KEYCLOAK-1590 Realm import per test class

federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/HardcodedLDAPAttributeMapper.java

@@ -99,6 +99,10 @@ public class HardcodedLDAPAttributeMapper extends AbstractLDAPStorageMapper {
 
     @Override
     public UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm) {
+        // Don't update attribute in LDAP later. It's supposed to be written just at registration time
+        String ldapAttrName = mapperModel.get(LDAP_ATTRIBUTE_NAME);
+        ldapUser.addReadOnlyAttributeName(ldapAttrName);
+
         return delegate;
     }
 

server-spi-private/src/main/java/org/keycloak/events/admin/ResourceType.java

@@ -151,5 +151,10 @@ public enum ResourceType {
     /**
      *
      */
-    , CLUSTER_NODE;
+    , CLUSTER_NODE
+
+    /**
+     *
+     */
+    , COMPONENT;
 }

services/src/main/java/org/keycloak/services/resources/admin/AuthenticationManagementResource.java

@@ -221,7 +221,7 @@ public class AuthenticationManagementResource {
 
         flow.setId(createdModel.getId());
         adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, createdModel.getId()).representation(flow).success();
-        return Response.status(201).build();
+        return Response.created(uriInfo.getAbsolutePathBuilder().path(flow.getId()).build()).build();
     }
 
     /**

services/src/main/java/org/keycloak/services/resources/admin/ComponentResource.java

@@ -25,6 +25,7 @@ import org.keycloak.component.ComponentModel;
 import org.keycloak.component.ComponentValidationException;
 import org.keycloak.component.SubComponentFactory;
 import org.keycloak.events.admin.OperationType;
+import org.keycloak.events.admin.ResourceType;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.utils.ModelToRepresentation;
@@ -93,7 +94,7 @@ public class ComponentResource {
     public ComponentResource(RealmModel realm, RealmAuth auth, AdminEventBuilder adminEvent) {
         this.auth = auth;
         this.realm = realm;
-        this.adminEvent = adminEvent;
+        this.adminEvent = adminEvent.resource(ResourceType.COMPONENT);
 
         auth.init(RealmAuth.Resource.REALM);
     }
@@ -175,7 +176,7 @@ public class ComponentResource {
                 throw new NotFoundException("Could not find component");
             }
             RepresentationToModel.updateComponent(session, rep, model, false);
-            adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo, model.getId()).representation(StripSecretsUtils.strip(session, rep)).success();
+            adminEvent.operation(OperationType.UPDATE).resourcePath(uriInfo).representation(StripSecretsUtils.strip(session, rep)).success();
             realm.updateComponent(model);
             return Response.noContent().build();
         } catch (ComponentValidationException e) {
@@ -192,7 +193,7 @@ public class ComponentResource {
         if (model == null) {
             throw new NotFoundException("Could not find component");
         }
-        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo, model.getId()).success();
+        adminEvent.operation(OperationType.DELETE).resourcePath(uriInfo).success();
         realm.removeComponent(model);
 
     }

testsuite/integration-arquillian/HOW-TO-RUN.md

@@ -21,8 +21,10 @@ Adding this system property when running any test:
     
     -Darquillian.debug=true
     
-will add lots of info to the log. Especially about all the triggered arquillian lifecycle events and executed observers listening to those events.
+will add lots of info to the log. Especially about:
-Also the bootstrap of WebDriver will be unlimited (by default there is 1 minute timeout and test is cancelled when WebDriver is not bootstrapped within it.)
+* The test method names, which will be executed for each test class, will be written at the proper running order to the log at the beginning of each test (done by KcArquillian class). 
+* All the triggered arquillian lifecycle events and executed observers listening to those events will be written to the log
+* The bootstrap of WebDriver will be unlimited. By default there is just 1 minute timeout and test is cancelled when WebDriver is not bootstrapped within it.
 
 ### WebDriver timeout
 
@@ -41,7 +43,7 @@ and adapter are all in the same JVM and you can debug them easily. If it is not
     -Dmaven.surefire.debug=true
    
    
-and you will be able to attach remote debugger to the test. Unfortunately server and adapter are running in different JVMs, so you won't be able to debug them. 
+and you will be able to attach remote debugger to the test. Unfortunately server and adapter are running in different JVMs, so this won't help to debug those. 
 
 TODO: Improve and add more info about Wildfly debugging...
 

testsuite/integration-arquillian/servers/auth-server/undertow/src/main/java/org/keycloak/testsuite/arquillian/undertow/KeycloakOnUndertow.java

@@ -146,6 +146,11 @@ public class KeycloakOnUndertow implements DeployableContainer<KeycloakOnUnderto
 
     @Override
     public void start() throws LifecycleException {
+        if (isRemoteMode()) {
+            log.info("Skip bootstrap undertow. We are in remote mode");
+            return;
+        }
+
         log.info("Starting auth server on embedded Undertow.");
         long start = System.currentTimeMillis();
 
@@ -169,11 +174,21 @@ public class KeycloakOnUndertow implements DeployableContainer<KeycloakOnUnderto
 
     @Override
     public void stop() throws LifecycleException {
+        if (isRemoteMode()) {
+            log.info("Skip stopping undertow. We are in remote mode");
+            return;
+        }
+
         log.info("Stopping auth server.");
         sessionFactory.close();
         undertow.stop();
     }
 
+    private boolean isRemoteMode() {
+        //return true;
+        return "true".equals(System.getProperty("remote.mode"));
+    }
+
     @Override
     public void undeploy(Archive<?> archive) throws DeploymentException {
         Field containerField = Reflections.findDeclaredField(UndertowJaxrsServer.class, "container");

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java

@@ -28,9 +28,13 @@ import org.jboss.arquillian.core.api.annotation.Inject;
 import org.jboss.arquillian.core.api.annotation.Observes;
 import org.jboss.arquillian.test.spi.annotation.ClassScoped;
 import org.jboss.arquillian.test.spi.annotation.SuiteScoped;
+import org.jboss.arquillian.test.spi.event.suite.AfterClass;
 import org.jboss.arquillian.test.spi.event.suite.BeforeClass;
 import org.jboss.arquillian.test.spi.event.suite.BeforeSuite;
 import org.jboss.logging.Logger;
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.testsuite.client.KeycloakTestingClient;
 import org.keycloak.testsuite.util.LogChecker;
 import org.keycloak.testsuite.util.OAuthClient;
 
@@ -38,8 +42,11 @@ import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.util.LinkedHashSet;
+import java.util.List;
 import java.util.Set;
 
+import javax.ws.rs.NotFoundException;
+
 /**
  *
  * @author tkyjovsk
@@ -203,4 +210,33 @@ public class AuthServerTestEnricher {
         oAuthClientProducer.set(oAuthClient);
     }
 
+    public void afterClass(@Observes(precedence = 2) AfterClass event) {
+        TestContext testContext = testContextProducer.get();
+
+        List<RealmRepresentation> testRealmReps = testContext.getTestRealmReps();
+        Keycloak adminClient = testContext.getAdminClient();
+        KeycloakTestingClient testingClient = testContext.getTestingClient();
+
+        if (testRealmReps != null) {
+            log.info("removing test realms after test class");
+            for (RealmRepresentation testRealm : testRealmReps) {
+                String realmName = testRealm.getRealm();
+                log.info("removing realm: " + realmName);
+                try {
+                    adminClient.realms().realm(realmName).remove();
+                } catch (NotFoundException e) {
+                    // Ignore
+                }
+            }
+        }
+
+        if (adminClient != null) {
+            adminClient.close();
+        }
+
+        if (testingClient != null) {
+            testingClient.close();
+        }
+    }
+
 }

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/KcArquillian.java

@@ -0,0 +1,53 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.arquillian;
+
+import java.util.List;
+
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.logging.Logger;
+import org.junit.runners.model.FrameworkMethod;
+import org.junit.runners.model.InitializationError;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class KcArquillian extends Arquillian {
+
+    protected final Logger log = Logger.getLogger(this.getClass());
+
+    public static final boolean ARQUILLIAN_DEBUG = "true".equals(System.getProperty("arquillian.debug"));
+
+    public KcArquillian(Class<?> testClass) throws InitializationError
+    {
+        super(testClass);
+    }
+
+    @Override
+    protected List<FrameworkMethod> getChildren() {
+        List<FrameworkMethod> children = super.getChildren();
+
+        if (ARQUILLIAN_DEBUG) {
+            for (FrameworkMethod method : children) {
+                log.info(method.getName());
+            }
+        }
+
+        return children;
+    }
+}

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/TestContext.java

@@ -21,6 +21,13 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import javax.ws.rs.NotFoundException;
+
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.testsuite.client.KeycloakTestingClient;
+import org.keycloak.testsuite.util.TestCleanup;
+
 /**
  *
  * @author tkyjovsk
@@ -38,6 +45,17 @@ public final class TestContext {
     
     private final Map customContext = new HashMap<>();
 
+    private Keycloak adminClient;
+    private KeycloakTestingClient testingClient;
+    private List<RealmRepresentation> testRealmReps;
+
+    // Track if particular test was initialized. What exactly means "initialized" is test dependent (Eg. some user in @Before method was created, so we can set initialized to true
+    // to avoid creating user when @Before method is executed for 2nd time)
+    private boolean initialized;
+
+    // Key is realmName, value are objects to clean after the test method
+    private Map<String, TestCleanup> cleanups = new HashMap<>();
+
     public TestContext(SuiteContext suiteContext, Class testClass) {
         this.suiteContext = suiteContext;
         this.testClass = testClass;
@@ -92,6 +110,52 @@ public final class TestContext {
                 + (isAdapterTest() ? "App server container: " + getAppServerInfo() + "\n" : "");
     }
 
+    public Keycloak getAdminClient() {
+        return adminClient;
+    }
+
+    public void setAdminClient(Keycloak adminClient) {
+        this.adminClient = adminClient;
+    }
+
+    public KeycloakTestingClient getTestingClient() {
+        return testingClient;
+    }
+
+    public void setTestingClient(KeycloakTestingClient testingClient) {
+        this.testingClient = testingClient;
+    }
+
+    public List<RealmRepresentation> getTestRealmReps() {
+        return testRealmReps;
+    }
+
+    public void setTestRealmReps(List<RealmRepresentation> testRealmReps) {
+        this.testRealmReps = testRealmReps;
+    }
+
+    public boolean isInitialized() {
+        return initialized;
+    }
+
+    public void setInitialized(boolean initialized) {
+        this.initialized = initialized;
+    }
+
+    public TestCleanup getOrCreateCleanup(String realmName) {
+        TestCleanup cleanup = cleanups.get(realmName);
+        if (cleanup == null) {
+            cleanup = new TestCleanup(adminClient, realmName);
+            cleanups.put(realmName, cleanup);
+        }
+        return cleanup;
+    }
+
+    public Map<String, TestCleanup> getCleanups() {
+        return cleanups;
+    }
+
+
     public Object getCustomValue(Object key) {
         return customContext.get(key);
     }

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java

@@ -53,7 +53,7 @@ public interface TestApplicationResource {
 
     @POST
     @Path("/clear-admin-actions")
-    Response clearAdminActions();
+    void clearAdminActions();
 
     @GET
     @Produces(MediaType.TEXT_HTML)

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingExportImportResource.java

@@ -35,12 +35,12 @@ public interface TestingExportImportResource {
     @GET
     @Path("/run-import")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response runImport();
+    void runImport();
 
     @GET
     @Path("/run-export")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response runExport();
+    void runExport();
 
     @GET
     @Path("/get-users-per-file")

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java

@@ -72,27 +72,27 @@ public interface TestingResource {
     @POST
     @Path("/clear-event-queue")
     @Produces(MediaType.APPLICATION_JSON)
-    Response clearEventQueue();
+    void clearEventQueue();
 
     @POST
     @Path("/clear-admin-event-queue")
     @Produces(MediaType.APPLICATION_JSON)
-    Response clearAdminEventQueue();
+    void clearAdminEventQueue();
 
     @GET
     @Path("/clear-event-store")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearEventStore();
+    void clearEventStore();
 
     @GET
     @Path("/clear-event-store-for-realm")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearEventStore(@QueryParam("realmId") String realmId);
+    void clearEventStore(@QueryParam("realmId") String realmId);
 
     @GET
     @Path("/clear-event-store-older-than")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan);
+    void clearEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan);
 
     /**
      * Query events
@@ -127,17 +127,17 @@ public interface TestingResource {
     @GET
     @Path("/clear-admin-event-store")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearAdminEventStore();
+    void clearAdminEventStore();
 
     @GET
     @Path("/clear-admin-event-store-for-realm")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearAdminEventStore(@QueryParam("realmId") String realmId);
+    void clearAdminEventStore(@QueryParam("realmId") String realmId);
 
     @GET
     @Path("/clear-admin-event-store-older-than")
     @Produces(MediaType.APPLICATION_JSON)
-    public Response clearAdminEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan);
+    void clearAdminEventStore(@QueryParam("realmId") String realmId, @QueryParam("olderThan") long olderThan);
 
     /**
      * Get admin events
@@ -170,17 +170,17 @@ public interface TestingResource {
     @POST
     @Path("/on-admin-event")
     @Consumes(MediaType.APPLICATION_JSON)
-    public void onAdminEvent(final AdminEventRepresentation rep, @QueryParam("includeRepresentation") boolean includeRepresentation);
+    void onAdminEvent(final AdminEventRepresentation rep, @QueryParam("includeRepresentation") boolean includeRepresentation);
 
     @POST
     @Path("/remove-user-session")
     @Produces(MediaType.APPLICATION_JSON)
-    Response removeUserSession(@QueryParam("realm") final String realm, @QueryParam("session") final String sessionId);
+    void removeUserSession(@QueryParam("realm") final String realm, @QueryParam("session") final String sessionId);
 
     @POST
     @Path("/remove-user-sessions")
     @Produces(MediaType.APPLICATION_JSON)
-    Response removeUserSessions(@QueryParam("realm") final String realm);
+    void removeUserSessions(@QueryParam("realm") final String realm);
 
     @GET
     @Path("/get-user-session")
@@ -190,7 +190,7 @@ public interface TestingResource {
     @POST
     @Path("/remove-expired")
     @Produces(MediaType.APPLICATION_JSON)
-    Response removeExpired(@QueryParam("realm") final String realm);
+    void removeExpired(@QueryParam("realm") final String realm);
 
     @Path("/cache/{cache}")
     TestingCacheResource cache(@PathParam("cache") String cacheName);

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java

@@ -0,0 +1,66 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.util;
+
+import java.io.File;
+import java.io.IOException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.http.ssl.SSLContexts;
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.models.Constants;
+import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
+
+import static org.keycloak.testsuite.auth.page.AuthRealm.ADMIN;
+import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
+import static org.keycloak.testsuite.util.IOUtil.PROJECT_BUILD_DIRECTORY;
+
+
+public class AdminClientUtil {
+
+    public static Keycloak createAdminClient() throws Exception {
+        SSLContext ssl = null;
+        if ("true".equals(System.getProperty("auth.server.ssl.required"))) {
+            File trustore = new File(PROJECT_BUILD_DIRECTORY, "dependency/keystore/keycloak.truststore");
+            ssl = getSSLContextWithTrustore(trustore, "secret");
+
+            System.setProperty("javax.net.ssl.trustStore", trustore.getAbsolutePath());
+        }
+
+        return Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth",
+                MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID, null, ssl);
+    }
+
+
+    private static SSLContext getSSLContextWithTrustore(File file, String password) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
+        if (!file.isFile()) {
+            throw new RuntimeException("Truststore file not found: " + file.getAbsolutePath());
+        }
+        SSLContext theContext = SSLContexts.custom()
+                .useProtocol("TLS")
+                .loadTrustMaterial(file, password == null ? null : password.toCharArray())
+                .build();
+        return theContext;
+    }
+
+}

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java

@@ -54,6 +54,8 @@ import org.openqa.selenium.By;
 import org.openqa.selenium.WebDriver;
 
 import javax.ws.rs.core.UriBuilder;
+
+import java.io.Closeable;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.net.URI;
@@ -271,7 +273,9 @@ public class OAuthClient {
             try {
                 ByteArrayOutputStream out = new ByteArrayOutputStream();
 
-                client.execute(post).getEntity().writeTo(out);
+                CloseableHttpResponse response = client.execute(post);
+                response.getEntity().writeTo(out);
+                response.close();
 
                 return new String(out.toByteArray());
             } catch (Exception e) {
@@ -776,28 +780,32 @@ public class OAuthClient {
         private String error;
         private String errorDescription;
 
-        public AccessTokenResponse(HttpResponse response) throws Exception {
+        public AccessTokenResponse(CloseableHttpResponse response) throws Exception {
-            statusCode = response.getStatusLine().getStatusCode();
+            try {
-            if (!"application/json".equals(response.getHeaders("Content-Type")[0].getValue())) {
+                statusCode = response.getStatusLine().getStatusCode();
-                Assert.fail("Invalid content type");
+                if (!"application/json".equals(response.getHeaders("Content-Type")[0].getValue())) {
-            }
+                    Assert.fail("Invalid content type");
-
-            String s = IOUtils.toString(response.getEntity().getContent());
-            Map responseJson = JsonSerialization.readValue(s, Map.class);
-
-            if (statusCode == 200) {
-                idToken = (String)responseJson.get("id_token");
-                accessToken = (String)responseJson.get("access_token");
-                tokenType = (String)responseJson.get("token_type");
-                expiresIn = (Integer)responseJson.get("expires_in");
-                refreshExpiresIn = (Integer)responseJson.get("refresh_expires_in");
-
-                if (responseJson.containsKey(OAuth2Constants.REFRESH_TOKEN)) {
-                    refreshToken = (String)responseJson.get(OAuth2Constants.REFRESH_TOKEN);
                 }
-            } else {
+
-                error = (String)responseJson.get(OAuth2Constants.ERROR);
+                String s = IOUtils.toString(response.getEntity().getContent());
-                errorDescription = responseJson.containsKey(OAuth2Constants.ERROR_DESCRIPTION) ? (String)responseJson.get(OAuth2Constants.ERROR_DESCRIPTION) : null;
+                Map responseJson = JsonSerialization.readValue(s, Map.class);
+
+                if (statusCode == 200) {
+                    idToken = (String) responseJson.get("id_token");
+                    accessToken = (String) responseJson.get("access_token");
+                    tokenType = (String) responseJson.get("token_type");
+                    expiresIn = (Integer) responseJson.get("expires_in");
+                    refreshExpiresIn = (Integer) responseJson.get("refresh_expires_in");
+
+                    if (responseJson.containsKey(OAuth2Constants.REFRESH_TOKEN)) {
+                        refreshToken = (String) responseJson.get(OAuth2Constants.REFRESH_TOKEN);
+                    }
+                } else {
+                    error = (String) responseJson.get(OAuth2Constants.ERROR);
+                    errorDescription = responseJson.containsKey(OAuth2Constants.ERROR_DESCRIPTION) ? (String) responseJson.get(OAuth2Constants.ERROR_DESCRIPTION) : null;
+                }
+            } finally {
+                response.close();
             }
         }
 

