From 80ba42a0b41c3f6e3afa0523899b72655e59774d Mon Sep 17 00:00:00 2001 From: Hynek Mlnarik Date: Wed, 15 Mar 2023 08:44:21 +0100 Subject: [PATCH] Tests: Determine IDs from Keycloak Instead of assuming that the ID of created objects is honored, the tests are rewritten in the way which obtains the ID from the created objects. This is to account for storages where ID is not necessarily an UUID and cannot be thus prescribed. Closes: #19814 --- .../testsuite/admin/AdminClientTest.java | 24 ++++++++---- .../event/AdminEventAuthDetailsTest.java | 9 +++++ .../testsuite/admin/group/GroupTest.java | 12 +++--- .../authz/AbstractResourceServerTest.java | 9 +++++ .../testsuite/authz/EntitlementAPITest.java | 4 +- .../authz/UserManagedAccessTest.java | 12 +++--- .../keycloak/testsuite/client/CIBATest.java | 11 ++++-- .../testsuite/client/FAPICIBATest.java | 2 +- .../keycloak/testsuite/forms/LoginTest.java | 11 ++++-- .../forms/ScriptAuthenticatorTest.java | 15 ++++++-- .../testsuite/forms/VerifyProfileTest.java | 25 ++++++------- .../oauth/ClientAuthSignedJWTTest.java | 25 ++++++++----- .../testsuite/oauth/OfflineTokenTest.java | 7 +++- ...urceOwnerPasswordCredentialsGrantTest.java | 13 ++++--- .../testsuite/oauth/ServiceAccountTest.java | 37 +++++++++++-------- .../oauth/ServiceAccountUserProfileTest.java | 9 ++++- .../keycloak/testsuite/oauth/hok/HoKTest.java | 2 +- .../oauth/rar/AbstractRARParserTest.java | 7 +++- .../keycloak/testsuite/oidc/AudienceTest.java | 10 ++++- .../testsuite/oidc/OIDCDynamicScopeTest.java | 10 ++++- .../testsuite/oidc/OIDCScopeTest.java | 10 ++++- .../x509/AbstractX509AuthenticationTest.java | 8 +++- 22 files changed, 183 insertions(+), 89 deletions(-) diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminClientTest.java index 4130a53940..7141cef9ad 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminClientTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminClientTest.java @@ -43,6 +43,7 @@ import org.keycloak.testsuite.util.ClientBuilder; import org.keycloak.testsuite.util.ClientScopeBuilder; import org.keycloak.testsuite.util.RealmBuilder; import org.keycloak.testsuite.util.UserBuilder; +import java.util.Objects; /** * Test for the various "Advanced" scenarios of java admin-client @@ -78,11 +79,9 @@ public class AdminClientTest extends AbstractKeycloakTest { RealmBuilder realm = RealmBuilder.create().name(realmName) .testEventListener(); - clientUUID = KeycloakModelUtils.generateId(); clientId = "service-account-cl"; clientSecret = "secret1"; ClientRepresentation enabledAppWithSkipRefreshToken = ClientBuilder.create() - .id(clientUUID) .clientId(clientId) .secret(clientSecret) .serviceAccountsEnabled(true) @@ -92,7 +91,6 @@ public class AdminClientTest extends AbstractKeycloakTest { userId = KeycloakModelUtils.generateId(); userName = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + enabledAppWithSkipRefreshToken.getClientId(); UserBuilder serviceAccountUser = UserBuilder.create() - .id(userId) .username(userName) .serviceAccountId(enabledAppWithSkipRefreshToken.getClientId()) .role(Constants.REALM_MANAGEMENT_CLIENT_ID, AdminRoles.REALM_ADMIN); @@ -108,6 +106,15 @@ public class AdminClientTest extends AbstractKeycloakTest { testRealms.add(realm.build()); } + @Override + public void importRealm(RealmRepresentation realm) { + super.importRealm(realm); + if (Objects.equals(realm.getRealm(), realmName)) { + clientUUID = adminClient.realm(realmName).clients().findByClientId(clientId).get(0).getId(); + userId = adminClient.realm(realmName).users().searchByUsername(userName, true).get(0).getId(); + } + } + @Test public void clientCredentialsAuthSuccess() throws Exception { try (Keycloak adminClient = AdminClientUtil.createAdminClientWithClientCredentials(realmName, clientId, clientSecret, null)) { @@ -173,8 +180,7 @@ public class AdminClientTest extends AbstractKeycloakTest { // we need to create custom scope after import, otherwise the default scopes are missing. final String scopeName = "myScope"; - final String scopeId = KeycloakModelUtils.generateId(); - createScope(testRealm, scopeName, scopeId); + String scopeId = createScope(testRealm, scopeName, KeycloakModelUtils.generateId()); testRealm.clients().get(clientUUID).addOptionalClientScope(scopeId); // with scope @@ -198,11 +204,13 @@ public class AdminClientTest extends AbstractKeycloakTest { client.update(clientRep); } - private void createScope(RealmResource testRealm, String scopeName, String scopeId) { + private String createScope(RealmResource testRealm, String scopeName, String scopeId) { final ClientScopeRepresentation testScope = ClientScopeBuilder.create().name(scopeName).protocol("openid-connect").build(); testScope.setId(scopeId); - final Response scope = testRealm.clientScopes().create(testScope); - Assert.assertEquals(201, scope.getStatus()); + try (Response response = testRealm.clientScopes().create(testScope)) { + Assert.assertEquals(201, response.getStatus()); + return ApiUtil.getCreatedId(response); + } } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventAuthDetailsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventAuthDetailsTest.java