From 76a6733f0a0edf25f3e75724b0cf708f0284e19f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Barto=C5=A1?= <mabartos@redhat.com>
Date: Mon, 27 May 2024 17:56:07 +0200
Subject: [PATCH] Replace PhantomJS by HtmlUnit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #9979

Co-authored-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---
 .github/actions/build-keycloak/action.yml     |   4 --
 .../actions/integration-test-setup/action.yml |   4 --
 .github/actions/phantomjs-cache/action.yml    |  26 --------
 testsuite/integration-arquillian/pom.xml      |  24 -------
 ...-user-san-cert-test-user-key@localhost.p12 | Bin 0 -> 4755 bytes
 .../servers/auth-server/quarkus/pom.xml       |   5 +-
 .../integration-arquillian/tests/base/pom.xml |   6 +-
 .../drone/KeycloakDronePostSetup.java         |  41 +++++++++---
 .../drone/KeycloakWebDriverConfigurator.java  |  17 -----
 ...tomJSBrowser.java => HtmlUnitBrowser.java} |   2 +-
 .../example/hal/ConsoleProtectionTest.java    |   2 -
 .../javascript/JavascriptAdapterTest.java     |  18 ++---
 .../welcomepage/WelcomePageTest.java          |  15 ++---
 .../x509/AbstractX509AuthenticationTest.java  |  62 ++++++++----------
 .../testsuite/x509/X509BrowserCRLTest.java    |  11 ++--
 .../x509/X509BrowserLoginIssuerDnTest.java    |  12 ++--
 .../X509BrowserLoginSubjectAltNameTest.java   |  12 ++--
 .../x509/X509BrowserLoginSubjectDnTest.java   |  26 ++------
 .../testsuite/x509/X509BrowserLoginTest.java  |  11 ++--
 .../testsuite/x509/X509DirectGrantTest.java   |  10 ++-
 .../x509/X509OCSPResponderFailOpenTest.java   |   8 +--
 .../X509OCSPResponderSpecificCertTest.java    |   8 +--
 .../testsuite/x509/X509OCSPResponderTest.java |   8 +--
 .../X509SingleCertificateBrowserCRLTest.java  |  10 +--
 .../base/src/test/resources/arquillian.xml    |   7 +-
 .../integration-arquillian/tests/pom.xml      |   7 +-
 26 files changed, 132 insertions(+), 224 deletions(-)
 delete mode 100644 .github/actions/phantomjs-cache/action.yml
 create mode 100644 testsuite/integration-arquillian/servers/auth-server/common/pki/root/ca/certs/clients/test-user-san-cert-test-user-key@localhost.p12
 rename testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/{PhantomJSBrowser.java => HtmlUnitBrowser.java} (96%)

diff --git a/.github/actions/build-keycloak/action.yml b/.github/actions/build-keycloak/action.yml
index 312ef809ee..6a670d2b43 100644
--- a/.github/actions/build-keycloak/action.yml
+++ b/.github/actions/build-keycloak/action.yml
@@ -24,10 +24,6 @@ runs:
       with:
         create-cache-if-it-doesnt-exist: true
 
-    - id: phantomjs-cache
-      name: PhantomJS cache
-      uses: ./.github/actions/phantomjs-cache
-
     - id: frontend-plugin-cache
       name: Frontend Plugin Cache
       uses: ./.github/actions/frontend-plugin-cache
diff --git a/.github/actions/integration-test-setup/action.yml b/.github/actions/integration-test-setup/action.yml
index 70a8d3ec82..9af8675344 100644
--- a/.github/actions/integration-test-setup/action.yml
+++ b/.github/actions/integration-test-setup/action.yml
@@ -25,10 +25,6 @@ runs:
       name: Maven cache
       uses: ./.github/actions/maven-cache
 
-    - id: phantomjs-cache
-      name: PhantomJS cache
-      uses: ./.github/actions/phantomjs-cache
-
     - id: frontend-plugin-cache
       name: Frontend Plugin Cache
       uses: ./.github/actions/frontend-plugin-cache
diff --git a/.github/actions/phantomjs-cache/action.yml b/.github/actions/phantomjs-cache/action.yml
deleted file mode 100644
index 616d2657b9..0000000000
--- a/.github/actions/phantomjs-cache/action.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-name: PhantomJS Cache
-description: Caches PhantomJS driver
-
-inputs:
-  version:
-    description: PhantomJS Driver version
-    required: false
-    default: 2.1.1
-
-runs:
-  using: composite
-  steps:
-    - id: cache-phantomjs-driver
-      name: PhantomJS Driver cache
-      uses: actions/cache@v4
-      with:
-        path: ~/.arquillian/drone
-        key: phantomjs-${{ inputs.version }}
-
-    - id: download-phantomjs-driver
-      name: Download PhantomJS Driver
-      if: steps.cache-phantomjs-driver.outputs.cache-hit != 'true'
-      shell: bash
-      run: |
-        mkdir -p ~/.arquillian/drone/phantomjs/${{ inputs.version }}/
-        curl -L https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-${{ inputs.version }}-linux-x86_64.tar.bz2 --output ~/.arquillian/drone/phantomjs/${{ inputs.version }}/phantomjs-${{ inputs.version }}-linux-x86_64.tar.bz2
diff --git a/testsuite/integration-arquillian/pom.xml b/testsuite/integration-arquillian/pom.xml
index c4d371bfef..5e9fc6dae8 100644
--- a/testsuite/integration-arquillian/pom.xml
+++ b/testsuite/integration-arquillian/pom.xml
@@ -626,30 +626,6 @@
                 <dballocator.skip>false</dballocator.skip>
             </properties>
         </profile>
-
-        <!-- Workaround for issues related to PhantomJS in some newer linux environment. See for example here for more details https://github.com/nodejs/node/issues/43132 -->
-        <profile>
-            <id>phantomjs-openssl-workaround</id>
-            <activation>
-                <os>
-                    <family>unix</family>
-                </os>
-            </activation>
-            <build>
-                <pluginManagement>
-                    <plugins>
-                        <plugin>
-                            <artifactId>maven-surefire-plugin</artifactId>
-                            <configuration>
-                                <environmentVariables>
-                                    <OPENSSL_CONF>/dev/null</OPENSSL_CONF>
-                                </environmentVariables>
-                            </configuration>
-                        </plugin>
-                    </plugins>
-                </pluginManagement>
-            </build>
-        </profile>
     </profiles>
 