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/TestCleanup.java

@@ -0,0 +1,202 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.util;
+
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.ws.rs.NotFoundException;
+
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.resource.RealmResource;
+
+/**
+ * Enlist resources to be cleaned after test method
+ *
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class TestCleanup {
+
+    private final Keycloak adminClient;
+    private final String realmName;
+
+
+    private List<String> identityProviderAliases;
+    private List<String> userIds;
+    private List<String> componentIds;
+    private List<String> clientUuids;
+    private List<String> roleIds;
+    private List<String> groupIds;
+    private List<String> authFlowIds;
+    private List<String> authConfigIds;
+
+    public TestCleanup(Keycloak adminClient, String realmName) {
+        this.adminClient = adminClient;
+        this.realmName = realmName;
+    }
+
+
+    public void addUserId(String userId) {
+        if (userIds == null) {
+            userIds = new LinkedList<>();
+        }
+        userIds.add(userId);
+    }
+
+
+    public void addIdentityProviderAlias(String identityProviderAlias) {
+        if (identityProviderAliases == null) {
+            identityProviderAliases = new LinkedList<>();
+        }
+        identityProviderAliases.add(identityProviderAlias);
+    }
+
+
+    public void addComponentId(String componentId) {
+        if (componentIds == null) {
+            componentIds = new LinkedList<>();
+        }
+        componentIds.add(componentId);
+    }
+
+
+    public void addClientUuid(String clientUuid) {
+        if (clientUuids == null) {
+            clientUuids = new LinkedList<>();
+        }
+        clientUuids.add(clientUuid);
+    }
+
+
+    public void addRoleId(String roleId) {
+        if (roleIds == null) {
+            roleIds = new LinkedList<>();
+        }
+        roleIds.add(roleId);
+    }
+
+
+    public void addGroupId(String groupId) {
+        if (groupIds == null) {
+            groupIds = new LinkedList<>();
+        }
+        groupIds.add(groupId);
+    }
+
+
+    public void addAuthenticationFlowId(String flowId) {
+        if (authFlowIds == null) {
+            authFlowIds = new LinkedList<>();
+        }
+        authFlowIds.add(flowId);
+    }
+
+
+    public void addAuthenticationConfigId(String executionConfigId) {
+        if (authConfigIds == null) {
+            authConfigIds = new LinkedList<>();
+        }
+        authConfigIds.add(executionConfigId);
+    }
+
+
+    public void executeCleanup() {
+        RealmResource realm = adminClient.realm(realmName);
+
+        if (userIds != null) {
+            for (String userId : userIds) {
+                try {
+                    realm.users().get(userId).remove();
+                } catch (NotFoundException nfe) {
+                    // User might be already deleted in the test
+                }
+            }
+        }
+
+        if (identityProviderAliases != null) {
+            for (String idpAlias : identityProviderAliases) {
+                try {
+                    realm.identityProviders().get(idpAlias).remove();
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (componentIds != null) {
+            for (String componentId : componentIds) {
+                try {
+                    realm.components().component(componentId).remove();
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (clientUuids != null) {
+            for (String clientUuId : clientUuids) {
+                try {
+                    realm.clients().get(clientUuId).remove();
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (roleIds != null) {
+            for (String roleId : roleIds) {
+                try {
+                    realm.rolesById().deleteRole(roleId);
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (groupIds != null) {
+            for (String groupId : groupIds) {
+                try {
+                    realm.groups().group(groupId).remove();
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (authFlowIds != null) {
+            for (String flowId : authFlowIds) {
+                try {
+                    realm.flows().deleteFlow(flowId);
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+
+        if (authConfigIds != null) {
+            for (String configId : authConfigIds) {
+                try {
+                    realm.flows().removeAuthenticatorConfig(configId);
+                } catch (NotFoundException nfe) {
+                    // Idp might be already deleted in the test
+                }
+            }
+        }
+    }
+
+}

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractAuthTest.java

@@ -21,6 +21,7 @@ import org.junit.Before;
 import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.auth.page.AuthRealm;
 import org.keycloak.testsuite.auth.page.account.Account;
 import org.keycloak.testsuite.auth.page.login.OIDCLogin;
@@ -63,6 +64,7 @@ public abstract class AbstractAuthTest extends AbstractKeycloakTest {
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmRepresentation testRealmRep = new RealmRepresentation();
+        testRealmRep.setId(TEST);
         testRealmRep.setRealm(TEST);
         testRealmRep.setEnabled(true);
         testRealms.add(testRealmRep);
@@ -89,6 +91,8 @@ public abstract class AbstractAuthTest extends AbstractKeycloakTest {
 
 
     public void createTestUserWithAdminClient() {
+        ApiUtil.removeUserByUsername(testRealmResource(), "test");
+
         log.debug("creating test user");
         String id = createUserAndResetPasswordWithAdminClient(testRealmResource(), testUser, PASSWORD);
         testUser.setId(id);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java

@@ -19,19 +19,15 @@ package org.keycloak.testsuite;
 import org.apache.commons.configuration.ConfigurationException;
 import org.apache.commons.configuration.PropertiesConfiguration;
 import org.apache.http.ssl.SSLContexts;
-import org.h2.util.IOUtils;
 import org.keycloak.common.util.KeycloakUriBuilder;
 import org.keycloak.common.util.Time;
-import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
+import org.keycloak.testsuite.arquillian.KcArquillian;
 import org.keycloak.testsuite.arquillian.TestContext;
 
 import java.io.File;
-import java.io.FileOutputStream;
 import java.io.IOException;
-import java.io.InputStream;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.net.URL;
 import java.security.KeyManagementException;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
@@ -46,7 +42,6 @@ import javax.ws.rs.NotFoundException;
 import org.jboss.arquillian.container.test.api.RunAsClient;
 import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.jboss.arquillian.graphene.page.Page;
-import org.jboss.arquillian.junit.Arquillian;
 import org.jboss.arquillian.test.api.ArquillianResource;
 import org.jboss.logging.Logger;
 import org.junit.After;
@@ -73,7 +68,9 @@ import org.keycloak.testsuite.auth.page.account.Account;
 import org.keycloak.testsuite.auth.page.login.OIDCLogin;
 import org.keycloak.testsuite.auth.page.login.UpdatePassword;
 import org.keycloak.testsuite.client.KeycloakTestingClient;
+import org.keycloak.testsuite.util.AdminClientUtil;
 import org.keycloak.testsuite.util.OAuthClient;
+import org.keycloak.testsuite.util.TestCleanup;
 import org.keycloak.testsuite.util.TestEventsLogger;
 import org.openqa.selenium.WebDriver;
 
@@ -86,7 +83,7 @@ import static org.keycloak.testsuite.util.IOUtil.PROJECT_BUILD_DIRECTORY;
  *
  * @author tkyjovsk
  */
-@RunWith(Arquillian.class)
+@RunWith(KcArquillian.class)
 @RunAsClient
 public abstract class AbstractKeycloakTest {
 
@@ -136,17 +133,12 @@ public abstract class AbstractKeycloakTest {
 
     @Before
     public void beforeAbstractKeycloakTest() throws Exception {
-        SSLContext ssl = null;
+        adminClient = testContext.getAdminClient();
-        if ("true".equals(System.getProperty("auth.server.ssl.required"))) {
+        if (adminClient == null) {
-            File trustore = new File(PROJECT_BUILD_DIRECTORY, "dependency/keystore/keycloak.truststore");
+            adminClient = AdminClientUtil.createAdminClient();
-            ssl = getSSLContextWithTrustore(trustore, "secret");
+            testContext.setAdminClient(adminClient);
-
-            System.setProperty("javax.net.ssl.trustStore", trustore.getAbsolutePath());
         }
 
-        adminClient = Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth",
-                MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID, null, ssl);
-
         getTestingClient();
 
         adminUser = createAdminUserRepresentation();
@@ -161,7 +153,13 @@ public abstract class AbstractKeycloakTest {
             suiteContext.setAdminPasswordUpdated(true);
         }
 
-        importTestRealms();
+        if (testContext.getTestRealmReps() == null) {
+            importTestRealms();
+
+            if (!isImportAfterEachMethod()) {
+                testContext.setTestRealmReps(testRealmReps);
+            }
+        }
 
         oauth.init(adminClient, driver);
     }
@@ -172,8 +170,36 @@ public abstract class AbstractKeycloakTest {
             resetTimeOffset();
         }
 
-        removeTestRealms(); // Remove realms after tests. Tests should cleanup after themselves!
+        if (isImportAfterEachMethod()) {
-        adminClient.close(); // don't keep admin connection open
+            log.info("removing test realms after test method");
+            for (RealmRepresentation testRealm : testRealmReps) {
+                removeRealm(testRealm.getRealm());
+            }
+        } else {
+            // Logout all users after the test
+            List<RealmRepresentation> realms = testContext.getTestRealmReps();
+            for (RealmRepresentation realm : realms) {
+                adminClient.realm(realm.getRealm()).logoutAll();
+            }
+
+            // Cleanup objects
+            for (TestCleanup cleanup : testContext.getCleanups().values()) {
+                cleanup.executeCleanup();
+            }
+            testContext.getCleanups().clear();
+        }
+    }
+
+    protected TestCleanup getCleanup(String realmName) {
+        return testContext.getOrCreateCleanup(realmName);
+    }
+
+    protected TestCleanup getCleanup() {
+        return getCleanup("test");
+    }
+
+    protected boolean isImportAfterEachMethod() {
+        return false;
     }
 
     private void updateMasterAdminPassword() {
@@ -194,6 +220,13 @@ public abstract class AbstractKeycloakTest {
         driver.manage().deleteAllCookies();
     }
 
+    protected void deleteAllCookiesForRealm(String realmName) {
+        // masterRealmPage.navigateTo();
+        driver.navigate().to(oauth.AUTH_SERVER_ROOT + "/realms/" + realmName + "/account"); // Because IE webdriver freezes when loading a JSON page (realm page), we need to use this alternative
+        log.info("deleting cookies in '" + realmName + "' realm");
+        driver.manage().deleteAllCookies();
+    }
+
     public void setDefaultPageUriParameters() {
         masterRealmPage.setAuthRealm(MASTER);
         loginPage.setAuthRealm(MASTER);
@@ -201,11 +234,19 @@ public abstract class AbstractKeycloakTest {
 
     public KeycloakTestingClient getTestingClient() {
         if (testingClient == null) {
-            testingClient = KeycloakTestingClient.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth");
+            testingClient = testContext.getTestingClient();
+            if (testingClient == null) {
+                testingClient = KeycloakTestingClient.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth");
+                testContext.setTestingClient(testingClient);
+            }
         }
         return testingClient;
     }
 
+    public TestContext getTestContext() {
+        return testContext;
+    }
+
     public Keycloak getAdminClient() {
         return adminClient;
     }
@@ -230,13 +271,6 @@ public abstract class AbstractKeycloakTest {
         }
     }
 
-    public void removeTestRealms() {
-        log.info("removing test realms");
-        for (RealmRepresentation testRealm : testRealmReps) {
-            removeRealm(testRealm);
-        }
-    }
-
     private UserRepresentation createAdminUserRepresentation() {
         UserRepresentation adminUserRep = new UserRepresentation();
         adminUserRep.setUsername(ADMIN);
@@ -265,10 +299,6 @@ public abstract class AbstractKeycloakTest {
         }
     }
     
-    public void removeRealm(RealmRepresentation realm) {
-        removeRealm(realm.getRealm());
-    }
-    
     public RealmsResource realmsResouce() {
         return adminClient.realms();
     }
@@ -360,15 +390,4 @@ public abstract class AbstractKeycloakTest {
             throw new RuntimeException(e);
         }
     }
-
-    public static SSLContext getSSLContextWithTrustore(File file, String password) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
-        if (!file.isFile()) {
-            throw new RuntimeException("Truststore file not found: " + file.getAbsolutePath());
-        }
-        SSLContext theContext = SSLContexts.custom()
-                .useProtocol("TLS")
-                .loadTrustMaterial(file, password == null ? null : password.toCharArray())
-                .build();
-        return theContext;
-    }
 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractTestRealmKeycloakTest.java

@@ -17,6 +17,7 @@
 
 package org.keycloak.testsuite;
 
+import org.junit.After;
 import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.common.util.reflections.Reflections;
 import org.keycloak.events.Details;
@@ -71,6 +72,13 @@ public abstract class AbstractTestRealmKeycloakTest extends AbstractKeycloakTest
         configureTestRealm(testRealm);
     }
 
+
+    // Logout user after test
+    @After
+    public void deleteCookies() {
+        deleteAllCookiesForRealm("test");
+    }
+
     /**
      * This allows a subclass to change the configuration of the testRealm before
      * it is imported.  This method will be called prior to any @Before methods

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AssertEvents.java

@@ -64,7 +64,7 @@ public class AssertEvents implements TestRule {
             @Override
             public void evaluate() throws Throwable {
                 // TODO: Ideally clear the queue just before testClass rather then before each method
-                context.getTestingClient().testing().clearEventQueue();
+                clear();
                 base.evaluate();
                 // TODO Test should fail if there are leftover events
             }
@@ -84,12 +84,7 @@ public class AssertEvents implements TestRule {
     }
 
     public void clear() {
-        Response res = context.testingClient.testing().clearEventQueue();
+        context.getTestingClient().testing().clearEventQueue();
-        try {
-            Assert.assertEquals("clear-event-queue success", res.getStatus(), 200);
-        } finally {
-            res.close();
-        }
     }
 
     public ExpectedEvent expectRequiredAction(EventType event) {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java

@@ -18,6 +18,7 @@ package org.keycloak.testsuite.account;
 
 import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.jboss.arquillian.graphene.page.Page;
+import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Rule;
@@ -159,6 +160,10 @@ public class AccountTest extends AbstractTestRealmKeycloakTest {
     public void before() {
         oauth.state("mystate"); // keycloak enforces that a state param has been sent by client
         userId = findUser("test-user@localhost").getId();
+
+        // Revert any password policy and user password changes
+        setPasswordPolicy("");
+        ApiUtil.resetUserPassword(testRealm().users().get(userId), "password", false);
     }
 
     @Test
@@ -399,18 +404,18 @@ public class AccountTest extends AbstractTestRealmKeycloakTest {
         events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent();
 
         assertChangePasswordFails   ("password",  "password");  // current: password
-        assertChangePasswordSucceeds("password",  "password1"); // current: password
+        assertChangePasswordSucceeds("password",  "password3"); // current: password
 
-        assertChangePasswordFails   ("password1", "password");  // current: password1, history: password
+        assertChangePasswordFails   ("password3", "password");  // current: password1, history: password
-        assertChangePasswordFails   ("password1", "password1"); // current: password1, history: password
+        assertChangePasswordFails   ("password3", "password3"); // current: password1, history: password
-        assertChangePasswordSucceeds("password1", "password2"); // current: password1, history: password
+        assertChangePasswordSucceeds("password3", "password4"); // current: password1, history: password
 
-        assertChangePasswordFails   ("password2", "password");  // current: password2, history: password, password1
+        assertChangePasswordFails   ("password4", "password");  // current: password2, history: password, password1
-        assertChangePasswordFails   ("password2", "password1"); // current: password2, history: password, password1
+        assertChangePasswordFails   ("password4", "password3"); // current: password2, history: password, password1
-        assertChangePasswordFails   ("password2", "password2"); // current: password2, history: password, password1
+        assertChangePasswordFails   ("password4", "password4"); // current: password2, history: password, password1
-        assertChangePasswordSucceeds("password2", "password3"); // current: password2, history: password, password1
+        assertChangePasswordSucceeds("password4", "password5"); // current: password2, history: password, password1
 
-        assertChangePasswordSucceeds("password3", "password");  // current: password3, history: password1, password2
+        assertChangePasswordSucceeds("password5", "password");  // current: password3, history: password1, password2
     }
 
     @Test
@@ -443,10 +448,10 @@ public class AccountTest extends AbstractTestRealmKeycloakTest {
         events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent();
 
         assertChangePasswordFails   ("password",  "password");  // current: password
-        assertChangePasswordSucceeds("password",  "password1"); // current: password
+        assertChangePasswordSucceeds("password",  "password6"); // current: password
 
-        assertChangePasswordFails   ("password1", "password1"); // current: password1
+        assertChangePasswordFails   ("password6", "password6"); // current: password1
-        assertChangePasswordSucceeds("password1", "password");  // current: password1
+        assertChangePasswordSucceeds("password6", "password");  // current: password1
     }
 
     @Test
@@ -611,6 +616,9 @@ public class AccountTest extends AbstractTestRealmKeycloakTest {
         Assert.assertEquals("New first", profilePage.getFirstName());
         Assert.assertEquals("New last", profilePage.getLastName());
         Assert.assertEquals("new@email.com", profilePage.getEmail());
+
+        // Revert
+        profilePage.updateProfile("test-user@localhost", "Tom", "Brady", "test-user@localhost");
     }
 
     private void addUser(String username, String email) {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java

@@ -191,6 +191,13 @@ public class ProfileTest extends AbstractTestRealmKeycloakTest {
         assertEquals("newemail@localhost", profile.getEmail());
         assertEquals("NewFirst", profile.getFirstName());
         assertEquals("NewLast", profile.getLastName());
+
+        // Revert
+        user.setFirstName("First");
+        user.setLastName("Last");
+        user.setEmail("test-user@localhost");
+        doUpdateProfile(token, null, JsonSerialization.writeValueAsString(user));
+        assertEquals(200, response.getStatusLine().getStatusCode());
     }
 
     @Test

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/TrustStoreEmailTest.java

@@ -22,6 +22,7 @@ import org.junit.Test;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.auth.page.AuthRealm;
 import org.keycloak.testsuite.auth.page.account.AccountManagement;
 import org.keycloak.testsuite.auth.page.login.OIDCLogin;
@@ -53,13 +54,10 @@ public class TrustStoreEmailTest extends AbstractTestRealmKeycloakTest {
     @Page
     private VerifyEmail testRealmVerifyEmailPage;
 
-    private UserRepresentation user;
-
     @Override
     public void configureTestRealm(RealmRepresentation testRealm) {
         log.info("enable verify email and configure smtp server to run with ssl in test realm");
 
-        user = RealmRepUtil.findUser(testRealm, "test-user@localhost");
         testRealm.setSmtpServer(SslMailServer.getServerConfiguration());
         testRealm.setVerifyEmail(true);
     }
@@ -82,6 +80,8 @@ public class TrustStoreEmailTest extends AbstractTestRealmKeycloakTest {
 
