From 5d1d75db40ebb2f9f49e8eae146a88819aa1ce7e Mon Sep 17 00:00:00 2001 From: mhajas Date: Wed, 3 Jun 2020 16:46:09 +0200 Subject: [PATCH] KEYCLOAK-14103 Add Warn message for possibly missing SameSite configuration --- .../AbstractSamlAuthenticationHandler.java | 10 +++ .../jboss/common/keystore/adapter.jks | Bin 2232 -> 2273 bytes .../jboss/common/keystore/keycloak.truststore | Bin 1857 -> 1897 bytes .../common/common-files/keystore/adapter.jks | Bin 0 -> 2273 bytes .../common-files/keystore/keycloak.truststore | Bin 1857 -> 1897 bytes .../common-files/tomcat-add-connector.xsl | 43 +++++++++++ .../servers/app-server/tomcat/pom.xml | 68 ++++++++++++++++++ .../jboss/common/keystore/keycloak.truststore | Bin 214778 -> 215730 bytes .../integration-arquillian/servers/pom.xml | 4 ++ .../arquillian/AppServerTestEnricher.java | 1 + .../testsuite/util/ContainerAssume.java | 5 ++ .../keycloak/testsuite/util/OAuthClient.java | 2 +- .../adapter/AbstractAdapterTest.java | 6 +- .../adapter/servlet/SAMLSameSiteTest.java | 17 ++--- .../test/resources/adapter-test/context.xml | 1 + .../samesite/undertow-handlers.conf | 1 + .../resources/keystore/keycloak.truststore | Bin 212206 -> 213158 bytes 17 files changed, 148 insertions(+), 10 deletions(-) create mode 100644 testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/keystore/adapter.jks create mode 100644 testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/tomcat-add-connector.xsl create mode 100644 testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/samesite/undertow-handlers.conf diff --git a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/AbstractSamlAuthenticationHandler.java b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/AbstractSamlAuthenticationHandler.java index f469146b74..59b453c106 100644 --- a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/AbstractSamlAuthenticationHandler.java +++ b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/profile/AbstractSamlAuthenticationHandler.java @@ -288,6 +288,10 @@ public abstract class AbstractSamlAuthenticationHandler implements SamlAuthentic sessionStore.setCurrentAction(SamlSessionStore.CurrentAction.NONE); } } + + log.warn("Keycloak Adapter obtained Response, that is not understood. This may be because the containers " + + "cookies are not properly configured with SameSite settings. Refer to KEYCLOAK-14103 for more details."); + return AuthOutcome.NOT_ATTEMPTED; } @@ -352,6 +356,12 @@ public abstract class AbstractSamlAuthenticationHandler implements SamlAuthentic } protected AuthOutcome handleLoginResponse(SAMLDocumentHolder responseHolder, boolean postBinding, OnSessionCreated onCreateSession) { + if (!sessionStore.isLoggingIn()) { + log.warn("Adapter obtained LoginResponse, however containers session is not aware of sending any request. " + + "This may be because the session cookies created by container are not properly configured " + + "with SameSite settings. Refer to KEYCLOAK-14103 for more details."); + } + final ResponseType responseType = (ResponseType) responseHolder.getSamlObject(); AssertionType assertion = null; if (! isSuccessfulSamlResponse(responseType) || responseType.getAssertions() == null || responseType.getAssertions().isEmpty()) { diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/common/keystore/adapter.jks b/testsuite/integration-arquillian/servers/app-server/jboss/common/keystore/adapter.jks index 57cc34b6c4c0eaf60347dd8f894d5e81ffbb173d..0eb0dc07b9040d12014fe2c9be2944bd20c33fd1 100644 GIT binary patch delta 2003 zcmV;^2Q2uw5#bS#9)EIrm18de00jatf&~6B4h9M<1_1;CDgqG!0R;dAf&}VZyrWHk z3zV$W;?(iIruz1es6QgkJ^F^Zhpwdrp@MeH!~4W0?cJef(R09pf~bE~{I>bH@9UOM zrP@GZV!%rSX^q=2Tnbj{J8Mk9qQ2)tS$qMRMeue%>(IiO=YRbTI(K~)(RUL$Co8u) zruGxgq&JkpU%qF8G(t<}B|j0ltWz=e0l~qms4*Y4YB58v%ugjhSq{0Zo!F2??T5u* z4bA0hS&v{d;PY{c%xe)aw26j=P!V;pNKnUXpg06^v0EDl*I+Hu2Ms7@e>jm=2lIK( zk`H74pKM{aw0~D~wS+zTctXPK$g|J?blu>7yxRZ$4`30$u60Sl3P`_YRXl~nJ}x+Hf|Hy!H;cbP?FZ~Zql2k z&tIn4_kWWezfEdnTv_y42;DGkKFYOSL}*(92K-&y%zG$ zq=#Ea;CH}mX|zrx)4mvPk8Q1{VTCloPE`>gHRA@JgSJxPBw>5209$rk)wKKLN6k~C z>Q;M66i0z2^VEHptr-mTq2{y1bjub zr@=IHnpO5|Req*f(Osb;xXG$YGy6r6gnvv-m{~UN9h`j`H>!~oc#@5O4{V9m!o$?P zHT89E=P&aeFN@H((Wa>$b2O6>iw{1>mK7az$r&g?m~}F-OTR{}|E%6pT3dj!bK84( ze9sDrO1473e=&hW4b84@9bC^MI%5LCZzQbSDxYd%SVmY*Op)r*ZGC7(;%W(Htbfb6 zV(K^qW4{WV(OLf!m5TJq|BID$5|rm%PTrRzA`DV?Jo93#wZbA3Ga;&@X?goct&*3NlmSzFS^&aucH4Lo(j^Lk!$UfJBntvGqBHE~VA1CcO-0(qbV0s#U71UzrnY?Dd_ zcOW1a4Kgq=H8M9bHZ?XgFg2E~jR0=SE!NIuJ9R+BXf9hTb4+Ha92OYYL-xNjRFG!00E;%FhwvV1_MOI+P-Eao{T5)X{ z<;fYhvgtrFA0?Jdx)&FS}ZvyQ8OmVP7nEU9YSK&l5W ziampD7I?`fgac?YDa+feA*{Z@n#gc^5^*%^TA5Uxe>DTgOl zpoysq3xD_guZ?+=zcqi4&RU`Ul!3#V(xD0Qo^3n^WO5KdO#% znJiX?IFUYu;GoP5tm&i4yx-bO{4vL*MMSJKb$^;SnJjes*&OhC`IGdYc#G7XN^d2$ z@A$o%44s+});GyPaA56%adLWNxNfaBeDzeg{rL9@E;Bw!)aTFBr=rDioPx{F9z4&B zC6fBYE6gl?Sy7=Y+yEoGoAXmV$SviOnb_W z$Wf0TZguvPzlY$M6;2bGGR-Cd;k>_|4Q=~mOj-*AW&bzpnxzQlJG zy4#2=e{@ySzeK{t@C0rRC`L~3tL`plQUs}SM}i@{OjdVpdl8Hxfa(G+E>JOrxDh~# zPWBWaB?|gDaKtf(z&RmY>$Hrl-kP(Bp>C6T@d@ADv>BMgcpNkD-uF=YHX)|x(|?&l z%n}$+3nw*8r1p!#I|oT%Kha!bHbM=3l>7i4TI)R%QKp*&b7rs?v@klm<3W_ECcfnP z3x4Yu8K^u>a-zfIPCd&%-96m6;7dDeYxCxYl+;C1inGaZh&2YW{r4VW@C*s=f>Tg7 zS{j*RZJbj)y>RYgbg9NFIaz24gMUE?7gl3Pp;qQSKyum)=^d5Yv>=-VO|E%2K+z8V zets>aquh6j?4}q72QG{zio&2`YZd5)dM+1OLqkk$IlhtQFo}c#!!Xu%f(P6owZhm= zJ;GDi{Ia-HgQ?3rVSs?