diff --git a/testsuite/integration-arquillian/HOW-TO-RUN.md b/testsuite/integration-arquillian/HOW-TO-RUN.md
index c2dd67bb533c..e704c85c6727 100644
--- a/testsuite/integration-arquillian/HOW-TO-RUN.md
+++ b/testsuite/integration-arquillian/HOW-TO-RUN.md
@@ -999,4 +999,11 @@ because this is not UI testing). For debugging purposes you can override the hea
mvn clean install -f testsuite/integration-arquillian/tests/base \
-Pfirefox-strict-cookies \
-Dtest=**.javascript.** \
- -Dauth.server.host=[some_host] -Dauth.server.host2=[some_other_host]
\ No newline at end of file
+ -Dauth.server.host=[some_host] -Dauth.server.host2=[some_other_host]
+
+**General adapter tests**
+
+ mvn clean install -f testsuite/integration-arquillian/tests/base \
+ -Pfirefox-strict-cookies \
+ -Dtest=**.adapter.** \
+ -Dauth.server.host=[some_host] -Dauth.server.host2=[some_other_host]
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/common/cli/add-secured-deployments.cli b/testsuite/integration-arquillian/servers/app-server/jboss/common/cli/add-secured-deployments.cli
index 10aef026fea1..437691a70bcd 100644
--- a/testsuite/integration-arquillian/servers/app-server/jboss/common/cli/add-secured-deployments.cli
+++ b/testsuite/integration-arquillian/servers/app-server/jboss/common/cli/add-secured-deployments.cli
@@ -3,7 +3,7 @@ embed-server --server-config=standalone.xml
/subsystem=keycloak/secure-deployment=customer-portal-subsystem.war/:add( \
realm=demo, \
resource=customer-portal-subsystem, \
- auth-server-url=${auth.server.actual.protocol:https}://localhost:${auth.server.actual.https.port:8543}/auth, \
+ auth-server-url=${auth.server.actual.protocol:https}://${auth.server.host:localhost}:${auth.server.https.port:8543}/auth, \
ssl-required=EXTERNAL, \
disable-trust-manager=true, \
realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB \
@@ -13,7 +13,7 @@ embed-server --server-config=standalone.xml
/subsystem=keycloak/secure-deployment=product-portal-subsystem.war/:add( \
realm=demo, \
resource=product-portal-subsystem, \
- auth-server-url=${auth.server.actual.protocol:https}://localhost:${auth.server.actual.https.port:8543}/auth, \
+ auth-server-url=${auth.server.actual.protocol:https}://${auth.server.host:localhost}:${auth.server.https.port:8543}/auth, \
ssl-required=EXTERNAL, \
disable-trust-manager=true, \
realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB \
diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/common/keystore/adapter.jks b/testsuite/integration-arquillian/servers/app-server/jboss/common/keystore/adapter.jks
index 0eb0dc07b904..522dc59bfd97 100644
Binary files a/testsuite/integration-arquillian/servers/app-server/jboss/common/keystore/adapter.jks and b/testsuite/integration-arquillian/servers/app-server/jboss/common/keystore/adapter.jks differ
diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/common/keystore/keycloak.truststore b/testsuite/integration-arquillian/servers/app-server/jboss/common/keystore/keycloak.truststore
index 3f054cd19377..7050b5181f45 100644
Binary files a/testsuite/integration-arquillian/servers/app-server/jboss/common/keystore/keycloak.truststore and b/testsuite/integration-arquillian/servers/app-server/jboss/common/keystore/keycloak.truststore differ
diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/eap6/src/main/resources/config/cli/add-secured-deployments.cli b/testsuite/integration-arquillian/servers/app-server/jboss/eap6/src/main/resources/config/cli/add-secured-deployments.cli
index 4e558eede6af..167afedd4c1c 100644
--- a/testsuite/integration-arquillian/servers/app-server/jboss/eap6/src/main/resources/config/cli/add-secured-deployments.cli
+++ b/testsuite/integration-arquillian/servers/app-server/jboss/eap6/src/main/resources/config/cli/add-secured-deployments.cli
@@ -1,7 +1,7 @@
/subsystem=keycloak/secure-deployment=customer-portal-subsystem.war/:add( \
realm=demo, \
resource=customer-portal-subsystem, \
- auth-server-url=${auth.server.actual.protocol:https}://localhost:${auth.server.actual.http.port:8543}/auth, \
+ auth-server-url=${auth.server.actual.protocol:https}://${auth.server.host:localhost}:${auth.server.actual.http.port:8543}/auth, \
ssl-required=EXTERNAL, \
disable-trust-manager=true, \
realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB \
@@ -11,7 +11,7 @@
/subsystem=keycloak/secure-deployment=product-portal-subsystem.war/:add( \
realm=demo, \
resource=product-portal-subsystem, \
- auth-server-url=${auth.server.actual.protocol:https}://localhost:${auth.server.actual.https.port:8543}/auth, \
+ auth-server-url=${auth.server.actual.protocol:https}://${auth.server.host:localhost}:${auth.server.actual.https.port:8543}/auth, \
ssl-required=EXTERNAL, \
disable-trust-manager=true, \
realm-public-key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB \
diff --git a/testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/keystore/adapter.jks b/testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/keystore/adapter.jks
index ae8cc99cd1de..522dc59bfd97 100644
Binary files a/testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/keystore/adapter.jks and b/testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/keystore/adapter.jks differ
diff --git a/testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/keystore/keycloak.truststore b/testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/keystore/keycloak.truststore
index 3f054cd19377..7050b5181f45 100644
Binary files a/testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/keystore/keycloak.truststore and b/testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/keystore/keycloak.truststore differ
diff --git a/testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/tomcat-add-connector.xsl b/testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/tomcat-add-connector.xsl
index 8e87e0a2a162..8b9e74db94a8 100644
--- a/testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/tomcat-add-connector.xsl
+++ b/testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/tomcat-add-connector.xsl
@@ -29,8 +29,8 @@
+ keystoreFile="lib/adapter.jks" keystorePass="secret"
+ truststoreFile="lib/keycloak.truststore" truststorePass="secret"/>
diff --git a/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml b/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml
index 3a91985f33aa..1f8f6bd58159 100644
--- a/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml
+++ b/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml
@@ -363,7 +363,7 @@
copy-resources
- ${app.server.tomcat.home}/conf
+ ${app.server.tomcat.home}/lib
${common.resources}/keystore
diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/keystore/keycloak.truststore b/testsuite/integration-arquillian/servers/auth-server/jboss/common/keystore/keycloak.truststore
index d0177a3ccc74..dc1610b14e50 100644
Binary files a/testsuite/integration-arquillian/servers/auth-server/jboss/common/keystore/keycloak.truststore and b/testsuite/integration-arquillian/servers/auth-server/jboss/common/keystore/keycloak.truststore differ
diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/util/ServerURLs.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/util/ServerURLs.java
index bf4e70597699..10a9ff5f9d49 100644
--- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/util/ServerURLs.java
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/util/ServerURLs.java
@@ -26,6 +26,11 @@ public class ServerURLs {
public static final String AUTH_SERVER_HOST = System.getProperty("auth.server.host", "localhost");
public static final String AUTH_SERVER_HOST2 = System.getProperty("auth.server.host2", AUTH_SERVER_HOST);
+ public static final boolean APP_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("app.server.ssl.required", "false"));
+ public static final String APP_SERVER_PORT = APP_SERVER_SSL_REQUIRED ? System.getProperty("app.server.https.port", "8643") : System.getProperty("app.server.http.port", "8280");
+ public static final String APP_SERVER_SCHEME = APP_SERVER_SSL_REQUIRED ? "https" : "http";
+ public static final String APP_SERVER_HOST = System.getProperty("app.server.host", "localhost");
+
public static String getAuthServerContextRoot() {
return getAuthServerContextRoot(0);
}
@@ -39,14 +44,7 @@ public static String getAppServerContextRoot() {
}
public static String getAppServerContextRoot(int clusterPortOffset) {
- String host = System.getProperty("app.server.host", "localhost");
-
- boolean sslRequired = Boolean.parseBoolean(System.getProperty("app.server.ssl.required"));
-
- int port = sslRequired ? parsePort("app.server.https.port") : parsePort("app.server.http.port");
- String scheme = sslRequired ? "https" : "http";
-
- return String.format("%s://%s:%s", scheme, host, port + clusterPortOffset);
+ return removeDefaultPorts(String.format("%s://%s:%s", APP_SERVER_SCHEME, APP_SERVER_HOST, parseInt(APP_SERVER_PORT) + clusterPortOffset));
}
/**
diff --git a/testsuite/integration-arquillian/test-apps/cors/angular-product/src/main/webapp/js/app.js b/testsuite/integration-arquillian/test-apps/cors/angular-product/src/main/webapp/js/app.js
index e704283e6cfe..f42022f109e1 100755
--- a/testsuite/integration-arquillian/test-apps/cors/angular-product/src/main/webapp/js/app.js
+++ b/testsuite/integration-arquillian/test-apps/cors/angular-product/src/main/webapp/js/app.js
@@ -18,7 +18,8 @@
var module = angular.module('product', []);
function getAuthServerUrl() {
- var url = 'https://localhost-auth-127.0.0.1.nip.io:8543';
+ let authUrl = auth.authz.authServerUrl
+ var url = authUrl.substring(0, authUrl.length - 5);
return url;
}
diff --git a/testsuite/integration-arquillian/test-apps/servlet-authz/src/main/webapp/logout-include.jsp b/testsuite/integration-arquillian/test-apps/servlet-authz/src/main/webapp/logout-include.jsp
index 25a088179789..eedc4e9731c0 100644
--- a/testsuite/integration-arquillian/test-apps/servlet-authz/src/main/webapp/logout-include.jsp
+++ b/testsuite/integration-arquillian/test-apps/servlet-authz/src/main/webapp/logout-include.jsp
@@ -11,7 +11,8 @@
boolean isTLSEnabled = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required", "true"));
String authPort = isTLSEnabled ? System.getProperty("auth.server.https.port", "8543") : System.getProperty("auth.server.http.port", "8180");
String authScheme = isTLSEnabled ? "https" : "http";
- String authUri = authScheme + "://localhost:" + authPort + "/auth";
+ String authHost = System.getProperty("auth.server.host", "localhost");
+ String authUri = authScheme + "://" + authHost + ":" + authPort + "/auth";
%>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/logout-include.jsp b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/logout-include.jsp
index 54b851fc88bc..006e0bf1c7a8 100644
--- a/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/logout-include.jsp
+++ b/testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/logout-include.jsp
@@ -11,7 +11,8 @@
boolean isTLSEnabled = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required", "true"));
String authPort = isTLSEnabled ? System.getProperty("auth.server.https.port", "8543") : System.getProperty("auth.server.http.port", "8180");
String authScheme = isTLSEnabled ? "https" : "http";
- String authUri = authScheme + "://localhost:" + authPort + "/auth";
+ String authHost = System.getProperty("auth.server.host", "localhost");
+ String authUri = authScheme + "://" + authHost + ":" + authPort + "/auth";
%>
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServlet.java b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServlet.java
index e58a905709b3..35ecd0fb9282 100644
--- a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServlet.java
+++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServlet.java
@@ -18,7 +18,6 @@
package org.keycloak.testsuite.adapter.servlet;
import org.keycloak.KeycloakSecurityContext;
-import org.keycloak.common.util.UriUtils;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
@@ -53,7 +52,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws Se
//Clear principal form database-service by calling logout
StringBuilder result = new StringBuilder();
- String urlBase = ServletTestUtils.getUrlBase(req);
+ String urlBase = ServletTestUtils.getUrlBase();
URL url = new URL(urlBase + "/customer-db/");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
@@ -74,7 +73,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws Se
//try {
- String urlBase = ServletTestUtils.getUrlBase(req);
+ String urlBase = ServletTestUtils.getUrlBase();
// Decide what to call based on the URL suffix
String serviceUrl;
@@ -105,7 +104,6 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws Se
// }
}
-
private String invokeService(String serviceUrl, KeycloakSecurityContext context) throws IOException {
StringBuilder result = new StringBuilder();
diff --git a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServletNoConf.java b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServletNoConf.java
index c353532dc557..0710814d01c1 100644
--- a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServletNoConf.java
+++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/CustomerServletNoConf.java
@@ -56,13 +56,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws Se
//try {
StringBuilder result = new StringBuilder();
- String urlBase;
-
- if (System.getProperty("app.server.ssl.required", "false").equals("true")) {
- urlBase = System.getProperty("app.server.ssl.base.url", "https://localhost:8643");
- } else {
- urlBase = System.getProperty("app.server.base.url", "http://localhost:8280");
- }
+ String urlBase = ServletTestUtils.getUrlBase();
URL url = new URL(urlBase + "/customer-db/");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
diff --git a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/InputServlet.java b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/InputServlet.java
index 8152e57c51e1..f945729bcc46 100644
--- a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/InputServlet.java
+++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/InputServlet.java
@@ -37,7 +37,7 @@ public class InputServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
- String appBase = ServletTestUtils.getUrlBase(req);
+ String appBase = ServletTestUtils.getUrlBase();
String actionUrl = appBase + "/input-portal/secured/post";
if (req.getRequestURI().endsWith("insecure")) {
diff --git a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/OfflineTokenServlet.java b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/OfflineTokenServlet.java
index f1a0a2b638ac..242543044561 100644
--- a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/OfflineTokenServlet.java
+++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/OfflineTokenServlet.java
@@ -13,22 +13,18 @@
*/
public class OfflineTokenServlet extends AbstractShowTokensServlet {
- private static final String ADAPTER_ROOT_URL = (System.getProperty("auth.server.ssl.required", "false").equals("true")) ?
- System.getProperty("auth.server.ssl.base.url", "https://localhost:8543") :
- System.getProperty("auth.server.base.url", "http://localhost:8180");
-
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
if (req.getRequestURI().endsWith("logout")) {
- UriBuilder redirectUriBuilder = UriBuilder.fromUri(ServletTestUtils.getUrlBase(req) + "/offline-client");
+ UriBuilder redirectUriBuilder = UriBuilder.fromUri(ServletTestUtils.getUrlBase() + "/offline-client");
if (req.getParameter(OAuth2Constants.SCOPE) != null) {
redirectUriBuilder.queryParam(OAuth2Constants.SCOPE, req.getParameter(OAuth2Constants.SCOPE));
}
String redirectUri = redirectUriBuilder.build().toString();
- String serverLogoutRedirect = UriBuilder.fromUri(ADAPTER_ROOT_URL + "/auth/realms/test/protocol/openid-connect/logout")
+ String serverLogoutRedirect = UriBuilder.fromUri(ServletTestUtils.getAuthServerUrlBase() + "/auth/realms/test/protocol/openid-connect/logout")
.queryParam("redirect_uri", redirectUri)
.build().toString();
diff --git a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/SamlSPFacade.java b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/SamlSPFacade.java
index ec2e307a3be3..c2ae10e6e975 100755
--- a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/SamlSPFacade.java
+++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/SamlSPFacade.java
@@ -99,7 +99,7 @@ private URI getSamlAuthnRequest(HttpServletRequest req) {
try {
BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder();
SAML2Request samlReq = new SAML2Request();
- String appServerUrl = ServletTestUtils.getUrlBase(req) + "/employee/";
+ String appServerUrl = ServletTestUtils.getUrlBase() + "/employee/";
String authServerUrl = ServletTestUtils.getAuthServerUrlBase() + "/auth/realms/demo/protocol/saml";
AuthnRequestType loginReq;
loginReq = samlReq.createAuthnRequestType(UUID.randomUUID().toString(), appServerUrl, authServerUrl, "http://localhost:8280/employee/");
diff --git a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/ServletTestUtils.java b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/ServletTestUtils.java
index 8a064a66eecd..7dd226b0ace2 100644
--- a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/ServletTestUtils.java
+++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/ServletTestUtils.java
@@ -17,40 +17,32 @@
package org.keycloak.testsuite.adapter.servlet;
-import javax.servlet.http.HttpServletRequest;
-
-import org.keycloak.common.util.UriUtils;
+import static java.lang.Integer.parseInt;
/**
* @author Marek Posolda
*/
public class ServletTestUtils {
- // TODO: Couldn't just always read urlBase from req.getRequestURI() ?