     @Test
     public void verifyEmailWithSslEnabled() {
+        UserRepresentation user = ApiUtil.findUserByUsername(testRealm(), "test-user@localhost");
+
         SslMailServer.startWithSsl(this.getClass().getClassLoader().getResource(SslMailServer.PRIVATE_KEY).getFile());
         accountManagement.navigateTo();
         testRealmLoginPage.form().login(user.getUsername(), "password");
@@ -98,15 +98,17 @@ public class TrustStoreEmailTest extends AbstractTestRealmKeycloakTest {
 
         assertCurrentUrlStartsWith(accountManagement);
         accountManagement.signOut();
-        testRealmLoginPage.form().login(user);
+        testRealmLoginPage.form().login(user.getUsername(), "password");
         assertCurrentUrlStartsWith(accountManagement);
     }
 
     @Test
     public void verifyEmailWithSslWrongCertificate() {
+        UserRepresentation user = ApiUtil.findUserByUsername(testRealm(), "test-user@localhost");
+
         SslMailServer.startWithSsl(this.getClass().getClassLoader().getResource(SslMailServer.INVALID_KEY).getFile());
         accountManagement.navigateTo();
-        loginPage.form().login(user);
+        loginPage.form().login(user.getUsername(), "password");
 
         assertEquals("Failed to send email, please try again later.\n" +
                         "« Back to Application",

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowCookieTest.java

@@ -20,9 +20,12 @@ import org.junit.Before;
 import org.junit.Test;
 import org.keycloak.models.AuthenticationExecutionModel.Requirement;
 import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.testsuite.admin.ApiUtil;
 
 import java.util.Arrays;
 
+import javax.ws.rs.core.Response;
+
 import static org.junit.Assert.assertEquals;
 import static org.keycloak.testsuite.util.OAuthClient.APP_ROOT;
 
@@ -44,7 +47,10 @@ public class CustomAuthFlowCookieTest extends AbstractCustomAccountManagementTes
         testApp.setRedirectUris(Arrays.asList(new String[]{APP_ROOT + "/*"}));
         testApp.setAdminUrl(APP_ROOT + "/logout");
         testApp.setSecret("password");
-        assertEquals(201, testRealmResource().clients().create(testApp).getStatus());
+        Response response = testRealmResource().clients().create(testApp);
+        assertEquals(201, response.getStatus());
+        getCleanup().addClientUuid(ApiUtil.getCreatedId(response));
+        response.close();
     }
 
     @Test

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java

@@ -20,15 +20,18 @@ import org.jboss.arquillian.graphene.page.Page;
 import org.junit.Before;
 import org.junit.Test;
 import org.keycloak.models.AuthenticationExecutionModel.Requirement;
+import org.keycloak.models.utils.DefaultAuthenticationFlows;
 import org.keycloak.models.utils.TimeBasedOTP;
 import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
 import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.admin.Users;
 import org.keycloak.testsuite.auth.page.login.OneTimeCode;
 import org.keycloak.testsuite.pages.LoginConfigTotpPage;
 
+import javax.ws.rs.NotFoundException;
 import javax.ws.rs.core.Response;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -101,6 +104,10 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
 
     @Test
     public void requireOTPTest() {
+        //update realm browser flow
+        RealmRepresentation realm = testRealmResource().toRepresentation();
+        realm.setBrowserFlow("browser");
+        testRealmResource().update(realm);
 
         updateRequirement("browser", "auth-otp-form", Requirement.REQUIRED);
         testRealmAccountManagementPage.navigateTo();
@@ -225,10 +232,8 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
         setConditionalOTPForm(config);
 
         //create role
-        RoleRepresentation role = new RoleRepresentation("otp_role", "", false);
+        RoleRepresentation role = getOrCreateOTPRole();
-        testRealmResource().roles().create(role);
+
-        //obtain id
-        role = testRealmResource().roles().get("otp_role").toRepresentation();
         //add role to user
         List<RoleRepresentation> realmRoles = new ArrayList<>();
         realmRoles.add(role);
@@ -250,10 +255,8 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
         setConditionalOTPForm(config);
 
         //create role
-        RoleRepresentation role = new RoleRepresentation("otp_role", "", false);
+        RoleRepresentation role = getOrCreateOTPRole();
-        testRealmResource().roles().create(role);
+
-        //obtain id
-        role = testRealmResource().roles().get("otp_role").toRepresentation();
         //add role to user
         List<RoleRepresentation> realmRoles = new ArrayList<>();
         realmRoles.add(role);
@@ -273,6 +276,17 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
         assertCurrentUrlStartsWith(testLoginOneTimeCodePage);
     }
 
+    private RoleRepresentation getOrCreateOTPRole() {
+        try {
+            return testRealmResource().roles().get("otp_role").toRepresentation();
+        } catch (NotFoundException ex) {
+            RoleRepresentation role = new RoleRepresentation("otp_role", "", false);
+            testRealmResource().roles().create(role);
+            //obtain id
+            return testRealmResource().roles().get("otp_role").toRepresentation();
+        }
+    }
+
     @Test
     public void conditionalOTPRequestHeaderSkip() {
         //prepare config - request header skip, default to force
@@ -313,6 +327,19 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
     }
 
     private void setConditionalOTPForm(Map<String, String> config) {
+        List<AuthenticationFlowRepresentation> authFlows = getAuthMgmtResource().getFlows();
+        for (AuthenticationFlowRepresentation flow : authFlows) {
+            if ("ConditionalOTPFlow".equals(flow.getAlias())) {
+                //update realm browser flow
+                RealmRepresentation realm = testRealmResource().toRepresentation();
+                realm.setBrowserFlow(DefaultAuthenticationFlows.BROWSER_FLOW);
+                testRealmResource().update(realm);
+
+                getAuthMgmtResource().deleteFlow(flow.getId());
+                break;
+            }
+        }
+
         String flowAlias = "ConditionalOTPFlow";
         String provider = "auth-conditional-otp-form";
         
@@ -360,6 +387,8 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
         //add auth config to the execution
         response = getAuthMgmtResource().newExecutionConfig(executionId, authConfig);
         assertEquals("new execution success", 201, response.getStatus());
+        getCleanup().addAuthenticationConfigId(ApiUtil.getCreatedId(response));
         response.close();
     }
+
 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java

@@ -27,8 +27,10 @@ import org.keycloak.events.Errors;
 import org.keycloak.events.EventType;
 import org.keycloak.representations.idm.EventRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
 import org.keycloak.testsuite.pages.ErrorPage;
@@ -38,11 +40,13 @@ import org.keycloak.testsuite.pages.RegisterPage;
 import org.keycloak.testsuite.pages.VerifyEmailPage;
 import org.keycloak.testsuite.util.GreenMailRule;
 import org.keycloak.testsuite.util.MailUtils;
+import org.keycloak.testsuite.util.UserBuilder;
 
 import javax.mail.MessagingException;
 import javax.mail.Multipart;
 import javax.mail.internet.MimeMessage;
 import java.io.IOException;
+import java.util.Collections;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
@@ -85,6 +89,13 @@ public class RequiredActionEmailVerificationTest extends AbstractTestRealmKeyclo
     @Before
     public void before() {
         oauth.state("mystate"); // have to set this as keycloak validates that state is sent
+
+
+        ApiUtil.removeUserByUsername(testRealm(), "test-user@localhost");
+        UserRepresentation user = UserBuilder.create().enabled(true)
+                .username("test-user@localhost")
+                .email("test-user@localhost").build();
+        ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
     }
 
     @Test

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java

@@ -17,6 +17,7 @@
 package org.keycloak.testsuite.actions;
 
 import org.jboss.arquillian.graphene.page.Page;
+import org.jboss.arquillian.junit.InSequence;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Rule;
@@ -32,8 +33,10 @@ import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentatio
 import org.keycloak.representations.idm.EventRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AccountTotpPage;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
@@ -42,7 +45,9 @@ import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.pages.LoginTotpPage;
 import org.keycloak.testsuite.pages.RegisterPage;
 import org.keycloak.testsuite.util.RealmBuilder;
+import org.keycloak.testsuite.util.UserBuilder;
 
+import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;
 
@@ -75,6 +80,15 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
                 adminClient.realm("test").flows().updateExecutions("browser", execution);
             }
         }
+
+        ApiUtil.removeUserByUsername(testRealm(), "test-user@localhost");
+        UserRepresentation user = UserBuilder.create().enabled(true)
+                .username("test-user@localhost")
+                .email("test-user@localhost")
+                .firstName("Tom")
+                .lastName("Brady")
+                .requiredAction(UserModel.RequiredAction.UPDATE_PROFILE.name()).build();
+        ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
     }
 
 
@@ -266,6 +280,12 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
         Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
 
         events.expectLogin().assertEvent();
+
+        // Revert
+        realmRep = adminClient.realm("test").toRepresentation();
+        RealmBuilder.edit(realmRep)
+                .otpDigits(6);
+        adminClient.realm("test").update(realmRep);
     }
 
     @Test
@@ -334,6 +354,18 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
         Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
 
         events.expectLogin().assertEvent();
+
+        // Revert
+        realmRep = adminClient.realm("test").toRepresentation();
+        RealmBuilder.edit(realmRep)
+                .otpLookAheadWindow(1)
+                .otpDigits(6)
+                .otpPeriod(30)
+                .otpType(UserCredentialModel.TOTP)
+                .otpAlgorithm(HmacOTP.HMAC_SHA1)
+                .otpInitialCounter(0);
+        adminClient.realm("test").update(realmRep);
+
     }
 
 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java

@@ -18,6 +18,7 @@ package org.keycloak.testsuite.actions;
 
 import org.jboss.arquillian.graphene.page.Page;
 import org.junit.Assert;
+import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.events.Details;
@@ -27,10 +28,12 @@ import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
 import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.pages.LoginUpdateProfileEditUsernameAllowedPage;
+import org.keycloak.testsuite.util.UserBuilder;
 
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -55,6 +58,27 @@ public class RequiredActionUpdateProfileTest extends AbstractTestRealmKeycloakTe
         ActionUtil.addRequiredActionForUser(testRealm, "john-doh@localhost", UserModel.RequiredAction.UPDATE_PROFILE.name());
     }
 
+    @Before
+    public void beforeTest() {
+        ApiUtil.removeUserByUsername(testRealm(), "test-user@localhost");
+        UserRepresentation user = UserBuilder.create().enabled(true)
+                .username("test-user@localhost")
+                .email("test-user@localhost")
+                .firstName("Tom")
+                .lastName("Brady")
+                .requiredAction(UserModel.RequiredAction.UPDATE_PROFILE.name()).build();
+        ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
+
+        ApiUtil.removeUserByUsername(testRealm(), "john-doh@localhost");
+        user = UserBuilder.create().enabled(true)
+                .username("john-doh@localhost")
+                .email("john-doh@localhost")
+                .firstName("John")
+                .lastName("Doh")
+                .requiredAction(UserModel.RequiredAction.UPDATE_PROFILE.name()).build();
+        ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
+    }
+
     @Test
     public void updateProfile() {
         loginPage.open();
@@ -112,6 +136,7 @@ public class RequiredActionUpdateProfileTest extends AbstractTestRealmKeycloakTe
         Assert.assertEquals("New last", user.getLastName());
         Assert.assertEquals("john-doh@localhost", user.getEmail());
         Assert.assertEquals("new", user.getUsername());
+        getCleanup().addUserId(user.getId());
     }
 
     @Test

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java

@@ -79,6 +79,12 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
         }
     }
 
+    // TODO: Fix to not require re-import
+    @Override
+    protected boolean isImportAfterEachMethod() {
+        return true;
+    }
+
     private void modifyClientJWKSUrl(RealmRepresentation realm, String regex, String replacement) {
         if (realm.getClients() != null) {
             realm.getClients().stream().

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractDemoServletsAdapterTest.java

@@ -30,7 +30,6 @@ import org.keycloak.OAuth2Constants;
 import org.keycloak.admin.client.resource.ClientResource;
 import org.keycloak.common.Version;
 import org.keycloak.common.util.Time;
-import org.keycloak.common.util.UriUtils;
 import org.keycloak.constants.AdapterConstants;
 import org.keycloak.events.Details;
 import org.keycloak.events.EventType;
@@ -51,6 +50,7 @@ import org.keycloak.testsuite.auth.page.login.OAuthGrant;
 import org.keycloak.testsuite.console.page.events.Config;
 import org.keycloak.testsuite.console.page.events.LoginEvents;
 import org.keycloak.testsuite.util.*;
+import org.keycloak.testsuite.util.URLUtils;
 import org.keycloak.util.BasicAuthHelper;
 
 import org.openqa.selenium.By;
@@ -79,6 +79,7 @@ import javax.ws.rs.core.Response.Status;
 import static org.hamcrest.Matchers.*;
 import static org.keycloak.testsuite.auth.page.AuthRealm.DEMO;
 import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlEquals;
+import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
 import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLoginUrlOf;
 import static org.keycloak.testsuite.util.WaitUtils.*;
 
@@ -372,7 +373,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
         Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
 
         RealmRepresentation demoRealmRep = testRealmResource().toRepresentation();
-        int originalIdle = demoRealmRep.getSsoSessionMaxLifespan();
+        int originalMax = demoRealmRep.getSsoSessionMaxLifespan();
         demoRealmRep.setSsoSessionMaxLifespan(1);
         testRealmResource().update(demoRealmRep);
 
@@ -380,7 +381,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
         productPortal.navigateTo();
         assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
 
-        demoRealmRep.setSsoSessionIdleTimeout(originalIdle);
+        demoRealmRep.setSsoSessionMaxLifespan(originalMax);
         testRealmResource().update(demoRealmRep);
 
         String logoutUri = OIDCLoginProtocolService.logoutUrl(authServerPage.createUriBuilder())
@@ -660,6 +661,11 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
                 .assertEvent();
 
         assertEvents.assertEmpty();
+
+        // Revert consent
+        client = clientResource.toRepresentation();
+        client.setConsentRequired(false);
+        clientResource.update(client);
     }
 
     @Test
@@ -701,6 +707,7 @@ public abstract class AbstractDemoServletsAdapterTest extends AbstractServletsAd
 
 
         driver.navigate().to(testRealmPage.getOIDCLogoutUrl() + "?redirect_uri=" + customerPortal);
+        assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
 
         assertEvents.expectLogout(null)
                 .realm(realm.getId())

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractOIDCPublicKeyRotationAdapterTest.java

@@ -19,7 +19,6 @@ package org.keycloak.testsuite.adapter.servlet;
 
 import java.io.IOException;
 import java.io.InputStream;
-import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
 import javax.ws.rs.core.Response;
@@ -100,8 +99,6 @@ public abstract class AbstractOIDCPublicKeyRotationAdapterTest extends AbstractS
     }
 
 
-
-
     @Before
     public void beforeRotationAdapterTest() {
         // Delete all cookies from token-min-ttl page to be sure we are logged out

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowDemoFilterServletAdapterTest.java

@@ -27,9 +27,4 @@ import org.junit.Ignore;
  */
 @AppServerContainer("auth-server-undertow")
 public class UndertowDemoFilterServletAdapterTest extends AbstractDemoFilterServletAdapterTest {
-    @Ignore
-    @Override
-    public void testAuthenticatedWithCustomSessionConfig() {
-        // Undertow deployment ignores session cookie settings in web.xml, see org.keycloak.testsuite.arquillian.undertow.SimpleWebXmlParser class
-    }
 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AbstractAdminTest.java

@@ -17,7 +17,6 @@
 
 package org.keycloak.testsuite.admin;
 
-import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
 import org.keycloak.admin.client.resource.RealmResource;
@@ -25,6 +24,7 @@ import org.keycloak.events.log.JBossLoggingEventListenerProviderFactory;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
 import org.keycloak.testsuite.events.EventsListenerProviderFactory;
+import org.keycloak.testsuite.util.TestCleanup;
 import org.keycloak.testsuite.util.AssertAdminEvents;
 import org.keycloak.util.JsonSerialization;
 
@@ -55,11 +55,14 @@ public abstract class AbstractAdminTest extends AbstractTestRealmKeycloakTest {
         findTestApp(testRealm).setDirectAccessGrantsEnabled(true);
     }
 
+
+
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         super.addTestRealms(testRealms);
 
         RealmRepresentation adminRealmRep = new RealmRepresentation();
+        adminRealmRep.setId(REALM_NAME);
         adminRealmRep.setRealm(REALM_NAME);
         adminRealmRep.setEnabled(true);
         Map<String, String> config = new HashMap<>();
@@ -82,14 +85,9 @@ public abstract class AbstractAdminTest extends AbstractTestRealmKeycloakTest {
         realmId = realm.toRepresentation().getId();
     }
 
-    // old testsuite expects this realm to be removed at the end of the test
+    @Override
-    @After
+    protected TestCleanup getCleanup() {
-    public void after() {
+        return getCleanup(REALM_NAME);
-        for (RealmRepresentation r : adminClient.realms().findAll()) {
-            if (r.getRealm().equals(REALM_NAME)) {
-                removeRealm(r);
-            }
-        }
     }
 
     // Taken from Keycloak class in old testsuite.

