Merge pull request #2125 from mhajas/mellon

KEYCLOAK-2405 mod_auth_mellon test + docker image
This commit is contained in:
Stian Thorgersen 2016-02-03 10:21:27 +01:00
commit 1a31c3af15
16 changed files with 1519 additions and 0 deletions

View file

@ -0,0 +1,17 @@
# Mod_auth_mellon test
## Docker image
Docker image contains apache + mod_auth_mellon and two html files unprotected (/) and protected (/auth).
## Build docker image
docker build -t apache-mellon docker/
## Run docker image
docker run -d -p 8380:80 apache-mellon
## Run tests
mvn clean install [-Dapache.mod_auth_mellon.url=http://localhost:8380]

View file

@ -0,0 +1,17 @@
FROM ubuntu
RUN apt-get update && apt-get install -y apache2 && apt-get install -y libapache2-mod-auth-mellon
RUN mkdir /etc/apache2/mellon
COPY mellon/* /etc/apache2/mellon/
COPY auth_mellon.conf /etc/apache2/mods-enabled/
COPY www/* /var/www/html/
RUN mkdir /var/www/html/auth
COPY www/auth/* /var/www/html/auth/
CMD /usr/sbin/apache2ctl -D FOREGROUND

View file

@ -0,0 +1,27 @@
MellonCacheSize 100
MellonLockFile "/run/mod_auth_mellon/lock"
# This is a server-wide configuration that will add information from the Mellon session to all requests.
<Location />
# Add information from the mod_auth_mellon session to the request.
MellonEnable "info"
# Configure the SP metadata
# This should be the files which were created when creating SP metadata.
MellonSPPrivateKeyFile /etc/apache2/mellon/http_localhost_auth.key
MellonSPCertFile /etc/apache2/mellon/http_localhost_auth.cert
MellonSPMetadataFile /etc/apache2/mellon/http_localhost_auth.xml
# IdP metadata. This should be the metadata file you got from the IdP.
MellonIdPMetadataFile /etc/apache2/mellon/idp-metadata.xml
# The location all endpoints should be located under.
# It is the URL to this location that is used as the second parameter to the metadata generation script.
# This path is relative to the root of the web server.
MellonEndpointPath /mellon
</Location>
<Location /auth>
MellonEnable "auth"
</Location>

View file

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICrjCCAZYCCQDmdnUguf+VxTANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5s
b2NhbGhvc3Q6ODM4MDAeFw0xNjAxMTkxMTUwMDdaFw0yNjAxMTgxMTUwMDdaMBkx
FzAVBgNVBAMMDmxvY2FsaG9zdDo4MzgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAuissRqhpCBR9nMuoRp+Varx151DKbmdL6NhNxWUOdaYF+fSpNmtG
0NsaYV0Coz0Jak/6ap7EfhUeG83vh0G2xj6YTVYtXDVMnUPGmzHprvmFvTOfP4KI
VM+1aHcPLfk8ED4ea6TOPDGBjmQw8Y9nZaMATDqEnO8IGaF/Jkl476O3Ek1Nd5yO
Sday83Or1GkD+ZsZxvyc0CpGJYYaGPrsUFAXekebSlon5SIDerQB7WgABSoGOKDo
I8Z+JU/KftwewrE0hr9GZ8HAYBJVt0XfuNSWL7ulmF2HC3RZ877FYk3Vg3KVQs7d
yJfK3+V3pGyzOBp/xU61nVZrb0fvua1hWQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
AQCPR4RhXan28Eq/A6pGfJ29USKLqqDZChYy9q71Zi8hTs4+YYD6wMU8kz+MnTHC
/Gf+6XFix7W07XxpFirZ5dkENn7lQUBklBmbxRdB9aW9WfJjx148a/I4+pXZalEI
fqpnmWBYt4+/L9exu8tIwj/bshBmuO8Nn4ronTBDgrTCu5feyYO5l12hEdT2d+5r
wc/Be66ftl8eOhsr9XJNidjoTVGB3SlHC6v0J7izgS+wT0UxIi3a3gwzW5ZsF4y8
8iEicAVGmkjgmyJ5GoInQhVhLU2vlxgoULAEWKhF79JYChkGSg8dXAvqBfLm3OCg
hxj9HldPc8mCn3gMt8F+POZL
-----END CERTIFICATE-----

