Add tests for mod_auth_mellon
This commit is contained in:
parent
d5a57a2bbd
commit
2c1b13d6c2
19 changed files with 580 additions and 375 deletions
|
@ -1,17 +1,19 @@
|
|||
# Mod_auth_mellon test
|
||||
|
||||
## Docker image
|
||||
## Docker images
|
||||
|
||||
Docker image contains apache + mod_auth_mellon and two html files unprotected (/) and protected (/auth).
|
||||
Each docker image contains apache + mod_auth_mellon and two html files unprotected (/) and protected (/auth).
|
||||
|
||||
## Build docker image
|
||||
## Build docker images
|
||||
|
||||
docker build -t apache-mellon docker/
|
||||
docker build -t apache-mellon2 docker2/
|
||||
|
||||
## Run docker image
|
||||
|
||||
docker run -d -p 8380:80 apache-mellon
|
||||
docker run -d -p 8480:80 apache-mellon2
|
||||
|
||||
## Run tests
|
||||
|
||||
mvn clean install [-Dapache.mod_auth_mellon.url=http://localhost:8380]
|
||||
mvn clean install [-Dapache.mod_auth_mellon.url=http://localhost:8380 -Dapache.mod_auth_mellon2.url=http://localhost:8480]
|
|
@ -20,8 +20,10 @@ MellonLockFile "/run/mod_auth_mellon/lock"
|
|||
# It is the URL to this location that is used as the second parameter to the metadata generation script.
|
||||
# This path is relative to the root of the web server.
|
||||
MellonEndpointPath /mellon
|
||||
|
||||
MellonSessionLength 2
|
||||
</Location>
|
||||
|
||||
<Location /auth>
|
||||
MellonEnable "auth"
|
||||
MellonEnable "auth"
|
||||
</Location>
|
||||
|
|
|
@ -70,9 +70,6 @@
|
|||
<SingleLogoutService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||
Location="http://localhost:8380/mellon/logout"/>
|
||||
<SingleLogoutService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
||||
Location="http://localhost:8380/mellon/logout"/>
|
||||
<SingleLogoutService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
Location="http://localhost:8380/mellon/logout"/>
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
FROM ubuntu
|
||||
|
||||
RUN apt-get update && apt-get install -y apache2 && apt-get install -y libapache2-mod-auth-mellon
|
||||
|
||||
RUN mkdir /etc/apache2/mellon
|
||||
|
||||
COPY mellon/* /etc/apache2/mellon/
|
||||
|
||||
COPY auth_mellon.conf /etc/apache2/mods-enabled/
|
||||
|
||||
COPY www/* /var/www/html/
|
||||
|
||||
RUN mkdir /var/www/html/auth2
|
||||
|
||||
COPY www/auth2/* /var/www/html/auth2/
|
||||
|
||||
CMD /usr/sbin/apache2ctl -D FOREGROUND
|
|
@ -0,0 +1,31 @@
|
|||
MellonCacheSize 100
|
||||
MellonLockFile "/run/mod_auth_mellon/lock"
|
||||
|
||||
# This is a server-wide configuration that will add information from the Mellon session to all requests.
|
||||
<Location />
|
||||
# Add information from the mod_auth_mellon session to the request.
|
||||
MellonEnable "info"
|
||||
|
||||
# Configure the SP metadata
|
||||
# This should be the files which were created when creating SP metadata.
|
||||
MellonSPPrivateKeyFile /etc/apache2/mellon/http_localhost_auth_.key
|
||||
|
||||
MellonSPCertFile /etc/apache2/mellon/http_localhost_auth_.cert
|
||||
MellonSPMetadataFile /etc/apache2/mellon/http_localhost_auth_.xml
|
||||
|
||||
# IdP metadata. This should be the metadata file you got from the IdP.
|
||||
MellonIdPMetadataFile /etc/apache2/mellon/idp-metadata.xml
|
||||
|
||||
# The location all endpoints should be located under.
|
||||
# It is the URL to this location that is used as the second parameter to the metadata generation script.
|
||||
# This path is relative to the root of the web server.
|
||||
MellonEndpointPath /mellon
|
||||
|
||||
MellonVariable "cookie2"
|
||||
</Location>
|
||||
|
||||
<Location /auth2>
|
||||
MellonEnable "auth"
|
||||
|
||||
MellonCond "Role" "manager"
|
||||
</Location>
|
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICrjCCAZYCCQCrriL//w2/KDANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5s
|
||||
b2NhbGhvc3Q6ODQ4MDAeFw0xNjAyMTcxMDQzMjhaFw0yNjAyMTYxMDQzMjhaMBkx
|
||||
FzAVBgNVBAMMDmxvY2FsaG9zdDo4NDgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
|
||||
MIIBCgKCAQEAw0VE8Q0jNc2bl0OSZWvKQQIIowBie3rGgRfBB0TzO5sjBbJSQYPh
|
||||
HBWb61gB4Cx1TvCQdefgVvhB1Heq9VFdRKRtZLl2I9RaOYPpLpBXLl10yHLGUKMz
|
||||
KVT1bpKNY4hCDN46nrxiYcbi+ZLsiezAITLEsPls2KWq5IFb0Nh/8aLRv3glk1aL
|
||||
aUtSSM1c/qGk7al9rfjG6HuUutaOYtpy4dTTsMkKUmHwBTeMkSYzLnmNVgyRFN8Q
|
||||
WPf02B1TtL5cEfrm7frWsSKxUmVcmz5pz3akjd5HD3tNJC1RGCoWQG61g7hW25y1
|
||||
MRHcYXlJajSFp9KmGbkB30OpTJgky7NpGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
|
||||
AQApi0LyRNInVXfKqdAo1dMRzVso5CPSVuNUd/YwdRS5aYtGUx44SA2kGnuzo9XP
|
||||
c0OSJzuMMPRuwkL91Du8283rQT1wERvJrt1Zbs90RAwNNvpTZ4uzgZp/Kxlr8tQ8
|
||||
LuUsUcbBgNuI9LV51po0yZlxXGu/pfs7HNRVV2zfItkAO7OKj00f+Mn0+JLhJ9PJ
|
||||
oYvfPFQnAU3oFkYlc7FIYUeFKbFFG9KCkwb39vkuIHjcCEVFBCkdERefTBBptmXd
|
||||
emOI+tY7m1pzpkVzNDGX0OtEoGDokZHKL9xJUPU5Ao15OhVY0bp84uf1wjVvDVrg
|
||||
/8HfSSKirVjrlumRGariq8aw
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDDRUTxDSM1zZuX
|
||||
Q5Jla8pBAgijAGJ7esaBF8EHRPM7myMFslJBg+EcFZvrWAHgLHVO8JB15+BW+EHU
|
||||
d6r1UV1EpG1kuXYj1Fo5g+kukFcuXXTIcsZQozMpVPVuko1jiEIM3jqevGJhxuL5
|
||||
kuyJ7MAhMsSw+WzYparkgVvQ2H/xotG/eCWTVotpS1JIzVz+oaTtqX2t+Mboe5S6
|
||||
1o5i2nLh1NOwyQpSYfAFN4yRJjMueY1WDJEU3xBY9/TYHVO0vlwR+ubt+taxIrFS
|
||||
ZVybPmnPdqSN3kcPe00kLVEYKhZAbrWDuFbbnLUxEdxheUlqNIWn0qYZuQHfQ6lM
|
||||
mCTLs2kZAgMBAAECggEARTJu090L9Sz/TgMsBbTE33SRCvI/8/H2FhkM1j6g0yaO
|
||||
qp4eeAj75K/jqOpu/7nBeE/XYXDiFu+ypFAjzPsgSgramS7/poLB1k/gehe8TTnh
|
||||
AIdrr3el0afBsYVNhU/r2BOIQmgPlQaduENQfy/eheUvvmclI0DR5lfQ6ZlO/ZlO
|
||||
s/agiziupR9ceHYCTkQpc9GI/byvVBdXIp9PSMjNhBcYv3SUP1FnhWoV2tlAZwOm
|
||||
VfB6yvZtNLp952AvsKxun6lmQQDsNhiWzCGw6cHf/aFPjEttLKHv0u6mobpM/d95
|
||||
AF+bifCweJZnfrYCE2sHTX8rzXoQ6laP6m0d8bYlgQKBgQDgsHUXSGCQYTvcmwQF
|
||||