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ApiUtil.java

@@ -35,7 +35,6 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 import javax.ws.rs.core.Response.StatusType;
 import java.net.URI;
-import java.security.PublicKey;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -174,6 +173,13 @@ public class ApiUtil {
         userResource.roles().realmLevel().add(roleRepresentations);
     }
 
+    public static void removeUserByUsername(RealmResource realmResource, String username) {
+        UserRepresentation user = findUserByUsername(realmResource, username);
+        if (user != null) {
+            realmResource.users().delete(user.getId());
+        }
+    }
+
     public static void assignClientRoles(RealmResource realm, String userId, String clientName, String... roles) {
         String realmName = realm.toRepresentation().getRealm();
         String clientId = "";

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java

@@ -81,6 +81,7 @@ public class ClientTest extends AbstractAdminTest {
         Response response = realm.clients().create(rep);
         response.close();
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(id);
 
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), rep, ResourceType.CLIENT);
 
@@ -212,6 +213,8 @@ public class ClientTest extends AbstractAdminTest {
     public void serviceAccount() {
         Response response = realm.clients().create(ClientBuilder.create().clientId("serviceClient").serviceAccount().build());
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(id);
+        response.close();
         UserRepresentation userRep = realm.clients().get(id).getServiceAccountUser();
         assertEquals("service-account-serviceclient", userRep.getUsername());
     }
@@ -237,7 +240,10 @@ public class ClientTest extends AbstractAdminTest {
                 .redirectUris("http://localhost/auth", "http://localhost/auth*")
                 .build();
         Response response = realm.clients().create(client);
-        ClientResource clientResource = realm.clients().get(ApiUtil.getCreatedId(response));
+        String clientUuid = ApiUtil.getCreatedId(response);
+        ClientResource clientResource = realm.clients().get(clientUuid);
+        getCleanup().addClientUuid(clientUuid);
+        response.close();
 
         client = clientResource.toRepresentation();
         client.setRootUrl("http://localhost/base#someFragment");
@@ -291,6 +297,7 @@ public class ClientTest extends AbstractAdminTest {
 
         Response response = realm.clients().create(client);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(id);
         response.close();
 
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(id), client, ResourceType.CLIENT);
@@ -378,6 +385,7 @@ public class ClientTest extends AbstractAdminTest {
     public void scopes() {
         Response response = realm.clients().create(ClientBuilder.create().clientId("client").fullScopeEnabled(false).build());
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(id);
         response.close();
 
         assertAdminEvents.poll();

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ComponentsTest.java

@@ -49,7 +49,7 @@ public class ComponentsTest extends AbstractAdminTest {
 
     @Test
     public void testNotDeadlocked() {
-        for (int i = 0; i < 100; i++) {
+        for (int i = 0; i < 50; i++) {
             ComponentRepresentation rep = createComponentRepresentation("test-" + i);
             rep.getConfig().putSingle("required", "required-value");
             createComponent(rep);
@@ -263,6 +263,7 @@ public class ComponentsTest extends AbstractAdminTest {
         ComponentsResource components = realm.components();
         Response response = components.add(rep);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addComponentId(id);
         response.close();
         return id;
     }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ConcurrencyTest.java

@@ -268,12 +268,13 @@ public class ConcurrencyTest extends AbstractAdminTest {
             Thread thread = new Thread() {
                 @Override
                 public void run() {
+                    Keycloak keycloak = null;
                     try {
                         if (lock != null) {
                             lock.lock();
                         }
 
-                        Keycloak keycloak = Keycloak.getInstance(getAuthServerRoot().toString(), "master", "admin", "admin", org.keycloak.models.Constants.ADMIN_CLI_CLIENT_ID);
+                        keycloak = Keycloak.getInstance(getAuthServerRoot().toString(), "master", "admin", "admin", org.keycloak.models.Constants.ADMIN_CLI_CLIENT_ID);
                         RealmResource realm = keycloak.realm(REALM_NAME);
                         for (int i = 0; i < numIterationsPerThread && latch.getCount() > 0; i++) {
                             log.infov("thread {0}, iteration {1}", threadNum, i);
@@ -286,6 +287,7 @@ public class ConcurrencyTest extends AbstractAdminTest {
                             latch.countDown();
                         }
                     } finally {
+                        keycloak.close();
                         if (lock != null) {
                             lock.unlock();
                         }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/CrossRealmPermissionsTest.java

@@ -17,36 +17,26 @@
 
 package org.keycloak.testsuite.admin;
 
-import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.admin.client.Keycloak;
 import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.common.util.Time;
 import org.keycloak.models.AdminRoles;
 import org.keycloak.models.Constants;
-import org.keycloak.representations.idm.ClientRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
-import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
-import org.keycloak.services.resources.admin.RealmAuth.Resource;
 import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
 import org.keycloak.testsuite.util.ClientBuilder;
-import org.keycloak.testsuite.util.CredentialBuilder;
-import org.keycloak.testsuite.util.GreenMailRule;
 import org.keycloak.testsuite.util.RealmBuilder;
 import org.keycloak.testsuite.util.UserBuilder;
 
 import javax.ws.rs.ClientErrorException;
 import javax.ws.rs.core.Response;
-import java.lang.reflect.Method;
-import java.util.Arrays;
-import java.util.Collections;
 import java.util.List;
 import java.util.concurrent.atomic.AtomicReference;
 
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNull;
 import static org.junit.Assert.fail;
 
 /**
@@ -60,8 +50,6 @@ public class CrossRealmPermissionsTest extends AbstractKeycloakTest {
     private RealmResource realm1;
     private RealmResource realm2;
 
-    @Rule public GreenMailRule greenMailRule = new GreenMailRule();
-
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmBuilder builder = RealmBuilder.create().name(REALM_NAME).testMail();

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/IdentityProviderTest.java

@@ -207,6 +207,8 @@ public class IdentityProviderTest extends AbstractAdminTest {
         Assert.assertNotNull(ApiUtil.getCreatedId(response));
         response.close();
 
+        getCleanup().addIdentityProviderAlias(idpRep.getAlias());
+
         String secret = idpRep.getConfig() != null ? idpRep.getConfig().get("clientSecret") : null;
         idpRep = StripSecretsUtils.strip(idpRep);
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java

@@ -18,6 +18,7 @@
 package org.keycloak.testsuite.admin;
 
 import org.junit.Assert;
+import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.Config;
@@ -62,11 +63,6 @@ public class ImpersonationTest extends AbstractKeycloakTest {
 
     private String impersonatedUserId;
 
-    @Override
-    public void beforeAbstractKeycloakTest() throws Exception {
-        super.beforeAbstractKeycloakTest();
-    }
-
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmBuilder realm = RealmBuilder.create().name("test").testEventListener();
@@ -89,6 +85,11 @@ public class ImpersonationTest extends AbstractKeycloakTest {
                 && "disabled".equals(System.getProperty("feature.value")));
     }
 
+    @Before
+    public void beforeTest() {
+        impersonatedUserId = ApiUtil.findUserByUsername(adminClient.realm("test"), "test-user@localhost").getId();
+    }
+
     @Test
     public void testImpersonateByMasterAdmin() {
         // test that composite is set up right for impersonation role

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/PermissionsTest.java

@@ -18,6 +18,8 @@
 package org.keycloak.testsuite.admin;
 
 import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput;
+import org.junit.AfterClass;
+import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.admin.client.Keycloak;
@@ -55,12 +57,14 @@ import org.keycloak.services.resources.admin.RealmAuth.Resource;
 import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.Assert;
 import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
+import org.keycloak.testsuite.util.AdminClientUtil;
 import org.keycloak.testsuite.util.ClientBuilder;
 import org.keycloak.testsuite.util.CredentialBuilder;
 import org.keycloak.testsuite.util.FederatedIdentityBuilder;
 import org.keycloak.testsuite.util.GreenMailRule;
 import org.keycloak.testsuite.util.IdentityProviderBuilder;
 import org.keycloak.testsuite.util.RealmBuilder;
+import org.keycloak.testsuite.util.TestCleanup;
 import org.keycloak.testsuite.util.UserBuilder;
 
 import javax.ws.rs.ClientErrorException;
@@ -100,17 +104,11 @@ public class PermissionsTest extends AbstractKeycloakTest {
                 .username(AdminRoles.REALM_ADMIN)
                 .role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.REALM_ADMIN)
                 .addPassword("password"));
-        clients.put(AdminRoles.REALM_ADMIN,
-                Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, AdminRoles.REALM_ADMIN, "password", "test-client",
-                        "secret"));
 
         builder.user(UserBuilder.create().username("none").addPassword("password"));
-        clients.put("none",
-                Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, "none", "password", "test-client", "secret"));
 
         for (String role : AdminRoles.ALL_REALM_ROLES) {
             builder.user(UserBuilder.create().username(role).role(Constants.REALM_MANAGEMENT_CLIENT_ID, role).addPassword("password"));
-            clients.put(role, Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, role, "password", "test-client"));
         }
         testRealms.add(builder.build());
 
@@ -118,40 +116,88 @@ public class PermissionsTest extends AbstractKeycloakTest {
         builder2.client(ClientBuilder.create().clientId("test-client").publicClient().directAccessGrants());
         builder2.user(UserBuilder.create().username("admin").role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.REALM_ADMIN).addPassword("password"));
         testRealms.add(builder2.build());
-
-        clients.put("REALM2", Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "realm2", "admin", "password", "test-client"));
     }
 
-    @Override
-    public void beforeAbstractKeycloakTest() throws Exception {
-        super.beforeAbstractKeycloakTest();
 
-        clients.put("master-admin", adminClient);
+    @Before
-
+    public void beforeClazz() {
-        RealmResource master = adminClient.realm("master");
+        if (testContext.isInitialized()) {
-
+            return;
-        {
-            Response response = master.users().create(UserBuilder.create().username("permissions-test-master-none").build());
-            String userId = ApiUtil.getCreatedId(response);
-            response.close();
-
-            master.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());
-
-            clients.put("master-none",
-                    Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "permissions-test-master-none", "password",
-                            Constants.ADMIN_CLI_CLIENT_ID));
         }
 
+        createTestUsers();
+
+        testContext.setInitialized(true);
+    }
+
+    private void createTestUsers() {
+        RealmResource master = adminClient.realm("master");
+
+        Response response = master.users().create(UserBuilder.create().username("permissions-test-master-none").build());
+        String userId = ApiUtil.getCreatedId(response);
+        response.close();
+        master.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());
+
         for (String role : AdminRoles.ALL_REALM_ROLES) {
-            Response response = master.users().create(UserBuilder.create().username("permissions-test-master-" + role).build());
+            response = master.users().create(UserBuilder.create().username("permissions-test-master-" + role).build());
-            String userId = ApiUtil.getCreatedId(response);
+            userId = ApiUtil.getCreatedId(response);
             response.close();
 
             master.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());
             String clientId = master.clients().findByClientId(REALM_NAME + "-realm").get(0).getId();
             RoleRepresentation roleRep = master.clients().get(clientId).roles().get(role).toRepresentation();
             master.users().get(userId).roles().clientLevel(clientId).add(Collections.singletonList(roleRep));
+        }
+    }
 
+    @AfterClass
+    public static void removeTestUsers() throws Exception {
+        Keycloak adminClient = AdminClientUtil.createAdminClient();
+        try {
+            for (UserRepresentation u : adminClient.realm("master").users().search("permissions-test-master-", 0, 100)) {
+                adminClient.realm("master").users().get(u.getId()).remove();
+            }
+        } finally {
+            adminClient.close();
+        }
+    }
+
+    private void recreatePermissionRealm() throws Exception {
+        RealmRepresentation permissionRealm = testContext.getTestRealmReps().stream().filter(realm -> {
+            return realm.getRealm().equals(REALM_NAME);
+        }).findFirst().get();
+        adminClient.realms().create(permissionRealm);
+
+        removeTestUsers();
+        createTestUsers();
+    }
+
+
+    @Override
+    public void beforeAbstractKeycloakTest() throws Exception {
+        super.beforeAbstractKeycloakTest();
+
+        clients.put(AdminRoles.REALM_ADMIN,
+                Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, AdminRoles.REALM_ADMIN, "password", "test-client",
+                        "secret"));
+
+        clients.put("none",
+                Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, "none", "password", "test-client", "secret"));
+
+        for (String role : AdminRoles.ALL_REALM_ROLES) {
+            clients.put(role, Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", REALM_NAME, role, "password", "test-client"));
+        }
+
+        clients.put("REALM2", Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "realm2", "admin", "password", "test-client"));
+
+        clients.put("master-admin", adminClient);
+
+        clients.put("master-none",
+                Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "permissions-test-master-none", "password",
+                        Constants.ADMIN_CLI_CLIENT_ID));
+
+
+        for (String role : AdminRoles.ALL_REALM_ROLES) {
             clients.put("master-" + role,
                     Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "permissions-test-master-" + role, "password",
                             Constants.ADMIN_CLI_CLIENT_ID));
@@ -160,15 +206,22 @@ public class PermissionsTest extends AbstractKeycloakTest {
 
     @Override
     public void afterAbstractKeycloakTest() {
-        for (UserRepresentation u : adminClient.realm("master").users().search("permissions-test-master-", 0, 100)) {
+        // Don't close the "main" adminClient, but all others yes
-            adminClient.realm("master").users().get(u.getId()).remove();
+        clients.entrySet().stream().filter(entry -> {
-        }
 
-        super.afterAbstractKeycloakTest();
+            return !entry.getKey().equals("master-admin");
+
+        }).forEach(consumer -> {
+
+            consumer.getValue().close();
+
+        });
+
+        clients.clear();
     }
 
     @Test
-    public void realms() {
+    public void realms() throws Exception {
         // Check returned realms
         invoke(new Invocation() {
             public void invoke(RealmResource realm) {
@@ -312,6 +365,9 @@ public class PermissionsTest extends AbstractKeycloakTest {
                 clients.get(AdminRoles.REALM_ADMIN).realms().realm(REALM_NAME).remove();
             }
         }, adminClient, true);
+
+        // Revert realm removal
+        recreatePermissionRealm();
     }
 
     @Test
@@ -959,7 +1015,7 @@ public class PermissionsTest extends AbstractKeycloakTest {
     }
 
     @Test
-    public void flows() {
+    public void flows() throws Exception {
         invoke(new Invocation() {
             public void invoke(RealmResource realm) {
                 realm.flows().getFormProviders();
@@ -1113,6 +1169,11 @@ public class PermissionsTest extends AbstractKeycloakTest {
                 realm.flows().updateAuthenticatorConfig("nosuch", new AuthenticatorConfigRepresentation());
             }
         }, Resource.REALM, true);
+
+        // Re-create realm
+        adminClient.realm(REALM_NAME).remove();
+
+        recreatePermissionRealm();
     }
 
     @Test

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/RoleByIdResourceTest.java

@@ -59,6 +59,8 @@ public class RoleByIdResourceTest extends AbstractAdminTest {
 
         Response response = adminClient.realm(REALM_NAME).clients().create(ClientBuilder.create().clientId("client-a").build());
         clientUuid = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(clientUuid);
+        response.close();
         adminClient.realm(REALM_NAME).clients().get(clientUuid).roles().create(RoleBuilder.create().name("role-c").description("Role C").build());
 
         for (RoleRepresentation r : adminClient.realm(REALM_NAME).roles().list()) {
@@ -69,6 +71,10 @@ public class RoleByIdResourceTest extends AbstractAdminTest {
             ids.put(r.getName(), r.getId());
         }
 
+        getCleanup().addRoleId(ids.get("role-a"));
+        getCleanup().addRoleId(ids.get("role-b"));
+        getCleanup().addRoleId(ids.get("role-c"));
+
         resource = adminClient.realm(REALM_NAME).rolesById();
 
         assertAdminEvents.clear(); // Tested in RealmRolesTest already

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserTest.java

@@ -21,7 +21,9 @@ import org.hamcrest.Matchers;
 import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.jboss.arquillian.graphene.page.Page;
 import org.jboss.arquillian.test.api.ArquillianResource;
+import org.junit.After;
 import org.junit.Assert;
+import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.admin.client.resource.IdentityProviderResource;
@@ -60,6 +62,7 @@ import org.openqa.selenium.WebDriver;
 import javax.mail.MessagingException;
 import javax.mail.internet.MimeMessage;
 import javax.ws.rs.ClientErrorException;
+import javax.ws.rs.NotFoundException;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import java.io.IOException;
@@ -118,6 +121,9 @@ public class UserTest extends AbstractAdminTest {
         response.close();
 
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(createdId), userRep, ResourceType.USER);
+
+        getCleanup().addUserId(createdId);
+
         return createdId;
     }
 
@@ -280,7 +286,7 @@ public class UserTest extends AbstractAdminTest {
     @Test
     public void delete() {
         String userId = createUser();
-        Response response = realm.users().delete( userId );
+        Response response = realm.users().delete(userId);
         assertEquals(204, response.getStatus());
         response.close();
         assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userResourcePath(userId), ResourceType.USER);
@@ -288,7 +294,7 @@ public class UserTest extends AbstractAdminTest {
 
     @Test
     public void deleteNonExistent() {
-        Response response = realm.users().delete( "does-not-exist" );
+        Response response = realm.users().delete("does-not-exist");
         assertEquals(404, response.getStatus());
         response.close();
         assertAdminEvents.assertEmpty();
@@ -671,7 +677,7 @@ public class UserTest extends AbstractAdminTest {
 
     @Test
     public void updateUserWithNewUsername() {
-        switchEditUsernameAllowedOn();
+        switchEditUsernameAllowedOn(true);
         String id = createUser();
 
         UserResource user = realm.users().get(id);
@@ -681,13 +687,14 @@ public class UserTest extends AbstractAdminTest {
 
         userRep = realm.users().get(id).toRepresentation();
         assertEquals("user11", userRep.getUsername());
+
+        // Revert
+        switchEditUsernameAllowedOn(false);
     }
 
     @Test
     public void updateUserWithoutUsername() {
-
+        switchEditUsernameAllowedOn(true);
-
-        switchEditUsernameAllowedOn();
 
         String id = createUser();
 
@@ -711,6 +718,9 @@ public class UserTest extends AbstractAdminTest {
         assertEquals("user1@localhost", rep.getEmail());
         assertEquals("Firstname", rep.getFirstName());
         assertEquals("Lastname", rep.getLastName());
+
+        // Revert
+        switchEditUsernameAllowedOn(false);
     }
 
     @Test
@@ -728,7 +738,7 @@ public class UserTest extends AbstractAdminTest {
 
     @Test
     public void updateUserWithNewUsernameAccessingViaOldUsername() {
-        switchEditUsernameAllowedOn();
+        switchEditUsernameAllowedOn(true);
         createUser();
 
         try {
@@ -741,13 +751,15 @@ public class UserTest extends AbstractAdminTest {
             fail("Expected failure");
         } catch (ClientErrorException e) {
             assertEquals(404, e.getResponse().getStatus());
+        } finally {
+            switchEditUsernameAllowedOn(false);
         }
     }
 
     @Test
     public void updateUserWithExistingUsername() {
-        switchEditUsernameAllowedOn();
+        switchEditUsernameAllowedOn(true);
-        enableBruteForce();
+        enableBruteForce(true);
         createUser();
 
         UserRepresentation userRep = new UserRepresentation();
@@ -767,6 +779,9 @@ public class UserTest extends AbstractAdminTest {
             // TODO adminEvents: Event queue should be empty, but it's not because of bug in UsersResource.updateUser, which sends event earlier than transaction commit.
             // assertAdminEvents.assertEmpty();
             assertAdminEvents.poll();
+        } finally {
+            enableBruteForce(false);
+            switchEditUsernameAllowedOn(false);
         }
     }
 
@@ -927,16 +942,16 @@ public class UserTest extends AbstractAdminTest {
         assertEquals(111, users.search("test", 0, 1000).size());
     }
 
-    private void switchEditUsernameAllowedOn() {
+    private void switchEditUsernameAllowedOn(boolean enable) {
         RealmRepresentation rep = realm.toRepresentation();
-        rep.setEditUsernameAllowed(true);
+        rep.setEditUsernameAllowed(enable);
         realm.update(rep);
         assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
     }
 
-    private void enableBruteForce() {
+    private void enableBruteForce(boolean enable) {
         RealmRepresentation rep = realm.toRepresentation();
-        rep.setBruteForceProtected(true);
+        rep.setBruteForceProtected(enable);
         realm.update(rep);
         assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, Matchers.nullValue(String.class), rep, ResourceType.REALM);
     }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/AbstractAuthenticationTest.java

