KEYCLOAK-19077 fix login for admin console based scenarios (PKCE is required by default)
* also don't fetch fonts that are not needed/available anymore
This commit is contained in:
Benjamin Weimer
Stian Thorgersen
parent
aa018295c4
commit
655d66b03f
2 changed files with 24 additions and 20 deletions
|
|
@ -1,6 +1,8 @@
|
||||||
package org.keycloak.gatling
|
package org.keycloak.gatling
|
||||||
|
|
||||||
import java.net.URLEncoder
|
import java.net.URLEncoder
|
||||||
|
import java.security.{MessageDigest, SecureRandom}
|
||||||
|
import org.apache.commons.codec.binary.Base64
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a>
|
* @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a>
|
||||||
|
|
@ -15,4 +17,18 @@ object Utils {
|
||||||
URLEncoder.encode(url.split("/auth")(0), "utf-8")
|
URLEncoder.encode(url.split("/auth")(0), "utf-8")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
def generateCodeVerifier(): String = {
|
||||||
|
val secureRandom = new SecureRandom()
|
||||||
|
val code = new Array[Byte](32)
|
||||||
|
secureRandom.nextBytes(code)
|
||||||
|
Base64.encodeBase64URLSafeString(code)
|
||||||
|
}
|
||||||
|
|
||||||
|
def generateCodeChallenge(codeVerifier: String): String = {
|
||||||
|
val codeVerifierBytes = codeVerifier.getBytes("US-ASCII")
|
||||||
|
val md = MessageDigest.getInstance("SHA-256")
|
||||||
|
md.update(codeVerifierBytes, 0, codeVerifierBytes.length)
|
||||||
|
Base64.encodeBase64URLSafeString(md.digest)
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,12 +6,11 @@ import keycloak.AdminConsoleScenarioBuilder._
|
||||||
|
|
||||||
import java.time.ZonedDateTime
|
import java.time.ZonedDateTime
|
||||||
import java.time.format.DateTimeFormatter
|
import java.time.format.DateTimeFormatter
|
||||||
|
|
||||||
import io.gatling.core.pause.Normal
|
import io.gatling.core.pause.Normal
|
||||||
import io.gatling.http.request.StringBody
|
import io.gatling.http.request.StringBody
|
||||||
import org.jboss.perf.util.Util
|
import org.jboss.perf.util.Util
|
||||||
import org.jboss.perf.util.Util.randomUUID
|
import org.jboss.perf.util.Util.randomUUID
|
||||||
import org.keycloak.gatling.Utils.{urlEncodedRoot, urlencode}
|
import org.keycloak.gatling.Utils.{generateCodeChallenge, generateCodeVerifier, urlEncodedRoot, urlencode}
|
||||||
import org.keycloak.performance.TestConfig
|
import org.keycloak.performance.TestConfig
|
||||||
import org.keycloak.performance.templates.DatasetTemplate
|
import org.keycloak.performance.templates.DatasetTemplate
|
||||||
|
|
||||||
|
|
@ -60,6 +59,8 @@ class AdminConsoleScenarioBuilder {
|
||||||
var chainBuilder = exec(s => {
|
var chainBuilder = exec(s => {
|
||||||
val realm = realmsIterator.next
|
val realm = realmsIterator.next
|
||||||
val serverUrl = TestConfig.serverUrisIterator.next()
|
val serverUrl = TestConfig.serverUrisIterator.next()
|
||||||
|
val codeVerifier = generateCodeVerifier()
|
||||||
|
val codeChallenge = generateCodeChallenge(codeVerifier)
|
||||||
s.setAll(
|
s.setAll(
|
||||||
"keycloakServer" -> serverUrl,
|
"keycloakServer" -> serverUrl,
|
||||||
"keycloakServerUrlEncoded" -> urlencode(serverUrl),
|
"keycloakServerUrlEncoded" -> urlencode(serverUrl),
|
||||||
|
|
@ -70,7 +71,9 @@ class AdminConsoleScenarioBuilder {
|
||||||
"realm" -> realm.getRepresentation.getRealm,
|
"realm" -> realm.getRepresentation.getRealm,
|
||||||
"username" -> TestConfig.authUser,
|
"username" -> TestConfig.authUser,
|
||||||
"password" -> TestConfig.authPassword,
|