- public static String getUrlBase(HttpServletRequest req) {
- if (System.getProperty("app.server.ssl.required", "false").equals("true")) {
- return System.getProperty("app.server.ssl.base.url", "https://localhost:8643");
- }
-
- String urlBase = System.getProperty("app.server.base.url");
+ public static final boolean AUTH_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required", "true"));
+ public static final String AUTH_SERVER_PORT = AUTH_SERVER_SSL_REQUIRED ? System.getProperty("auth.server.https.port", "8543") : System.getProperty("auth.server.http.port", "8180");
+ public static final String AUTH_SERVER_SCHEME = AUTH_SERVER_SSL_REQUIRED ? "https" : "http";
+ public static final String AUTH_SERVER_HOST = System.getProperty("auth.server.host", "localhost");
- if (urlBase == null) {
- String authServer = System.getProperty("auth.server.container", "auth-server-undertow");
- if (authServer.contains("undertow")) {
- urlBase = UriUtils.getOrigin(req.getRequestURL().toString());
- } else {
- urlBase = "http://localhost:8280";
- }
- }
+ public static final boolean APP_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("app.server.ssl.required", "false"));
+ public static final String APP_SERVER_PORT = APP_SERVER_SSL_REQUIRED ? System.getProperty("app.server.https.port", "8643") : System.getProperty("app.server.http.port", "8280");
+ public static final String APP_SERVER_SCHEME = APP_SERVER_SSL_REQUIRED ? "https" : "http";
+ public static final String APP_SERVER_HOST = System.getProperty("app.server.host", "localhost");
- return urlBase;
+ public static String getUrlBase() {
+ return removeDefaultPorts(String.format("%s://%s:%s", APP_SERVER_SCHEME, APP_SERVER_HOST, parseInt(APP_SERVER_PORT)));
}
public static String getAuthServerUrlBase() {
- if (System.getProperty("auth.server.ssl.required", "false").equals("true")) {
- return System.getProperty("auth.server.ssl.base.url", "https://localhost:8543");
- }
+ return removeDefaultPorts(String.format("%s://%s:%s", AUTH_SERVER_SCHEME, AUTH_SERVER_HOST, parseInt(AUTH_SERVER_PORT)));
+ }
- return System.getProperty("auth.server.base.url", "http://localhost:8180");
+ public static String removeDefaultPorts(String url) {
+ return url != null ? url.replaceFirst("(.*)(:80)(\\/.*)?$", "$1$3").replaceFirst("(.*)(:443)(\\/.*)?$", "$1$3") : null;
}
}
diff --git a/testsuite/integration-arquillian/tests/base/pom.xml b/testsuite/integration-arquillian/tests/base/pom.xml
index caaa0681c5bf..4a59ab321a69 100644
--- a/testsuite/integration-arquillian/tests/base/pom.xml
+++ b/testsuite/integration-arquillian/tests/base/pom.xml
@@ -854,7 +854,7 @@
0
8080
9990
- ${app.server.home}/conf
+ ${app.server.home}/lib
@@ -888,7 +888,7 @@
0
8080
9990
- ${app.server.home}/conf
+ ${app.server.home}/lib
@@ -922,7 +922,7 @@
0
8080
9990
- ${app.server.home}/conf
+ ${app.server.home}/lib
@@ -982,7 +982,7 @@
${app.server.keystore}
${app.server.keystore.password}
- localhost
+ localhost3
${app.server.skip.unpack}
@@ -1042,7 +1042,7 @@
copy-resources
- ${app.server.home}
+ ${app.server.keystore.dir}
${dependency.keystore.root}
@@ -1052,6 +1052,43 @@
${app.server.skip.unpack}
+
+ copy-processed-truststore-to-secured-deployment-app-server-config
+ process-test-resources
+
+ copy-resources
+
+
+ ${app.server.home}/standalone-secured-deployments/configuration
+
+
+ ${dependency.keystore.root}
+
+
+ true
+ ${app.server.skip.unpack}
+
+
+
+ copy-processed-keystore-to-secured-deployment-app-server-config
+ process-test-resources
+
+ copy-resources
+
+
+ ${app.server.home}/standalone-secured-deployments/configuration
+
+
+ ${app.server.keystore.dir}
+
+ adapter.jks
+
+
+
+ true
+ ${app.server.skip.unpack}
+
+
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AppServerTestEnricher.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AppServerTestEnricher.java
index 7eb7f66a6eca..74abf1f55ff1 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AppServerTestEnricher.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AppServerTestEnricher.java
@@ -27,15 +27,27 @@
import org.jboss.arquillian.test.spi.event.suite.AfterClass;
import org.jboss.arquillian.test.spi.event.suite.BeforeClass;
import org.jboss.logging.Logger;
+import org.junit.Assume;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainers;
import org.keycloak.testsuite.arquillian.containers.SelfManagedAppContainerLifecycle;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.utils.fuse.FuseUtils;
+import org.wildfly.extras.creaper.commands.undertow.AddUndertowListener;
+import org.wildfly.extras.creaper.commands.undertow.RemoveUndertowListener;
+import org.wildfly.extras.creaper.commands.undertow.UndertowListenerType;
+import org.wildfly.extras.creaper.commands.web.AddConnector;
+import org.wildfly.extras.creaper.commands.web.AddConnectorSslConfig;
+import org.wildfly.extras.creaper.core.CommandFailedException;
import org.wildfly.extras.creaper.core.ManagementClient;
+import org.wildfly.extras.creaper.core.online.CliException;
import org.wildfly.extras.creaper.core.online.ManagementProtocol;
import org.wildfly.extras.creaper.core.online.OnlineManagementClient;
import org.wildfly.extras.creaper.core.online.OnlineOptions;
+import org.wildfly.extras.creaper.core.online.operations.Address;
+import org.wildfly.extras.creaper.core.online.operations.OperationException;
+import org.wildfly.extras.creaper.core.online.operations.Operations;
+import org.wildfly.extras.creaper.core.online.operations.admin.Administration;
import java.io.IOException;
import java.lang.reflect.Method;
@@ -47,6 +59,7 @@
import java.util.HashSet;
import java.util.List;
import java.util.Set;
+import java.util.concurrent.TimeoutException;
import java.util.stream.Collectors;
import static org.keycloak.testsuite.util.ServerURLs.getAppServerContextRoot;
@@ -165,10 +178,14 @@ private ContainerInfo updateWithAppServerInfo(ContainerInfo appServerInfo, int c
}
public static OnlineManagementClient getManagementClient() {
+ return getManagementClient(200);
+ }
+
+ public static OnlineManagementClient getManagementClient(int portOffset) {
try {
return ManagementClient.online(OnlineOptions
.standalone()
- .hostAndPort(System.getProperty("app.server.host", "localhost"), System.getProperty("app.server","").startsWith("eap6") ? 10199 : 10190)
+ .hostAndPort(System.getProperty("app.server.host", "localhost"), System.getProperty("app.server","").startsWith("eap6") ? 9999 + portOffset : 9990 + portOffset)
.protocol(System.getProperty("app.server","").startsWith("eap6") ? ManagementProtocol.REMOTE : ManagementProtocol.HTTP_REMOTING)
.build()
);
@@ -198,6 +215,66 @@ public void startAppServer(@Observes(precedence = -1) BeforeClass event) throws
}
}
+ public static void enableHTTPSForManagementClient(OnlineManagementClient client) throws CommandFailedException, InterruptedException, TimeoutException, IOException, CliException, OperationException {
+ Administration administration = new Administration(client);
+ Operations operations = new Operations(client);
+
+ if(!operations.exists(Address.coreService("management").and("security-realm", "UndertowRealm"))) {
+ client.execute("/core-service=management/security-realm=UndertowRealm:add()");
+ client.execute("/core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-relative-to=jboss.server.config.dir,keystore-password=secret,keystore-path=adapter.jks");
+ }
+
+ client.execute("/system-property=javax.net.ssl.trustStore:add(value=${jboss.server.config.dir}/keycloak.truststore)");
+ client.execute("/system-property=javax.net.ssl.trustStorePassword:add(value=secret)");
+
+ if (AppServerTestEnricher.isEAP6AppServer()) {
+ if(!operations.exists(Address.subsystem("web").and("connector", "https"))) {
+ client.apply(new AddConnector.Builder("https")
+ .protocol("HTTP/1.1")
+ .scheme("https")
+ .socketBinding("https")
+ .secure(true)
+ .build());
+
+ client.apply(new AddConnectorSslConfig.Builder("https")
+ .password("secret")
+ .certificateKeyFile("${jboss.server.config.dir}/adapter.jks")
+ .build());
+
+
+ String appServerJavaHome = System.getProperty("app.server.java.home", "");
+ if (appServerJavaHome.contains("ibm")) {
+ // Workaround for bug in IBM JDK: https://bugzilla.redhat.com/show_bug.cgi?id=1430730
+ // Source: https://access.redhat.com/solutions/4133531
+ client.execute("/subsystem=web/connector=https/configuration=ssl:write-attribute(name=cipher-suite, value=\"SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_AES_128_CBC_SHA\")");
+ }
+ }
+ } else {
+ client.apply(new RemoveUndertowListener.Builder(UndertowListenerType.HTTPS_LISTENER, "https")
+ .forDefaultServer());
+
+ administration.reloadIfRequired();
+
+ client.apply(new AddUndertowListener.HttpsBuilder("https", "default-server", "https")
+ .securityRealm("UndertowRealm")
+ .build());
+ }
+
+ administration.reloadIfRequired();
+ }
+
+ public static void enableHTTPSForAppServer() throws CommandFailedException, InterruptedException, TimeoutException, IOException, CliException, OperationException {
+ try (OnlineManagementClient client = getManagementClient()) {
+ enableHTTPSForManagementClient(client);
+ }
+ }
+
+ public static void enableHTTPSForAppServer(int portOffset) throws CommandFailedException, InterruptedException, TimeoutException, IOException, CliException, OperationException {
+ try (OnlineManagementClient client = AppServerTestEnricher.getManagementClient(portOffset)) {
+ enableHTTPSForManagementClient(client);
+ }
+ }
+
/*
* For Fuse: precedence = 2 - app server has to be stopped
* before AuthServerTestEnricher.afterClass is executed
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/SelfManagedAppContainerLifecycle.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/SelfManagedAppContainerLifecycle.java
index 66c7c1bd7899..465f1132c30b 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/SelfManagedAppContainerLifecycle.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/SelfManagedAppContainerLifecycle.java
@@ -16,6 +16,13 @@
*/
package org.keycloak.testsuite.arquillian.containers;
+import org.wildfly.extras.creaper.core.CommandFailedException;
+import org.wildfly.extras.creaper.core.online.CliException;
+import org.wildfly.extras.creaper.core.online.operations.OperationException;
+
+import java.io.IOException;
+import java.util.concurrent.TimeoutException;
+
/**
* The test implementing the interface is expected to maintain container lifecycle
* itself. No app server container will be started.
