KEYCLOAK-6750 Adapt Tomcat adapter tests to new structure

adapters/oidc/fuse7/pom.xml

@@ -32,7 +32,7 @@
 
     <properties>
         <fuse7.version>7.0.1-SNAPSHOT</fuse7.version>
-        <tomcat.version>8.0.14</tomcat.version>
+        <tomcat.version>${tomcat8.version}</tomcat.version>
         <jetty9.version>9.4.2.v20170220</jetty9.version>
     </properties>
 

adapters/oidc/tomcat/tomcat7/pom.xml

@@ -30,7 +30,7 @@
 	<name>Keycloak Tomcat 7 Integration</name>
     <properties>
         <!--<tomcat.version>8.0.14</tomcat.version>-->
-        <tomcat.version>7.0.52</tomcat.version>
+        <tomcat.version>${tomcat7.version}</tomcat.version>
     </properties>
 	<description />
 

adapters/oidc/tomcat/tomcat8/pom.xml

@@ -32,7 +32,7 @@
         <maven.compiler.target>1.7</maven.compiler.target>
         <maven.compiler.source>1.7</maven.compiler.source>
 
-        <tomcat.version>8.0.14</tomcat.version>
+        <tomcat.version>${tomcat8.version}</tomcat.version>
     </properties>
     <description />
 

adapters/saml/tomcat/tomcat7/pom.xml

@@ -30,7 +30,7 @@
 	<name>Keycloak Tomcat 7 SAML Integration</name>
     <properties>
         <!--<tomcat.version>8.0.14</tomcat.version>-->
-        <tomcat.version>7.0.52</tomcat.version>
+        <tomcat.version>${tomcat7.version}</tomcat.version>
     </properties>
 	<description />
 

adapters/saml/tomcat/tomcat8/pom.xml

@@ -32,7 +32,7 @@
         <maven.compiler.target>1.7</maven.compiler.target>
         <maven.compiler.source>1.7</maven.compiler.source>
 
-        <tomcat.version>8.0.14</tomcat.version>
+        <tomcat.version>${tomcat8.version}</tomcat.version>
     </properties>
     <description />
 

pom.xml

@@ -150,6 +150,11 @@
 
         <!-- Surefire Settings -->
         <surefire.memory.settings>-Xms512m -Xmx2048m -XX:MetaspaceSize=96m -XX:MaxMetaspaceSize=256m</surefire.memory.settings>
+
+        <!-- Tomcat versions -->
+        <tomcat7.version>7.0.92</tomcat7.version>
+        <tomcat8.version>8.5.38</tomcat8.version>
+        <tomcat9.version>9.0.16</tomcat9.version>
     </properties>
 
     <url>http://keycloak.org</url>

testsuite/integration-arquillian/HOW-TO-RUN.md

@@ -96,7 +96,7 @@ Each version has its corresponding profile:
 
 Here's how to run the tests with Jetty `9.4`:
 
-    mvn -f testsuite/integration-arquillian/tests/base/pom.xml \
+    mvn -f testsuite/integration-arquillian/pom.xml \
         -Papp-server-jetty94 \
         -Dtest=org.keycloak.testsuite.adapter.**.*Test
 
@@ -108,6 +108,19 @@ Here's how to run the tests with Jetty `9.4`:
        -Papp-server-wildfly \
        -Dtest=org.keycloak.testsuite.adapter.**
        
+### Tomcat
+
+We run testsuite with Tomcat 7, 8 and 9. For specific versions see properties `${tomcat[7,8,9].version}` in parent [pom.xml](../../pom.xml). 
+
+To run tests on Tomcat:
+
+````
+mvn -f testsuite/integration-arquillian/pom.xml \
+       clean install \
+       -Papp-server-tomcat[7,8,9] \
+       -Dtest=org.keycloak.testsuite.adapter.**
+````
+       
 ### Wildfly with legacy non-elytron adapter
     
     mvn -f testsuite/integration-arquillian/pom.xml \

testsuite/integration-arquillian/README.md

@@ -175,7 +175,6 @@ integration-arquillian
       │
       ├──adapters         (common settings for all adapter test modules - will be moved into base)
       │  ├──jboss
-      │  ├──tomcat
       │  └──karaf
       │
       ├──console          

testsuite/integration-arquillian/pom.xml

@@ -64,6 +64,9 @@
         <arquillian-jetty9-container.version>1.0.0.CR3</arquillian-jetty9-container.version>
         <arquillian-container-karaf.version>2.2.0.Final</arquillian-container-karaf.version>
         <arquillian-infinispan-container.version>1.2.0.Beta2</arquillian-infinispan-container.version>
+        <arquillian-tomcat7-container-version>1.0.1.Final</arquillian-tomcat7-container-version>
+        <arquillian-tomcat8-container-version>1.0.1.Final</arquillian-tomcat8-container-version>
+        <arquillian-tomcat9-container-version>1.0.1.Final</arquillian-tomcat9-container-version>
         <undertow-embedded.version>1.0.0.Alpha2</undertow-embedded.version>
         <version.org.wildfly.extras.creaper>1.6.1</version.org.wildfly.extras.creaper>
         <testcontainers.version>1.5.1</testcontainers.version>

testsuite/integration-arquillian/servers/README.md

@@ -13,23 +13,23 @@ The artifacts are used by the Arquillian TestSuite.
 ### Auth Server
 
 - JBoss
- - Wildfly 10
+  - Wildfly 10
- - EAP 7
+  - EAP 7
 - Undertow
 
 
 ### App Server
 
 - JBoss
- - JBossAS 7
+  - JBossAS 7
- - Wildfly 8, 9, 10
+  - Wildfly 8, 9, 10
- - EAP 6, 7
+  - EAP 6, 7
- - Relative (Wildfly 10 / EAP 7)
+  - Relative (Wildfly 10 / EAP 7)
 - Karaf / Fuse
- - Karaf 3
+  - Karaf 3
- - Fuse 6.1, 6.2
+  - Fuse 6.1, 6.2
 - Tomcat
- - Tomcat 7, 8
+  - Tomcat 7, 8, 9
 
 
 ### Load Balancer

testsuite/integration-arquillian/servers/app-server/README.md

@@ -44,3 +44,4 @@ Submodules are enabled with profiles: `-Papp-server-MODULE`
 ### Modules
 * __`tomcat7` Tomcat 7__
 * __`tomcat8` Tomcat 8__
+* __`tomcat9` Tomcat 9__

testsuite/integration-arquillian/servers/app-server/tomcat/common/common-files/tomcat-users.xsl

@@ -26,7 +26,7 @@
     <xsl:template match="//*[local-name()='tomcat-users']">
         <xsl:copy>
             <xsl:apply-templates select="node()|@*"/>
-            <user username="manager" password="arquillian" roles="manager-script"/>
+            <user username="manager" password="arquillian" roles="manager-script,manager-gui"/>
         </xsl:copy>
     </xsl:template>
 

testsuite/integration-arquillian/servers/app-server/tomcat/common/pom.xml

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>integration-arquillian-servers-app-server-tomcat</artifactId>
+        <groupId>org.keycloak.testsuite</groupId>
+        <version>5.0.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>integration-arquillian-servers-app-server-tomcat-common</artifactId>
+    <name>App Server - Tomcat common classes</name>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.keycloak.testsuite</groupId>
+            <artifactId>integration-arquillian-servers-app-server-spi</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak.testsuite</groupId>
+            <artifactId>integration-arquillian-util</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+
+</project>

testsuite/integration-arquillian/servers/app-server/tomcat/common/src/main/java/org/keycloak/testsuite/adapter/servlet/TomcatConfigApplication.java

@@ -0,0 +1,12 @@
+package org.keycloak.testsuite.adapter.servlet;
+
+import javax.ws.rs.ApplicationPath;
+import javax.ws.rs.core.Application;
+
+/**
+ * Basic auth app.
+ */
+@ApplicationPath("/")
+public class TomcatConfigApplication extends Application {
+
+}

testsuite/integration-arquillian/servers/app-server/tomcat/common/src/main/java/org/keycloak/testsuite/arquillian/tomcat/container/AbstractTomcatAppServerProvider.java

@@ -0,0 +1,81 @@
+/*
+ * Copyright 2018 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.arquillian.tomcat.container;
+
+import org.jboss.arquillian.core.spi.Validate;
+import org.jboss.shrinkwrap.descriptor.spi.node.Node;
+import org.keycloak.testsuite.arquillian.container.AppServerContainerProvider;
+import org.keycloak.testsuite.utils.arquillian.tomcat.TomcatAppServerConfigurationUtils;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public abstract class AbstractTomcatAppServerProvider implements AppServerContainerProvider {
+
+    private final String catalinaHome;
+    private final String bindHttpPort;
+    private final String jmxPort;
+    private final String startupTimeoutInSeconds;
+    private final String USER = "manager";
+    private final String PASS = "arquillian";
+
+
+    public AbstractTomcatAppServerProvider() {
+        catalinaHome = System.getProperty("app.server.home");
+        bindHttpPort = determineHttpPort();
+        jmxPort = System.getProperty("app.server.management.port");
+        startupTimeoutInSeconds = System.getProperty("app.server.startup.timeout");
+
+        Validate.notNullOrEmpty(catalinaHome, "app.server.home is not set.");
+        Validate.notNullOrEmpty(bindHttpPort, "app.server.http.port is not set.");
+        Validate.notNullOrEmpty(jmxPort, "app.server.management.port is not set.");
+        Validate.notNullOrEmpty(startupTimeoutInSeconds, "app.server.startup.timeout is not set.");
+    }
+
+    protected abstract String getContainerClassName();
+
+    private String determineHttpPort() {
+        String httpPort = System.getProperty("app.server.http.port");
+
+        String portOffset = System.getProperty("app.server.port.offset", "0");
+        if (!portOffset.equals("0")) {
+            httpPort = String.valueOf(Integer.valueOf(httpPort) + Integer.valueOf(portOffset));
+        }
+
+        return httpPort;
+    }
+
+    @Override
+    public List<Node> getContainers() {
+        List<Node> containers = new ArrayList<>();
+
+        containers.add(standaloneContainer());
+
+        return containers;
+    }
+
+    private Node standaloneContainer() {
+        Node container = new Node("container");
+        container.attribute("mode", "manual");
+        container.attribute("qualifier", AppServerContainerProvider.APP_SERVER + "-" + getName());
+
+        return TomcatAppServerConfigurationUtils
+                .getStandaloneConfiguration(container, getContainerClassName(), catalinaHome,
+                        bindHttpPort, jmxPort, USER, PASS, startupTimeoutInSeconds);
+    }
+}

testsuite/integration-arquillian/servers/app-server/tomcat/common/src/main/java/org/keycloak/testsuite/arquillian/tomcat/container/CommonTomcatDeploymentArchiveProcessor.java

@@ -0,0 +1,78 @@
+/*
+ * Copyright 2018 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.arquillian.tomcat.container;
+
+import org.jboss.arquillian.container.test.spi.client.deployment.ApplicationArchiveProcessor;
+import org.jboss.arquillian.test.spi.TestClass;
+import org.jboss.logging.Logger;
+import org.jboss.shrinkwrap.api.Archive;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.keycloak.testsuite.adapter.servlet.TomcatConfigApplication;
+import org.keycloak.testsuite.utils.arquillian.DeploymentArchiveProcessorUtils;
+import org.keycloak.testsuite.utils.arquillian.tomcat.TomcatDeploymentArchiveProcessorUtils;
+
+public class CommonTomcatDeploymentArchiveProcessor implements ApplicationArchiveProcessor {
+
+    private final Logger log = Logger.getLogger(CommonTomcatDeploymentArchiveProcessor.class);
+
+    @Override
+    public void process(Archive<?> archive, TestClass testClass) {
+        if (DeploymentArchiveProcessorUtils.checkRunOnServerDeployment(archive)) return;
+
+        modifyOIDCAdapterConfig(archive, DeploymentArchiveProcessorUtils.ADAPTER_CONFIG_PATH);
+
+        DeploymentArchiveProcessorUtils.SAML_CONFIGS.forEach(path -> modifySAMLAdapterConfig(archive, path));
+
+        TomcatDeploymentArchiveProcessorUtils.copyWarClasspathFilesToCommonTomcatClasspath(archive);
+
+        // KEYCLOAK-9606 - might be unnecessary, however for now we need to test what is in docs
+        TomcatDeploymentArchiveProcessorUtils.replaceKEYCLOAKMethodWithBASIC(archive);
+
+        if (containsSAMLAdapterConfig(archive)) {
+            TomcatDeploymentArchiveProcessorUtils.replaceOIDCValveWithSAMLValve(archive);
+        }
+
+        if (TomcatDeploymentArchiveProcessorUtils.isJaxRSApp(archive)) {
+            TomcatDeploymentArchiveProcessorUtils.removeServletConfigurationInWebXML(archive);
+
+            if (!TomcatDeploymentArchiveProcessorUtils.containsApplicationConfigClass(archive)) {
+                ((WebArchive) archive).addClass(TomcatConfigApplication.class);
+            }
+        }
+    }
+
+    private boolean containsSAMLAdapterConfig(Archive<?> archive) {
+        return  DeploymentArchiveProcessorUtils.SAML_CONFIGS
+                .stream()
+                .anyMatch(archive::contains);
+    }
+
+    private void modifyOIDCAdapterConfig(Archive<?> archive, String adapterConfigPath) {
+        if (!archive.contains(adapterConfigPath)) return;
+
+        log.debug("Modifying adapter config " + adapterConfigPath + " in " + archive.getName());
+
+        DeploymentArchiveProcessorUtils.modifyOIDCAdapterConfig(archive, adapterConfigPath);
+    }
+
+    private void modifySAMLAdapterConfig(Archive<?> archive, String adapterConfigPath) {
+        if (!archive.contains(adapterConfigPath)) return;
+
+        log.debug("Modifying adapter config " + adapterConfigPath + " in " + archive.getName());
+        DeploymentArchiveProcessorUtils.modifySAMLAdapterConfig(archive, adapterConfigPath);
+    }
+}

testsuite/integration-arquillian/servers/app-server/tomcat/pom.xml

@@ -30,9 +30,20 @@
     <name>App Server - Tomcat</name>
 
     <properties>
-        <common.resources>${project.parent.basedir}/common</common.resources>
+        <common.resources>${project.parent.basedir}/common/common-files</common.resources>
         <assembly.xml>${project.parent.basedir}/assembly.xml</assembly.xml>
         <app.server.tomcat.home>${containers.home}/${app.server.tomcat.unpacked.folder.name}</app.server.tomcat.home>
+        <tomcat.resteasy.version>${resteasy.version}</tomcat.resteasy.version>
+        <skip.dependencies.for.tomcat7>true</skip.dependencies.for.tomcat7>
+        <skip.dependencies.for.tomcat8>true</skip.dependencies.for.tomcat8>
+
+        <tomcat.scannotation.version>1.0.3</tomcat.scannotation.version>
+        <tomcat.javassist.version>3.18.2-GA</tomcat.javassist.version>
+        <tomcat.javaee-api.version>7.0</tomcat.javaee-api.version>
+        <tomcat.org.glassfish.web.el-impl.version>2.2</tomcat.org.glassfish.web.el-impl.version>
+        <tomcat.reactive-streams.version>1.0.2</tomcat.reactive-streams.version>
+        <tomcat.javax.json.bind-api.version>1.0</tomcat.javax.json.bind-api.version>
+        <tomcat.validation-api.version>1.0.0.GA</tomcat.validation-api.version>
     </properties>
 
     <profiles>
@@ -40,7 +51,7 @@
             <id>app-server-tomcat-submodules</id>
             <activation>
                 <file>
-                    <exists>src</exists>
+                    <exists>src/tomcat-submodule</exists>
                 </file>
             </activation>    
             <build>
@@ -99,29 +110,98 @@
                                 </configuration>
                             </execution>
                             <execution>
-                                <id>libs-for-tomcat</id>
+                                <id>libs-for-tomcat-7</id>
                                 <phase>generate-test-resources</phase>
                                 <goals>
                                     <goal>copy</goal>
                                 </goals>
                                 <configuration>
+                                    <skip>${skip.dependencies.for.tomcat7}</skip>
                                     <artifactItems>
                                         <artifactItem>
                                             <groupId>org.jboss.resteasy</groupId>
-                                            <artifactId>resteasy-client</artifactId>
+                                            <artifactId>resteasy-jaxrs</artifactId>
+                                            <version>${tomcat.resteasy.version}</version>
                                         </artifactItem>
+                                        <artifactItem>
+                                            <groupId>org.scannotation</groupId>
+                                            <artifactId>scannotation</artifactId>
+                                            <version>${tomcat.scannotation.version}</version>
+                                        </artifactItem>
+                                        <artifactItem>
+                                            <groupId>org.javassist</groupId>
+                                            <artifactId>javassist</artifactId>
+                                            <version>${tomcat.javassist.version}</version>
+                                        </artifactItem>
+                                        <artifactItem>
+                                            <groupId>javax</groupId>
+                                            <artifactId>javaee-api</artifactId>
+                                            <version>${tomcat.javaee-api.version}</version>
+                                        </artifactItem>
+                                        <artifactItem>
+                                            <!-- JSP compilation failed without this -->
+                                            <groupId>org.glassfish.web</groupId>
+                                            <artifactId>el-impl</artifactId>
+                                            <version>${tomcat.org.glassfish.web.el-impl.version}</version>
+                                        </artifactItem>
+                                    </artifactItems>
+                                    <outputDirectory>${app.server.tomcat.home}/lib</outputDirectory>
+                                    <overWriteIfNewer>true</overWriteIfNewer>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>libs-for-tomcat-8-and-9</id>
+                                <phase>generate-test-resources</phase>
+                                <goals>
+                                    <goal>copy</goal>
+                                </goals>
+                                <configuration>
+                                    <skip>${skip.dependencies.for.tomcat8}</skip>
+                                    <artifactItems>
                                         <artifactItem>
                                             <groupId>org.jboss.spec.javax.ws.rs</groupId>
                                             <artifactId>jboss-jaxrs-api_2.1_spec</artifactId>
-                                        </artifactItem>                                        
+                                            <version>${jboss-jaxrs-api_2.1_spec}</version>
+                                        </artifactItem>
                                         <artifactItem>
                                             <groupId>org.jboss.resteasy</groupId>
                                             <artifactId>resteasy-jaxrs</artifactId>
+                                            <version>${tomcat.resteasy.version}</version>
                                         </artifactItem>
                                         <artifactItem>
-                                            <groupId>commons-io</groupId>
+                                            <groupId>org.jboss.resteasy</groupId>
-                                            <artifactId>commons-io</artifactId>
+                                            <artifactId>resteasy-servlet-initializer</artifactId>
-                                            <version>1.4</version>
+                                            <version>${tomcat.resteasy.version}</version>
+                                        </artifactItem>
+                                        <artifactItem>
+                                            <groupId>org.apache.httpcomponents</groupId>
+                                            <artifactId>httpcore</artifactId>
+                                            <version>${apache.httpcomponents.httpcore.version}</version>
+                                        </artifactItem>
+                                        <artifactItem>
+                                            <groupId>org.reactivestreams</groupId>
+                                            <artifactId>reactive-streams</artifactId>
+                                            <version>${tomcat.reactive-streams.version}</version>
+                                        </artifactItem>
+                                        <artifactItem>
+                                            <groupId>com.fasterxml.jackson.core</groupId>
+                                            <artifactId>jackson-databind</artifactId>
+                                            <version>${jackson.version}</version>
+                                        </artifactItem>
+                                        <artifactItem>
+                                            <groupId>org.jboss.logging</groupId>
+                                            <artifactId>jboss-logging</artifactId>
+                                            <version>${jboss.logging.version}</version>
+                                        </artifactItem>
+                                        <artifactItem>
+                                            <groupId>javax.json.bind</groupId>
+                                            <artifactId>javax.json.bind-api</artifactId>
+                                            <version>${tomcat.javax.json.bind-api.version}</version>
+                                        </artifactItem>
+                                        <artifactItem>
+                                            <groupId>javax.validation</groupId>
+                                            <artifactId>validation-api</artifactId>
+                                            <version>${tomcat.validation-api.version}</version>
                                         </artifactItem>
                                     </artifactItems>
                                     <outputDirectory>${app.server.tomcat.home}/lib</outputDirectory>
@@ -155,50 +235,6 @@
                             </execution>
                         </executions>
                     </plugin>
-                    
-                    <plugin>
-                        <artifactId>maven-antrun-plugin</artifactId>
-                        <executions>
-                            <execution>
-                                <id>parametrize-server-ports</id>
-                                <phase>process-test-resources</phase>
-                                <goals>
-                                    <goal>run</goal>
-                                </goals>
-                                <configuration>
-                                    <tasks>
-                                        <replace file="${app.server.tomcat.home}/conf/server.xml">
-                                            <replacetoken>8005</replacetoken>
-                                            <replacevalue>${tomcat.server.port}</replacevalue>
-                                        </replace>
-                                        <replace file="${app.server.tomcat.home}/conf/server.xml">
-                                            <replacetoken>8080</replacetoken>
-                                            <replacevalue>${tomcat.http.port}</replacevalue>
-                                        </replace>
-                                        <replace file="${app.server.tomcat.home}/conf/server.xml">
-                                            <replacetoken>8443</replacetoken>
-                                            <replacevalue>${tomcat.server.port}</replacevalue>
-                                        </replace>
-                                        <replace file="${app.server.tomcat.home}/conf/server.xml">
-                                            <replacetoken>8009</replacetoken>
-                                            <replacevalue>${tomcat.ajp.port}</replacevalue>
-                                        </replace>
-                                        
-                                        <propertyfile
-                                            file="${app.server.tomcat.home}/conf/catalina.properties"
-                                            comment="Parametrized Tomcat Ports in server.xml">
-                                            <entry  key="tomcat.server.port" value="8005"/>
-                                            <entry  key="tomcat.http.port" value="8080"/>
-                                            <entry  key="tomcat.https.port" value="8443"/>
-                                            <entry  key="tomcat.ajp.port" value="8009"/>
-                                        </propertyfile>
-                                        
-                                    </tasks>
-                                </configuration>
-                            </execution>
-                        </executions>
-                    </plugin>
-                    
                     <plugin>
                         <artifactId>maven-assembly-plugin</artifactId>
                         <executions>
@@ -273,6 +309,34 @@
                             </execution>
                         </executions>
                     </plugin>
+
+                    <plugin>
+                        <artifactId>maven-resources-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>copy-keycloak-truststore</id>
+                                <phase>generate-resources</phase>
+                                <goals>
+                                    <goal>copy-resources</goal>
+                                </goals>
+                                <configuration>
+                                    <outputDirectory>${app.server.tomcat.home}/lib</outputDirectory>
+                                    <resources>
+                                        <resource>
+                                            <directory>${common.resources}</directory>
+                                            <includes>
+                                                <include>keycloak.truststore</include>
+                                            </includes>
+                                            <filtering>true</filtering>
+                                        </resource>
+                                    </resources>
+                                    <nonFilteredFileExtensions>
+                                        <nonFilteredFileExtension>truststore</nonFilteredFileExtension>
+                                    </nonFilteredFileExtensions>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
                 </plugins>
             </build>
         </profile>
@@ -281,22 +345,23 @@
             <id>app-server-tomcat7</id>
             <modules>
                 <module>tomcat7</module>
+                <module>common</module>
             </modules>
         </profile>
         <profile>
             <id>app-server-tomcat8</id>
             <modules>
                 <module>tomcat8</module>
+                <module>common</module>
             </modules>
         </profile>
         <profile>
             <id>app-server-tomcat9</id>
             <modules>
                 <module>tomcat9</module>
+                <module>common</module>
             </modules>
         </profile>
         