+GR@I>Zhg__$%FDap@fG=L5FYHCbc?3eWQ0GZ#KwiS(YhL zsC|2DKsvb{d(9u|N)iA700966SS~d%IRF3yZ7_lZX)uBUQJ@0?0RjR9FHr8;lS>76 zA08JCF*PwVFf=eWH8L?dS{Ds8H8C+VHZV3dGBG(?lUfC6lS>95e}vF?kgMu7b?ymN zYU_b(;qpOC^)`chJ>%cI(B)`co8)TTD20sH6DRIFIM^W(Oj35Suy9aZY_Xu!mLL{wdd@l~SH0V%`hA!oWT3>ufXQPmU9 z({e|cA}|3a*=6c_`{Wv#@o(}{ei8LM_;Vn`iJ7i32rK;v=HIEV{%7e@u{kD&=_{7k zoT^{i4RbQ+=@-?;Oyd@9Vh z^~r)LAtUzKe>==alr#2O47Zt+pIrJGZ=0VURP$-S{mt@I@tvzpVN-7t2&cex%sBoS zW&qh5ID5_Ac}i48u2*pXc9J~Hx2N3Ht0-MMcKFof`SSjDPvB;yIaO5%Q^<2@u^5Nd ztgd5+4LaHKlputFN|~u$#-!{ltJ%F;RBlyG?xk)?o|}`3knhaTH$9d} zn(v%@*x&Yu8g_}=+bNno_fQJQKV&{Lor3T7P&lD}+)Y8u$^arqv=aGY3N5U1*^}YK QDtbZ@cn-OvYFu*Y!BUN_lK=n! diff --git a/testsuite/integration-arquillian/servers/app-server/jboss/common/keystore/keycloak.truststore b/testsuite/integration-arquillian/servers/app-server/jboss/common/keystore/keycloak.truststore index 2df5170f9b39756055850ed3ad0c5d012aab1402..3f054cd19377dcd7beecd521551404d300abc20c 100644 GIT binary patch delta 727 zcmV;|0x12#4(Se%A0u*k$Q~sC1z0XMFgXAK1C=m>1CcO-0(qbV0s#U71UzrnY>`5D zAs`nGGB7YTGB+_cH8wLbS{M&9GC4FbGchqSHZ?XgFGmdD) z=2A1uUHOZ56)7=^WbF*hs^71n8}zk2yB?8}Wze43?=_8L>fgE*q+24O-8zqN`D?~{ zWeeOn`8J8b&+F?WaUqmfsFBsK@EMIGb9ixEmPmncS3kvSmVa=K0s{d60i#DSMKB}= z163Un1RXFNf*E0Oa4mCTZEP(uGB+(SEif%HE^cXXE@^Kt9R>qc9S#H*1QZTDGP76y znX6|J5yp;GpISooke4tG1_>&LNQUnsNtv#^fyyAnjIEg{%^X88wHhHb@izsq zT%w}b-3oK+J=tvCa0dKZacvmo$r-n@=|D0cC8$FX|4(jLLrUB%jE`kDQ;q-X5lj5d z>GyN9j;oe_Bls+-YTH1n2QG>|gKQRf$tHvYXfi3w+h(jGtiHgS$Z&cRaWv~%nN*#B zH3Q~Kh(ZZWgS=b`0`Sfuy~>4D^9WcwsJRSf5 delta 672 zcmV;R0$=^<4#5tPA0ts~-=zEi1z0XMFgXAK18p#Z18FdV0#Tp?0s#U71TRqT*^xqb zA08JCF*PwVFf=eWH8L?dS{Ds8H8C+VHZV3dGBG(?kx^)q`2-+;gwS`8tLim%?g>w#r zeuol&fXSy#88ke|H)f3Ls zaz~gVFaajnW$JqSI(tXX#S0IVOhbE0))s zs$bd-b28}Z7u2{Y@f#jBxwoIGuHi$}4g7{%!9R>qc z9S#H*1Qhh905w>st{J2UYX0ILRO9A=))@9Vh^~r)LAtUzKJIqIvGxk{w zx0#clT>2Sro1Y$3^J%~R&GJ+6ovTe@Q*RRpr@(d0IQ|%B0NENid(GW>N>oLzS8)G! zl01LQx2N3Ht0-MMcKFof`SSjDPvB;yIaO5%Q^<2@u^5Ndtgd5+4LaHKlputFN|~u$#-!{ltJ%F;ZdFb0rEW={o0E!=@669PJ(ftC@0@$s-}Z#IVXj_G7eGD3WINM1PVDf>YLrnP-{JQUNXsx5=#5%0|y%ae4Oj+Gkz zJ;aueigWna2o3I@nIqi&U~HSRzWs1)VxgNUt#2wVC6Eg5wZfHc`K>MU|8b2`r()7R zt$yj_&P$tykZ_#{i~#tV*~tqto7qv{ww-&9w&CS}FnS5&?0;YEHsD%1r##Eekgr#7 zORjB@7E-*3>xmP`mgS0M!h(p~6zCD-2*3}evzNrd&iV|ZAJ%)4m| z-tz^}>5t8&a3lBE^^@9zoi&?mldP5V^YUpBjl;=QL~IyGvGwlS-dS#Zw0L;mGgaYZ zK&Q%TFrmYa9xkH$hjmdFJZr4?nsI^J#r*F}Ik1TVsYW|v#6*8Tvl>3A86SJ*-Zhp4 zY0Z_O*2^?XqGpuS7!=kzs_Saku>9@N+_|o&j_(mzZ(IA1z8Edo#d&gQ?mNL zRL`L{N8Piyc}1<{3A|T%_ob46#Lba}K)pSN)8^KO+m{+}1z9d8J&b~(zP?=1Xt@lX zEoq$;daoHP6dx6h?W%t!<*Dw#cdun;(PyfdSd_eZDO4-}adn6XgHh++$AL~6m;_p; zUCClOB*qSZ%OM@m%~tlXFk#>ZP@;!csk?7lLQi`NI@9m3%52&TS-C1#7Efpzb2U2C zg2h}M4bv5SSr$@CQ&A4&G%G#QJok~dsNvvy85<&u|^F6L?T()RE$JRuBW zKkyzed1@jdKF%O)DgHv2@|Ly#t?Qj?bL91~A$#pdB5TYw8ON3g;j>*dRs2I(NJ^4= znOr`XQYl`E3#(OO-dWsCzggg0(Kq9Y*W=VGS^QXl`iNeAn=`zjn zkHJr2?oox?