"password" -> TestConfig.authPassword,
|
||||||
"clientId" -> "security-admin-console"
|
"clientId" -> "security-admin-console",
|
||||||
|
"codeVerifier" -> codeVerifier,
|
||||||
|
"codeChallenge" -> codeChallenge
|
||||||
)
|
)
|
||||||
}).exitHereIfFailed
|
}).exitHereIfFailed
|
||||||
|
|
||||||
|
|
@ -135,7 +138,7 @@ class AdminConsoleScenarioBuilder {
|
||||||
def loginThroughLoginForm() : AdminConsoleScenarioBuilder = {
|
def loginThroughLoginForm() : AdminConsoleScenarioBuilder = {
|
||||||
chainBuilder = chainBuilder
|
chainBuilder = chainBuilder
|
||||||
.exec(http("JS Adapter Auth - Login Form Redirect")
|
.exec(http("JS Adapter Auth - Login Form Redirect")
|
||||||
.get("/auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=${keycloakServerUrlEncoded}%2Fadmin%2Fmaster%2Fconsole%2F&state=${state}&nonce=${nonce}&response_mode=fragment&response_type=code&scope=openid")
|
.get("/auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=${keycloakServerUrlEncoded}%2Fadmin%2Fmaster%2Fconsole%2F&state=${state}&nonce=${nonce}&response_mode=fragment&response_type=code&scope=openid&code_challenge=${codeChallenge}&code_challenge_method=S256")
|
||||||
.headers(UI_HEADERS)
|
.headers(UI_HEADERS)
|
||||||
.check(status.is(200), regex("action=\"([^\"]*)\"").find.transform(_.replaceAll("&", "&")).saveAs("login-form-uri")))
|
.check(status.is(200), regex("action=\"([^\"]*)\"").find.transform(_.replaceAll("&", "&")).saveAs("login-form-uri")))
|
||||||
.exitHereIfFailed
|
.exitHereIfFailed
|
||||||
|
|
@ -170,6 +173,7 @@ class AdminConsoleScenarioBuilder {
|
||||||
.post("/auth/realms/master/protocol/openid-connect/token")
|
.post("/auth/realms/master/protocol/openid-connect/token")
|
||||||
.headers(ACCEPT_ALL)
|
.headers(ACCEPT_ALL)
|
||||||
.formParam("code", "${code}")
|
.formParam("code", "${code}")
|
||||||
|
.formParam("code_verifier", "${codeVerifier}")
|
||||||
.formParam("grant_type", "authorization_code")
|
.formParam("grant_type", "authorization_code")
|
||||||
.formParam("client_id", "security-admin-console")
|
.formParam("client_id", "security-admin-console")
|
||||||
.formParam("redirect_uri", APP_URL)
|
.formParam("redirect_uri", APP_URL)
|
||||||
|
|
@ -260,22 +264,6 @@ class AdminConsoleScenarioBuilder {
|
||||||
.get("/auth/resources/${resourceVersion}/admin/keycloak/templates/kc-menu.html")
|
.get("/auth/resources/${resourceVersion}/admin/keycloak/templates/kc-menu.html")
|
||||||
//.headers(UI_HEADERS ++ Map("Referer" -> "")) // TODO fix referer
|
//.headers(UI_HEADERS ++ Map("Referer" -> "")) // TODO fix referer
|
||||||
.headers(UI_HEADERS)
|
.headers(UI_HEADERS)
|
||||||
.check(status.is(200)),
|
|
||||||
|
|
||||||
// request fonts for css also set referer
|
|
||||||
http("OpenSans-Semibold-webfont.woff")
|
|
||||||
.get("/auth/resources/${resourceVersion}/admin/keycloak/lib/patternfly/fonts/OpenSans-Semibold-webfont.woff")
|
|
||||||
.headers(UI_HEADERS)
|
|
||||||
.check(status.is(200)),
|
|
||||||
|
|
||||||
http("OpenSans-Bold-webfont.woff")
|
|
||||||
.get("/auth/resources/${resourceVersion}/admin/keycloak/lib/patternfly/fonts/OpenSans-Bold-webfont.woff")
|
|
||||||
.headers(UI_HEADERS)
|
|
||||||
.check(status.is(200)),
|
|
||||||
|
|
||||||
http("OpenSans-Light-webfont.woff")
|
|
||||||
.get("/auth/resources/${resourceVersion}/admin/keycloak/lib/patternfly/fonts/OpenSans-Light-webfont.woff")
|
|
||||||
.headers(UI_HEADERS)
|
|
||||||
.check(status.is(200))
|
.check(status.is(200))
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue