From a2f6c1676405fc683ab39508b139cf72e1c80c97 Mon Sep 17 00:00:00 2001 From: Hynek Mlnarik Date: Tue, 14 Nov 2017 17:24:46 +0100 Subject: [PATCH] KEYCLOAK-5349 User session count in IdP-initiated flow tests --- .../broker/KcSamlIdPInitiatedSsoTest.java | 160 ++++++++++++++++-- .../testsuite/saml/AbstractSamlTest.java | 4 +- .../testsuite/saml/IdpInitiatedLoginTest.java | 110 ++++++++++++ .../adapter-test/keycloak-saml/testsaml.json | 2 + .../testsuite/broker/kc3731-broker-realm.json | 22 +++ .../broker/kc3731-provider-realm.json | 23 ++- 6 files changed, 305 insertions(+), 16 deletions(-) create mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/IdpInitiatedLoginTest.java diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java index 5659c94085..bf136fd74e 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java @@ -5,42 +5,49 @@ */ package org.keycloak.testsuite.broker; +import org.keycloak.admin.client.resource.ClientsResource; import org.keycloak.admin.client.resource.UsersResource; import org.keycloak.common.util.StreamUtil; import org.keycloak.common.util.StringPropertyReplacer; +import org.keycloak.dom.saml.v2.protocol.ResponseType; import org.keycloak.representations.idm.ClientRepresentation; -import org.keycloak.representations.idm.IdentityProviderRepresentation; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.representations.idm.UserSessionRepresentation; +import org.keycloak.saml.common.constants.JBossSAMLURIConstants; +import org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder; import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.Assert; -import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest; -import org.keycloak.testsuite.adapter.page.SalesPostServlet; -import org.keycloak.testsuite.adapter.servlet.SendUsernameServlet; import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.pages.UpdateAccountInformationPage; import org.keycloak.testsuite.util.IOUtil; +import org.keycloak.testsuite.util.Matchers; +import org.keycloak.testsuite.util.SamlClient.Binding; +import org.keycloak.testsuite.util.SamlClientBuilder; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; -import java.util.Collections; import java.util.List; import java.util.Map; import java.util.Properties; -import java.util.logging.Level; -import java.util.logging.Logger; -import org.jboss.arquillian.container.test.api.Deployment; +import java.util.Set; +import java.util.stream.Collectors; +import javax.ws.rs.core.Response; import org.jboss.arquillian.graphene.page.Page; -import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.Before; import org.junit.Test; import org.openqa.selenium.By; import org.openqa.selenium.WebDriver; import org.openqa.selenium.support.ui.ExpectedCondition; import org.openqa.selenium.support.ui.WebDriverWait; +import static org.hamcrest.Matchers.containsInAnyOrder; +import static org.hamcrest.Matchers.containsString; +import static org.hamcrest.Matchers.hasSize; +import static org.hamcrest.Matchers.is; import static org.keycloak.testsuite.broker.BrokerTestConstants.*; -import static org.hamcrest.Matchers.*; +import static org.junit.Assert.assertThat; /** * @@ -51,6 +58,8 @@ public class KcSamlIdPInitiatedSsoTest extends AbstractKeycloakTest { private static final String PROVIDER_REALM_USER_NAME = "test"; private static final String PROVIDER_REALM_USER_PASSWORD = "test"; + private static final String CONSUMER_CHOSEN_USERNAME = "mytest"; + @Page protected LoginPage accountLoginPage; @@ -72,6 +81,15 @@ public class KcSamlIdPInitiatedSsoTest extends AbstractKeycloakTest { } } + @Before + public void cleanupTestUserInConsumerRealm() { + final UsersResource users = adminClient.realm(REALM_CONS_NAME).users(); + users.search(CONSUMER_CHOSEN_USERNAME).stream() + .map(UserRepresentation::getId) + .map(users::delete) + .forEach(Response::close); + } + @Override public void addTestRealms(List testRealms) { Properties p = new Properties(); @@ -79,6 +97,7 @@ public class KcSamlIdPInitiatedSsoTest extends AbstractKeycloakTest { p.put("name.realm.consumer", REALM_CONS_NAME); p.put("url.realm.provider", getAuthRoot() + "/auth/realms/" + REALM_PROV_NAME); p.put("url.realm.consumer", getAuthRoot() + "/auth/realms/" + REALM_CONS_NAME); + p.put("url.realm.consumer-2", getAuthRoot() + "/auth/realms/" + REALM_CONS_NAME + "-2"); testRealms.add(loadFromClasspath("kc3731-provider-realm.json", p)); testRealms.add(loadFromClasspath("kc3731-broker-realm.json", p)); @@ -103,7 +122,7 @@ public class KcSamlIdPInitiatedSsoTest extends AbstractKeycloakTest { driver.getCurrentUrl(), containsString("/auth/realms/" + REALM_CONS_NAME + "/")); log.debug("Updating info on updateAccount page"); - updateAccountInformationPage.updateAccountInformation("mytest", "test@localhost", "Firstname", "Lastname"); + updateAccountInformationPage.updateAccountInformation(CONSUMER_CHOSEN_USERNAME, "test@localhost", "Firstname", "Lastname"); UsersResource consumerUsers = adminClient.realm(REALM_CONS_NAME).users(); @@ -112,8 +131,8 @@ public class KcSamlIdPInitiatedSsoTest extends AbstractKeycloakTest { List users = consumerUsers.search("", 0, userCount); - boolean isUserFound = users.stream().anyMatch(user -> user.getUsername().equals("mytest") && user.getEmail().equals("test@localhost")); - Assert.assertTrue("There must be user " + "mytest" + " in realm " + REALM_CONS_NAME, isUserFound); + boolean isUserFound = users.stream().anyMatch(user -> user.getUsername().equals(CONSUMER_CHOSEN_USERNAME) && user.getEmail().equals("test@localhost")); + Assert.assertTrue("There must be user " + CONSUMER_CHOSEN_USERNAME + " in realm " + REALM_CONS_NAME, isUserFound); Assert.assertThat(driver.findElement(By.tagName("a")).getAttribute("id"), containsString("account")); } @@ -122,6 +141,10 @@ public class KcSamlIdPInitiatedSsoTest extends AbstractKeycloakTest { return getAuthRoot() + "/auth/realms/" + realmName + "/protocol/saml/clients/" + samlIdpInitiatedSsoUrlName; } + private String getSamlBrokerIdpInitiatedUrl(String realmName, String samlIdpInitiatedSsoUrlName) { + return getAuthRoot() + "/auth/realms/" + realmName + "/broker/saml-leaf/endpoint/clients/" + samlIdpInitiatedSsoUrlName; + } + private void waitForPage(final String title) { WebDriverWait wait = new WebDriverWait(driver, 5); @@ -130,4 +153,115 @@ public class KcSamlIdPInitiatedSsoTest extends AbstractKeycloakTest { wait.until(condition); } + @Test + public void testProviderIdpInitiatedLoginToApp() { + SAMLDocumentHolder samlResponse = new SamlClientBuilder() + .navigateTo(getSamlIdpInitiatedUrl(REALM_PROV_NAME, "samlbroker")) + // Login in provider realm + .login().user(PROVIDER_REALM_USER_NAME, PROVIDER_REALM_USER_PASSWORD).build() + + // Send the response to the consumer realm + .processSamlResponse(Binding.POST) + .transformObject(ob -> { + assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS)); + ResponseType resp = (ResponseType) ob; + assertThat(resp.getDestination(), is(getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales"))); + return ob; + }) + .build() + + .updateProfile().username(CONSUMER_CHOSEN_USERNAME).email("test@localhost").firstName("Firstname").lastName("Lastname").build() + .followOneRedirect() + + // Obtain the response sent to the app + .getSamlResponse(Binding.POST); + + assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS)); + ResponseType resp = (ResponseType) samlResponse.getSamlObject(); + assertThat(resp.getDestination(), is("http://localhost:8180/auth/realms/" + REALM_CONS_NAME + "/app/auth")); + } + + @Test + public void testTwoConsequentIdpInitiatedLogins() { + SAMLDocumentHolder samlResponse = new SamlClientBuilder() + .navigateTo(getSamlIdpInitiatedUrl(REALM_PROV_NAME, "samlbroker")) + // Login in provider realm + .login().user(PROVIDER_REALM_USER_NAME, PROVIDER_REALM_USER_PASSWORD).build() + + // Send the response to the consumer realm + .processSamlResponse(Binding.POST) + .transformObject(ob -> { + assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS)); + ResponseType resp = (ResponseType) ob; + assertThat(resp.getDestination(), is(getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales"))); + return ob; + }) + .build() + + .updateProfile().username(CONSUMER_CHOSEN_USERNAME).email("test@localhost").firstName("Firstname").lastName("Lastname").build() + .followOneRedirect() + + // Obtain the response sent to the app and ignore result + .processSamlResponse(Binding.POST) + .transformObject(ob -> { + assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS)); + ResponseType resp = (ResponseType) ob; + assertThat(resp.getDestination(), is("http://localhost:8180/auth/realms/" + REALM_CONS_NAME + "/app/auth")); + return null; + }) + .build() + + + // Now login to the second app + .navigateTo(getSamlIdpInitiatedUrl(REALM_PROV_NAME, "samlbroker-2")) + + // Login in provider realm + .login().sso(true).build() + + // Send the response to the consumer realm + .processSamlResponse(Binding.POST) + .transformObject(ob -> { + assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS)); + ResponseType resp = (ResponseType) ob; + assertThat(resp.getDestination(), is(getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales2"))); + return ob; + }) + .build() + + .getSamlResponse(Binding.POST); + + assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS)); + ResponseType resp = (ResponseType) samlResponse.getSamlObject(); + assertThat(resp.getDestination(), is("http://localhost:8180/auth/realms/" + REALM_CONS_NAME + "/app/auth/sales2/saml")); + + assertSingleUserSession(REALM_CONS_NAME, CONSUMER_CHOSEN_USERNAME, + "http://localhost:8180/auth/realms/" + REALM_CONS_NAME + "/app/auth", + "http://localhost:8180/auth/realms/" + REALM_CONS_NAME + "/app/auth2" + ); + + assertSingleUserSession(REALM_PROV_NAME, PROVIDER_REALM_USER_NAME, + getAuthRoot() + "/auth/realms/" + REALM_CONS_NAME, + getAuthRoot() + "/auth/realms/" + REALM_CONS_NAME + "-2" + ); + } + + private void assertSingleUserSession(String realmName, String userName, String... expectedClientIds) { + final UsersResource users = adminClient.realm(realmName).users(); + final ClientsResource clients = adminClient.realm(realmName).clients(); + + UserRepresentation userRepresentation = users + .search(userName).stream() + .findFirst().get(); + + List userSessions = users.get(userRepresentation.getId()).getUserSessions(); + assertThat(userSessions, hasSize(1)); + Map clientSessions = userSessions.get(0).getClients(); + + Set clientIds = clientSessions.values().stream() + .flatMap(c -> clients.findByClientId(c).stream()) + .map(ClientRepresentation::getClientId) + .collect(Collectors.toSet()); + + assertThat(clientIds, containsInAnyOrder(expectedClientIds)); + } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AbstractSamlTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AbstractSamlTest.java index fbc1e15490..f4ed86e1dd 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AbstractSamlTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/AbstractSamlTest.java @@ -23,10 +23,10 @@ public abstract class AbstractSamlTest extends AbstractAuthTest { public static final