Merge pull request #2125 from mhajas/mellon

KEYCLOAK-2405 mod_auth_mellon test + docker image

testsuite/integration-arquillian/tests/other/mod_auth_mellon/README.md

@@ -0,0 +1,17 @@
+# Mod_auth_mellon test
+
+## Docker image
+
+Docker image contains apache + mod_auth_mellon and two html files unprotected (/) and protected (/auth).
+ 
+## Build docker image
+
+docker build -t apache-mellon docker/
+
+## Run docker image
+
+docker run -d -p 8380:80 apache-mellon
+
+## Run tests
+
+mvn clean install [-Dapache.mod_auth_mellon.url=http://localhost:8380]

testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker/Dockerfile

@@ -0,0 +1,17 @@
+FROM ubuntu
+
+RUN apt-get update && apt-get install -y apache2 && apt-get install -y libapache2-mod-auth-mellon
+
+RUN mkdir /etc/apache2/mellon
+
+COPY mellon/* /etc/apache2/mellon/
+
+COPY auth_mellon.conf /etc/apache2/mods-enabled/
+
+COPY www/* /var/www/html/
+
+RUN mkdir /var/www/html/auth
+
+COPY www/auth/* /var/www/html/auth/
+
+CMD /usr/sbin/apache2ctl -D FOREGROUND

testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker/auth_mellon.conf

@@ -0,0 +1,27 @@
+MellonCacheSize 100
+MellonLockFile "/run/mod_auth_mellon/lock"
+
+# This is a server-wide configuration that will add information from the Mellon session to all requests.
+<Location />
+    # Add information from the mod_auth_mellon session to the request.
+    MellonEnable "info"
+
+    # Configure the SP metadata
+    # This should be the files which were created when creating SP metadata.
+    MellonSPPrivateKeyFile /etc/apache2/mellon/http_localhost_auth.key 
+
+    MellonSPCertFile /etc/apache2/mellon/http_localhost_auth.cert 
+    MellonSPMetadataFile /etc/apache2/mellon/http_localhost_auth.xml
+
+    # IdP metadata. This should be the metadata file you got from the IdP.
+    MellonIdPMetadataFile /etc/apache2/mellon/idp-metadata.xml
+
+    # The location all endpoints should be located under.
+    # It is the URL to this location that is used as the second parameter to the metadata generation script.
+    # This path is relative to the root of the web server.
+    MellonEndpointPath /mellon
+</Location>
+
+<Location /auth>
+	MellonEnable "auth"
+</Location>

testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker/mellon/http_localhost_auth.cert

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrjCCAZYCCQDmdnUguf+VxTANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5s
+b2NhbGhvc3Q6ODM4MDAeFw0xNjAxMTkxMTUwMDdaFw0yNjAxMTgxMTUwMDdaMBkx
+FzAVBgNVBAMMDmxvY2FsaG9zdDo4MzgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuissRqhpCBR9nMuoRp+Varx151DKbmdL6NhNxWUOdaYF+fSpNmtG
+0NsaYV0Coz0Jak/6ap7EfhUeG83vh0G2xj6YTVYtXDVMnUPGmzHprvmFvTOfP4KI
+VM+1aHcPLfk8ED4ea6TOPDGBjmQw8Y9nZaMATDqEnO8IGaF/Jkl476O3Ek1Nd5yO
+Sday83Or1GkD+ZsZxvyc0CpGJYYaGPrsUFAXekebSlon5SIDerQB7WgABSoGOKDo
+I8Z+JU/KftwewrE0hr9GZ8HAYBJVt0XfuNSWL7ulmF2HC3RZ877FYk3Vg3KVQs7d
+yJfK3+V3pGyzOBp/xU61nVZrb0fvua1hWQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
+AQCPR4RhXan28Eq/A6pGfJ29USKLqqDZChYy9q71Zi8hTs4+YYD6wMU8kz+MnTHC
+/Gf+6XFix7W07XxpFirZ5dkENn7lQUBklBmbxRdB9aW9WfJjx148a/I4+pXZalEI
+fqpnmWBYt4+/L9exu8tIwj/bshBmuO8Nn4ronTBDgrTCu5feyYO5l12hEdT2d+5r
+wc/Be66ftl8eOhsr9XJNidjoTVGB3SlHC6v0J7izgS+wT0UxIi3a3gwzW5ZsF4y8
+8iEicAVGmkjgmyJ5GoInQhVhLU2vlxgoULAEWKhF79JYChkGSg8dXAvqBfLm3OCg
+hxj9HldPc8mCn3gMt8F+POZL
+-----END CERTIFICATE-----

testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker/mellon/http_localhost_auth.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6KyxGqGkIFH2c
+y6hGn5VqvHXnUMpuZ0vo2E3FZQ51pgX59Kk2a0bQ2xphXQKjPQlqT/pqnsR+FR4b
+ze+HQbbGPphNVi1cNUydQ8abMemu+YW9M58/gohUz7Vodw8t+TwQPh5rpM48MYGO
+ZDDxj2dlowBMOoSc7wgZoX8mSXjvo7cSTU13nI5J1rLzc6vUaQP5mxnG/JzQKkYl
+hhoY+uxQUBd6R5tKWiflIgN6tAHtaAAFKgY4oOgjxn4lT8p+3B7CsTSGv0ZnwcBg
+ElW3Rd+41JYvu6WYXYcLdFnzvsViTdWDcpVCzt3Il8rf5XekbLM4Gn/FTrWdVmtv
+R++5rWFZAgMBAAECggEAMqBW9AgMN/RKjH8djccL/PCvJ25i/k78558a1xk6K2gw
+q96KvY/CvD05GU0P0JBipRSGxsPSL29StsDz6FZIe/S9uho7T5327bVmpwGVyM12
+PxNwtPasWFP7wyLNb/UdDlW2NBOnOdtEnhJE9QvIVG1VQWWQdpTSIRY325OTXacy
+/0h4j9MR5qzEhSjsnQ/YdHfNNHU2WFSisl5JLmhEdesdcEpL9ONDX0DAxujrWpuC
+x1UQY7IIW2QzL1j8AWBGakFYRw18AJBkw7MkNct4LwcfWGHtgCQtD6PF5Xm6KeVA
+QAzNo5vv+DZu9jjV8psYnQx1fJYEK88triqZ9Nv1OQKBgQDbH4pELjyuAvZUdUb3
+bpZnV5U5i7cSURUdTkyKMJL4tgO/7riuDuyaZBxAZ60/tjmZ2c470udmI0RGVcGd
+6QXPAqYZf6sV7Mh5TDrH5lG+zhPLfM26k6lNj7btm3xRQAaq9OPKSxPV8EZCQxNu
+lU9QdsQMfzZ8B8ydwo7Z5d0xqwKBgQDZf9r4KQCzzwpEUnyLZv51Yp2J3qxvYhw2
+RXEv4xllMVSJ8YxlIMdwy/k1C5cO7XOOuNH0gKMgpjT1bPTjUoWsa7qDrhTOZoNq
+ApPXk+GgscQBCB6zZiCK5xYkw5hFXoe3mGWDr6984gXf4WX8I6QE1u0YVT3gjpEM
+4wtrY4O9CwKBgQCOlySrn4b/GZBgf3yx0PXww86ohuGX+smJq4UlO9y4GgGwqVDm
+e3G+Oj0kMBNObW9oTZLl3SWVkoeAWZfIAXY1Mp0R5MFZYB9Ix7FMmfVB++pntYxO
+yH4Yqde5IUAxwz9Tik6dOmPrCRM/VVTU1japvs9u7m1vIsglNREufGWHRwKBgCgL
+NCNwWSLBwaAml6uKwNqX121kw9aV95++VUJ9y1UoKepjwHd1+4I266Dqi1tCOH5U
+ZMNhU6dVMnblIokfzmCaTPKlgEsn8JX594I/RdEyKWYPOqfI68DnHtqR8F0FNHOG
+6Vm/ZM3XR0Ga3A35+d6yO2C5gPTxCp+Wxal13vFVAoGAHO5T3egM/30MsSAexSbt
+LdTTmIOxuVGWriRHPM8nOl24/ToE10YlslZTG/pfVP2LFuh6gySuR8NXWdRx26iP
+3SWv0r3L/o0QrZXPdngTVrvi0t9sCzOXFW1+YrLO4YCX822LEXcFpTQHeYs95zAG
+HP19NdUCeAl8/YFqifhpHvo=
+-----END PRIVATE KEY-----

testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker/mellon/http_localhost_auth.xml