#&^TI>bpip9Z^<{3vk2cfmseQf3!vM7M(rR<aT4Ks!WvtKIRQL*>@-JFvoG`#nfEvV->1WFg4OB)4%JRjU&=E!?lO$*Qi zfuJb>1)2y@AR#$W2p9t4(IkEp@0?tDZ&1SfKtH1Ab6L<(0!&P4f4uRJW*dJBx=h@8e6di?i$J{1?(~BjC)n}b5mpd$#J@Meljwmu8n$cCn|!_uco`JP>Gr(4DZ@?4yYpQ`2G@E`vwE?oT}1oN)7G=%w~SyWBXuc{R0LYzjkfeTQN z+&IPX9W;KyuNG$zi5Dj~ACH21t1EvPWGXOgYSTHy(8B?mvlzNl)*UVAq|JR(!3&Yq zZi0}-j|y*EqMcUV&s=vJa!Prg0;~H{aNYC;Nwkw_7uhd-sVoz)%JJey3ba{{9SVOR u9QlY=T4BXk^0ZM^hIQX_7tkX6d%D;jd~tYFTvF8e?8r1%g3 literal 0 HcmV?d00001 diff --git a/testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/keystore/keycloak.truststore b/testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/keystore/keycloak.truststore index 2df5170f9b39756055850ed3ad0c5d012aab1402..3f054cd19377dcd7beecd521551404d300abc20c 100644 GIT binary patch delta 727 zcmV;|0x12#4(Se%A0u*k$Q~sC1z0XMFgXAK1C=m>1CcO-0(qbV0s#U71UzrnY>`5D zAs`nGGB7YTGB+_cH8wLbS{M&9GC4FbGchqSHZ?XgFGmdD) z=2A1uUHOZ56)7=^WbF*hs^71n8}zk2yB?8}Wze43?=_8L>fgE*q+24O-8zqN`D?~{ zWeeOn`8J8b&+F?WaUqmfsFBsK@EMIGb9ixEmPmncS3kvSmVa=K0s{d60i#DSMKB}= z163Un1RXFNf*E0Oa4mCTZEP(uGB+(SEif%HE^cXXE@^Kt9R>qc9S#H*1QZTDGP76y znX6|J5yp;GpISooke4tG1_>&LNQUnsNtv#^fyyAnjIEg{%^X88wHhHb@izsq zT%w}b-3oK+J=tvCa0dKZacvmo$r-n@=|D0cC8$FX|4(jLLrUB%jE`kDQ;q-X5lj5d z>GyN9j;oe_Bls+-YTH1n2QG>|gKQRf$tHvYXfi3w+h(jGtiHgS$Z&cRaWv~%nN*#B zH3Q~Kh(ZZWgS=b`0`Sfuy~>4D^9WcwsJRSf5 delta 672 zcmV;R0$=^<4#5tPA0ts~-=zEi1z0XMFgXAK18p#Z18FdV0#Tp?0s#U71TRqT*^xqb zA08JCF*PwVFf=eWH8L?dS{Ds8H8C+VHZV3dGBG(?kx^)q`2-+;gwS`8tLim%?g>w#r zeuol&fXSy#88ke|H)f3Ls zaz~gVFaajnW$JqSI(tXX#S0IVOhbE0))s zs$bd-b28}Z7u2{Y@f#jBxwoIGuHi$}4g7{%!9R>qc z9S#H*1Qhh905w>st{J2UYX0ILRO9A=))@9Vh^~r)LAtUzKJIqIvGxk{w zx0#clT>2Sro1Y$3^J%~R&GJ+6ovTe@Q*RRpr@(d0IQ|%B0NENid(GW>N>oLzS8)G! zl01LQx2N3Ht0-MMcKFof`SSjDPvB;yIaO5%Q^<2@u^5Ndtgd5+4LaHKlputFN|~u$#-!{ltJ%F;ZdFb0rEW={o0E!=@669PJ(ftC@0@$s-}Z + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml b/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml index 77935a84e4..3a91985f33 100644 --- a/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml @@ -317,6 +317,74 @@ common + + + configure-ssl + + + app.server.ssl.required + + + + + + + org.codehaus.mojo + xml-maven-plugin + + + configure-https-connector + process-test-resources + + transform + + + + + ${app.server.tomcat.home}/conf + ${common.resources}/tomcat-add-connector.xsl + + server.xml + + ${app.server.tomcat.home}/conf + + + + + + + + maven-resources-plugin + + + copy-keycloak-truststore + generate-resources + + copy-resources + + + ${app.server.tomcat.home}/conf + + + ${common.resources}/keystore + + keycloak.truststore + adapter.jks + + true + + + + truststore + jks + + + + + + + + diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/keystore/keycloak.truststore b/testsuite/integration-arquillian/servers/auth-server/jboss/common/keystore/keycloak.truststore index d81fa2ac369fd76fb7a80fcb2bf301bcdb04ebc8..d0177a3ccc742240522f696c35557fd52bbc292f 100644 GIT binary patch delta 962 zcmV;z13moujSaGu4GjM6{_Ow&00IC20JVV(g$x0;3<3t3x9^<-D+ad`nF8Gew;H4Z zZ3(x=u>x%bw}-6)KLnSQ#Q`I?R<;7<1GmY&0+0j&AD3+h0~fbax&n6tm*qwR7q@W2 z0@(()nau)T1h+}a0#F3E_t66F3Ac9P0@VYz5r1GhZ#0_6m^ z<@y337`Ocx18)Pj1rr1K1-EP*16T*QA}0f)1GmH@16~6$3T$s1CcO-0(qbV0s#U71UzrnY?n?B0w0&20Rsq^94iA*BOn(I zGB7YTGB+_cH8wLbS{M&9GC4FbGchqSHZ?XgFB>U=aMsgT%(; z5*#mdr(@E;=*r^=qgPe1q%NmsZshvymSQ4?@DF`zfI(?n?Rsy#)E2eXvF4HGs|81i+2?%F^OdD49u$Eub~_CwLH5Xk&mzX?lvk*c)voXvjU#h-aa)#1fpAwp#cGyNaE$^30RRD` zM=(V&BnAUj9T5Z_FdKpyVQ_FQb75_4Eip1TEif%GEio=`X>cxSZ!jGO163Uk1QrAo z4m>imSN@r+XAu#`j#QsoLiLcBmr|gKQRf$tHvYXfi3w+pHn1zQCHuaC#DPH0xTKRGoh{1LjJILJ3TR zyj%$a@XjH<%7s+*Upin^+*FmOl?%e&s9-{>bQ95VPJ`JGP_>*eNT6f~BM8k#;|_ku zcY~9Sw6{nGyUXtUaJJGVpW~nLt^)Y2x4$X_l>@hBHUsGgw^S|z5eT=1Ljz$0m*7SM k9G7sy0xY+YJ_GLr6u!RZH6uvxo+WB*FK>PDF(x_SnT}DETL1t6 delta 275 zcmV+u0qp*=l@0oh4GjM6{_Ow&00IC20JMP&g$x0;3<3t30WX)~Ednc-KbZm*w|<`j zoCLQLnF1>Yw;H4ZZ3(yZu>wB?lSF4Ckva^QjfesYx4*3dH3XNG#Q`I?R<;7<0|6hG zZ3hDvx8lA6cLTRNx&n{{mj*%u7q@W20@(%uDVGg010c7^%>pk3w@JwYUIe%I(E{xW zx4GW}k_ETq+XB@Cw@c*$@eH>10_6m^Jn{m>1GnY+0w5T-bQS~n1-Atg18)PjY#akv z2e)P?16~8S#3KWu1GjuG1CRr^^*I9(2)7I}1L+5s20{ZDmvF)YEVr*k1MdX40YU?2 Z0~Bm>NoIRkQZ$}eR%W70_~qD%`+2`LW&HpE diff --git a/testsuite/integration-arquillian/servers/pom.xml b/testsuite/integration-arquillian/servers/pom.xml index 741b847ff8..af8451149f 100644 --- a/testsuite/integration-arquillian/servers/pom.xml +++ b/testsuite/integration-arquillian/servers/pom.xml @@ -48,6 +48,10 @@ 4 jboss-cli.sh + + + 9.0.29 + 8.5.49 diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AppServerTestEnricher.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AppServerTestEnricher.java index 419c8a9c9e..81df9e2d77 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AppServerTestEnricher.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AppServerTestEnricher.java @@ -60,6 +60,7 @@ public class AppServerTestEnricher { private static final Logger log = Logger.getLogger(AppServerTestEnricher.class); public static final String CURRENT_APP_SERVER = System.getProperty("app.server", "undertow"); + public static final boolean APP_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("app.server.ssl.required", "false")); @Inject private Instance containerConrollerInstance; @Inject private Instance testContextInstance; diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/ContainerAssume.