Add tests for mod_auth_mellon

This commit is contained in:
mhajas 2016-02-18 14:26:14 +01:00
parent d5a57a2bbd
commit 2c1b13d6c2
19 changed files with 580 additions and 375 deletions

View file

@ -1,17 +1,19 @@
# Mod_auth_mellon test
## Docker image
## Docker images
Docker image contains apache + mod_auth_mellon and two html files unprotected (/) and protected (/auth).
Each docker image contains apache + mod_auth_mellon and two html files unprotected (/) and protected (/auth).
## Build docker image
## Build docker images
docker build -t apache-mellon docker/
docker build -t apache-mellon2 docker2/
## Run docker image
docker run -d -p 8380:80 apache-mellon
docker run -d -p 8480:80 apache-mellon2
## Run tests
mvn clean install [-Dapache.mod_auth_mellon.url=http://localhost:8380]
mvn clean install [-Dapache.mod_auth_mellon.url=http://localhost:8380 -Dapache.mod_auth_mellon2.url=http://localhost:8480]

View file

@ -20,8 +20,10 @@ MellonLockFile "/run/mod_auth_mellon/lock"
# It is the URL to this location that is used as the second parameter to the metadata generation script.
# This path is relative to the root of the web server.
MellonEndpointPath /mellon
MellonSessionLength 2
</Location>
<Location /auth>
MellonEnable "auth"
MellonEnable "auth"
</Location>

View file

@ -70,9 +70,6 @@
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://localhost:8380/mellon/logout"/>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://localhost:8380/mellon/logout"/>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://localhost:8380/mellon/logout"/>

View file

@ -0,0 +1,17 @@
FROM ubuntu
RUN apt-get update && apt-get install -y apache2 && apt-get install -y libapache2-mod-auth-mellon
RUN mkdir /etc/apache2/mellon
COPY mellon/* /etc/apache2/mellon/
COPY auth_mellon.conf /etc/apache2/mods-enabled/
COPY www/* /var/www/html/
RUN mkdir /var/www/html/auth2
COPY www/auth2/* /var/www/html/auth2/
CMD /usr/sbin/apache2ctl -D FOREGROUND

View file

@ -0,0 +1,31 @@
MellonCacheSize 100
MellonLockFile "/run/mod_auth_mellon/lock"
# This is a server-wide configuration that will add information from the Mellon session to all requests.
<Location />
# Add information from the mod_auth_mellon session to the request.
MellonEnable "info"
# Configure the SP metadata
# This should be the files which were created when creating SP metadata.
MellonSPPrivateKeyFile /etc/apache2/mellon/http_localhost_auth_.key
MellonSPCertFile /etc/apache2/mellon/http_localhost_auth_.cert
MellonSPMetadataFile /etc/apache2/mellon/http_localhost_auth_.xml
# IdP metadata. This should be the metadata file you got from the IdP.
MellonIdPMetadataFile /etc/apache2/mellon/idp-metadata.xml
# The location all endpoints should be located under.
# It is the URL to this location that is used as the second parameter to the metadata generation script.
# This path is relative to the root of the web server.
MellonEndpointPath /mellon
MellonVariable "cookie2"
</Location>
<Location /auth2>
MellonEnable "auth"
MellonCond "Role" "manager"
</Location>

View file

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICrjCCAZYCCQCrriL//w2/KDANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5s
b2NhbGhvc3Q6ODQ4MDAeFw0xNjAyMTcxMDQzMjhaFw0yNjAyMTYxMDQzMjhaMBkx
FzAVBgNVBAMMDmxvY2FsaG9zdDo4NDgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAw0VE8Q0jNc2bl0OSZWvKQQIIowBie3rGgRfBB0TzO5sjBbJSQYPh
HBWb61gB4Cx1TvCQdefgVvhB1Heq9VFdRKRtZLl2I9RaOYPpLpBXLl10yHLGUKMz
KVT1bpKNY4hCDN46nrxiYcbi+ZLsiezAITLEsPls2KWq5IFb0Nh/8aLRv3glk1aL
aUtSSM1c/qGk7al9rfjG6HuUutaOYtpy4dTTsMkKUmHwBTeMkSYzLnmNVgyRFN8Q
WPf02B1TtL5cEfrm7frWsSKxUmVcmz5pz3akjd5HD3tNJC1RGCoWQG61g7hW25y1
MRHcYXlJajSFp9KmGbkB30OpTJgky7NpGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
AQApi0LyRNInVXfKqdAo1dMRzVso5CPSVuNUd/YwdRS5aYtGUx44SA2kGnuzo9XP
c0OSJzuMMPRuwkL91Du8283rQT1wERvJrt1Zbs90RAwNNvpTZ4uzgZp/Kxlr8tQ8
LuUsUcbBgNuI9LV51po0yZlxXGu/pfs7HNRVV2zfItkAO7OKj00f+Mn0+JLhJ9PJ
oYvfPFQnAU3oFkYlc7FIYUeFKbFFG9KCkwb39vkuIHjcCEVFBCkdERefTBBptmXd
emOI+tY7m1pzpkVzNDGX0OtEoGDokZHKL9xJUPU5Ao15OhVY0bp84uf1wjVvDVrg
/8HfSSKirVjrlumRGariq8aw
-----END CERTIFICATE-----