 </project>
diff --git a/testsuite/integration-arquillian/servers/auth-server/common/pki/root/ca/certs/clients/test-user-san-cert-test-user-key@localhost.p12 b/testsuite/integration-arquillian/servers/auth-server/common/pki/root/ca/certs/clients/test-user-san-cert-test-user-key@localhost.p12
new file mode 100644
index 0000000000000000000000000000000000000000..9abd651e9fb4f837ec21a27f882d33ece413d066
GIT binary patch
literal 4755
zcmai&Ra6v=)`p2;$RP%h1|=lLVMvjX9EL_<XmBWL$&v1Eq(ufsN?KA{5Gm>IMi7+l
zKA!de>-#Rx#a?^u_q}*8_p>)77@UBEjSC3|D*y?3!j;0$LD=}%xxru&Krk5kSLTNV
z6R`ek0ds>1DE~@iIM`T!8^OO0Hbn2A0S^RGhH(Eol0X;%1YVUAT+td0yEr%mSP&8*
z!T+V<5aMA$n1F<@!j-VCZ~@pn0CMD97qzGwX$?6Ummq59JT)*FKbP3jAyX^CC1j%z
zo&aKhau?#FQq41v^<nA~o4nprOvUSK%MY^^xI~y=`KeKwN29kpXEgb&+q|LS+gH<m
ziQRmI&jy;`Rrn;t0~I29-25-Pl4=4H!uGmGbW@=5wb9f@sWYx|*D5K|P`IW+%Hl0E
zj_>m&tHTW2?wMPwZ>boSN%vOP?xE|ffqesWRay*Cim6zx%sc*4GQDOm>1xDRUKH*2
zfOCWUiwFz5K>2d+L}IOlf3vk!oANYoBx9wVyJ7l9Eg`g;n%|*<U7P0a_#>+l-s(wP
zrbCIuH@he`$WGDoxom?{f8gHQ&N>SGn#?O83pvF7F@BKH3|d!BTlA|Z{YFHBe#rC6
zUtoz@)e9@ERf>hAxqyiFsm!{oN%->WiUNh6w4B|P$GD@#!Ss}Kp<WOpI+(+lDrJ~@
zc1w!!se~KSp_Wm`W-G7Fc6!AmFEQ4ALd`$7dkk+waB0aPZi^nN!dV0p{sr)DzCkrb
zQzP2B5nqocFGnYw(rzY|!>KqLYo0z|Popx;8b3=LG1<0{gUm4=b>dnL1^Ez)F1rg5
zG>58Aa)!0eYtA<8o5DkNq7KtJmq(^mL`OV~eUH@@g`5-NSj4z|4`R-M`=-{6kFlIc
zfFJ9eimiz<IMQO^!-XZ$1|aU^u?PCj&lHeCA|mSi=i_s(PqyEY1N*#`@Pvlr&4#6i
z{i&C6z`<|#x6wK|s}-sm^tHwhqT9{A?|5{NshXFrnylEDj0baGQjNYS9XufGxZLC6
z<JDr(z;jVw^;B*}t`md4Gg_rg&DEU2Jw}vWu&X0&XK?4+Z?g(9Hs2vV0;BbKqXz+0
z0fvs#r5^nEM`{PM{DD{vkR`;>*k(RgiGWrXk!mj&59v?VfRFrAJ--rb*oN1hzBX%F
zG?T$EMfeYjbH_aNFU3L{fCocaocyqFOi-q6?cYGat#z#pkCcm<ttsPZclzH_BJbx#
z%(i+#Ti*!>=+p-aqZ@^f2e%Mz^=Lo8pe7$MW+mt0kNhus6>i295oz}Dg;ebqi)Q3p
z4c_C79ewq#>T4(pbs^>#)LdD92x5M1g-1=<*bMESO;nsSoW$raEB%f-U;b2kj~h12
zlCY?zU8C)`4k_UR{WZ!PD3g|=2BSSSgx;pW+$UUa((Ho|;+>;uL0JAshbK<x<wvO|
zTLdW2aWblKv8b7-WdF$7gwYIz>0b3BwJLX!85{^`<%KlJ`p$yzF~`?43ts!rsNA!_
zfL}|Yw)7IxnNn&nU9fnYc?L1x)rt*g7xd>sfmvsi^ua3f<jQ=l0J9$9*P|GUDSYlP
z&<-z2V1H#RMeP+dOg#qoL6)hL*7Xn{{b0IpiOoTXBxP4+pRaiKHg~anrTKlNF=-Y8
z;(8WBe722PrN7X#k?wy()KOtwl3==A>=5ieNr>{EaTY$f816Uz<H*TLd;rC9m#JqE
zsxEOU_jB}iN^cT-dpCI6#PbEw)snBfIa>Ct_o8j6Qss$#yPX5RnI<A+2(Id=2|jul
zO#q?dGO1V=rVL;&21FZQv$V3S;7R+HlpKdplc_3d&+bv!UeYjly|jHDKrmd&K1DTJ
zy=N4u7k66zX*?L3;LIe$!mi<+i>3r+Iqu$XYL)5-)T0+w&~_$jP_dQ3?(y;8A&i@M
zb*$1~Zz$$T6G#LjeK!WiEV&vyr)tk^LtMCb<`3sCxR^EC0rus-U3X5bndYUoC#<u^
z8%k5R7`t<I3h1)!3@xuKo~6zlKYdEvi2oL>HO~5#H;B#UQimpRZfqq?y(bzlthcRK
zS=hXwW8UHt#seoKIdrl)trioH>Lg89*6L?bT|*6l<Q5{o5Tp;;cYa<QO!T!&hLg<#
zbf3QPxoR()JvTQLB6`kuOYKpInP>?^O$N^qmz!~8E%mG`QREII;_fU$Ez}sdt86=l
zX(zP}%Nu*Kh;uktCPYWCf?lc2?Y|*9FT|#D)<`2aiXGh7nSIq~(i(2<;{C7~xm;()
zWU+qqI|?Uix1%U^RjvGv%KSYY`ier-z`ASfnuYFoEAr8n>Dc~pXM|Z&9j1~3pa;bl
zrtnC5_vhwNR0*4b#8j#cCw6$q{N*u-!z<!q*CMu&P9k)N0Cp`Qf`eaUYp~q8&szUv
z<_fouF!g3i1R`M^&S^lCD{rc($VEhnLrW3UDCXhfhH9z)Cb%ur`|RyKN2<+hi^p%r
z9u0Q6p~i?l*Iv(u%B`oBGK__N;#<9lhR(N{hSdYgs`Gwsal{AI=kRFzXJoT=g@atu
zF2mdI0xOFqF9`>vme=W7Y#uhGKY5wwM*iTFMb0HO4{Sp+OP4In&IU%D9@@Aj_s5Xk
z83dw3sWmgmKQQQ1#w6T)bMI5}(3v(o93}N#8c0MAe%@>7y=KmK%Kc!l*ml>XiILy0
zYkx0Qmv<&Vk_~HFJay|BPmMpAbI5$=JFXV9vv#-u8CLuGP<X6|3SC`QD`?95QE&&I
zvD?4{j-5f=;3qP#F5ys{&^%s#E{P`}Eu=qNB{xNREPh@+g1yGNkcL1j9?M<RatQB@
zvFa@+o7|=khfg&Bn*U_v2?-_w{Il=>3lM~-fMCKyNHF2<-`WNe|36!h5Mkr|HLL!L