CMhk5arQGjg7PHzFj0Mv/45b1X19MYnTRNpFx5G2Rpa4+5EKEVguUZlUXeVAxfx5
|
||||
nn/R6GCSqcOqf+Fb4nRDJrYABJIVCywEeUqRdZjt3VsFBIcXykTItVC4eBDlwNIy
|
||||
5ELB8QL7pgRAso3LVBfRdv+SjQKBgQDee1UEkncP9JfzslhCqSUXjgCnPGMDmCsh
|
||||
bMLhE5PNiVYMymjitJPY50weBOeJt2e0SBGWwPdWF7yEm11bWyjEDgA0lOndiuLV
|
||||
hHvCHUmbRQOh968+4dzSBvUb4llxcQfncs8MPI+ZJeyXghSENY1KzqNLbQcMb49k
|
||||
y0uWRqLTvQKBgQCST9Wvl53p5qdIfFkdvh5gNX4JjUlYqYbGTwf9VXiqLFdPEtch
|
||||
EBDip5YnD8hOJOLJn4nAf7pMyefjSgmiWKf7VEqutoWHnUZuwwPaRnb1hARsV54O
|
||||
O71nAyDWo/IFTnF5+GjaGde6h9TZB7rZEPK3v+2lWPIj/yF+agAokkjScQKBgQCs
|
||||
KVAe26AazrGPOSEnZHB5i79hqk8MhwJJOTqMpXOoh2/5MeB8HjSSklnKmQz6+tvb
|
||||
HDHQML609mVBUGCrwx0Gqbbq+ZkHgOQLShvimHtPFda7zUjlJi6UsCGYVE3WhRsS
|
||||
tTsXQv30Cu7MRzLNJAuUKdcfFN1xeBrEarSxMzPpGQKBgQCGyCSxoHafI78fuLB8
|
||||
lfMif3QcILxn409GxypMEc5G7iWyo+vfoMmRNjcr6zZ1luvmTqHl7mAroUpJ9X33
|
||||
6Ctw4O3r/utS03AwwOaEfpmlxMQVu5ySFICqZjMHHjvbUFQE2KPlQOqcjChT4S3n
|
||||
2vRK05BKbdFqlCprQtFtkA3q+g==
|
||||
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,72 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<EntityDescriptor
|
||||
entityID="http://localhost:8480/auth2"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
|
||||
<SPSSODescriptor
|
||||
AuthnRequestsSigned="false"
|
||||
WantAssertionsSigned="false"
|
||||
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<KeyDescriptor use="signing">
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data>
|
||||
<ds:X509Certificate>MIICrjCCAZYCCQCrriL//w2/KDANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5s
|
||||
b2NhbGhvc3Q6ODQ4MDAeFw0xNjAyMTcxMDQzMjhaFw0yNjAyMTYxMDQzMjhaMBkx
|
||||
FzAVBgNVBAMMDmxvY2FsaG9zdDo4NDgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
|
||||
MIIBCgKCAQEAw0VE8Q0jNc2bl0OSZWvKQQIIowBie3rGgRfBB0TzO5sjBbJSQYPh
|
||||
HBWb61gB4Cx1TvCQdefgVvhB1Heq9VFdRKRtZLl2I9RaOYPpLpBXLl10yHLGUKMz
|
||||
KVT1bpKNY4hCDN46nrxiYcbi+ZLsiezAITLEsPls2KWq5IFb0Nh/8aLRv3glk1aL
|
||||
aUtSSM1c/qGk7al9rfjG6HuUutaOYtpy4dTTsMkKUmHwBTeMkSYzLnmNVgyRFN8Q
|
||||
WPf02B1TtL5cEfrm7frWsSKxUmVcmz5pz3akjd5HD3tNJC1RGCoWQG61g7hW25y1
|
||||
MRHcYXlJajSFp9KmGbkB30OpTJgky7NpGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
|
||||
AQApi0LyRNInVXfKqdAo1dMRzVso5CPSVuNUd/YwdRS5aYtGUx44SA2kGnuzo9XP
|
||||
c0OSJzuMMPRuwkL91Du8283rQT1wERvJrt1Zbs90RAwNNvpTZ4uzgZp/Kxlr8tQ8
|
||||
LuUsUcbBgNuI9LV51po0yZlxXGu/pfs7HNRVV2zfItkAO7OKj00f+Mn0+JLhJ9PJ
|
||||
oYvfPFQnAU3oFkYlc7FIYUeFKbFFG9KCkwb39vkuIHjcCEVFBCkdERefTBBptmXd
|
||||
emOI+tY7m1pzpkVzNDGX0OtEoGDokZHKL9xJUPU5Ao15OhVY0bp84uf1wjVvDVrg
|
||||
/8HfSSKirVjrlumRGariq8aw</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
<KeyDescriptor use="encryption">
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data>
|
||||
<ds:X509Certificate>MIICrjCCAZYCCQCrriL//w2/KDANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5s
|
||||
b2NhbGhvc3Q6ODQ4MDAeFw0xNjAyMTcxMDQzMjhaFw0yNjAyMTYxMDQzMjhaMBkx
|
||||
FzAVBgNVBAMMDmxvY2FsaG9zdDo4NDgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
|
||||
MIIBCgKCAQEAw0VE8Q0jNc2bl0OSZWvKQQIIowBie3rGgRfBB0TzO5sjBbJSQYPh
|
||||
HBWb61gB4Cx1TvCQdefgVvhB1Heq9VFdRKRtZLl2I9RaOYPpLpBXLl10yHLGUKMz
|
||||
KVT1bpKNY4hCDN46nrxiYcbi+ZLsiezAITLEsPls2KWq5IFb0Nh/8aLRv3glk1aL
|
||||
aUtSSM1c/qGk7al9rfjG6HuUutaOYtpy4dTTsMkKUmHwBTeMkSYzLnmNVgyRFN8Q
|
||||
WPf02B1TtL5cEfrm7frWsSKxUmVcmz5pz3akjd5HD3tNJC1RGCoWQG61g7hW25y1
|
||||
MRHcYXlJajSFp9KmGbkB30OpTJgky7NpGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
|
||||
AQApi0LyRNInVXfKqdAo1dMRzVso5CPSVuNUd/YwdRS5aYtGUx44SA2kGnuzo9XP
|
||||
c0OSJzuMMPRuwkL91Du8283rQT1wERvJrt1Zbs90RAwNNvpTZ4uzgZp/Kxlr8tQ8
|
||||
LuUsUcbBgNuI9LV51po0yZlxXGu/pfs7HNRVV2zfItkAO7OKj00f+Mn0+JLhJ9PJ
|
||||
oYvfPFQnAU3oFkYlc7FIYUeFKbFFG9KCkwb39vkuIHjcCEVFBCkdERefTBBptmXd
|
||||
emOI+tY7m1pzpkVzNDGX0OtEoGDokZHKL9xJUPU5Ao15OhVY0bp84uf1wjVvDVrg
|
||||
/8HfSSKirVjrlumRGariq8aw</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
<SingleLogoutService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||
Location="http://localhost:8480/mellon/logout" />
|
||||
<SingleLogoutService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
Location="http://localhost:8480/mellon/logout"/>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
|
||||
<AssertionConsumerService
|
||||
index="0"
|
||||
isDefault="true"
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
||||
Location="http://localhost:8480/mellon/postResponse" />
|
||||
<AssertionConsumerService
|
||||
index="1"
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
|
||||
Location="http://localhost:8480/mellon/artifactResponse" />
|
||||
<AssertionConsumerService
|
||||
index="2"
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
|
||||
Location="http://localhost:8480/mellon/paosResponse" />
|
||||
</SPSSODescriptor>
|
||||
</EntityDescriptor>
|
|
@ -0,0 +1,51 @@
|
|||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" Name="urn:keycloak">
|
||||
<EntityDescriptor entityID="http://localhost:8180/auth/realms/mellon-test">
|
||||
<IDPSSODescriptor WantAuthnRequestsSigned="true"
|
||||
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<NameIDFormat>
|
||||
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
|
||||
</NameIDFormat>
|
||||
<NameIDFormat>
|
||||
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
|
||||
</NameIDFormat>
|
||||
<NameIDFormat>
|
||||
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
|
||||
</NameIDFormat>
|
||||
<NameIDFormat>
|
||||
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
|
||||
</NameIDFormat>
|
||||
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
||||
Location="http://localhost:8180/auth/realms/mellon-test/protocol/saml"/>
|
||||
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
Location="http://localhost:8180/auth/realms/mellon-test/protocol/saml"/>