View file

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDDRUTxDSM1zZuX
Q5Jla8pBAgijAGJ7esaBF8EHRPM7myMFslJBg+EcFZvrWAHgLHVO8JB15+BW+EHU
d6r1UV1EpG1kuXYj1Fo5g+kukFcuXXTIcsZQozMpVPVuko1jiEIM3jqevGJhxuL5
kuyJ7MAhMsSw+WzYparkgVvQ2H/xotG/eCWTVotpS1JIzVz+oaTtqX2t+Mboe5S6
1o5i2nLh1NOwyQpSYfAFN4yRJjMueY1WDJEU3xBY9/TYHVO0vlwR+ubt+taxIrFS
ZVybPmnPdqSN3kcPe00kLVEYKhZAbrWDuFbbnLUxEdxheUlqNIWn0qYZuQHfQ6lM
mCTLs2kZAgMBAAECggEARTJu090L9Sz/TgMsBbTE33SRCvI/8/H2FhkM1j6g0yaO
qp4eeAj75K/jqOpu/7nBeE/XYXDiFu+ypFAjzPsgSgramS7/poLB1k/gehe8TTnh
AIdrr3el0afBsYVNhU/r2BOIQmgPlQaduENQfy/eheUvvmclI0DR5lfQ6ZlO/ZlO
s/agiziupR9ceHYCTkQpc9GI/byvVBdXIp9PSMjNhBcYv3SUP1FnhWoV2tlAZwOm
VfB6yvZtNLp952AvsKxun6lmQQDsNhiWzCGw6cHf/aFPjEttLKHv0u6mobpM/d95
AF+bifCweJZnfrYCE2sHTX8rzXoQ6laP6m0d8bYlgQKBgQDgsHUXSGCQYTvcmwQF
CMhk5arQGjg7PHzFj0Mv/45b1X19MYnTRNpFx5G2Rpa4+5EKEVguUZlUXeVAxfx5
nn/R6GCSqcOqf+Fb4nRDJrYABJIVCywEeUqRdZjt3VsFBIcXykTItVC4eBDlwNIy
5ELB8QL7pgRAso3LVBfRdv+SjQKBgQDee1UEkncP9JfzslhCqSUXjgCnPGMDmCsh
bMLhE5PNiVYMymjitJPY50weBOeJt2e0SBGWwPdWF7yEm11bWyjEDgA0lOndiuLV
hHvCHUmbRQOh968+4dzSBvUb4llxcQfncs8MPI+ZJeyXghSENY1KzqNLbQcMb49k
y0uWRqLTvQKBgQCST9Wvl53p5qdIfFkdvh5gNX4JjUlYqYbGTwf9VXiqLFdPEtch
EBDip5YnD8hOJOLJn4nAf7pMyefjSgmiWKf7VEqutoWHnUZuwwPaRnb1hARsV54O
O71nAyDWo/IFTnF5+GjaGde6h9TZB7rZEPK3v+2lWPIj/yF+agAokkjScQKBgQCs
KVAe26AazrGPOSEnZHB5i79hqk8MhwJJOTqMpXOoh2/5MeB8HjSSklnKmQz6+tvb
HDHQML609mVBUGCrwx0Gqbbq+ZkHgOQLShvimHtPFda7zUjlJi6UsCGYVE3WhRsS
tTsXQv30Cu7MRzLNJAuUKdcfFN1xeBrEarSxMzPpGQKBgQCGyCSxoHafI78fuLB8
lfMif3QcILxn409GxypMEc5G7iWyo+vfoMmRNjcr6zZ1luvmTqHl7mAroUpJ9X33
6Ctw4O3r/utS03AwwOaEfpmlxMQVu5ySFICqZjMHHjvbUFQE2KPlQOqcjChT4S3n
2vRK05BKbdFqlCprQtFtkA3q+g==
-----END PRIVATE KEY-----

View file

@ -0,0 +1,72 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor
entityID="http://localhost:8480/auth2"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<SPSSODescriptor
AuthnRequestsSigned="false"
WantAssertionsSigned="false"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIICrjCCAZYCCQCrriL//w2/KDANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5s
b2NhbGhvc3Q6ODQ4MDAeFw0xNjAyMTcxMDQzMjhaFw0yNjAyMTYxMDQzMjhaMBkx
FzAVBgNVBAMMDmxvY2FsaG9zdDo4NDgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAw0VE8Q0jNc2bl0OSZWvKQQIIowBie3rGgRfBB0TzO5sjBbJSQYPh
HBWb61gB4Cx1TvCQdefgVvhB1Heq9VFdRKRtZLl2I9RaOYPpLpBXLl10yHLGUKMz
KVT1bpKNY4hCDN46nrxiYcbi+ZLsiezAITLEsPls2KWq5IFb0Nh/8aLRv3glk1aL
aUtSSM1c/qGk7al9rfjG6HuUutaOYtpy4dTTsMkKUmHwBTeMkSYzLnmNVgyRFN8Q
WPf02B1TtL5cEfrm7frWsSKxUmVcmz5pz3akjd5HD3tNJC1RGCoWQG61g7hW25y1
MRHcYXlJajSFp9KmGbkB30OpTJgky7NpGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
AQApi0LyRNInVXfKqdAo1dMRzVso5CPSVuNUd/YwdRS5aYtGUx44SA2kGnuzo9XP
c0OSJzuMMPRuwkL91Du8283rQT1wERvJrt1Zbs90RAwNNvpTZ4uzgZp/Kxlr8tQ8
LuUsUcbBgNuI9LV51po0yZlxXGu/pfs7HNRVV2zfItkAO7OKj00f+Mn0+JLhJ9PJ
oYvfPFQnAU3oFkYlc7FIYUeFKbFFG9KCkwb39vkuIHjcCEVFBCkdERefTBBptmXd
emOI+tY7m1pzpkVzNDGX0OtEoGDokZHKL9xJUPU5Ao15OhVY0bp84uf1wjVvDVrg
/8HfSSKirVjrlumRGariq8aw</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIICrjCCAZYCCQCrriL//w2/KDANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5s
b2NhbGhvc3Q6ODQ4MDAeFw0xNjAyMTcxMDQzMjhaFw0yNjAyMTYxMDQzMjhaMBkx
FzAVBgNVBAMMDmxvY2FsaG9zdDo4NDgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAw0VE8Q0jNc2bl0OSZWvKQQIIowBie3rGgRfBB0TzO5sjBbJSQYPh
HBWb61gB4Cx1TvCQdefgVvhB1Heq9VFdRKRtZLl2I9RaOYPpLpBXLl10yHLGUKMz
KVT1bpKNY4hCDN46nrxiYcbi+ZLsiezAITLEsPls2KWq5IFb0Nh/8aLRv3glk1aL
aUtSSM1c/qGk7al9rfjG6HuUutaOYtpy4dTTsMkKUmHwBTeMkSYzLnmNVgyRFN8Q
WPf02B1TtL5cEfrm7frWsSKxUmVcmz5pz3akjd5HD3tNJC1RGCoWQG61g7hW25y1
MRHcYXlJajSFp9KmGbkB30OpTJgky7NpGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
AQApi0LyRNInVXfKqdAo1dMRzVso5CPSVuNUd/YwdRS5aYtGUx44SA2kGnuzo9XP
c0OSJzuMMPRuwkL91Du8283rQT1wERvJrt1Zbs90RAwNNvpTZ4uzgZp/Kxlr8tQ8
LuUsUcbBgNuI9LV51po0yZlxXGu/pfs7HNRVV2zfItkAO7OKj00f+Mn0+JLhJ9PJ
oYvfPFQnAU3oFkYlc7FIYUeFKbFFG9KCkwb39vkuIHjcCEVFBCkdERefTBBptmXd
emOI+tY7m1pzpkVzNDGX0OtEoGDokZHKL9xJUPU5Ao15OhVY0bp84uf1wjVvDVrg
/8HfSSKirVjrlumRGariq8aw</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://localhost:8480/mellon/logout" />
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://localhost:8480/mellon/logout"/>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<AssertionConsumerService
index="0"
isDefault="true"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://localhost:8480/mellon/postResponse" />
<AssertionConsumerService
index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="http://localhost:8480/mellon/artifactResponse" />
<AssertionConsumerService
index="2"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
Location="http://localhost:8480/mellon/paosResponse" />
</SPSSODescriptor>
</EntityDescriptor>