@@ -30,6 +30,7 @@ import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
 import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.testsuite.AbstractKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.util.AdminEventPaths;
 import org.keycloak.testsuite.util.AssertAdminEvents;
 import org.keycloak.testsuite.util.RealmBuilder;
@@ -196,6 +197,8 @@ public abstract class AbstractAuthenticationTest extends AbstractKeycloakTest {
         Response response = authMgmtResource.createFlow(flowRep);
         org.keycloak.testsuite.Assert.assertEquals(201, response.getStatus());
         response.close();
+        String flowId = ApiUtil.getCreatedId(response);
+        getCleanup().addAuthenticationFlowId(flowId);
         assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authFlowsPath()), flowRep, ResourceType.AUTH_FLOW);
     }
 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/authentication/FlowTest.java

@@ -24,7 +24,9 @@ import org.keycloak.events.admin.OperationType;
 import org.keycloak.events.admin.ResourceType;
 import org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation;
 import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.util.AdminEventPaths;
+import org.keycloak.testsuite.util.AssertAdminEvents;
 
 import javax.ws.rs.BadRequestException;
 import javax.ws.rs.NotFoundException;
@@ -45,15 +47,16 @@ public class FlowTest extends AbstractAuthenticationTest {
     // KEYCLOAK-3681: Delete top flow doesn't delete all subflows
     @Test
     public void testRemoveSubflows() {
-        authMgmtResource.createFlow(newFlow("Foo", "Foo flow", "generic", true, false));
+        createFlow(newFlow("Foo", "Foo flow", "generic", true, false));
         addFlowToParent("Foo", "child");
         addFlowToParent("child", "grandchild");
         
         List<AuthenticationFlowRepresentation> flows = authMgmtResource.getFlows();
         AuthenticationFlowRepresentation found = findFlowByAlias("Foo", flows);
         authMgmtResource.deleteFlow(found.getId());
+        assertAdminEvents.clear();
 
-        authMgmtResource.createFlow(newFlow("Foo", "Foo flow", "generic", true, false));
+        createFlow(newFlow("Foo", "Foo flow", "generic", true, false));
         addFlowToParent("Foo", "child");
         
         // Under the old code, this would throw an error because "grandchild"

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/AbstractClientTest.java

@@ -36,7 +36,6 @@ import org.keycloak.testsuite.util.RealmBuilder;
 
 import javax.ws.rs.core.Response;
 import java.util.List;
-import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
 
 /**
  *
@@ -50,9 +49,8 @@ public abstract class AbstractClientTest extends AbstractAuthTest {
     @Override
     public void setDefaultPageUriParameters() {
         super.setDefaultPageUriParameters();
-        testRealmPage.setAuthRealm(MASTER);
+        testRealmPage.setAuthRealm("test");
-        testRealmLoginPage.setAuthRealm(testRealmPage);
+        accountPage.setAuthRealm("test");
-        testRealmAccountPage.setAuthRealm(testRealmPage);
     }    
 
     @Before
@@ -75,7 +73,7 @@ public abstract class AbstractClientTest extends AbstractAuthTest {
     }
 
     protected String getRealmId() {
-        return MASTER;
+        return "test";
     }
 
     // returns UserRepresentation retrieved from server, with all fields, including id

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/InstallationTest.java

@@ -75,7 +75,7 @@ public class InstallationTest extends AbstractClientTest {
     }
 
     private String samlUrl() {
-        return authServerUrl() + "/realms/master/protocol/saml";
+        return authServerUrl() + "/realms/test/protocol/saml";
     }
 
     @Test
@@ -111,7 +111,7 @@ public class InstallationTest extends AbstractClientTest {
     }
 
     private void assertOidcInstallationConfig(String config) {
-        assertThat(config, containsString("master"));
+        assertThat(config, containsString("test"));
         assertThat(config, not(containsString(ApiUtil.findActiveKey(testRealmResource()).getPublicKey())));
         assertThat(config, containsString(authServerUrl()));
     }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/SessionTest.java

@@ -38,7 +38,7 @@ import static org.junit.Assert.assertNotNull;
  * @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
  */
 public class SessionTest extends AbstractClientTest {
-    private static boolean testUserCreated = false;
+
 
     @Page
     protected AccountManagement testRealmAccountManagementPage;
@@ -46,13 +46,18 @@ public class SessionTest extends AbstractClientTest {
     @Before
     public void init() {
         // make user test user exists in test realm
-        if (!testUserCreated) {
+        createTestUserWithAdminClient();
-            createTestUserWithAdminClient();
+        getCleanup().addUserId(testUser.getId());
 
-            assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.userResourcePath(testUser.getId()), ResourceType.USER);
+        assertAdminEvents.assertEvent(getRealmId(), OperationType.CREATE, AdminEventPaths.userResourcePath(testUser.getId()), ResourceType.USER);
-            assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.userResetPasswordPath(testUser.getId()), ResourceType.USER);
+        assertAdminEvents.assertEvent(getRealmId(), OperationType.ACTION, AdminEventPaths.userResetPasswordPath(testUser.getId()), ResourceType.USER);
-        }
+    }
-        testUserCreated = true;
+
+    @Override
+    public void setDefaultPageUriParameters() {
+        super.setDefaultPageUriParameters();
+        testRealmAccountManagementPage.setAuthRealm(getRealmId());
+        loginPage.setAuthRealm(getRealmId());
     }
 
     @Test

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ImportAuthorizationSettingsTest.java

@@ -17,20 +17,16 @@
 
 package org.keycloak.testsuite.admin.client.authorization;
 
-import static com.sun.corba.se.impl.oa.poa.Policies.defaultPolicies;
 import static org.junit.Assert.assertEquals;
 
-import java.util.List;
 
+import org.junit.After;
+import org.junit.Before;
 import org.junit.Test;
 import org.keycloak.admin.client.resource.AuthorizationResource;
 import org.keycloak.admin.client.resource.ClientResource;
-import org.keycloak.representations.adapters.config.PolicyEnforcerConfig;
 import org.keycloak.representations.idm.ClientRepresentation;
-import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
-import org.keycloak.representations.idm.authorization.PolicyRepresentation;
-import org.keycloak.representations.idm.authorization.ResourceRepresentation;
 import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
 import org.keycloak.util.JsonSerialization;
 
@@ -40,6 +36,27 @@ import org.keycloak.util.JsonSerialization;
  */
 public class ImportAuthorizationSettingsTest extends AbstractAuthorizationTest {
 
+    @Before
+    public void createRole() {
+        ClientResource clientResource = getClientResource();
+
+        RoleRepresentation role = new RoleRepresentation();
+        role.setName("admin");
+        clientResource.roles().create(role);
+    }
+
+    @After
+    public void onAfterAuthzTests() {
+        ClientResource clientResource = getClientResource();
+
+        // Needed to disable authz first. TODO: Looks like a bug. Check later...
+        ClientRepresentation client = clientResource.toRepresentation();
+        client.setAuthorizationServicesEnabled(false);
+        clientResource.update(client);
+
+        getClientResource().remove();
+    }
+
     @Test
     public void testImportUnorderedSettings() throws Exception {
         ClientResource clientResource = getClientResource();

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AbstractEventTest.java

@@ -17,9 +17,11 @@
 package org.keycloak.testsuite.admin.event;
 
 import org.junit.Before;
+import org.junit.Rule;
 import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
 import org.keycloak.testsuite.AbstractAuthTest;
+import org.keycloak.testsuite.util.TestCleanup;
 
 import java.util.Collections;
 import static org.keycloak.testsuite.auth.page.AuthRealm.MASTER;
@@ -32,14 +34,6 @@ public abstract class AbstractEventTest extends AbstractAuthTest {
 
     protected RealmEventsConfigRepresentation configRep;
 
-    @Override
-    public void setDefaultPageUriParameters() {
-        super.setDefaultPageUriParameters();
-        testRealmPage.setAuthRealm(MASTER);
-        testRealmLoginPage.setAuthRealm(testRealmPage);
-        testRealmAccountPage.setAuthRealm(testRealmPage);
-    }
-
     @Before
     public void setConfigRep() {
         RealmResource testRsc = testRealmResource();
@@ -51,6 +45,12 @@ public abstract class AbstractEventTest extends AbstractAuthTest {
         saveConfig();
     }
 
+    @Override
+    public void setDefaultPageUriParameters() {
+        testRealmPage.setAuthRealm("test");
+        accountPage.setAuthRealm("test");
+    }
+
     protected void saveConfig() {
         RealmResource testRsc = testRealmResource();
         testRsc.updateRealmEventsConfig(configRep);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventTest.java

@@ -59,7 +59,9 @@ public class AdminEventTest extends AbstractEventTest {
 
     private String createUser(String username) {
         UserRepresentation user = createUserRepresentation(username, username + "@foo.com", "foo", "bar", true);
-        return ApiUtil.createUserWithAdminClient(testRealmResource(), user);
+        String userId = ApiUtil.createUserWithAdminClient(testRealmResource(), user);
+        getCleanup().addUserId(userId);
+        return userId;
     }
 
     private void updateRealm() {
@@ -90,7 +92,7 @@ public class AdminEventTest extends AbstractEventTest {
         assertNull(event.getError());
 
         AuthDetailsRepresentation details = event.getAuthDetails();
-        assertEquals(realmName(), details.getRealmId());
+        assertEquals("master", details.getRealmId());
         assertNotNull(details.getClientId());
         assertNotNull(details.getUserId());
         assertNotNull(details.getIpAddress());
@@ -106,7 +108,7 @@ public class AdminEventTest extends AbstractEventTest {
         assertEquals("CREATE", event.getOperationType());
 
         assertEquals(realmName(), event.getRealmId());
-        assertEquals(realmName(), event.getAuthDetails().getRealmId());
+        assertEquals("master", event.getAuthDetails().getRealmId());
         assertNull(event.getRepresentation());
     }
 
@@ -130,7 +132,7 @@ public class AdminEventTest extends AbstractEventTest {
         updateRealm();
         assertEquals(3, events().size());
 
-        List<AdminEventRepresentation> events = testRealmResource().getAdminEvents(Arrays.asList("CREATE"), realmName(), null, null, null, null, null, null, null, null);
+        List<AdminEventRepresentation> events = testRealmResource().getAdminEvents(Arrays.asList("CREATE"), null, null, null, null, null, null, null, null, null);
         assertEquals(2, events.size());
     }
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/LoginEventsTest.java

@@ -60,7 +60,7 @@ public class LoginEventsTest extends AbstractEventTest {
     }
 
     private void badLogin() {
-        loginEventsPage.navigateTo();
+        accountPage.navigateTo();
         loginPage.form().login("bad", "user");
     }
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java

@@ -142,6 +142,7 @@ public class GroupTest extends AbstractGroupTest {
     private GroupRepresentation createGroup(RealmResource realm, GroupRepresentation group) {
         Response response = realm.groups().add(group);
         String groupId = ApiUtil.getCreatedId(response);
+        getCleanup().addGroupId(groupId);
         response.close();
 
         assertAdminEvents.assertEvent("test", OperationType.CREATE, AdminEventPaths.groupPath(groupId), group, ResourceType.GROUP);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmRolesTest.java

@@ -65,6 +65,8 @@ public class RealmRolesTest extends AbstractAdminTest {
         ClientRepresentation clientRep = ClientBuilder.create().clientId("client-a").build();
         Response response = adminClient.realm(REALM_NAME).clients().create(clientRep);
         clientUuid = ApiUtil.getCreatedId(response);
+        getCleanup().addClientUuid(clientUuid);
+        response.close();
 
         RoleRepresentation roleC = RoleBuilder.create().name("role-c").description("Role C").build();
         adminClient.realm(REALM_NAME).clients().get(clientUuid).roles().create(roleC);
@@ -77,6 +79,10 @@ public class RealmRolesTest extends AbstractAdminTest {
             ids.put(r.getName(), r.getId());
         }
 
+        getCleanup().addRoleId(ids.get("role-a"));
+        getCleanup().addRoleId(ids.get("role-b"));
+        getCleanup().addRoleId(ids.get("role-c"));
+
         resource = adminClient.realm(REALM_NAME).roles();
 
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-a"), roleA, ResourceType.REALM_ROLE);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java

@@ -202,6 +202,17 @@ public class RealmTest extends AbstractAdminTest {
         realm.remove();
 
         Assert.assertNames(adminClient.realms().findAll(), "master", AuthRealm.TEST);
+
+        // Re-create realm
+        reCreateRealm();
+    }
+
+    private void reCreateRealm() {
+        // Re-create realm
+        RealmRepresentation realmRep = testContext.getTestRealmReps().stream().filter((RealmRepresentation realm) -> {
+            return realm.getRealm().equals(REALM_NAME);
+        }).findFirst().get();
+        adminClient.realms().create(realmRep);
     }
 
     @Test
@@ -210,6 +221,8 @@ public class RealmTest extends AbstractAdminTest {
 
         ServerInfoResource serverInfoResource = Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", "master", "admin", "admin", Constants.ADMIN_CLI_CLIENT_ID).serverInfo();
         serverInfoResource.getInfo();
+
+        reCreateRealm();
     }
 
     /**
@@ -608,6 +621,7 @@ public class RealmTest extends AbstractAdminTest {
         client.setSecret("secret");
         Response resp = realm.clients().create(client);
         String clientDbId = ApiUtil.getCreatedId(resp);
+        getCleanup().addClientUuid(clientDbId);
         resp.close();
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(clientDbId), client, ResourceType.CLIENT);
 
@@ -618,6 +632,7 @@ public class RealmTest extends AbstractAdminTest {
         Response response = realm.users().create(userRep);
         String userId = ApiUtil.getCreatedId(response);
         response.close();
+        getCleanup().addUserId(userId);
         assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(userId), userRep, ResourceType.USER);
 
         realm.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build());

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java

@@ -20,10 +20,14 @@ package org.keycloak.testsuite.broker;
 import java.util.List;
 
 import org.jboss.arquillian.graphene.page.Page;
+import org.junit.After;
+import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.Assert;
 import org.keycloak.testsuite.Retry;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AccountPasswordPage;
 import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
 import org.keycloak.testsuite.pages.ErrorPage;
@@ -82,6 +86,22 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
     }
 
 
+    @After
+    public void cleanupUsers() {
+        RealmResource providerRealm = adminClient.realm(bc.providerRealmName());
+        UserRepresentation userRep = ApiUtil.findUserByUsername(providerRealm, bc.getUserLogin());
+        if (userRep != null) {
+            providerRealm.users().get(userRep.getId()).remove();
+        }
+
+        RealmResource childRealm = adminClient.realm(bc.consumerRealmName());
+        userRep = ApiUtil.findUserByUsername(childRealm, bc.getUserLogin());
+        if (userRep != null) {
+            childRealm.users().get(userRep.getId()).remove();
+        }
+    }
+
+
     protected void logInAsUserInIDP() {
         driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java

@@ -1,5 +1,6 @@
 package org.keycloak.testsuite.broker;
 
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -13,6 +14,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.Assert;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.ConsentPage;
 import org.keycloak.testsuite.util.*;
 
@@ -39,7 +41,7 @@ import static org.keycloak.testsuite.broker.BrokerTestTools.*;
 public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest {
 
     @Before
-    public void createUser() {
+    public void beforeBrokerTest() {
         log.debug("creating user for realm " + bc.providerRealmName());
 
         UserRepresentation user = new UserRepresentation();
@@ -52,18 +54,16 @@ public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest {
         userId = createUserWithAdminClient(realmResource, user);
 
         resetUserPassword(realmResource.users().get(userId), bc.getUserPassword(), false);
-    }
 
-    @Before
+        if (testContext.isInitialized()) {
-    public void addIdentityProviderToProviderRealm() {
+            return;
+        }
+
         log.debug("adding identity provider to realm " + bc.consumerRealmName());
-
         RealmResource realm = adminClient.realm(bc.consumerRealmName());
         realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext));
-    }
 
-    @Before
+        // addClients
-    public void addClients() {
         List<ClientRepresentation> clients = bc.createProviderClients(suiteContext);
         if (clients != null) {
             RealmResource providerRealm = adminClient.realm(bc.providerRealmName());
@@ -83,6 +83,8 @@ public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest {
                 consumerRealm.clients().create(client);
             }
         }
+
+        testContext.setInitialized(true);
     }
 
 
@@ -302,6 +304,13 @@ public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest {
         consentPage.cancel();
 
         waitForPage(driver, "log in to");
+
+        // Revert consentRequired
+        adminClient.realm(bc.providerRealmName())
+                .clients()
+                .get(client.getId())
+                .update(ClientBuilder.edit(client).consentRequired(false).build());
+
     }
 
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractUserAttributeMapperTest.java

@@ -49,12 +49,13 @@ public abstract class AbstractUserAttributeMapperTest extends AbstractBaseBroker
 
         RealmResource realm = adminClient.realm(bc.consumerRealmName());
         final IdentityProviderRepresentation idp = bc.setUpIdentityProvider(suiteContext);
-        realm.identityProviders().create(idp);
+        Response resp = realm.identityProviders().create(idp);
+        resp.close();
 
         IdentityProviderResource idpResource = realm.identityProviders().get(idp.getAlias());
         for (IdentityProviderMapperRepresentation mapper : createIdentityProviderMappers()) {
             mapper.setIdentityProviderAlias(bc.getIDPAlias());
-            Response resp = idpResource.addMapper(mapper);
+            resp = idpResource.addMapper(mapper);
             resp.close();
         }
     }
@@ -67,7 +68,8 @@ public abstract class AbstractUserAttributeMapperTest extends AbstractBaseBroker
             for (ClientRepresentation client : clients) {
                 log.debug("adding client " + client.getName() + " to realm " + bc.providerRealmName());
 
-                providerRealm.clients().create(client);
+                Response resp = providerRealm.clients().create(client);
+                resp.close();
             }
         }
 
@@ -77,7 +79,8 @@ public abstract class AbstractUserAttributeMapperTest extends AbstractBaseBroker
             for (ClientRepresentation client : clients) {
                 log.debug("adding client " + client.getName() + " to realm " + bc.consumerRealmName());
 
-                consumerRealm.clients().create(client);
+                Response resp = consumerRealm.clients().create(client);
+                resp.close();
             }
         }
     }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AccountLinkTest.java

@@ -75,47 +75,41 @@ public class AccountLinkTest extends AbstractKeycloakTest {
     }
 
     @Before
-    public void addIdpUser() {
+    public void beforeBrokerTest() {
-        RealmResource realm = adminClient.realms().realm(PARENT_IDP);
+        if (testContext.isInitialized()) {
+            return;
+        }
+
+        // addIdpUser
+        RealmResource realmParent = adminClient.realms().realm(PARENT_IDP);
         UserRepresentation user = new UserRepresentation();
         user.setUsername(PARENT_USERNAME);
         user.setEnabled(true);
-        String userId = createUserAndResetPasswordWithAdminClient(realm, user, "password");
+        String userId = createUserAndResetPasswordWithAdminClient(realmParent, user, "password");
 