|
||||
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
Location="http://localhost:8180/auth/realms/mellon-test/protocol/saml"/>
|
||||
<KeyDescriptor use="signing">
|
||||
<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
|
||||
<dsig:X509Data>
|
||||
<dsig:X509Certificate>
|
||||
MIICpTCCAY0CBgFSP3CJrTANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAttZWxsb24tdGVzdDAeFw0xNjAxMTQwOTE5NDVaFw0yNjAxMTQwOTIxMjVaMBYxFDASBgNVBAMMC21lbGxvbi10ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaZ6nndLegc+aKXNog08KdWOIZfr393e0nlqZ3SzNCYJ+IrSAWepCNvUW4W0samrtC47XBYNJwBSw9KCLNcpOeR7IC+gtmm8t9VH0QRxDEOvoLoj0zMkuaBhF+1NZdt6kc5gYVSeymkFSG/Eyz06Zo9zfhb52tUK83hYPcRE2azBDAuffnnHGg+fiCMZtMz7qCYXSoGy15odM1AypILDGxCtDpk0nPmwp6AlA7LpWLKYFEXrXhPmZGw2eDA6FqLFYgBovffJzFy1WzqpAzpKbYqVbb/yKUbv5NI4ELlOdjvXfoB7wOp3cHwnuq1G8YjR7OKLeVtszKXUPCjwFSZnFwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBwRkPh3pSAG1UWr1rJW9LMVdfu6KFsVTCMqExuJKUrH4hAPKXXi9iEAyiB/+NdnG8bgvU0xhdH9lW51J1JpH3xRtOMV+1CAZB41RFx1r/zJg0Zrdbfodv1UFJtLhSIKhKnfoSdlml2O9SHwd4VQmwz/QQqzBIS+yJDv7cOxMRszryWq5aWCPMosxwuAJzjwlF6jBHqidkd4EGTNMDK1pDZN1voiYS0ry7h7Lcq2ZbrBFzBqzHvXieym68ACDHr5hkKe065ne1hCgO/+POsAi6VU+qlSbzsD9NenHP60c9+Dt/IY9DeX6IubXChcW5A+qnb5qRWBtwXshfcsDFHYkBJ
|
||||
</dsig:X509Certificate>
|
||||
</dsig:X509Data>
|
||||
</dsig:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
</IDPSSODescriptor>
|
||||
</EntityDescriptor>
|
||||
</EntitiesDescriptor>
|
|
@ -0,0 +1,20 @@
|
|||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<a href="/">Go to unprotected resource</a>
|
||||
<a href="/mellon/logout?ReturnTo=/">logout</a>
|
||||
Protected resource 2
|
|
@ -0,0 +1,19 @@
|
|||
<!--
|
||||
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
~ and other contributors as indicated by the @author tags.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<a href="/auth2">Go to protected resource</a>
|
||||
Unprotected resource 2
|
|
@ -31,4 +31,9 @@
|
|||
|
||||
<name>Mod_auth_mellon tests</name>
|
||||
|
||||
<properties>
|
||||
<apache.mod_auth_mellon.url>http://localhost:8380</apache.mod_auth_mellon.url>
|
||||
<apache.mod_auth_mellon2.url>http://localhost:8480</apache.mod_auth_mellon2.url>
|
||||
</properties>
|
||||
|
||||
</project>
|
|
@ -10,7 +10,7 @@ import java.net.URL;
|
|||
/**
|
||||
* @author mhajas
|
||||
*/
|
||||
public class ModAuthMellonProtectedResource extends AbstractPageWithInjectedUrl{
|
||||
public class ModAuthMellonProtectedResource extends AbstractPageWithInjectedUrl {
|
||||
|
||||
@FindBy(linkText = "logout")
|
||||
private WebElement logoutButton;
|
||||
|
@ -18,7 +18,7 @@ public class ModAuthMellonProtectedResource extends AbstractPageWithInjectedUrl{
|
|||
@Override
|
||||
public URL getInjectedUrl() {
|
||||
try {
|
||||
return new URL(System.getProperty("apache.mod_auth_mellon.url","http://localhost:8380") + "/auth");
|
||||
return new URL(System.getProperty("apache.mod_auth_mellon.url", "http://localhost:8380") + "/auth");
|
||||
} catch (MalformedURLException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
package org.keycloak.testsuite.mod_auth_mellon;
|
||||
|
||||
import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
|
||||
import org.openqa.selenium.WebElement;
|
||||
import org.openqa.selenium.support.FindBy;
|
||||
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.URL;
|
||||
|
||||
/**
|
||||
* @author mhajas
|
||||
*/
|
||||
public class ModAuthMellonProtectedResource2 extends AbstractPageWithInjectedUrl {
|
||||
|
||||
@FindBy(linkText = "logout")
|
||||
private WebElement logoutButton;
|
||||
|
||||
@Override
|
||||
public URL getInjectedUrl() {
|
||||
try {
|
||||
return new URL(System.getProperty("apache.mod_auth_mellon2.url", "http://localhost:8480") + "/auth2");
|
||||
} catch (MalformedURLException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
public void logout() {
|
||||
logoutButton.click();
|
||||
}
|
||||
}
|
|
@ -8,12 +8,12 @@ import java.net.URL;
|
|||
/**
|
||||
* @author mhajas
|
||||
*/
|
||||
public class ModAuthMellonUnprotectedResource extends AbstractPageWithInjectedUrl{
|
||||
public class ModAuthMellonUnprotectedResource extends AbstractPageWithInjectedUrl {
|
||||
|
||||
@Override
|
||||
public URL getInjectedUrl() {
|
||||
try {
|
||||
return new URL(System.getProperty("apache.mod_auth_mellon.url","http://localhost:8380/"));
|
||||
return new URL(System.getProperty("apache.mod_auth_mellon.url", "http://localhost:8380/"));
|
||||
} catch (MalformedURLException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
package org.keycloak.testsuite.mod_auth_mellon;
|
||||
|
||||
import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
|
||||
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.URL;
|
||||
|
||||
/**
|
||||
* @author mhajas
|
||||
*/
|
||||
public class ModAuthMellonUnprotectedResource2 extends AbstractPageWithInjectedUrl {
|
||||
|
||||
@Override
|
||||
public URL getInjectedUrl() {
|
||||
try {
|
||||
return new URL(System.getProperty("apache.mod_auth_mellon2.url", "http://localhost:8480/"));
|
||||
} catch (MalformedURLException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
|
@ -6,11 +6,11 @@ import org.keycloak.representations.idm.RealmRepresentation;
|
|||
import org.keycloak.testsuite.AbstractAuthTest;
|
||||
import org.keycloak.testsuite.util.URLAssert;
|
||||
|
||||
import javax.xml.transform.TransformerException;
|
||||
import java.util.List;
|
||||
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.keycloak.testsuite.util.IOUtil.loadRealm;
|
||||
import static org.keycloak.testsuite.util.WaitUtils.pause;
|
||||
|
||||
/**
|
||||
* @author mhajas
|
||||
|
@ -22,26 +22,69 @@ public class ModAuthMellonTest extends AbstractAuthTest {