View file

@ -0,0 +1,51 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" Name="urn:keycloak">
<EntityDescriptor entityID="http://localhost:8180/auth/realms/mellon-test">
<IDPSSODescriptor WantAuthnRequestsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
</NameIDFormat>
<NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
</NameIDFormat>
<NameIDFormat>
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
</NameIDFormat>
<NameIDFormat>
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://localhost:8180/auth/realms/mellon-test/protocol/saml"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://localhost:8180/auth/realms/mellon-test/protocol/saml"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://localhost:8180/auth/realms/mellon-test/protocol/saml"/>
<KeyDescriptor use="signing">
<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:X509Data>
<dsig:X509Certificate>
MIICpTCCAY0CBgFSP3CJrTANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAttZWxsb24tdGVzdDAeFw0xNjAxMTQwOTE5NDVaFw0yNjAxMTQwOTIxMjVaMBYxFDASBgNVBAMMC21lbGxvbi10ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaZ6nndLegc+aKXNog08KdWOIZfr393e0nlqZ3SzNCYJ+IrSAWepCNvUW4W0samrtC47XBYNJwBSw9KCLNcpOeR7IC+gtmm8t9VH0QRxDEOvoLoj0zMkuaBhF+1NZdt6kc5gYVSeymkFSG/Eyz06Zo9zfhb52tUK83hYPcRE2azBDAuffnnHGg+fiCMZtMz7qCYXSoGy15odM1AypILDGxCtDpk0nPmwp6AlA7LpWLKYFEXrXhPmZGw2eDA6FqLFYgBovffJzFy1WzqpAzpKbYqVbb/yKUbv5NI4ELlOdjvXfoB7wOp3cHwnuq1G8YjR7OKLeVtszKXUPCjwFSZnFwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBwRkPh3pSAG1UWr1rJW9LMVdfu6KFsVTCMqExuJKUrH4hAPKXXi9iEAyiB/+NdnG8bgvU0xhdH9lW51J1JpH3xRtOMV+1CAZB41RFx1r/zJg0Zrdbfodv1UFJtLhSIKhKnfoSdlml2O9SHwd4VQmwz/QQqzBIS+yJDv7cOxMRszryWq5aWCPMosxwuAJzjwlF6jBHqidkd4EGTNMDK1pDZN1voiYS0ry7h7Lcq2ZbrBFzBqzHvXieym68ACDHr5hkKe065ne1hCgO/+POsAi6VU+qlSbzsD9NenHP60c9+Dt/IY9DeX6IubXChcW5A+qnb5qRWBtwXshfcsDFHYkBJ
</dsig:X509Certificate>
</dsig:X509Data>
</dsig:KeyInfo>
</KeyDescriptor>
</IDPSSODescriptor>
</EntityDescriptor>
</EntitiesDescriptor>

View file

@ -0,0 +1,20 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<a href="/">Go to unprotected resource</a>
<a href="/mellon/logout?ReturnTo=/">logout</a>
Protected resource 2

View file

@ -0,0 +1,19 @@
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<a href="/auth2">Go to protected resource</a>
Unprotected resource 2

View file

@ -31,4 +31,9 @@
<name>Mod_auth_mellon tests</name>
<properties>
<apache.mod_auth_mellon.url>http://localhost:8380</apache.mod_auth_mellon.url>
<apache.mod_auth_mellon2.url>http://localhost:8480</apache.mod_auth_mellon2.url>
</properties>
</project>

View file

@ -10,7 +10,7 @@ import java.net.URL;
/**
* @author mhajas
*/
public class ModAuthMellonProtectedResource extends AbstractPageWithInjectedUrl{
public class ModAuthMellonProtectedResource extends AbstractPageWithInjectedUrl {
@FindBy(linkText = "logout")
private WebElement logoutButton;
@ -18,7 +18,7 @@ public class ModAuthMellonProtectedResource extends AbstractPageWithInjectedUrl{
@Override
public URL getInjectedUrl() {
try {
return new URL(System.getProperty("apache.mod_auth_mellon.url","http://localhost:8380") + "/auth");
return new URL(System.getProperty("apache.mod_auth_mellon.url", "http://localhost:8380") + "/auth");
} catch (MalformedURLException e) {
e.printStackTrace();
}