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/ContainerAssume.java index 99ababd699..cbf509ba00 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/ContainerAssume.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/ContainerAssume.java @@ -21,6 +21,7 @@ import org.jboss.logging.Logger; import org.junit.Assume; import org.keycloak.testsuite.arquillian.AuthServerTestEnricher; +import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.APP_SERVER_SSL_REQUIRED; import static org.keycloak.testsuite.arquillian.AuthServerTestEnricher.AUTH_SERVER_SSL_REQUIRED; public class ContainerAssume { @@ -51,4 +52,8 @@ public class ContainerAssume { public static void assumeAuthServerSSL() { Assume.assumeTrue("Only works with the SSL configured", AUTH_SERVER_SSL_REQUIRED); } + + public static void assumeAppServerSSL() { + Assume.assumeTrue("Only works with the SSL configured", APP_SERVER_SSL_REQUIRED); + } } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java index 29ee006fb2..b312d78ade 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java @@ -126,7 +126,7 @@ public class OAuthClient { private String clientId; private String redirectUri; - + private String kcAction; private StateParamProvider state; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java index 679f165e64..886b474cfd 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java @@ -48,6 +48,8 @@ import java.util.ArrayList; import java.util.List; import java.util.Map; import java.util.concurrent.TimeoutException; + +import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.APP_SERVER_SSL_REQUIRED; import static org.keycloak.testsuite.arquillian.AuthServerTestEnricher.AUTH_SERVER_SSL_REQUIRED; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer; @@ -64,12 +66,14 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest { @Page protected AppServerContextRoot appServerContextRootPage; - protected static final boolean APP_SERVER_SSL_REQUIRED = Boolean.parseBoolean(System.getProperty("app.server.ssl.required", "false")); protected static final String APP_SERVER_CONTAINER = System.getProperty("app.server", ""); public static final String JBOSS_DEPLOYMENT_STRUCTURE_XML = "jboss-deployment-structure.xml"; public static final URL jbossDeploymentStructure = AbstractServletsAdapterTest.class .getResource("/adapter-test/" + JBOSS_DEPLOYMENT_STRUCTURE_XML); + public static final String UNDERTOW_HANDLERS_CONF = "undertow-handlers.conf"; + public static final URL undertowHandlersConf = AbstractServletsAdapterTest.class + .getResource("/adapter-test/samesite/undertow-handlers.conf"); public