     </profiles>
-
-
 </project>

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat7/pom.xml

@@ -26,8 +26,7 @@
     <modelVersion>4.0.0</modelVersion>
 
     <artifactId>integration-arquillian-servers-app-server-tomcat7</artifactId>
-    <packaging>pom</packaging>
+    <name>App Server - Tomcat 7</name>
-    <name>App Server - Tomcat - Tomcat 7</name>
 
     <properties>
         <app.server.tomcat>tomcat7</app.server.tomcat>
@@ -39,6 +38,22 @@
         
         <app.server.oidc.adapter.artifactId>keycloak-tomcat7-adapter-dist</app.server.oidc.adapter.artifactId>
         <app.server.saml.adapter.artifactId>keycloak-saml-tomcat7-adapter-dist</app.server.saml.adapter.artifactId>
+
+        <!-- newer resteasy-jaxrs is not compatible with annotation-api which is provided by Tomcat7 -->
+        <tomcat.resteasy.version>2.3.1.GA</tomcat.resteasy.version>
+        <skip.dependencies.for.tomcat7>false</skip.dependencies.for.tomcat7>
     </properties>
 
+    <dependencies>
+        <dependency>
+            <groupId>org.keycloak.testsuite</groupId>
+            <artifactId>integration-arquillian-servers-app-server-tomcat-common</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.arquillian.container</groupId>
+            <artifactId>arquillian-tomcat-managed-7</artifactId>
+            <version>${arquillian-tomcat7-container-version}</version>
+        </dependency>
+    </dependencies>
 </project>

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat7/src/main/java/org/keycloak/testsuite/arquillian/tomcat/Tomcat7AppServerArquillianExtension.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * Copyright 2018 Red Hat, Inc. and/or its affiliates
  * and other contributors as indicated by the @author tags.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,17 +14,17 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.keycloak.testsuite.adapter.example;
+package org.keycloak.testsuite.arquillian.tomcat;
 
-import org.keycloak.testsuite.adapter.example.authorization.AbstractPhotozExampleAdapterTest;
+import org.jboss.arquillian.container.test.spi.client.deployment.ApplicationArchiveProcessor;
-import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+import org.jboss.arquillian.core.spi.LoadableExtension;
+import org.keycloak.testsuite.arquillian.tomcat.container.Tomcat7DeploymentArchiveProcessor;
 
-/**
+public class Tomcat7AppServerArquillianExtension implements LoadableExtension {
- *
+
- * @author tkyjovsk
+    @Override
- */
+    public void register(ExtensionBuilder builder) {
-@AppServerContainer("app-server-tomcat8")
+        builder.service(ApplicationArchiveProcessor.class, Tomcat7DeploymentArchiveProcessor.class);
-//@AdapterLibsLocationProperty("adapter.libs.wildfly")
+    }
-public class Tomcat8PhotozExampleAdapterTest extends AbstractPhotozExampleAdapterTest {
 
 }

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat7/src/main/java/org/keycloak/testsuite/arquillian/tomcat/container/Tomcat7AppServerProvider.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright 2018 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.arquillian.tomcat.container;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.jboss.arquillian.container.tomcat.managed.Tomcat7ManagedContainer;
+import org.jboss.arquillian.core.spi.Validate;
+import org.jboss.shrinkwrap.descriptor.spi.node.Node;
+import org.keycloak.testsuite.arquillian.container.AppServerContainerProvider;
+import org.keycloak.testsuite.utils.arquillian.tomcat.TomcatAppServerConfigurationUtils;
+
+public class Tomcat7AppServerProvider extends AbstractTomcatAppServerProvider {
+
+
+    @Override
+    public String getName() {
+        return "tomcat7";
+    }
+
+    @Override
+    protected String getContainerClassName() {
+        return Tomcat7ManagedContainer.class.getName();
+    }
+}

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat7/src/main/java/org/keycloak/testsuite/arquillian/tomcat/container/Tomcat7DeploymentArchiveProcessor.java

@@ -0,0 +1,113 @@
+/*
+ * Copyright 2018 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.arquillian.tomcat.container;
+
+import org.jboss.arquillian.container.test.spi.client.deployment.ApplicationArchiveProcessor;
+import org.jboss.arquillian.test.spi.TestClass;
+import org.jboss.logging.Logger;
+import org.jboss.shrinkwrap.api.Archive;
+import org.jboss.shrinkwrap.api.asset.StringAsset;
+import org.keycloak.testsuite.utils.annotation.UseServletFilter;
+import org.keycloak.testsuite.utils.arquillian.DeploymentArchiveProcessorUtils;
+import org.keycloak.testsuite.utils.arquillian.tomcat.TomcatDeploymentArchiveProcessorUtils;
+import org.keycloak.testsuite.utils.io.IOUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import java.util.Set;
+
+import static org.keycloak.testsuite.utils.arquillian.DeploymentArchiveProcessorUtils.WEBXML_PATH;
+import static org.keycloak.testsuite.utils.io.IOUtil.documentToString;
+
+public class Tomcat7DeploymentArchiveProcessor extends CommonTomcatDeploymentArchiveProcessor {
+
+    @Override
+    public void process(Archive<?> archive, TestClass testClass) {
+        super.process(archive, testClass);
+        if (DeploymentArchiveProcessorUtils.checkRunOnServerDeployment(archive)) return;
+
+        Set<Class<?>> configClasses = TomcatDeploymentArchiveProcessorUtils.getApplicationConfigClasses(archive);
+
+        if (!configClasses.isEmpty()) {
+            // Tomcat 7 doesn't work with resteasy-servlet-initializer therefore we need to configure Tomcat the old way
+            // jax-rs docs: http://docs.jboss.org/resteasy/docs/3.6.1.Final/userguide/html_single/#d4e161
+            Document webXmlDoc;
+            try {
+                webXmlDoc = IOUtil.loadXML(
+                        archive.get(WEBXML_PATH).getAsset().openStream());
+            } catch (Exception ex) {
+                throw new RuntimeException("Error when processing " + archive.getName(), ex);
+            }
+
+            addContextParam(webXmlDoc);
+            addServlet(webXmlDoc, configClasses.iterator().next().getName());
+            addServletMapping(webXmlDoc);
+
+            archive.add(new StringAsset((documentToString(webXmlDoc))), DeploymentArchiveProcessorUtils.WEBXML_PATH);
+        }
+    }
+
+    private void addServletMapping(Document doc) {
+        Element servletMapping = doc.createElement("servlet-mapping");
+        Element servetName = doc.createElement("servlet-name");
+        Element urlPattern = doc.createElement("url-pattern");
+
+        servetName.setTextContent("Resteasy");
+        urlPattern.setTextContent("/*");
+
+        servletMapping.appendChild(servetName);
+        servletMapping.appendChild(urlPattern);
+        IOUtil.appendChildInDocument(doc, "web-app", servletMapping);
+    }
+
+    private void addServlet(Document doc, String configClassName) {
+        Element servlet = doc.createElement("servlet");
+        Element servletName = doc.createElement("servlet-name");
+        Element servletClass = doc.createElement("servlet-class");
+        Element initParam = doc.createElement("init-param");
+        Element paramName = doc.createElement("param-name");
+        Element paramValue = doc.createElement("param-value");
+
+        servletName.setTextContent("Resteasy");
+        servletClass.setTextContent("org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher");
+        paramName.setTextContent("javax.ws.rs.Application");
+        paramValue.setTextContent(configClassName);
+
+        servlet.appendChild(servletName);
+        servlet.appendChild(servletClass);
+
+        initParam.appendChild(paramName);
+        initParam.appendChild(paramValue);
+
+        servlet.appendChild(initParam);
+
+        IOUtil.appendChildInDocument(doc, "web-app", servlet);
+    }
+
+    private void addContextParam(Document doc) {
+        Element contextParam = doc.createElement("context-param");
+        Element paramName = doc.createElement("param-name");
+        Element paramValue = doc.createElement("param-value");
+
+        paramName.setTextContent("resteasy.scan.resources");
+        paramValue.setTextContent("true");
+
+        contextParam.appendChild(paramName);
+        contextParam.appendChild(paramValue);
+        IOUtil.appendChildInDocument(doc, "web-app", contextParam);
+    }
+}

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat7/src/main/resources/META-INF/services/org.jboss.arquillian.core.spi.LoadableExtension

@@ -0,0 +1 @@
+org.keycloak.testsuite.arquillian.tomcat.Tomcat7AppServerArquillianExtension

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat7/src/main/resources/META-INF/services/org.keycloak.testsuite.arquillian.container.AppServerContainerProvider

@@ -0,0 +1 @@
+org.keycloak.testsuite.arquillian.tomcat.container.Tomcat7AppServerProvider

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat7/src/tomcat-submodule

@@ -0,0 +1 @@
+

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat8/pom.xml

@@ -26,8 +26,7 @@
     <modelVersion>4.0.0</modelVersion>
 
     <artifactId>integration-arquillian-servers-app-server-tomcat8</artifactId>
-    <packaging>pom</packaging>
+    <name>App Server - Tomcat 8</name>
-    <name>App Server - Tomcat - Tomcat 8</name>
 
     <properties>
         <app.server.tomcat>tomcat8</app.server.tomcat>
@@ -39,6 +38,20 @@
         
         <app.server.oidc.adapter.artifactId>keycloak-tomcat8-adapter-dist</app.server.oidc.adapter.artifactId>
         <app.server.saml.adapter.artifactId>keycloak-saml-tomcat8-adapter-dist</app.server.saml.adapter.artifactId>
+        <skip.dependencies.for.tomcat8>false</skip.dependencies.for.tomcat8>
     </properties>
 
+    <dependencies>
+        <dependency>
+            <groupId>org.keycloak.testsuite</groupId>
+            <artifactId>integration-arquillian-servers-app-server-tomcat-common</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.arquillian.container</groupId>
+            <artifactId>arquillian-tomcat-managed-8</artifactId>
+            <version>${arquillian-tomcat8-container-version}</version>
+        </dependency>
+    </dependencies>
+
 </project>

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat8/src/main/java/org/keycloak/testsuite/arquillian/tomcat/Tomcat8AppServerArquillianExtension.java

@@ -0,0 +1,30 @@
+/*
+ * Copyright 2018 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.arquillian.tomcat;
+
+import org.jboss.arquillian.container.test.spi.client.deployment.ApplicationArchiveProcessor;
+import org.jboss.arquillian.core.spi.LoadableExtension;
+import org.keycloak.testsuite.arquillian.tomcat.container.CommonTomcatDeploymentArchiveProcessor;
+
+public class Tomcat8AppServerArquillianExtension implements LoadableExtension {
+
+    @Override
+    public void register(ExtensionBuilder builder) {
+        builder.service(ApplicationArchiveProcessor.class, CommonTomcatDeploymentArchiveProcessor.class);
+    }
+
+}

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat8/src/main/java/org/keycloak/testsuite/arquillian/tomcat/container/Tomcat8AppServerProvider.java

@@ -0,0 +1,40 @@
+/*
+ * Copyright 2018 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.arquillian.tomcat.container;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.jboss.arquillian.container.tomcat.managed.Tomcat8ManagedContainer;
+import org.jboss.arquillian.core.spi.Validate;
+import org.jboss.shrinkwrap.descriptor.spi.node.Node;
+import org.keycloak.testsuite.arquillian.container.AppServerContainerProvider;
+import org.keycloak.testsuite.utils.arquillian.tomcat.TomcatAppServerConfigurationUtils;
+
+public class Tomcat8AppServerProvider extends AbstractTomcatAppServerProvider {
+
+    @Override
+    public String getName() {
+        return "tomcat8";
+    }
+
+    @Override
+    protected String getContainerClassName() {
+        return Tomcat8ManagedContainer.class.getName();
+    }
+}

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat8/src/main/resources/META-INF/services/org.jboss.arquillian.core.spi.LoadableExtension

@@ -0,0 +1 @@
+org.keycloak.testsuite.arquillian.tomcat.Tomcat8AppServerArquillianExtension

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat8/src/main/resources/META-INF/services/org.keycloak.testsuite.arquillian.container.AppServerContainerProvider

@@ -0,0 +1 @@
+org.keycloak.testsuite.arquillian.tomcat.container.Tomcat8AppServerProvider

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat8/src/tomcat-submodule

@@ -0,0 +1 @@
+

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat9/pom.xml

@@ -26,19 +26,34 @@
     <modelVersion>4.0.0</modelVersion>
 
     <artifactId>integration-arquillian-servers-app-server-tomcat9</artifactId>
-    <packaging>pom</packaging>
+    <name>App Server - Tomcat 9</name>
-    <name>App Server - Tomcat - Tomcat 9</name>
 
     <properties>
         <app.server.tomcat>tomcat9</app.server.tomcat>
-        
+
         <app.server.tomcat.groupId>org.apache.tomcat</app.server.tomcat.groupId>
         <app.server.tomcat.artifactId>tomcat</app.server.tomcat.artifactId>
         <app.server.tomcat.version>${tomcat9.version}</app.server.tomcat.version>
         <app.server.tomcat.unpacked.folder.name>apache-tomcat-${tomcat9.version}</app.server.tomcat.unpacked.folder.name>
-        
+
+        <!-- KEYCLOAK-9598 - There are no adapters for Tomcat 9 for now we use adapters for Tomcat 8 -->
         <app.server.oidc.adapter.artifactId>keycloak-tomcat8-adapter-dist</app.server.oidc.adapter.artifactId>
         <app.server.saml.adapter.artifactId>keycloak-saml-tomcat8-adapter-dist</app.server.saml.adapter.artifactId>
+        <skip.dependencies.for.tomcat8>false</skip.dependencies.for.tomcat8>
     </properties>
 
+    <dependencies>
+        <dependency>
+            <groupId>org.keycloak.testsuite</groupId>
+            <artifactId>integration-arquillian-servers-app-server-tomcat-common</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.arquillian.container</groupId>
+            <!-- There is no arquillian container for Tomcat 9 yet, for now we use container for Tomcat 8 -->
+            <artifactId>arquillian-tomcat-managed-8</artifactId>
+            <version>${arquillian-tomcat9-container-version}</version>
+        </dependency>
+    </dependencies>
+
 </project>

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat9/src/main/java/org/keycloak/testsuite/arquillian/tomcat/Tomcat9AppServerArquillianExtension.java

@@ -0,0 +1,30 @@
+/*
+ * Copyright 2018 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.arquillian.tomcat;
+
+import org.jboss.arquillian.container.test.spi.client.deployment.ApplicationArchiveProcessor;
+import org.jboss.arquillian.core.spi.LoadableExtension;
+import org.keycloak.testsuite.arquillian.tomcat.container.CommonTomcatDeploymentArchiveProcessor;
+
+public class Tomcat9AppServerArquillianExtension implements LoadableExtension {
+
+    @Override
+    public void register(ExtensionBuilder builder) {
+        builder.service(ApplicationArchiveProcessor.class, CommonTomcatDeploymentArchiveProcessor.class);
+    }
+
+}

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat9/src/main/java/org/keycloak/testsuite/arquillian/tomcat/container/Tomcat9AppServerProvider.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * Copyright 2018 Red Hat, Inc. and/or its affiliates
  * and other contributors as indicated by the @author tags.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,17 +14,20 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.keycloak.testsuite.adapter.example;
 
-import org.keycloak.testsuite.adapter.example.authorization.DefaultAuthzConfigAdapterTest;
+package org.keycloak.testsuite.arquillian.tomcat.container;
-import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
 
-/**
+import org.jboss.arquillian.container.tomcat.managed.Tomcat8ManagedContainer;
- *
- * @author tkyjovsk
- */
-@AppServerContainer("app-server-tomcat8")
-//@AdapterLibsLocationProperty("adapter.libs.wildfly")
-public class Tomcat8DefaultAuthzConfigAdapterTest extends DefaultAuthzConfigAdapterTest {
 