View file

@ -0,0 +1,32 @@
package org.keycloak.testsuite.mod_auth_mellon;
import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
import java.net.MalformedURLException;
import java.net.URL;
/**
* @author mhajas
*/
public class ModAuthMellonProtectedResource2 extends AbstractPageWithInjectedUrl {
@FindBy(linkText = "logout")
private WebElement logoutButton;
@Override
public URL getInjectedUrl() {
try {
return new URL(System.getProperty("apache.mod_auth_mellon2.url", "http://localhost:8480") + "/auth2");
} catch (MalformedURLException e) {
e.printStackTrace();
}
return null;
}
public void logout() {
logoutButton.click();
}
}

View file

@ -8,12 +8,12 @@ import java.net.URL;
/**
* @author mhajas
*/
public class ModAuthMellonUnprotectedResource extends AbstractPageWithInjectedUrl{
public class ModAuthMellonUnprotectedResource extends AbstractPageWithInjectedUrl {
@Override
public URL getInjectedUrl() {
try {
return new URL(System.getProperty("apache.mod_auth_mellon.url","http://localhost:8380/"));
return new URL(System.getProperty("apache.mod_auth_mellon.url", "http://localhost:8380/"));
} catch (MalformedURLException e) {
e.printStackTrace();
}

View file

@ -0,0 +1,23 @@
package org.keycloak.testsuite.mod_auth_mellon;
import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
import java.net.MalformedURLException;
import java.net.URL;
/**
* @author mhajas
*/
public class ModAuthMellonUnprotectedResource2 extends AbstractPageWithInjectedUrl {
@Override
public URL getInjectedUrl() {
try {
return new URL(System.getProperty("apache.mod_auth_mellon2.url", "http://localhost:8480/"));
} catch (MalformedURLException e) {
e.printStackTrace();
}
return null;
}
}

View file

@ -6,11 +6,11 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractAuthTest;
import org.keycloak.testsuite.util.URLAssert;
import javax.xml.transform.TransformerException;
import java.util.List;
import static org.junit.Assert.assertTrue;
import static org.keycloak.testsuite.util.IOUtil.loadRealm;
import static org.keycloak.testsuite.util.WaitUtils.pause;
/**
* @author mhajas
@ -22,26 +22,69 @@ public class ModAuthMellonTest extends AbstractAuthTest {
@Page
private ModAuthMellonUnprotectedResource modAuthMellonUnprotectedResourcePage;
@Page
private ModAuthMellonProtectedResource2 modAuthMellonProtectedResourcePage2;
@Page
private ModAuthMellonUnprotectedResource2 modAuthMellonUnprotectedResourcePage2;
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add(loadRealm("/mellon-realm.json"));
}
@Test
public void modAuthMellonTest() throws TransformerException {
@Override
public void setDefaultPageUriParameters() {
super.setDefaultPageUriParameters();
testRealmPage.setAuthRealm("mellon-test");
testRealmSAMLRedirectLoginPage.setAuthRealm("mellon-test");
}
modAuthMellonUnprotectedResourcePage.navigateTo();
assertTrue(driver.getPageSource().contains("Unprotected resource"));
@Test
public void singleLoginAndLogoutTest() {
modAuthMellonProtectedResourcePage.navigateTo();
URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);
testRealmSAMLRedirectLoginPage.form().login(bburkeUser);
assertTrue(driver.getPageSource().contains("Protected resource"));
modAuthMellonProtectedResourcePage2.navigateTo();
assertTrue(driver.getPageSource().contains("Protected resource 2"));
modAuthMellonProtectedResourcePage2.logout();
assertTrue(driver.getPageSource().contains("Unprotected resource 2"));
modAuthMellonProtectedResourcePage2.navigateTo();
URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);
pause(2000); //session length
modAuthMellonProtectedResourcePage.navigateTo();
URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);
}
@Test
public void unauthorizedSSO() {
modAuthMellonProtectedResourcePage2.navigateTo();
URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);
testRealmSAMLRedirectLoginPage.form().login("unauthorized", "password");
assertTrue(driver.getPageSource().contains("Forbidden"));
modAuthMellonProtectedResourcePage.navigateTo();
assertTrue(driver.getPageSource().contains("Protected resource"));
modAuthMellonProtectedResourcePage.logout();
assertTrue(driver.getPageSource().contains("Unprotected resource"));
}
@Test
public void sessionExpiration() {
RealmRepresentation realm = testRealmResource().toRepresentation();
realm.setSsoSessionIdleTimeout(2);
testRealmResource().update(realm);
modAuthMellonProtectedResourcePage.navigateTo();
testRealmSAMLRedirectLoginPage.form().login(bburkeUser);
assertTrue(driver.getPageSource().contains("Protected resource"));
pause(2000); //session length
modAuthMellonProtectedResourcePage.navigateTo();
URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);