-    }
+        // addChildUser
-
+        RealmResource realmChild = adminClient.realms().realm(CHILD_IDP);
-    @Before
+        user = new UserRepresentation();
-    public void addChildUser() {
-        RealmResource realm = adminClient.realms().realm(CHILD_IDP);
-        UserRepresentation user = new UserRepresentation();
         user.setUsername("child");
         user.setEnabled(true);
-        String userId = createUserAndResetPasswordWithAdminClient(realm, user, "password");
+        userId = createUserAndResetPasswordWithAdminClient(realmChild, user, "password");
 
-    }
+        // setupUserStorageProvider
-
-    @Before
-    public void setupUserStorageProvider() {
         ComponentRepresentation provider = new ComponentRepresentation();
         provider.setName("passthrough");
         provider.setProviderId(PassThroughFederatedUserStorageProviderFactory.PROVIDER_ID);
         provider.setProviderType(UserStorageProvider.class.getName());
         provider.setConfig(new MultivaluedHashMap<>());
         provider.getConfig().putSingle("priority", Integer.toString(1));
+        realmChild.components().add(provider);
 
-        RealmResource realm = adminClient.realms().realm(CHILD_IDP);
+        // createBroker
-        realm.components().add(provider);
-
-
-
-
-    }
-
-    @Before
-    public void createBroker() {
         createParentChild();
+
+        testContext.setInitialized(true);
     }
 
+
     public void createParentChild() {
         BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext);
     }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOIDCBrokerWithSignatureTest.java

@@ -78,7 +78,8 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
         log.debug("adding identity provider to realm " + bc.consumerRealmName());
 
         RealmResource realm = adminClient.realm(bc.consumerRealmName());
-        realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext));
+        Response resp = realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext));
+        resp.close();
     }
 
 
@@ -90,7 +91,8 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
             for (ClientRepresentation client : clients) {
                 log.debug("adding client " + client.getName() + " to realm " + bc.providerRealmName());
 
-                providerRealm.clients().create(client);
+                Response resp = providerRealm.clients().create(client);
+                resp.close();
             }
         }
 
@@ -100,7 +102,8 @@ public class KcOIDCBrokerWithSignatureTest extends AbstractBaseBrokerTest {
             for (ClientRepresentation client : clients) {
                 log.debug("adding client " + client.getName() + " to realm " + bc.consumerRealmName());
 
-                consumerRealm.clients().create(client);
+                Response resp = consumerRealm.clients().create(client);
+                resp.close();
             }
         }
     }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractClientRegistrationTest.java

@@ -108,9 +108,9 @@ public abstract class AbstractClientRegistrationTest extends AbstractKeycloakTes
         return response;
     }
 
-    public ClientRepresentation getClient(String clientId) {
+    public ClientRepresentation getClient(String clientUuid) {
         try {
-            return adminClient.realm(REALM_NAME).clients().get(clientId).toRepresentation();
+            return adminClient.realm(REALM_NAME).clients().get(clientUuid).toRepresentation();
         } catch (NotFoundException e) {
             return null;
         }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AdapterInstallationConfigTest.java

@@ -24,6 +24,7 @@ import org.keycloak.client.registration.HttpErrorException;
 import org.keycloak.common.enums.SslRequired;
 import org.keycloak.representations.adapters.config.AdapterConfig;
 import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.testsuite.admin.ApiUtil;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
@@ -51,6 +52,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
         client.setRootUrl("http://root");
         client = createClient(client);
         client.setSecret("RegistrationAccessTokenTestClientSecret");
+        getCleanup().addClientUuid(client.getId());
 
         client2 = new ClientRepresentation();
         client2.setEnabled(true);
@@ -60,6 +62,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
         client2.setRegistrationAccessToken("RegistrationAccessTokenTestRegistrationAccessToken");
         client2.setRootUrl("http://root");
         client2 = createClient(client2);
+        getCleanup().addClientUuid(client2.getId());
 
         clientPublic = new ClientRepresentation();
         clientPublic.setEnabled(true);
@@ -68,6 +71,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
         clientPublic.setRegistrationAccessToken("RegistrationAccessTokenTestRegistrationAccessTokenPublic");
         clientPublic.setRootUrl("http://root");
         clientPublic = createClient(clientPublic);
+        getCleanup().addClientUuid(clientPublic.getId());
     }
 
     @Test
@@ -80,7 +84,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
 
     @Test
     public void getConfig() throws ClientRegistrationException {
-        reg.auth(Auth.client(client.getClientId(), client.getSecret()));
+        reg.auth(Auth.client(client.getClientId(), "RegistrationAccessTokenTestClientSecret"));
 
         AdapterConfig config = reg.getAdapterConfig(client.getClientId());
         assertNotNull(config);
@@ -89,7 +93,7 @@ public class AdapterInstallationConfigTest extends AbstractClientRegistrationTes
         assertEquals("test", config.getRealm());
 
         assertEquals(1, config.getCredentials().size());
-        assertEquals(client.getSecret(), config.getCredentials().get("secret"));
+        assertEquals("RegistrationAccessTokenTestClientSecret", config.getCredentials().get("secret"));
 
         assertEquals(client.getClientId(), config.getResource());
         assertEquals(SslRequired.EXTERNAL.name().toLowerCase(), config.getSslRequired());

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRedirectTest.java

@@ -47,7 +47,7 @@ public class ClientRedirectTest extends AbstractTestRealmKeycloakTest {
      *
      * @throws Exception
      */
-    //@Test
+    @Test
     public void testClientRedirectEndpoint() throws Exception {
         oauth.doLogin("test-user@localhost", "password");
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java

@@ -23,6 +23,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
 
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.keycloak.admin.client.resource.RealmResource;
@@ -80,12 +81,16 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         testRealms.get(0).setPublicKey(PUBLIC_KEY);
     }
 
-    @Before
+    @After
-    public void before() throws Exception {
+    public void after() throws Exception {
-        super.before();
+        super.after();
-//
+
-//        ClientInitialAccessPresentation token = adminClient.realm(REALM_NAME).clientInitialAccess().create(new ClientInitialAccessCreatePresentation(0, 10));
+        // Default setup of trustedHostPolicy
-//        reg.auth(Auth.token(token));
+        ComponentRepresentation trustedHostPolicy = findPolicyByProviderAndAuth(TrustedHostClientRegistrationPolicyFactory.PROVIDER_ID, getPolicyAnon());
+        trustedHostPolicy.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.HOST_SENDING_REGISTRATION_REQUEST_MUST_MATCH, "true");
+        trustedHostPolicy.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.CLIENT_URIS_MUST_MATCH, "true");
+        trustedHostPolicy.getConfig().put(TrustedHostClientRegistrationPolicyFactory.TRUSTED_HOSTS, Collections.emptyList());
+        realmResource().components().component(trustedHostPolicy.getId()).update(trustedHostPolicy);
     }
 
     private RealmResource realmResource() {
@@ -175,7 +180,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         assertOidcFail(ClientRegOp.CREATE, client, 403, "Host not trusted");
 
         // Should still fail (bad redirect_uri)
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
         assertOidcFail(ClientRegOp.CREATE, client, 403, "URL doesn't match");
 
         // Should still fail (bad base_uri)
@@ -194,7 +199,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testAnonUpdateWithTrustedHost() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
         OIDCClientRepresentation client = create();
 
         // Fail update client
@@ -235,7 +240,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testAnonConsentRequired() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
         OIDCClientRepresentation client = create();
 
         // Assert new client has consent required
@@ -255,7 +260,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testAnonFullScopeAllowed() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
         OIDCClientRepresentation client = create();
 
         // Assert new client has fullScopeAllowed disabled
@@ -275,7 +280,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testClientDisabledPolicy() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Assert new client is enabled
         OIDCClientRepresentation client = create();
@@ -290,7 +295,9 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         rep.setProviderId(ClientDisabledClientRegistrationPolicyFactory.PROVIDER_ID);
         rep.setProviderType(ClientRegistrationPolicy.class.getName());
         rep.setSubType(getPolicyAnon());
-        realmResource().components().add(rep).close();
+        Response response = realmResource().components().add(rep);
+        String policyId = ApiUtil.getCreatedId(response);
+        response.close();
 
         // Assert new client is disabled
         client = create();
@@ -305,12 +312,15 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         // Try update disabled client. Should pass
         clientRep.setEnabled(false);
         reg.update(clientRep);
+
+        // Revert
+        realmResource().components().component(policyId).remove();
     }
 
 
     @Test
     public void testMaxClientsPolicy() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         int clientsCount = realmResource().clients().findAll().size();
         int newClientsLimit = clientsCount + 1;
@@ -325,6 +335,10 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
         // I can't register more clients
         assertOidcFail(ClientRegOp.CREATE, createRepOidc(), 403, "It's allowed to have max " + newClientsLimit + " clients per realm");
+
+        // Revert
+        maxClientsPolicyRep.getConfig().putSingle(MaxClientsClientRegistrationPolicyFactory.MAX_CLIENTS, String.valueOf(10000));
+        realmResource().components().component(maxClientsPolicyRep.getId()).update(maxClientsPolicyRep);
     }
 
 
@@ -355,11 +369,15 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         // Add some clientTemplates
         ClientTemplateRepresentation clientTemplate = new ClientTemplateRepresentation();
         clientTemplate.setName("foo");
-        realmResource().clientTemplates().create(clientTemplate);
+        Response response = realmResource().clientTemplates().create(clientTemplate);
+        String fooTemplateId = ApiUtil.getCreatedId(response);
+        response.close();
 
         clientTemplate = new ClientTemplateRepresentation();
         clientTemplate.setName("bar");
-        realmResource().clientTemplates().create(clientTemplate);
+        response = realmResource().clientTemplates().create(clientTemplate);
+        String barTemplateId = ApiUtil.getCreatedId(response);
+        response.close();
 
         // send request again and test that clientTemplate provider contains added client templates
         reps = realmResource().clientRegistrationPolicy().getProviders();
@@ -371,6 +389,10 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
         clientTemplates = getProviderConfigProperty(clientTemplateRep, ClientTemplatesClientRegistrationPolicyFactory.ALLOWED_CLIENT_TEMPLATES);
         Assert.assertNames(clientTemplates, "foo", "bar");
+
+        // Revert client templates
+        realmResource().clientTemplates().get(fooTemplateId).remove();
+        realmResource().clientTemplates().get(barTemplateId).remove();
     }
 
     private List<String> getProviderConfigProperty(ComponentTypeRepresentation provider, String expectedConfigPropName) {
@@ -394,12 +416,14 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testClientTemplatesPolicy() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Add some clientTemplate through Admin REST
         ClientTemplateRepresentation clientTemplate = new ClientTemplateRepresentation();
         clientTemplate.setName("foo");
-        realmResource().clientTemplates().create(clientTemplate);
+        Response response = realmResource().clientTemplates().create(clientTemplate);
+        String clientTemplateId = ApiUtil.getCreatedId(response);
+        response.close();
 
         // I can't register new client with this template
         ClientRepresentation clientRep = createRep("test-app");
@@ -422,17 +446,23 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
         // Now the update via clientRegistration is permitted too as template was already set
         reg.update(registeredClient);
+
+        // Revert client template
+        realmResource().clients().get(client.getId()).remove();
+        realmResource().clientTemplates().get(clientTemplateId).remove();
     }
 
 
     @Test
     public void testClientTemplatesPolicyWithPermittedTemplate() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Add some clientTemplate through Admin REST
         ClientTemplateRepresentation clientTemplate = new ClientTemplateRepresentation();
         clientTemplate.setName("foo");
-        realmResource().clientTemplates().create(clientTemplate);
+        Response response = realmResource().clientTemplates().create(clientTemplate);
+        String clientTemplateId = ApiUtil.getCreatedId(response);
+        response.close();
 
         // I can't register new client with this template
         ClientRepresentation clientRep = createRep("test-app");
@@ -447,6 +477,10 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         // Check that I can register client now
         ClientRepresentation registeredClient = reg.create(clientRep);
         Assert.assertNotNull(registeredClient.getRegistrationAccessToken());
+
+        // Revert client template
+        ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
+        realmResource().clientTemplates().get(clientTemplateId).remove();
     }
 
 
@@ -454,7 +488,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testProtocolMappersCreate() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Try to add client with some "hardcoded role" mapper. Should fail
         ClientRepresentation clientRep = createRep("test-app");
@@ -480,6 +514,11 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         clientRep.setProtocolMappers(Collections.singletonList(createHardcodedMapperRep()));
         reg.auth(null);
         assertFail(ClientRegOp.CREATE, clientRep, 403, "ProtocolMapper type not allowed");
+
+        // Revert policy change
+        ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
+        protocolMapperPolicyRep.getConfig().remove(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, HardcodedRole.PROVIDER_ID);
+        realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
     }
 
 
@@ -497,7 +536,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
     @Test
     public void testProtocolMappersUpdate() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Check I can add client with allowed protocolMappers
         ProtocolMapperRepresentation protocolMapper = new ProtocolMapperRepresentation();
@@ -526,12 +565,15 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
 
         // Check I can update client now
         reg.update(registeredClient);
+
+        // Revert client
+        ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
     }
 
 
     @Test
     public void testProtocolMappersConsentRequired() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Register client and assert it has builtin protocol mappers
         ClientRepresentation clientRep = createRep("test-app");
@@ -555,12 +597,17 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
             return protocolMapper.getProtocolMapper().equals(UserPropertyMapper.PROVIDER_ID);
         }).count();
         Assert.assertEquals(0, usernamePropMappersCount);
+
+        // Revert
+        ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
+        protocolMapperPolicyRep.getConfig().getList(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES).add(UserPropertyMapper.PROVIDER_ID);
+        realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
     }
 
 
     @Test
     public void testProtocolMappersRemoveBuiltins() throws Exception {
-        setTrustedHost("localhost", getPolicyAnon());
+        setTrustedHost("localhost");
 
         // Change policy to allow hardcoded mapper
 
@@ -577,6 +624,11 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         ProtocolMapperRepresentation hardcodedMapper = registeredClient.getProtocolMappers().get(0);
         Assert.assertTrue(hardcodedMapper.isConsentRequired());
         Assert.assertEquals("Hardcoded foo role", hardcodedMapper.getConsentText());
+
+        // Revert
+        ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
+        protocolMapperPolicyRep.getConfig().remove(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, HardcodedRole.PROVIDER_ID);
+        realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
     }
 
     // HELPER METHODS
@@ -601,8 +653,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
         return null;
     }
 
-    private void setTrustedHost(String hostname, String policyType) {
+    private void setTrustedHost(String hostname) {
-        List<ComponentRepresentation> reps = realmResource().components().query(REALM_NAME, getPolicyAnon());
         ComponentRepresentation trustedHostRep = findPolicyByProviderAndAuth(TrustedHostClientRegistrationPolicyFactory.PROVIDER_ID, getPolicyAnon());
         trustedHostRep.getConfig().putSingle(TrustedHostClientRegistrationPolicyFactory.TRUSTED_HOSTS, hostname);
         realmResource().components().component(trustedHostRep.getId()).update(trustedHostRep);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java

@@ -52,6 +52,9 @@ public class ClientRegistrationTest extends AbstractClientRegistrationTest {
         client = adminClient.realm(REALM_NAME).clients().get(createdClient.getId()).toRepresentation();
         assertEquals(CLIENT_ID, client.getClientId());
 
+        // Remove this client after test
+        getCleanup().addClientUuid(createdClient.getId());
+
         return client;
     }
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCJwksClientRegistrationTest.java

@@ -31,6 +31,7 @@ import javax.ws.rs.core.UriBuilder;
 import org.apache.http.HttpResponse;
 import org.apache.http.NameValuePair;
 import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.DefaultHttpClient;
@@ -369,12 +370,12 @@ public class OIDCJwksClientRegistrationTest extends AbstractClientRegistrationTe
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
 
-        HttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters);
         return new OAuthClient.AccessTokenResponse(response);
     }
 
 
-    private HttpResponse sendRequest(String requestUrl, List<NameValuePair> parameters) throws Exception {
+    private CloseableHttpResponse sendRequest(String requestUrl, List<NameValuePair> parameters) throws Exception {
         CloseableHttpClient client = new DefaultHttpClient();
         try {
             HttpPost post = new HttpPost(requestUrl);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java

@@ -48,6 +48,7 @@ public class RegistrationAccessTokenTest extends AbstractClientRegistrationTest
         c.setRootUrl("http://root");
 
         client = createClient(c);
+        getCleanup().addClientUuid(client.getId());
 
         c = new ClientRepresentation();
         c.setEnabled(true);
@@ -55,7 +56,8 @@ public class RegistrationAccessTokenTest extends AbstractClientRegistrationTest
         c.setSecret("RegistrationAccessTokenTestClientSecret");
         c.setRootUrl("http://root");
 
-        createClient(c);
+        c = createClient(c);
+        getCleanup().addClientUuid(c.getId());
 
         reg.auth(Auth.token(client.getRegistrationAccessToken()));
     }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java

@@ -155,10 +155,53 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest {
     }
 
     @Before
-    public void addScopeMappings() {
+    public void before() {
+        if (testContext.isInitialized()) {
+            return;
+        }
+
+        // addScopeMappings
         addRealmLevelScopeMapping("REALM_COMPOSITE_1_APPLICATION", "REALM_COMPOSITE_1");
         addRealmLevelScopeMapping("REALM_ROLE_1_APPLICATION", "REALM_ROLE_1");
         addClientLevelScopeMapping("APP_COMPOSITE_APPLICATION", "APP_ROLE_APPLICATION", "APP_ROLE_2");
+
+        // createRealmAppCompositeRole
+        ClientResource appRoleApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION");
+        RoleResource appRole1 = appRoleApplication.roles().get("APP_ROLE_1");
+
+        RoleBuilder realmAppCompositeRole = RoleBuilder.create()
+                .name("REALM_APP_COMPOSITE_ROLE");
+
+        testRealm().roles().create(realmAppCompositeRole.build());
+        String id = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation().getId();
+        testRealm().rolesById().addComposites(id, Collections.singletonList(appRole1.toRepresentation()));
+
+        // addRealmAppCompositeToUsers
+        UserResource userRsc = ApiUtil.findUserByUsernameId(testRealm(), "REALM_APP_COMPOSITE_USER");
+        RoleRepresentation realmAppCompositeRolee = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation();
+        userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRolee));
+
+        // addRealmAppCompositeToUsers2
+        userRsc = ApiUtil.findUserByUsernameId(testRealm(), "APP_COMPOSITE_USER");
+        userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRolee));
+
+        ClientResource appCompositeApplication = ApiUtil.findClientByClientId(testRealm(), "APP_COMPOSITE_APPLICATION");
+        RoleResource appCompositeRole = appCompositeApplication.roles().get("APP_COMPOSITE_ROLE");
+
+        // addCompositeRolesToAppCompositeRoleInAppCompositeApplication
+        List<RoleRepresentation> toAdd = new LinkedList<>();
+        toAdd.add(testRealm().roles().get("REALM_ROLE_1").toRepresentation());
+        toAdd.add(testRealm().roles().get("REALM_ROLE_2").toRepresentation());
+        toAdd.add(testRealm().roles().get("REALM_ROLE_3").toRepresentation());
+
+        ClientResource appRolesApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION");
+        RoleRepresentation appRole1Rep = appRolesApplication.roles().get("APP_ROLE_1").toRepresentation();
+        toAdd.add(appRole1Rep);
+
+        appCompositeRole.addComposites(toAdd);
+
+        // Track that we initialized model already
+        testContext.setInitialized(true);
     }
 
     private void addRealmLevelScopeMapping(String clientId, String roleName) {
@@ -174,50 +217,6 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest {
         targetClient.getScopeMappings().clientLevel(sourceClient.toRepresentation().getId()).add(Collections.singletonList(role));
     }
 