@@ -27,7 +34,7 @@ public interface SelfManagedAppContainerLifecycle {
/**
* Should be called @Before
*/
- void startServer();
+ void startServer() throws InterruptedException, IOException, OperationException, TimeoutException, CommandFailedException, CliException;
/**
* Should be called @After
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/provider/URLProvider.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/provider/URLProvider.java
index dabaf2c7c5ab..9d754d614281 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/provider/URLProvider.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/provider/URLProvider.java
@@ -17,6 +17,7 @@
package org.keycloak.testsuite.arquillian.provider;
+import org.apache.http.client.utils.URIBuilder;
import org.jboss.arquillian.container.test.api.OperateOnDeployment;
import org.jboss.arquillian.container.test.impl.enricher.resource.URLResourceProvider;
import org.jboss.arquillian.core.api.Instance;
@@ -33,68 +34,44 @@
import java.lang.annotation.Annotation;
import java.net.MalformedURLException;
+import java.net.URISyntaxException;
import java.net.URL;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.keycloak.testsuite.arquillian.ContainerInfo;
+import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.util.URLUtils;
+import static org.keycloak.testsuite.util.ServerURLs.APP_SERVER_HOST;
+import static org.keycloak.testsuite.util.ServerURLs.APP_SERVER_PORT;
+import static org.keycloak.testsuite.util.ServerURLs.APP_SERVER_SCHEME;
+
public class URLProvider extends URLResourceProvider {
protected final Logger log = Logger.getLogger(this.getClass());
- public static final String BOUND_TO_ALL = "0.0.0.0";
- public static final String LOCALHOST_ADDRESS = "127.0.0.1";
- public static final String LOCALHOST_HOSTNAME = "localhost";
-
- private final boolean appServerSslRequired = Boolean.parseBoolean(System.getProperty("app.server.ssl.required"));
-
@Inject
Instance suiteContext;
@Inject
Instance testContext;
- private static final Set fixedUrls = new HashSet<>();
-
@Override
public Object doLookup(ArquillianResource resource, Annotation... qualifiers) {
URL url = (URL) super.doLookup(resource, qualifiers);
if (url == null) {
- String port = appServerSslRequired ?
- System.getProperty("app.server.https.port", "8643") :
- System.getProperty("app.server.http.port", "8280");
- String protocol = appServerSslRequired ? "https" : "http";
-
+ String appServerContextRoot = ServerURLs.getAppServerContextRoot();
try {
for (Annotation a : qualifiers) {
if (OperateOnDeployment.class.isAssignableFrom(a.annotationType())) {
- return new URL(protocol + "://localhost:" + port + "/" + ((OperateOnDeployment) a).value() + "/");
+ return new URL(appServerContextRoot + "/" + ((OperateOnDeployment) a).value() + "/");
}
}
} catch (MalformedURLException ex) {
throw new RuntimeException(ex);
}
}
-
- // fix injected URL
- if (url != null) {
- try {
- url = fixLocalhost(url);
- url = fixBoundToAll(url);
- if (appServerSslRequired) {
- url = fixSsl(url);
- }
- } catch (MalformedURLException ex) {
- log.log(Level.FATAL, null, ex);
- }
-
- if (!fixedUrls.contains(url.toString())) {
- fixedUrls.add(url.toString());
- log.debug("Fixed injected @ArquillianResource URL to: " + url);
- }
- }
// inject context roots if annotation present
for (Annotation a : qualifiers) {
@@ -128,29 +105,19 @@ public Object doLookup(ArquillianResource resource, Annotation... qualifiers) {
}
}
- return url;
- }
-
- public URL fixBoundToAll(URL url) throws MalformedURLException {
- URL fixedUrl = url;
- if (url.getHost().contains(BOUND_TO_ALL)) {
- fixedUrl = new URL(fixedUrl.toExternalForm().replace(BOUND_TO_ALL, LOCALHOST_HOSTNAME));
- }
- return fixedUrl;
- }
-
- public URL fixLocalhost(URL url) throws MalformedURLException {
- URL fixedUrl = url;
- if (url.getHost().contains(LOCALHOST_ADDRESS)) {
- fixedUrl = new URL(fixedUrl.toExternalForm().replace(LOCALHOST_ADDRESS, LOCALHOST_HOSTNAME));
+ // fix injected URL
+ if (url != null) {
+ try {
+ url = new URIBuilder(url.toURI())
+ .setScheme(APP_SERVER_SCHEME)
+ .setHost(APP_SERVER_HOST)
+ .setPort(Integer.parseInt(APP_SERVER_PORT))
+ .build().toURL();
+ } catch (URISyntaxException | MalformedURLException ex) {
+ throw new RuntimeException(ex);
+ }
}
- return fixedUrl;
- }
- public URL fixSsl(URL url) throws MalformedURLException {
- URL fixedUrl = url;
- String urlString = fixedUrl.toExternalForm().replace("http", "https").replace(System.getProperty("app.server.http.port", "8280"), System.getProperty("app.server.https.port", "8643"));
- return new URL(urlString);
+ return url;
}
-
}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/AbstractPageWithInjectedUrl.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/AbstractPageWithInjectedUrl.java
index d4f27f0c8168..0007c072c3fd 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/AbstractPageWithInjectedUrl.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/page/AbstractPageWithInjectedUrl.java
@@ -17,6 +17,8 @@
package org.keycloak.testsuite.page;
+import org.keycloak.testsuite.util.ServerURLs;
+
import javax.ws.rs.core.UriBuilder;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
@@ -36,10 +38,7 @@ protected URL createInjectedURL(String url) {
return null;
}
try {
- if(Boolean.parseBoolean(System.getProperty("app.server.ssl.required"))) {
- return new URL("https://localhost:" + System.getProperty("app.server.https.port", "8643") + "/" + url);
- };
- return new URL("http://localhost:" + System.getProperty("app.server.http.port", "8280") + "/" + url);
+ return new URL(ServerURLs.getAppServerContextRoot() + "/" + url);
} catch (MalformedURLException e) {
e.printStackTrace();
}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/ContainerAssume.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/ContainerAssume.java
index e7c31094fd5b..566c6fc4cde0 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/ContainerAssume.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/ContainerAssume.java
@@ -54,7 +54,11 @@ public static void assumeAuthServerSSL() {
}
public static void assumeAppServerSSL() {
- Assume.assumeTrue("Only works with the SSL configured", APP_SERVER_SSL_REQUIRED);
+ Assume.assumeTrue("Only works with the SSL configured for app server", APP_SERVER_SSL_REQUIRED);
+ }
+
+ public static void assumeNotAppServerSSL() {
+ Assume.assumeFalse("Only works with the SSL disabled for app server", APP_SERVER_SSL_REQUIRED);
}
public static void assumeNotAuthServerQuarkus() {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterClusteredTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterClusteredTest.java
index 61827f46a8d6..2d5578a43250 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterClusteredTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterClusteredTest.java
@@ -44,6 +44,8 @@
import org.junit.BeforeClass;
import org.keycloak.testsuite.arquillian.ContainerInfo;
import org.keycloak.testsuite.auth.page.login.LoginActions;
+import org.keycloak.testsuite.util.ContainerAssume;
+import org.keycloak.testsuite.util.ServerURLs;
/**
*
@@ -64,8 +66,8 @@ public abstract class AbstractAdapterClusteredTest extends AbstractServletsAdapt
protected static final int HTTP_PORT_NODE_1 = 8080 + PORT_OFFSET_NODE_1;
protected static final int PORT_OFFSET_NODE_2 = NumberUtils.toInt(System.getProperty("app.server.2.port.offset"), -1);
protected static final int HTTP_PORT_NODE_2 = 8080 + PORT_OFFSET_NODE_2;
- protected static final URI NODE_1_URI = URI.create("http://localhost:" + HTTP_PORT_NODE_1);
- protected static final URI NODE_2_URI = URI.create("http://localhost:" + HTTP_PORT_NODE_2);
+ protected static final URI NODE_1_URI = URI.create("http://" + ServerURLs.APP_SERVER_HOST + ":" + HTTP_PORT_NODE_1);
+ protected static final URI NODE_2_URI = URI.create("http://" + ServerURLs.APP_SERVER_HOST + ":" + HTTP_PORT_NODE_2);
protected LoadBalancingProxyClient loadBalancerToNodes;
protected Undertow reverseProxyToNodes;
@@ -84,6 +86,7 @@ public static void checkPropertiesSet() {
Assume.assumeThat(PORT_OFFSET_NODE_1, not(is(-1)));
Assume.assumeThat(PORT_OFFSET_NODE_2, not(is(-1)));
Assume.assumeThat(PORT_OFFSET_NODE_REVPROXY, not(is(-1)));
+ ContainerAssume.assumeNotAppServerSSL();
}
@Before
@@ -91,7 +94,7 @@ public void prepareReverseProxy() throws Exception {
loadBalancerToNodes = new LoadBalancingProxyClient().addHost(NODE_1_URI, NODE_1_NAME).setConnectionsPerThread(10);
int maxTime = 3600000; // 1 hour for proxy request timeout, so we can debug the backend keycloak servers
reverseProxyToNodes = Undertow.builder()
- .addHttpListener(HTTP_PORT_NODE_REVPROXY, "localhost")
+ .addHttpListener(HTTP_PORT_NODE_REVPROXY, ServerURLs.APP_SERVER_HOST)
.setIoThreads(2)
.setHandler(new ProxyHandler(loadBalancerToNodes, maxTime, ResponseCodeHandler.HANDLE_404)).build();
reverseProxyToNodes.start();
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java
index 76e782e187d7..5bd787d8e79c 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java
@@ -21,7 +21,12 @@
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.asset.StringAsset;
+import org.junit.AfterClass;
+import org.junit.Before;
import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.rules.TestName;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractAuthTest;