View file

@ -1,11 +1,11 @@
{
"id" : "mellon-test",
"realm" : "mellon-test",
"notBefore" : 1453206021,
"notBefore" : 1455704705,
"revokeRefreshToken" : false,
"accessTokenLifespan" : 300,
"accessTokenLifespanForImplicitFlow" : 900,
"ssoSessionIdleTimeout" : 1800,
"ssoSessionIdleTimeout" : 2,
"ssoSessionMaxLifespan" : 36000,
"offlineSessionIdleTimeout" : 2592000,
"accessCodeLifespan" : 60,
@ -32,8 +32,8 @@
"codeSecret" : "6ed3c059-96b4-46d2-a385-c25ea96853ca",
"roles" : {
"realm" : [ {
"id" : "6314a145-4654-45b8-bc05-3b6a01e76236",
"name" : "test-Role",
"id" : "a0d0115b-3baf-484c-88ce-99de03bf6c78",
"name" : "manager",
"scopeParamRequired" : false,
"composite" : false
}, {
@ -130,6 +130,7 @@
} ],
"http://localhost:8380/auth" : [ ],
"security-admin-console" : [ ],
"http://localhost:8480/auth2" : [ ],
"admin-cli" : [ ],
"broker" : [ {
"id" : "b0fbb4b2-6632-4c26-8292-c90a64dbf145",
@ -163,16 +164,39 @@
"otpPolicyLookAheadWindow" : 1,
"otpPolicyPeriod" : 30,
"users" : [ {
"id" : "df34636d-0ade-4843-9d85-68784c541bc9",
"createdTimestamp" : 1452774520942,
"id" : "b35d3909-3549-4f35-ad0f-918a7c1febb1",
"createdTimestamp" : 1455795133502,
"username" : "bburke",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"credentials" : [ {
"type" : "password",
"hashedSaltedValue" : "J53IPqrQcatayK0PB3vY+sxz6Zc9rUwdFiSbMyaLNmvtcCkJ3WElIFAcsLoA7i+rwvQu/VrN+JGi32sxEzQVNg==",
"salt" : "sfDAWuC3Ue2DB9+WNmRWRw==",
"hashedSaltedValue" : "EpVg7wGyRQ4RnG3aCLmytH+zdTp+qCUEvJ9Yqsxm30i8gJmEsXRMjbRkyU58ewcXMB4ZyJsmQJsWPGdANRvAww==",
"salt" : "2UuR1SdDCrhQ89UBFmEMuw==",
"hashIterations" : 1,
"counter" : 0,
"algorithm" : "pbkdf2",
"digits" : 0
} ],
"requiredActions" : [ ],
"realmRoles" : [ "manager", "offline_access" ],
"clientRoles" : {
"account" : [ "view-profile", "manage-account" ]
},
"groups" : [ ]
}, {
"id" : "1dd66fff-71b5-4849-b782-cf612198f53e",
"createdTimestamp" : 1455795084424,
"username" : "unauthorized",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"email" : "",
"credentials" : [ {
"type" : "password",
"hashedSaltedValue" : "IYB496W8mrwAzUDz8ehqiY6SnzjZs3OvLLrUdJwXUwbOBkRFUJqsCPbEsFlDUSX7BK8MZmD7cdPIBWT/g1m9XA==",
"salt" : "qRdAqSdsUCR3bO9VJU47JA==",
"hashIterations" : 1,
"counter" : 0,
"algorithm" : "pbkdf2",
@ -299,12 +323,13 @@
"useTemplateScope" : false,
"useTemplateMappers" : false
}, {
"id" : "23254f13-034e-4aa2-8d11-f475c48c5469",
"id" : "cb6eb8e4-73bf-4ccc-b817-c4f8547ae5eb",
"clientId" : "http://localhost:8380/auth",
"adminUrl" : "http://localhost:8380/mellon",
"surrogateAuthRequired" : false,
"enabled" : true,
"clientAuthenticatorType" : "client-secret",
"secret" : "c2ffb410-6f8b-4f76-a3c7-c5ab21349fa5",
"secret" : "0f0aff29-3677-4b88-920f-90cce19230aa",
"redirectUris" : [ "http://localhost:8380/mellon/postResponse" ],
"webOrigins" : [ "http://localhost:8380" ],
"notBefore" : 0,
@ -321,6 +346,7 @@
"saml.assertion.signature" : "true",
"saml.force.post.binding" : "true",
"saml.multivalued.roles" : "false",
"saml_single_logout_service_url_post" : "",
"saml.encrypt" : "true",
"saml_assertion_consumer_url_post" : "http://localhost:8380/mellon/postResponse",
"saml.server.signature" : "true",
@ -337,32 +363,7 @@
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"protocolMappers" : [ {
"id" : "e9cc0f08-519b-445f-9134-38811bf94b0c",
"name" : "username",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : true,
"consentText" : "${username}",
"config" : {
"user.attribute" : "username",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "preferred_username",
"jsonType.label" : "String"
}
}, {
"id" : "f4663aad-3083-42b0-b6cb-6f88f623a8be",
"name" : "full name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-full-name-mapper",
"consentRequired" : true,
"consentText" : "${fullName}",
"config" : {
"id.token.claim" : "true",
"access.token.claim" : "true"
}
}, {
"id" : "adb045fd-1f27-41cc-b80f-99592899cef7",
"id" : "d625890e-1a84-49a7-9bac-bad1db194882",
"name" : "family name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
@ -376,21 +377,7 @@
"jsonType.label" : "String"
}
}, {
"id" : "bcfb2c33-8da8-49ad-9166-cbadd0079bd5",
"name" : "given name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : true,
"consentText" : "${givenName}",
"config" : {
"user.attribute" : "firstName",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "given_name",
"jsonType.label" : "String"
}
}, {
"id" : "0d969f92-4339-427a-9160-94ce11220628",
"id" : "b567a20e-2e03-4b64-917b-2793a74b4244",
"name" : "email",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
@ -404,7 +391,46 @@
"jsonType.label" : "String"
}
}, {
"id" : "31edca8e-05fa-492c-b586-e66f12726398",
"id" : "4be3487c-c7ff-409f-a672-138d604eed4b",
"name" : "given name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : true,
"consentText" : "${givenName}",
"config" : {
"user.attribute" : "firstName",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "given_name",
"jsonType.label" : "String"
}
}, {