z<^Ky9<}lx#m&Buy{}ULh!R-!574$qNl8U5dbzH`OlQqAea|aizpWKhn;SHI?9vlW8
zd))-8dFe5{TF!e-v@EDMP`3u7)4WQSi5(pL{mqMT(q*+;TS*RD-cY2IL%PRSo}K}<
z2;*LJ*gLzYVlV)=P1(b1+IQK=hMhVe(!+NYi#mAK?N?d8QN?eDK$Si+&;Qs<$W@T*
z_^p=Pj8%9FERI9AnrH*tXkF<alvrV}+!%x|Uq{pmt?P8m0S-;YKlmrgc1>;*F_!kR
z$61KDJuAoxpq;ywm?*+)fZ1+J4+dBG6@7W6f_3?7G+ruIp@L5thG*ZRTNF#Dl<WMH
zU^PdIkiCzI^j<PJ6xrgC8$kU@fBkwnwK^uDYJs9cx12>NF?USL*<Z2J@&3CNT?Qw+
zEjferXtwnNv)NNRzLDA{E}b9L4R1r++(_jt2FkUiD|(ZWtv9r$P_|lEIJY5PU~%lB
zvp5eifw0#fhr_(|Sw{v>urVE?P%`N8wGljyFrJXI85w0kH@z;q=DRHS(!ioE=~T{B
zFxKQMluLt1w+zQ|&GFvEfFCyG2$jE(lyZ*CCx6#)RoRO$azKvJT8lYRZFZ6EFd=w`
zD;@n7Q`qb7D_w%aa;$YXcQZK${SU=1AAV&*HLDoc2Wlr{WIil|f4_A6vI-Gp?74T{
z&at7@!do53z+S)bG<ct#3F9FdmbtTL>mGaCeGSV$*v=(VCpC!{?U35FifobEPg1yt
zv0-d#cq6O}$Orj}u#HtECM^3zf-E`WY&@SRq!^aA>}N6y=sjNZz4pt{iM=aG);864
zPtvE&e{#jwcjb|G>|hr1;YPFQB+||Yx&bQ~fv;n`Pt5Y1>2yD7lidEpvqOKIRMS@D
zytY3}%fX_>O_OE+4qQO7+fS)``?1!2t;SK5^)X8h#5Q9(dH9E*V-KfV>Tr9Qxjq#|
zV)`F7oki_MIxf8S?)4KT0aftjVzxoQEMJWUD}@JpM0U(QzBQ&B-Mxd6XiK^{4nD?n
zb^)<dr9<;S<{?s1x`(?lN6K9Y<=d-R2HZCyA^KZouUFyDOj1Fr{TqoB8)*ekTSYZS
zt%y!yg~4;<wJ|X=cHUIVr@=HNnuhFp{c)I|g#zFm9M<3tAK`fV<~x?lUep01a@1BU
z+K_`uOYGg{c|CX0d({mrLmpJ5ghIscpv@apXCgJTcEhO{aOv|NXRyGU5@6$rYw?M;
zuzPz{$t&Nr)NO0db6XL-6VC~GTH%*c*kE2-z70ppbH+-(00{SpH-toZ>&BFxjVQSc
z*j6Odp3lOQ%629%+HK4yP5z1u69qUGK;MiRM{M@BViD3R#xbUkF>xpz?PEps3?P$<
zHj&4{3}IsevF#58k;@H{b_q`wlSY%P8rcfc9=SP|W;jz^2C}9XmnoLnf(#9RJ_1HH
zTj`n%<Xx(<iHQ+-zjT<EL2r!r(+?KXY$@FjSf^0Y;rn0@I^hIqKw$Bb#$5ReimfPE
zv5d8P-%_`g&xr&_g9M4hJC^C<b%v}~FYk2|kY;k}A4n7$w+naeL1s4RDAPKxwp$^S
zP(^`}UOO3vR4USpc#D=l;!KB~UO(eqQXhU<N)If#xSFf7wBya*$H*Bv-g-aTJw@(<
zW}k~^<#THmxWV=OBSLIp4#~qo6%^!H*-~!~x=Ky@nNn(A*duL0M6t#8PP2owsKYb^
z*mN@WElT+p`QzIa!G(06rcN@rSbI~*g(aoJNi(l>g5>+i?Q&DWD$6?f!_r=c3K}*q
zzx}roqxgb84PSTia~cQKV)5!;U%0iHGIo$EIejA?E}W%qoa;x1TXm*bPXuV{jBjy^
z<xnkskEA>sS-1V(zx*lG(eGe7mmR(BgQs%&yfkfQ9ZAVzZlf1)!u;5e=AH_o^&`}v
z;G^H$Q4O>lmt2a_Z#Eq}!)J#=QnycChk9dbl#koutdC$@c|C{F6$RNk%W>K2k{AN|
zk}2`&XO9kJrhPA2tEX2)DaU~U1SuY3{ENRhroQg-7{Sce+M|^g*uo+L#u!Uco2Cb|
z_v6wRpoTw3bXn}TE5QDfq^)w8*a_sOQ)WgOHiqxqjhlmrw}&R3G$E8DueQu|Sk5G!
z!vHTXEA0W+_-hH9)f{gdt8e{Nz9gxJ0W3N6arR}0S@Zj1YeWKSaY1k5+?eI(-ut5^
zw*_A^^}JX`0d%UJ$$v725rK7OJ6O6cX_y~VdriEh^qzN8Cdf!PXeNTAv;eM7EdxdM
zjHZ+Y<wk2kzPj_`UR<KMpI(>_^<ciuc=QQ6r5tege74y*BVfuDqZo?0gFjsVnRAwG
zPrJK9E?;FN+4se(@`Im?9qBmZ{Ev~1K-rud#y8!W?n|K!rXC`W26BrC{9`7&JzNRn
z=ZU#0cx_OJquX-Ae4*#v$MfqYpA*KaGXFRg#9sZF@$T^+?;_UA@yASTZ9jGKuKWq?
zXq%CCf6CXjw#O?_Ga*dMqD>0!#-R3&95IOyC?too<{tKW#vSp#b<LXx_!yUc{7+Dv
z27ZW>Qp9f|$!KxYGL}IDZh0^fB+<J*Ir%0R|0}^^y~GEahzMoQYR?+s*!1d;M`K@$
z^mWabm{zoP#!HC%xHszg{0kDyaFD$rsSJ+23lOYnVzG`BTx|u*GS_vqV!!W)CB9qI
zcdM7f<khUve@HcYy3n#T)ES8ZAxY*zw1+iJ<B-B|p~gNJQ+D;y_m$tU1s`mYqQCv<
zB8vO;DEV|*Rx+A{X=8-4u6^;>-{YJ933K?i73e_85FmrIYTozp8FY!WSR%W~v7W{~
zM-ua1(+r%v9UD$}-2l!boB7N6Y89{#FSno0({ZHls<)C%p6OCJ%gJgCnz+(OGKOOZ
zjx>evSH-68EZoHN_N`9}a(&vV2$d^US~&&oH^#gdJo?p&{+$Vm6Tw40l0%ZIKsh#r
zEH5G7S6pkvWjmJHPPsdi(H%F(I<mq)q&4LEel>pP=`BM?h-+wfc<o}@vD;h{72*z>
z>&0miex<e}*{Ra!@HvZm9kJ?I<Wt6Ml#y?Hax{TN#?ZV^Xr--M0}5twW<Tit0<3rj
zbD0k>E3hPZJx5{sI$EX2{GEJOGcShXyX@r%Yh=HMP93=T`Q{6vm$_g0^<;yH0qGYp
zd+zKef}fLa-IdN;`?wqorF}A9t$I0EEcI&&a6s7p0X#x#fd>Gp3Q&c#d(ze}@O#f6
z_k*YU^Rqw%L<S-N0sZsN!NJDE0z90s=itqI)qGC}XFSUKcB5AL=y<i*msuU7fz_6W
Uq;3TeG!4<E4h<!_{ulNB1CAl(EdT%j