String REALM_PRIVATE_KEY = "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y="; public static final String REALM_PUBLIC_KEY = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB"; - public static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST = "http://localhost:8080/sales-post/"; + public static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST = "http://localhost:8080/sales-post/saml"; public static final String SAML_CLIENT_ID_SALES_POST = "http://localhost:8081/sales-post/"; - public static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST2 = "http://localhost:8080/sales-post2/"; + public static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST2 = "http://localhost:8080/sales-post2/saml"; public static final String SAML_CLIENT_ID_SALES_POST2 = "http://localhost:8081/sales-post2/"; public static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST_SIG = "http://localhost:8080/sales-post-sig/"; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/IdpInitiatedLoginTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/IdpInitiatedLoginTest.java new file mode 100644 index 0000000000..2cabc0e727 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/IdpInitiatedLoginTest.java @@ -0,0 +1,110 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.testsuite.saml; + +import org.keycloak.admin.client.resource.ClientsResource; +import org.keycloak.admin.client.resource.UsersResource; +import org.keycloak.dom.saml.v2.protocol.ResponseType; +import org.keycloak.representations.idm.ClientRepresentation; +import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.representations.idm.UserSessionRepresentation; +import org.keycloak.saml.common.constants.JBossSAMLURIConstants; +import org.keycloak.testsuite.util.Matchers; +import org.keycloak.testsuite.util.SamlClient.Binding; +import org.keycloak.testsuite.util.SamlClientBuilder; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.stream.Collectors; +import org.junit.Test; +import static org.hamcrest.Matchers.containsInAnyOrder; +import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.hasSize; +import static org.junit.Assert.assertThat; + +/** + * + * @author hmlnarik + */ +public class IdpInitiatedLoginTest extends AbstractSamlTest { + + @Test + public void testIdpInitiatedLogin() { + new SamlClientBuilder() + .idpInitiatedLogin(getAuthServerSamlEndpoint(REALM_NAME), "sales-post").build() + .login().user(bburkeUser).build() + .processSamlResponse(Binding.POST) + .transformObject(ob -> { + assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS)); + ResponseType resp = (ResponseType) ob; + assertThat(resp.getDestination(), is(SAML_ASSERTION_CONSUMER_URL_SALES_POST)); + return null; + }) + .build() + .execute() + ; + } + + @Test + public void testTwoConsequentIdpInitiatedLogins() { + new SamlClientBuilder() + .idpInitiatedLogin(getAuthServerSamlEndpoint(REALM_NAME), "sales-post").build() + .login().user(bburkeUser).build() + .processSamlResponse(Binding.POST) + .transformObject(ob -> { + assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS)); + ResponseType resp = (ResponseType) ob; + assertThat(resp.getDestination(), is(SAML_ASSERTION_CONSUMER_URL_SALES_POST)); + return null; + }) + .build() + + .idpInitiatedLogin(getAuthServerSamlEndpoint(REALM_NAME), "sales-post2").build() + .login().sso(true).build() + .processSamlResponse(Binding.POST) + .transformObject(ob -> { + assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS)); + ResponseType resp = (ResponseType) ob; + assertThat(resp.getDestination(), is(SAML_ASSERTION_CONSUMER_URL_SALES_POST2)); + return null; + }) + .build() + + .execute() + ; + + final UsersResource users = adminClient.realm(REALM_NAME).users(); + final