-    @Before
-    public void createRealmAppCompositeRole() {
-        ClientResource appRoleApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION");
-        RoleResource appRole1 = appRoleApplication.roles().get("APP_ROLE_1");
-
-        RoleBuilder realmAppCompositeRole = RoleBuilder.create()
-                .name("REALM_APP_COMPOSITE_ROLE");
-
-        testRealm().roles().create(realmAppCompositeRole.build());
-        String id = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation().getId();
-        testRealm().rolesById().addComposites(id, Collections.singletonList(appRole1.toRepresentation()));
-    }
-
-    @Before
-    public void addRealmAppCompositeToUsers() {
-        UserResource userRsc = ApiUtil.findUserByUsernameId(testRealm(), "REALM_APP_COMPOSITE_USER");
-        RoleRepresentation realmAppCompositeRole = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation();
-        userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRole));
-    }
-
-    @Before
-    public void addRealmAppCompositeToUser2() {
-        UserResource userRsc = ApiUtil.findUserByUsernameId(testRealm(), "APP_COMPOSITE_USER");
-        RoleRepresentation realmAppCompositeRole = testRealm().roles().get("REALM_APP_COMPOSITE_ROLE").toRepresentation();
-        userRsc.roles().realmLevel().add(Collections.singletonList(realmAppCompositeRole));
-    }
-
-    @Before
-    public void addCompositeRolesToAppCompositeRoleInAppCompositeApplication() {
-        ClientResource appCompositeApplication = ApiUtil.findClientByClientId(testRealm(), "APP_COMPOSITE_APPLICATION");
-        RoleResource appCompositeRole = appCompositeApplication.roles().get("APP_COMPOSITE_ROLE");
-
-        List<RoleRepresentation> toAdd = new LinkedList<>();
-        toAdd.add(testRealm().roles().get("REALM_ROLE_1").toRepresentation());
-        toAdd.add(testRealm().roles().get("REALM_ROLE_2").toRepresentation());
-        toAdd.add(testRealm().roles().get("REALM_ROLE_3").toRepresentation());
-
-        ClientResource appRolesApplication = ApiUtil.findClientByClientId(testRealm(), "APP_ROLE_APPLICATION");
-        RoleRepresentation appRole1 = appRolesApplication.roles().get("APP_ROLE_1").toRepresentation();
-        toAdd.add(appRole1);
-
-        appCompositeRole.addComposites(toAdd);
-    }
-
     @Page
     protected LoginPage loginPage;
 
@@ -361,6 +360,8 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest {
         realmRoles = userResource.roles().realmLevel().listEffective();
         Assert.assertNames(realmRoles, "REALM_COMPOSITE_1", "REALM_ROLE_1");
 
+        // Revert
+        testRealm().roles().get("REALM_ROLE_1").deleteComposites(Collections.singletonList(realmComposite1));
     }
 
 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java

@@ -125,7 +125,9 @@ public abstract class AbstractKerberosTest extends AbstractAuthTest {
         oauth.clientId("kerberos-app");
 
         ComponentRepresentation rep = getUserStorageConfiguration();
-        testRealmResource().components().add(rep);
+        Response resp = testRealmResource().components().add(rep);
+        getCleanup().addComponentId(ApiUtil.getCreatedId(resp));
+        resp.close();
     }
 
     @After

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageTest.java

@@ -14,9 +14,12 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 import javax.ws.rs.NotFoundException;
+import javax.ws.rs.core.Response;
+
 import org.apache.commons.io.FileUtils;
 import org.jboss.arquillian.container.test.api.Deployment;
 import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.After;
 import org.junit.Assert;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
@@ -101,6 +104,22 @@ public class UserStorageTest extends AbstractAuthTest {
 
     }
 
+    @After
+    public void removeTestUser() throws URISyntaxException, IOException {
+        testingClient.server().run(session -> {
+            RealmModel realm = session.realms().getRealmByName("test");
+            if (realm == null) {
+                return;
+            }
+
+            UserModel user = session.users().getUserByUsername("thor", realm);
+            if (user != null) {
+                session.userLocalStorage().removeUser(realm, user);
+                session.userCache().clear();
+            }
+        });
+    }
+
     protected ComponentRepresentation newPropProviderRW() {
         ComponentRepresentation propProviderRW = new ComponentRepresentation();
         propProviderRW.setName("user-props");
@@ -114,7 +133,11 @@ public class UserStorageTest extends AbstractAuthTest {
     }
 
     protected String addComponent(ComponentRepresentation component) {
-        return ApiUtil.getCreatedId(testRealmResource().components().add(component));
+        Response resp = testRealmResource().components().add(component);
+        resp.close();
+        String id = ApiUtil.getCreatedId(resp);
+        getCleanup().addComponentId(id);
+        return id;
     }
 
     private void loginSuccessAndLogout(String username, String password) {
@@ -547,6 +570,9 @@ public class UserStorageTest extends AbstractAuthTest {
             UserMapStorage.realmRemovals.set(0);
         });
 
+        // Re-create realm
+        RealmRepresentation repOrig = testContext.getTestRealmReps().get(0);
+        adminClient.realms().create(repOrig);
     }
 
     @Test

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/CustomFlowTest.java

@@ -96,6 +96,11 @@ public class CustomFlowTest extends AbstractFlowTest {
     public void configureFlows() {
         userId = findUser("login-test").getId();
 
+        // Do this just once per class
+        if (testContext.isInitialized()) {
+            return;
+        }
+
         AuthenticationFlowRepresentation flow = FlowBuilder.create()
                                                            .alias("dummy")
                                                            .description("dummy pass through flow")
@@ -169,6 +174,8 @@ public class CustomFlowTest extends AbstractFlowTest {
                         .authenticatorFlow(false)
                         .build();
         testRealm().flows().addExecution(execution);
+
+        testContext.setInitialized(true);
     }
 
 
@@ -240,16 +247,16 @@ public class CustomFlowTest extends AbstractFlowTest {
         loginPage.login("test-user@localhost", "password");
         Assert.assertTrue(termsPage.isCurrent());
 
-
+        // Revert dummy flow
-
+        rep.setBrowserFlow("dummy");
-
+        testRealm().update(rep);
-
     }
 
     @Test
     public void loginSuccess() {
         AuthenticatorState state = new AuthenticatorState();
         state.setUsername("login-test");
+        state.setClientId("test-app");
         testingClient.testing().updateAuthenticator(state);
 
         oauth.openLoginForm();
@@ -264,6 +271,7 @@ public class CustomFlowTest extends AbstractFlowTest {
     public void grantTest() throws Exception {
         AuthenticatorState state = new AuthenticatorState();
         state.setUsername("login-test");
+        state.setClientId("test-app");
         testingClient.testing().updateAuthenticator(state);
 
         grantAccessToken("test-app", "login-test");
@@ -297,6 +305,9 @@ public class CustomFlowTest extends AbstractFlowTest {
                 .removeDetail(Details.CONSENT)
                 .error(Errors.INVALID_CLIENT_CREDENTIALS)
                 .assertEvent();
+
+        state.setClientId("test-app");
+        testingClient.testing().updateAuthenticator(state);
     }
 
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java

@@ -30,6 +30,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
 import org.keycloak.testsuite.pages.ErrorPage;
@@ -275,16 +276,6 @@ public class LoginTest extends AbstractTestRealmKeycloakTest {
     @Test
     // KEYCLOAK-2557
     public void loginUserWithEmailAsUsername() {
-        UserRepresentation rep = UserBuilder.create()
-                                            .enabled(true)
-                                            .id("foo")
-                                            .email("foo")
-                                            .username("login@test.com")
-                                            .password("password")
-                                            .build();
-
-        adminClient.realm(userId).users().create(rep);
-
         loginPage.open();
         loginPage.login("login@test.com", "password");
 
@@ -363,9 +354,7 @@ public class LoginTest extends AbstractTestRealmKeycloakTest {
         } finally {
             setPasswordPolicy(null);
             UserResource userRsc = adminClient.realm("test").users().get("login-test");
-            UserBuilder userBuilder = UserBuilder.edit(userRsc.toRepresentation())
+            ApiUtil.resetUserPassword(userRsc, "password", false);
-                                                 .password("password");
-            userRsc.update(userBuilder.build());
         }
     }
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LogoutTest.java

@@ -79,6 +79,9 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest {
 
         String sessionId2 = events.expectLogin().assertEvent().getSessionId();
         assertNotEquals(sessionId, sessionId2);
+
+        driver.navigate().to(logoutUrl);
+        events.expectLogout(sessionId2).detail(Details.REDIRECT_URI, redirectUri).assertEvent();
     }
 
     @Test
@@ -133,6 +136,10 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest {
         // Check session 3 logged-in
         oauth.openLoginForm();
         events.expectLogin().session(sessionId3).removeDetail(Details.USERNAME).assertEvent();
+
+        //  Logout session 3 by redirect
+        driver.navigate().to(oauth.getLogoutUrl().redirectUri(AppPage.baseUrl).build());
+        events.expectLogout(sessionId3).detail(Details.REDIRECT_URI, AppPage.baseUrl).assertEvent();
     }
 
     //KEYCLOAK-2741
@@ -198,6 +205,9 @@ public class LogoutTest extends AbstractTestRealmKeycloakTest {
 
         String sessionId2 = events.expectLogin().assertEvent().getSessionId();
         assertNotEquals(sessionId, sessionId2);
+
+        driver.navigate().to(logoutUrl);
+        events.expectLogout(sessionId2).removeDetail(Details.REDIRECT_URI).assertEvent();
     }
 
 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java

@@ -130,6 +130,9 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
         assertEquals("test-user@localhost", user.getEmail());
         assertEquals("firstName", user.getFirstName());
         assertEquals("lastName", user.getLastName());
+
+        testRealm().users().get(userId).remove();
+        setDuplicateEmailsAllowed(false);
     }
 
     @Test

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java

@@ -28,6 +28,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
 import org.keycloak.testsuite.pages.ErrorPage;
@@ -52,41 +53,30 @@ import java.util.concurrent.atomic.AtomicInteger;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
-//import org.keycloak.testsuite.Constants;
-
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
  * @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc.
  */
 public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
 
-    static int lifespan = 0;
+    private String userId;
 
     @Override
     public void configureTestRealm(RealmRepresentation testRealm) {
+    }
+
+    @Before
+    public void setup() {
         UserRepresentation user = UserBuilder.create()
-                                             .username("login-test")
+                .username("login-test")
-                                             .email("login@test.com")
+                .email("login@test.com")
-                                             .enabled(true)
+                .enabled(true)
-                                             .password("password")
+                .build();
-                                             .build();
+
-        testRealm.getUsers().add(user);
+        userId = ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password");
+        getCleanup().addUserId(userId);
     }
 
-    @Before
-    public void setAccessCodeLifespanUserAction() {
-        // Must do this with adminClient because default is not set until after testRealm.json is loaded.
-        lifespan = testRealm().toRepresentation().getAccessCodeLifespanUserAction();
-    }
-
-    @Before
-    public void setUserId() {
-        userId = findUser("login-test").getId();
-    }
-
-
-    private static String userId;
-
     @Rule
     public GreenMailRule greenMail = new GreenMailRule();
 
@@ -466,6 +456,9 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
         assertEquals(0, greenMail.getReceivedMessages().length);
 
         events.expectRequiredAction(EventType.RESET_PASSWORD).session((String) null).user(userId).detail(Details.USERNAME, "login-test").removeDetail(Details.CODE_ID).error("user_disabled").assertEvent();
+
+        user.setEnabled(true);
+        updateUser(user);
     }
 
     @Test
@@ -501,6 +494,8 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
         host[0] =  smtpConfig.get("host");
         smtpConfig.put("host", "invalid_host");
         RealmRepresentation realmRep = testRealm().toRepresentation();
+        Map<String, String> oldSmtp = realmRep.getSmtpServer();
+
         realmRep.setSmtpServer(smtpConfig);
         testRealm().update(realmRep);
 
@@ -520,6 +515,10 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
         events.expectRequiredAction(EventType.SEND_RESET_PASSWORD_ERROR).user(userId)
                 .session((String)null)
                 .detail(Details.USERNAME, "login-test").removeDetail(Details.CODE_ID).error(Errors.EMAIL_SEND_FAILED).assertEvent();
+
+        // Revert SMTP back
+        realmRep.setSmtpServer(oldSmtp);
+        testRealm().update(realmRep);
     }
 
     private void setPasswordPolicy(String policy) {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java

@@ -48,10 +48,6 @@ import java.io.IOException;
  */
 public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
-    UserRepresentation failUser;
-
-    UserRepresentation okayUser;
-
     @Page
     protected LoginPage loginPage;
 
@@ -66,7 +62,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
     @Override
     public void configureTestRealm(RealmRepresentation testRealm) {
 
-        failUser = UserBuilder.create()
+        UserRepresentation failUser = UserBuilder.create()
                 .id("fail")
                 .username("fail")
                 .email("fail@test.com")
@@ -74,7 +70,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
                 .password("password")
                 .build();
 
-        okayUser = UserBuilder.create()
+        UserRepresentation okayUser = UserBuilder.create()
                 .id("user")
                 .username("user")
                 .email("user@test.com")
@@ -89,6 +85,9 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
     @Before
     public void configureFlows() throws Exception {
+        if (testContext.isInitialized()) {
+            return;
+        }
 
         String scriptFlow = "scriptBrowser";
 
@@ -134,6 +133,8 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
         Response newExecutionConfigResponse = testRealm().flows().newExecutionConfig(scriptAuth, createScriptAuthConfig(scriptAuth, "authenticator-example.js", "/scripts/authenticator-example.js", "simple script based authenticator"));
         Assert.assertEquals(201, newExecutionConfigResponse.getStatus());
+
+        testContext.setInitialized(true);
     }
 
     /**
@@ -144,9 +145,9 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
         loginPage.open();
 
-        loginPage.login(okayUser.getUsername(), "password");
+        loginPage.login("user", "password");
 
-        events.expectLogin().user(okayUser.getId()).detail(Details.USERNAME, okayUser.getUsername()).assertEvent();
+        events.expectLogin().user("user").detail(Details.USERNAME, "user").assertEvent();
     }
 
     /**
@@ -157,7 +158,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
 
         loginPage.open();
 
-        loginPage.login(failUser.getUsername(), "password");
+        loginPage.login("fail", "password");
 
         events.expect(EventType.LOGIN_ERROR).user((String)null).error(Errors.USER_NOT_FOUND).assertEvent();
     }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/i18n/EmailTest.java

@@ -96,6 +96,9 @@ public class EmailTest extends AbstractI18NTest {
         MimeMessage message = greenMail.getReceivedMessages()[0];
 
         Assert.assertEquals("Passwort zurückzusetzen", message.getSubject());
+
+        // Revert
+        changeUserLocale("en");
     }
 
 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedHmacKeyProviderTest.java

@@ -80,6 +80,7 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(1, createdRep.getConfig().size());
@@ -114,6 +115,7 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(2, createdRep.getConfig().size());
@@ -147,6 +149,7 @@ public class GeneratedHmacKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        response.close();
 
         ComponentRepresentation component = testingClient.server("test").fetch(RunHelpers.internalComponent(id));
         assertEquals(32, Base64Url.decode(component.getConfig().getFirst("secret")).length);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/GeneratedRsaKeyProviderTest.java

@@ -73,6 +73,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addComponentId(id);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(1, createdRep.getConfig().size());
@@ -99,6 +101,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addComponentId(id);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(2, createdRep.getConfig().size());
@@ -124,6 +128,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addComponentId(id);
+        response.close();
 
         KeysMetadataRepresentation keys = adminClient.realm("test").keys().getKeyMetadata();
 
@@ -153,6 +159,8 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        getCleanup().addComponentId(id);
+        response.close();
 
         KeysMetadataRepresentation keys = adminClient.realm("test").keys().getKeyMetadata();
 
@@ -187,6 +195,7 @@ public class GeneratedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         ErrorRepresentation errorRepresentation = response.readEntity(ErrorRepresentation.class);
         assertEquals(error, errorRepresentation.getErrorMessage());
+        response.close();
     }
 
     protected ComponentRepresentation createRep(String name, String providerId) {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/ImportedRsaKeyProviderTest.java

@@ -80,6 +80,7 @@ public class ImportedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(ComponentRepresentation.SECRET_VALUE, createdRep.getConfig().getFirst(Attributes.PRIVATE_KEY_KEY));
@@ -116,6 +117,7 @@ public class ImportedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         Response response = adminClient.realm("test").components().add(rep);
         String id = ApiUtil.getCreatedId(response);
+        response.close();
 
         ComponentRepresentation createdRep = adminClient.realm("test").components().component(id).toRepresentation();
         assertEquals(ComponentRepresentation.SECRET_VALUE, createdRep.getConfig().getFirst(Attributes.PRIVATE_KEY_KEY));
@@ -206,6 +208,7 @@ public class ImportedRsaKeyProviderTest extends AbstractKeycloakTest {
 
         ErrorRepresentation errorRepresentation = response.readEntity(ErrorRepresentation.class);
         assertEquals(error, errorRepresentation.getErrorMessage());
+        response.close();
     }
 
     protected ComponentRepresentation createRep(String name, String providerId) {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/JavaKeystoreKeyProviderTest.java

@@ -153,6 +153,7 @@ public class JavaKeystoreKeyProviderTest extends AbstractKeycloakTest {
 
         ErrorRepresentation errorRepresentation = response.readEntity(ErrorRepresentation.class);
         assertTrue(errorRepresentation.getErrorMessage().startsWith(error));
+        response.close();
     }
 
     protected ComponentRepresentation createRep(String name, long priority) {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/keys/KeyRotationTest.java

@@ -37,6 +37,7 @@ import org.keycloak.representations.idm.KeysMetadataRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.AssertEvents;
+import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
 import org.keycloak.testsuite.pages.LoginPage;
@@ -49,6 +50,7 @@ import javax.ws.rs.core.Response;
 import java.io.IOException;
 import java.security.KeyPair;
 import java.security.PublicKey;
+import java.util.LinkedList;
 import java.util.List;
 
 import static org.junit.Assert.*;
@@ -182,6 +184,9 @@ public class KeyRotationTest extends AbstractKeycloakTest {
 