@@ -29,6 +34,7 @@
import org.keycloak.testsuite.arquillian.AppServerTestEnricher;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
+import org.keycloak.testsuite.util.ServerURLs;
import org.wildfly.extras.creaper.commands.undertow.AddUndertowListener;
import org.wildfly.extras.creaper.commands.undertow.RemoveUndertowListener;
import org.wildfly.extras.creaper.commands.undertow.UndertowListenerType;
@@ -50,6 +56,9 @@
import java.util.concurrent.TimeoutException;
import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.APP_SERVER_SSL_REQUIRED;
+import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.CURRENT_APP_SERVER;
+import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.enableHTTPSForAppServer;
+import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_PORT;
import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer;
@@ -66,8 +75,6 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
@Page
protected AppServerContextRoot appServerContextRootPage;
- protected static final String APP_SERVER_CONTAINER = System.getProperty("app.server", "");
-
public static final String JBOSS_DEPLOYMENT_STRUCTURE_XML = "jboss-deployment-structure.xml";
public static final URL jbossDeploymentStructure = AbstractServletsAdapterTest.class
.getResource("/adapter-test/" + JBOSS_DEPLOYMENT_STRUCTURE_XML);
@@ -78,13 +85,26 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
public static final URL tomcatContext = AbstractServletsAdapterTest.class
.getResource("/adapter-test/" + TOMCAT_CONTEXT_XML);
- @BeforeClass
- public static void setUpAppServer() throws Exception {
- if (APP_SERVER_SSL_REQUIRED && (APP_SERVER_CONTAINER.contains("eap") || APP_SERVER_CONTAINER.contains("wildfly"))) { // Other containers need some external configuraiton to run SSL tests
+ protected static boolean sslConfigured = false;
+
+ @Before
+ public void setUpAppServer() throws Exception {
+ if (!sslConfigured && shouldConfigureSSL()) { // Other containers need some external configuraiton to run SSL tests
enableHTTPSForAppServer();
+
+ sslConfigured = true;
}
}
+ @AfterClass
+ public static void resetSSLConfig() {
+ sslConfigured = false;
+ }
+
+ protected boolean shouldConfigureSSL() {
+ return APP_SERVER_SSL_REQUIRED && (CURRENT_APP_SERVER.contains("eap") || CURRENT_APP_SERVER.contains("wildfly"));
+ }
+
@Override
public void addTestRealms(List testRealms) {
addAdapterTestRealms(testRealms);
@@ -93,30 +113,25 @@ public void addTestRealms(List testRealms) {
modifyClientRedirectUris(tr, "http://localhost:8080", "");
modifyClientRedirectUris(tr, "^((?:/.*|)/\\*)",
- "http://localhost:" + System.getProperty("app.server.http.port", "8280") + "$1",
- "http://localhost:" + System.getProperty("auth.server.http.port", "8180") + "$1",
- "https://localhost:" + System.getProperty("app.server.https.port", "8643") + "$1",
- "https://localhost:" + System.getProperty("auth.server.http.port", "8543") + "$1");
+ ServerURLs.getAppServerContextRoot() + "$1",
+ ServerURLs.getAuthServerContextRoot() + "$1");
- modifyClientWebOrigins(tr, "http://localhost:8080",
- "http://localhost:" + System.getProperty("app.server.http.port", "8280"),
- "http://localhost:" + System.getProperty("auth.server.http.port", "8180"),
- "https://localhost:" + System.getProperty("app.server.https.port", "8643"),
- "https://localhost:" + System.getProperty("auth.server.http.port", "8543"));
+ modifyClientWebOrigins(tr, "http://localhost:8080", ServerURLs.getAppServerContextRoot(),
+ ServerURLs.getAuthServerContextRoot());
modifyClientUrls(tr, "http://localhost:8080", "");
modifySamlMasterURLs(tr, "http://localhost:8080", "");
modifySAMLClientsAttributes(tr, "http://localhost:8080", "");
if (isRelative()) {
- modifyClientUrls(tr, appServerContextRootPage.toString(), "");
- modifySamlMasterURLs(tr, "/", "http://localhost:" + System.getProperty("auth.server.http.port", null) + "/");
- modifySAMLClientsAttributes(tr, "8080", System.getProperty("auth.server.http.port", "8180"));
+ modifyClientUrls(tr, ServerURLs.getAppServerContextRoot().toString(), "");
+ modifySamlMasterURLs(tr, "/", ServerURLs.getAppServerContextRoot() + "/");
+ modifySAMLClientsAttributes(tr, "8080", AUTH_SERVER_PORT);
} else {
- modifyClientUrls(tr, "^(/.*)", appServerContextRootPage.toString() + "$1");
- modifySamlMasterURLs(tr, "^(/.*)", appServerContextRootPage.toString() + "$1");
- modifySAMLClientsAttributes(tr, "^(/.*)", appServerContextRootPage.toString() + "$1");
- modifyClientJWKSUrl(tr, "^(/.*)", appServerContextRootPage.toString() + "$1");
+ modifyClientUrls(tr, "^(/.*)", ServerURLs.getAppServerContextRoot() + "$1");
+ modifySamlMasterURLs(tr, "^(/.*)", ServerURLs.getAppServerContextRoot() + "$1");
+ modifySAMLClientsAttributes(tr, "^(/.*)", ServerURLs.getAppServerContextRoot() + "$1");
+ modifyClientJWKSUrl(tr, "^(/.*)", ServerURLs.getAppServerContextRoot() + "$1");
}
if (AUTH_SERVER_SSL_REQUIRED) {
tr.setSslRequired("all");
@@ -265,47 +280,4 @@ public static void addContextXml(Archive archive, String contextPath) {
throw new RuntimeException(ex);
}
}
-
- private static void enableHTTPSForAppServer() throws CommandFailedException, InterruptedException, TimeoutException, IOException, CliException, OperationException {
- try (OnlineManagementClient client = AppServerTestEnricher.getManagementClient()) {
- Administration administration = new Administration(client);
- Operations operations = new Operations(client);
-
- if(!operations.exists(Address.coreService("management").and("security-realm", "UndertowRealm"))) {
- client.execute("/core-service=management/security-realm=UndertowRealm:add()");
- client.execute("/core-service=management/security-realm=UndertowRealm/server-identity=ssl:add(keystore-relative-to=jboss.server.config.dir,keystore-password=secret,keystore-path=adapter.jks");
- }
-
- client.execute("/system-property=javax.net.ssl.trustStore:add(value=${jboss.server.config.dir}/keycloak.truststore)");
- client.execute("/system-property=javax.net.ssl.trustStorePassword:add(value=secret)");
-
- if (APP_SERVER_CONTAINER.contains("eap6")) {
- if(!operations.exists(Address.subsystem("web").and("connector", "https"))) {
- client.apply(new AddConnector.Builder("https")
- .protocol("HTTP/1.1")
- .scheme("https")
- .socketBinding("https")
- .secure(true)
- .build());
-
- client.apply(new AddConnectorSslConfig.Builder("https")
- .password("secret")
- .certificateKeyFile("${jboss.server.config.dir}/adapter.jks")
- .build());
- }
- } else {
- client.apply(new RemoveUndertowListener.Builder(UndertowListenerType.HTTPS_LISTENER, "https")
- .forDefaultServer());
-
- administration.reloadIfRequired();
-
- client.apply(new AddUndertowListener.HttpsBuilder("https", "default-server", "https")
- .securityRealm("UndertowRealm")
- .build());
- }
-
- administration.reloadIfRequired();
- }
- }
-
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractSAMLAdapterClusteredTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractSAMLAdapterClusteredTest.java
index bde61528d018..2eae5ee5fdcd 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractSAMLAdapterClusteredTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractSAMLAdapterClusteredTest.java
@@ -25,7 +25,11 @@
import java.net.URL;
import java.util.List;
+import java.util.Map;
+import java.util.Optional;
import java.util.function.BiConsumer;
+import java.util.stream.Collectors;
+
import org.apache.http.client.methods.HttpGet;
import org.jboss.arquillian.container.test.api.*;
import org.jboss.arquillian.test.api.ArquillianResource;
@@ -39,6 +43,7 @@
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClient.Binding;
import org.keycloak.testsuite.util.SamlClientBuilder;
+import org.keycloak.testsuite.util.ServerURLs;
/**
*
@@ -49,6 +54,29 @@ public abstract class AbstractSAMLAdapterClusteredTest extends AbstractAdapterCl
@Override
public void addTestRealms(List testRealms) {
testRealms.add(loadRealm("/adapter-test/keycloak-saml/testsaml-behind-lb.json"));
+
+ if (!"localhost".equals(ServerURLs.APP_SERVER_HOST)) {
+ for (RealmRepresentation realm : testRealms) {
+ Optional clientRepresentation = realm.getClients().stream()
+ .filter(c -> c.getClientId().equals("http://localhost:8580/employee-distributable/"))
+ .findFirst();
+
+ clientRepresentation.ifPresent(cr -> {
+ cr.setBaseUrl(cr.getBaseUrl().replace("localhost", ServerURLs.APP_SERVER_HOST));
+ cr.setRedirectUris(cr.getRedirectUris()
+ .stream()
+ .map(url -> url.replace("localhost", ServerURLs.APP_SERVER_HOST))
+ .collect(Collectors.toList())
+ );
+ cr.setAttributes(cr.getAttributes().entrySet().stream()
+ .collect(Collectors.toMap(Map.Entry::getKey,
+ entry -> entry.getValue().replace("localhost", ServerURLs.APP_SERVER_HOST))
+ )
+ );
+
+ });
+ }
+ }
}
@Override
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/DefaultAuthzConfigAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/DefaultAuthzConfigAdapterTest.java
index 7002313f4f85..a6d26ee45287 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/DefaultAuthzConfigAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/DefaultAuthzConfigAdapterTest.java
@@ -29,6 +29,7 @@
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import java.io.File;
@@ -108,7 +109,7 @@ private void login() throws MalformedURLException {