|
|||
@Page
|
||||
private ModAuthMellonUnprotectedResource modAuthMellonUnprotectedResourcePage;
|
||||
|
||||
@Page
|
||||
private ModAuthMellonProtectedResource2 modAuthMellonProtectedResourcePage2;
|
||||
|
||||
@Page
|
||||
private ModAuthMellonUnprotectedResource2 modAuthMellonUnprotectedResourcePage2;
|
||||
|
||||
@Override
|
||||
public void addTestRealms(List<RealmRepresentation> testRealms) {
|
||||
testRealms.add(loadRealm("/mellon-realm.json"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void modAuthMellonTest() throws TransformerException {
|
||||
@Override
|
||||
public void setDefaultPageUriParameters() {
|
||||
super.setDefaultPageUriParameters();
|
||||
testRealmPage.setAuthRealm("mellon-test");
|
||||
testRealmSAMLRedirectLoginPage.setAuthRealm("mellon-test");
|
||||
}
|
||||
|
||||
modAuthMellonUnprotectedResourcePage.navigateTo();
|
||||
assertTrue(driver.getPageSource().contains("Unprotected resource"));
|
||||
|
||||
@Test
|
||||
public void singleLoginAndLogoutTest() {
|
||||
modAuthMellonProtectedResourcePage.navigateTo();
|
||||
URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);
|
||||
testRealmSAMLRedirectLoginPage.form().login(bburkeUser);
|
||||
assertTrue(driver.getPageSource().contains("Protected resource"));
|
||||
|
||||
modAuthMellonProtectedResourcePage2.navigateTo();
|
||||
assertTrue(driver.getPageSource().contains("Protected resource 2"));
|
||||
|
||||
modAuthMellonProtectedResourcePage2.logout();
|
||||
assertTrue(driver.getPageSource().contains("Unprotected resource 2"));
|
||||
|
||||
modAuthMellonProtectedResourcePage2.navigateTo();
|
||||
URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);
|
||||
|
||||
pause(2000); //session length
|
||||
|
||||
modAuthMellonProtectedResourcePage.navigateTo();
|
||||
URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void unauthorizedSSO() {
|
||||
modAuthMellonProtectedResourcePage2.navigateTo();
|
||||
URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);
|
||||
testRealmSAMLRedirectLoginPage.form().login("unauthorized", "password");
|
||||
assertTrue(driver.getPageSource().contains("Forbidden"));
|
||||
|
||||
modAuthMellonProtectedResourcePage.navigateTo();
|
||||
assertTrue(driver.getPageSource().contains("Protected resource"));
|
||||
modAuthMellonProtectedResourcePage.logout();
|
||||
assertTrue(driver.getPageSource().contains("Unprotected resource"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sessionExpiration() {
|
||||
RealmRepresentation realm = testRealmResource().toRepresentation();
|
||||
realm.setSsoSessionIdleTimeout(2);
|
||||
testRealmResource().update(realm);
|
||||
|
||||
modAuthMellonProtectedResourcePage.navigateTo();
|
||||
testRealmSAMLRedirectLoginPage.form().login(bburkeUser);
|
||||
assertTrue(driver.getPageSource().contains("Protected resource"));
|
||||
|
||||
pause(2000); //session length
|
||||
|
||||
modAuthMellonProtectedResourcePage.navigateTo();
|
||||
URLAssert.assertCurrentUrlStartsWith(testRealmSAMLRedirectLoginPage);
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
{
|
||||
"id" : "mellon-test",
|
||||
"realm" : "mellon-test",
|
||||
"notBefore" : 1453206021,
|
||||
"notBefore" : 1455704705,
|
||||
"revokeRefreshToken" : false,
|
||||
"accessTokenLifespan" : 300,
|
||||
"accessTokenLifespanForImplicitFlow" : 900,
|
||||
"ssoSessionIdleTimeout" : 1800,
|
||||
"ssoSessionIdleTimeout" : 2,
|
||||
"ssoSessionMaxLifespan" : 36000,
|
||||
"offlineSessionIdleTimeout" : 2592000,
|
||||
"accessCodeLifespan" : 60,
|
||||
|
@ -32,8 +32,8 @@
|
|||
"codeSecret" : "6ed3c059-96b4-46d2-a385-c25ea96853ca",
|
||||
"roles" : {
|
||||
"realm" : [ {
|
||||
"id" : "6314a145-4654-45b8-bc05-3b6a01e76236",
|
||||
"name" : "test-Role",
|
||||
"id" : "a0d0115b-3baf-484c-88ce-99de03bf6c78",
|
||||
"name" : "manager",
|
||||
"scopeParamRequired" : false,
|
||||
"composite" : false
|
||||
}, {
|
||||
|
@ -130,6 +130,7 @@
|
|||
} ],
|
||||
"http://localhost:8380/auth" : [ ],
|
||||
"security-admin-console" : [ ],
|
||||
"http://localhost:8480/auth2" : [ ],
|
||||
"admin-cli" : [ ],
|
||||
"broker" : [ {
|
||||
"id" : "b0fbb4b2-6632-4c26-8292-c90a64dbf145",
|
||||
|
@ -163,16 +164,39 @@
|
|||
"otpPolicyLookAheadWindow" : 1,
|
||||
"otpPolicyPeriod" : 30,
|
||||
"users" : [ {
|
||||
"id" : "df34636d-0ade-4843-9d85-68784c541bc9",
|
||||
"createdTimestamp" : 1452774520942,
|
||||
"id" : "b35d3909-3549-4f35-ad0f-918a7c1febb1",
|
||||
"createdTimestamp" : 1455795133502,
|
||||
"username" : "bburke",
|
||||
"enabled" : true,
|
||||
"totp" : false,
|
||||
"emailVerified" : false,
|
||||
"credentials" : [ {
|
||||
"type" : "password",
|
||||
"hashedSaltedValue" : "J53IPqrQcatayK0PB3vY+sxz6Zc9rUwdFiSbMyaLNmvtcCkJ3WElIFAcsLoA7i+rwvQu/VrN+JGi32sxEzQVNg==",
|
||||
"salt" : "sfDAWuC3Ue2DB9+WNmRWRw==",
|
||||
"hashedSaltedValue" : "EpVg7wGyRQ4RnG3aCLmytH+zdTp+qCUEvJ9Yqsxm30i8gJmEsXRMjbRkyU58ewcXMB4ZyJsmQJsWPGdANRvAww==",
|
||||
"salt" : "2UuR1SdDCrhQ89UBFmEMuw==",
|
||||
"hashIterations" : 1,
|
||||
"counter" : 0,
|
||||
"algorithm" : "pbkdf2",
|
||||
"digits" : 0
|
||||
} ],
|
||||
"requiredActions" : [ ],
|
||||
"realmRoles" : [ "manager", "offline_access" ],
|
||||
"clientRoles" : {
|
||||
"account" : [ "view-profile", "manage-account" ]
|
||||
},
|
||||
"groups" : [ ]
|
||||
}, {
|
||||
"id" : "1dd66fff-71b5-4849-b782-cf612198f53e",
|
||||
"createdTimestamp" : 1455795084424,
|
||||
"username" : "unauthorized",
|
||||
"enabled" : true,
|
||||
"totp" : false,
|
||||
"emailVerified" : false,
|
||||
"email" : "",
|
||||
"credentials" : [ {
|
||||
"type" : "password",
|
||||
"hashedSaltedValue" : "IYB496W8mrwAzUDz8ehqiY6SnzjZs3OvLLrUdJwXUwbOBkRFUJqsCPbEsFlDUSX7BK8MZmD7cdPIBWT/g1m9XA==",