@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<EntityDescriptor
+        entityID="http://localhost:8380/auth"
+        xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+    <SPSSODescriptor
+            AuthnRequestsSigned="true"
+            WantAssertionsSigned="true"
+            protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+        <KeyDescriptor use="signing">
+            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                <ds:X509Data>
+                    <ds:X509Certificate>MIICrjCCAZYCCQDmdnUguf+VxTANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5s
+                        b2NhbGhvc3Q6ODM4MDAeFw0xNjAxMTkxMTUwMDdaFw0yNjAxMTgxMTUwMDdaMBkx
+                        FzAVBgNVBAMMDmxvY2FsaG9zdDo4MzgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+                        MIIBCgKCAQEAuissRqhpCBR9nMuoRp+Varx151DKbmdL6NhNxWUOdaYF+fSpNmtG
+                        0NsaYV0Coz0Jak/6ap7EfhUeG83vh0G2xj6YTVYtXDVMnUPGmzHprvmFvTOfP4KI
+                        VM+1aHcPLfk8ED4ea6TOPDGBjmQw8Y9nZaMATDqEnO8IGaF/Jkl476O3Ek1Nd5yO
+                        Sday83Or1GkD+ZsZxvyc0CpGJYYaGPrsUFAXekebSlon5SIDerQB7WgABSoGOKDo
+                        I8Z+JU/KftwewrE0hr9GZ8HAYBJVt0XfuNSWL7ulmF2HC3RZ877FYk3Vg3KVQs7d
+                        yJfK3+V3pGyzOBp/xU61nVZrb0fvua1hWQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
+                        AQCPR4RhXan28Eq/A6pGfJ29USKLqqDZChYy9q71Zi8hTs4+YYD6wMU8kz+MnTHC
+                        /Gf+6XFix7W07XxpFirZ5dkENn7lQUBklBmbxRdB9aW9WfJjx148a/I4+pXZalEI
+                        fqpnmWBYt4+/L9exu8tIwj/bshBmuO8Nn4ronTBDgrTCu5feyYO5l12hEdT2d+5r
+                        wc/Be66ftl8eOhsr9XJNidjoTVGB3SlHC6v0J7izgS+wT0UxIi3a3gwzW5ZsF4y8
+                        8iEicAVGmkjgmyJ5GoInQhVhLU2vlxgoULAEWKhF79JYChkGSg8dXAvqBfLm3OCg
+                        hxj9HldPc8mCn3gMt8F+POZL
+                    </ds:X509Certificate>
+                </ds:X509Data>
+            </ds:KeyInfo>
+        </KeyDescriptor>
+        <KeyDescriptor use="encryption">
+            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                <ds:X509Data>
+                    <ds:X509Certificate>MIICrjCCAZYCCQDmdnUguf+VxTANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5s
+                        b2NhbGhvc3Q6ODM4MDAeFw0xNjAxMTkxMTUwMDdaFw0yNjAxMTgxMTUwMDdaMBkx
+                        FzAVBgNVBAMMDmxvY2FsaG9zdDo4MzgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+                        MIIBCgKCAQEAuissRqhpCBR9nMuoRp+Varx151DKbmdL6NhNxWUOdaYF+fSpNmtG
+                        0NsaYV0Coz0Jak/6ap7EfhUeG83vh0G2xj6YTVYtXDVMnUPGmzHprvmFvTOfP4KI
+                        VM+1aHcPLfk8ED4ea6TOPDGBjmQw8Y9nZaMATDqEnO8IGaF/Jkl476O3Ek1Nd5yO
+                        Sday83Or1GkD+ZsZxvyc0CpGJYYaGPrsUFAXekebSlon5SIDerQB7WgABSoGOKDo
+                        I8Z+JU/KftwewrE0hr9GZ8HAYBJVt0XfuNSWL7ulmF2HC3RZ877FYk3Vg3KVQs7d
+                        yJfK3+V3pGyzOBp/xU61nVZrb0fvua1hWQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
+                        AQCPR4RhXan28Eq/A6pGfJ29USKLqqDZChYy9q71Zi8hTs4+YYD6wMU8kz+MnTHC
+                        /Gf+6XFix7W07XxpFirZ5dkENn7lQUBklBmbxRdB9aW9WfJjx148a/I4+pXZalEI
+                        fqpnmWBYt4+/L9exu8tIwj/bshBmuO8Nn4ronTBDgrTCu5feyYO5l12hEdT2d+5r
+                        wc/Be66ftl8eOhsr9XJNidjoTVGB3SlHC6v0J7izgS+wT0UxIi3a3gwzW5ZsF4y8
+                        8iEicAVGmkjgmyJ5GoInQhVhLU2vlxgoULAEWKhF79JYChkGSg8dXAvqBfLm3OCg
+                        hxj9HldPc8mCn3gMt8F+POZL
+                    </ds:X509Certificate>
+                </ds:X509Data>
+            </ds:KeyInfo>
+        </KeyDescriptor>
+        <SingleLogoutService
+                Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+                Location="http://localhost:8380/mellon/logout"/>
+        <SingleLogoutService
+                Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+                Location="http://localhost:8380/mellon/logout"/>
+        <SingleLogoutService
+                Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+                Location="http://localhost:8380/mellon/logout"/>
+        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+        <AssertionConsumerService
+                index="0"
+                isDefault="true"
+                Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+                Location="http://localhost:8380/mellon/postResponse"/>
+        <AssertionConsumerService
+                index="1"
+                Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
+                Location="http://localhost:8380/mellon/artifactResponse"/>
+        <AssertionConsumerService
+                index="2"
+                Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
+                Location="http://localhost:8380/mellon/paosResponse"/>
+    </SPSSODescriptor>
+</EntityDescriptor>

testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker/mellon/idp-metadata.xml

@@ -0,0 +1,34 @@
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" Name="urn:keycloak">
+    <EntityDescriptor entityID="http://localhost:8180/auth/realms/mellon-test">
+        <IDPSSODescriptor WantAuthnRequestsSigned="true"
+                          protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+            <NameIDFormat>
+                urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+            </NameIDFormat>
+            <NameIDFormat>
+                urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+            </NameIDFormat>
+            <NameIDFormat>
+                urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+            </NameIDFormat>
+            <NameIDFormat>
+                urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+            </NameIDFormat>
+            <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+                                 Location="http://localhost:8180/auth/realms/mellon-test/protocol/saml"/>
+            <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+                                 Location="http://localhost:8180/auth/realms/mellon-test/protocol/saml"/>
+            <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+                                 Location="http://localhost:8180/auth/realms/mellon-test/protocol/saml"/>
+            <KeyDescriptor use="signing">
+                <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+                    <dsig:X509Data>
+                        <dsig:X509Certificate>
+                            MIICpTCCAY0CBgFSP3CJrTANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAttZWxsb24tdGVzdDAeFw0xNjAxMTQwOTE5NDVaFw0yNjAxMTQwOTIxMjVaMBYxFDASBgNVBAMMC21lbGxvbi10ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaZ6nndLegc+aKXNog08KdWOIZfr393e0nlqZ3SzNCYJ+IrSAWepCNvUW4W0samrtC47XBYNJwBSw9KCLNcpOeR7IC+gtmm8t9VH0QRxDEOvoLoj0zMkuaBhF+1NZdt6kc5gYVSeymkFSG/Eyz06Zo9zfhb52tUK83hYPcRE2azBDAuffnnHGg+fiCMZtMz7qCYXSoGy15odM1AypILDGxCtDpk0nPmwp6AlA7LpWLKYFEXrXhPmZGw2eDA6FqLFYgBovffJzFy1WzqpAzpKbYqVbb/yKUbv5NI4ELlOdjvXfoB7wOp3cHwnuq1G8YjR7OKLeVtszKXUPCjwFSZnFwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBwRkPh3pSAG1UWr1rJW9LMVdfu6KFsVTCMqExuJKUrH4hAPKXXi9iEAyiB/+NdnG8bgvU0xhdH9lW51J1JpH3xRtOMV+1CAZB41RFx1r/zJg0Zrdbfodv1UFJtLhSIKhKnfoSdlml2O9SHwd4VQmwz/QQqzBIS+yJDv7cOxMRszryWq5aWCPMosxwuAJzjwlF6jBHqidkd4EGTNMDK1pDZN1voiYS0ry7h7Lcq2ZbrBFzBqzHvXieym68ACDHr5hkKe065ne1hCgO/+POsAi6VU+qlSbzsD9NenHP60c9+Dt/IY9DeX6IubXChcW5A+qnb5qRWBtwXshfcsDFHYkBJ
+                        </dsig:X509Certificate>
+                    </dsig:X509Data>
+                </dsig:KeyInfo>
+            </KeyDescriptor>
+        </IDPSSODescriptor>
+    </EntityDescriptor>
+</EntitiesDescriptor>

testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker/www/auth/index.html

@@ -0,0 +1,3 @@
+<a href="/">Go to unprotected resource</a>
+<a href="/mellon/logout?ReturnTo=/">logout</a>
+Protected resource

testsuite/integration-arquillian/tests/other/mod_auth_mellon/docker/www/index.html