+public class Tomcat9AppServerProvider extends AbstractTomcatAppServerProvider {
+
+    @Override
+    public String getName() {
+        return "tomcat9";
+    }
+
+    @Override
+    protected String getContainerClassName() {
+        return Tomcat8ManagedContainer.class.getName();
+    }
 }

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat9/src/main/resources/META-INF/services/org.jboss.arquillian.core.spi.LoadableExtension

@@ -0,0 +1 @@
+org.keycloak.testsuite.arquillian.tomcat.Tomcat9AppServerArquillianExtension

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat9/src/main/resources/META-INF/services/org.keycloak.testsuite.arquillian.container.AppServerContainerProvider

@@ -0,0 +1 @@
+org.keycloak.testsuite.arquillian.tomcat.container.Tomcat9AppServerProvider

testsuite/integration-arquillian/servers/app-server/tomcat/tomcat9/src/tomcat-submodule

@@ -0,0 +1 @@
+

testsuite/integration-arquillian/servers/pom.xml

@@ -36,9 +36,6 @@
         <eap6.version>7.5.21.Final-redhat-1</eap6.version>
         <eap71.version>7.1.5.GA-redhat-00002</eap71.version>
         <jboss.as.version>7.1.1.Final</jboss.as.version>
-        <tomcat7.version>7.0.68</tomcat7.version>
-        <tomcat8.version>8.0.32</tomcat8.version>
-        <tomcat9.version>9.0.0.M3</tomcat9.version>
         <karaf3.version>3.0.3</karaf3.version>
         <fuse61.version>6.1.0.redhat-379</fuse61.version>
         <!--<fuse62.version>6.2.0.redhat-133</fuse62.version>-->

testsuite/integration-arquillian/test-apps/hello-world-authz-service/src/main/webapp/META-INF/context.xml

@@ -15,6 +15,6 @@
   ~ limitations under the License.
   -->
 
-<Context path="/customer-portal">
+<Context path="/hello-world-authz-service">
     <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
 </Context>

testsuite/integration-arquillian/test-apps/servlet-authz/src/main/webapp/META-INF/context.xml

@@ -15,6 +15,6 @@
   ~ limitations under the License.
   -->
 
-<Context path="/customer-portal">
+<Context path="/servlet-authz-app">
     <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
 </Context>

testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/src/main/webapp/META-INF/context.xml

@@ -15,6 +15,6 @@
   ~ limitations under the License.
   -->
 
-<Context path="/customer-portal">
+<Context path="/servlet-policy-enforcer">
     <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
 </Context>

testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/SendUsernameServlet.java

@@ -25,7 +25,6 @@ import org.keycloak.adapters.spi.AuthenticationError;
 import org.keycloak.saml.processing.core.saml.v2.constants.X500SAMLProfileConstants;
 
 import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
@@ -48,7 +47,7 @@ import java.util.List;
  * @version $Revision: 1 $
  */
 @Path("/")
-public class SendUsernameServlet extends HttpServlet {
+public class SendUsernameServlet {
 
     private static boolean checkRoles = false;
     private static SamlAuthenticationError authError;
@@ -60,7 +59,7 @@ public class SendUsernameServlet extends HttpServlet {
 
     @GET
     @NoCache
-    public Response doGet(@QueryParam("checkRoles") boolean checkRolesFlag) throws ServletException, IOException {
+    public Response doGet(@QueryParam("checkRoles") boolean checkRolesFlag) throws IOException {
         System.out.println("In SendUsername Servlet doGet() check roles is " + (checkRolesFlag || checkRoles));
         if (httpServletRequest.getUserPrincipal() != null && (checkRolesFlag || checkRoles) && !checkRoles()) {
             return Response.status(Response.Status.FORBIDDEN).entity("Forbidden").build();
@@ -71,7 +70,7 @@ public class SendUsernameServlet extends HttpServlet {
 
     @POST
     @NoCache
-    public Response doPost(@QueryParam("checkRoles") boolean checkRolesFlag) throws ServletException, IOException {
+    public Response doPost(@QueryParam("checkRoles") boolean checkRolesFlag) {
         System.out.println("In SendUsername Servlet doPost() check roles is " + (checkRolesFlag || checkRoles));
 
         if (httpServletRequest.getUserPrincipal() != null && (checkRolesFlag || checkRoles) && !checkRoles()) {
@@ -94,14 +93,14 @@ public class SendUsernameServlet extends HttpServlet {
 
     @GET
     @Path("{path}")
-    public Response doGetElseWhere(@PathParam("path") String path, @QueryParam("checkRoles") boolean checkRolesFlag) throws ServletException, IOException {
+    public Response doGetElseWhere(@PathParam("path") String path, @QueryParam("checkRoles") boolean checkRolesFlag) throws IOException {
         System.out.println("In SendUsername Servlet doGetElseWhere() - path: " + path);
         return doGet(checkRolesFlag);
     }
 
     @POST
     @Path("{path}")
-    public Response doPostElseWhere(@PathParam("path") String path, @QueryParam("checkRoles") boolean checkRolesFlag) throws ServletException, IOException {
+    public Response doPostElseWhere(@PathParam("path") String path, @QueryParam("checkRoles") boolean checkRolesFlag) throws IOException {
         System.out.println("In SendUsername Servlet doPostElseWhere() - path: " + path);
         return doPost(checkRolesFlag);
     }

testsuite/integration-arquillian/tests/base/pom.xml

@@ -817,6 +817,105 @@
                 </plugins>
             </build>
         </profile>
+        <profile>
+            <id>app-server-tomcat7</id>
+            <activation>
+                <property>
+                    <name>app.server</name>
+                    <value>tomcat7</value>
+                </property>
+            </activation>
+            <properties>
+                <app.server>tomcat7</app.server> <!--in case the profile is called directly-->
+                <app.server.skip.unpack>false</app.server.skip.unpack>
+                <app.server.artifactId>integration-arquillian-servers-app-server-tomcat7</app.server.artifactId><!-- Need to override -->
+                <app.server.port.offset>0</app.server.port.offset>
+                <app.server.http.port>8080</app.server.http.port>
+                <app.server.management.port>9990</app.server.management.port>
+            </properties>
+            <dependencies>
+                <dependency>
+                    <groupId>org.keycloak.testsuite</groupId>
+                    <artifactId>integration-arquillian-servers-app-server-tomcat7</artifactId>
+                    <version>${project.version}</version>
+                    <scope>runtime</scope>
+                </dependency>
+            </dependencies>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.commonjava.maven.plugins</groupId>
+                        <artifactId>directory-maven-plugin</artifactId>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+        <profile>
+            <id>app-server-tomcat8</id>
+            <activation>
+                <property>
+                    <name>app.server</name>
+                    <value>tomcat8</value>
+                </property>
+            </activation>
+            <properties>
+                <app.server>tomcat8</app.server> <!--in case the profile is called directly-->
+                <app.server.skip.unpack>false</app.server.skip.unpack>
+                <app.server.artifactId>integration-arquillian-servers-app-server-tomcat8</app.server.artifactId><!-- Need to override -->
+                <app.server.port.offset>0</app.server.port.offset>
+                <app.server.http.port>8080</app.server.http.port>
+                <app.server.management.port>9990</app.server.management.port>
+            </properties>
+            <dependencies>
+                <dependency>
+                    <groupId>org.keycloak.testsuite</groupId>
+                    <artifactId>integration-arquillian-servers-app-server-tomcat8</artifactId>
+                    <version>${project.version}</version>
+                    <scope>runtime</scope>
+                </dependency>
+            </dependencies>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.commonjava.maven.plugins</groupId>
+                        <artifactId>directory-maven-plugin</artifactId>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+        <profile>
+            <id>app-server-tomcat9</id>
+            <activation>
+                <property>
+                    <name>app.server</name>
+                    <value>tomcat9</value>
+                </property>
+            </activation>
+            <properties>
+                <app.server>tomcat9</app.server> <!--in case the profile is called directly-->
+                <app.server.skip.unpack>false</app.server.skip.unpack>
+                <app.server.artifactId>integration-arquillian-servers-app-server-tomcat9</app.server.artifactId><!-- Need to override -->
+                <app.server.port.offset>0</app.server.port.offset>
+                <app.server.http.port>8080</app.server.http.port>
+                <app.server.management.port>9990</app.server.management.port>
+            </properties>
+            <dependencies>
+                <dependency>
+                    <groupId>org.keycloak.testsuite</groupId>
+                    <artifactId>integration-arquillian-servers-app-server-tomcat9</artifactId>
+                    <version>${project.version}</version>
+                    <scope>runtime</scope>
+                </dependency>
+            </dependencies>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.commonjava.maven.plugins</groupId>
+                        <artifactId>directory-maven-plugin</artifactId>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
         <profile>
             <id>auth-servers-crossdc-undertow</id>
             <properties>

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AppServerTestEnricher.java

@@ -267,7 +267,7 @@ public class AppServerTestEnricher {
     }
 
     public static boolean isTomcatAppServer() {
-        return CURRENT_APP_SERVER.equals("tomcat");
+        return CURRENT_APP_SERVER.startsWith("tomcat");
     }
 
     public static boolean isEAP6AppServer() {

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/containers/ContainerConstants.java

@@ -42,4 +42,8 @@ public interface ContainerConstants {
     public static final String APP_SERVER_JETTY93 = APP_SERVER_PREFIX + "jetty93";
     public static final String APP_SERVER_JETTY92 = APP_SERVER_PREFIX + "jetty92";
 
+    public static final String APP_SERVER_TOMCAT7 = APP_SERVER_PREFIX + "tomcat7";
+    public static final String APP_SERVER_TOMCAT8 = APP_SERVER_PREFIX + "tomcat8";
+    public static final String APP_SERVER_TOMCAT9 = APP_SERVER_PREFIX + "tomcat9";
+
 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractAdapterTest.java

@@ -89,7 +89,7 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
             log.info("Setting redirect-uris in test realm '" + tr.getRealm() + "' as " + (isRelative() ? "" : "non-") + "relative");
 
             modifyClientRedirectUris(tr, "http://localhost:8080", "");
-            modifyClientRedirectUris(tr, "^(/.*/\\*)",
+            modifyClientRedirectUris(tr, "^(.*/\\*)",
                   "http://localhost:" + System.getProperty("app.server.http.port", "8280") + "$1",
                   "http://localhost:" + System.getProperty("auth.server.http.port", "8180") + "$1",
                   "https://localhost:" + System.getProperty("app.server.https.port", "8643") + "$1",
@@ -102,6 +102,8 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
                   "https://localhost:" + System.getProperty("auth.server.http.port", "8543"));
 
             modifyClientUrls(tr, "http://localhost:8080", "");
+            modifySamlMasterURLs(tr, "http://localhost:8080", "");
+            modifySAMLClientsAttributes(tr, "http://localhost:8080", "");
 
             if (isRelative()) {
                 modifyClientUrls(tr, appServerContextRootPage.toString(), "");
@@ -109,8 +111,8 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
                 modifySAMLClientsAttributes(tr, "8080", System.getProperty("auth.server.http.port", "8180"));
             } else {
                 modifyClientUrls(tr, "^(/.*)", appServerContextRootPage.toString() + "$1");
-                modifySamlMasterURLs(tr, "8080", AUTH_SERVER_PORT);
+                modifySamlMasterURLs(tr, "^(/.*)", appServerContextRootPage.toString() + "$1");
-                modifySAMLClientsAttributes(tr, "http://localhost:8080",  appServerContextRootPage.toString());
+                modifySAMLClientsAttributes(tr, "^(/.*)",  appServerContextRootPage.toString() + "$1");
                 modifyClientJWKSUrl(tr, "^(/.*)", appServerContextRootPage.toString() + "$1");
             }
             if (AUTH_SERVER_SSL_REQUIRED) {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/AbstractExampleAdapterTest.java

@@ -20,7 +20,7 @@ package org.keycloak.testsuite.adapter;
 import org.apache.commons.io.IOUtils;
 import org.jboss.shrinkwrap.api.ShrinkWrap;
 import org.jboss.shrinkwrap.api.asset.StringAsset;
-import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.jboss.shrinkwrap.api.importer.ZipImporter;
 import org.jboss.shrinkwrap.api.spec.WebArchive;
 import org.junit.Assert;
 import org.keycloak.testsuite.utils.arquillian.DeploymentArchiveProcessorUtils;
@@ -30,7 +30,6 @@ import java.io.IOException;
 import java.net.URL;
 import java.nio.file.Paths;
 import java.util.function.Consumer;
-import java.util.function.Supplier;
 
 /**
  *
@@ -63,9 +62,10 @@ public abstract class AbstractExampleAdapterTest extends AbstractAdapterTest {
     }
 
     protected static WebArchive exampleDeployment(String name, Consumer<WebArchive> additionalResources) {
-        WebArchive webArchive = ShrinkWrap.createFromZipFile(WebArchive.class,
+        WebArchive webArchive = ShrinkWrap.create(ZipImporter.class, name + ".war")
-              new File(EXAMPLES_HOME + "/" + name + "-" + EXAMPLES_VERSION_SUFFIX + ".war"))
+                .importFrom(new File(EXAMPLES_HOME + "/" + name + "-" + EXAMPLES_VERSION_SUFFIX + ".war"))
-              .addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML);
+                .as(WebArchive.class)
+                .addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML);
 
         additionalResources.accept(webArchive);
 
@@ -92,8 +92,9 @@ public abstract class AbstractExampleAdapterTest extends AbstractAdapterTest {
         URL webXML = Paths.get(EXAMPLES_WEB_XML).toUri().toURL();
         String webXmlContent = IOUtils.toString(webXML.openStream(), "UTF-8")
                 .replace("%CONTEXT_PATH%", contextPath);
-        WebArchive webArchive = ShrinkWrap.createFromZipFile(WebArchive.class,
+        WebArchive webArchive = ShrinkWrap.create(ZipImporter.class, name + ".war")
-                new File(EXAMPLES_HOME + "/" + name + "-" + EXAMPLES_VERSION_SUFFIX + ".war"))
+                .importFrom(new File(EXAMPLES_HOME + "/" + name + "-" + EXAMPLES_VERSION_SUFFIX + ".war"))
+                .as(WebArchive.class)
                 .addAsWebInfResource(jbossDeploymentStructure, JBOSS_DEPLOYMENT_STRUCTURE_XML)
                 .add(new StringAsset(webXmlContent), "/WEB-INF/web.xml");
 

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/DefaultAuthzConfigAdapterTest.java

@@ -52,6 +52,9 @@ import static org.keycloak.testsuite.utils.io.IOUtil.loadRealm;
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
 @AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
 public class DefaultAuthzConfigAdapterTest extends AbstractExampleAdapterTest {
 
     private static final String REALM_NAME = "hello-world-authz";

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/PermissiveModeAdapterTest.java

@@ -16,17 +16,18 @@
  */
 package org.keycloak.testsuite.adapter.example.authorization;
 
-import static org.junit.Assert.assertTrue;
-
 import java.io.File;
 import java.io.IOException;
 
 import org.jboss.arquillian.container.test.api.Deployment;
 import org.jboss.shrinkwrap.api.spec.WebArchive;
 import org.junit.Test;
+import org.keycloak.testsuite.arquillian.AppServerTestEnricher;
 import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
 import org.keycloak.testsuite.arquillian.containers.ContainerConstants;
 
+import static org.assertj.core.api.Java6Assertions.assertThat;
+
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
  */
@@ -36,6 +37,9 @@ import org.keycloak.testsuite.arquillian.containers.ContainerConstants;
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
 @AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
 public class PermissiveModeAdapterTest extends AbstractBaseServletAuthzAdapterTest {
 
     @Deployment(name = RESOURCE_SERVER_ID, managed = false)
@@ -50,11 +54,11 @@ public class PermissiveModeAdapterTest extends AbstractBaseServletAuthzAdapterTe
             login("jdoe", "jdoe");
             driver.navigate().to(getResourceServerUrl() + "/enforcing/resource");
 
-            if (System.getProperty("app.server","").startsWith("eap6")) {
+            if (AppServerTestEnricher.isEAP6AppServer() || AppServerTestEnricher.isTomcatAppServer()) {
-                assertTrue(driver.getPageSource().contains("HTTP Status 404"));
+                assertThat(driver.getPageSource()).contains("HTTP Status 404");
             } else {
-                assertTrue(driver.getTitle().equals("Error"));
+                assertThat(driver.getTitle()).isEqualTo("Error");
-                assertTrue(driver.getPageSource().contains("Not Found"));
+                assertThat(driver.getPageSource()).contains("Not Found");
             }
 
             driver.navigate().to(getResourceServerUrl() + "/protected/admin");

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletAuthzCIPAdapterTest.java

@@ -34,6 +34,9 @@ import org.keycloak.testsuite.arquillian.containers.ContainerConstants;
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
 @AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
 public class ServletAuthzCIPAdapterTest extends AbstractServletAuthzAdapterTest {
 
     @Deployment(name = RESOURCE_SERVER_ID, managed = false)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletAuthzCacheDisabledAdapterTest.java

@@ -36,6 +36,9 @@ import org.keycloak.testsuite.arquillian.containers.ContainerConstants;
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
 @AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
 public class ServletAuthzCacheDisabledAdapterTest extends AbstractServletAuthzAdapterTest {
 
     @Deployment(name = RESOURCE_SERVER_ID, managed = false)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletAuthzCacheLifespanAdapterTest.java

@@ -35,6 +35,9 @@ import org.keycloak.testsuite.arquillian.containers.ContainerConstants;
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
 @AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
 public class ServletAuthzCacheLifespanAdapterTest extends AbstractServletAuthzAdapterTest {
 
     @Deployment(name = RESOURCE_SERVER_ID, managed = false)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletAuthzLazyLoadPathsAdapterTest.java

@@ -34,6 +34,9 @@ import org.keycloak.testsuite.arquillian.containers.ContainerConstants;
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
 @AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
 public class ServletAuthzLazyLoadPathsAdapterTest extends AbstractServletAuthzAdapterTest {
 
     @Deployment(name = RESOURCE_SERVER_ID, managed = false)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletAuthzNoLazyLoadPathsAdapterTest.java

@@ -32,6 +32,9 @@ import org.keycloak.testsuite.arquillian.containers.ContainerConstants;
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
 @AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
 public class ServletAuthzNoLazyLoadPathsAdapterTest extends AbstractServletAuthzAdapterTest {
 
     @Deployment(name = RESOURCE_SERVER_ID, managed = false)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/ServletPolicyEnforcerTest.java

@@ -58,6 +58,9 @@ import org.openqa.selenium.By;
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
 @AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
 public class ServletPolicyEnforcerTest extends AbstractExampleAdapterTest {
 
     protected static final String REALM_NAME = "servlet-policy-enforcer-authz";

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/ClientInitiatedAccountLinkTest.java

@@ -126,9 +126,6 @@ public class ClientInitiatedAccountLinkTest extends AbstractServletsAdapterTest
         servlet.setClientId("client-linking");
         servlet.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
         String uri = "/client-linking";
-        if (!isRelative()) {
-            uri = appServerContextRootPage.toString() + uri;
-        }
         servlet.setAdminUrl(uri);
         servlet.setDirectAccessGrantsEnabled(true);
         servlet.setBaseUrl(uri);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/DemoServletsAdapterTest.java

@@ -132,6 +132,9 @@ import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
 public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {
 
     // Javascript browser needed KEYCLOAK-4703

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLServletAdapterTest.java

@@ -172,6 +172,9 @@ import org.xml.sax.SAXException;
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
 public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
     @Page
     protected BadClientSalesPostSigServlet badClientSalesPostSigServletPage;
@@ -267,13 +270,13 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
 