|
||||
"salt" : "qRdAqSdsUCR3bO9VJU47JA==",
|
||||
"hashIterations" : 1,
|
||||
"counter" : 0,
|
||||
"algorithm" : "pbkdf2",
|
||||
|
@ -299,12 +323,13 @@
|
|||
"useTemplateScope" : false,
|
||||
"useTemplateMappers" : false
|
||||
}, {
|
||||
"id" : "23254f13-034e-4aa2-8d11-f475c48c5469",
|
||||
"id" : "cb6eb8e4-73bf-4ccc-b817-c4f8547ae5eb",
|
||||
"clientId" : "http://localhost:8380/auth",
|
||||
"adminUrl" : "http://localhost:8380/mellon",
|
||||
"surrogateAuthRequired" : false,
|
||||
"enabled" : true,
|
||||
"clientAuthenticatorType" : "client-secret",
|
||||
"secret" : "c2ffb410-6f8b-4f76-a3c7-c5ab21349fa5",
|
||||
"secret" : "0f0aff29-3677-4b88-920f-90cce19230aa",
|
||||
"redirectUris" : [ "http://localhost:8380/mellon/postResponse" ],
|
||||
"webOrigins" : [ "http://localhost:8380" ],
|
||||
"notBefore" : 0,
|
||||
|
@ -321,6 +346,7 @@
|
|||
"saml.assertion.signature" : "true",
|
||||
"saml.force.post.binding" : "true",
|
||||
"saml.multivalued.roles" : "false",
|
||||
"saml_single_logout_service_url_post" : "",
|
||||
"saml.encrypt" : "true",
|
||||
"saml_assertion_consumer_url_post" : "http://localhost:8380/mellon/postResponse",
|
||||
"saml.server.signature" : "true",
|
||||
|
@ -337,32 +363,7 @@
|
|||
"fullScopeAllowed" : true,
|
||||
"nodeReRegistrationTimeout" : -1,
|
||||
"protocolMappers" : [ {
|
||||
"id" : "e9cc0f08-519b-445f-9134-38811bf94b0c",
|
||||
"name" : "username",
|
||||
"protocol" : "openid-connect",
|
||||
"protocolMapper" : "oidc-usermodel-property-mapper",
|
||||
"consentRequired" : true,
|
||||
"consentText" : "${username}",
|
||||
"config" : {
|
||||
"user.attribute" : "username",
|
||||
"id.token.claim" : "true",
|
||||
"access.token.claim" : "true",
|
||||
"claim.name" : "preferred_username",
|
||||
"jsonType.label" : "String"
|
||||
}
|
||||
}, {
|
||||
"id" : "f4663aad-3083-42b0-b6cb-6f88f623a8be",
|
||||
"name" : "full name",
|
||||
"protocol" : "openid-connect",
|
||||
"protocolMapper" : "oidc-full-name-mapper",
|
||||
"consentRequired" : true,
|
||||
"consentText" : "${fullName}",
|
||||
"config" : {
|
||||
"id.token.claim" : "true",
|
||||
"access.token.claim" : "true"
|
||||
}
|
||||
}, {
|
||||
"id" : "adb045fd-1f27-41cc-b80f-99592899cef7",
|
||||
"id" : "d625890e-1a84-49a7-9bac-bad1db194882",
|
||||
"name" : "family name",
|
||||
"protocol" : "openid-connect",
|
||||
"protocolMapper" : "oidc-usermodel-property-mapper",
|
||||
|
@ -376,21 +377,7 @@
|
|||
"jsonType.label" : "String"
|
||||
}
|
||||
}, {
|
||||
"id" : "bcfb2c33-8da8-49ad-9166-cbadd0079bd5",
|
||||
"name" : "given name",
|
||||
"protocol" : "openid-connect",
|
||||
"protocolMapper" : "oidc-usermodel-property-mapper",
|
||||
"consentRequired" : true,
|
||||
"consentText" : "${givenName}",
|
||||
"config" : {
|
||||
"user.attribute" : "firstName",
|
||||
"id.token.claim" : "true",
|
||||
"access.token.claim" : "true",
|
||||
"claim.name" : "given_name",
|
||||
"jsonType.label" : "String"
|
||||
}
|
||||
}, {
|
||||
"id" : "0d969f92-4339-427a-9160-94ce11220628",
|
||||
"id" : "b567a20e-2e03-4b64-917b-2793a74b4244",
|
||||
"name" : "email",
|
||||
"protocol" : "openid-connect",
|
||||
"protocolMapper" : "oidc-usermodel-property-mapper",
|
||||
|
@ -404,7 +391,46 @@
|
|||
"jsonType.label" : "String"
|
||||
}
|
||||
}, {
|
||||
"id" : "31edca8e-05fa-492c-b586-e66f12726398",
|
||||
"id" : "4be3487c-c7ff-409f-a672-138d604eed4b",
|
||||
"name" : "given name",
|
||||
"protocol" : "openid-connect",
|
||||
"protocolMapper" : "oidc-usermodel-property-mapper",
|
||||
"consentRequired" : true,
|
||||
"consentText" : "${givenName}",
|
||||
"config" : {
|
||||
"user.attribute" : "firstName",
|
||||
"id.token.claim" : "true",
|
||||
"access.token.claim" : "true",
|
||||
"claim.name" : "given_name",
|
||||
"jsonType.label" : "String"
|
||||
}
|
||||
}, {
|
||||
"id" : "8819f0d3-4db4-42a4-aed4-27b8dea9bbf7",
|
||||
"name" : "username",
|
||||
"protocol" : "openid-connect",
|
||||
"protocolMapper" : "oidc-usermodel-property-mapper",
|
||||
"consentRequired" : true,
|
||||
"consentText" : "${username}",
|
||||
"config" : {
|
||||
"user.attribute" : "username",
|
||||
"id.token.claim" : "true",
|
||||
"access.token.claim" : "true",
|
||||
"claim.name" : "preferred_username",
|
||||
"jsonType.label" : "String"
|
||||
}
|
||||
}, {
|
||||
"id" : "d74f0c8f-7b6d-4ef5-ac57-31cef5d125e7",
|
||||
"name" : "full name",
|
||||
"protocol" : "openid-connect",
|
||||
"protocolMapper" : "oidc-full-name-mapper",
|
||||
"consentRequired" : true,
|
||||
"consentText" : "${fullName}",
|
||||
"config" : {
|
||||
"id.token.claim" : "true",
|
||||
"access.token.claim" : "true"
|
||||
}
|
||||
}, {
|
||||
"id" : "6353424c-e417-47d3-95b1-878e649e7e49",
|
||||
"name" : "role list",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-role-list-mapper",
|
||||
|
@ -537,6 +563,128 @@
|
|||
"useTemplateConfig" : false,
|
||||
"useTemplateScope" : false,
|
||||
"useTemplateMappers" : false
|
||||
}, {
|
||||
"id" : "cda86e1f-00bd-4727-b4b3-b35357161964",
|
||||
"clientId" : "http://localhost:8480/auth2",
|
||||
"adminUrl" : "http://localhost:8480/mellon",
|
||||
"surrogateAuthRequired" : false,
|
||||
"enabled" : true,
|
||||
"clientAuthenticatorType" : "client-secret",
|
||||
"secret" : "e75b6e1b-030f-4630-8e6f-631f4891c79a",
|
||||
"redirectUris" : [ "http://localhost:8480/mellon/postResponse" ],
|
||||
"webOrigins" : [ "http://localhost:8480" ],
|
||||
"notBefore" : 0,
|
||||
"bearerOnly" : false,
|
||||
"consentRequired" : false,
|
||||
"standardFlowEnabled" : true,
|
||||
"implicitFlowEnabled" : false,
|
||||
"directAccessGrantsEnabled" : false,
|
||||
"serviceAccountsEnabled" : false,
|
||||
"publicClient" : false,
|
||||