static final String TOMCAT_CONTEXT_XML = "context.xml"; public static final URL tomcatContext = AbstractServletsAdapterTest.class .getResource("/adapter-test/" + TOMCAT_CONTEXT_XML); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLSameSiteTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLSameSiteTest.java index 75aa30a132..b29ab840ff 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLSameSiteTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLSameSiteTest.java @@ -6,6 +6,7 @@ import org.jboss.shrinkwrap.api.spec.WebArchive; import org.junit.BeforeClass; import org.junit.Test; import org.keycloak.adapters.rotation.PublicKeyLocator; +import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest; import org.keycloak.testsuite.adapter.filter.AdapterActionsFilter; import org.keycloak.testsuite.adapter.page.Employee2Servlet; import org.keycloak.testsuite.adapter.page.EmployeeSigServlet; @@ -20,6 +21,7 @@ import org.openqa.selenium.By; import javax.ws.rs.core.UriBuilder; import java.io.IOException; import java.net.URISyntaxException; +import java.net.URL; import java.util.Collections; import static org.keycloak.testsuite.arquillian.AppServerTestEnricher.getAppServerContextRoot; @@ -33,13 +35,9 @@ import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement; /** * @author mhajas */ -@AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW) @AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY) -@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY_DEPRECATED) -@AppServerContainer(ContainerConstants.APP_SERVER_EAP) -@AppServerContainer(ContainerConstants.APP_SERVER_EAP6) -@AppServerContainer(ContainerConstants.APP_SERVER_EAP71) -@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7) +// @AppServerContainer(ContainerConstants.APP_SERVER_EAP) // Should be added in: KEYCLOAK-14434 +// @AppServerContainer(ContainerConstants.APP_SERVER_EAP6) // Should be added in: KEYCLOAK-14435 @AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8) @AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9) @AuthServerContainerExclude(AuthServerContainerExclude.AuthServer.REMOTE) @@ -50,12 +48,14 @@ public class SAMLSameSiteTest extends AbstractSAMLServletAdapterTest { @Deployment(name = Employee2Servlet.DEPLOYMENT_NAME) protected static WebArchive employee2() { - return samlServletDeployment(Employee2Servlet.DEPLOYMENT_NAME, WEB_XML_WITH_ACTION_FILTER, SendUsernameServlet.class, AdapterActionsFilter.class, PublicKeyLocator.class); + return samlServletDeployment(Employee2Servlet.DEPLOYMENT_NAME, WEB_XML_WITH_ACTION_FILTER, SendUsernameServlet.class, AdapterActionsFilter.class, PublicKeyLocator.class) + .addAsWebInfResource(undertowHandlersConf, UNDERTOW_HANDLERS_CONF); } @Deployment(name = EmployeeSigServlet.DEPLOYMENT_NAME) protected static WebArchive employeeSig() { - return samlServletDeployment(EmployeeSigServlet.DEPLOYMENT_NAME, SendUsernameServlet.class); + return samlServletDeployment(EmployeeSigServlet.DEPLOYMENT_NAME, SendUsernameServlet.class) + .addAsWebInfResource(undertowHandlersConf, UNDERTOW_HANDLERS_CONF); } @Page @@ -64,6 +64,7 @@ public class SAMLSameSiteTest extends AbstractSAMLServletAdapterTest { @BeforeClass public static void enabledOnlyWithSSL() { ContainerAssume.assumeAuthServerSSL(); + ContainerAssume.assumeAppServerSSL(); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/context.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/context.xml index 4ac7ba0d87..c8aaccb385 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/context.xml +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/context.xml @@ -17,4 +17,5 @@ + \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/samesite/undertow-handlers.conf b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/samesite/undertow-handlers.conf new file mode 100644 index 0000000000..692c64016d --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/samesite/undertow-handlers.conf @@ -0,0 +1 @@ +samesite-cookie(mode=None, cookie-pattern=JSESSIONID) \ No newline at end of file diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/keystore/keycloak.truststore b/testsuite/integration-arquillian/tests/base/src/test/resources/keystore/keycloak.truststore index 67b00f86300c39f5957a3fc9a930872a5fdbbd56..d2875f92795cb1871c230a1f1e9d9bd683f582c0 100644 GIT binary patch delta 956 zcmV;t14I1o`3$Ck4GjM6{_Ow&00IC20JD>E{Vstzg*pMXIs#m&x7DozZ3MTLsRBO) zm!rV}Be!L;0^|d?*tr6b1OXqHVf_LZw_&ydcLS5w^+T7;8UhTLoP+`jx52&wmj<_} z$pT&k0V$VSECV37dBp-R1h)px0__R6h1~+x1Gn?n0+I!{THylm47V`z0>lHiOYQ>Y z1h@3|0tFJc@eTuT1Go7I1Na5EU=jmZ2e%d-1EK?$QP}|%x6K&?NdqwoY;R*>Y-n$D zbTa?|0djhg7vBH{SS~d%IRF3yl`w(>kuZV+d7uLV0RjR9Ja5))mt6`1AD53I16Uv+ z7Y#BnFf}qaF*Y?eGcj5i4>B@2G%zzUF)=nZHZw7oejx*ie~7FajRLbi7Lhz1d4&5v z9AUTn0n*%?v@lUxM?lvtJffC{Zg`3~!fhQL{<>^xxnL0d$b-bj;}RS%bf;s|zv#;2 z2%}e3u%s@hW^UyA?UrI9hVT!4YJfp$TkU#pywo0v@Kvm&rOmLjKEysHB^9={nQm}9 z$&hC%dQi{Xe@>!`Y(%_^(-h}gnasf@y2XB`o47&35h2CeLrTX5HE{Jaj%dW@QZvh4 z`HOcIDKUv;?F`JS->;z?^tC*@9+8q|(4N@uHH~8G-?|l~TOy#{I*)JpYsPwI3*0&R zHi^K`>+2(NA(U6Bk=3s78I2=zcyU{nNP%!yKgDX6P;iX`0|5X5qen1BFeC;8RUHuo z9WWb$8DVg6EpuUQY%MV|H!UzNFfB1IZfS5XX>Twc1_MnsNtv#^fyyAnjIEg{%^X88wHhHb@izsqT%w}b-3oK+J=tvCa0dKZacvmo z$r-n@=|D0cC8$FX|4(jLLrUB%jE`kDQ;q-X5lj5d>GyN9j;nu`ek1rSscPFmss}EL zJ%el(c*!P&186cS%iF9WtiHgS$Z&cRaWv~%nN*#BH3Q~Kh(ZZWgS=b`0`Sfuy~>4D z^@eH>Q@&e@qw@dB