils.arquillian.ContainerConstants; import org.keycloak.testsuite.auth.page.login.Login; import org.keycloak.testsuite.auth.page.login.SAMLIDPInitiatedLogin; @@ -785,14 +786,7 @@ public class SAMLServletAdapterTest extends AbstractSAMLServletAdapterTest { ClientRepresentation clientRep = testRealmResource().convertClientDescription(IOUtil.documentToString(doc)); - String appServerUrl; - if (Boolean.parseBoolean(System.getProperty("app.server.ssl.required"))) { - appServerUrl = "https://localhost:" + System.getProperty("app.server.https.port", "8543") + "/"; - } else { - appServerUrl = "http://localhost:" + System.getProperty("app.server.http.port", "8280") + "/"; - } - - clientRep.setAdminUrl(appServerUrl + "sales-metadata/saml"); + clientRep.setAdminUrl(ServerURLs.getAppServerContextRoot() + "/sales-metadata/saml"); try (Response response = testRealmResource().clients().create(clientRep)) { Assert.assertEquals(201, response.getStatus()); @@ -1363,8 +1357,13 @@ public class SAMLServletAdapterTest extends AbstractSAMLServletAdapterTest { @Test public void idpMetadataValidation() throws Exception { - driver.navigate().to(authServerPage.toString() + "/realms/" + SAMLSERVLETDEMO + "/protocol/saml/descriptor"); - validateXMLWithSchema(driver.getPageSource(), "/adapter-test/keycloak-saml/metadata-schema/saml-schema-metadata-2.0.xsd"); + try (CloseableHttpClient client = HttpClientBuilder.create().build()) { + HttpGet httpGet = new HttpGet(authServerPage.toString() + "/realms/" + SAMLSERVLETDEMO + "/protocol/saml/descriptor"); + try (CloseableHttpResponse response = client.execute(httpGet)) { + String stringResponse = EntityUtils.toString(response.getEntity()); + validateXMLWithSchema(stringResponse, "/adapter-test/keycloak-saml/metadata-schema/saml-schema-metadata-2.0.xsd"); + } + } } @Test @@ -1673,7 +1672,7 @@ public class SAMLServletAdapterTest extends AbstractSAMLServletAdapterTest { Assert.assertThat(resourceResponse.readEntity(String.class), containsString("pedroigor")); } - @AuthServerContainerExclude(value = AuthServerContainerExclude.AuthServer.QUARKUS, details = + @AuthServerContainerExclude(value = AuthServerContainerExclude.AuthServer.QUARKUS, details = "Exclude Quarkus because when running on Java 9+ you get CNF exceptions due to the fact that javax.xml.soap was removed (as well as other JEE modules). Need to discuss how we are going to solve this for both main dist and Quarkus") @Test public void testInvalidCredentialsEcpFlow() throws Exception { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SecuredDeploymentsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SecuredDeploymentsAdapterTest.java index 39ad9d0a38c..a642dee9b03 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SecuredDeploymentsAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SecuredDeploymentsAdapterTest.java @@ -21,11 +21,16 @@ package org.keycloak.testsuite.adapter.servlet; import static org.hamcrest.Matchers.containsString; import static org.junit.Assert.assertThat; +import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.CURRENT_APP_SERVER; +import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.enableHTTPSForAppServer; +import static org.keycloak.testsuite.util.ServerURLs.APP_SERVER_SSL_REQUIRED; import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED; import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlEquals; import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLoginUrlOf; import java.io.IOException; +import java.util.concurrent.TimeoutException; + import org.jboss.arquillian.container.test.api.ContainerController; import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.arquillian.graphene.page.Page; @@ -45,6 +50,9 @@ import org.keycloak.testsuite.arquillian.AppServerTestEnricher; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; import