     @Page
     protected MultiTenant1Saml multiTenant1SamlPage;
-    
+
     @Page
     protected MultiTenant2Saml multiTenant2SamlPage;
-    
+
     @Page
     protected SAMLPostLoginTenant1 tenant1RealmSAMLPostLoginPage;
-    
+
     @Page
     protected SAMLPostLoginTenant2 tenant2RealmSAMLPostLoginPage;
 
@@ -423,9 +426,9 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
 
     @Deployment(name = MultiTenant1Saml.DEPLOYMENT_NAME)
     protected static WebArchive multiTenant() {
-        return samlServletDeploymentMultiTenant(MultiTenant1Saml.DEPLOYMENT_NAME, "multi-tenant-saml/WEB-INF/web.xml", 
+        return samlServletDeploymentMultiTenant(MultiTenant1Saml.DEPLOYMENT_NAME, "multi-tenant-saml/WEB-INF/web.xml",
                 "tenant1-keycloak-saml.xml", "tenant2-keycloak-saml.xml",
-                "keystore-tenant1.jks", "keystore-tenant2.jks", 
+                "keystore-tenant1.jks", "keystore-tenant2.jks",
                 SendUsernameServlet.class, SamlMultiTenantResolver.class);
     }
 
@@ -468,7 +471,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
                 || driver.getPageSource().contains(FORBIDDEN_TEXT)
                 || driver.getPageSource().contains(WEBSPHERE_FORBIDDEN_TEXT)); // WebSphere
     }
-    
+
     private void assertFailedLogin(AbstractPage page, UserRepresentation user, Login loginPage) {
         page.navigateTo();
         assertCurrentUrlStartsWith(loginPage);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SessionServletAdapterTest.java

@@ -55,6 +55,9 @@ import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLo
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
 @AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT7)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT8)
+@AppServerContainer(ContainerConstants.APP_SERVER_TOMCAT9)
 public class SessionServletAdapterTest extends AbstractServletsAdapterTest {
 
     @Page
@@ -171,7 +174,7 @@ public class SessionServletAdapterTest extends AbstractServletsAdapterTest {
         // logout mposolda with admin client
         UserRepresentation mposolda = testRealmResource().users().search("mposolda", null, null, null, null, null).get(0);
         testRealmResource().users().get(mposolda.getId()).logout();
-        
+
         // bburke should be still logged with original httpSession in our browser window
         sessionPortalPage.navigateTo();
         assertCurrentUrlEquals(sessionPortalPage);
@@ -192,7 +195,7 @@ public class SessionServletAdapterTest extends AbstractServletsAdapterTest {
         // Assert I need to login again (logout was propagated to the app)
         loginAndCheckSession(testRealmLoginPage);
     }
-    
+
     private void loginAndCheckSession(Login login) {
         sessionPortalPage.navigateTo();
         assertCurrentUrlStartsWithLoginUrlOf(testRealmPage);
@@ -208,3 +211,4 @@ public class SessionServletAdapterTest extends AbstractServletsAdapterTest {
     }
 
 }
+

testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/demorealm.json

@@ -175,7 +175,7 @@
             "enabled": true,
             "baseUrl": "/",
             "redirectUris": [
-                "http://localhost:8280/*"
+                "http://localhost:8080/*"
             ],
             "secret": "password"
         },

testsuite/integration-arquillian/tests/other/adapters/pom.xml

@@ -100,7 +100,6 @@
     <modules>
         <module>jboss</module>
         <module>karaf</module>
-        <module>tomcat</module>
         <module>was</module>
         <module>wls</module>
     </modules>

testsuite/integration-arquillian/tests/other/adapters/tomcat/common/xslt/arquillian.xsl

@@ -1,56 +0,0 @@
-<!--
-  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
-  ~ and other contributors as indicated by the @author tags.
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~ http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
-                xmlns:xalan="http://xml.apache.org/xalan"
-                xmlns:a="http://jboss.org/schema/arquillian"
-                version="2.0"
-                exclude-result-prefixes="xalan a">
-
-    <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
-    <xsl:strip-space elements="*"/>
-
-    <xsl:template match="/a:arquillian">
-        <xsl:copy>
-            <xsl:apply-templates select="node()|@*"/>
-            
-            <container qualifier="app-server-${{app.server}}" mode="manual" >
-                <configuration>
-                    <property name="enabled">true</property>
-                    <property name="adapterImplClass">org.jboss.arquillian.container.tomcat.managed_7.TomcatManagedContainer</property>
-                    <property name="catalinaHome">${app.server.home}</property>
-                    <property name="catalinaBase">${app.server.home}</property>
-                    <property name="bindHttpPort">${app.server.http.port}</property>
-                    <property name="jmxPort">${app.server.management.port}</property>
-                    <property name="user">manager</property>
-                    <property name="pass">arquillian</property>
-                    <property name="javaVmArguments">${adapter.test.props}</property>
-                </configuration>
-            </container>
-    
-        </xsl:copy>
-    </xsl:template>
-    
-
-    <xsl:template match="@*|node()">
-        <xsl:copy>
-            <xsl:apply-templates select="@*|node()" />
-        </xsl:copy>
-    </xsl:template>
-    
-
-</xsl:stylesheet>

testsuite/integration-arquillian/tests/other/adapters/tomcat/pom.xml

@@ -1,65 +0,0 @@
-<?xml version="1.0"?>
-<!--
-~ Copyright 2016 Red Hat, Inc. and/or its affiliates
-~ and other contributors as indicated by the @author tags.
-~
-~ Licensed under the Apache License, Version 2.0 (the "License");
-~ you may not use this file except in compliance with the License.
-~ You may obtain a copy of the License at
-~
-~ http://www.apache.org/licenses/LICENSE-2.0
-~
-~ Unless required by applicable law or agreed to in writing, software
-~ distributed under the License is distributed on an "AS IS" BASIS,
-~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-~ See the License for the specific language governing permissions and
-~ limitations under the License.
--->
-
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-
-    <modelVersion>4.0.0</modelVersion>
-
-    <parent>
-        <groupId>org.keycloak.testsuite</groupId>
-        <artifactId>integration-arquillian-tests-adapters</artifactId>
-        <version>5.0.0-SNAPSHOT</version>
-    </parent>
-
-    <artifactId>integration-arquillian-tests-adapters-tomcat</artifactId>
-
-    <packaging>pom</packaging>
-
-    <name>Adapter Tests - Tomcat</name>
-    
-    <properties>
-        <common.resources>${project.parent.basedir}/common</common.resources>
-        <!--TODO: implement "port offset" for tomcat-->
-        <app.server.port.offset>0</app.server.port.offset>
-        <app.server.http.port>8080</app.server.http.port>
-        <app.server.management.port>9990</app.server.management.port>
-    </properties>
-
-    <profiles>
-        <profile>
-            <id>app-server-tomcat7</id>
-            <modules>
-                <module>tomcat7</module>
-            </modules>
-        </profile>
-        <profile>
-            <id>app-server-tomcat8</id>
-            <modules>
-                <module>tomcat8</module>
-            </modules>
-        </profile>
-        <profile>
-            <id>app-server-tomcat9</id>
-            <modules>
-                <module>tomcat9</module>
-            </modules>
-        </profile>
-    </profiles>
-
-</project>

testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat7/pom.xml

@@ -1,46 +0,0 @@
-<?xml version="1.0"?>
-<!--
-~ Copyright 2016 Red Hat, Inc. and/or its affiliates
-~ and other contributors as indicated by the @author tags.
-~
-~ Licensed under the Apache License, Version 2.0 (the "License");
-~ you may not use this file except in compliance with the License.
-~ You may obtain a copy of the License at
-~
-~ http://www.apache.org/licenses/LICENSE-2.0
-~
-~ Unless required by applicable law or agreed to in writing, software
-~ distributed under the License is distributed on an "AS IS" BASIS,
-~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-~ See the License for the specific language governing permissions and
-~ limitations under the License.
--->
-
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-
-    <modelVersion>4.0.0</modelVersion>
-
-    <parent>
-        <groupId>org.keycloak.testsuite</groupId>
-        <artifactId>integration-arquillian-tests-adapters-tomcat</artifactId>
-        <version>5.0.0-SNAPSHOT</version>
-    </parent>
-
-    <artifactId>integration-arquillian-tests-adapters-tomcat7</artifactId>
-
-    <name>Adapter Tests - Tomcat - Tomcat 7</name>
-    
-    <properties>
-        <app.server>tomcat7</app.server>
-    </properties>
-    
-    <dependencies>
-        <dependency>
-            <groupId>org.jboss.arquillian.container</groupId>
-            <artifactId>arquillian-tomcat-managed-7</artifactId>
-            <version>1.0.0.CR7</version>
-        </dependency>
-    </dependencies>
-    
-</project>

testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat7/src/test/java/org/keycloak/testsuite/adapter/Tomcat7OIDCAdapterTest.java

@@ -1,13 +0,0 @@
-package org.keycloak.testsuite.adapter;
-
-import org.keycloak.testsuite.adapter.servlet.DemoServletsAdapterTest;
-import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
-
-/**
- *
- * @author tkyjovsk
- */
-@AppServerContainer("app-server-tomcat7")
-public class Tomcat7OIDCAdapterTest extends DemoServletsAdapterTest {
-
-}

testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat7/src/test/java/org/keycloak/testsuite/adapter/Tomcat7OIDCSessionAdapterTest.java

@@ -1,13 +0,0 @@
-package org.keycloak.testsuite.adapter;
-
-import org.keycloak.testsuite.adapter.servlet.SessionServletAdapterTest;
-import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
-
-/**
- *
- * @author tkyjovsk
- */
-@AppServerContainer("app-server-tomcat7")
-public class Tomcat7OIDCSessionAdapterTest extends SessionServletAdapterTest {
-
-}

testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat8/pom.xml

@@ -1,46 +0,0 @@
-<?xml version="1.0"?>
-<!--
-~ Copyright 2016 Red Hat, Inc. and/or its affiliates
-~ and other contributors as indicated by the @author tags.
-~
-~ Licensed under the Apache License, Version 2.0 (the "License");
-~ you may not use this file except in compliance with the License.
-~ You may obtain a copy of the License at
-~
-~ http://www.apache.org/licenses/LICENSE-2.0
-~
-~ Unless required by applicable law or agreed to in writing, software
-~ distributed under the License is distributed on an "AS IS" BASIS,
-~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-~ See the License for the specific language governing permissions and
-~ limitations under the License.
--->
-
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-
-    <modelVersion>4.0.0</modelVersion>
-
-    <parent>
-        <groupId>org.keycloak.testsuite</groupId>
-        <artifactId>integration-arquillian-tests-adapters-tomcat</artifactId>
-        <version>5.0.0-SNAPSHOT</version>
-    </parent>
-
-    <artifactId>integration-arquillian-tests-adapters-tomcat8</artifactId>
-
-    <name>Adapter Tests - Tomcat - Tomcat 8</name>
-    
-    <properties>
-        <app.server>tomcat8</app.server>
-    </properties>
-    
-    <dependencies>
-        <dependency>
-            <groupId>org.jboss.arquillian.container</groupId>
-            <artifactId>arquillian-tomcat-managed-7</artifactId>
-            <version>1.0.0.CR7</version>
-        </dependency>
-    </dependencies>
-    
-</project>

testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat8/src/test/java/org/keycloak/testsuite/adapter/Tomcat8OIDCAdapterTest.java

@@ -1,13 +0,0 @@
-package org.keycloak.testsuite.adapter;
-
-import org.keycloak.testsuite.adapter.servlet.DemoServletsAdapterTest;
-import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
-
-/**
- *
- * @author tkyjovsk
- */
-@AppServerContainer("app-server-tomcat8")
-public class Tomcat8OIDCAdapterTest extends DemoServletsAdapterTest {
-
-}

testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat8/src/test/java/org/keycloak/testsuite/adapter/Tomcat8OIDCSessionAdapterTest.java

@@ -1,13 +0,0 @@
-package org.keycloak.testsuite.adapter;
-
-import org.keycloak.testsuite.adapter.servlet.SessionServletAdapterTest;
-import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
-
-/**
- *
- * @author tkyjovsk
- */
-@AppServerContainer("app-server-tomcat8")
-public class Tomcat8OIDCSessionAdapterTest extends SessionServletAdapterTest {
-
-}

testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat9/pom.xml

@@ -1,46 +0,0 @@
-<?xml version="1.0"?>
-<!--
-~ Copyright 2016 Red Hat, Inc. and/or its affiliates
-~ and other contributors as indicated by the @author tags.
-~
-~ Licensed under the Apache License, Version 2.0 (the "License");
-~ you may not use this file except in compliance with the License.
-~ You may obtain a copy of the License at
-~
-~ http://www.apache.org/licenses/LICENSE-2.0
-~
-~ Unless required by applicable law or agreed to in writing, software
-~ distributed under the License is distributed on an "AS IS" BASIS,
-~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-~ See the License for the specific language governing permissions and
-~ limitations under the License.
--->
-
-<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-
-    <modelVersion>4.0.0</modelVersion>
-
-    <parent>
-        <groupId>org.keycloak.testsuite</groupId>
-        <artifactId>integration-arquillian-tests-adapters-tomcat</artifactId>
-        <version>5.0.0-SNAPSHOT</version>
-    </parent>
-
-    <artifactId>integration-arquillian-tests-adapters-tomcat9</artifactId>
-
-    <name>Adapter Tests - Tomcat - Tomcat 9</name>
-    
-    <properties>
-        <app.server>tomcat9</app.server>
-    </properties>
-    
-    <dependencies>
-        <dependency>
-            <groupId>org.jboss.arquillian.container</groupId>
-            <artifactId>arquillian-tomcat-managed-7</artifactId>
-            <version>1.0.0.CR7</version>
-        </dependency>
-    </dependencies>
-    
-</project>

testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat9/src/test/java/org/keycloak/testsuite/adapter/Tomcat9OIDCAdapterTest.java

@@ -1,13 +0,0 @@
-package org.keycloak.testsuite.adapter;
-
-import org.keycloak.testsuite.adapter.servlet.DemoServletsAdapterTest;
-import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
-
-/**
- *
- * @author tkyjovsk
- */
-@AppServerContainer("app-server-tomcat9")
-public class Tomcat9OIDCAdapterTest extends DemoServletsAdapterTest {
-
-}

testsuite/integration-arquillian/tests/other/adapters/tomcat/tomcat9/src/test/java/org/keycloak/testsuite/adapter/Tomcat9OIDCSessionAdapterTest.java

@@ -1,13 +0,0 @@
-package org.keycloak.testsuite.adapter;
-
-import org.keycloak.testsuite.adapter.servlet.SessionServletAdapterTest;
-import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
-
-/**
- *
- * @author tkyjovsk
- */
-@AppServerContainer("app-server-tomcat9")
-public class Tomcat9OIDCSessionAdapterTest extends SessionServletAdapterTest {
-
-}

testsuite/integration-arquillian/util/pom.xml

@@ -71,5 +71,21 @@
             <artifactId>jastow</artifactId>
             <version>2.1.0.Final</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.5</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>2.6</version>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.spec.javax.ws.rs</groupId>
+            <artifactId>jboss-jaxrs-api_2.1_spec</artifactId>
+            <version>1.0.1.Final</version>
+        </dependency>
     </dependencies>
 </project>

testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/DeploymentArchiveProcessorUtils.java

@@ -18,6 +18,8 @@ package org.keycloak.testsuite.utils.arquillian;
 
 import java.io.File;
 import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collection;
 import javax.xml.xpath.XPath;
 import javax.xml.xpath.XPathConstants;
 import javax.xml.xpath.XPathExpression;
@@ -59,6 +61,8 @@ public class DeploymentArchiveProcessorUtils {
     public static final String SAML_ADAPTER_CONFIG_PATH_TENANT1 = "/WEB-INF/classes/tenant1-keycloak-saml.xml";
     public static final String SAML_ADAPTER_CONFIG_PATH_TENANT2 = "/WEB-INF/classes/tenant2-keycloak-saml.xml";
     public static final String TRUSTSTORE_PASSWORD = "secret";
+    public static final Collection<String> SAML_CONFIGS = Arrays.asList(SAML_ADAPTER_CONFIG_PATH,
+            SAML_ADAPTER_CONFIG_PATH_TENANT1, SAML_ADAPTER_CONFIG_PATH_TENANT2);
 
     /**
      * @return true iff archive's name equals run-on-server-classes.war

testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/tomcat/TomcatAppServerConfigurationUtils.java

@@ -0,0 +1,49 @@
+package org.keycloak.testsuite.utils.arquillian.tomcat;
+
+import org.jboss.shrinkwrap.descriptor.spi.node.Node;
+
+public class TomcatAppServerConfigurationUtils {
+
+    private static void createChild(Node configuration, String name, String text) {
+        configuration.createChild("property").attribute("name", name).text(text);
+    }
+
+    /**
+     * Original XSL transformation
+     * <p>
+     * <container qualifier="app-server-${{app.server}}" mode="manual" >
+     * <configuration>
+     * <property name="enabled">true</property>
+     * <property name="adapterImplClass">org.jboss.arquillian.container.tomcat.managed_7.TomcatManagedContainer</property>
+     * <property name="catalinaHome">${app.server.home}</property>
+     * <property name="catalinaBase">${app.server.home}</property>
+     * <property name="bindHttpPort">${app.server.http.port}</property>
+     * <property name="jmxPort">${app.server.management.port}</property>
+     * <property name="user">manager</property>
+     * <property name="pass">arquillian</property>
+     * <property name="javaVmArguments">${adapter.test.props}</property>
+     * </configuration>
+     * </container>
+     *
+     * @return arquillian configuration for tomcat container
+     */
+    public static Node getStandaloneConfiguration(Node container, String adapterImplClass,
+                                             String catalinaHome, String bindHttpPort, String jmxPort,
+                                             String user, String pass, String startupTimeoutInSeconds) {
+        Node configuration = container.createChild("configuration");
+        createChild(configuration, "enabled", "true");
+        createChild(configuration, "adapterImplClass", adapterImplClass);
+        createChild(configuration, "catalinaHome", catalinaHome);
+        createChild(configuration, "catalinaBase", catalinaHome);
+        createChild(configuration, "bindHttpPort", bindHttpPort);
+        createChild(configuration, "jmxPort", jmxPort);
+        createChild(configuration, "user", user);
+        createChild(configuration, "pass", pass);
+        createChild(configuration, "javaVmArguments",
+                        System.getProperty("adapter.test.props", " ") + " " +
+                        System.getProperty("app.server.jboss.jvm.debug.args", " "));
+        createChild(configuration,"startupTimeoutInSeconds", startupTimeoutInSeconds);
+
+        return container;
+    }
+}

testsuite/integration-arquillian/util/src/main/java/org/keycloak/testsuite/utils/arquillian/tomcat/TomcatDeploymentArchiveProcessorUtils.java