View file

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6KyxGqGkIFH2c
y6hGn5VqvHXnUMpuZ0vo2E3FZQ51pgX59Kk2a0bQ2xphXQKjPQlqT/pqnsR+FR4b
ze+HQbbGPphNVi1cNUydQ8abMemu+YW9M58/gohUz7Vodw8t+TwQPh5rpM48MYGO
ZDDxj2dlowBMOoSc7wgZoX8mSXjvo7cSTU13nI5J1rLzc6vUaQP5mxnG/JzQKkYl
hhoY+uxQUBd6R5tKWiflIgN6tAHtaAAFKgY4oOgjxn4lT8p+3B7CsTSGv0ZnwcBg
ElW3Rd+41JYvu6WYXYcLdFnzvsViTdWDcpVCzt3Il8rf5XekbLM4Gn/FTrWdVmtv
R++5rWFZAgMBAAECggEAMqBW9AgMN/RKjH8djccL/PCvJ25i/k78558a1xk6K2gw
q96KvY/CvD05GU0P0JBipRSGxsPSL29StsDz6FZIe/S9uho7T5327bVmpwGVyM12
PxNwtPasWFP7wyLNb/UdDlW2NBOnOdtEnhJE9QvIVG1VQWWQdpTSIRY325OTXacy
/0h4j9MR5qzEhSjsnQ/YdHfNNHU2WFSisl5JLmhEdesdcEpL9ONDX0DAxujrWpuC
x1UQY7IIW2QzL1j8AWBGakFYRw18AJBkw7MkNct4LwcfWGHtgCQtD6PF5Xm6KeVA
QAzNo5vv+DZu9jjV8psYnQx1fJYEK88triqZ9Nv1OQKBgQDbH4pELjyuAvZUdUb3
bpZnV5U5i7cSURUdTkyKMJL4tgO/7riuDuyaZBxAZ60/tjmZ2c470udmI0RGVcGd
6QXPAqYZf6sV7Mh5TDrH5lG+zhPLfM26k6lNj7btm3xRQAaq9OPKSxPV8EZCQxNu
lU9QdsQMfzZ8B8ydwo7Z5d0xqwKBgQDZf9r4KQCzzwpEUnyLZv51Yp2J3qxvYhw2
RXEv4xllMVSJ8YxlIMdwy/k1C5cO7XOOuNH0gKMgpjT1bPTjUoWsa7qDrhTOZoNq
ApPXk+GgscQBCB6zZiCK5xYkw5hFXoe3mGWDr6984gXf4WX8I6QE1u0YVT3gjpEM
4wtrY4O9CwKBgQCOlySrn4b/GZBgf3yx0PXww86ohuGX+smJq4UlO9y4GgGwqVDm
e3G+Oj0kMBNObW9oTZLl3SWVkoeAWZfIAXY1Mp0R5MFZYB9Ix7FMmfVB++pntYxO
yH4Yqde5IUAxwz9Tik6dOmPrCRM/VVTU1japvs9u7m1vIsglNREufGWHRwKBgCgL
NCNwWSLBwaAml6uKwNqX121kw9aV95++VUJ9y1UoKepjwHd1+4I266Dqi1tCOH5U
ZMNhU6dVMnblIokfzmCaTPKlgEsn8JX594I/RdEyKWYPOqfI68DnHtqR8F0FNHOG
6Vm/ZM3XR0Ga3A35+d6yO2C5gPTxCp+Wxal13vFVAoGAHO5T3egM/30MsSAexSbt
LdTTmIOxuVGWriRHPM8nOl24/ToE10YlslZTG/pfVP2LFuh6gySuR8NXWdRx26iP
3SWv0r3L/o0QrZXPdngTVrvi0t9sCzOXFW1+YrLO4YCX822LEXcFpTQHeYs95zAG
HP19NdUCeAl8/YFqifhpHvo=
-----END PRIVATE KEY-----