index babcdcba6d..9e66515ab3 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventAuthDetailsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/event/AdminEventAuthDetailsTest.java @@ -88,6 +88,15 @@ public class AdminEventAuthDetailsTest extends AbstractAuthTest { testRealms.add(realm.build()); } + @Override + public void importTestRealms() { + super.importTestRealms(); + client1Uuid = adminClient.realm("test").clients().findByClientId("client1").get(0).getId(); + admin1Id = adminClient.realm("test").users().search("admin1", true).get(0).getId(); + admin2Id = adminClient.realm("test").users().search("admin2", true).get(0).getId(); + appUserId = adminClient.realm("test").users().search("app-user", true).get(0).getId(); + } + @Before public void initConfig() { RealmResource masterRealm = adminClient.realm(MASTER); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java index 03bc270ad5..e424a6cf50 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/group/GroupTest.java @@ -80,6 +80,7 @@ import static org.junit.Assert.assertTrue; import org.keycloak.admin.client.Keycloak; import org.keycloak.models.AdminRoles; +import org.keycloak.models.GroupModel; import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.RealmModel; import org.keycloak.models.utils.KeycloakModelUtils; @@ -278,18 +279,19 @@ public class GroupTest extends AbstractGroupTest { @Test @UncaughtServerErrorExpected public void doNotAllowSameGroupNameAtTopLevelInDatabase() throws Exception { - final String id = KeycloakModelUtils.generateId(); - testingClient.server().run(session -> { + final String id = testingClient.server().fetch(session -> { RealmModel realm = session.realms().getRealmByName("test"); - realm.createGroup(id, "test-group"); - }); + GroupModel g = realm.createGroup("test-group"); + return g.getId(); + }, String.class); getCleanup().addGroupId(id); // unique key should work even in top groups expectedException.expect(RunOnServerException.class); expectedException.expectMessage(ModelDuplicateException.class.getName()); testingClient.server().run(session -> { RealmModel realm = session.realms().getRealmByName("test"); - realm.createGroup("test-group"); + GroupModel g = realm.createGroup("test-group"); + realm.removeGroup(g); }); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractResourceServerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractResourceServerTest.java index 5288401491..e5d670fa99 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractResourceServerTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AbstractResourceServerTest.java @@ -52,6 +52,8 @@ import org.keycloak.testsuite.util.UserBuilder; public abstract class AbstractResourceServerTest extends AbstractAuthzTest { protected static final String REALM_NAME = "authz-test"; + protected String martaId; + protected String koloId; @Override public void addTestRealms(List testRealms) { @@ -81,6 +83,13 @@ public abstract class AbstractResourceServerTest extends AbstractAuthzTest { .build()); } + @Override + public void importTestRealms() { + super.importTestRealms(); + koloId = adminClient.realm(REALM_NAME).users().search("kolo", true).get(0).getId(); + martaId = adminClient.realm(REALM_NAME).users().search("marta", true).get(0).getId(); + } + protected AuthorizationResponse authorize(String resourceName, String[] scopeNames, String claimToken) { return authorize(null, null, resourceName, scopeNames, null, null, claimToken); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java index c8ebb3c51d..49b194ead3 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/EntitlementAPITest.java @@ -586,6 +586,7 @@ public class EntitlementAPITest extends AbstractAuthzTest { request.addPermission("Sensortest", "sensors:view"); getTestContext().getTestingClient().testing().clearEventQueue(); + AccessToken at = toAccessToken(accessToken); try { authzClient.authorization(accessToken).authorize(request); @@ -595,11 +596,12 @@ public class EntitlementAPITest extends AbstractAuthzTest { assertTrue(HttpResponseException.class.cast(expected.getCause()).toString().contains("invalid_resource")); } + events.expect(EventType.PERMISSION_TOKEN_ERROR).realm(getRealm().toRepresentation().getId()).client(RESOURCE_SERVER_TEST) .session((String) null) .error("invalid_request") .detail("reason", "Resource with id [Sensortest] does not exist.") - .user(isUUID()) + .user(at.getSubject()) .assertEvent(); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedAccessTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedAccessTest.java index 75509179f0..d0dc6276e2 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedAccessTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedAccessTest.java @@ -319,14 +319,14 @@ public class UserManagedAccessTest extends AbstractResourceServerTest { String realmId = getRealm().toRepresentation().getId(); String clientId = client.toRepresentation().getClientId(); events.expectLogin().realm(realmId).client(clientId) - .user(isUUID()) + .user(koloId) .clearDetails() .assertEvent(); events.expectLogin().realm(realmId).client(clientId) - .user(isUUID()) + .user(koloId) .clearDetails() .assertEvent(); - events.expect(EventType.PERMISSION_TOKEN_ERROR).realm(realmId).client(clientId).user(isUUID()) + events.expect(EventType.PERMISSION_TOKEN_ERROR).realm(realmId).client(clientId).user(koloId) .session((String) null) .error("access_denied") .detail("reason", "request_submitted") @@ -375,14 +375,14 @@ public class UserManagedAccessTest extends AbstractResourceServerTest { assertTrue(permissions.isEmpty()); events.expectLogin().realm(realmId).client(clientId) - .user(isUUID()) + .user(koloId) .clearDetails() .assertEvent(); events.expectLogin().realm(realmId).client(clientId) - .user(isUUID()) + .user(koloId) .clearDetails() .assertEvent(); - events.expect(EventType.PERMISSION_TOKEN).realm(realmId).client(clientId).user(isUUID()) + events.expect(EventType.PERMISSION_TOKEN).realm(realmId).client(clientId).user(koloId) .session((String) null) .clearDetails() .assertEvent(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/CIBATest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/CIBATest.java index 8e6cea0997..2e4cbb11a6 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/CIBATest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/CIBATest.java @@ -2704,11 +2704,12 @@ public class CIBATest extends AbstractClientPoliciesTest { private void verifyBackchannelAuthenticationTokenRequest(OAuthClient.AccessTokenResponse tokenRes, String clientId, String username) { assertThat(tokenRes.getStatusCode(), is(equalTo(200))); - EventRepresentation event = events.expectAuthReqIdToToken(null, null).clearDetails().user(AssertEvents.isUUID()).client(clientId).assertEvent(); AccessToken accessToken = oauth.verifyToken(tokenRes.getAccessToken()); assertThat(accessToken.getIssuedFor(), is(equalTo(clientId))); + EventRepresentation event = events.expectAuthReqIdToToken(null, null).clearDetails().user(accessToken.getSubject()).client(clientId).assertEvent(); + RefreshToken refreshToken = oauth.parseRefreshToken(tokenRes.getRefreshToken()); assertThat(refreshToken.getIssuedFor(), is(equalTo(clientId))); assertThat(refreshToken.getAudience()[0], is(equalTo(refreshToken.getIssuer()))); @@ -2778,7 +2779,7 @@ public class CIBATest extends AbstractClientPoliciesTest { assertThat(idToken.getAudience()[0], is(equalTo(idToken.getIssuedFor()))); checkTokenExpiration(idToken, tokenRes.getExpiresIn()); - events.expectRefresh(tokenRes.getRefreshToken(), sessionId).session(CoreMatchers.notNullValue(String.class)).user(AssertEvents.isUUID()).clearDetails().assertEvent(); + events.expectRefresh(tokenRes.getRefreshToken(), sessionId).session(CoreMatchers.notNullValue(String.class)).user(accessToken.getSubject()).clearDetails().assertEvent(); return tokenRes; } @@ -2808,7 +2809,8 @@ public class CIBATest extends AbstractClientPoliciesTest { if (isOfflineAccess) assertThat(tokenRes.getErrorDescription(), is(equalTo("Offline user session not found"))); else assertThat(tokenRes.getErrorDescription(), is(equalTo("Session not active"))); - return events.expectLogout(sessionId).client(TEST_CLIENT_NAME).user(AssertEvents.isUUID()).session(AssertEvents.isUUID()).clearDetails().assertEvent(); + RefreshToken rt = oauth.parseRefreshToken(refreshToken); + return events.expectLogout(sessionId).client(TEST_CLIENT_NAME).user(rt.getSubject()).session(AssertEvents.isUUID()).clearDetails().assertEvent(); } private EventRepresentation doTokenRevokeByRefreshToken(String refreshToken, String sessionId, String userId, boolean isOfflineAccess) throws IOException { @@ -2823,7 +2825,8 @@ public class CIBATest extends AbstractClientPoliciesTest { if (isOfflineAccess) assertThat(tokenRes.getErrorDescription(), is(equalTo("Offline user session not found"))); else assertThat(tokenRes.getErrorDescription(), is(equalTo("Session not active"))); - return events.expect(EventType.REVOKE_GRANT).clearDetails().client(TEST_CLIENT_NAME).user(AssertEvents.isUUID()).assertEvent(); + RefreshToken rt = oauth.parseRefreshToken(refreshToken); + return events.expect(EventType.REVOKE_GRANT).clearDetails().client(TEST_CLIENT_NAME).user(rt.getSubject()).assertEvent(); } private void testBackchannelAuthenticationFlow(boolean isOfflineAccess) throws Exception { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/FAPICIBATest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/FAPICIBATest.java index a466822276..4718ea381e 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/FAPICIBATest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/FAPICIBATest.java @@ -622,12 +622,12 @@ public class FAPICIBATest extends AbstractClientPoliciesTest { private void verifyBackchannelAuthenticationTokenRequest(OAuthClient.AccessTokenResponse tokenRes, String clientId, String username) { assertThat(tokenRes.getStatusCode(), is(equalTo(200))); - events.expectAuthReqIdToToken(null, null).clearDetails().user(AssertEvents.isUUID()).client(clientId).assertEvent(); AccessToken accessToken = oauth.verifyToken(tokenRes.getAccessToken()); assertThat(accessToken.getIssuedFor(), is(equalTo(clientId))); Assert.assertNotNull(accessToken.getCertConf().getCertThumbprint()); + events.expectAuthReqIdToToken(null, null).clearDetails().user(accessToken.getSubject()).client(clientId).assertEvent(); RefreshToken refreshToken = oauth.parseRefreshToken(tokenRes.getRefreshToken()); assertThat(refreshToken.getIssuedFor(), is(equalTo(clientId))); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java index acab543681..e429c17f70 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java @@ -101,22 +101,18 @@ public class LoginTest extends AbstractTestRealmKeycloakTest { @Override public void configureTestRealm(RealmRepresentation testRealm) { UserRepresentation user = UserBuilder.create() - .id(UUID.randomUUID().toString()) .username("login-test") .email("login@test.com") .enabled(true) .password("password") .build(); - userId = user.getId(); UserRepresentation user2 = UserBuilder.create() - .id(UUID.randomUUID().toString()) .username("login-test2") .email("login2@test.com") .enabled(true) .password("password") .build(); - user2Id = user2.getId(); UserRepresentation admin = UserBuilder.create() .username("admin") @@ -161,6 +157,13 @@ public class LoginTest extends AbstractTestRealmKeycloakTest { private static String user2Id; + @Override + public void importTestRealms() { + super.importTestRealms(); + userId = testRealm().users().search("login-test", Boolean.TRUE).get(0).getId(); + user2Id = testRealm().users().search("login-test2", Boolean.TRUE).get(0).getId(); + } + @Test public void testBrowserSecurityHeaders() { Client client = AdminClientUtil.createResteasyClient(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java index 4d0cf24005..63cd93950a 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java @@ -67,8 +67,8 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest { public AssertEvents events = new AssertEvents(this); private AuthenticationFlowRepresentation flow; - private final static String userId = UUID.randomUUID().toString(); - private final static String failId = UUID.randomUUID().toString(); + private static String userId; + private static String failId; public static final String EXECUTION_ID = "scriptAuth"; @@ -81,7 +81,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest { public void configureTestRealm(RealmRepresentation testRealm) { UserRepresentation failUser = UserBuilder.create() - .id(failId) + .id(UUID.randomUUID().toString()) .username("fail") .email("fail@test.com") .enabled(true) @@ -89,7 +89,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest { .build(); UserRepresentation okayUser = UserBuilder.create() - .id(userId) + .id(UUID.randomUUID().toString()) .username("user") .email("user@test.com") .enabled(true) @@ -101,6 +101,13 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest { .user(okayUser); } + @Override + public void importTestRealms() { + super.importTestRealms(); + userId = adminClient.realm("test").users().search("user", true).get(0).getId(); + failId = adminClient.realm("test").users().search("fail", true).get(0).getId(); + } + @Before public void configureFlows() throws Exception { String scriptFlow = "scriptBrowser"; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/VerifyProfileTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/VerifyProfileTest.java index 77c97afbfa..c103d85589 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/VerifyProfileTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/VerifyProfileTest.java @@ -107,25 +107,12 @@ public class VerifyProfileTest extends AbstractTestRealmKeycloakTest { enableDynamicUserProfile(testRealm); UserRepresentation user = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test").email("login@test.com").enabled(true).password("password").build(); - userId = user.getId(); - UserRepresentation user2 = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test2").email("login2@test.com").enabled(true).password("password").build(); - user2Id = user2.getId(); - UserRepresentation user3 = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test3").email("login3@test.com").enabled(true).password("password").lastName("ExistingLast").build(); - user3Id = user3.getId(); - UserRepresentation user4 = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test4").email("login4@test.com").enabled(true).password("password").lastName("ExistingLast").build(); - user4Id = user4.getId(); - UserRepresentation user5 = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test5").email("login5@test.com").enabled(true).password("password").firstName("ExistingFirst").lastName("ExistingLast").build(); - user5Id = user5.getId(); - UserRepresentation user6 = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-test6").email("login6@test.com").enabled(true).password("password").firstName("ExistingFirst").lastName("ExistingLast").build(); - user6Id = user6.getId(); - UserRepresentation userWithoutEmail = UserBuilder.create().id(UUID.randomUUID().toString()).username("login-nomail").enabled(true).password("password").firstName("NoMailFirst").lastName("NoMailLast").build(); - userWithoutEmailId = userWithoutEmail.getId(); RealmBuilder.edit(testRealm).user(user).user(user2).user(user3).user(user4).user(user5).user(user6).user(userWithoutEmail); @@ -151,6 +138,18 @@ public class VerifyProfileTest extends AbstractTestRealmKeycloakTest { client_scope_optional.setRedirectUris(Collections.singletonList("*")); } + @Override + public void importTestRealms() { + super.importTestRealms(); + userId = adminClient.realm("test").users().search("login-test", true).get(0).getId(); + user2Id = adminClient.realm("test").users().search("login-test2", true).get(0).getId(); + user3Id = adminClient.realm("test").users().search("login-test3", true).get(0).getId(); + user4Id = adminClient.realm("test").users().search("login-test4", true).get(0).getId(); + user5Id = adminClient.realm("test").users().search("login-test5", true).get(0).getId(); + user6Id = adminClient.realm("test").users().search("login-test6", true).get(0).getId(); + userWithoutEmailId = adminClient.realm("test").users().search("login-nomail", true).get(0).getId(); + } + @Rule public AssertEvents events = new AssertEvents(this); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java index a832a7cc23..900feccb1e 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java @@ -164,7 +164,6 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { .testEventListener(); app1 = ClientBuilder.create() - .id(KeycloakModelUtils.generateId()) .clientId("client1") .attribute(JWTClientAuthenticator.CERTIFICATE_ATTR, generatedKeystoreClient1.getCertificateInfo().getCertificate()) .attribute(OIDCConfigAttributes.USE_REFRESH_TOKEN_FOR_CLIENT_CREDENTIALS_GRANT, "true") @@ -175,7 +174,6 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { realmBuilder.client(app1); app2 = ClientBuilder.create() - .id(KeycloakModelUtils.generateId()) .clientId("client2") .directAccessGrants() .serviceAccountsEnabled(true) @@ -187,17 +185,13 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { realmBuilder.client(app2); defaultUser = UserBuilder.create() - .id(KeycloakModelUtils.generateId()) //.serviceAccountId(app1.getClientId()) .username("test-user@localhost") .password("password") .build(); realmBuilder.user(defaultUser); - client1SAUserId = KeycloakModelUtils.generateId(); - serviceAccountUser = UserBuilder.create() - .id(client1SAUserId) .username(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + app1.getClientId()) .serviceAccountId(app1.getClientId()) .build(); @@ -207,18 +201,29 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { testRealms.add(testRealm); } + @Override + public void importTestRealms() { + super.importTestRealms(); + app1 = adminClient.realm("test").clients().findByClientId("client1").get(0); + app2 = adminClient.realm("test").clients().findByClientId("client2").get(0); + defaultUser.setId(adminClient.realm("test").users().search("test-user@localhost", true).get(0).getId()); + client1SAUserId = adminClient.realm("test").users().search(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + app1.getClientId(), true).get(0).getId(); + serviceAccountUser.setId(client1SAUserId); + } + @Before public void recreateApp3() { app3 = ClientBuilder.create() - .id(KeycloakModelUtils.generateId()) .clientId("client3") .directAccessGrants() .authenticatorType(JWTClientAuthenticator.PROVIDER_ID) .build(); - Response resp = adminClient.realm("test").clients().create(app3); - getCleanup().addClientUuid(ApiUtil.getCreatedId(resp)); - resp.close(); + try (Response resp = adminClient.realm("test").clients().create(app3)) { + final String id = ApiUtil.getCreatedId(resp); + getCleanup().addClientUuid(id); + app3.setId(id); + } } // TEST SUCCESS diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java index 73c403df52..a6a17b4bee 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java @@ -143,7 +143,6 @@ public class OfflineTokenTest extends AbstractKeycloakTest { realm.client(app); - serviceAccountUserId = KeycloakModelUtils.generateId(); UserRepresentation serviceAccountUser = UserBuilder.create() .id(serviceAccountUserId) .addRoles("user", "offline_access") @@ -157,6 +156,12 @@ public class OfflineTokenTest extends AbstractKeycloakTest { } + @Override + public void importTestRealms() { + super.importTestRealms(); + serviceAccountUserId = adminClient.realm("test").users().search(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "offline-client", true).get(0).getId(); + } + @Test public void offlineTokenDisabledForClient() throws Exception { // Remove offline-access scope from client diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java index 33bc729fa2..0e0ec773a9 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java @@ -133,25 +133,20 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT .password("password"); realm.user(defaultUser); - userId = KeycloakModelUtils.generateId(); UserRepresentation user = UserBuilder.create() - .id(userId) .username("direct-login") .email("direct-login@localhost") .password("password") .build(); realm.user(user); - userId2 = KeycloakModelUtils.generateId(); UserRepresentation user2 = UserBuilder.create() - .id(userId2) .username("direct-login-otp") .password("password") .totpSecret("totpSecret") .build(); realm.user(user2); - userIdMultipleOTPs = KeycloakModelUtils.generateId(); UserBuilder userBuilderMultipleOTPs = UserBuilder.create() .id(userIdMultipleOTPs) .username("direct-login-multiple-otps") @@ -163,6 +158,14 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT testRealms.add(realm.build()); } + @Override + public void importTestRealms() { + super.importTestRealms(); + userIdMultipleOTPs = adminClient.realm("test").users().search("direct-login-multiple-otps", true).get(0).getId(); + userId = adminClient.realm("test").users().search("direct-login", true).get(0).getId(); + userId2 = adminClient.realm("test").users().search("direct-login-otp", true).get(0).getId(); + } + @Test public void grantAccessTokenUsername() throws Exception { int authSessionsBefore = getAuthenticationSessionsCount(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java index 9fdac23302..0eaec1b9d4 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java @@ -75,7 +75,8 @@ import static org.junit.Assert.assertThat; */ public class ServiceAccountTest extends AbstractKeycloakTest { - private static String userId; + private static String userIdClRefreshOn; + private static String userIdCl; private static String userName; @Rule @@ -137,11 +138,10 @@ public class ServiceAccountTest extends AbstractKeycloakTest { .username("test-user@localhost"); realm.user(defaultUser); - userId = KeycloakModelUtils.generateId(); userName = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + enabledApp.getClientId(); UserBuilder serviceAccountUser = UserBuilder.create() - .id(userId) + .id(KeycloakModelUtils.generateId()) .username(userName) .serviceAccountId(enabledApp.getClientId()); realm.user(serviceAccountUser); @@ -149,6 +149,13 @@ public class ServiceAccountTest extends AbstractKeycloakTest { testRealms.add(realm.build()); } + @Override + public void importTestRealms() { + super.importTestRealms(); + userIdClRefreshOn = adminClient.realm("test").users().search(userName, true).get(0).getId(); + userIdCl = adminClient.realm("test").users().search(ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl", true).get(0).getId(); + } + @Test public void clientCredentialsAuthSuccess() throws Exception { oauth.clientId("service-account-cl-refresh-on"); @@ -169,7 +176,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest { events.expectClientLogin() .client("service-account-cl-refresh-on") - .user(userId) + .user(userIdClRefreshOn) .session(accessToken.getSessionState()) .detail(Details.TOKEN_ID, accessToken.getId()) .detail(Details.REFRESH_TOKEN_ID, refreshToken.getId()) @@ -190,7 +197,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest { assertEquals(accessToken.getSessionState(), refreshedAccessToken.getSessionState()); assertEquals(accessToken.getSessionState(), refreshedRefreshToken.getSessionState()); - events.expectRefresh(refreshToken.getId(), refreshToken.getSessionState()).user(userId).client("service-account-cl-refresh-on").assertEvent(); + events.expectRefresh(refreshToken.getId(), refreshToken.getSessionState()).user(userIdClRefreshOn).client("service-account-cl-refresh-on").assertEvent(); } // This is for the backwards compatibility only. By default, there won't be refresh token and hence there won't be availability for the logout @@ -208,7 +215,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest { events.expectClientLogin() .client("service-account-cl-refresh-on") - .user(userId) + .user(userIdClRefreshOn) .session(accessToken.getSessionState()) .detail(Details.TOKEN_ID, accessToken.getId()) .detail(Details.REFRESH_TOKEN_ID, refreshToken.getId()) @@ -220,7 +227,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest { assertEquals(204, logoutResponse.getStatusLine().getStatusCode()); events.expectLogout(accessToken.getSessionState()) .client("service-account-cl-refresh-on") - .user(userId) + .user(userIdClRefreshOn) .removeDetail(Details.REDIRECT_URI) .assertEvent(); @@ -230,7 +237,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest { events.expectRefresh(refreshToken.getId(), refreshToken.getSessionState()) .client("service-account-cl-refresh-on") - .user(userId) + .user(userIdClRefreshOn) .removeDetail(Details.TOKEN_ID) .removeDetail(Details.UPDATED_REFRESH_TOKEN_ID) .error(Errors.INVALID_TOKEN).assertEvent(); @@ -293,7 +300,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest { // Username updated after client ID changed events.expectClientLogin() .client("updated-client") - .user(userId) + .user(userIdClRefreshOn) .session(accessToken.getSessionState()) .detail(Details.TOKEN_ID, accessToken.getId()) .detail(Details.USERNAME, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "updated-client") @@ -319,6 +326,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest { finally { ClientManager.realm(adminClient.realm("test")).clientId("service-account-cl").setServiceAccountsEnabled(true); UserRepresentation user = ClientManager.realm(adminClient.realm("test")).clientId("service-account-cl").getServiceAccountUser(); + userIdCl = user.getId(); } } @@ -329,7 +337,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest { @Test public void failManagePassword() { - UserResource serviceAccount = adminClient.realm("test").users().get(userId); + UserResource serviceAccount = adminClient.realm("test").users().get(userIdClRefreshOn); UserRepresentation representation = serviceAccount.toRepresentation(); CredentialRepresentation password = new CredentialRepresentation(); @@ -361,7 +369,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest { events.expect(EventType.REVOKE_GRANT) .client("service-account-cl") - .user(AssertEvents.isUUID()) + .user(userIdCl) .session(Matchers.isEmptyOrNullString()) .detail(Details.TOKEN_ID, accessToken.getId()) .assertEvent(); @@ -404,7 +412,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest { events.expectClientLogin() .client("service-account-cl") - .user(AssertEvents.isUUID()) + .user(userIdCl) .session(AssertEvents.isUUID()) .detail(Details.TOKEN_ID, accessToken.getId()) .detail(Details.USERNAME, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl") @@ -418,7 +426,6 @@ public class ServiceAccountTest extends AbstractKeycloakTest { Assert.assertTrue(getIntrospectionResponse("service-account-cl", "secret1", tokenString)); events.expect(EventType.INTROSPECT_TOKEN) .client("service-account-cl") - .user(AssertEvents.isUUID()) .user(Matchers.isEmptyOrNullString()) .session(Matchers.isEmptyOrNullString()) .assertEvent(); @@ -469,7 +476,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest { events.expectClientLogin() .client("service-account-cl-refresh-on") - .user(userId) + .user(userIdClRefreshOn) .session(accessToken.getSessionState()) .detail(Details.TOKEN_ID, accessToken.getId()) .detail(Details.REFRESH_TOKEN_ID, refreshToken.getId()) @@ -490,7 +497,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest { assertEquals(accessToken.getSessionState(), refreshedAccessToken.getSessionState()); assertEquals(accessToken.getSessionState(), refreshedRefreshToken.getSessionState()); - events.expectRefresh(refreshToken.getId(), refreshToken.getSessionState()).user(userId).client("service-account-cl-refresh-on").assertEvent(); + events.expectRefresh(refreshToken.getId(), refreshToken.getSessionState()).user(userIdClRefreshOn).client("service-account-cl-refresh-on").assertEvent(); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountUserProfileTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountUserProfileTest.java index 01daa9f909..aedb281ee0 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountUserProfileTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountUserProfileTest.java @@ -107,11 +107,10 @@ public class ServiceAccountUserProfileTest extends AbstractKeycloakTest { .username("test-user@localhost"); realm.user(defaultUser); - userId = KeycloakModelUtils.generateId(); userName = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + enabledApp.getClientId(); UserBuilder serviceAccountUser = UserBuilder.create() - .id(userId) + .id(KeycloakModelUtils.generateId()) .username(userName) .serviceAccountId(enabledApp.getClientId()); realm.user(serviceAccountUser); @@ -121,6 +120,12 @@ public class ServiceAccountUserProfileTest extends AbstractKeycloakTest { testRealms.add(realmRep); } + @Override + public void importTestRealms() { + super.importTestRealms(); + userId = adminClient.realm("test").users().search(userName, true).get(0).getId(); + } + @Test public void testDoNotUpdateUsername() { RealmResource test = adminClient.realm("test"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/hok/HoKTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/hok/HoKTest.java index 2539368190..1a74c93273 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/hok/HoKTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/hok/HoKTest.java @@ -428,7 +428,7 @@ public class HoKTest extends AbstractTestRealmKeycloakTest { assertEquals(1, refreshedToken.getResourceAccess(oauth.getClientId()).getRoles().size()); Assert.assertTrue(refreshedToken.getResourceAccess(oauth.getClientId()).isUserInRole("customer-user")); - EventRepresentation refreshEvent = events.expectRefresh(tokenEvent.getDetails().get(Details.REFRESH_TOKEN_ID), sessionId).user(AssertEvents.isUUID()).assertEvent(); + EventRepresentation refreshEvent = events.expectRefresh(tokenEvent.getDetails().get(Details.REFRESH_TOKEN_ID), sessionId).user(refreshToken.getSubject()).assertEvent(); Assert.assertNotEquals(tokenEvent.getDetails().get(Details.TOKEN_ID), refreshEvent.getDetails().get(Details.TOKEN_ID)); Assert.assertNotEquals(tokenEvent.getDetails().get(Details.REFRESH_TOKEN_ID), refreshEvent.getDetails().get(Details.UPDATED_REFRESH_TOKEN_ID)); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/rar/AbstractRARParserTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/rar/AbstractRARParserTest.java index 99ee0fd50e..cdfb6bd07a 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/rar/AbstractRARParserTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/rar/AbstractRARParserTest.java @@ -65,12 +65,17 @@ public