ClientsResource clients = adminClient.realm(REALM_NAME).clients(); + + UserRepresentation bburkeUserRepresentation = users + .search(bburkeUser.getUsername()).stream() + .findFirst().get(); + + List userSessions = users.get(bburkeUserRepresentation.getId()).getUserSessions(); + assertThat(userSessions, hasSize(1)); + Map clientSessions = userSessions.get(0).getClients(); + + Set clientIds = clientSessions.values().stream() + .flatMap(c -> clients.findByClientId(c).stream()) + .map(ClientRepresentation::getClientId) + .collect(Collectors.toSet()); + + assertThat(clientIds, containsInAnyOrder(SAML_CLIENT_ID_SALES_POST, SAML_CLIENT_ID_SALES_POST2)); + + } + +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/testsaml.json b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/testsaml.json index aed0231baf..4f390b92c6 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/testsaml.json +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/testsaml.json @@ -188,6 +188,8 @@ "http://localhost:8080/sales-post/*" ], "attributes": { + "saml_assertion_consumer_url_post": "http://localhost:8080/sales-post/saml", + "saml_single_logout_service_url_post": "http://localhost:8080/sales-post/saml", "saml.authnstatement": "true", "saml_idp_initiated_sso_url_name": "sales-post" } diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/org/keycloak/testsuite/broker/kc3731-broker-realm.json b/testsuite/integration-arquillian/tests/base/src/test/resources/org/keycloak/testsuite/broker/kc3731-broker-realm.json index 190bb089bc..0ed5ed341b 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/org/keycloak/testsuite/broker/kc3731-broker-realm.json +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/org/keycloak/testsuite/broker/kc3731-broker-realm.json @@ -26,10 +26,32 @@ "saml.signature.algorithm": "RSA_SHA512", "saml.signing.certificate": "MIIB1DCCAT0CBgFJGVacCDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1lbmMvMB4XDTE0MTAxNjE0MjA0NloXDTI0MTAxNjE0MjIyNlowMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3QtZW5jLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2+5MCT5BnVN+IYnKZcH6ev1pjXGi4feE0nOycq/VJ3aeaZMi4G9AxOxCBPupErOC7Kgm/Bw5AdJyw+Q12wSRXfJ9FhqCrLXpb7YOhbVSTJ8De5O8mW35DxAlh/cxe9FXjqPb286wKTUZ3LfGYR+X235UQeCTAPS/Ufi21EXaEikCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBMrfGD9QFfx5v7ld/OAto5rjkTe3R1Qei8XRXfcs83vLaqEzjEtTuLGrJEi55kXuJgBpVmQpnwCCkkjSy0JxbqLDdVi9arfWUxEGmOr01ZHycELhDNaQcFqVMPr5kRHIHgktT8hK2IgCvd3Fy9/JCgUgCPxKfhwecyEOKxUc857g==", "saml.signing.private.key": "MIICXQIBAAKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQABAoGBANtbZG9bruoSGp2s5zhzLzd4hczT6Jfk3o9hYjzNb5Z60ymN3Z1omXtQAdEiiNHkRdNxK+EM7TcKBfmoJqcaeTkW8cksVEAW23ip8W9/XsLqmbU2mRrJiKa+KQNDSHqJi1VGyimi4DDApcaqRZcaKDFXg2KDr/Qt5JFD/o9IIIPZAkEA+ZENdBIlpbUfkJh6Ln+bUTss/FZ1FsrcPZWu13rChRMrsmXsfzu9kZUWdUeQ2Dj5AoW2Q7L/cqdGXS7Mm5XhcwJBAOGZq9axJY5YhKrsksvYRLhQbStmGu5LG75suF+rc/44sFq+aQM7+oeRr4VY88Mvz7mk4esdfnk7ae+cCazqJvMCQQCx1L1cZw3yfRSn6S6u8XjQMjWE/WpjulujeoRiwPPY9WcesOgLZZtYIH8nRL6ehEJTnMnahbLmlPFbttxPRUanAkA11MtSIVcKzkhp2KV2ipZrPJWwI18NuVJXb+3WtjypTrGWFZVNNkSjkLnHIeCYlJIGhDd8OL9zAiBXEm6kmgLNAkBWAg0tK2hCjvzsaA505gWQb4X56uKWdb0IzN+fOLB3Qt7+fLqbVQNQoNGzqey6B4MoS1fUKAStqdGTFYPG/+9t", + "saml_assertion_consumer_url_post" : "http://localhost:8180/auth/realms/${name.realm.consumer}/app/auth", "saml_idp_initiated_sso_url_name" : "sales" }, "baseUrl": "http://localhost:8180/auth/realms/${name.realm.consumer}/app/auth", "adminUrl": "http://localhost:8180/auth/realms/${name.realm.consumer}/app/auth" + }, { + "clientId": "http://localhost:8180/auth/realms/${name.realm.consumer}/app/auth2", + "enabled": true, + "protocol": "saml", + "fullScopeAllowed": true, + "redirectUris": [ + "http://localhost:8180/auth/realms/${name.realm.consumer}/app/auth2/*" + ], + "attributes": { + "saml.authnstatement": "true", + "saml.client.signature": "true", + "saml.encrypt": "false", + "saml.server.signature": "true", + "saml.signature.algorithm": "RSA_SHA512", + "saml.signing.certificate": "MIIB1DCCAT0CBgFJGVacCDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1lbmMvMB4XDTE0MTAxNjE0MjA0NloXDTI0MTAxNjE0MjIyNlowMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3QtZW5jLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2+5MCT5BnVN+IYnKZcH6ev1pjXGi4feE0nOycq/VJ3aeaZMi4G9AxOxCBPupErOC7Kgm/Bw5AdJyw+Q12wSRXfJ9FhqCrLXpb7YOhbVSTJ8De5O8mW35DxAlh/cxe9FXjqPb286wKTUZ3LfGYR+X235UQeCTAPS/Ufi21EXaEikCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBMrfGD9QFfx5v7ld/OAto5rjkTe3R1Qei8XRXfcs83vLaqEzjEtTuLGrJEi55kXuJgBpVmQpnwCCkkjSy0JxbqLDdVi9arfWUxEGmOr01ZHycELhDNaQcFqVMPr5kRHIHgktT8hK2IgCvd3Fy9/JCgUgCPxKfhwecyEOKxUc857g==", + "saml.signing.private.key": "MIICXQIBAAKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQABAoGBANtbZG9bruoSGp2s5zhzLzd4hczT6Jfk3o9hYjzNb5Z60ymN3Z1omXtQAdEiiNHkRdNxK+EM7TcKBfmoJqcaeTkW8cksVEAW23ip8W9/XsLqmbU2mRrJiKa+KQNDSHqJi1VGyimi4DDApcaqRZcaKDFXg2KDr/Qt5JFD/o9IIIPZAkEA+ZENdBIlpbUfkJh6Ln+bUTss/FZ1FsrcPZWu13rChRMrsmXsfzu9kZUWdUeQ2Dj5AoW2Q7L/cqdGXS7Mm5XhcwJBAOGZq9axJY5YhKrsksvYRLhQbStmGu5LG75suF+rc/44sFq+aQM7+oeRr4VY88Mvz7mk4esdfnk7ae+cCazqJvMCQQCx1L1cZw3yfRSn6S6u8XjQMjWE/WpjulujeoRiwPPY9WcesOgLZZtYIH8nRL6ehEJTnMnahbLmlPFbttxPRUanAkA11MtSIVcKzkhp2KV2ipZrPJWwI18NuVJXb+3WtjypTrGWFZVNNkSjkLnHIeCYlJIGhDd8OL9zAiBXEm6kmgLNAkBWAg0tK2hCjvzsaA505gWQb4X56uKWdb0IzN+fOLB3Qt7+fLqbVQNQoNGzqey6B4MoS1fUKAStqdGTFYPG/+9t", + "saml_assertion_consumer_url_post" : "http://localhost:8180/auth/realms/${name.realm.consumer}/app/auth/sales2/saml", + "saml_idp_initiated_sso_url_name" : "sales2" + }, + "baseUrl": "http://localhost:8180/auth/realms/${name.realm.consumer}/app/auth2", + "adminUrl": "http://localhost:8180/auth/realms/${name.realm.consumer}/app/auth2" } ], "identityProviders" : [ { "alias" : "saml-leaf", diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/org/keycloak/testsuite/broker/kc3731-provider-realm.json b/testsuite/integration-arquillian/tests/base/src/test/resources/org/keycloak/testsuite/broker/kc3731-provider-realm.json index 8804a367c1..d66011825a 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/org/keycloak/testsuite/broker/kc3731-provider-realm.json +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/org/keycloak/testsuite/broker/kc3731-provider-realm.json @@ -28,7 +28,28 @@ "saml_assertion_consumer_url_post" : "${url.realm.consumer}/broker/saml-leaf/endpoint/clients/sales", "saml_force_name_id_format" : "false", "saml_idp_initiated_sso_url_name" : "samlbroker", - "saml_name_id_format" : "persistent", + "saml_name_id_format": "email", + "saml_single_logout_service_url_post" : "${url.realm.consumer}/broker/saml-leaf/endpoint" + } + }, { + "clientId": "${url.realm.consumer-2}", + "enabled": true, + "protocol": "saml", + "fullScopeAllowed": true, + "redirectUris": [ + "${url.realm.consumer}/broker/saml-leaf/endpoint" + ], + "attributes" : { + "saml_name_id_format": "email", + "saml.assertion.signature" : "false", + "saml.authnstatement" : "true", + "saml.client.signature" : "false", + "saml.encrypt" : "false", + "saml.force.post.binding" : "true", + "saml.server.signature" : "false", + "saml_assertion_consumer_url_post" : "${url.realm.consumer}/broker/saml-leaf/endpoint/clients/sales2", + "saml_force_name_id_format" : "false", + "saml_idp_initiated_sso_url_name" : "samlbroker-2", "saml_single_logout_service_url_post" : "${url.realm.consumer}/broker/saml-leaf/endpoint" } } ],