         KeysMetadataRepresentation keyMetadata = adminClient.realm("test").keys().getKeyMetadata();
         assertEquals(PemUtils.encodeKey(keys2), keyMetadata.getKeys().get(0).getPublicKey());
+
+        dropKeys1();
+        dropKeys2();
     }
 
     @Test
@@ -200,6 +205,8 @@ public class KeyRotationTest extends AbstractKeycloakTest {
             keys.getConfig().putSingle("priority", "1000" + i);
             Response response = adminClient.realm("test").components().add(keys);
             assertEquals(201, response.getStatus());
+            String newId = ApiUtil.getCreatedId(response);
+            getCleanup().addComponentId(newId);
             response.close();
 
             String updatedActiveKid = adminClient.realm("test").keys().getKeyMetadata().getActive().get("RSA");
@@ -244,7 +251,8 @@ public class KeyRotationTest extends AbstractKeycloakTest {
         config.addFirst(Attributes.PRIVATE_KEY_KEY, privateKeyPem);
         rep.setConfig(config);
 
-        adminClient.realm("test").components().add(rep);
+        Response response = adminClient.realm("test").components().add(rep);
+        response.close();
 
         rep = new ComponentRepresentation();
         rep.setName("mycomponent2");
@@ -256,7 +264,8 @@ public class KeyRotationTest extends AbstractKeycloakTest {
         config.addFirst("priority", priority);
         rep.setConfig(config);
 
-        adminClient.realm("test").components().add(rep);
+        response = adminClient.realm("test").components().add(rep);
+        response.close();
 
         return publicKey;
     }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java

@@ -17,6 +17,7 @@
 package org.keycloak.testsuite.oauth;
 
 import org.jboss.arquillian.graphene.page.Page;
+import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Rule;
@@ -50,11 +51,6 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
     @Rule
     public AssertEvents events = new AssertEvents(this);
 
-    @Override
-    public void beforeAbstractKeycloakTest() throws Exception {
-        super.beforeAbstractKeycloakTest();
-    }
-
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmRepresentation realmRepresentation = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java

@@ -23,6 +23,7 @@ import org.apache.http.HttpResponse;
 import org.apache.http.NameValuePair;
 import org.apache.http.client.HttpClient;
 import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.entity.mime.MultipartEntityBuilder;
 import org.apache.http.entity.mime.content.FileBody;
@@ -30,6 +31,7 @@ import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.DefaultHttpClient;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.message.BasicNameValuePair;
+import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Rule;
 import org.junit.Test;
@@ -88,6 +90,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import javax.ws.rs.core.Response;
+
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotEquals;
 
@@ -99,11 +103,11 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
 
     @Rule
     public AssertEvents events = new AssertEvents(this);
-    private String client1SAUserId;
+    private static String client1SAUserId;
 
-    private RealmRepresentation testRealm;
+    private static RealmRepresentation testRealm;
-    private ClientRepresentation app1, app2, app3;
+    private static ClientRepresentation app1, app2, app3;
-    private UserRepresentation defaultUser, serviceAccountUser;
+    private static UserRepresentation defaultUser, serviceAccountUser;
 
     @BeforeClass
     public static void beforeClientAuthSignedJWTTest() {
@@ -144,15 +148,6 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
 
         realmBuilder.client(app2);
 
-        app3 = ClientBuilder.create()
-                .id(KeycloakModelUtils.generateId())
-                .clientId("client3")
-                .directAccessGrants()
-                .authenticatorType(JWTClientAuthenticator.PROVIDER_ID)
-                .build();
-
-        realmBuilder.client(app3);
-
         // This one is for keystore-client2.p12 , which doesn't work on Sun JDK
 //            app2.setAttribute(JWTClientAuthenticator.CERTIFICATE_ATTR, "MIICnTCCAYUCBgFPPLGHHjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdjbGllbnQxMB4XDTE1MDgxNzE3MjMzMVoXDTI1MDgxNzE3MjUxMVowEjEQMA4GA1UEAwwHY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIsatXj38fFD9fHslNrsWrubobudXYwwdZpGYqkHIhuDeSojGvhBSLmKIFmtbHMVcLEbS0dIEsSbNVrwjdFfuRuvd9Vu6Ng0JUC8fRhSeQniC3jcBuP8P4WlXK4+ir3Wlya+T6Hum9b68BiH0KyNZtFGJ6zLHuCcq9Bl0JifvibnUkDeTZPwgJNA9+GxS/x8fAkApcAbJrgBZvr57PwhbgHoZdB8aAY5f5ogbGzKDtSUMvFh+Jah39gWtn7p3VOuuMXA8SugogoH8C5m2itrPBL1UPhAcKUeWiqx4SmZe/lZo7x2WbSecNiFaiqBhIW+QbqCYW6I4u0YvuLuEe3+TC8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZzW5DZviCxUQdV5Ab07PZkUfvImHZ73oWWHZqzUQtZtbVdzfp3cnbb2wyXtlOvingO3hgpoTxV8vbKgLbIQfvkGGHBG1F5e0QVdtikfdcwWb7cy4/9F80OD7cgG0ZAzFbQ8ZY7iS3PToBp3+4tbIK2NK0ntt/MYgJnPbHeG4V4qfgUbFm1YgEK7WpbSVU8jGuJ5DWE+mlYgECZKZ5TSlaVGs2XOm6WXrJScucNekwcBWWiHyRsFHZEDzWmzt8TLTLnnb0vVjhx3qCYxah3RbyyMZm6WLZlLAaGEcwNDO8jaA3hAjrxoOA1xEaolQfGVsb/ElelHcR1Zfe0u4Ekd4tw==");
 
@@ -177,6 +172,20 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         testRealms.add(testRealm);
     }
 
+    @Before
+    public void recreateApp3() {
+        app3 = ClientBuilder.create()
+                .id(KeycloakModelUtils.generateId())
+                .clientId("client3")
+                .directAccessGrants()
+                .authenticatorType(JWTClientAuthenticator.PROVIDER_ID)
+                .build();
+
+        Response resp = adminClient.realm("test").clients().create(app3);
+        getCleanup().addClientUuid(ApiUtil.getCreatedId(resp));
+        resp.close();
+    }
+
     // TEST SUCCESS
 
     @Test
@@ -452,7 +461,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         List<NameValuePair> parameters = new LinkedList<NameValuePair>();
         parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@@ -464,7 +473,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, "invalid"));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@@ -476,7 +485,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@@ -491,7 +500,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, null, "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@@ -506,7 +515,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, "unknown-client", "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
@@ -524,12 +533,12 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, "client1", "invalid_client", Errors.CLIENT_DISABLED);
 
-        ClientManager.realm(adminClient.realm("test")).clientId("client1").enabled(false);
+        ClientManager.realm(adminClient.realm("test")).clientId("client1").enabled(true);
     }
 
     @Test
@@ -553,7 +562,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, "client1", "unauthorized_client", "client_credentials_setup_required");
@@ -571,7 +580,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         assertError(response, "client1", "unauthorized_client", AuthenticationFlowError.CLIENT_CREDENTIALS_SETUP_REQUIRED.toString().toLowerCase());
@@ -589,7 +598,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         setTimeOffset(0);
@@ -608,7 +617,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, invalidJwt));
 
-        HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
         OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
 
         setTimeOffset(0);
@@ -733,7 +742,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
 
-        HttpResponse response = sendRequest(oauth.getAccessTokenUrl(), parameters);
+        CloseableHttpResponse response = sendRequest(oauth.getAccessTokenUrl(), parameters);
         return new OAuthClient.AccessTokenResponse(response);
     }
 
@@ -744,7 +753,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
 
-        HttpResponse response = sendRequest(oauth.getRefreshTokenUrl(), parameters);
+        CloseableHttpResponse response = sendRequest(oauth.getRefreshTokenUrl(), parameters);
         return new OAuthClient.AccessTokenResponse(response);
     }
 
@@ -764,7 +773,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
 
-        HttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters);
+        CloseableHttpResponse response = sendRequest(oauth.getServiceAccountUrl(), parameters);
         return new OAuthClient.AccessTokenResponse(response);
     }
 
@@ -776,11 +785,11 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
         parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
 
-        HttpResponse response = sendRequest(oauth.getResourceOwnerPasswordCredentialGrantUrl(), parameters);
+        CloseableHttpResponse response = sendRequest(oauth.getResourceOwnerPasswordCredentialGrantUrl(), parameters);
         return new OAuthClient.AccessTokenResponse(response);
     }
 
-    private HttpResponse sendRequest(String requestUrl, List<NameValuePair> parameters) throws Exception {
+    private CloseableHttpResponse sendRequest(String requestUrl, List<NameValuePair> parameters) throws Exception {
         CloseableHttpClient client = new DefaultHttpClient();
         try {
             HttpPost post = new HttpPost(requestUrl);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java

@@ -17,6 +17,7 @@
 package org.keycloak.testsuite.oauth;
 
 import org.jboss.arquillian.graphene.page.Page;
+import org.junit.After;
 import org.junit.Assert;
 import org.junit.Rule;
 import org.junit.Test;
@@ -70,11 +71,6 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
     @Page
     protected AppPage appPage;
 
-    @Override
-    public void beforeAbstractKeycloakTest() throws Exception {
-        super.beforeAbstractKeycloakTest();
-    }
-
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java

@@ -22,12 +22,14 @@ import java.util.List;
 import java.util.Map;
 
 
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.admin.client.resource.ClientResource;
 import org.keycloak.admin.client.resource.ProtocolMappersResource;
 import org.keycloak.admin.client.resource.UserResource;
+import org.keycloak.testsuite.util.ProtocolMapperUtil;
 import org.keycloak.protocol.oidc.OIDCLoginProtocol;
 import org.keycloak.protocol.oidc.mappers.AddressMapper;
 import org.keycloak.representations.AccessToken;
@@ -83,6 +85,15 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
         oauth.clientId("test-app");
     }
 
+
+    private void deleteMappers(ProtocolMappersResource protocolMappers) {
+        ProtocolMapperRepresentation mapper = ProtocolMapperUtil.getMapperByNameAndProtocol(protocolMappers, OIDCLoginProtocol.LOGIN_PROTOCOL, "Realm roles mapper");
+        protocolMappers.delete(mapper.getId());
+
+        mapper = ProtocolMapperUtil.getMapperByNameAndProtocol(protocolMappers, OIDCLoginProtocol.LOGIN_PROTOCOL, "Client roles mapper");
+        protocolMappers.delete(mapper.getId());
+    }
+
     @Override
     public void addTestRealms(List<RealmRepresentation> testRealms) {
         RealmRepresentation realm = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
@@ -239,12 +250,15 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
         String realmRoleMappings = (String) roleMappings.get("realm");
         String testAppMappings = (String) roleMappings.get("test-app");
         assertRoles(realmRoleMappings,
-          "pref.user",                      // from direct assignment in user definition
+                "pref.user",                      // from direct assignment in user definition
-          "pref.offline_access"             // from direct assignment in user definition
+                "pref.offline_access"             // from direct assignment in user definition
         );
         assertRoles(testAppMappings,
           "customer-user"                   // from direct assignment in user definition
         );
+
+        // Revert
+        deleteMappers(protocolMappers);
     }
 
 
@@ -268,11 +282,11 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
         String realmRoleMappings = (String) roleMappings.get("realm");
         String testAppMappings = (String) roleMappings.get(clientId);
         assertRoles(realmRoleMappings,
-          "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
+                "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
-          "pref.user",                      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
+                "pref.user",                      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
-          "pref.customer-user-premium",     // from client role customer-admin-composite-role - realm role for test-app
+                "pref.customer-user-premium",     // from client role customer-admin-composite-role - realm role for test-app
-          "pref.realm-composite-role",      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
+                "pref.realm-composite-role",      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
-          "pref.sample-realm-role"          // from realm role realm-composite-role
+                "pref.sample-realm-role"          // from realm role realm-composite-role
         );
         assertRoles(testAppMappings,
           "ta.customer-user",                  // from direct assignment to /roleRichGroup/level2group
@@ -280,6 +294,9 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
           "ta.customer-admin",                 // from client role customer-admin-composite-role - client role for test-app
           "ta.sample-client-role"              // from realm role realm-composite-role - client role for test-app
         );
+
+        // Revert
+        deleteMappers(protocolMappers);
     }
 
     @Test
@@ -303,13 +320,16 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
         String realmRoleMappings = (String) roleMappings.get("realm");
         String testAppAuthzMappings = (String) roleMappings.get(clientId);
         assertRoles(realmRoleMappings,
-          "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
+                "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
-          "pref.user",                      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
+                "pref.user",                      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
-          "pref.customer-user-premium",     // from client role customer-admin-composite-role - realm role for test-app
+                "pref.customer-user-premium",     // from client role customer-admin-composite-role - realm role for test-app
-          "pref.realm-composite-role",      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
+                "pref.realm-composite-role",      // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
-          "pref.sample-realm-role"          // from realm role realm-composite-role
+                "pref.sample-realm-role"          // from realm role realm-composite-role
         );
         assertRoles(testAppAuthzMappings);  // There is no client role defined for test-app-authz
+
+        // Revert
+        deleteMappers(protocolMappers);
     }
 
     @Test
@@ -333,12 +353,15 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
         String realmRoleMappings = (String) roleMappings.get("realm");
         String testAppScopeMappings = (String) roleMappings.get(clientId);
         assertRoles(realmRoleMappings,
-          "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
+                "pref.admin",                     // from direct assignment to /roleRichGroup/level2group
-          "pref.user"                       // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
+                "pref.user"                       // from parent group of /roleRichGroup/level2group, i.e. from /roleRichGroup
         );
         assertRoles(testAppScopeMappings,
           "test-app-allowed-by-scope"       // from direct assignment to roleRichUser, present as scope allows it
         );
+
+        // Revert
+        deleteMappers(protocolMappers);
     }
 
     @Test
@@ -369,6 +392,9 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
           "test-app-allowed-by-scope",      // from direct assignment to roleRichUser, present as scope allows it
           "customer-admin-composite-role"   // from direct assignment to /roleRichGroup/level2group, present as scope allows it
         );
+
+        // Revert
+        deleteMappers(protocolMappers);
     }
 
     private void assertRoles(String actualRoleString, String...expectedRoles) {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java

@@ -59,6 +59,8 @@ import org.keycloak.util.TokenUtil;
 import java.util.Collections;
 import java.util.List;
 
+import javax.ws.rs.NotFoundException;
+
 import static org.junit.Assert.assertEquals;
 import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson;
 import static org.keycloak.testsuite.admin.ApiUtil.findRealmRoleByName;
@@ -253,8 +255,11 @@ public class OfflineTokenTest extends AbstractKeycloakTest {
 
         // Assert userSession expired
         testingClient.testing().removeExpired("test");
-
+        try {
-        testingClient.testing().removeUserSession("test", sessionId);
+            testingClient.testing().removeUserSession("test", sessionId);
+        } catch (NotFoundException nfe) {
+            // Ignore
+        }
 
         OAuthClient.AccessTokenResponse response = oauth.doRefreshTokenRequest(offlineTokenString, "secret1");
         AccessToken refreshedToken = oauth.verifyToken(response.getAccessToken());

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AuthnRequestNameIdFormatTest.java

@@ -143,6 +143,11 @@ public class AuthnRequestNameIdFormatTest extends AbstractSamlTest {
         clientRes.update(client);
 
         testLoginWithNameIdPolicy(Binding.REDIRECT, Binding.POST, null, is("bburke"));
+
+        // Revert
+        client = clientRes.toRepresentation();
+        client.getAttributes().put(SamlConfigAttributes.SAML_FORCE_POST_BINDING, "false");
+        clientRes.update(client);
     }
 
 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AdminEventPaths.java

@@ -25,6 +25,7 @@ import org.keycloak.admin.client.resource.ClientResource;
 import org.keycloak.admin.client.resource.ClientTemplateResource;
 import org.keycloak.admin.client.resource.ClientTemplatesResource;
 import org.keycloak.admin.client.resource.ClientsResource;
+import org.keycloak.admin.client.resource.ComponentsResource;
 import org.keycloak.admin.client.resource.GroupResource;
 import org.keycloak.admin.client.resource.GroupsResource;
 import org.keycloak.admin.client.resource.IdentityProviderResource;
@@ -282,6 +283,20 @@ public class AdminEventPaths {
         return uri.toString();
     }
 
+    // COMPONENTS
+    public static String componentsPath() {
+        URI uri = UriBuilder.fromUri("").path(RealmResource.class, "components").build();
+        return uri.toString();
+    }
+
+    public static String componentPath(String componentId) {
+        URI uri = UriBuilder.fromUri(componentsPath()).path(ComponentsResource.class, "component").build(componentId);
+        return uri.toString();
+    }
+
+
+
+
     // CLIENT INITIAL ACCESS
 
     public static String clientInitialAccessPath(String clientInitialAccessId) {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/AssertAdminEvents.java

@@ -64,7 +64,7 @@ public class AssertAdminEvents implements TestRule {
             @Override
             public void evaluate() throws Throwable {
                 // TODO: Ideally clear the queue just before testClass rather then before each method
-                context.getTestingClient().testing().clearAdminEventQueue();
+                clear();
                 base.evaluate();
                 // TODO Test should fail if there are leftover events
             }
@@ -85,12 +85,7 @@ public class AssertAdminEvents implements TestRule {
 
     // Clears both "classic" and admin events for now
     public void clear() {
-        Response res = context.getTestingClient().testing().clearAdminEventQueue();
+        context.getTestingClient().testing().clearAdminEventQueue();
-        try {
-            Assert.assertEquals("clear-admin-event-queue success", res.getStatus(), 200);
-        } finally {
-            res.close();
-        }
     }
 
     private AdminEventRepresentation fetchNextEvent() {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ProtocolMapperUtil.java

@@ -1,6 +1,8 @@
 package org.keycloak.testsuite.util;
 
+import org.keycloak.admin.client.resource.ProtocolMappersResource;
 import org.keycloak.models.utils.ModelToRepresentation;
+import org.keycloak.protocol.ProtocolMapper;
 import org.keycloak.protocol.oidc.mappers.AddressMapper;
 import org.keycloak.protocol.oidc.mappers.HardcodedClaim;
 import org.keycloak.protocol.oidc.mappers.HardcodedRole;
@@ -123,4 +125,13 @@ public class ProtocolMapperUtil {
 
         return ModelToRepresentation.toRepresentation(UserClientRoleMappingMapper.create(clientId, clientRolePrefix, name, tokenClaimName, accessToken, idToken));
     }
+
+    public static ProtocolMapperRepresentation getMapperByNameAndProtocol(ProtocolMappersResource protocolMappers, String protocol, String name) {
+        for (ProtocolMapperRepresentation mapper : protocolMappers.getMappersPerProtocol(protocol)) {
+            if (name.equals(mapper.getName())) {
+                return mapper;
+            }
+        }
+        return null;
+    }
 }