}
private URL getResourceServerUrl() throws MalformedURLException {
- return this.appServerContextRootPage.getUriBuilder().path(RESOURCE_SERVER_ID).build().toURL();
+ return new URL(ServerURLs.getAppServerContextRoot() + "/" + RESOURCE_SERVER_ID);
}
private void configureAuthorizationServices() {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletPolicyEnforcerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletPolicyEnforcerTest.java
index 80f447f67dfa..783d4a6f62a2 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletPolicyEnforcerTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletPolicyEnforcerTest.java
@@ -47,6 +47,7 @@
import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
+import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.util.UIUtils;
import org.openqa.selenium.By;
@@ -591,7 +592,7 @@ private boolean wasDenied() {
private URL getResourceServerUrl() {
try {
- return new URL(this.appServerContextRootPage + "/" + RESOURCE_SERVER_ID);
+ return new URL(ServerURLs.getAppServerContextRoot() + "/" + RESOURCE_SERVER_ID);
} catch (MalformedURLException e) {
throw new RuntimeException("Could not obtain resource server url.", e);
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/cors/CorsExampleAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/cors/CorsExampleAdapterTest.java
index 8d994ef81aeb..cf0b1683ff70 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/cors/CorsExampleAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/cors/CorsExampleAdapterTest.java
@@ -78,8 +78,6 @@
public class CorsExampleAdapterTest extends AbstractExampleAdapterTest {
public static final String CORS = "cors";
- public static final String AUTH_SERVER_HOST = "localhost-auth-127.0.0.1.nip.io";
- private static final String hostBackup;
@ArquillianResource
private Deployer deployer;
@@ -130,10 +128,6 @@ public void onAfter() {
deployer.undeploy(AngularCorsProductTestApp.DEPLOYMENT_NAME);
}
- static{
- hostBackup = System.getProperty("auth.server.host", "localhost");
- System.setProperty("auth.server.host", AUTH_SERVER_HOST);
- }
@Override
public void setDefaultPageUriParameters() {
@@ -190,7 +184,6 @@ private String getAuthServerVersion() {
"/auth/admin/master/console/#/server-info");
jsDriverTestRealmLoginPage.form().login("admin", "admin");
- WaitUtils.waitUntilElement(By.tagName("body")).is().visible();
Pattern pattern = Pattern.compile("| ]+>Server Version | " +
"\\s+]+>([^<]+) | ");
Matcher matcher = pattern.matcher(DroneUtils.getCurrentDriver().getPageSource());
@@ -201,9 +194,4 @@ private String getAuthServerVersion() {
return null;
}
-
- @AfterClass
- public static void afterCorsTest() {
- System.setProperty("auth.server.host", hostBackup);
- }
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/fuse/EAP6Fuse6HawtioAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/fuse/EAP6Fuse6HawtioAdapterTest.java
index 4e0e39d02a41..637e37e8ddf8 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/fuse/EAP6Fuse6HawtioAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/fuse/EAP6Fuse6HawtioAdapterTest.java
@@ -40,6 +40,7 @@
import org.keycloak.testsuite.adapter.page.HawtioPage;
import org.keycloak.testsuite.arquillian.AppServerTestEnricher;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+import org.keycloak.testsuite.util.ContainerAssume;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.arquillian.containers.SelfManagedAppContainerLifecycle;
import org.keycloak.testsuite.auth.page.login.OIDCLogin;
@@ -79,6 +80,7 @@ public void addAdapterTestRealms(List testRealms) {
@BeforeClass
public static void enabled() {
Assume.assumeFalse(System.getProperty("os.name").startsWith("Windows"));
+ ContainerAssume.assumeNotAppServerSSL();
}
@Before
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/DemoServletsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/DemoServletsAdapterTest.java
index 182ce0e48460..cfb4c77a8cd1 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/DemoServletsAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/DemoServletsAdapterTest.java
@@ -76,6 +76,7 @@
import org.keycloak.testsuite.adapter.page.TokenRefreshPage;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.auth.page.account.Applications;
import org.keycloak.testsuite.auth.page.login.OAuthGrant;
@@ -220,7 +221,7 @@ protected static WebArchive customerCookiePortal() {
@Deployment(name = CustomerPortalNoConf.DEPLOYMENT_NAME)
protected static WebArchive customerPortalNoConf() {
- return servletDeployment(CustomerPortalNoConf.DEPLOYMENT_NAME, CustomerServletNoConf.class, ErrorServlet.class);
+ return servletDeployment(CustomerPortalNoConf.DEPLOYMENT_NAME, CustomerServletNoConf.class, ErrorServlet.class, ServletTestUtils.class);
}
@Deployment(name = SecurePortal.DEPLOYMENT_NAME)
@@ -799,7 +800,7 @@ public void testTokenConcurrentRefresh() {
BasicCookieStore cookieStore = new BasicCookieStore();
BasicClientCookie jsessionid = new BasicClientCookie("JSESSIONID", driver.manage().getCookieNamed("JSESSIONID").getValue());
- jsessionid.setDomain("localhost");
+ jsessionid.setDomain(ServerURLs.APP_SERVER_HOST);
jsessionid.setPath("/");
cookieStore.addCookie(jsessionid);
@@ -1113,13 +1114,6 @@ public void historyOfAccessResourceTest() throws IOException {
serverLogPath = System.getProperty("app.server.home") + "/standalone-test/log/server.log";
}
- String appServerUrl;
- if (Boolean.parseBoolean(System.getProperty("app.server.ssl.required"))) {
- appServerUrl = "https://localhost:" + System.getProperty("app.server.https.port", "8543") + "/";
- } else {
- appServerUrl = "http://localhost:" + System.getProperty("app.server.http.port", "8280") + "/";
- }
-
if (serverLogPath != null) {
log.info("Checking app server log at: " + serverLogPath);
File serverLog = new File(serverLogPath);
@@ -1127,7 +1121,7 @@ public void historyOfAccessResourceTest() throws IOException {
UserRepresentation bburke = ApiUtil.findUserByUsername(testRealmResource(), "bburke@redhat.com");
//the expected log message has DEBUG level
- assertThat(serverLogContent, containsString("User '" + bburke.getId() + "' invoking '" + appServerUrl + "customer-db/' on client 'customer-db'"));
+ assertThat(serverLogContent, containsString("User '" + bburke.getId() + "' invoking '" + ServerURLs.getAppServerContextRoot() + "/customer-db/' on client 'customer-db'"));
} else {
log.info("Checking app server log on app-server: \"" + System.getProperty("app.server") + "\" is not supported.");
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletAdapterTest.java
index a6c12dd4328c..e2e2864c240e 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletAdapterTest.java
@@ -1,5 +1,6 @@
package org.keycloak.testsuite.adapter.servlet;
+import org.jboss.arquillian.test.spi.execution.SkippedTestExecutionException;
import org.junit.After;
import org.junit.Assume;
import org.junit.Before;
@@ -7,6 +8,8 @@
import org.junit.Ignore;
import org.junit.Test;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+import org.keycloak.testsuite.util.ContainerAssume;
+import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.utils.annotation.UseServletFilter;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
@@ -27,6 +30,10 @@ public class SAMLFilterServletAdapterTest extends SAMLServletAdapterTest {
public static void enabled() {
String appServerJavaHome = System.getProperty("app.server.java.home", "");
Assume.assumeFalse(appServerJavaHome.contains("1.7") || appServerJavaHome.contains("ibm-java-70"));
+
+ // SAMLServletAdapterTest has too many deployments, with so many deployments (with filter dependency in each
+ // of them) it is impossible to reload container after TLS is enabled, GC time limit exceeds
+ ContainerAssume.assumeNotAppServerSSL();
}
@Before
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLSameSiteTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLSameSiteTest.java
deleted file mode 100644
index f34b71220563..000000000000
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLSameSiteTest.java
+++ /dev/null
@@ -1,132 +0,0 @@
-package org.keycloak.testsuite.adapter.servlet;
-
-import org.jboss.arquillian.container.test.api.Deployment;
-import org.jboss.arquillian.graphene.page.Page;
-import org.jboss.shrinkwrap.api.spec.WebArchive;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.keycloak.adapters.rotation.PublicKeyLocator;
-import org.keycloak.testsuite.adapter.filter.AdapterActionsFilter;
-import org.keycloak.testsuite.adapter.page.Employee2Servlet;
-import org.keycloak.testsuite.adapter.page.EmployeeSigServlet;
-import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
-import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
-import org.keycloak.testsuite.auth.page.login.Login;
-import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
-import org.keycloak.testsuite.util.ContainerAssume;
-import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
-import org.openqa.selenium.By;
-
-import javax.ws.rs.core.UriBuilder;
-import java.util.Collections;
-
-import static org.keycloak.testsuite.auth.page.AuthRealm.SAMLSERVLETDEMO;
-import static org.keycloak.testsuite.saml.AbstractSamlTest.SAML_CLIENT_ID_EMPLOYEE_2;
-import static org.keycloak.testsuite.saml.AbstractSamlTest.SAML_CLIENT_ID_EMPLOYEE_SIG;