abstract class AbstractRARParserTest extends AbstractTestRealmKeycloakTes .enabled(true) .password("password") .build(); - userId = user.getId(); RealmBuilder.edit(testRealm) .user(user); } + @Override + public void importTestRealms() { + super.importTestRealms(); + userId = adminClient.realm("test").users().search("rar-test", true).get(0).getId(); + } + @Before public void clientConfiguration() { ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AudienceTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AudienceTest.java index e2c665669a..694ae20c46 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AudienceTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AudienceTest.java @@ -48,7 +48,7 @@ import java.util.Collections; */ public class AudienceTest extends AbstractOIDCScopeTest { - private static final String userId = KeycloakModelUtils.generateId(); + private static String userId; @Override @@ -74,7 +74,7 @@ public class AudienceTest extends AbstractOIDCScopeTest { // Create sample user UserRepresentation user = UserBuilder.create() - .id(userId) + .id(KeycloakModelUtils.generateId()) .username("john") .enabled(true) .email("john@email.cz") @@ -88,6 +88,12 @@ public class AudienceTest extends AbstractOIDCScopeTest { testRealm.getUsers().add(user); } + @Override + public void importTestRealms() { + super.importTestRealms(); + userId = adminClient.realm("test").users().search("john", true).get(0).getId(); + } + @Before public void beforeTest() { // Check if already exists diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCDynamicScopeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCDynamicScopeTest.java index f273689e69..eb24124619 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCDynamicScopeTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCDynamicScopeTest.java @@ -55,13 +55,13 @@ import static org.keycloak.common.Profile.Feature.DYNAMIC_SCOPES; @EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true) public class OIDCDynamicScopeTest extends OIDCScopeTest { - private static String userId = KeycloakModelUtils.generateId(); + private static String userId; @Override public void configureTestRealm(RealmRepresentation testRealm) { super.configureTestRealm(testRealm); UserRepresentation user = UserBuilder.create() - .id(userId) + .id(KeycloakModelUtils.generateId()) .username("johnDynamic") .enabled(true) .email("johnDynamic@scopes.xyz") @@ -86,6 +86,12 @@ public class OIDCDynamicScopeTest extends OIDCScopeTest { testRealm.getRoles().getRealm().add(dynamicScopeRole); } + @Override + public void importTestRealms() { + super.importTestRealms(); + userId = adminClient.realm("test").users().search("john", true).get(0).getId(); + } + @Before public void assertDynamicScopesFeatureEnabled() { ProfileAssume.assumeFeatureEnabled(DYNAMIC_SCOPES); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCScopeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCScopeTest.java index 7d6bffff3b..752d1a9b44 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCScopeTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCScopeTest.java @@ -66,12 +66,12 @@ import static org.keycloak.testsuite.auth.page.AuthRealm.TEST; */ public class OIDCScopeTest extends AbstractOIDCScopeTest { - private static String userId = KeycloakModelUtils.generateId(); + private static String userId; @Override public void configureTestRealm(RealmRepresentation testRealm) { UserRepresentation user = UserBuilder.create() - .id(userId) + .id(KeycloakModelUtils.generateId()) .username("john") .enabled(true) .email("john@email.cz") @@ -148,6 +148,12 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest { testRealm.getUsers().add(user); } + @Override + public void importTestRealms() { + super.importTestRealms(); + userId = adminClient.realm("test").users().search("john", true).get(0).getId(); + } + @Before public void clientConfiguration() { ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/AbstractX509AuthenticationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/AbstractX509AuthenticationTest.java index 66911a3b45..56b0ecc177 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/AbstractX509AuthenticationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/AbstractX509AuthenticationTest.java @@ -297,8 +297,6 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe .addAttribute("x509_issuer_identity", "Keycloak Intermediate CA") .build(); - userId2 = user.getId(); - ClientRepresentation client = findTestApp(testRealm); URI baseUri = URI.create(client.getRedirectUris().get(0)); URI redir = URI.create("https://localhost:" + System.getProperty("auth.server.https.port", "8543") + baseUri.getRawPath()); @@ -312,6 +310,12 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe .client(app); } + @Override + public void importTestRealms() { + super.importTestRealms(); + userId2 = adminClient.realm("test").users().search("keycloak", true).get(0).getId(); + } + AuthenticationFlowRepresentation createFlow(AuthenticationFlowRepresentation flowRep) { Response response = authMgmtResource.createFlow(flowRep); try {