org.keycloak.testsuite.utils.arquillian.ContainerConstants; import org.keycloak.testsuite.arquillian.containers.SelfManagedAppContainerLifecycle; +import org.wildfly.extras.creaper.core.CommandFailedException; +import org.wildfly.extras.creaper.core.online.CliException; +import org.wildfly.extras.creaper.core.online.operations.OperationException; @AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY) @AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY_DEPRECATED) @@ -84,7 +92,7 @@ public class SecuredDeploymentsAdapterTest extends AbstractServletsAdapterTest i @Before @Override - public void startServer() { + public void startServer() throws InterruptedException, IOException, OperationException, TimeoutException, CommandFailedException, CliException { try { AppServerTestEnricher.prepareServerDir("standalone-secured-deployments"); } catch (IOException ex) { @@ -92,6 +100,18 @@ public class SecuredDeploymentsAdapterTest extends AbstractServletsAdapterTest i } controller.start(testContext.getAppServerInfo().getQualifier()); + + if (!sslConfigured && super.shouldConfigureSSL()) { + enableHTTPSForAppServer(); + sslConfigured = true; + } + } + + // This is SelfManagedAppContainerLifecycle, we can't enable ssl in before in parent class, because it will fail as + // the container is not started yet + @Override + public boolean shouldConfigureSSL() { + return false; } @After diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/cluster/OIDCAdapterClusterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/cluster/OIDCAdapterClusterTest.java index c15055a623c..bb0b398be3f 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/cluster/OIDCAdapterClusterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/cluster/OIDCAdapterClusterTest.java @@ -26,6 +26,8 @@ import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad; import java.net.URI; import java.net.URL; import java.util.List; +import java.util.Optional; +import java.util.stream.Collectors; import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.arquillian.container.test.api.OperateOnDeployment; @@ -38,11 +40,13 @@ import org.junit.Test; import org.keycloak.OAuth2Constants; import org.keycloak.common.util.Retry; import org.keycloak.protocol.oidc.OIDCLoginProtocolService; +import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.testsuite.adapter.AbstractAdapterClusteredTest; import org.keycloak.testsuite.adapter.page.SessionPortalDistributable; import org.keycloak.testsuite.adapter.servlet.SessionServlet; import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; +import org.keycloak.testsuite.util.ServerURLs; import org.keycloak.testsuite.util.WaitUtils; import org.keycloak.testsuite.utils.arquillian.ContainerConstants; import org.keycloak.testsuite.auth.page.AuthRealm; @@ -85,6 +89,25 @@ public class OIDCAdapterClusterTest extends AbstractAdapterClusteredTest { @Override public void addTestRealms(List testRealms) { addAdapterTestRealms(testRealms); + + if (!"localhost".equals(ServerURLs.APP_SERVER_HOST)) { + for (RealmRepresentation realm : testRealms) { + Optional clientRepresentation = realm.getClients().stream() + .filter(c -> c.getClientId().equals("session-portal-distributable")) + .findFirst(); + + clientRepresentation.ifPresent(cr -> { + cr.setAdminUrl(cr.getAdminUrl().replace("localhost", ServerURLs.APP_SERVER_HOST)); + cr.setBaseUrl(cr.getBaseUrl().replace("localhost", ServerURLs.APP_SERVER_HOST)); + cr.setRedirectUris(cr.getRedirectUris() + .stream() + .map(url -> url.replace("localhost", ServerURLs.APP_SERVER_HOST)) + .collect(Collectors.toList()) + ); + }); + } + + } } @Override diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/keystore/keycloak.truststore b/testsuite/integration-arquillian/tests/base/src/test/resources/keystore/keycloak.truststore index d2875f92795cb1871c230a1f1e9d9bd683f582c0..f24901cc9e2d8c12802612e27d63c9d31e1261c7 100644 GIT binary patch delta 696 zcmV;p0!RI(fep8T4S<9JgaWh!