"frontchannelLogout" : true,
|
||||
"protocol" : "saml",
|
||||
"attributes" : {
|
||||
"saml.assertion.signature" : "false",
|
||||
"saml.force.post.binding" : "true",
|
||||
"saml.multivalued.roles" : "false",
|
||||
"saml_single_logout_service_url_post" : "",
|
||||
"saml.encrypt" : "false",
|
||||
"saml_assertion_consumer_url_post" : "http://localhost:8480/mellon/postResponse",
|
||||
"saml.server.signature" : "true",
|
||||
"saml.signing.certificate" : "MIICrjCCAZYCCQCrriL//w2/KDANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5sb2NhbGhvc3Q6ODQ4MDAeFw0xNjAyMTcxMDQzMjhaFw0yNjAyMTYxMDQzMjhaMBkxFzAVBgNVBAMMDmxvY2FsaG9zdDo4NDgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0VE8Q0jNc2bl0OSZWvKQQIIowBie3rGgRfBB0TzO5sjBbJSQYPhHBWb61gB4Cx1TvCQdefgVvhB1Heq9VFdRKRtZLl2I9RaOYPpLpBXLl10yHLGUKMzKVT1bpKNY4hCDN46nrxiYcbi+ZLsiezAITLEsPls2KWq5IFb0Nh/8aLRv3glk1aLaUtSSM1c/qGk7al9rfjG6HuUutaOYtpy4dTTsMkKUmHwBTeMkSYzLnmNVgyRFN8QWPf02B1TtL5cEfrm7frWsSKxUmVcmz5pz3akjd5HD3tNJC1RGCoWQG61g7hW25y1MRHcYXlJajSFp9KmGbkB30OpTJgky7NpGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQApi0LyRNInVXfKqdAo1dMRzVso5CPSVuNUd/YwdRS5aYtGUx44SA2kGnuzo9XPc0OSJzuMMPRuwkL91Du8283rQT1wERvJrt1Zbs90RAwNNvpTZ4uzgZp/Kxlr8tQ8LuUsUcbBgNuI9LV51po0yZlxXGu/pfs7HNRVV2zfItkAO7OKj00f+Mn0+JLhJ9PJoYvfPFQnAU3oFkYlc7FIYUeFKbFFG9KCkwb39vkuIHjcCEVFBCkdERefTBBptmXdemOI+tY7m1pzpkVzNDGX0OtEoGDokZHKL9xJUPU5Ao15OhVY0bp84uf1wjVvDVrg/8HfSSKirVjrlumRGariq8aw",
|
||||
"saml_single_logout_service_url_redirect" : "http://localhost:8480/mellon/logout",
|
||||
"saml.signature.algorithm" : "RSA_SHA1",
|
||||
"saml_force_name_id_format" : "false",
|
||||
"saml.client.signature" : "true",
|
||||
"saml.encryption.certificate" : "MIICrjCCAZYCCQCrriL//w2/KDANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5sb2NhbGhvc3Q6ODQ4MDAeFw0xNjAyMTcxMDQzMjhaFw0yNjAyMTYxMDQzMjhaMBkxFzAVBgNVBAMMDmxvY2FsaG9zdDo4NDgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0VE8Q0jNc2bl0OSZWvKQQIIowBie3rGgRfBB0TzO5sjBbJSQYPhHBWb61gB4Cx1TvCQdefgVvhB1Heq9VFdRKRtZLl2I9RaOYPpLpBXLl10yHLGUKMzKVT1bpKNY4hCDN46nrxiYcbi+ZLsiezAITLEsPls2KWq5IFb0Nh/8aLRv3glk1aLaUtSSM1c/qGk7al9rfjG6HuUutaOYtpy4dTTsMkKUmHwBTeMkSYzLnmNVgyRFN8QWPf02B1TtL5cEfrm7frWsSKxUmVcmz5pz3akjd5HD3tNJC1RGCoWQG61g7hW25y1MRHcYXlJajSFp9KmGbkB30OpTJgky7NpGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQApi0LyRNInVXfKqdAo1dMRzVso5CPSVuNUd/YwdRS5aYtGUx44SA2kGnuzo9XPc0OSJzuMMPRuwkL91Du8283rQT1wERvJrt1Zbs90RAwNNvpTZ4uzgZp/Kxlr8tQ8LuUsUcbBgNuI9LV51po0yZlxXGu/pfs7HNRVV2zfItkAO7OKj00f+Mn0+JLhJ9PJoYvfPFQnAU3oFkYlc7FIYUeFKbFFG9KCkwb39vkuIHjcCEVFBCkdERefTBBptmXdemOI+tY7m1pzpkVzNDGX0OtEoGDokZHKL9xJUPU5Ao15OhVY0bp84uf1wjVvDVrg/8HfSSKirVjrlumRGariq8aw",
|
||||
"saml.authnstatement" : "true",
|
||||
"saml_name_id_format" : "username",
|
||||
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
|
||||
},
|
||||
"fullScopeAllowed" : true,
|
||||
"nodeReRegistrationTimeout" : -1,
|
||||
"protocolMappers" : [ {
|
||||
"id" : "875d9e9f-cd71-40d3-9e63-1c8d6665b63c",
|
||||
"name" : "given name",
|
||||
"protocol" : "openid-connect",
|
||||
"protocolMapper" : "oidc-usermodel-property-mapper",
|
||||
"consentRequired" : true,
|
||||
"consentText" : "${givenName}",
|
||||
"config" : {
|
||||
"user.attribute" : "firstName",
|
||||
"id.token.claim" : "true",
|
||||
"access.token.claim" : "true",
|
||||
"claim.name" : "given_name",
|
||||
"jsonType.label" : "String"
|
||||
}
|
||||
}, {
|
||||
"id" : "324e28d0-fb0a-4cc1-9916-d5cd10221b23",
|
||||
"name" : "full name",
|
||||
"protocol" : "openid-connect",
|
||||
"protocolMapper" : "oidc-full-name-mapper",
|
||||
"consentRequired" : true,
|
||||
"consentText" : "${fullName}",
|
||||
"config" : {
|
||||
"id.token.claim" : "true",
|
||||
"access.token.claim" : "true"
|
||||
}
|
||||
}, {
|
||||
"id" : "9d5b4f3f-79f0-4d62-a13b-53f44587fb1f",
|
||||
"name" : "username",
|
||||
"protocol" : "openid-connect",
|
||||
"protocolMapper" : "oidc-usermodel-property-mapper",
|
||||
"consentRequired" : true,
|
||||
"consentText" : "${username}",
|
||||
"config" : {
|
||||
"user.attribute" : "username",
|
||||
"id.token.claim" : "true",
|
||||
"access.token.claim" : "true",
|
||||
"claim.name" : "preferred_username",
|
||||
"jsonType.label" : "String"
|
||||
}
|
||||
}, {
|
||||
"id" : "af50e3ab-8959-467f-84fe-f7a9ac9d4383",
|
||||
"name" : "email",
|
||||
"protocol" : "openid-connect",
|
||||
"protocolMapper" : "oidc-usermodel-property-mapper",
|
||||
"consentRequired" : true,
|
||||
"consentText" : "${email}",
|
||||
"config" : {
|
||||
"user.attribute" : "email",
|
||||
"id.token.claim" : "true",
|
||||
"access.token.claim" : "true",
|
||||
"claim.name" : "email",
|
||||
"jsonType.label" : "String"
|
||||
}
|
||||
}, {
|
||||
"id" : "7a7a7fab-d464-451c-9025-bfc4f4629189",
|
||||
"name" : "family name",
|
||||
"protocol" : "openid-connect",
|
||||
"protocolMapper" : "oidc-usermodel-property-mapper",
|
||||
"consentRequired" : true,
|
||||
"consentText" : "${familyName}",
|
||||
"config" : {
|
||||
"user.attribute" : "lastName",
|
||||
"id.token.claim" : "true",
|
||||
"access.token.claim" : "true",
|
||||
"claim.name" : "family_name",
|
||||
"jsonType.label" : "String"
|
||||
}
|
||||
}, {
|
||||
"id" : "86731f18-9114-428b-bf9e-102e2931adc6",
|
||||
"name" : "role list",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-role-list-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"single" : "false",
|
||||
"attribute.nameformat" : "Basic",
|
||||
"attribute.name" : "Role"
|
||||
}
|
||||
} ],
|
||||
"useTemplateConfig" : false,
|
||||
"useTemplateScope" : false,
|
||||
"useTemplateMappers" : false
|
||||
}, {
|
||||
"id" : "14abd995-d10a-4da3-85cf-0c6fbb65ce41",
|
||||
"clientId" : "admin-cli",
|
||||
|
@ -860,310 +1008,9 @@
|