@@ -0,0 +1,2 @@
+<a href="/auth">Go to protected resource</a>
+Unprotected resource

testsuite/integration-arquillian/tests/other/mod_auth_mellon/pom.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>org.keycloak.testsuite</groupId>
+        <artifactId>integration-arquillian-tests-other</artifactId>
+        <version>1.9.0.CR1-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>integration-arquillian-tests-other-mod_auth_mellon</artifactId>
+
+    <name>Mod_auth_mellon tests</name>
+
+</project>

testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonProtectedResource.java

@@ -0,0 +1,32 @@
+package org.keycloak.testsuite.mod_auth_mellon;
+
+import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class ModAuthMellonProtectedResource extends AbstractPageWithInjectedUrl{
+
+    @FindBy(linkText = "logout")
+    private WebElement logoutButton;
+
+    @Override
+    public URL getInjectedUrl() {
+        try {
+            return new URL(System.getProperty("apache.mod_auth_mellon.url","http://localhost:8380") + "/auth");
+        } catch (MalformedURLException e) {
+            e.printStackTrace();
+        }
+
+        return null;
+    }
+
+    public void logout() {
+        logoutButton.click();
+    }
+}

testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/main/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonUnprotectedResource.java

@@ -0,0 +1,23 @@
+package org.keycloak.testsuite.mod_auth_mellon;
+
+import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+/**
+ * @author mhajas
+ */
+public class ModAuthMellonUnprotectedResource extends AbstractPageWithInjectedUrl{
+
+    @Override
+    public URL getInjectedUrl() {
+        try {
+            return new URL(System.getProperty("apache.mod_auth_mellon.url","http://localhost:8380/"));
+        } catch (MalformedURLException e) {
+            e.printStackTrace();
+        }
+
+        return null;
+    }
+}

testsuite/integration-arquillian/tests/other/mod_auth_mellon/src/test/java/org/keycloak/testsuite/mod_auth_mellon/ModAuthMellonTest.java

@@ -0,0 +1,49 @@
+package org.keycloak.testsuite.mod_auth_mellon;
+
+import org.jboss.arquillian.graphene.page.Page;
+import org.junit.Test;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.testsuite.AbstractAuthTest;
+import org.keycloak.testsuite.util.URLAssert;
+
+import javax.xml.transform.TransformerException;
+import java.util.List;
+
+import static org.junit.Assert.assertTrue;
+import static org.keycloak.testsuite.util.IOUtil.loadRealm;
+
+/**
+ * @author mhajas
+ */
+public class ModAuthMellonTest extends AbstractAuthTest {
+    @Page
+    private ModAuthMellonProtectedResource modAuthMellonProtectedResourcePage;
+
+    @Page
+    private ModAuthMellonUnprotectedResource modAuthMellonUnprotectedResourcePage;
+
+    @Override
+    public void addTestRealms(List<RealmRepresentation> testRealms) {
+        testRealms.add(loadRealm("/mellon-realm.json"));
+    }
+
+    @Test
+    public void modAuthMellonTest() throws TransformerException {
+        testRealmPage.setAuthRealm("mellon-test");
+        testRealmSAMLLoginPage.setAuthRealm("mellon-test");
+
+        modAuthMellonUnprotectedResourcePage.navigateTo();
+        assertTrue(driver.getPageSource().contains("Unprotected resource"));
+
+        modAuthMellonProtectedResourcePage.navigateTo();
+        URLAssert.assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+        testRealmSAMLLoginPage.form().login(bburkeUser);
+        assertTrue(driver.getPageSource().contains("Protected resource"));
+
+        modAuthMellonProtectedResourcePage.logout();
+        assertTrue(driver.getPageSource().contains("Unprotected resource"));
+
+        modAuthMellonProtectedResourcePage.navigateTo();
+        URLAssert.assertCurrentUrlStartsWith(testRealmSAMLLoginPage);
+    }
+}

testsuite/integration-arquillian/tests/other/pom.xml

@@ -117,6 +117,12 @@
                 <module>console</module>
             </modules>
         </profile>
+        <profile>
+            <id>mod_auth_mellon</id>
+            <modules>
+                <module>mod_auth_mellon</module>
+            </modules>
+        </profile>
     </profiles>
 
 </project>

testsuite/integration-arquillian/tests/pom.xml

@@ -35,6 +35,7 @@
         <auth.server.management.port>10090</auth.server.management.port>
         <auth.server.management.port.jmx>10099</auth.server.management.port.jmx>
         <auth.server.ssl.required>false</auth.server.ssl.required>
+        <apache.mod_auth_mellon.url>http://localhost:8380</apache.mod_auth_mellon.url>
         <startup.timeout.sec>60</startup.timeout.sec>
         
         <browser>phantomjs</browser>