literal 0
HcmV?d00001

diff --git a/testsuite/integration-arquillian/servers/auth-server/quarkus/pom.xml b/testsuite/integration-arquillian/servers/auth-server/quarkus/pom.xml
index 423545438c..626eedf1f6 100644
--- a/testsuite/integration-arquillian/servers/auth-server/quarkus/pom.xml
+++ b/testsuite/integration-arquillian/servers/auth-server/quarkus/pom.xml
@@ -63,7 +63,7 @@
                             <goal>copy-resources</goal>
                         </goals>
                         <configuration>
-                            <outputDirectory>${auth.server.home}</outputDirectory>
+                            <outputDirectory>${auth.server.home}/conf</outputDirectory>
                             <resources>
                                 <resource>
                                     <directory>${common.resources}/keystore</directory>
@@ -71,6 +71,7 @@
                                         <include>ca.crt</include>
                                         <include>client.crt</include>
                                         <include>client.key</include>
+                                        <include>client.p12</include>
                                         <include>client-ca.crt</include>
                                         <include>client-ca.key</include>
                                         <include>*.crl</include>
@@ -80,7 +81,9 @@
                                     <directory>${common.resources}/pki/root/ca</directory>
                                     <includes>
                                         <include>certs/clients/test-user-san@localhost.cert.pem</include>
+                                        <include>certs/clients/test-user-san@localhost.p12</include>
                                         <include>certs/clients/test-user@localhost.key.pem</include>
+                                        <include>certs/clients/test-user-san-cert-test-user-key@localhost.p12</include>
                                     </includes>
                                 </resource>
                             </resources>
diff --git a/testsuite/integration-arquillian/tests/base/pom.xml b/testsuite/integration-arquillian/tests/base/pom.xml
index cdbba92ddb..a61c8b0592 100644
--- a/testsuite/integration-arquillian/tests/base/pom.xml
+++ b/testsuite/integration-arquillian/tests/base/pom.xml
@@ -46,9 +46,9 @@
         <systemrules.version>1.19.0</systemrules.version>
         <common.resources>${basedir}/../../servers/auth-server/common</common.resources>
         <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
-        <maven.compiler.release>11</maven.compiler.release>
-        <maven.compiler.target>11</maven.compiler.target>
-        <maven.compiler.source>11</maven.compiler.source>
+        <maven.compiler.release>17</maven.compiler.release>
+        <maven.compiler.target>17</maven.compiler.target>
+        <maven.compiler.source>17</maven.compiler.source>
     </properties>
     
     <dependencies>
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/drone/KeycloakDronePostSetup.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/drone/KeycloakDronePostSetup.java
index 285e0f8333..77ec5c8551 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/drone/KeycloakDronePostSetup.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/drone/KeycloakDronePostSetup.java
@@ -39,10 +39,16 @@ import org.openqa.selenium.firefox.FirefoxOptions;
 import org.openqa.selenium.htmlunit.HtmlUnitDriver;
 import org.openqa.selenium.remote.RemoteWebDriver;
 
+import java.io.File;
+import java.net.MalformedURLException;
+
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
  */
 public class KeycloakDronePostSetup {
+    public static final String HTML_UNIT_SSL_KEYSTORE_PROP = "htmlunit-ssl-keystore";
+    public static final String HTML_UNIT_SSL_KEYSTORE_PASSWORD_PROP = "htmlunit-ssl-keystore-password";
+    public static final String HTML_UNIT_SSL_KEYSTORE_TYPE_PROP = "htmlunit-ssl-keystore-type";
 
     @Inject
     @ClassScoped // needed in BrowserDriverIgnoreDecider
@@ -54,22 +60,19 @@ public class KeycloakDronePostSetup {
         DronePoint<?> dronePoint = event.getDronePoint();
         Object drone = droneContext.get(dronePoint).getInstance();
 
-        if (drone instanceof RemoteWebDriver) {
-            RemoteWebDriver remoteWebDriver = (RemoteWebDriver) drone;
+        if (drone instanceof RemoteWebDriver remoteWebDriver) {
             log.infof("Detected browser: %s %s", remoteWebDriver.getCapabilities().getBrowserName(), remoteWebDriver.getCapabilities().getBrowserVersion());
             webDriverProducer.set(remoteWebDriver);
         }
 
-        if (drone instanceof WebDriver && !(drone instanceof AppiumDriver)) {
-            WebDriver webDriver = (WebDriver) drone;
+        if (drone instanceof WebDriver webDriver && !(drone instanceof AppiumDriver)) {
             configureDriverSettings(webDriver);
             webDriverProducer.set(webDriver);
         } else {
             log.warn("Drone is not instanceof WebDriver for a desktop browser! Drone is " + drone);
         }
 
-        if (drone instanceof GrapheneProxyInstance) {
-            GrapheneProxyInstance droneProxy = (GrapheneProxyInstance) drone;
+        if (drone instanceof GrapheneProxyInstance droneProxy) {
             if (drone instanceof HtmlUnitDriver) {
                 droneProxy.registerInterceptor(new HtmlUnitInterceptor());
             }
@@ -89,11 +92,11 @@ public class KeycloakDronePostSetup {
         driver.manage().window().maximize();
 
         configureFirefoxDriver(driver);
+        configureHtmlUnitDriver(driver);
     }
 
     private void configureFirefoxDriver(WebDriver driver) {
-        if (driver instanceof FirefoxDriver) {
-            FirefoxDriver firefoxDriver = (FirefoxDriver) driver;
+        if (driver instanceof FirefoxDriver firefoxDriver) {
             Capabilities capabilities = firefoxDriver.getCapabilities();
             FirefoxOptions options = new FirefoxOptions(capabilities);
             // disables extension automatic updates as we don't need it when running the test suite
@@ -102,6 +105,28 @@ public class KeycloakDronePostSetup {
         }
     }
 