@@ -0,0 +1,138 @@
+package org.keycloak.testsuite.utils.arquillian.tomcat;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.io.IOUtils;
+import org.jboss.logging.Logger;
+import org.jboss.shrinkwrap.api.Archive;
+import org.jboss.shrinkwrap.api.Node;
+import org.jboss.shrinkwrap.api.asset.ClassAsset;
+import org.jboss.shrinkwrap.api.asset.StringAsset;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.keycloak.testsuite.utils.arquillian.DeploymentArchiveProcessorUtils;
+import org.w3c.dom.Document;
+
+import javax.ws.rs.ApplicationPath;
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+import static org.keycloak.testsuite.utils.io.IOUtil.documentToString;
+import static org.keycloak.testsuite.utils.io.IOUtil.loadXML;
+import static org.keycloak.testsuite.utils.io.IOUtil.modifyDocElementValue;
+import static org.keycloak.testsuite.utils.io.IOUtil.removeElementFromDoc;
+
+public class TomcatDeploymentArchiveProcessorUtils {
+
+    private static final String WAR_CLASSPATH = "/WEB-INF/classes/";
+    private static final String CONTEXT_PATH = "/META-INF/context.xml";
+    private static final String OIDC_VALVE_CLASS = "org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve";
+    private static final String SAML_VALVE_CLASS = "org.keycloak.adapters.saml.tomcat.SamlAuthenticatorValve";
+    private static final Logger LOG = Logger.getLogger(DeploymentArchiveProcessorUtils.class);
+
+
+    /**
+     * Tomcat doesn't load files (e. g. secure-portal keystore) from webarchive classpath
+     * we need to copy it to common classpath /catalina_home/lib
+     * @param archive
+     */
+    public static void copyWarClasspathFilesToCommonTomcatClasspath(Archive<?> archive) {
+        Stream<Node> contentOfArchiveClasspath = archive.getContent(archivePath ->
+                archivePath.get().startsWith(WAR_CLASSPATH)).values().stream() // get all nodes in WAR classpath
+                .filter(node -> StringUtils.countMatches(node.toString(), "/")
+                        == StringUtils.countMatches(WAR_CLASSPATH, "/")  // get only files not directories
+                        && node.toString().contains("."));
+
+
+        String catalinaHome = System.getProperty("app.server.home");
+        contentOfArchiveClasspath.forEach(
+                (Node node) -> {
+                    Path p = Paths.get(node.toString());
+                    File outputFile = new File(catalinaHome + "/lib/" + p.getFileName().toString());
+                    if (!outputFile.exists()) {
+                        try {
+                            Files.copy(node.getAsset().openStream(), outputFile.toPath());
+                        } catch (IOException e) {
+                            throw new RuntimeException("Couldn't copy classpath files from deployed war to common classpath of tomcat", e);
+                        }
+                    }
+                }
+        );
+    }
+
+    public static void replaceKEYCLOAKMethodWithBASIC(Archive<?> archive) {
+        if (!archive.contains(DeploymentArchiveProcessorUtils.WEBXML_PATH)) return;
+
+        try {
+            Document webXmlDoc = loadXML(archive.get(DeploymentArchiveProcessorUtils.WEBXML_PATH).getAsset().openStream());
+
+            LOG.debug("Setting BASIC as auth-method in WEB.XML for " + archive.getName());
+            modifyDocElementValue(webXmlDoc, "auth-method", "KEYCLOAK-SAML", "BASIC");
+            modifyDocElementValue(webXmlDoc, "auth-method", "KEYCLOAK", "BASIC");
+
+            archive.add(new StringAsset((documentToString(webXmlDoc))), DeploymentArchiveProcessorUtils.WEBXML_PATH);
+        } catch (IllegalArgumentException ex) {
+            throw new RuntimeException("Error when processing " + archive.getName(), ex);
+        }
+    }
+
+    public static void removeServletConfigurationInWebXML(Archive<?> archive) {
+        if (!archive.contains(DeploymentArchiveProcessorUtils.WEBXML_PATH)) return;
+
+        try {
+            Document webXmlDoc = loadXML(archive.get(DeploymentArchiveProcessorUtils.WEBXML_PATH).getAsset().openStream());
+
+            LOG.debug("Removing web.xml servlet configuration for " + archive.getName());
+            removeElementFromDoc(webXmlDoc, "web-app/servlet");
+            removeElementFromDoc(webXmlDoc, "web-app/servlet-mapping");
+
+            archive.add(new StringAsset((documentToString(webXmlDoc))), DeploymentArchiveProcessorUtils.WEBXML_PATH);
+        } catch (IllegalArgumentException ex) {
+            throw new RuntimeException("Error when processing " + archive.getName(), ex);
+        }
+    }
+
+    public static void replaceOIDCValveWithSAMLValve(Archive<?> archive) {
+        try {
+            String contextXmlContent = IOUtils.toString(archive.get(CONTEXT_PATH).getAsset().openStream(), "UTF-8")
+                    .replace(OIDC_VALVE_CLASS, SAML_VALVE_CLASS);
+            archive.add(new StringAsset(contextXmlContent), CONTEXT_PATH);
+        } catch (IOException ex) {
+            throw new RuntimeException(ex);
+        }
+    }
+
+    public static boolean isJaxRSApp(Archive<?> archive) {
+        WebArchive webArchive = (WebArchive) archive;
+        Set<Class<?>> classes = webArchive.getContent(archivePath ->
+                archivePath.get().startsWith("/WEB-INF/classes/") &&
+                        archivePath.get().endsWith(".class")
+        ).values().stream()
+                .filter(node -> node.getAsset() instanceof ClassAsset)
+                .map(node -> ((ClassAsset)node.getAsset()).getSource())
+                .filter(clazz -> clazz.isAnnotationPresent(javax.ws.rs.Path.class))
+                .collect(Collectors.toSet());
+
+        return !classes.isEmpty();
+    }
+
+    public static Set<Class<?>> getApplicationConfigClasses(Archive<?> archive) {
+        WebArchive webArchive = (WebArchive) archive;
+        return webArchive.getContent(archivePath ->
+                archivePath.get().startsWith("/WEB-INF/classes/") &&
+                        archivePath.get().endsWith(".class")
+        ).values().stream()
+                .filter(node -> node.getAsset() instanceof ClassAsset)
+                .map(node -> ((ClassAsset)node.getAsset()).getSource())
+                .filter(clazz -> clazz.isAnnotationPresent(ApplicationPath.class))
+                .collect(Collectors.toSet());
+    }
+
+    public static boolean containsApplicationConfigClass(Archive<?> archive) {
+        return !getApplicationConfigClasses(archive).isEmpty();
+    }
+}

testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/helper/adapter/AdapterTestStrategy.java

@@ -1,653 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.keycloak.testsuite.helper.adapter;
-
-import org.keycloak.testsuite.pages.InputPage;
-import org.junit.Assert;
-import org.junit.rules.ExternalResource;
-import org.keycloak.OAuth2Constants;
-import org.keycloak.adapters.OIDCAuthenticationError;
-import org.keycloak.admin.client.Keycloak;
-import org.keycloak.common.util.Time;
-import org.keycloak.models.ClientModel;
-import org.keycloak.models.Constants;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.UserModel;
-import org.keycloak.models.utils.SessionTimeoutHelper;
-import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
-import org.keycloak.representations.idm.RealmRepresentation;
-import org.keycloak.representations.idm.UserRepresentation;
-import org.keycloak.services.managers.RealmManager;
-import org.keycloak.services.managers.ResourceAdminManager;
-import org.keycloak.testsuite.KeycloakServer;
-import org.keycloak.testsuite.OAuthClient;
-import org.keycloak.testsuite.pages.AccountSessionsPage;
-import org.keycloak.testsuite.pages.LoginPage;
-import org.keycloak.testsuite.rule.AbstractKeycloakRule;
-import org.keycloak.testsuite.rule.ErrorServlet;
-import org.keycloak.testsuite.rule.KeycloakRule;
-import org.keycloak.testsuite.rule.WebResource;
-import org.keycloak.testsuite.rule.WebRule;
-import org.keycloak.util.BasicAuthHelper;
-import org.openqa.selenium.WebDriver;
-
-import javax.ws.rs.client.Client;
-import javax.ws.rs.client.ClientBuilder;
-import javax.ws.rs.client.Entity;
-import javax.ws.rs.client.WebTarget;
-import javax.ws.rs.core.Form;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriBuilder;
-import java.net.URI;
-import java.util.List;
-import java.util.Map;
-import java.util.concurrent.atomic.AtomicInteger;
-
-/**
- * Tests Jetty/Tomcat Adapter
- * 
- * Methods from this class are used by testsuite/jetty/* and testsuite/tomcat* modules
- * 
- * TODO: remove this when testsuite/jetty/* and testsuite/tomcat* modules will be migrated to arquillian testsuite
- *
- * @author <a href="mailto:bburke@redhat.com">Bill Burke</a>
- * @author <a href="mailto:john.ament@spartasystems.com">John Ament</a>
- */
-public class AdapterTestStrategy extends ExternalResource {
-
-    protected String AUTH_SERVER_URL = "http://localhost:8081/auth";
-    protected String APP_SERVER_BASE_URL = "http://localhost:8081";
-    protected AbstractKeycloakRule keycloakRule;
-    // some servlet containers redirect to root + "/" if you visit root context
-    protected String slash = "";
-
-    public WebRule webRule = new WebRule(this);
-
-    @WebResource
-    protected WebDriver driver;
-
-    @WebResource
-    protected OAuthClient oauth;
-
-    @WebResource
-    protected LoginPage loginPage;
-
-    @WebResource
-    protected InputPage inputPage;
-
-    @WebResource
-    protected AccountSessionsPage accountSessionsPage;
-
-    protected String LOGIN_URL = OIDCLoginProtocolService.authUrl(UriBuilder.fromUri(AUTH_SERVER_URL)).build("demo").toString();
-
-    public AdapterTestStrategy(String AUTH_SERVER_URL, String APP_SERVER_BASE_URL, AbstractKeycloakRule keycloakRule) {
-        this.AUTH_SERVER_URL = AUTH_SERVER_URL;
-        this.APP_SERVER_BASE_URL = APP_SERVER_BASE_URL;
-        this.keycloakRule = keycloakRule;
-    }
-
-    public AdapterTestStrategy(String AUTH_SERVER_URL, String APP_SERVER_BASE_URL, AbstractKeycloakRule keycloakRule, boolean addSlash) {
-        this.AUTH_SERVER_URL = AUTH_SERVER_URL;
-        this.APP_SERVER_BASE_URL = APP_SERVER_BASE_URL;
-        this.keycloakRule = keycloakRule;
-        // some servlet containers redirect to root + "/" if you visit root context
-        if (addSlash) slash = "/";
-    }
-
-    public static RealmModel baseAdapterTestInitialization(KeycloakSession session, RealmManager manager, RealmModel adminRealm, Class<?> clazz) {
-        RealmRepresentation representation = KeycloakServer.loadJson(clazz.getResourceAsStream("/adapter-test/demorealm.json"), RealmRepresentation.class);
-        RealmModel demoRealm = manager.importRealm(representation);
-        return demoRealm;
-    }
-
-    @Override
-    protected void before() throws Throwable {
-        super.before();
-        webRule.before();
-    }
-
-    @Override
-    protected void after() {
-        super.after();
-        webRule.after();
-
-        // Revert notBefore
-        KeycloakSession session = keycloakRule.startSession();
-        RealmModel realm = session.realms().getRealmByName("demo");
-        session.getContext().setRealm(realm);
-        UserModel user = session.users().getUserByUsername("bburke@redhat.com", realm);
-        session.users().setNotBeforeForUser(realm, user, 0);
-        session.getTransactionManager().commit();
-        session.close();
-    }
-
-    public void testSavedPostRequest() throws Exception {
-        // test login to customer-portal which does a bearer request to customer-db
-        driver.navigate().to(APP_SERVER_BASE_URL + "/input-portal");
-        System.out.println("Current url: " + driver.getCurrentUrl());
-        Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/input-portal" + slash);
-        inputPage.execute("hello");
-
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-        loginPage.login("bburke@redhat.com", "password");
-        System.out.println("Current url: " + driver.getCurrentUrl());
-        Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/input-portal/secured/post");
-        String pageSource = driver.getPageSource();
-        System.out.println(pageSource);
-        Assert.assertTrue(pageSource.contains("parameter=hello"));
-        // test that user principal and KeycloakSecurityContext available
-        driver.navigate().to(APP_SERVER_BASE_URL + "/input-portal/insecure");
-        System.out.println("insecure: ");
-        System.out.println(driver.getPageSource());
-        Assert.assertTrue(driver.getPageSource().contains("Insecure Page"));
-        if (System.getProperty("insecure.user.principal.unsupported") == null)
-            Assert.assertTrue(driver.getPageSource().contains("UserPrincipal"));
-
-        // test logout
-
-        String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
-                .queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/customer-portal").build("demo").toString();
-        driver.navigate().to(logoutUri);
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-
-        // test unsecured POST KEYCLOAK-901
-
-        Client client = ClientBuilder.newClient();
-        Form form = new Form();
-        form.param("parameter", "hello");
-        String text = client.target(APP_SERVER_BASE_URL + "/input-portal/unsecured").request().post(Entity.form(form), String.class);
-        Assert.assertTrue(text.contains("parameter=hello"));
-        client.close();
-
-    }
-
-
-    public void testLoginSSOAndLogout() throws Exception {
-        // test login to customer-portal which does a bearer request to customer-db
-        driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
-        System.out.println("Current url: " + driver.getCurrentUrl());
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-        loginPage.login("bburke@redhat.com", "password");
-        System.out.println("Current url: " + driver.getCurrentUrl());
-        Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
-        String pageSource = driver.getPageSource();
-        System.out.println(pageSource);
-        Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
-
-        // test SSO
-        driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
-        Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/product-portal" + slash);
-        pageSource = driver.getPageSource();
-        System.out.println(pageSource);
-        Assert.assertTrue(pageSource.contains("iPhone") && pageSource.contains("iPad"));
-
-        // View stats
-        try (Keycloak adminClient = Keycloak.getInstance("http://localhost:8081/auth", "master", "admin", "admin", Constants.ADMIN_CLI_CLIENT_ID)) {
-            List<Map<String, String>> stats = adminClient.realm("demo").getClientSessionStats();
-            Map<String, String> customerPortalStats = null;
-            Map<String, String> productPortalStats = null;
-            for (Map<String, String> s : stats) {
-                if (s.get("clientId").equals("customer-portal")) {
-                    customerPortalStats = s;
-                } else if (s.get("clientId").equals("product-portal")) {
-                    productPortalStats = s;
-                }
-            }
-            Assert.assertEquals(1, Integer.parseInt(customerPortalStats.get("active")));
-            Assert.assertEquals(1, Integer.parseInt(productPortalStats.get("active")));
-        }
-
-        // test logout
-        String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
-                .queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/customer-portal").build("demo").toString();
-        driver.navigate().to(logoutUri);
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-    }
-
-    /**
-     * KEYCLOAK-3509
-     *
-     * @throws Exception
-     */
-    public void testLoginEncodedRedirectUri() throws Exception {
-        // test login to customer-portal which does a bearer request to customer-db
-        driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal?encodeTest=a%3Cb");
-        System.out.println("Current url: " + driver.getCurrentUrl());
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-        loginPage.login("bburke@redhat.com", "password");
-        System.out.println("Current url: " + driver.getCurrentUrl());
-        Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/product-portal" + slash + "?encodeTest=a%3Cb");
-        String pageSource = driver.getPageSource();
-        System.out.println(pageSource);
-        Assert.assertTrue(pageSource.contains("iPhone"));
-        Assert.assertTrue(pageSource.contains("uriEncodeTest=true"));
-
-        // test logout
-        String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
-                .queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/product-portal").build("demo").toString();
-        driver.navigate().to(logoutUri);
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-    }
-
-
-    public void testServletRequestLogout() throws Exception {
-        // test login to customer-portal which does a bearer request to customer-db
-        driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
-        System.out.println("Current url: " + driver.getCurrentUrl());
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-        loginPage.login("bburke@redhat.com", "password");
-        System.out.println("Current url: " + driver.getCurrentUrl());
-        Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
-        String pageSource = driver.getPageSource();
-        System.out.println(pageSource);
-        Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
-
-        // test SSO
-        driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
-        Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/product-portal" + slash);
-        pageSource = driver.getPageSource();
-        System.out.println(pageSource);
-        Assert.assertTrue(pageSource.contains("iPhone") && pageSource.contains("iPad"));
-
-        // back
-        driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
-        System.out.println("Current url: " + driver.getCurrentUrl());
-        Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
-        pageSource = driver.getPageSource();
-        System.out.println(pageSource);
-        Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
-        // test logout
-
-        driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal/logout");
-        Assert.assertTrue(driver.getPageSource().contains("servlet logout ok"));
-
-
-        driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
-        String currentUrl = driver.getCurrentUrl();
-        Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-
-
-    }
-
-    public void testLoginSSOIdle() throws Exception {
-        // test login to customer-portal which does a bearer request to customer-db
-        driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
-        System.out.println("Current url: " + driver.getCurrentUrl());
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-        loginPage.login("bburke@redhat.com", "password");
-        System.out.println("Current url: " + driver.getCurrentUrl());
-        Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
-        String pageSource = driver.getPageSource();
-        System.out.println(pageSource);
-        Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
-
-        KeycloakSession session = keycloakRule.startSession();
-        RealmModel realm = session.realms().getRealmByName("demo");
-        session.getContext().setRealm(realm);
-        int originalIdle = realm.getSsoSessionIdleTimeout();
-        realm.setSsoSessionIdleTimeout(1);
-        session.getTransactionManager().commit();
-        session.close();
-
-        // Needs to add some additional time due the tolerance allowed by IDLE_TIMEOUT_WINDOW_SECONDS
-        Time.setOffset(2 + SessionTimeoutHelper.IDLE_TIMEOUT_WINDOW_SECONDS);
-
-        // test SSO
-        driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-
-        session = keycloakRule.startSession();
-        realm = session.realms().getRealmByName("demo");
-        session.getContext().setRealm(realm);
-        realm.setSsoSessionIdleTimeout(originalIdle);
-        session.getTransactionManager().commit();
-        session.close();
-
-        Time.setOffset(0);
-    }
-
-    public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
-        // test login to customer-portal which does a bearer request to customer-db
-        driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
-        System.out.println("Current url: " + driver.getCurrentUrl());
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-        loginPage.login("bburke@redhat.com", "password");
-        System.out.println("Current url: " + driver.getCurrentUrl());
-        Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
-        String pageSource = driver.getPageSource();
-        System.out.println(pageSource);
-        Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
-
-        KeycloakSession session = keycloakRule.startSession();
-        RealmModel realm = session.realms().getRealmByName("demo");
-        session.getContext().setRealm(realm);
-        int originalIdle = realm.getSsoSessionIdleTimeout();
-        realm.setSsoSessionIdleTimeout(1);
-        session.getTransactionManager().commit();
-        session.close();
-
-        // Needs to add some additional time due the tolerance allowed by IDLE_TIMEOUT_WINDOW_SECONDS
-        Time.setOffset(2 + SessionTimeoutHelper.IDLE_TIMEOUT_WINDOW_SECONDS);
-
-        session = keycloakRule.startSession();
-        realm = session.realms().getRealmByName("demo");
-        session.getContext().setRealm(realm);
-        session.sessions().removeExpired(realm);
-        session.getTransactionManager().commit();
-        session.close();
-
-        // test SSO
-        driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-
-        session = keycloakRule.startSession();
-        realm = session.realms().getRealmByName("demo");
-        session.getContext().setRealm(realm);
-        // need to cleanup so other tests don't fail, so invalidate http sessions on remote clients.
-        UserModel user = session.users().getUserByUsername("bburke@redhat.com", realm);
-        new ResourceAdminManager(session).logoutUser(null, realm, user, session);
-        realm.setSsoSessionIdleTimeout(originalIdle);
-        session.getTransactionManager().commit();
-        session.close();
-
-        Time.setOffset(0);
-    }
-
-    public void testLoginSSOMax() throws Exception {
-        // test login to customer-portal which does a bearer request to customer-db
-        driver.navigate().to(APP_SERVER_BASE_URL + "/customer-portal");
-        System.out.println("Current url: " + driver.getCurrentUrl());
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-        loginPage.login("bburke@redhat.com", "password");
-        System.out.println("Current url: " + driver.getCurrentUrl());
-        Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/customer-portal" + slash);
-        String pageSource = driver.getPageSource();
-        System.out.println(pageSource);
-        Assert.assertTrue(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
-
-        KeycloakSession session = keycloakRule.startSession();
-        RealmModel realm = session.realms().getRealmByName("demo");
-        session.getContext().setRealm(realm);
-        int original = realm.getSsoSessionMaxLifespan();
-        realm.setSsoSessionMaxLifespan(1);
-        session.getTransactionManager().commit();
-        session.close();
-
-        Time.setOffset(2);
-
-
-        // test SSO
-        driver.navigate().to(APP_SERVER_BASE_URL + "/product-portal");
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-
-        session = keycloakRule.startSession();
-        realm = session.realms().getRealmByName("demo");
-        session.getContext().setRealm(realm);
-        realm.setSsoSessionMaxLifespan(original);
-        session.getTransactionManager().commit();
-        session.close();
-
-        Time.setOffset(0);
-    }
-
-    /**
-     * KEYCLOAK-518
-     * @throws Exception
-     */
-    public void testNullBearerToken() throws Exception {
-        Client client = ClientBuilder.newClient();
-        WebTarget target = client.target(APP_SERVER_BASE_URL + "/customer-db/");
-        Response response = target.request().get();
-        Assert.assertEquals(401, response.getStatus());
-        response.close();
-        response = target.request().header(HttpHeaders.AUTHORIZATION, "Bearer null").get();
-        Assert.assertEquals(401, response.getStatus());
-        response.close();
-        client.close();
-
-    }
-
-    /**
-     * KEYCLOAK-1368
-     * @throws Exception
-     */
-    public void testNullBearerTokenCustomErrorPage() throws Exception {
-        ErrorServlet.authError = null;
-        Client client = ClientBuilder.newClient();
-        WebTarget target = client.target(APP_SERVER_BASE_URL + "/customer-db-error-page/");
-
-        Response response = target.request().get();
-
-        // TODO: follow redirects automatically if possible
-        if (response.getStatus() == 302) {
-            String location = response.getHeaderString(HttpHeaders.LOCATION);
-            response.close();
-            response = client.target(location).request().get();
-        }
-        Assert.assertEquals(401, response.getStatus());
-        String errorPageResponse = response.readEntity(String.class);
-        Assert.assertTrue(errorPageResponse.contains("Error Page"));
-        response.close();
-        Assert.assertNotNull(ErrorServlet.authError);
-        OIDCAuthenticationError error = (OIDCAuthenticationError) ErrorServlet.authError;
-        Assert.assertEquals(OIDCAuthenticationError.Reason.NO_BEARER_TOKEN, error.getReason());
-
-        ErrorServlet.authError = null;
-        response = target.request().header(HttpHeaders.AUTHORIZATION, "Bearer null").get();
-        // TODO: follow redirects automatically if possible
-        if (response.getStatus() == 302) {
-            String location = response.getHeaderString(HttpHeaders.LOCATION);
-            response.close();
-            response = client.target(location).request().get();
-        }
-        Assert.assertEquals(401, response.getStatus());
-        errorPageResponse = response.readEntity(String.class);
-        Assert.assertTrue(errorPageResponse.contains("Error Page"));
-        response.close();
-        Assert.assertNotNull(ErrorServlet.authError);
-        error = (OIDCAuthenticationError) ErrorServlet.authError;
-        Assert.assertEquals(OIDCAuthenticationError.Reason.INVALID_TOKEN, error.getReason());
-
-        client.close();
-
-    }
-
-    /**
-     * KEYCLOAK-518
-     * @throws Exception
-     */
-    public void testBadUser() throws Exception {
-        Client client = ClientBuilder.newClient();
-        UriBuilder builder = UriBuilder.fromUri(AUTH_SERVER_URL);
-        URI uri = OIDCLoginProtocolService.tokenUrl(builder).build("demo");
-        WebTarget target = client.target(uri);
-        String header = BasicAuthHelper.createHeader("customer-portal", "password");
-        Form form = new Form();
-        form.param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD)
-                .param("username", "monkey@redhat.com")
-                .param("password", "password");
-        Response response = target.request()
-                .header(HttpHeaders.AUTHORIZATION, header)
-                .post(Entity.form(form));
-        Assert.assertEquals(401, response.getStatus());
-        response.close();
-        client.close();
-
-    }
-
-    /**
-     * KEYCLOAK-732
-     *
-     * @throws Throwable
-     */
-    public void testSingleSessionInvalidated() throws Throwable {
-        AdapterTestStrategy browser1 = this;
-        AdapterTestStrategy browser2 = new AdapterTestStrategy(AUTH_SERVER_URL, APP_SERVER_BASE_URL, keycloakRule);
-
-        loginAndCheckSession(browser1.driver, browser1.loginPage);
-
-        // Open browser2
-        browser2.webRule.before();
-        try {
-            loginAndCheckSession(browser2.driver, browser2.loginPage);
-
-            // Logout in browser1
-            String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
-                    .queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/session-portal").build("demo").toString();
-            browser1.driver.navigate().to(logoutUri);
-            Assert.assertTrue(browser1.driver.getCurrentUrl().startsWith(LOGIN_URL));
-
-            // Assert that I am logged out in browser1
-            browser1.driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
-            Assert.assertTrue(browser1.driver.getCurrentUrl().startsWith(LOGIN_URL));
-
-            // Assert that I am still logged in browser2 and same session is still preserved
-            browser2.driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
-            Assert.assertEquals(browser2.driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/session-portal" + slash);
-            String pageSource = browser2.driver.getPageSource();
-            Assert.assertTrue(pageSource.contains("Counter=3"));
-
-            browser2.driver.navigate().to(logoutUri);
-            Assert.assertTrue(browser2.driver.getCurrentUrl().startsWith(LOGIN_URL));
-        } finally {
-            browser2.webRule.after();
-        }
-    }
-
-    /**
-     * KEYCLOAK-741
-     */
-    public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
-        final AtomicInteger origTokenLifespan = new AtomicInteger();
-
-        // Delete adminUrl and set short accessTokenLifespan
-        keycloakRule.update(new KeycloakRule.KeycloakSetup() {
-            @Override
-            public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel demoRealm) {
-                ClientModel sessionPortal = demoRealm.getClientByClientId("session-portal");
-                sessionPortal.setManagementUrl(null);
-
-                origTokenLifespan.set(demoRealm.getAccessTokenLifespan());
-                demoRealm.setAccessTokenLifespan(1);
-            }
-        }, "demo");
-
-        // Login
-        loginAndCheckSession(driver, loginPage);
-
-        // Logout
-        String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(AUTH_SERVER_URL))
-                .queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/session-portal").build("demo").toString();
-        driver.navigate().to(logoutUri);
-
-        // Wait until accessToken is expired
-        Time.setOffset(2);
-
-        // Assert that http session was invalidated
-        driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
-        String currentUrl = driver.getCurrentUrl();
-        Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
-        loginPage.login("bburke@redhat.com", "password");
-        Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/session-portal" + slash);
-        String pageSource = driver.getPageSource();
-        Assert.assertTrue(pageSource.contains("Counter=1"));
-
-        keycloakRule.update(new KeycloakRule.KeycloakSetup() {
-
-            @Override
-            public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel demoRealm) {
-                ClientModel sessionPortal = demoRealm.getClientByClientId("session-portal");
-                sessionPortal.setManagementUrl(APP_SERVER_BASE_URL + "/session-portal");
-
-                demoRealm.setAccessTokenLifespan(origTokenLifespan.get());
-            }
-
-        }, "demo");
-
-        Time.setOffset(0);
-    }
-
-    /**
-     * KEYCLOAK-942
-     */
-    public void testAdminApplicationLogout() throws Throwable {
-        // login as bburke
-        loginAndCheckSession(driver, loginPage);
-
-        // logout mposolda with admin client
-        try (Keycloak keycloakAdmin = Keycloak.getInstance(AUTH_SERVER_URL, "master", "admin", "admin", Constants.ADMIN_CLI_CLIENT_ID)) {
-            UserRepresentation mposolda = keycloakAdmin.realm("demo").users().search("mposolda", null, null, null, null, null).get(0);
-            keycloakAdmin.realm("demo").users().get(mposolda.getId()).logout();
-
-            // bburke should be still logged with original httpSession in our browser window
-            driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
-            Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/session-portal" + slash);
-            String pageSource = driver.getPageSource();
-            Assert.assertTrue(pageSource.contains("Counter=3"));
-        }
-    }
-
-    /**
-     * KEYCLOAK-1216
-     */
-    public void testAccountManagementSessionsLogout() throws Throwable {
-        // login as bburke
-        loginAndCheckSession(driver, loginPage);
-
-        // logout sessions in account management
-        accountSessionsPage.realm("demo");
-        accountSessionsPage.open();
-        Assert.assertTrue(accountSessionsPage.isCurrent());
-        accountSessionsPage.logoutAll();
-
-        // Assert I need to login again (logout was propagated to the app)
-        loginAndCheckSession(driver, loginPage);
-    }
-
-    protected void loginAndCheckSession(WebDriver driver, LoginPage loginPage) {
-        driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
-        String currentUrl = driver.getCurrentUrl();
-        Assert.assertTrue(currentUrl.startsWith(LOGIN_URL));
-        loginPage.login("bburke@redhat.com", "password");
-        System.out.println("Current url: " + driver.getCurrentUrl());
-        Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/session-portal" + slash);
-        String pageSource = driver.getPageSource();
-        Assert.assertTrue(pageSource.contains("Counter=1"));
-
-        // Counter increased now
-        driver.navigate().to(APP_SERVER_BASE_URL + "/session-portal");
-        pageSource = driver.getPageSource();
-        Assert.assertTrue(pageSource.contains("Counter=2"));
-
-    }
-}

testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/helper/adapter/SamlAdapterTestStrategy.java

@@ -1,675 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.testsuite.helper.adapter;
-
-import org.apache.commons.io.IOUtils;
-import org.junit.Assert;
-import org.junit.rules.ExternalResource;
-import org.keycloak.adapters.saml.SamlAuthenticationError;
-import org.keycloak.adapters.saml.SamlPrincipal;
-import org.keycloak.admin.client.Keycloak;
-import org.keycloak.admin.client.resource.RealmResource;
-import org.keycloak.common.util.KeyUtils;
-import org.keycloak.common.util.Retry;
-import org.keycloak.models.ClientModel;
-import org.keycloak.models.Constants;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.ProtocolMapperModel;
-import org.keycloak.models.RealmModel;
-import org.keycloak.protocol.saml.mappers.*;
-import org.keycloak.representations.idm.ClientRepresentation;
-import org.keycloak.representations.idm.RealmRepresentation;
-import org.keycloak.saml.BaseSAML2BindingBuilder;
-import org.keycloak.saml.SAML2ErrorResponseBuilder;
-import org.keycloak.saml.SignatureAlgorithm;
-import org.keycloak.saml.common.constants.GeneralConstants;
-import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
-import org.keycloak.saml.processing.core.saml.v2.constants.X500SAMLProfileConstants;
-import org.keycloak.services.managers.RealmManager;
-import org.keycloak.testsuite.KeycloakServer;
-import org.keycloak.testsuite.PageUtils;
-import org.keycloak.testsuite.adapter.servlet.SamlSPFacade;
-import org.keycloak.testsuite.pages.InputPage;
-import org.keycloak.testsuite.pages.LoginPage;
-import org.keycloak.testsuite.rule.AbstractKeycloakRule;
-import org.keycloak.testsuite.rule.ErrorServlet;
-import org.keycloak.testsuite.rule.KeycloakRule;
-import org.keycloak.testsuite.rule.WebResource;
-import org.keycloak.testsuite.rule.WebRule;
-import org.openqa.selenium.WebDriver;
-import org.w3c.dom.Document;
-
-import javax.ws.rs.client.Client;
-import javax.ws.rs.client.ClientBuilder;
-import javax.ws.rs.client.Entity;
-import javax.ws.rs.core.Form;
-import javax.ws.rs.core.Response;
-import java.io.IOException;
-import java.net.URI;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.*;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertThat;
-import static org.hamcrest.collection.IsIterableContainingInAnyOrder.containsInAnyOrder;
-
-/**
- * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
- * @version $Revision: 1 $
- */
-public class SamlAdapterTestStrategy extends ExternalResource {
-    protected String AUTH_SERVER_URL = "http://localhost:8081/auth";
-    protected String APP_SERVER_BASE_URL = "http://localhost:8081";
-    protected AbstractKeycloakRule keycloakRule;
-
-    private static final String REALM_PRIVATE_KEY_STR = "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=";
-    private static PrivateKey REALM_PRIVATE_KEY;
-    private static final String REALM_PUBLIC_KEY_STR = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB";
-    private static PublicKey REALM_PUBLIC_KEY;
-
-    static {
-        try {
-            KeyFactory kf = KeyFactory.getInstance("RSA");
-            byte[] encoded = Base64.getDecoder().decode(REALM_PUBLIC_KEY_STR);
-            REALM_PUBLIC_KEY = (PublicKey) kf.generatePublic(new X509EncodedKeySpec(encoded));
-
-            encoded = Base64.getDecoder().decode(REALM_PRIVATE_KEY_STR);
-            REALM_PRIVATE_KEY = (PrivateKey) kf.generatePrivate(new PKCS8EncodedKeySpec(encoded));
-        } catch (NoSuchAlgorithmException | InvalidKeySpecException ex) {
-            Logger.getLogger(SamlAdapterTestStrategy.class.getName()).log(Level.SEVERE, null, ex);
-        }
-    }
-
-    public SamlAdapterTestStrategy(String AUTH_SERVER_URL, String APP_SERVER_BASE_URL, AbstractKeycloakRule keycloakRule) {
-        this.AUTH_SERVER_URL = AUTH_SERVER_URL;
-        this.APP_SERVER_BASE_URL = APP_SERVER_BASE_URL;
-        this.keycloakRule = keycloakRule;
-    }
-
-    public WebRule webRule = new WebRule(this);
-
-
-    @WebResource
-    protected WebDriver driver;
-    @WebResource
-    protected LoginPage loginPage;
-    @WebResource
-    protected InputPage inputPage;
-
-    @Override
-    protected void before() throws Throwable {
-        super.before();
-        webRule.before();
-    }
-
-    @Override
-    protected void after() {
-        super.after();
-        webRule.after();
-    }
-
-    public static RealmModel baseAdapterTestInitialization(KeycloakSession session, RealmManager manager, RealmModel adminRealm, Class<?> clazz) {
-        RealmRepresentation representation = KeycloakServer.loadJson(clazz.getResourceAsStream("/keycloak-saml/testsaml.json"), RealmRepresentation.class);
-        RealmModel demoRealm = manager.importRealm(representation);
-        return demoRealm;
-    }
-
-
-
-    protected void checkLoggedOut(String mainUrl, boolean postBinding) {
-        String pageSource = driver.getPageSource();
-        System.out.println("*** logout pagesource ***");
-        System.out.println(pageSource);
-        System.out.println("driver url: " + driver.getCurrentUrl());
-        Assert.assertTrue(pageSource.contains("request-path: /logout.jsp"));
-        driver.navigate().to(mainUrl);
-        checkAtLoginPage(postBinding);
-    }
-
-    protected void checkAtLoginPage(boolean postBinding) {
-        if (postBinding) assertAtLoginPagePostBinding();
-        else assertAtLoginPageRedirectBinding();
-    }
-
-    protected void assertAtLoginPageRedirectBinding() {
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(AUTH_SERVER_URL + "/realms/demo/protocol/saml"));
-    }
-    protected void assertAtLoginPagePostBinding() {
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(AUTH_SERVER_URL + "/realms/demo/login-actions/authenticate"));
-    }
-
-    public void testSavedPostRequest() throws Exception {
-        // test login to customer-portal which does a bearer request to customer-db
-        driver.navigate().to(APP_SERVER_BASE_URL + "/input-portal");
-        System.err.println("*********** Current url: " + driver.getCurrentUrl());
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(APP_SERVER_BASE_URL + "/input-portal"));
-        inputPage.execute("hello");
-
-        assertAtLoginPagePostBinding();
-        loginPage.login("bburke@redhat.com", "password");
-        System.out.println("Current url: " + driver.getCurrentUrl());
-        Assert.assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/input-portal/secured/post");
-        String pageSource = driver.getPageSource();
-        System.out.println(pageSource);
-        Assert.assertTrue(pageSource.contains("parameter=hello"));
-        // test that user principal and KeycloakSecurityContext available
-        driver.navigate().to(APP_SERVER_BASE_URL + "/input-portal/insecure");
-        System.out.println("insecure: ");
-        System.out.println(driver.getPageSource());
-        Assert.assertTrue(driver.getPageSource().contains("Insecure Page"));
-        if (System.getProperty("insecure.user.principal.unsupported") == null) Assert.assertTrue(driver.getPageSource().contains("UserPrincipal"));
-
-        // test logout
-
-        driver.navigate().to(APP_SERVER_BASE_URL + "/input-portal?GLO=true");
-
-        // test unsecured POST KEYCLOAK-901
-
-        Client client = ClientBuilder.newClient();
-        Form form = new Form();
-        form.param("parameter", "hello");
-        String text = client.target(APP_SERVER_BASE_URL + "/input-portal/unsecured").request().post(Entity.form(form), String.class);
-        Assert.assertTrue(text.contains("parameter=hello"));
-        client.close();
-
-    }
-
-
-
-    public void testErrorHandlingUnsigned() throws Exception {
-        ErrorServlet.authError = null;
-        Client client = ClientBuilder.newClient();
-        // make sure
-        Response response = client.target(APP_SERVER_BASE_URL + "/employee-sig/").request().get();
-        response.close();
-        SAML2ErrorResponseBuilder builder = new SAML2ErrorResponseBuilder()
-                .destination(APP_SERVER_BASE_URL + "/employee-sig/saml")
-                        .issuer(AUTH_SERVER_URL + "/realms/demo")
-                        .status(JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get());
-        BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder()
-                .relayState(null);
-        Document document = builder.buildDocument();
-        URI uri = binding.redirectBinding(document).generateURI(APP_SERVER_BASE_URL + "/employee-sig/saml", false);
-        response = client.target(uri).request().get();
-        String errorPage = response.readEntity(String.class);
-        response.close();
-        Assert.assertTrue(errorPage.contains("Error Page"));
-        client.close();
-        Assert.assertNotNull(ErrorServlet.authError);
-        SamlAuthenticationError error = (SamlAuthenticationError)ErrorServlet.authError;
-        Assert.assertEquals(SamlAuthenticationError.Reason.INVALID_SIGNATURE, error.getReason());
-        Assert.assertNotNull(error.getStatus());
-        ErrorServlet.authError = null;
-
-    }
-
-    public void testErrorHandlingSigned() throws Exception {
-        ErrorServlet.authError = null;
-        Client client = ClientBuilder.newClient();
-        // make sure
-        Response response = client.target(APP_SERVER_BASE_URL + "/employee-sig/").request().get();
-        response.close();
-        SAML2ErrorResponseBuilder builder = new SAML2ErrorResponseBuilder()
-                .destination(APP_SERVER_BASE_URL + "/employee-sig/saml")
-                        .issuer(AUTH_SERVER_URL + "/realms/demo")
-                        .status(JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get());
-        BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder()
-                .relayState(null)
-                .signatureAlgorithm(SignatureAlgorithm.RSA_SHA256)
-                .signWith(KeyUtils.createKeyId(REALM_PRIVATE_KEY), REALM_PRIVATE_KEY, REALM_PUBLIC_KEY)
-                .signDocument();
-        Document document = builder.buildDocument();
-        URI uri = binding.generateRedirectUri(GeneralConstants.SAML_RESPONSE_KEY, APP_SERVER_BASE_URL + "/employee-sig/saml", document);
-        response = client.target(uri).request().get();
-        String errorPage = response.readEntity(String.class);
-        response.close();
-        Assert.assertTrue(errorPage.contains("Error Page"));
-        client.close();
-        Assert.assertNotNull(ErrorServlet.authError);
-        SamlAuthenticationError error = (SamlAuthenticationError)ErrorServlet.authError;
-        Assert.assertEquals(SamlAuthenticationError.Reason.ERROR_STATUS, error.getReason());
-        Assert.assertNotNull(error.getStatus());
-        ErrorServlet.authError = null;
-
-    }
-
-    public void testPostSimpleLoginLogout() {
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post/");
-        assertAtLoginPagePostBinding();
-        loginPage.login("bburke", "password");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post/");
-        System.out.println(driver.getPageSource());
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post?GLO=true");
-        checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post/", true);
-    }
-
-    public void testPostPassiveLoginLogout(boolean forbiddenIfNotauthenticated) {
-        // first request on passive app - no login page shown, user not logged in as we are in passive mode.
-        // Shown page depends on used authentication mechanism, some may return forbidden error, some return requested page with anonymous user (not logged in)
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-passive/");
-        assertEquals(APP_SERVER_BASE_URL + "/sales-post-passive/saml", driver.getCurrentUrl());
-        System.out.println(driver.getPageSource());
-        if (forbiddenIfNotauthenticated) {
-            Assert.assertTrue(driver.getPageSource().contains("HTTP status code: 403"));
-        } else {
-            Assert.assertTrue(driver.getPageSource().contains("principal=null"));
-        }
-
-        // login user by asking login from other app
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post/");
-        loginPage.login("bburke", "password");
-
-        // navigate to the passive app again, we have to be logged in now
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-passive/");
-        assertEquals(APP_SERVER_BASE_URL + "/sales-post-passive/", driver.getCurrentUrl());
-        System.out.println(driver.getPageSource());
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-
-        // logout from both app
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-passive?GLO=true");
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post?GLO=true");
-
-        // refresh passive app page, not logged in again as we are in passive mode
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-passive/");
-        assertEquals(APP_SERVER_BASE_URL + "/sales-post-passive/saml", driver.getCurrentUrl());
-        Assert.assertFalse(driver.getPageSource().contains("bburke"));
-    }
-
-    public void testPostSimpleUnauthorized(CheckAuthError error) {
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post/");
-        assertAtLoginPagePostBinding();
-        loginPage.login("unauthorized", "password");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post/");
-        System.out.println(driver.getPageSource());
-        error.check(driver);
-    }
-
-    public void testPostSimpleLoginLogoutIdpInitiated() {
-        driver.navigate().to(AUTH_SERVER_URL + "/realms/demo/protocol/saml/clients/sales-post");
-        loginPage.login("bburke", "password");
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(APP_SERVER_BASE_URL + "/sales-post"));
-        System.out.println(driver.getPageSource());
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post?GLO=true");
-        checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post/", true);
-    }
-
-    public void testPostSimpleLoginLogoutIdpInitiatedRedirectTo() {
-        driver.navigate().to(AUTH_SERVER_URL + "/realms/demo/protocol/saml/clients/sales-post2");
-        loginPage.login("bburke", "password");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post2/foo");
-        System.out.println(driver.getPageSource());
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post2?GLO=true");
-        checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post2/", true);
-    }
-
-    public void testPostSignedLoginLogout() {
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig/");
-        assertAtLoginPagePostBinding();
-        loginPage.login("bburke", "password");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post-sig/");
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig?GLO=true");
-        checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post-sig/", true);
-
-    }
-    public void testPostSignedResponseAndAssertionLoginLogout() {
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-assertion-and-response-sig/");
-        assertAtLoginPagePostBinding();
-        loginPage.login("bburke", "password");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post-assertion-and-response-sig/");
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-assertion-and-response-sig?GLO=true");
-        checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post-assertion-and-response-sig/", true);
-
-    }
-    public void testPostSignedLoginLogoutTransientNameID() {
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig-transient/");
-        assertAtLoginPagePostBinding();
-        loginPage.login("bburke", "password");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post-sig-transient/");
-        System.out.println(driver.getPageSource());
-        Assert.assertFalse(driver.getPageSource().contains("bburke"));
-        Assert.assertTrue(driver.getPageSource().contains("principal=G-"));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig-transient?GLO=true");
-        checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post-sig-transient/", true);
-
-    }
-    public void testPostSignedLoginLogoutPersistentNameID() {
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig-persistent/");
-        assertAtLoginPagePostBinding();
-        loginPage.login("bburke", "password");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post-sig-persistent/");
-        System.out.println(driver.getPageSource());
-        Assert.assertFalse(driver.getPageSource().contains("bburke"));
-        Assert.assertTrue(driver.getPageSource().contains("principal=G-"));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig-persistent?GLO=true");
-        checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post-sig-persistent/", true);
-
-    }
-    public void testPostSignedLoginLogoutEmailNameID() {
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig-email/");
-        assertAtLoginPagePostBinding();
-        loginPage.login("bburke", "password");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post-sig-email/");
-        System.out.println(driver.getPageSource());
-        Assert.assertTrue(driver.getPageSource().contains("principal=bburke@redhat.com"));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig-email?GLO=true");
-        checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post-sig-email/", true);
-
-    }
-
-    public void testRelayStateEncoding() throws Exception {
-        // this test has a hardcoded SAMLRequest and we hack a SP face servlet to get the SAMLResponse so we can look
-        // at the relay state
-        SamlSPFacade.samlResponse = null;
-        driver.navigate().to(APP_SERVER_BASE_URL + "/employee/");
-        assertAtLoginPageRedirectBinding();
-        System.out.println(driver.getCurrentUrl());
-        loginPage.login("bburke", "password");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee/");
-        assertEquals(SamlSPFacade.sentRelayState, SamlSPFacade.RELAY_STATE);
-        Assert.assertNotNull(SamlSPFacade.samlResponse);
-
-    }
-
-    public void testAttributes() throws Exception {
-        keycloakRule.update(new KeycloakRule.KeycloakSetup() {
-            @Override
-            public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-                ClientModel app = appRealm.getClientByClientId(APP_SERVER_BASE_URL + "/employee2/");
-                app.addProtocolMapper(GroupMembershipMapper.create("groups", "group", null, null, true));
-                app.addProtocolMapper(UserAttributeStatementMapper.createAttributeMapper("topAttribute", "topAttribute", "topAttribute", "Basic", null));
-                app.addProtocolMapper(UserAttributeStatementMapper.createAttributeMapper("level2Attribute", "level2Attribute", "level2Attribute", "Basic", null));
-                app.addProtocolMapper(ScriptBasedMapper.create("test-script-mapper1", "script-single-value", "Basic", null, "'hello_' + user.getUsername()", true));
-                app.addProtocolMapper(ScriptBasedMapper.create("test-script-mapper2", "script-multiple-values-single-attribute-array", "Basic", null, "Java.to(['A', 'B', 'C'], Java.type('java.lang.String[]'))", true));
-                app.addProtocolMapper(ScriptBasedMapper.create("test-script-mapper3", "script-multiple-values-single-attribute-list", "Basic", null, "new java.util.ArrayList(['D', 'E', 'F'])", true));
-                app.addProtocolMapper(ScriptBasedMapper.create("test-script-mapper4", "script-multiple-values-multiple-attributes-set", "Basic", null, "new java.util.HashSet(['G', 'H', 'I'])", false));
-            }
-        }, "demo");
-        {
-            SendUsernameServlet.sentPrincipal = null;
-            SendUsernameServlet.checkRoles = null;
-            driver.navigate().to(APP_SERVER_BASE_URL + "/employee2/");
-            assertAtLoginPagePostBinding();
-            List<String> requiredRoles = new LinkedList<>();
-            requiredRoles.add("manager");
-            requiredRoles.add("user");
-            SendUsernameServlet.checkRoles = requiredRoles;
-            loginPage.login("level2GroupUser", "password");
-            assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee2/");
-            SendUsernameServlet.checkRoles = null;
-            SamlPrincipal principal = (SamlPrincipal) SendUsernameServlet.sentPrincipal;
-            Assert.assertNotNull(principal);
-            assertEquals("level2@redhat.com", principal.getAttribute(X500SAMLProfileConstants.EMAIL.get()));
-            assertEquals("true", principal.getAttribute("topAttribute"));
-            assertEquals("true", principal.getAttribute("level2Attribute"));
-            List<String> groups = principal.getAttributes("group");
-            Assert.assertNotNull(groups);
-            Set<String> groupSet = new HashSet<>();
-            assertEquals("level2@redhat.com", principal.getFriendlyAttribute("email"));
-            assertEquals("hello_level2groupuser", principal.getAttribute("script-single-value"));
-            assertThat(principal.getAttributes("script-multiple-values-single-attribute-array"), containsInAnyOrder("A","B","C"));
-            assertEquals(1, principal.getAssertion().getAttributeStatements().stream().
-                    flatMap(x -> x.getAttributes().stream()).
-                    filter(x -> x.getAttribute().getName().equals("script-multiple-values-single-attribute-array"))
-                    .count());
-            assertThat(principal.getAttributes("script-multiple-values-single-attribute-list"), containsInAnyOrder("D","E","F"));
-            assertEquals(1, principal.getAssertion().getAttributeStatements().stream().
-                    flatMap(x -> x.getAttributes().stream()).
-                    filter(x -> x.getAttribute().getName().equals("script-multiple-values-single-attribute-list"))
-                    .count());
-            assertThat(principal.getAttributes("script-multiple-values-multiple-attributes-set"), containsInAnyOrder("G","H","I"));
-            assertEquals(3, principal.getAssertion().getAttributeStatements().stream().
-                    flatMap(x -> x.getAttributes().stream()).
-                    filter(x -> x.getAttribute().getName().equals("script-multiple-values-multiple-attributes-set"))
-                    .count());
-            driver.navigate().to(APP_SERVER_BASE_URL + "/employee2/?GLO=true");
-            checkLoggedOut(APP_SERVER_BASE_URL + "/employee2/", true);
-
-        }
-        {
-            SendUsernameServlet.sentPrincipal = null;
-            SendUsernameServlet.checkRoles = null;
-            driver.navigate().to(APP_SERVER_BASE_URL + "/employee2/");
-            assertAtLoginPagePostBinding();
-            List<String> requiredRoles = new LinkedList<>();
-            requiredRoles.add("manager");
-            requiredRoles.add("employee");
-            requiredRoles.add("user");
-            SendUsernameServlet.checkRoles = requiredRoles;
-            loginPage.login("bburke", "password");
-            assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee2/");
-            SendUsernameServlet.checkRoles = null;
-            SamlPrincipal principal = (SamlPrincipal) SendUsernameServlet.sentPrincipal;
-            Assert.assertNotNull(principal);
-            assertEquals("bburke@redhat.com", principal.getAttribute(X500SAMLProfileConstants.EMAIL.get()));
-            assertEquals("bburke@redhat.com", principal.getFriendlyAttribute("email"));
-            assertEquals("617", principal.getAttribute("phone"));
-            Assert.assertNull(principal.getFriendlyAttribute("phone"));
-            assertEquals("hello_bburke", principal.getAttribute("script-single-value"));
-            driver.navigate().to(APP_SERVER_BASE_URL + "/employee2/?GLO=true");
-            checkLoggedOut(APP_SERVER_BASE_URL + "/employee2/", true);
-
-        }
-        keycloakRule.update(new KeycloakRule.KeycloakSetup() {
-            @Override
-            public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-                ClientModel app = appRealm.getClientByClientId(APP_SERVER_BASE_URL + "/employee2/");
-                for (ProtocolMapperModel mapper : app.getProtocolMappers()) {
-                    if (mapper.getName().equals("role-list")) {
-                        app.removeProtocolMapper(mapper);
-                        mapper.setId(null);
-                        mapper.getConfig().put(RoleListMapper.SINGLE_ROLE_ATTRIBUTE, "true");
-                        mapper.getConfig().put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "memberOf");
-                        app.addProtocolMapper(mapper);
-                    }
-                }
-                app.addProtocolMapper(HardcodedAttributeMapper.create("hardcoded-attribute", "hardcoded-attribute", "Basic", null, "hard"));
-                app.addProtocolMapper(HardcodedRole.create("hardcoded-role", "hardcoded-role"));
-                app.addProtocolMapper(RoleNameMapper.create("renamed-role", "manager", "el-jefe"));
-                app.addProtocolMapper(RoleNameMapper.create("renamed-employee-role", APP_SERVER_BASE_URL + "/employee/.employee", "pee-on"));
-            }
-        }, "demo");
-
-        System.out.println(">>>>>>>>>> single role attribute <<<<<<<<");
-
-        {
-            SendUsernameServlet.sentPrincipal = null;
-            SendUsernameServlet.checkRoles = null;
-            driver.navigate().to(APP_SERVER_BASE_URL + "/employee2/");
-            assertAtLoginPagePostBinding();
-            List<String> requiredRoles = new LinkedList<>();
-            requiredRoles.add("el-jefe");
-            requiredRoles.add("user");
-            requiredRoles.add("hardcoded-role");
-            requiredRoles.add("pee-on");
-            SendUsernameServlet.checkRoles = requiredRoles;
-            loginPage.login("bburke", "password");
-            assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee2/");
-            SendUsernameServlet.checkRoles = null;
-            SamlPrincipal principal = (SamlPrincipal) SendUsernameServlet.sentPrincipal;
-            Assert.assertNotNull(principal);
-            assertEquals("hard", principal.getAttribute("hardcoded-attribute"));
-
-
-        }
-    }
-
-    public void testRedirectSignedLoginLogout() {
-        driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig/");
-        assertAtLoginPageRedirectBinding();
-        loginPage.login("bburke", "password");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee-sig/");
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig?GLO=true");
-        checkLoggedOut(APP_SERVER_BASE_URL + "/employee-sig/", false);
-
-    }
-
-    public void testRedirectSignedLoginLogoutFrontNoSSO() {
-        driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig-front/");
-        assertAtLoginPageRedirectBinding();
-        loginPage.login("bburke", "password");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee-sig-front/");
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig-front?GLO=true");
-        checkLoggedOut(APP_SERVER_BASE_URL + "/employee-sig-front/", false);
-
-    }
-
-    public void testRedirectSignedLoginLogoutFront() {
-        // visit 1st app an logg in
-        System.out.println("visit 1st app ");
-        driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig/");
-        assertAtLoginPageRedirectBinding();
-        System.out.println("login to form");
-        loginPage.login("bburke", "password");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee-sig/");
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-
-        // visit 2nd app
-        System.out.println("visit 2nd app ");
-        driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig-front/");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee-sig-front/");
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-
-        // visit 3rd app
-        System.out.println("visit 3rd app ");
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig/");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post-sig/");
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-
-        // logout of first app
-        System.out.println("GLO");
-        driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig?GLO=true");
-        checkLoggedOut(APP_SERVER_BASE_URL + "/employee-sig/", false);
-        driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig-front/");
-        String currentUrl = driver.getCurrentUrl();
-        Assert.assertTrue(currentUrl.startsWith(AUTH_SERVER_URL + "/realms/demo/protocol/saml"));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig/");
-        assertAtLoginPagePostBinding();
-
-    }
-
-    public void testPostEncryptedLoginLogout() {
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-enc/");
-        assertAtLoginPagePostBinding();
-        loginPage.login("bburke", "password");
-        Retry.execute(new Runnable() {
-            @Override
-            public void run() {
-                assertEquals(APP_SERVER_BASE_URL + "/sales-post-enc/", driver.getCurrentUrl());
-            }
-        }, 10, 100);
-        Assert.assertTrue(driver.getPageSource().contains("bburke"));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-enc?GLO=true");
-        checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post-enc/", true);
-
-    }
-    public void testPostBadClientSignature() {
-        driver.navigate().to(APP_SERVER_BASE_URL + "/bad-client-sales-post-sig/");
-        System.out.println(driver.getCurrentUrl());
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(AUTH_SERVER_URL + "/realms/demo/protocol/saml"));
-        assertEquals(PageUtils.getPageTitle(driver), "We're sorry...");
-
-    }
-    public static interface CheckAuthError {
-        void check(WebDriver driver);
-    }
-
-    public void testPostBadRealmSignature() {
-        ErrorServlet.authError = null;
-        driver.navigate().to(APP_SERVER_BASE_URL + "/bad-realm-sales-post-sig/");
-        assertAtLoginPagePostBinding();
-        loginPage.login("bburke", "password");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/bad-realm-sales-post-sig/saml");
-        System.out.println(driver.getPageSource());
-        Assert.assertNotNull(ErrorServlet.authError);
-        SamlAuthenticationError error = (SamlAuthenticationError)ErrorServlet.authError;
-        Assert.assertEquals(SamlAuthenticationError.Reason.INVALID_SIGNATURE, error.getReason());
-        ErrorServlet.authError = null;
-    }
-
-    public void testPostBadAssertionSignature() {
-        ErrorServlet.authError = null;
-        driver.navigate().to(APP_SERVER_BASE_URL + "/bad-assertion-sales-post-sig/");
-        assertAtLoginPagePostBinding();
-        loginPage.login("bburke", "password");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/bad-assertion-sales-post-sig/saml");
-        System.out.println(driver.getPageSource());
-        Assert.assertNotNull(ErrorServlet.authError);
-        SamlAuthenticationError error = (SamlAuthenticationError)ErrorServlet.authError;
-        Assert.assertEquals(SamlAuthenticationError.Reason.INVALID_SIGNATURE, error.getReason());
-        ErrorServlet.authError = null;
-    }
-
-    public void testMissingAssertionSignature() {
-        ErrorServlet.authError = null;
-        driver.navigate().to(APP_SERVER_BASE_URL + "/missing-assertion-sig/");
-        assertAtLoginPagePostBinding();
-        loginPage.login("bburke", "password");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/missing-assertion-sig/saml");
-        System.out.println(driver.getPageSource());
-        Assert.assertNotNull(ErrorServlet.authError);
-        SamlAuthenticationError error = (SamlAuthenticationError)ErrorServlet.authError;
-        Assert.assertEquals(SamlAuthenticationError.Reason.INVALID_SIGNATURE, error.getReason());
-        ErrorServlet.authError = null;
-    }
-
-    public void testMetadataPostSignedLoginLogout() throws Exception {
-
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-metadata/");
-        assertAtLoginPagePostBinding();
-        loginPage.login("bburke", "password");
-        assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-metadata/");
-        String pageSource = driver.getPageSource();
-        Assert.assertTrue(pageSource.contains("bburke"));
-        driver.navigate().to(APP_SERVER_BASE_URL + "/sales-metadata?GLO=true");
-        checkLoggedOut(APP_SERVER_BASE_URL + "/sales-metadata/", true);
-
-    }
-
-    public static void uploadSP(String AUTH_SERVER_URL) {
-        try {
-            Keycloak keycloak = Keycloak.getInstance(AUTH_SERVER_URL, "master", "admin", "admin", Constants.ADMIN_CLI_CLIENT_ID, (String) null);
-            RealmResource admin = keycloak.realm("demo");
-
-            admin.toRepresentation();
-
-            ClientRepresentation clientRep = admin.convertClientDescription(IOUtils.toString(SamlAdapterTestStrategy.class.getResourceAsStream("/keycloak-saml/sp-metadata.xml")));
-            Response response = admin.clients().create(clientRep);
-
-            assertEquals(201, response.getStatus());
-
-            keycloak.close();
-        } catch (IOException e) {
-            throw new RuntimeException(e);
-        }
-    }
-}

testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/helper/adapter/SamlKeycloakRule.java