|||
"smtpServer" : { },
|
||||
"eventsEnabled" : true,
|
||||
"eventsListeners" : [ "jboss-logging" ],
|
||||
"enabledEventTypes" : [ "SEND_RESET_PASSWORD", "UPDATE_TOTP", "REMOVE_TOTP", "REVOKE_GRANT", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", "CODE_TO_TOKEN_ERROR", "CUSTOM_REQUIRED_ACTION", "UPDATE_PROFILE_ERROR", "IMPERSONATE", "LOGIN", "UPDATE_PASSWORD_ERROR", "REGISTER", "LOGOUT", "CLIENT_REGISTER", "UPDATE_PASSWORD", "FEDERATED_IDENTITY_LINK_ERROR", "CLIENT_DELETE", "IDENTITY_PROVIDER_FIRST_LOGIN", "VERIFY_EMAIL", "CLIENT_DELETE_ERROR", "CLIENT_LOGIN_ERROR", "REMOVE_FEDERATED_IDENTITY_ERROR", "EXECUTE_ACTIONS", "SEND_IDENTITY_PROVIDER_LINK_ERROR", "SEND_VERIFY_EMAIL", "EXECUTE_ACTIONS_ERROR", "REMOVE_FEDERATED_IDENTITY", "IDENTITY_PROVIDER_POST_LOGIN", "UPDATE_EMAIL", "REGISTER_ERROR", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", "CLIENT_UPDATE_ERROR", "UPDATE_PROFILE", "FEDERATED_IDENTITY_LINK", "CLIENT_REGISTER_ERROR", "SEND_VERIFY_EMAIL_ERROR", "SEND_IDENTITY_PROVIDER_LINK", "RESET_PASSWORD", "REMOVE_TOTP_ERROR", "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "CUSTOM_REQUIRED_ACTION_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" ],
|
||||
"enabledEventTypes" : [ ],
|
||||
"adminEventsEnabled" : false,
|
||||
"adminEventsDetailsEnabled" : false,
|
||||
"internationalizationEnabled" : false,
|
||||
"supportedLocales" : [ ],
|
||||
"authenticationFlows" : [ {
|
||||
"alias" : "Handle Existing Account",
|
||||
"description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
|
||||
"providerId" : "basic-flow",
|
||||
"topLevel" : false,
|
||||
"builtIn" : true,
|
||||
"authenticationExecutions" : [ {
|
||||
"authenticator" : "idp-confirm-link",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "REQUIRED",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 10
|
||||
}, {
|
||||
"authenticator" : "idp-email-verification",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "ALTERNATIVE",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 20
|
||||
}, {
|
||||
"flowAlias" : "Verify Existing Account by Re-authentication",
|
||||
"autheticatorFlow" : true,
|
||||
"requirement" : "ALTERNATIVE",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 30
|
||||
} ]
|
||||
}, {
|
||||
"alias" : "Verify Existing Account by Re-authentication",
|
||||
"description" : "Reauthentication of existing account",
|
||||
"providerId" : "basic-flow",
|
||||
"topLevel" : false,
|
||||
"builtIn" : true,
|
||||
"authenticationExecutions" : [ {
|
||||
"authenticator" : "idp-username-password-form",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "REQUIRED",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 10
|
||||
}, {
|
||||
"authenticator" : "auth-otp-form",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "OPTIONAL",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 20
|
||||
} ]
|
||||
}, {
|
||||
"alias" : "browser",
|
||||
"description" : "browser based authentication",
|
||||
"providerId" : "basic-flow",
|
||||
"topLevel" : true,
|
||||
"builtIn" : true,
|
||||
"authenticationExecutions" : [ {
|
||||
"authenticator" : "auth-cookie",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "ALTERNATIVE",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 10
|
||||
}, {
|
||||
"authenticator" : "auth-spnego",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "DISABLED",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 20
|
||||
}, {
|
||||
"flowAlias" : "forms",
|
||||
"autheticatorFlow" : true,
|
||||
"requirement" : "ALTERNATIVE",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 30
|
||||
} ]
|
||||
}, {
|
||||
"alias" : "clients",
|
||||
"description" : "Base authentication for clients",
|
||||
"providerId" : "client-flow",
|
||||
"topLevel" : true,
|
||||
"builtIn" : true,
|
||||
"authenticationExecutions" : [ {
|
||||
"authenticator" : "client-secret",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "ALTERNATIVE",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 10
|
||||
}, {
|
||||
"authenticator" : "client-jwt",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "ALTERNATIVE",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 20
|
||||
} ]
|
||||
}, {
|
||||
"alias" : "direct grant",
|
||||
"description" : "OpenID Connect Resource Owner Grant",
|
||||
"providerId" : "basic-flow",
|
||||
"topLevel" : true,
|
||||
"builtIn" : true,
|
||||
"authenticationExecutions" : [ {
|
||||
"authenticator" : "direct-grant-validate-username",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "REQUIRED",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 10
|
||||
}, {
|
||||
"authenticator" : "direct-grant-validate-password",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "REQUIRED",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 20
|
||||
}, {
|
||||
"authenticator" : "direct-grant-validate-otp",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "OPTIONAL",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 30
|
||||
} ]
|
||||
}, {
|
||||
"alias" : "first broker login",
|
||||
"description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
|
||||
"providerId" : "basic-flow",
|
||||
"topLevel" : true,
|
||||
"builtIn" : true,
|
||||
"authenticationExecutions" : [ {
|
||||
"authenticatorConfig" : "review profile config",
|
||||
"authenticator" : "idp-review-profile",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "REQUIRED",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 10
|
||||
}, {
|
||||
"authenticatorConfig" : "create unique user config",
|
||||
"authenticator" : "idp-create-user-if-unique",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "ALTERNATIVE",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 20
|
||||
}, {