View file

@ -0,0 +1,77 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor
entityID="http://localhost:8380/auth"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<SPSSODescriptor
AuthnRequestsSigned="true"
WantAssertionsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIICrjCCAZYCCQDmdnUguf+VxTANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5s
b2NhbGhvc3Q6ODM4MDAeFw0xNjAxMTkxMTUwMDdaFw0yNjAxMTgxMTUwMDdaMBkx
FzAVBgNVBAMMDmxvY2FsaG9zdDo4MzgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAuissRqhpCBR9nMuoRp+Varx151DKbmdL6NhNxWUOdaYF+fSpNmtG
0NsaYV0Coz0Jak/6ap7EfhUeG83vh0G2xj6YTVYtXDVMnUPGmzHprvmFvTOfP4KI
VM+1aHcPLfk8ED4ea6TOPDGBjmQw8Y9nZaMATDqEnO8IGaF/Jkl476O3Ek1Nd5yO
Sday83Or1GkD+ZsZxvyc0CpGJYYaGPrsUFAXekebSlon5SIDerQB7WgABSoGOKDo
I8Z+JU/KftwewrE0hr9GZ8HAYBJVt0XfuNSWL7ulmF2HC3RZ877FYk3Vg3KVQs7d
yJfK3+V3pGyzOBp/xU61nVZrb0fvua1hWQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
AQCPR4RhXan28Eq/A6pGfJ29USKLqqDZChYy9q71Zi8hTs4+YYD6wMU8kz+MnTHC
/Gf+6XFix7W07XxpFirZ5dkENn7lQUBklBmbxRdB9aW9WfJjx148a/I4+pXZalEI
fqpnmWBYt4+/L9exu8tIwj/bshBmuO8Nn4ronTBDgrTCu5feyYO5l12hEdT2d+5r
wc/Be66ftl8eOhsr9XJNidjoTVGB3SlHC6v0J7izgS+wT0UxIi3a3gwzW5ZsF4y8
8iEicAVGmkjgmyJ5GoInQhVhLU2vlxgoULAEWKhF79JYChkGSg8dXAvqBfLm3OCg
hxj9HldPc8mCn3gMt8F+POZL
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIICrjCCAZYCCQDmdnUguf+VxTANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5s
b2NhbGhvc3Q6ODM4MDAeFw0xNjAxMTkxMTUwMDdaFw0yNjAxMTgxMTUwMDdaMBkx
FzAVBgNVBAMMDmxvY2FsaG9zdDo4MzgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAuissRqhpCBR9nMuoRp+Varx151DKbmdL6NhNxWUOdaYF+fSpNmtG
0NsaYV0Coz0Jak/6ap7EfhUeG83vh0G2xj6YTVYtXDVMnUPGmzHprvmFvTOfP4KI
VM+1aHcPLfk8ED4ea6TOPDGBjmQw8Y9nZaMATDqEnO8IGaF/Jkl476O3Ek1Nd5yO
Sday83Or1GkD+ZsZxvyc0CpGJYYaGPrsUFAXekebSlon5SIDerQB7WgABSoGOKDo
I8Z+JU/KftwewrE0hr9GZ8HAYBJVt0XfuNSWL7ulmF2HC3RZ877FYk3Vg3KVQs7d
yJfK3+V3pGyzOBp/xU61nVZrb0fvua1hWQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
AQCPR4RhXan28Eq/A6pGfJ29USKLqqDZChYy9q71Zi8hTs4+YYD6wMU8kz+MnTHC
/Gf+6XFix7W07XxpFirZ5dkENn7lQUBklBmbxRdB9aW9WfJjx148a/I4+pXZalEI
fqpnmWBYt4+/L9exu8tIwj/bshBmuO8Nn4ronTBDgrTCu5feyYO5l12hEdT2d+5r
wc/Be66ftl8eOhsr9XJNidjoTVGB3SlHC6v0J7izgS+wT0UxIi3a3gwzW5ZsF4y8
8iEicAVGmkjgmyJ5GoInQhVhLU2vlxgoULAEWKhF79JYChkGSg8dXAvqBfLm3OCg
hxj9HldPc8mCn3gMt8F+POZL
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://localhost:8380/mellon/logout"/>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://localhost:8380/mellon/logout"/>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://localhost:8380/mellon/logout"/>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<AssertionConsumerService
index="0"
isDefault="true"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://localhost:8380/mellon/postResponse"/>
<AssertionConsumerService
index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="http://localhost:8380/mellon/artifactResponse"/>
<AssertionConsumerService
index="2"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
Location="http://localhost:8380/mellon/paosResponse"/>
</SPSSODescriptor>
</EntityDescriptor>