"id" : "8819f0d3-4db4-42a4-aed4-27b8dea9bbf7",
"name" : "username",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : true,
"consentText" : "${username}",
"config" : {
"user.attribute" : "username",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "preferred_username",
"jsonType.label" : "String"
}
}, {
"id" : "d74f0c8f-7b6d-4ef5-ac57-31cef5d125e7",
"name" : "full name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-full-name-mapper",
"consentRequired" : true,
"consentText" : "${fullName}",
"config" : {
"id.token.claim" : "true",
"access.token.claim" : "true"
}
}, {
"id" : "6353424c-e417-47d3-95b1-878e649e7e49",
"name" : "role list",
"protocol" : "saml",
"protocolMapper" : "saml-role-list-mapper",
@ -537,6 +563,128 @@
"useTemplateConfig" : false,
"useTemplateScope" : false,
"useTemplateMappers" : false
}, {
"id" : "cda86e1f-00bd-4727-b4b3-b35357161964",
"clientId" : "http://localhost:8480/auth2",
"adminUrl" : "http://localhost:8480/mellon",
"surrogateAuthRequired" : false,
"enabled" : true,
"clientAuthenticatorType" : "client-secret",
"secret" : "e75b6e1b-030f-4630-8e6f-631f4891c79a",
"redirectUris" : [ "http://localhost:8480/mellon/postResponse" ],
"webOrigins" : [ "http://localhost:8480" ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : false,
"frontchannelLogout" : true,
"protocol" : "saml",
"attributes" : {
"saml.assertion.signature" : "false",
"saml.force.post.binding" : "true",
"saml.multivalued.roles" : "false",
"saml_single_logout_service_url_post" : "",
"saml.encrypt" : "false",
"saml_assertion_consumer_url_post" : "http://localhost:8480/mellon/postResponse",
"saml.server.signature" : "true",
"saml.signing.certificate" : "MIICrjCCAZYCCQCrriL//w2/KDANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5sb2NhbGhvc3Q6ODQ4MDAeFw0xNjAyMTcxMDQzMjhaFw0yNjAyMTYxMDQzMjhaMBkxFzAVBgNVBAMMDmxvY2FsaG9zdDo4NDgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0VE8Q0jNc2bl0OSZWvKQQIIowBie3rGgRfBB0TzO5sjBbJSQYPhHBWb61gB4Cx1TvCQdefgVvhB1Heq9VFdRKRtZLl2I9RaOYPpLpBXLl10yHLGUKMzKVT1bpKNY4hCDN46nrxiYcbi+ZLsiezAITLEsPls2KWq5IFb0Nh/8aLRv3glk1aLaUtSSM1c/qGk7al9rfjG6HuUutaOYtpy4dTTsMkKUmHwBTeMkSYzLnmNVgyRFN8QWPf02B1TtL5cEfrm7frWsSKxUmVcmz5pz3akjd5HD3tNJC1RGCoWQG61g7hW25y1MRHcYXlJajSFp9KmGbkB30OpTJgky7NpGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQApi0LyRNInVXfKqdAo1dMRzVso5CPSVuNUd/YwdRS5aYtGUx44SA2kGnuzo9XPc0OSJzuMMPRuwkL91Du8283rQT1wERvJrt1Zbs90RAwNNvpTZ4uzgZp/Kxlr8tQ8LuUsUcbBgNuI9LV51po0yZlxXGu/pfs7HNRVV2zfItkAO7OKj00f+Mn0+JLhJ9PJoYvfPFQnAU3oFkYlc7FIYUeFKbFFG9KCkwb39vkuIHjcCEVFBCkdERefTBBptmXdemOI+tY7m1pzpkVzNDGX0OtEoGDokZHKL9xJUPU5Ao15OhVY0bp84uf1wjVvDVrg/8HfSSKirVjrlumRGariq8aw",
"saml_single_logout_service_url_redirect" : "http://localhost:8480/mellon/logout",
"saml.signature.algorithm" : "RSA_SHA1",
"saml_force_name_id_format" : "false",
"saml.client.signature" : "true",
"saml.encryption.certificate" : "MIICrjCCAZYCCQCrriL//w2/KDANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5sb2NhbGhvc3Q6ODQ4MDAeFw0xNjAyMTcxMDQzMjhaFw0yNjAyMTYxMDQzMjhaMBkxFzAVBgNVBAMMDmxvY2FsaG9zdDo4NDgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0VE8Q0jNc2bl0OSZWvKQQIIowBie3rGgRfBB0TzO5sjBbJSQYPhHBWb61gB4Cx1TvCQdefgVvhB1Heq9VFdRKRtZLl2I9RaOYPpLpBXLl10yHLGUKMzKVT1bpKNY4hCDN46nrxiYcbi+ZLsiezAITLEsPls2KWq5IFb0Nh/8aLRv3glk1aLaUtSSM1c/qGk7al9rfjG6HuUutaOYtpy4dTTsMkKUmHwBTeMkSYzLnmNVgyRFN8QWPf02B1TtL5cEfrm7frWsSKxUmVcmz5pz3akjd5HD3tNJC1RGCoWQG61g7hW25y1MRHcYXlJajSFp9KmGbkB30OpTJgky7NpGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQApi0LyRNInVXfKqdAo1dMRzVso5CPSVuNUd/YwdRS5aYtGUx44SA2kGnuzo9XPc0OSJzuMMPRuwkL91Du8283rQT1wERvJrt1Zbs90RAwNNvpTZ4uzgZp/Kxlr8tQ8LuUsUcbBgNuI9LV51po0yZlxXGu/pfs7HNRVV2zfItkAO7OKj00f+Mn0+JLhJ9PJoYvfPFQnAU3oFkYlc7FIYUeFKbFFG9KCkwb39vkuIHjcCEVFBCkdERefTBBptmXdemOI+tY7m1pzpkVzNDGX0OtEoGDokZHKL9xJUPU5Ao15OhVY0bp84uf1wjVvDVrg/8HfSSKirVjrlumRGariq8aw",
"saml.authnstatement" : "true",
"saml_name_id_format" : "username",
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
},
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"protocolMappers" : [ {
"id" : "875d9e9f-cd71-40d3-9e63-1c8d6665b63c",
"name" : "given name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : true,
"consentText" : "${givenName}",
"config" : {
"user.attribute" : "firstName",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "given_name",
"jsonType.label" : "String"
}
}, {
"id" : "324e28d0-fb0a-4cc1-9916-d5cd10221b23",
"name" : "full name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-full-name-mapper",
"consentRequired" : true,
"consentText" : "${fullName}",
"config" : {
"id.token.claim" : "true",
"access.token.claim" : "true"
}
}, {
"id" : "9d5b4f3f-79f0-4d62-a13b-53f44587fb1f",
"name" : "username",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : true,
"consentText" : "${username}",
"config" : {
"user.attribute" : "username",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "preferred_username",
"jsonType.label" : "String"