+    private void configureHtmlUnitDriver(WebDriver driver) {
+        if (driver instanceof HtmlUnitDriver htmlUnitDriver) {
+            final var keystore = System.getProperty(HTML_UNIT_SSL_KEYSTORE_PROP);
+            final var keystorePassword = System.getProperty(HTML_UNIT_SSL_KEYSTORE_PASSWORD_PROP);
+            final var keystoreType = System.getProperty(HTML_UNIT_SSL_KEYSTORE_TYPE_PROP);
+
+            log.info("Check HtmlUnit driver TLS settings");
+
+            if (keystore != null && keystorePassword != null && keystoreType != null) {
+                log.infof("Keystore '%s', password '%s', type '%s'", keystore, keystorePassword, keystoreType);
+
+                var options = htmlUnitDriver.getWebClient().getOptions();
+                options.setUseInsecureSSL(true);
+                try {
+                    options.setSSLClientCertificateKeyStore(new File(keystore).toURI().toURL(), keystorePassword, keystoreType);
+                } catch (MalformedURLException e) {
+                    throw new RuntimeException(e);
+                }
+            }
+        }
+    }
+
     public static class HtmlUnitInterceptor implements Interceptor {
 
         @Override
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/drone/KeycloakWebDriverConfigurator.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/drone/KeycloakWebDriverConfigurator.java
index 67e7fcf4b4..85bf910fe1 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/drone/KeycloakWebDriverConfigurator.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/drone/KeycloakWebDriverConfigurator.java
@@ -27,7 +27,6 @@ import org.jboss.arquillian.drone.webdriver.spi.BrowserCapabilities;
 import org.jboss.arquillian.drone.webdriver.spi.BrowserCapabilitiesRegistry;
 import org.jboss.logging.Logger;
 import org.openqa.selenium.Capabilities;
-import org.openqa.selenium.phantomjs.PhantomJSDriverService;
 import org.openqa.selenium.remote.CapabilityType;
 import org.openqa.selenium.remote.DesiredCapabilities;
 
@@ -53,7 +52,6 @@ public class KeycloakWebDriverConfigurator {
         DesiredCapabilities capabilitiesToAdd = new DesiredCapabilities();
         updateCapabilityKeys("htmlUnit", webDriverCfg, capabilitiesToAdd);
         updateCapabilityKeys("appium", webDriverCfg, capabilitiesToAdd);
-        configurePhantomJSDriver(webDriverCfg, capabilitiesToAdd);
         acceptAllSSLCerts(webDriverCfg, capabilitiesToAdd);
 
         BrowserCapabilities browserCap = registryInstance.get().getEntryFor(webDriverCfg.getBrowser());
@@ -64,21 +62,6 @@ public class KeycloakWebDriverConfigurator {
         capabilitiesToAdd.setCapability(CapabilityType.ACCEPT_INSECURE_CERTS, true);
     }
 
-    private void configurePhantomJSDriver(WebDriverConfiguration webDriverCfg, DesiredCapabilities capabilitiesToAdd) {
-        if (!webDriverCfg.getBrowser().equals("phantomjs")) {
-            return;
-        }
-
-        String cliArgs = System.getProperty("keycloak.phantomjs.cli.args");
-
-        if (cliArgs == null) {
-            cliArgs = "--ignore-ssl-errors=true --web-security=false";
-        }
-
-        capabilitiesToAdd.setCapability(PhantomJSDriverService.PHANTOMJS_CLI_ARGS, cliArgs);
-    }
-
-
     // This is to ensure that default value of capabilities like "version" will be used just for the HtmlUnitDriver, but not for other drivers.
     // Hence in configs we have "htmlUnit.version" instead of "version"
     private void updateCapabilityKeys(String browser, WebDriverConfiguration webDriverCfg, DesiredCapabilities capabilitiesToAdd, String... exclude) {
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/PhantomJSBrowser.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/HtmlUnitBrowser.java
similarity index 96%
rename from testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/PhantomJSBrowser.java
rename to testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/HtmlUnitBrowser.java
index f8ce1db2a8..82a4dcb21b 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/PhantomJSBrowser.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/HtmlUnitBrowser.java
@@ -26,5 +26,5 @@ import java.lang.annotation.Target;
 @Retention(RetentionPolicy.RUNTIME)
 @Target({ElementType.FIELD, ElementType.PARAMETER})
 @Qualifier
-public @interface PhantomJSBrowser {
+public @interface HtmlUnitBrowser {
 }
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/hal/ConsoleProtectionTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/hal/ConsoleProtectionTest.java
index db5360d4c5..f3e3a060e1 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/hal/ConsoleProtectionTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/hal/ConsoleProtectionTest.java
@@ -77,8 +77,6 @@ public class ConsoleProtectionTest extends AbstractAdapterTest {
 
     @Before
     public void beforeConsoleProtectionTest() throws IOException, OperationException {
-        Assume.assumeTrue("This testClass doesn't work with phantomjs", !"phantomjs".equals(System.getProperty("js.browser")));
-
         try (OnlineManagementClient clientWorkerNodeClient = AppServerTestEnricher.getManagementClient()) {
 
             Operations operations = new Operations(clientWorkerNodeClient);
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/javascript/JavascriptAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/javascript/JavascriptAdapterTest.java
index d81ab903fa..e66827641b 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/javascript/JavascriptAdapterTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/javascript/JavascriptAdapterTest.java
@@ -1,7 +1,6 @@
 package org.keycloak.testsuite.javascript;
 
 import org.jboss.arquillian.graphene.page.Page;
-import org.junit.Assume;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -318,8 +317,6 @@ public class JavascriptAdapterTest extends AbstractJavascriptTest {
 
     @Test
     public void grantBrowserBasedApp() {
-        Assume.assumeTrue("This test doesn't work with phantomjs", !"phantomjs".equals(System.getProperty("js.browser")));
-
         ClientResource clientResource = ApiUtil.findClientResourceByClientId(adminClient.realm(REALM_NAME), CLIENT_ID);
         ClientRepresentation client = clientResource.toRepresentation();
         try {
@@ -455,13 +452,10 @@ public class JavascriptAdapterTest extends AbstractJavascriptTest {
                 // Possibility of 0 and 401 is caused by this issue: https://issues.redhat.com/browse/KEYCLOAK-12686
                 .sendXMLHttpRequest(request, response -> assertThat(response, hasEntry(is("status"), anyOf(is(0L), is(401L)))))
                 .refresh();
-        if (!"phantomjs".equals(System.getProperty("js.browser"))) {
-            // I have no idea why, but this request doesn't work with phantomjs, it works in chrome
-            testExecutor.logInAndInit(defaultArguments(), unauthorizedUser, this::assertInitAuth)
-                    .sendXMLHttpRequest(request, output -> assertThat(output, hasEntry("status", 403L)))
-                    .logout(this::assertOnTestAppUrl)
-                    .refresh();
-        }
+        testExecutor.logInAndInit(defaultArguments(), unauthorizedUser, this::assertInitAuth)
+                .sendXMLHttpRequest(request, output -> assertThat(output, hasEntry("status", 403L)))
+                .logout(this::assertOnTestAppUrl)
+                .refresh();
         testExecutor.logInAndInit(defaultArguments(), testUser, this::assertInitAuth)
                 .sendXMLHttpRequest(request, assertResponseStatus(200));
     }
@@ -711,10 +705,6 @@ public class JavascriptAdapterTest extends AbstractJavascriptTest {
 
     @Test
     public void spaceInRealmNameTest() {
-        // Unfortunately this test doesn't work on phantomjs
-        // it looks like phantomjs double encode %20 => %25%20
-        Assume.assumeTrue("This test doesn't work with phantomjs", !"phantomjs".equals(System.getProperty("js.browser")));
-
         try {
             adminClient.realm(REALM_NAME).update(RealmBuilder.edit(adminClient.realm(REALM_NAME).toRepresentation()).name(SPACE_REALM_NAME).build());
 
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/welcomepage/WelcomePageTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/welcomepage/WelcomePageTest.java
index 8b85457c28..f689959e60 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/welcomepage/WelcomePageTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/welcomepage/WelcomePageTest.java
@@ -33,7 +33,7 @@ import org.keycloak.testsuite.arquillian.annotation.RestartContainer;
 import org.keycloak.testsuite.auth.page.WelcomePage;
 import org.keycloak.testsuite.auth.page.login.OIDCLogin;
 import org.keycloak.testsuite.util.DroneUtils;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
 import java.net.InetAddress;
@@ -54,15 +54,15 @@ import static org.keycloak.testsuite.util.URLUtils.navigateToUri;
 public class WelcomePageTest extends AbstractKeycloakTest {
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Page
-    @PhantomJSBrowser
+    @HtmlUnitBrowser
     protected OIDCLogin loginPage;
 
     @Page
-    @PhantomJSBrowser
+    @HtmlUnitBrowser
     protected WelcomePage welcomePage;
 
     @Override
@@ -80,7 +80,7 @@ public class WelcomePageTest extends AbstractKeycloakTest {
         Assume.assumeThat("Test skipped",
                 suiteContext.getAuthServerInfo().isJBossBased(),
                 Matchers.is(true));
-        DroneUtils.replaceDefaultWebDriver(this, phantomJS);
+        DroneUtils.replaceDefaultWebDriver(this, htmlUnit);
         setDefaultPageUriParameters();
     }
 
@@ -150,8 +150,7 @@ public class WelcomePageTest extends AbstractKeycloakTest {
     public void test_5_AccessCreatedAdminAccount() throws Exception {
         welcomePage.navigateTo();
         welcomePage.navigateToAdminConsole();
-        // TODO PhantomJS is not loading the new admin console for some reason, so is not redirecting to the login page. It works with Chrome though.
-        Assert.assertEquals("Keycloak Administration Console", phantomJS.getTitle());
+        Assert.assertEquals("Keycloak Administration Console", htmlUnit.getTitle());
     }
 
     @Test
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/AbstractX509AuthenticationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/AbstractX509AuthenticationTest.java
index 5419181294..aff6c0e402 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/AbstractX509AuthenticationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/AbstractX509AuthenticationTest.java
@@ -18,6 +18,7 @@
 
 package org.keycloak.testsuite.x509;
 
+import jakarta.ws.rs.core.Response;
 import org.hamcrest.Matchers;
 import org.jboss.arquillian.graphene.page.Page;
 import org.jboss.logging.Logger;
@@ -62,14 +63,14 @@ import org.keycloak.testsuite.util.AdminEventPaths;
 import org.keycloak.testsuite.util.AssertAdminEvents;
 import org.keycloak.testsuite.util.ClientBuilder;
 import org.keycloak.testsuite.util.DroneUtils;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.keycloak.testsuite.util.RealmBuilder;
 import org.keycloak.testsuite.util.UserBuilder;
 import org.keycloak.testsuite.util.WaitUtils;
 import org.keycloak.userprofile.UserProfileConstants;
+import org.keycloak.utils.StringUtil;
 import org.openqa.selenium.WebDriver;
 
-import jakarta.ws.rs.core.Response;
 import java.lang.reflect.Field;
 import java.net.URI;
 import java.util.ArrayList;
@@ -90,7 +91,11 @@ import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorC
 import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.SUBJECTDN;
 import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.SUBJECTDN_CN;
 import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType.SUBJECTDN_EMAIL;
+import static org.keycloak.testsuite.drone.KeycloakDronePostSetup.HTML_UNIT_SSL_KEYSTORE_PASSWORD_PROP;
+import static org.keycloak.testsuite.drone.KeycloakDronePostSetup.HTML_UNIT_SSL_KEYSTORE_PROP;
+import static org.keycloak.testsuite.drone.KeycloakDronePostSetup.HTML_UNIT_SSL_KEYSTORE_TYPE_PROP;
 import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED;
+import static org.keycloak.utils.StringUtil.isBlank;
 
 /**
  * @author <a href="mailto:brat000012001@gmail.com">Peter Nalyvayko</a>
@@ -126,7 +131,7 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe
 
     protected AuthenticationExecutionInfoRepresentation directGrantExecution;
 
-    private static SetSystemProperty phantomjsCliArgs;
+    private static final List<SetSystemProperty> systemProperties = new ArrayList<>(10);
 
     @Rule
     public AssertEvents events = new AssertEvents(this);
@@ -135,15 +140,15 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe
     public AssertAdminEvents assertAdminEvents = new AssertAdminEvents(this);
 
     @Page
-    @PhantomJSBrowser
+    @HtmlUnitBrowser
     protected AppPage appPage;
 
     @Page
-    @PhantomJSBrowser
+    @HtmlUnitBrowser
     protected X509IdentityConfirmationPage loginConfirmationPage;
 
     @Page
-    @PhantomJSBrowser
+    @HtmlUnitBrowser
     protected LoginPage loginPage;
 
 
@@ -160,48 +165,31 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe
 
     @BeforeClass
     public static void onBeforeTestClass() {
-        configurePhantomJS("/ca.crt", "/client.crt", "/client.key", "password");
+        configureHtmlUnit("/client.p12");
     }
 
     @AfterClass
     public static void onAfterTestClass() {
-        phantomjsCliArgs.revert();
+        systemProperties.forEach(SetSystemProperty::revert);
     }
 
-    /**
-     * Setup phantom JS to be used for mutual TLS testing. All file paths are relative to "authServerHome"
-     *
-     * @param certificatesPath
-     * @param clientCertificateFile
-     * @param clientKeyFile
-     * @param clientKeyPassword
-     */
-    protected static void configurePhantomJS(String certificatesPath, String clientCertificateFile, String clientKeyFile, String clientKeyPassword) {
+    protected static void configureHtmlUnit(String keystore) {
+        configureHtmlUnit(keystore, "password", "pkcs12");
+    }
+
+    protected static void configureHtmlUnit(String keystore, String keystorePassword, String keystoreType) {
         String authServerHome = getAuthServerHome();
 
         if (authServerHome != null && System.getProperty("auth.server.ssl.required") != null) {
-            StringBuilder cliArgs = new StringBuilder();
-
-            cliArgs.append("--ignore-ssl-errors=true ");
-            cliArgs.append("--web-security=false ");
-            if (certificatesPath != null) {
-                cliArgs.append("--ssl-certificates-path=").append(authServerHome).append(certificatesPath).append(" ");
+            if (isBlank(keystore) || isBlank(keystorePassword) || isBlank(keystoreType)) {
+                throw new IllegalArgumentException("You need to specify keystore name, password, and type.");
             }
-            if (clientCertificateFile != null) {
-                cliArgs.append("--ssl-client-certificate-file=").append(authServerHome).append(clientCertificateFile).append(" ");
-            }
-            if (clientKeyFile != null) {
-                cliArgs.append("--ssl-client-key-file=").append(authServerHome).append(clientKeyFile).append(" ");
-            }
-            if (clientKeyPassword != null) {
-                cliArgs.append("--ssl-client-key-passphrase=").append(clientKeyPassword).append(" ");
-            }
-
-            phantomjsCliArgs = new SetSystemProperty("keycloak.phantomjs.cli.args", cliArgs.toString());
+            systemProperties.add(new SetSystemProperty(HTML_UNIT_SSL_KEYSTORE_PROP, authServerHome + keystore));
+            systemProperties.add(new SetSystemProperty(HTML_UNIT_SSL_KEYSTORE_PASSWORD_PROP, keystorePassword));
+            systemProperties.add(new SetSystemProperty(HTML_UNIT_SSL_KEYSTORE_TYPE_PROP, keystoreType));
         }
     }
 
-
     private static boolean isAuthServerJBoss() {
         return Boolean.parseBoolean(System.getProperty("auth.server.jboss"));
     }
@@ -219,6 +207,10 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe
             authServerHome = authServerHome + "/standalone/configuration";
         }
 
+        if (AuthServerTestEnricher.isAuthServerQuarkus()) {
+            authServerHome = authServerHome + "/conf";
+        }
+
         return authServerHome;
     }
 
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserCRLTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserCRLTest.java
index 5020646f95..0eb9efe039 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserCRLTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserCRLTest.java
@@ -29,7 +29,7 @@ import org.keycloak.models.Constants;
 import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
 import org.keycloak.testsuite.pages.AppPage;
 import org.keycloak.testsuite.util.ContainerAssume;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
 import static org.hamcrest.Matchers.containsString;
@@ -46,13 +46,13 @@ public class X509BrowserCRLTest extends AbstractX509AuthenticationTest {
     public static CRLRule crlRule = new CRLRule();
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlUnit);
     }
 
 
@@ -176,6 +176,9 @@ public class X509BrowserCRLTest extends AbstractX509AuthenticationTest {
 
     @Test
     public void loginWithMultipleRevocationListsUsingInvalidCert() {
+        // not sure why it is failing on Undertow - works with Quarkus
+        ContainerAssume.assumeNotAuthServerUndertow();
+
         X509AuthenticatorConfigModel config =
                 new X509AuthenticatorConfigModel()
                         .setCRLEnabled(true)
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginIssuerDnTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginIssuerDnTest.java
index 5e9d62b796..d3eeafc585 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginIssuerDnTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginIssuerDnTest.java
@@ -27,10 +27,9 @@ import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.keycloak.representations.idm.UserRepresentation;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
-
 /**
  * @author Sebastian Loesch
  * @date 02/14/2019
@@ -39,12 +38,12 @@ import org.openqa.selenium.WebDriver;
 public class X509BrowserLoginIssuerDnTest extends AbstractX509AuthenticationTest {
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlUnit);
     }
 
     @BeforeClass
@@ -59,8 +58,7 @@ public class X509BrowserLoginIssuerDnTest extends AbstractX509AuthenticationTest
 
     @BeforeClass
     public static void onBeforeTestClass() {
-        configurePhantomJS("/ca.crt", "/certs/clients/test-user-san@localhost.cert.pem",
-                           "/certs/clients/test-user@localhost.key.pem", "password");
+        configureHtmlUnit("/certs/clients/test-user-san-cert-test-user-key@localhost.p12");
     }
 
     private String setup(boolean canonicalDnEnabled) throws Exception {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginSubjectAltNameTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginSubjectAltNameTest.java
index 8be212dced..f1795e551c 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginSubjectAltNameTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginSubjectAltNameTest.java
@@ -20,8 +20,9 @@ package org.keycloak.testsuite.x509;
 import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.junit.Before;
 import org.junit.BeforeClass;
+import org.junit.Ignore;
 import org.junit.Test;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
 /**
@@ -33,18 +34,17 @@ import org.openqa.selenium.WebDriver;
 public class X509BrowserLoginSubjectAltNameTest extends AbstractX509AuthenticationTest {
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlUnit);
     }
 
     @BeforeClass
     public static void onBeforeTestClass() {
-        configurePhantomJS("/ca.crt", "/certs/clients/test-user-san@localhost.cert.pem",
-                "/certs/clients/test-user@localhost.key.pem", "password");
+        configureHtmlUnit("/certs/clients/test-user-san-cert-test-user-key@localhost.p12");
     }
 
     @Test
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginSubjectDnTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginSubjectDnTest.java
index 7d95c66ef1..be196b018f 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginSubjectDnTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginSubjectDnTest.java
@@ -17,17 +17,12 @@
 
 package org.keycloak.testsuite.x509;
 
-import java.security.NoSuchProviderException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-
 import org.jboss.arquillian.drone.api.annotation.Drone;
-import org.junit.Assume;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.keycloak.representations.idm.UserRepresentation;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
 /**
@@ -38,28 +33,17 @@ import org.openqa.selenium.WebDriver;
 public class X509BrowserLoginSubjectDnTest extends AbstractX509AuthenticationTest {
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
-    }
-
-    @BeforeClass
-    public static void checkAssumption() {
-        try {
-            CertificateFactory.getInstance("X.509", "SUN");
-        }
-        catch (CertificateException | NoSuchProviderException e) {
-            Assume.assumeNoException("Test assumes the SUN security provider", e);
-        }
+        replaceDefaultWebDriver(htmlUnit);
     }
 
     @BeforeClass
     public static void onBeforeTestClass() {
-        configurePhantomJS("/ca.crt", "/certs/clients/test-user-san@localhost.cert.pem",
-                           "/certs/clients/test-user@localhost.key.pem", "password");
+        configureHtmlUnit("/certs/clients/test-user-san-cert-test-user-key@localhost.p12");
     }
 
     private String setup(boolean canonicalDnEnabled) throws Exception {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginTest.java
index 5f99432da6..470e04add0 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserLoginTest.java
@@ -20,7 +20,7 @@ package org.keycloak.testsuite.x509;
 
 import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.keycloak.testsuite.AssertEvents;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
@@ -58,18 +58,15 @@ import org.openqa.selenium.WebDriver;
 
 public class X509BrowserLoginTest extends AbstractX509AuthenticationTest {
 
-
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
-
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlUnit);
     }
 
-
     @Test
     public void loginAsUserFromCertSubjectEmail() throws Exception {
         // Login using an e-mail extracted from certificate's subject DN
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509DirectGrantTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509DirectGrantTest.java
index 5e43eb90e8..0b03444d70 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509DirectGrantTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509DirectGrantTest.java
@@ -20,7 +20,6 @@ package org.keycloak.testsuite.x509;
 
 import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.junit.Assert;
-import org.junit.Assume;
 import org.junit.Before;
 import org.junit.Ignore;
 import org.junit.Test;
@@ -32,11 +31,10 @@ import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.RefreshToken;
 import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
-import org.keycloak.sessions.AuthenticationSessionProvider;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.util.ContainerAssume;
 import org.keycloak.testsuite.util.OAuthClient;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
 import jakarta.ws.rs.core.Response;
@@ -58,12 +56,12 @@ import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorC
 public class X509DirectGrantTest extends AbstractX509AuthenticationTest {
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlUnit);
     }
 
     @Test
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509OCSPResponderFailOpenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509OCSPResponderFailOpenTest.java
index 1c266fe633..4f5d48f97f 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509OCSPResponderFailOpenTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509OCSPResponderFailOpenTest.java
@@ -14,7 +14,7 @@ import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel;
 import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
 import org.keycloak.testsuite.util.OAuthClient;
@@ -35,12 +35,12 @@ public class X509OCSPResponderFailOpenTest extends AbstractX509AuthenticationTes
     private Undertow ocspResponder;
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlUnit);
     }
 
     @Test
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509OCSPResponderSpecificCertTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509OCSPResponderSpecificCertTest.java
index 084c9ef618..c7e5f54208 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509OCSPResponderSpecificCertTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509OCSPResponderSpecificCertTest.java
@@ -37,7 +37,7 @@ import static org.keycloak.authentication.authenticators.x509.X509AuthenticatorC
 
 import io.undertow.Undertow;
 import io.undertow.server.handlers.BlockingHandler;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
 /**
@@ -58,12 +58,12 @@ public class X509OCSPResponderSpecificCertTest extends AbstractX509Authenticatio
     private Undertow ocspResponder;
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlUnit);
     }
 
     @Test
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509OCSPResponderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509OCSPResponderTest.java
index 36018d3eb2..a2bfbb252a 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509OCSPResponderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509OCSPResponderTest.java
@@ -44,7 +44,7 @@ import java.nio.file.Paths;
 import java.util.function.Supplier;
 import org.apache.commons.io.IOUtils;
 import org.apache.http.impl.client.CloseableHttpClient;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
 /**
@@ -65,12 +65,12 @@ public class X509OCSPResponderTest extends AbstractX509AuthenticationTest {
     private Undertow ocspResponder;
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlUnit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlUnit);
     }
 
     @Test
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509SingleCertificateBrowserCRLTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509SingleCertificateBrowserCRLTest.java
index b3678145ee..73bc8053c7 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509SingleCertificateBrowserCRLTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509SingleCertificateBrowserCRLTest.java
@@ -24,7 +24,7 @@ import org.junit.Test;
 import org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel;
 import org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.IdentityMapperType;
 import org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel.MappingSourceType;
-import org.keycloak.testsuite.util.PhantomJSBrowser;
+import org.keycloak.testsuite.util.HtmlUnitBrowser;
 import org.openqa.selenium.WebDriver;
 
 /**
@@ -37,18 +37,18 @@ public class X509SingleCertificateBrowserCRLTest extends AbstractX509Authenticat
     public static CRLRule crlRule = new CRLRule();
 
     @Drone
-    @PhantomJSBrowser
-    private WebDriver phantomJS;
+    @HtmlUnitBrowser
+    private WebDriver htmlunit;
 
     @Before
     public void replaceTheDefaultDriver() {
-        replaceDefaultWebDriver(phantomJS);
+        replaceDefaultWebDriver(htmlunit);
     }
 
     @BeforeClass
     public static void onBeforeTestClass() {
         // configure single certificate without CA cert
-        configurePhantomJS(null, "/client-ca.crt", "/client-ca.key", "password");
+        configureHtmlUnit("/client-ca.jks", "secret", "jks");
     }
 
     @Test
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
index 1b201f2f7c..cb3d8df584 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
@@ -91,9 +91,10 @@
         <property name="chromeDriverVersion">${chromeDriverVersion}</property>
     </extension>
 
-    <extension qualifier="webdriver-phantomjsbrowser">
-        <property name="browser">phantomjs</property>
-        <property name="downloadBinaries">${webdriverDownloadBinaries}</property>
+    <extension qualifier="webdriver-htmlunitbrowser">
+        <property name="browser">htmlunit</property>
+        <property name="htmlUnit.version">${htmlUnitBrowserVersion}</property>
+        <property name="htmlUnitWebClientOptions">cssEnabled=false;historyPageCacheLimit=1</property>
     </extension>
 
     <extension qualifier="graphene-secondbrowser">
diff --git a/testsuite/integration-arquillian/tests/pom.xml b/testsuite/integration-arquillian/tests/pom.xml
index 5f55c476fe..d220bc4729 100644
--- a/testsuite/integration-arquillian/tests/pom.xml
+++ b/testsuite/integration-arquillian/tests/pom.xml
@@ -290,7 +290,7 @@
                                         <outputDirectory>${containers.home}/auth-server-undertow</outputDirectory>
                                     </artifactItem>
                                 </artifactItems>
-                                <includes>*.jks,*.crt,*.truststore,*.crl,*.key,certs/clients/*</includes>
+                                <includes>*.jks,*.p12,*.crt,*.truststore,*.crl,*.key,certs/clients/*</includes>
                                 <skip>${auth.server.undertow.skip.unpack}</skip>
                             </configuration>
                         </execution>
@@ -1626,11 +1626,6 @@
                     <groupId>org.jboss.arquillian.protocol</groupId>
                     <artifactId>arquillian-protocol-servlet</artifactId>
                 </dependency>
-                <dependency>
-                    <groupId>org.jboss.arquillian.extension</groupId>
-                    <artifactId>arquillian-phantom-driver</artifactId>
-                    <version>1.2.1.Final</version>
-                </dependency>
                 <dependency>
                     <groupId>org.jboss.arquillian.graphene</groupId>
                     <artifactId>arquillian-browser-screenshooter</artifactId>