-import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
-import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
-import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
-import static org.keycloak.testsuite.util.ServerURLs.getAppServerContextRoot;
-
-/**
- * @author mhajas
- */
-@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY)
-// @AppServerContainer(ContainerConstants.APP_SERVER_EAP) // Should be added in: KEYCLOAK-14434
-// @AppServerContainer(ContainerConstants.APP_SERVER_EAP6) // Should be added in: KEYCLOAK-14435
-@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
-@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
-@AuthServerContainerExclude(AuthServerContainerExclude.AuthServer.REMOTE)
-public class SAMLSameSiteTest extends AbstractSAMLServletAdapterTest {
- // private static final String NIP_IO_URL = "app-saml-127-0-0-1.nip.io";
- private static final String NIP_IO_EMPLOYEE2_URL = getAppServerContextRoot() + "/employee2/";
- private static final String NIP_IO_EMPLOYEE_SIG_URL = getAppServerContextRoot() + "/employee-sig/";
-
- @Deployment(name = Employee2Servlet.DEPLOYMENT_NAME)
- protected static WebArchive employee2() {
- return samlServletDeployment(Employee2Servlet.DEPLOYMENT_NAME, WEB_XML_WITH_ACTION_FILTER, SendUsernameServlet.class, AdapterActionsFilter.class, PublicKeyLocator.class)
- .addAsWebInfResource(undertowHandlersConf, UNDERTOW_HANDLERS_CONF);
- }
-
- @Deployment(name = EmployeeSigServlet.DEPLOYMENT_NAME)
- protected static WebArchive employeeSig() {
- return samlServletDeployment(EmployeeSigServlet.DEPLOYMENT_NAME, SendUsernameServlet.class)
- .addAsWebInfResource(undertowHandlersConf, UNDERTOW_HANDLERS_CONF);
- }
-
- @Page
- protected Employee2Servlet employee2ServletPage;
-
- @BeforeClass
- public static void enabledOnlyWithSSL() {
- ContainerAssume.assumeAuthServerSSL();
- ContainerAssume.assumeAppServerSSL();
- }
-
- @Test
- public void samlPostWorksWithSameSiteCookieTest() {
- testLoginLogoutWithDifferentUrl(SAML_CLIENT_ID_EMPLOYEE_2, NIP_IO_EMPLOYEE2_URL, testRealmSAMLPostLoginPage);
- }
-
- @Test
- public void samlRedirectWorksWithSameSiteCookieTest() {
- testLoginLogoutWithDifferentUrl(SAML_CLIENT_ID_EMPLOYEE_SIG, NIP_IO_EMPLOYEE_SIG_URL, testRealmSAMLRedirectLoginPage);
- }
-
- @Test
- public void testSSOPostRedirect() {
- getCleanup(SAMLSERVLETDEMO).addCleanup(ClientAttributeUpdater.forClient(adminClient, SAMLSERVLETDEMO, SAML_CLIENT_ID_EMPLOYEE_SIG)
- .setRedirectUris(Collections.singletonList(NIP_IO_EMPLOYEE_SIG_URL + "*"))
- .setAdminUrl(NIP_IO_EMPLOYEE_SIG_URL + "saml")
- .update());
-
- getCleanup(SAMLSERVLETDEMO).addCleanup(ClientAttributeUpdater.forClient(adminClient, SAMLSERVLETDEMO, SAML_CLIENT_ID_EMPLOYEE_2)
- .setRedirectUris(Collections.singletonList(NIP_IO_EMPLOYEE2_URL + "*"))
- .setAdminUrl(NIP_IO_EMPLOYEE2_URL + "saml")
- .update());
-
- // Navigate to url with nip.io to trick browser the adapter lives on different domain
- driver.navigate().to(NIP_IO_EMPLOYEE2_URL);
- assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
-
- // Login and check the user is successfully logged in
- testRealmSAMLPostLoginPage.form().login(bburkeUser);
- waitUntilElement(By.xpath("//body")).text().contains("principal=bburke");
-
- driver.navigate().to(NIP_IO_EMPLOYEE_SIG_URL);
- waitUntilElement(By.xpath("//body")).text().contains("principal=bburke");
-
- // Logout
- driver.navigate().to(UriBuilder.fromUri(NIP_IO_EMPLOYEE_SIG_URL).queryParam("GLO", "true").build().toASCIIString());
- waitForPageToLoad();
-
- // Check logged out
- driver.navigate().to(NIP_IO_EMPLOYEE2_URL);
- assertCurrentUrlStartsWith(testRealmSAMLPostLoginPage);
- }
-
- private void testLoginLogoutWithDifferentUrl(String clientId, String newUrl, Login loginPage) {
- getCleanup(SAMLSERVLETDEMO).addCleanup(ClientAttributeUpdater.forClient(adminClient, SAMLSERVLETDEMO, clientId)
- .setRedirectUris(Collections.singletonList(newUrl + "*"))
- .setAdminUrl(newUrl + "saml")
- .update());
-
- // Navigate to url with nip.io to trick browser the adapter lives on different domain
- driver.navigate().to(newUrl);
- assertCurrentUrlStartsWith(loginPage);
-
- // Login and check the user is successfully logged in
- loginPage.form().login(bburkeUser);
- waitUntilElement(By.xpath("//body")).text().contains("principal=bburke");
-
- // Logout
- driver.navigate().to(UriBuilder.fromUri(newUrl).queryParam("GLO", "true").build().toASCIIString());
- waitForPageToLoad();
-
- // Check logged out
- driver.navigate().to(newUrl);
- assertCurrentUrlStartsWith(loginPage);
- }
-
-
-}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLServletAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLServletAdapterTest.java
index f262d99a561c..46c544f86af1 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLServletAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLServletAdapterTest.java
@@ -143,6 +143,7 @@
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
+import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.auth.page.login.Login;
import org.keycloak.testsuite.auth.page.login.SAMLIDPInitiatedLogin;
@@ -785,14 +786,7 @@ public void salesMetadataTest() throws Exception {
ClientRepresentation clientRep = testRealmResource().convertClientDescription(IOUtil.documentToString(doc));
- String appServerUrl;
- if (Boolean.parseBoolean(System.getProperty("app.server.ssl.required"))) {
- appServerUrl = "https://localhost:" + System.getProperty("app.server.https.port", "8543") + "/";
- } else {
- appServerUrl = "http://localhost:" + System.getProperty("app.server.http.port", "8280") + "/";
- }
-
- clientRep.setAdminUrl(appServerUrl + "sales-metadata/saml");
+ clientRep.setAdminUrl(ServerURLs.getAppServerContextRoot() + "/sales-metadata/saml");
try (Response response = testRealmResource().clients().create(clientRep)) {
Assert.assertEquals(201, response.getStatus());
@@ -1363,8 +1357,13 @@ public void testUserAttributeStatementMapperGroupsNoAggregate() throws Exception
@Test
public void idpMetadataValidation() throws Exception {
- driver.navigate().to(authServerPage.toString() + "/realms/" + SAMLSERVLETDEMO + "/protocol/saml/descriptor");
- validateXMLWithSchema(driver.getPageSource(), "/adapter-test/keycloak-saml/metadata-schema/saml-schema-metadata-2.0.xsd");
+ try (CloseableHttpClient client = HttpClientBuilder.create().build()) {
+ HttpGet httpGet = new HttpGet(authServerPage.toString() + "/realms/" + SAMLSERVLETDEMO + "/protocol/saml/descriptor");
+ try (CloseableHttpResponse response = client.execute(httpGet)) {
+ String stringResponse = EntityUtils.toString(response.getEntity());
+ validateXMLWithSchema(stringResponse, "/adapter-test/keycloak-saml/metadata-schema/saml-schema-metadata-2.0.xsd");
+ }
+ }
}
@Test
@@ -1673,7 +1672,7 @@ public void testSuccessfulEcpFlow() throws Exception {
Assert.assertThat(resourceResponse.readEntity(String.class), containsString("pedroigor"));
}
- @AuthServerContainerExclude(value = AuthServerContainerExclude.AuthServer.QUARKUS, details =
+ @AuthServerContainerExclude(value = AuthServerContainerExclude.AuthServer.QUARKUS, details =
"Exclude Quarkus because when running on Java 9+ you get CNF exceptions due to the fact that javax.xml.soap was removed (as well as other JEE modules). Need to discuss how we are going to solve this for both main dist and Quarkus")
@Test
public void testInvalidCredentialsEcpFlow() throws Exception {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SecuredDeploymentsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SecuredDeploymentsAdapterTest.java
index 39ad9d0a38cc..a642dee9b032 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SecuredDeploymentsAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SecuredDeploymentsAdapterTest.java
@@ -21,11 +21,16 @@
import static org.hamcrest.Matchers.containsString;
import static org.junit.Assert.assertThat;
+import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.CURRENT_APP_SERVER;
+import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.enableHTTPSForAppServer;
+import static org.keycloak.testsuite.util.ServerURLs.APP_SERVER_SSL_REQUIRED;
import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED;
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlEquals;
import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLoginUrlOf;
import java.io.IOException;
+import java.util.concurrent.TimeoutException;
+
import org.jboss.arquillian.container.test.api.ContainerController;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.graphene.page.Page;
@@ -45,6 +50,9 @@
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.arquillian.containers.SelfManagedAppContainerLifecycle;
+import org.wildfly.extras.creaper.core.CommandFailedException;
+import org.wildfly.extras.creaper.core.online.CliException;
+import org.wildfly.extras.creaper.core.online.operations.OperationException;
@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY)
@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY_DEPRECATED)
@@ -84,7 +92,7 @@ public static void assumeTLSEnabled() {
@Before
@Override
- public void startServer() {
+ public void startServer() throws InterruptedException, IOException, OperationException, TimeoutException, CommandFailedException, CliException {
try {
AppServerTestEnricher.prepareServerDir("standalone-secured-deployments");
} catch (IOException ex) {
@@ -92,6 +100,18 @@ public void startServer() {
}
controller.start(testContext.getAppServerInfo().getQualifier());
+
+ if (!sslConfigured && super.shouldConfigureSSL()) {
+ enableHTTPSForAppServer();
+ sslConfigured = true;
+ }
+ }
+
+ // This is SelfManagedAppContainerLifecycle, we can't enable ssl in before in parent class, because it will fail as
+ // the container is not started yet
+ @Override
+ public boolean shouldConfigureSSL() {
+ return false;
}
@After
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/cluster/OIDCAdapterClusterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/cluster/OIDCAdapterClusterTest.java
index c15055a623cc..bb0b398be3f7 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/cluster/OIDCAdapterClusterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/cluster/OIDCAdapterClusterTest.java
@@ -26,6 +26,8 @@
import java.net.URI;
import java.net.URL;
import java.util.List;
+import java.util.Optional;
+import java.util.stream.Collectors;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.OperateOnDeployment;
@@ -38,11 +40,13 @@
import org.keycloak.OAuth2Constants;
import org.keycloak.common.util.Retry;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
+import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.adapter.AbstractAdapterClusteredTest;
import org.keycloak.testsuite.adapter.page.SessionPortalDistributable;
import org.keycloak.testsuite.adapter.servlet.SessionServlet;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.util.WaitUtils;
import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
import org.keycloak.testsuite.auth.page.AuthRealm;
@@ -85,6 +89,25 @@ public void setDefaultPageUriParameters() {
@Override
public void addTestRealms(List testRealms) {
addAdapterTestRealms(testRealms);
+
+ if (!"localhost".equals(ServerURLs.APP_SERVER_HOST)) {
+ for (RealmRepresentation realm : testRealms) {
+ Optional clientRepresentation = realm.getClients().stream()
+ .filter(c -> c.getClientId().equals("session-portal-distributable"))
+ .findFirst();
+
+ clientRepresentation.ifPresent(cr -> {
+ cr.setAdminUrl(cr.getAdminUrl().replace("localhost", ServerURLs.APP_SERVER_HOST));
+ cr.setBaseUrl(cr.getBaseUrl().replace("localhost", ServerURLs.APP_SERVER_HOST));
+ cr.setRedirectUris(cr.getRedirectUris()
+ .stream()
+ .map(url -> url.replace("localhost", ServerURLs.APP_SERVER_HOST))
+ .collect(Collectors.toList())
+ );
+ });
+ }
+
+ }
}
@Override
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/keystore/keycloak.truststore b/testsuite/integration-arquillian/tests/base/src/test/resources/keystore/keycloak.truststore
index d2875f92795c..f24901cc9e2d 100644
Binary files a/testsuite/integration-arquillian/tests/base/src/test/resources/keystore/keycloak.truststore and b/testsuite/integration-arquillian/tests/base/src/test/resources/keystore/keycloak.truststore differ
diff --git a/testsuite/integration-arquillian/tests/pom.xml b/testsuite/integration-arquillian/tests/pom.xml
index a0987f4c9e75..33fcb1c3bc6b 100755
--- a/testsuite/integration-arquillian/tests/pom.xml
+++ b/testsuite/integration-arquillian/tests/pom.xml
@@ -94,11 +94,12 @@
${auth.server.host}
+ localhost
true
integration-arquillian-servers-app-server-${app.server}
${containers.home}/app-server-${app.server}
- ${app.server.home}/standalone/configuration
+ ${app.server.home}/standalone/configuration
200
8280
8643
@@ -117,11 +118,12 @@
512m
-Xms${app.server.memory.Xms} -Xmx${app.server.memory.Xmx} -XX:MetaspaceSize=${surefire.memory.metaspace} -XX:MaxMetaspaceSize=${surefire.memory.metaspace.max}
false
- ${app.server.config.dir}/keycloak.truststore
+ ${app.server.keystore.dir}/keycloak.truststore
secret
- ${app.server.config.dir}/adapter.jks
+ ${app.server.keystore.dir}/adapter.jks
secret
+
undefined
cache-server-${cache.server}
@@ -162,6 +164,11 @@
-Dapp.server.ssl.required=${app.server.ssl.required}
-Dauth.server.ssl.base.url=https://localhost:${auth.server.https.port}
-Dauth.server.ssl.required=${auth.server.ssl.required}
+ -Dauth.server.host=${auth.server.host}
+ -Dauth.server.host2=${auth.server.host2}
+ -Dapp.server.host=${app.server.host}
+ -Dapp.server.http.port=${app.server.http.port}
+ -Dapp.server.https.port=${app.server.https.port}
-Dmy.host.name=localhost
-Djava.security.krb5.conf=${project.build.directory}/dependency/kerberos/test-krb5.conf
@@ -516,7 +523,7 @@
${app.server}
${app.server.home}
- ${app.server.config.dir}
+ ${app.server.keystore.dir}
${app.server.java.home}
${app.server.memory.settings}
${app.server.port.offset}
@@ -536,6 +543,7 @@
${app.server.keystore}
${app.server.keystore.password}
${app.server.jvm.args.extra}
+ ${tomcat.javax.net.ssl.properties}
${frontend.console.output}
${backend.console.output}
@@ -1985,6 +1993,17 @@
+
+ set-javax.net.ssl-properties-for-tomcat
+
+
+ app.server.ssl.required
+
+
+
+ -Djavax.net.ssl.trustStore=${app.server.home}/lib/keycloak.truststore -Djavax.net.ssl.trustStorePassword=secret
+
+
diff --git a/testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/DeploymentArchiveProcessorUtils.java b/testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/DeploymentArchiveProcessorUtils.java
index c52bb78c0183..32019fb207d5 100644
--- a/testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/DeploymentArchiveProcessorUtils.java
+++ b/testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/DeploymentArchiveProcessorUtils.java
@@ -39,6 +39,7 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
+import sun.applet.AppletSecurity;
import static org.keycloak.testsuite.utils.io.IOUtil.modifyDocElementAttribute;
import static org.keycloak.testsuite.util.ServerURLs.getAppServerContextRoot;
@@ -58,6 +59,7 @@ public class DeploymentArchiveProcessorUtils {
private static final String APP_SERVER_SCHEMA = APP_SERVER_SSL_REQUIRED ? "https" : "http";
private static final String APP_SERVER_PORT_PROPERTY = "auth.server." + APP_SERVER_SCHEMA + ".port";
private static final String AUTH_SERVER_REPLACED_URL = "http://localhost:8080";
+ private static final String APP_SERVER_CONTAINER = System.getProperty("app.server", "");
public static final String WEBXML_PATH = "/WEB-INF/web.xml";
public static final String ADAPTER_CONFIG_PATH = "/WEB-INF/keycloak.json";
@@ -216,9 +218,17 @@ public static void modifyOIDCAdapterConfig(Archive archive, String adapterCon
}
adapterConfig.setTruststore(trustStorePathInDeployment);
adapterConfig.setTruststorePassword(TRUSTSTORE_PASSWORD);
- File truststorePath = new File(DeploymentArchiveProcessorUtils.class.getResource("/keystore/keycloak.truststore").getFile());
- ((WebArchive) archive).addAsResource(truststorePath);
- log.debugf("Adding Truststore to the deployment, path %s, password %s, adapter path %s", truststorePath.getAbsolutePath(), TRUSTSTORE_PASSWORD, trustStorePathInDeployment);
+
+ String truststoreUrl = System.getProperty("dependency.keystore.root", "") + "/keycloak.truststore";
+ File truststore = new File(truststoreUrl);
+
+ if (!truststore.exists()) {
+ truststore = new File(DeploymentArchiveProcessorUtils.class.getResource("/keystore/keycloak.truststore").getFile());
+ }
+
+ ((WebArchive) archive).addAsResource(truststore);
+
+ log.debugf("Adding Truststore to the deployment, path %s, password %s, adapter path %s", truststore.getAbsolutePath(), TRUSTSTORE_PASSWORD, trustStorePathInDeployment);
}
archive.add(new StringAsset(JsonSerialization.writeValueAsPrettyString(adapterConfig)),
@@ -240,7 +250,14 @@ public static void modifySAMLAdapterConfig(Archive archive, String adapterCon
archive.add(new StringAsset(IOUtil.documentToString(doc)), adapterConfigPath);
- ((WebArchive) archive).addAsResource(new File(DeploymentArchiveProcessorUtils.class.getResource("/keystore/keycloak.truststore").getFile()));
+ String truststoreUrl = System.getProperty("dependency.keystore.root", "") + "/keycloak.truststore";
+ File truststore = new File(truststoreUrl);
+
+ if (!truststore.exists()) {
+ truststore = new File(DeploymentArchiveProcessorUtils.class.getResource("/keystore/keycloak.truststore").getFile());
+ }
+
+ ((WebArchive) archive).addAsResource(truststore);
}
private static String getAuthServerUrl() {
diff --git a/testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/tomcat/TomcatAppServerConfigurationUtils.java b/testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/tomcat/TomcatAppServerConfigurationUtils.java
index 80de599b4b39..da84b173a54b 100644
--- a/testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/tomcat/TomcatAppServerConfigurationUtils.java
+++ b/testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/tomcat/TomcatAppServerConfigurationUtils.java
@@ -41,7 +41,8 @@ public static Node getStandaloneConfiguration(Node container, String adapterImpl
createChild(configuration, "pass", pass);
createChild(configuration, "javaVmArguments",
System.getProperty("adapter.test.props", " ") + " " +
- System.getProperty("app.server.jboss.jvm.debug.args", " "));
+ System.getProperty("app.server.jboss.jvm.debug.args", " ") + " " +
+ System.getProperty("tomcat.javax.net.ssl.properties", " "));
createChild(configuration,"startupTimeoutInSeconds", startupTimeoutInSeconds);
return container;