}
}, {
"id" : "af50e3ab-8959-467f-84fe-f7a9ac9d4383",
"name" : "email",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : true,
"consentText" : "${email}",
"config" : {
"user.attribute" : "email",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "email",
"jsonType.label" : "String"
}
}, {
"id" : "7a7a7fab-d464-451c-9025-bfc4f4629189",
"name" : "family name",
"protocol" : "openid-connect",
"protocolMapper" : "oidc-usermodel-property-mapper",
"consentRequired" : true,
"consentText" : "${familyName}",
"config" : {
"user.attribute" : "lastName",
"id.token.claim" : "true",
"access.token.claim" : "true",
"claim.name" : "family_name",
"jsonType.label" : "String"
}
}, {
"id" : "86731f18-9114-428b-bf9e-102e2931adc6",
"name" : "role list",
"protocol" : "saml",
"protocolMapper" : "saml-role-list-mapper",
"consentRequired" : false,
"config" : {
"single" : "false",
"attribute.nameformat" : "Basic",
"attribute.name" : "Role"
}
} ],
"useTemplateConfig" : false,
"useTemplateScope" : false,
"useTemplateMappers" : false
}, {
"id" : "14abd995-d10a-4da3-85cf-0c6fbb65ce41",
"clientId" : "admin-cli",
@ -860,310 +1008,9 @@
"smtpServer" : { },
"eventsEnabled" : true,
"eventsListeners" : [ "jboss-logging" ],
"enabledEventTypes" : [ "SEND_RESET_PASSWORD", "UPDATE_TOTP", "REMOVE_TOTP", "REVOKE_GRANT", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", "CODE_TO_TOKEN_ERROR", "CUSTOM_REQUIRED_ACTION", "UPDATE_PROFILE_ERROR", "IMPERSONATE", "LOGIN", "UPDATE_PASSWORD_ERROR", "REGISTER", "LOGOUT", "CLIENT_REGISTER", "UPDATE_PASSWORD", "FEDERATED_IDENTITY_LINK_ERROR", "CLIENT_DELETE", "IDENTITY_PROVIDER_FIRST_LOGIN", "VERIFY_EMAIL", "CLIENT_DELETE_ERROR", "CLIENT_LOGIN_ERROR", "REMOVE_FEDERATED_IDENTITY_ERROR", "EXECUTE_ACTIONS", "SEND_IDENTITY_PROVIDER_LINK_ERROR", "SEND_VERIFY_EMAIL", "EXECUTE_ACTIONS_ERROR", "REMOVE_FEDERATED_IDENTITY", "IDENTITY_PROVIDER_POST_LOGIN", "UPDATE_EMAIL", "REGISTER_ERROR", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", "CLIENT_UPDATE_ERROR", "UPDATE_PROFILE", "FEDERATED_IDENTITY_LINK", "CLIENT_REGISTER_ERROR", "SEND_VERIFY_EMAIL_ERROR", "SEND_IDENTITY_PROVIDER_LINK", "RESET_PASSWORD", "REMOVE_TOTP_ERROR", "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "CUSTOM_REQUIRED_ACTION_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" ],
"enabledEventTypes" : [ ],
"adminEventsEnabled" : false,
"adminEventsDetailsEnabled" : false,
"internationalizationEnabled" : false,
"supportedLocales" : [ ],
"authenticationFlows" : [ {
"alias" : "Handle Existing Account",
"description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-confirm-link",
"autheticatorFlow" : false,
"requirement" : "REQUIRED",
"userSetupAllowed" : false,
"priority" : 10
}, {
"authenticator" : "idp-email-verification",
"autheticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"userSetupAllowed" : false,
"priority" : 20
}, {
"flowAlias" : "Verify Existing Account by Re-authentication",
"autheticatorFlow" : true,
"requirement" : "ALTERNATIVE",
"userSetupAllowed" : false,
"priority" : 30
} ]
}, {
"alias" : "Verify Existing Account by Re-authentication",
"description" : "Reauthentication of existing account",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "idp-username-password-form",
"autheticatorFlow" : false,
"requirement" : "REQUIRED",
"userSetupAllowed" : false,
"priority" : 10
}, {
"authenticator" : "auth-otp-form",
"autheticatorFlow" : false,
"requirement" : "OPTIONAL",
"userSetupAllowed" : false,
"priority" : 20
} ]
}, {
"alias" : "browser",
"description" : "browser based authentication",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "auth-cookie",
"autheticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"userSetupAllowed" : false,
"priority" : 10
}, {
"authenticator" : "auth-spnego",
"autheticatorFlow" : false,
"requirement" : "DISABLED",
"userSetupAllowed" : false,
"priority" : 20
}, {
"flowAlias" : "forms",
"autheticatorFlow" : true,
"requirement" : "ALTERNATIVE",
"userSetupAllowed" : false,
"priority" : 30
} ]
}, {
"alias" : "clients",
"description" : "Base authentication for clients",
"providerId" : "client-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "client-secret",
"autheticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"userSetupAllowed" : false,
"priority" : 10
}, {
"authenticator" : "client-jwt",
"autheticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"userSetupAllowed" : false,
"priority" : 20
} ]
}, {
"alias" : "direct grant",
"description" : "OpenID Connect Resource Owner Grant",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "direct-grant-validate-username",
"autheticatorFlow" : false,
"requirement" : "REQUIRED",
"userSetupAllowed" : false,
"priority" : 10
}, {
"authenticator" : "direct-grant-validate-password",
"autheticatorFlow" : false,
"requirement" : "REQUIRED",
"userSetupAllowed" : false,
"priority" : 20
}, {
"authenticator" : "direct-grant-validate-otp",
"autheticatorFlow" : false,