#~=ja2Zv0TzJLN51q2BvI6{}9Bm;MsU?Bqr88$LA zF*Y(aH8ENk4>UJ5I50IbFfleVH8q!iAp?qkoGu3`;8|S)gpcY4(Al4S8@8dx^n{7bkq68#QVWeN^s|PO=1eM8^mFM ze~K~yRIbYDM-Gjal$R~c>GgKg4$|M6m!1p!C1*NQ)a3QC949QINf3XY7*|>vL^hki z38SBr1eq}$)r~;NP>_2dn#JU_X}AI`zudPSc@*(2Q^?OIn{o=Y_NGS zf(dMIV_|G)Z*z2q1b+Yk0Wci~163Uk1QrAo<29KNSzRWqddpmk+(mSbo|+SSmyyH) z6n{m5S%+!KRPT#ioJAD3+36v>bPc#z?Kab}i}-o$-K;RDQ0H zeZ**V8|lG+V}g>fHRo#X}x0- zU%jd@?5`8FHkQYNupu&2mhofZOI*4{~2pZC~!=eH(48n4vDc8XB;~}ZRetx^&wwccq{qI9D1Ok83K5# ew`(K=Cma;mp$W;bt8EzeMBX8cw`#{?^e(KWCqohd delta 708 zcmV;#0z3V;feogC4S<9JgaWh!#~>nlkr&?p1z0XMFgXAK1C=m>1CcO-0(qbV0s#U7 z1UzrnY?oaM0w0$<2LT(GtRVwEmtY|S1{pOnH!(IfHZw6=7!NWsIW#acF)=YVH8wMs ze<1^ke~7FajRLbi7Lhz1d4&5v9AUTn0n*%?v@lUxM?lvtJffC{Zg`3~!fhQL{<>^x zxnL0d$b-bj;}RS%bf;s|zv#;22%}e3u%s@hW^UyA?UrI9hVT!4YJfp$TkU#pywo0v z@Kvm&rOmLjKEysHB^9={nQm}9$&hC%dQi{Xe@>!`Y(%_^(-h}gnasf@y2XB`o47&3 z5h2CeLrTX5HE{Jaj%dW@QZvh4`HOcIDKUv;?F`JS->;z?^tC*@9+8q|(4N@uHH~8G z-?|l~TOy#{I*)JpYsPwI3*0&RHi^K`>+2(NA(U6Bk=3s78I2=zcyU{nNP%!yKgDX6 z7I2LM0|5X5qen1BFeC;8RUHuo9WWc09U}u9A21yT163Uk1QrAo4m>imSN@r+XAu#` zj#QsoLiLcBmyyH)6n_xb0P#tJ0sf0T?u+pmobMD|pmBH~MHnX4m5G`58}%Z|g+F7z zE1W(S5srXKnXbHn${@syt(hpz978a*8X+|CHwCa| zgKQRf$tHvYXfi3w+pHn1zQCHuaC#DPH0xTKRGoh{1LjJILJ3TRyj%$a@XjH<%7s+* zUpin^+*FmOl?%e&s9-{>bQ95VPJ`JGP_>*eNT6f~BM8k#;|_kucY~9Sw6{nGyUXtU qaJJGVpW~nLt^)Y2w|pc6Cma-MFF4L80#$ubYH@!LY^@k}C7-tCLN$^A diff --git a/testsuite/integration-arquillian/tests/pom.xml b/testsuite/integration-arquillian/tests/pom.xml index a0987f4c9e7..33fcb1c3bc6 100755 --- a/testsuite/integration-arquillian/tests/pom.xml +++ b/testsuite/integration-arquillian/tests/pom.xml @@ -94,11 +94,12 @@ ${auth.server.host} + localhost true integration-arquillian-servers-app-server-${app.server} ${containers.home}/app-server-${app.server} - ${app.server.home}/standalone/configuration + ${app.server.home}/standalone/configuration 200 8280 8643 @@ -117,11 +118,12 @@ 512m -Xms${app.server.memory.Xms} -Xmx${app.server.memory.Xmx} -XX:MetaspaceSize=${surefire.memory.metaspace} -XX:MaxMetaspaceSize=${surefire.memory.metaspace.max} false - ${app.server.config.dir}/keycloak.truststore + ${app.server.keystore.dir}/keycloak.truststore secret - ${app.server.config.dir}/adapter.jks + ${app.server.keystore.dir}/adapter.jks secret + undefined cache-server-${cache.server} @@ -162,6 +164,11 @@ -Dapp.server.ssl.required=${app.server.ssl.required} -Dauth.server.ssl.base.url=https://localhost:${auth.server.https.port} -Dauth.server.ssl.required=${auth.server.ssl.required} + -Dauth.server.host=${auth.server.host} + -Dauth.server.host2=${auth.server.host2} + -Dapp.server.host=${app.server.host} + -Dapp.server.http.port=${app.server.http.port} + -Dapp.server.https.port=${app.server.https.port} -Dmy.host.name=localhost -Djava.security.krb5.conf=${project.build.directory}/dependency/kerberos/test-krb5.conf @@ -516,7 +523,7 @@ ${app.server} ${app.server.home} - ${app.server.config.dir} + ${app.server.keystore.dir} ${app.server.java.home} ${app.server.memory.settings} ${app.server.port.offset} @@ -536,6 +543,7 @@ ${app.server.keystore} ${app.server.keystore.password} ${app.server.jvm.args.extra} + ${tomcat.javax.net.ssl.properties} ${frontend.console.output} ${backend.console.output} @@ -1985,6 +1993,17 @@ + + set-javax.net.ssl-properties-for-tomcat + + + app.server.ssl.required + + + + -Djavax.net.ssl.trustStore=${app.server.home}/lib/keycloak.truststore -Djavax.net.ssl.trustStorePassword=secret + + diff --git a/testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/DeploymentArchiveProcessorUtils.java b/testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/DeploymentArchiveProcessorUtils.java index c52bb78c018..32019fb207d 100644 --- a/testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/DeploymentArchiveProcessorUtils.java +++ b/testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/DeploymentArchiveProcessorUtils.java @@ -39,6 +39,7 @@ import org.w3c.dom.DOMException; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; +import sun.applet.AppletSecurity; import static org.keycloak.testsuite.utils.io.IOUtil.modifyDocElementAttribute; import static org.keycloak.testsuite.util.ServerURLs.getAppServerContextRoot; @@ -58,6 +59,7 @@ public class DeploymentArchiveProcessorUtils { private static final String APP_SERVER_SCHEMA = APP_SERVER_SSL_REQUIRED ? "https" : "http"; private static final String APP_SERVER_PORT_PROPERTY = "auth.server." + APP_SERVER_SCHEMA + ".port"; private static final String AUTH_SERVER_REPLACED_URL = "http://localhost:8080"; + private static final String APP_SERVER_CONTAINER = System.getProperty("app.server", ""); public static final String WEBXML_PATH = "/WEB-INF/web.xml"; public static final String ADAPTER_CONFIG_PATH = "/WEB-INF/keycloak.json"; @@ -216,9 +218,17 @@ public class DeploymentArchiveProcessorUtils { } adapterConfig.setTruststore(trustStorePathInDeployment); adapterConfig.setTruststorePassword(TRUSTSTORE_PASSWORD); - File truststorePath = new File(DeploymentArchiveProcessorUtils.class.getResource("/keystore/keycloak.truststore").getFile()); - ((WebArchive) archive).addAsResource(truststorePath); - log.debugf("Adding Truststore to the deployment, path %s, password %s, adapter path %s", truststorePath.getAbsolutePath(), TRUSTSTORE_PASSWORD, trustStorePathInDeployment); + + String truststoreUrl = System.getProperty("dependency.keystore.root", "") + "/keycloak.truststore"; + File truststore = new File(truststoreUrl); + + if (!truststore.exists()) { + truststore = new File(DeploymentArchiveProcessorUtils.class.getResource("/keystore/keycloak.truststore").getFile()); + } + + ((WebArchive) archive).addAsResource(truststore); + + log.debugf("Adding Truststore to the deployment, path %s, password %s, adapter path %s", truststore.getAbsolutePath(), TRUSTSTORE_PASSWORD, trustStorePathInDeployment); } archive.add(new StringAsset(JsonSerialization.writeValueAsPrettyString(adapterConfig)), @@ -240,7 +250,14 @@ public class DeploymentArchiveProcessorUtils { archive.add(new StringAsset(IOUtil.documentToString(doc)), adapterConfigPath); - ((WebArchive) archive).addAsResource(new File(DeploymentArchiveProcessorUtils.class.getResource("/keystore/keycloak.truststore").getFile())); + String truststoreUrl = System.getProperty("dependency.keystore.root", "") + "/keycloak.truststore"; + File truststore = new File(truststoreUrl); + + if (!truststore.exists()) { + truststore = new File(DeploymentArchiveProcessorUtils.class.getResource("/keystore/keycloak.truststore").getFile()); + } + + ((WebArchive) archive).addAsResource(truststore); } private static String getAuthServerUrl() { diff --git a/testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/tomcat/TomcatAppServerConfigurationUtils.java b/testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/tomcat/TomcatAppServerConfigurationUtils.java index 80de599b4b3..da84b173a54 100644 --- a/testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/tomcat/TomcatAppServerConfigurationUtils.java +++ b/testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/tomcat/TomcatAppServerConfigurationUtils.java @@ -41,7 +41,8 @@ public class TomcatAppServerConfigurationUtils { createChild(configuration, "pass", pass); createChild(configuration, "javaVmArguments", System.getProperty("adapter.test.props", " ") + " " + - System.getProperty("app.server.jboss.jvm.debug.args", " ")); + System.getProperty("app.server.jboss.jvm.debug.args", " ") + " " + + System.getProperty("tomcat.javax.net.ssl.properties", " ")); createChild(configuration,"startupTimeoutInSeconds", startupTimeoutInSeconds); return container;