|
||||
"flowAlias" : "Handle Existing Account",
|
||||
"autheticatorFlow" : true,
|
||||
"requirement" : "ALTERNATIVE",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 30
|
||||
} ]
|
||||
}, {
|
||||
"alias" : "forms",
|
||||
"description" : "Username, password, otp and other auth forms.",
|
||||
"providerId" : "basic-flow",
|
||||
"topLevel" : false,
|
||||
"builtIn" : true,
|
||||
"authenticationExecutions" : [ {
|
||||
"authenticator" : "auth-username-password-form",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "REQUIRED",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 10
|
||||
}, {
|
||||
"authenticator" : "auth-otp-form",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "OPTIONAL",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 20
|
||||
} ]
|
||||
}, {
|
||||
"alias" : "registration",
|
||||
"description" : "registration flow",
|
||||
"providerId" : "basic-flow",
|
||||
"topLevel" : true,
|
||||
"builtIn" : true,
|
||||
"authenticationExecutions" : [ {
|
||||
"authenticator" : "registration-page-form",
|
||||
"flowAlias" : "registration form",
|
||||
"autheticatorFlow" : true,
|
||||
"requirement" : "REQUIRED",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 10
|
||||
} ]
|
||||
}, {
|
||||
"alias" : "registration form",
|
||||
"description" : "registration form",
|
||||
"providerId" : "form-flow",
|
||||
"topLevel" : false,
|
||||
"builtIn" : true,
|
||||
"authenticationExecutions" : [ {
|
||||
"authenticator" : "registration-user-creation",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "REQUIRED",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 20
|
||||
}, {
|
||||
"authenticator" : "registration-profile-action",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "REQUIRED",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 40
|
||||
}, {
|
||||
"authenticator" : "registration-password-action",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "REQUIRED",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 50
|
||||
}, {
|
||||
"authenticator" : "registration-recaptcha-action",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "DISABLED",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 60
|
||||
} ]
|
||||
}, {
|
||||
"alias" : "reset credentials",
|
||||
"description" : "Reset credentials for a user if they forgot their password or something",
|
||||
"providerId" : "basic-flow",
|
||||
"topLevel" : true,
|
||||
"builtIn" : true,
|
||||
"authenticationExecutions" : [ {
|
||||
"authenticator" : "reset-credentials-choose-user",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "REQUIRED",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 10
|
||||
}, {
|
||||
"authenticator" : "reset-credential-email",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "REQUIRED",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 20
|
||||
}, {
|
||||
"authenticator" : "reset-password",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "REQUIRED",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 30
|
||||
}, {
|
||||
"authenticator" : "reset-otp",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "OPTIONAL",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 40
|
||||
} ]
|
||||
}, {
|
||||
"alias" : "saml ecp",
|
||||
"description" : "SAML ECP Profile Authentication Flow",
|
||||
"providerId" : "basic-flow",
|
||||
"topLevel" : true,
|
||||
"builtIn" : true,
|
||||
"authenticationExecutions" : [ {
|
||||
"authenticator" : "http-basic-authenticator",
|
||||
"autheticatorFlow" : false,
|
||||
"requirement" : "REQUIRED",
|
||||
"userSetupAllowed" : false,
|
||||
"priority" : 10
|
||||
} ]
|
||||
} ],
|
||||
"authenticatorConfig" : [ {
|
||||
"alias" : "create unique user config",
|
||||
"config" : {
|
||||
"require.password.update.after.registration" : "false"
|
||||
}
|
||||
}, {
|
||||
"alias" : "review profile config",
|
||||
"config" : {
|
||||
"update.profile.on.first.login" : "missing"
|
||||
}
|
||||
} ],
|
||||
"requiredActions" : [ {
|
||||
"alias" : "CONFIGURE_TOTP",
|
||||
"name" : "Configure Totp",
|
||||
"providerId" : "CONFIGURE_TOTP",
|
||||
"enabled" : true,
|
||||
"defaultAction" : false,
|
||||
"config" : { }
|
||||
}, {
|
||||
"alias" : "UPDATE_PASSWORD",
|
||||
"name" : "Update Password",
|
||||
"providerId" : "UPDATE_PASSWORD",
|
||||
"enabled" : true,
|
||||
"defaultAction" : false,
|
||||
"config" : { }
|
||||
}, {
|
||||
"alias" : "UPDATE_PROFILE",
|
||||
"name" : "Update Profile",
|
||||
"providerId" : "UPDATE_PROFILE",
|
||||
"enabled" : true,
|
||||
"defaultAction" : false,
|
||||
"config" : { }
|
||||
}, {
|
||||
"alias" : "VERIFY_EMAIL",
|
||||
"name" : "Verify Email",
|
||||
"providerId" : "VERIFY_EMAIL",
|
||||
"enabled" : true,
|
||||
"defaultAction" : false,
|
||||
"config" : { }
|
||||
}, {
|
||||
"alias" : "terms_and_conditions",
|
||||
"name" : "Terms and Conditions",
|
||||
"providerId" : "terms_and_conditions",
|
||||
"enabled" : false,
|
||||
"defaultAction" : false,
|
||||
"config" : { }
|
||||
} ],
|
||||
"browserFlow" : "browser",
|
||||
"registrationFlow" : "registration",
|
||||
"directGrantFlow" : "direct grant",
|
||||
"resetCredentialsFlow" : "reset credentials",
|
||||
"clientAuthenticationFlow" : "clients"
|
||||
"supportedLocales" : [ ]
|
||||
}
|
|
@ -52,7 +52,6 @@
|
|||
<auth.server.management.port>10090</auth.server.management.port>
|
||||
<auth.server.management.port.jmx>10099</auth.server.management.port.jmx>
|
||||
<auth.server.ssl.required>false</auth.server.ssl.required>
|
||||
<apache.mod_auth_mellon.url>http://localhost:8380</apache.mod_auth_mellon.url>
|
||||
<startup.timeout.sec>60</startup.timeout.sec>
|
||||
|
||||
<browser>phantomjs</browser>
|
||||
|
|
Loading…
Reference in a new issue