"requirement" : "OPTIONAL",
"userSetupAllowed" : false,
"priority" : 30
} ]
}, {
"alias" : "first broker login",
"description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticatorConfig" : "review profile config",
"authenticator" : "idp-review-profile",
"autheticatorFlow" : false,
"requirement" : "REQUIRED",
"userSetupAllowed" : false,
"priority" : 10
}, {
"authenticatorConfig" : "create unique user config",
"authenticator" : "idp-create-user-if-unique",
"autheticatorFlow" : false,
"requirement" : "ALTERNATIVE",
"userSetupAllowed" : false,
"priority" : 20
}, {
"flowAlias" : "Handle Existing Account",
"autheticatorFlow" : true,
"requirement" : "ALTERNATIVE",
"userSetupAllowed" : false,
"priority" : 30
} ]
}, {
"alias" : "forms",
"description" : "Username, password, otp and other auth forms.",
"providerId" : "basic-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "auth-username-password-form",
"autheticatorFlow" : false,
"requirement" : "REQUIRED",
"userSetupAllowed" : false,
"priority" : 10
}, {
"authenticator" : "auth-otp-form",
"autheticatorFlow" : false,
"requirement" : "OPTIONAL",
"userSetupAllowed" : false,
"priority" : 20
} ]
}, {
"alias" : "registration",
"description" : "registration flow",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "registration-page-form",
"flowAlias" : "registration form",
"autheticatorFlow" : true,
"requirement" : "REQUIRED",
"userSetupAllowed" : false,
"priority" : 10
} ]
}, {
"alias" : "registration form",
"description" : "registration form",
"providerId" : "form-flow",
"topLevel" : false,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "registration-user-creation",
"autheticatorFlow" : false,
"requirement" : "REQUIRED",
"userSetupAllowed" : false,
"priority" : 20
}, {
"authenticator" : "registration-profile-action",
"autheticatorFlow" : false,
"requirement" : "REQUIRED",
"userSetupAllowed" : false,
"priority" : 40
}, {
"authenticator" : "registration-password-action",
"autheticatorFlow" : false,
"requirement" : "REQUIRED",
"userSetupAllowed" : false,
"priority" : 50
}, {
"authenticator" : "registration-recaptcha-action",
"autheticatorFlow" : false,
"requirement" : "DISABLED",
"userSetupAllowed" : false,
"priority" : 60
} ]
}, {
"alias" : "reset credentials",
"description" : "Reset credentials for a user if they forgot their password or something",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "reset-credentials-choose-user",
"autheticatorFlow" : false,
"requirement" : "REQUIRED",
"userSetupAllowed" : false,
"priority" : 10
}, {
"authenticator" : "reset-credential-email",
"autheticatorFlow" : false,
"requirement" : "REQUIRED",
"userSetupAllowed" : false,
"priority" : 20
}, {
"authenticator" : "reset-password",
"autheticatorFlow" : false,
"requirement" : "REQUIRED",
"userSetupAllowed" : false,
"priority" : 30
}, {
"authenticator" : "reset-otp",
"autheticatorFlow" : false,
"requirement" : "OPTIONAL",
"userSetupAllowed" : false,
"priority" : 40
} ]
}, {
"alias" : "saml ecp",
"description" : "SAML ECP Profile Authentication Flow",
"providerId" : "basic-flow",
"topLevel" : true,
"builtIn" : true,
"authenticationExecutions" : [ {
"authenticator" : "http-basic-authenticator",
"autheticatorFlow" : false,
"requirement" : "REQUIRED",
"userSetupAllowed" : false,
"priority" : 10
} ]
} ],
"authenticatorConfig" : [ {
"alias" : "create unique user config",
"config" : {
"require.password.update.after.registration" : "false"
}
}, {
"alias" : "review profile config",
"config" : {
"update.profile.on.first.login" : "missing"
}
} ],
"requiredActions" : [ {
"alias" : "CONFIGURE_TOTP",
"name" : "Configure Totp",
"providerId" : "CONFIGURE_TOTP",
"enabled" : true,
"defaultAction" : false,
"config" : { }
}, {
"alias" : "UPDATE_PASSWORD",
"name" : "Update Password",
"providerId" : "UPDATE_PASSWORD",
"enabled" : true,
"defaultAction" : false,
"config" : { }
}, {
"alias" : "UPDATE_PROFILE",
"name" : "Update Profile",
"providerId" : "UPDATE_PROFILE",
"enabled" : true,
"defaultAction" : false,
"config" : { }
}, {
"alias" : "VERIFY_EMAIL",
"name" : "Verify Email",
"providerId" : "VERIFY_EMAIL",
"enabled" : true,
"defaultAction" : false,
"config" : { }
}, {
"alias" : "terms_and_conditions",
"name" : "Terms and Conditions",
"providerId" : "terms_and_conditions",
"enabled" : false,
"defaultAction" : false,
"config" : { }
} ],
"browserFlow" : "browser",
"registrationFlow" : "registration",
"directGrantFlow" : "direct grant",
"resetCredentialsFlow" : "reset credentials",
"clientAuthenticationFlow" : "clients"
"supportedLocales" : [ ]
}

View file

@ -52,7 +52,6 @@
<auth.server.management.port>10090</auth.server.management.port>
<auth.server.management.port.jmx>10099</auth.server.management.port.jmx>
<auth.server.ssl.required>false</auth.server.ssl.required>
<apache.mod_auth_mellon.url>http://localhost:8380</apache.mod_auth_mellon.url>
<startup.timeout.sec>60</startup.timeout.sec>
<browser>phantomjs</browser>