View file

@ -0,0 +1,34 @@
<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" Name="urn:keycloak">
<EntityDescriptor entityID="http://localhost:8180/auth/realms/mellon-test">
<IDPSSODescriptor WantAuthnRequestsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
</NameIDFormat>
<NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
</NameIDFormat>
<NameIDFormat>
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
</NameIDFormat>
<NameIDFormat>
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://localhost:8180/auth/realms/mellon-test/protocol/saml"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://localhost:8180/auth/realms/mellon-test/protocol/saml"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://localhost:8180/auth/realms/mellon-test/protocol/saml"/>
<KeyDescriptor use="signing">
<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:X509Data>
<dsig:X509Certificate>
MIICpTCCAY0CBgFSP3CJrTANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAttZWxsb24tdGVzdDAeFw0xNjAxMTQwOTE5NDVaFw0yNjAxMTQwOTIxMjVaMBYxFDASBgNVBAMMC21lbGxvbi10ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaZ6nndLegc+aKXNog08KdWOIZfr393e0nlqZ3SzNCYJ+IrSAWepCNvUW4W0samrtC47XBYNJwBSw9KCLNcpOeR7IC+gtmm8t9VH0QRxDEOvoLoj0zMkuaBhF+1NZdt6kc5gYVSeymkFSG/Eyz06Zo9zfhb52tUK83hYPcRE2azBDAuffnnHGg+fiCMZtMz7qCYXSoGy15odM1AypILDGxCtDpk0nPmwp6AlA7LpWLKYFEXrXhPmZGw2eDA6FqLFYgBovffJzFy1WzqpAzpKbYqVbb/yKUbv5NI4ELlOdjvXfoB7wOp3cHwnuq1G8YjR7OKLeVtszKXUPCjwFSZnFwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBwRkPh3pSAG1UWr1rJW9LMVdfu6KFsVTCMqExuJKUrH4hAPKXXi9iEAyiB/+NdnG8bgvU0xhdH9lW51J1JpH3xRtOMV+1CAZB41RFx1r/zJg0Zrdbfodv1UFJtLhSIKhKnfoSdlml2O9SHwd4VQmwz/QQqzBIS+yJDv7cOxMRszryWq5aWCPMosxwuAJzjwlF6jBHqidkd4EGTNMDK1pDZN1voiYS0ry7h7Lcq2ZbrBFzBqzHvXieym68ACDHr5hkKe065ne1hCgO/+POsAi6VU+qlSbzsD9NenHP60c9+Dt/IY9DeX6IubXChcW5A+qnb5qRWBtwXshfcsDFHYkBJ
</dsig:X509Certificate>
</dsig:X509Data>
</dsig:KeyInfo>
</KeyDescriptor>
</IDPSSODescriptor>
</EntityDescriptor>
</EntitiesDescriptor>

View file

@ -0,0 +1,3 @@
<a href="/">Go to unprotected resource</a>
<a href="/mellon/logout?ReturnTo=/">logout</a>
Protected resource

View file

@ -0,0 +1,2 @@
<a href="/auth">Go to protected resource</a>
Unprotected resource

View file

@ -0,0 +1,17 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-tests-other</artifactId>
<version>1.9.0.CR1-SNAPSHOT</version>
</parent>
<artifactId>integration-arquillian-tests-other-mod_auth_mellon</artifactId>
<name>Mod_auth_mellon tests</name>
</project>

View file

@ -0,0 +1,32 @@
package org.keycloak.testsuite.mod_auth_mellon;
import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
import java.net.MalformedURLException;
import java.net.URL;
/**
* @author mhajas
*/
public class ModAuthMellonProtectedResource extends AbstractPageWithInjectedUrl{
@FindBy(linkText = "logout")
private WebElement logoutButton;
@Override
public URL getInjectedUrl() {
try {
return new URL(System.getProperty("apache.mod_auth_mellon.url","http://localhost:8380") + "/auth");
} catch (MalformedURLException e) {
e.printStackTrace();
}
return null;
}
public void logout() {
logoutButton.click();
}
}

View file

@ -0,0 +1,23 @@
package org.keycloak.testsuite.mod_auth_mellon;
import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
import java.net.MalformedURLException;
import java.net.URL;
/**
* @author mhajas
*/
public class ModAuthMellonUnprotectedResource extends AbstractPageWithInjectedUrl{
@Override
public URL getInjectedUrl() {
try {
return new URL(System.getProperty("apache.mod_auth_mellon.url","http://localhost:8380/"));
} catch (MalformedURLException e) {
e.printStackTrace();
}
return null;
}
}

View file

@ -0,0 +1,49 @@
package org.keycloak.testsuite.mod_auth_mellon;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Test;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractAuthTest;
import org.keycloak.testsuite.util.URLAssert;
import javax.xml.transform.TransformerException;
import java.util.List;
import static org.junit.Assert.assertTrue;
import static org.keycloak.testsuite.util.IOUtil.loadRealm;
/**
* @author mhajas
*/
public class ModAuthMellonTest extends AbstractAuthTest {
@Page
private ModAuthMellonProtectedResource modAuthMellonProtectedResourcePage;
@Page
private ModAuthMellonUnprotectedResource modAuthMellonUnprotectedResourcePage;
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add(loadRealm("/mellon-realm.json"));
}
@Test
public void modAuthMellonTest() throws TransformerException {
testRealmPage.setAuthRealm("mellon-test");
testRealmSAMLLoginPage.setAuthRealm("mellon-test");
modAuthMellonUnprotectedResourcePage.navigateTo();
assertTrue(driver.getPageSource().contains("Unprotected resource"));
modAuthMellonProtectedResourcePage.navigateTo();
URLAssert.assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
testRealmSAMLLoginPage.form().login(bburkeUser);
assertTrue(driver.getPageSource().contains("Protected resource"));
modAuthMellonProtectedResourcePage.logout();
assertTrue(driver.getPageSource().contains("Unprotected resource"));
modAuthMellonProtectedResourcePage.navigateTo();
URLAssert.assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
}
}

View file

@ -117,6 +117,12 @@
<module>console</module> <module>console</module>
</modules> </modules>
</profile> </profile>
<profile>
<id>mod_auth_mellon</id>
<modules>
<module>mod_auth_mellon</module>
</modules>
</profile>
</profiles> </profiles>
</project> </project>

View file

@ -35,6 +35,7 @@
<auth.server.management.port>10090</auth.server.management.port> <auth.server.management.port>10090</auth.server.management.port>
<auth.server.management.port.jmx>10099</auth.server.management.port.jmx> <auth.server.management.port.jmx>10099</auth.server.management.port.jmx>
<auth.server.ssl.required>false</auth.server.ssl.required> <auth.server.ssl.required>false</auth.server.ssl.required>
<apache.mod_auth_mellon.url>http://localhost:8380</apache.mod_auth_mellon.url>
<startup.timeout.sec>60</startup.timeout.sec> <startup.timeout.sec>60</startup.timeout.sec>
<browser>phantomjs</browser> <browser>phantomjs</browser>