@@ -1,140 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.testsuite.helper.adapter;
-
-import io.undertow.security.idm.Account;
-import io.undertow.security.idm.Credential;
-import io.undertow.security.idm.IdentityManager;
-import io.undertow.server.handlers.resource.Resource;
-import io.undertow.server.handlers.resource.ResourceChangeListener;
-import io.undertow.server.handlers.resource.ResourceManager;
-import io.undertow.server.handlers.resource.URLResource;
-import io.undertow.servlet.api.DeploymentInfo;
-import io.undertow.servlet.api.FilterInfo;
-import io.undertow.servlet.api.ServletInfo;
-import org.keycloak.adapters.saml.servlet.SamlFilter;
-import org.keycloak.adapters.saml.undertow.SamlServletExtension;
-import org.keycloak.testsuite.helper.adapter.SendUsernameServlet;
-import org.keycloak.testsuite.rule.AbstractKeycloakRule;
-
-import javax.servlet.DispatcherType;
-import java.io.IOException;
-import java.net.URL;
-
-/**
- * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
- * @version $Revision: 1 $
- */
-public abstract class SamlKeycloakRule extends AbstractKeycloakRule {
-
-    public static class TestResourceManager implements ResourceManager {
-
-        private final String basePath;
-
-        public TestResourceManager(String basePath){
-            this.basePath = basePath;
-        }
-
-        @Override
-        public Resource getResource(String path) throws IOException {
-            String temp = path;
-            String fullPath = basePath + temp;
-            URL url = getClass().getResource(fullPath);
-            if (url == null) {
-                System.out.println("url is null: " + fullPath);
-            }
-            return new URLResource(url, url.openConnection(), path);
-        }
-
-        @Override
-        public boolean isResourceChangeListenerSupported() {
-            throw new RuntimeException();
-        }
-
-        @Override
-        public void registerResourceChangeListener(ResourceChangeListener listener) {
-            throw new RuntimeException();
-        }
-
-        @Override
-        public void removeResourceChangeListener(ResourceChangeListener listener) {
-            throw new RuntimeException();
-        }
-
-        @Override
-        public void close() throws IOException {
-            throw new RuntimeException();
-        }
-    }
-
-    public static class TestIdentityManager implements IdentityManager {
-        @Override
-        public Account verify(Account account) {
-            return account;
-        }
-
-        @Override
-        public Account verify(String userName, Credential credential) {
-            throw new RuntimeException("WTF");
-        }
-
-        @Override
-        public Account verify(Credential credential) {
-            throw new RuntimeException();
-        }
-    }
-
-    @Override
-    protected void setupKeycloak() {
-        String realmJson = getRealmJson();
-        server.importRealm(getClass().getResourceAsStream(realmJson));
-        initWars();
-    }
-
-    public abstract void initWars();
-
-    public void initializeSamlSecuredWar(String warResourcePath, String contextPath, String warDeploymentName, ClassLoader classLoader) {
-
-        ServletInfo regularServletInfo = new ServletInfo("servlet", SendUsernameServlet.class)
-                .addMapping("/*");
-
-        FilterInfo samlFilter = new FilterInfo("saml-filter", SamlFilter.class);
-
-
-        ResourceManager resourceManager = new TestResourceManager(warResourcePath);
-
-        DeploymentInfo deploymentInfo = new DeploymentInfo()
-                .setClassLoader(classLoader)
-                .setIdentityManager(new TestIdentityManager())
-                .setContextPath(contextPath)
-                .setDeploymentName(warDeploymentName)
-                .setResourceManager(resourceManager)
-                .addServlets(regularServletInfo)
-                .addFilter(samlFilter)
-                .addFilterUrlMapping("saml-filter", "/*", DispatcherType.REQUEST)
-                .addServletExtension(new SamlServletExtension());
-        addErrorPage("/error.html", deploymentInfo);
-        server.getServer().deploy(deploymentInfo);
-    }
-
-    public String getRealmJson() {
-        return "/keycloak-saml/testsaml.json";
-    }
-
-
-}

testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/helper/adapter/SendUsernameServlet.java

@@ -1,95 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.testsuite.helper.adapter;
-
-import org.junit.Assert;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.security.Principal;
-import java.util.List;
-
-/**
-* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
-* @version $Revision: 1 $
-*/
-public class SendUsernameServlet extends HttpServlet {
-
-    public static Principal sentPrincipal;
-    public static List<String> checkRoles;
-
-    @Override
-    protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
-        System.out.println("In SendUsername Servlet doGet()");
-        if (checkRoles != null) {
-            for (String role : checkRoles) {
-                System.out.println("check role: " + role);
-                //Assert.assertTrue(req.isUserInRole(role));
-                if (!req.isUserInRole(role)) {
-                    resp.sendError(403);
-                    return;
-                }
-            }
-
-        }
-        resp.setContentType("text/plain");
-        OutputStream stream = resp.getOutputStream();
-        Principal principal = req.getUserPrincipal();
-        stream.write("request-path: ".getBytes());
-        if (req.getPathInfo() != null) stream.write(req.getPathInfo().getBytes());
-        stream.write("\n".getBytes());
-        stream.write("principal=".getBytes());
-        if (principal == null) {
-            stream.write("null".getBytes());
-            return;
-        }
-        String name = principal.getName();
-        stream.write(name.getBytes());
-        sentPrincipal = principal;
-
-    }
-    @Override
-    protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
-        System.out.println("In SendUsername Servlet doPost()");
-        if (checkRoles != null) {
-            for (String role : checkRoles) {
-                System.out.println("check role: " + role);
-                Assert.assertTrue(req.isUserInRole(role));
-            }
-
-        }
-        resp.setContentType("text/plain");
-        OutputStream stream = resp.getOutputStream();
-        Principal principal = req.getUserPrincipal();
-        stream.write("request-path: ".getBytes());
-        stream.write(req.getPathInfo().getBytes());
-        stream.write("\n".getBytes());
-        stream.write("principal=".getBytes());
-        if (principal == null) {
-            stream.write("null".getBytes());
-            return;
-        }
-        String name = principal.getName();
-        stream.write(name.getBytes());
-        sentPrincipal = principal;
-    }
-}

testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/AccountSessionsPage.java

@@ -1,74 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.keycloak.testsuite.pages;
-
-import org.keycloak.services.Urls;
-import org.keycloak.testsuite.Constants;
-import org.openqa.selenium.By;
-import org.openqa.selenium.WebElement;
-import org.openqa.selenium.support.FindBy;
-
-import javax.ws.rs.core.UriBuilder;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public class AccountSessionsPage extends AbstractAccountPage {
-
-    private String realmName = "test";
-
-    private String path = Urls.accountSessionsPage(UriBuilder.fromUri(Constants.AUTH_SERVER_ROOT).build(), "test").toString();
-
-    @FindBy(id = "logout-all-sessions")
-    private WebElement logoutAllLink;
-
-    public boolean isCurrent() {
-        return driver.getTitle().contains("Account Management") && driver.getCurrentUrl().endsWith("/account/sessions");
-    }
-
-    public void realm(String realmName) {
-        this.realmName = realmName;
-    }
-
-    public String getPath() {
-        return Urls.accountSessionsPage(UriBuilder.fromUri(Constants.AUTH_SERVER_ROOT).build(), realmName).toString();
-    }
-
-    public void open() {
-        driver.navigate().to(getPath());
-    }
-
-    public void logoutAll() {
-        logoutAllLink.click();
-    }
-
-    public List<List<String>> getSessions() {
-        List<List<String>> table = new LinkedList<List<String>>();
-        for (WebElement r : driver.findElements(By.tagName("tr"))) {
-            List<String> row = new LinkedList<String>();
-            for (WebElement col : r.findElements(By.tagName("td"))) {
-                row.add(col.getText());
-            }
-            table.add(row);
-        }
-        table.remove(0);
-        return table;
-    }
-
-}

testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/pages/InputPage.java

@@ -1,52 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.testsuite.pages;
-
-import org.keycloak.testsuite.pages.AbstractPage;
-import org.openqa.selenium.WebElement;
-import org.openqa.selenium.support.FindBy;
-
-/**
- * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
- * @version $Revision: 1 $
- */
-public class InputPage extends AbstractPage {
-    @FindBy(id = "parameter")
-    private WebElement parameter;
-
-    @FindBy(name = "submit")
-    private WebElement submit;
-
-    public void execute(String param) {
-        parameter.clear();
-        parameter.sendKeys(param);
-
-        submit.click();
-    }
-
-
-    public boolean isCurrent() {
-        return driver.getTitle().equals("Input Page");
-    }
-
-    @Override
-    public void open() {
-    }
-
-
-}

testsuite/pom.xml

@@ -44,34 +44,11 @@
     </build>
     <modules>
         <module>integration-deprecated</module>
-        <module>tomcat8</module>
         <module>integration-arquillian</module>
         <module>utils</module>
     </modules>
 
     <profiles>
-        <profile>
-            <id>community</id>
-            <activation>
-                <property>
-                    <name>!product</name>
-                </property>
-            </activation>
-            <build>
-                <plugins>
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-deploy-plugin</artifactId>
-                        <configuration>
-                            <skip>true</skip>
-                        </configuration>
-                    </plugin>
-                </plugins>
-            </build>
-            <modules>
-                <module>tomcat7</module>
-            </modules>
-        </profile>
         <profile>
             <id>performance</id>
             <modules>

testsuite/tomcat7/pom.xml

@@ -1,398 +0,0 @@
-<?xml version="1.0"?>
-<!--
-  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
-  ~ and other contributors as indicated by the @author tags.
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~ http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-    <parent>
-        <artifactId>keycloak-testsuite-pom</artifactId>
-        <groupId>org.keycloak</groupId>
-        <version>5.0.0-SNAPSHOT</version>
-        <relativePath>../pom.xml</relativePath>
-    </parent>
-    <modelVersion>4.0.0</modelVersion>
-
-    <artifactId>keycloak-testsuite-tomcat7</artifactId>
-    <name>Keycloak Tomcat 7 Integration TestSuite</name>
-    <properties>
-        <maven.compiler.target>1.7</maven.compiler.target>
-        <maven.compiler.source>1.7</maven.compiler.source>
-
-        <!--<tomcat.version>8.0.14</tomcat.version>-->
-        <tomcat.version>7.0.59</tomcat.version>
-    </properties>
-    <description />
-
-   <dependencies>
-       <dependency>
-           <groupId>org.apache.tomcat</groupId>
-           <artifactId>tomcat-catalina</artifactId>
-           <version>7.0.59</version>
-       </dependency>
-       <dependency>
-           <groupId>org.apache.tomcat</groupId>
-           <artifactId>tomcat-util</artifactId>
-           <version>7.0.59</version>
-       </dependency>
-       <dependency>
-           <groupId>org.apache.tomcat.embed</groupId>
-           <artifactId>tomcat-embed-core</artifactId>
-           <version>7.0.59</version>
-       </dependency>
-
-       <!-- Undertow's fork of Jasper JSP parser -->
-       <dependency>
-           <groupId>io.undertow.jastow</groupId>
-           <artifactId>jastow</artifactId>
-           <version>2.0.0.Final</version>
-       </dependency>
-       <dependency>
-           <groupId>org.jboss.spec.javax.servlet.jsp</groupId>
-           <artifactId>jboss-jsp-api_2.3_spec</artifactId>
-           <version>1.0.1.Final</version>
-       </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-dependencies-server-all</artifactId>
-            <type>pom</type>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-admin-client</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>log4j</groupId>
-            <artifactId>log4j</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.jboss.spec.javax.servlet</groupId>
-            <artifactId>jboss-servlet-api_3.0_spec</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.jboss.spec.javax.ws.rs</groupId>
-            <artifactId>jboss-jaxrs-api_2.1_spec</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.jboss.resteasy</groupId>
-            <artifactId>resteasy-jaxrs</artifactId>
-        </dependency>
-       <dependency>
-           <groupId>org.keycloak</groupId>
-           <artifactId>keycloak-saml-tomcat7-adapter</artifactId>
-           <exclusions>
-               <exclusion>
-                   <groupId>org.apache.tomcat</groupId>
-                   <artifactId>tomcat-servlet-api</artifactId>
-               </exclusion>
-               <exclusion>
-                   <groupId>org.apache.tomcat</groupId>
-                   <artifactId>tomcat-catalina</artifactId>
-               </exclusion>
-               <exclusion>
-                   <groupId>org.apache.tomcat</groupId>
-                   <artifactId>catalina</artifactId>
-               </exclusion>
-           </exclusions>
-       </dependency>
-        <dependency>
-            <groupId>org.jboss.resteasy</groupId>
-            <artifactId>resteasy-client</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.jboss.resteasy</groupId>
-            <artifactId>resteasy-multipart-provider</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.jboss.resteasy</groupId>
-            <artifactId>resteasy-jackson2-provider</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.jboss.resteasy</groupId>
-            <artifactId>resteasy-undertow</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>com.google.zxing</groupId>
-            <artifactId>javase</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk15on</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-ldap-federation</artifactId>
-        </dependency>
-       <dependency>
-           <groupId>org.keycloak</groupId>
-           <artifactId>keycloak-kerberos-federation</artifactId>
-       </dependency>
-       <dependency>
-           <groupId>org.keycloak</groupId>
-           <artifactId>keycloak-undertow-adapter</artifactId>
-       </dependency>
-       <dependency>
-           <groupId>org.keycloak</groupId>
-           <artifactId>keycloak-tomcat7-adapter</artifactId>
-       </dependency>
-       <dependency>
-            <groupId>org.jboss.logging</groupId>
-            <artifactId>jboss-logging</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>io.undertow</groupId>
-            <artifactId>undertow-servlet</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>io.undertow</groupId>
-            <artifactId>undertow-core</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>com.fasterxml.jackson.core</groupId>
-            <artifactId>jackson-core</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>com.fasterxml.jackson.core</groupId>
-            <artifactId>jackson-databind</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>com.fasterxml.jackson.core</groupId>
-            <artifactId>jackson-annotations</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.hamcrest</groupId>
-            <artifactId>hamcrest-all</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>com.h2database</groupId>
-            <artifactId>h2</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>com.icegreen</groupId>
-            <artifactId>greenmail</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.slf4j</groupId>
-                    <artifactId>slf4j-api</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.infinispan</groupId>
-            <artifactId>infinispan-core</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.seleniumhq.selenium</groupId>
-            <artifactId>selenium-java</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>xml-apis</groupId>
-            <artifactId>xml-apis</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.seleniumhq.selenium</groupId>
-            <artifactId>selenium-chrome-driver</artifactId>
-        </dependency>
-       <dependency>
-           <groupId>org.keycloak</groupId>
-           <artifactId>keycloak-testsuite-integration-deprecated</artifactId>
-           <scope>test</scope>
-       </dependency>
-       <dependency>
-           <groupId>org.keycloak</groupId>
-           <artifactId>keycloak-testsuite-integration-deprecated</artifactId>
-           <type>test-jar</type>
-           <scope>test</scope>
-       </dependency>
-        <dependency>
-            <groupId>org.keycloak.testsuite</groupId>
-            <artifactId>integration-arquillian-test-apps-servlets</artifactId>
-            <version>${project.version}</version>
-            <scope>test</scope>
-        </dependency>
-
-    </dependencies>
-    <build>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jar-plugin</artifactId>
-                <version>2.2</version>
-                <executions>
-                    <execution>
-                        <goals>
-                            <goal>test-jar</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-deploy-plugin</artifactId>
-                <configuration>
-                    <skip>true</skip>
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>exec-maven-plugin</artifactId>
-                <configuration>
-                    <workingDirectory>${project.basedir}</workingDirectory>
-                </configuration>
-            </plugin>
-        </plugins>
-    </build>
-
-    <profiles>
-        <profile>
-            <id>keycloak-server</id>
-            <build>
-                <plugins>
-                    <plugin>
-                        <groupId>org.codehaus.mojo</groupId>
-                        <artifactId>exec-maven-plugin</artifactId>
-                        <configuration>
-                            <mainClass>org.keycloak.testsuite.KeycloakServer</mainClass>
-                        </configuration>
-                    </plugin>
-                </plugins>
-            </build>
-        </profile>
-        <profile>
-            <id>mail-server</id>
-            <build>
-                <plugins>
-                    <plugin>
-                        <groupId>org.codehaus.mojo</groupId>
-                        <artifactId>exec-maven-plugin</artifactId>
-                        <configuration>
-                            <mainClass>org.keycloak.testsuite.MailServer</mainClass>
-                        </configuration>
-                    </plugin>
-                </plugins>
-            </build>
-        </profile>
-        <profile>
-            <id>totp</id>
-            <build>
-                <plugins>
-                    <plugin>
-                        <groupId>org.codehaus.mojo</groupId>
-                        <artifactId>exec-maven-plugin</artifactId>
-                        <configuration>
-                            <mainClass>org.keycloak.testsuite.TotpGenerator</mainClass>
-                        </configuration>
-                    </plugin>
-                </plugins>
-            </build>
-        </profile>
-
-        <profile>
-            <id>jpa</id>
-
-            <build>
-                <plugins>
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-surefire-plugin</artifactId>
-                        <configuration>
-                            <systemPropertyVariables>
-                                <keycloak.realm.provider>jpa</keycloak.realm.provider>
-                                <keycloak.user.provider>jpa</keycloak.user.provider>
-                                <keycloak.eventStore.provider>jpa</keycloak.eventStore.provider>
-                            </systemPropertyVariables>
-                        </configuration>
-                    </plugin>
-                </plugins>
-            </build>
-        </profile>
-
-        <!-- MySQL -->
-        <profile>
-            <activation>
-                <property>
-                    <name>keycloak.connectionsJpa.driver</name>
-                    <value>com.mysql.jdbc.Driver</value>
-                </property>
-            </activation>
-            <id>mysql</id>
-            <dependencies>
-                <dependency>
-                    <groupId>mysql</groupId>
-                    <artifactId>mysql-connector-java</artifactId>
-                    <version>${mysql.version}</version>
-                </dependency>
-            </dependencies>
-        </profile>
-
-        <!-- PostgreSQL -->
-        <profile>
-            <activation>
-                <property>
-                    <name>keycloak.connectionsJpa.driver</name>
-                    <value>org.postgresql.Driver</value>
-                </property>
-            </activation>
-            <id>postgresql</id>
-            <dependencies>
-                <dependency>
-                    <groupId>org.postgresql</groupId>
-                    <artifactId>postgresql</artifactId>
-                    <version>${postgresql.version}</version>
-                </dependency>
-            </dependencies>
-        </profile>
-
-        <profile>
-            <id>clean-jpa</id>
-            <build>
-                <plugins>
-                    <plugin>
-                        <groupId>org.liquibase</groupId>
-                        <artifactId>liquibase-maven-plugin</artifactId>
-                        <configuration>
-                            <changeLogFile>META-INF/jpa-changelog-master.xml</changeLogFile>
-
-                            <url>${keycloak.connectionsJpa.url}</url>
-                            <driver>${keycloak.connectionsJpa.driver}</driver>
-                            <username>${keycloak.connectionsJpa.user}</username>
-                            <password>${keycloak.connectionsJpa.password}</password>
-
-                            <promptOnNonLocalDatabase>false</promptOnNonLocalDatabase>
-                        </configuration>
-                        <executions>
-                            <execution>
-                                <id>clean-jpa</id>
-                                <phase>clean</phase>
-                                <goals>
-                                    <goal>dropAll</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                    </plugin>
-                </plugins>
-            </build>
-        </profile>
-    </profiles>
-</project>

testsuite/tomcat7/src/test/java/org/keycloak/testsuite/Tomcat7Test.java

@@ -1,205 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.keycloak.testsuite;
-
-import org.apache.catalina.startup.Tomcat;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.RealmModel;
-import org.keycloak.services.managers.RealmManager;
-import org.keycloak.testsuite.helper.adapter.AdapterTestStrategy;
-import org.keycloak.testsuite.rule.AbstractKeycloakRule;
-
-import java.io.File;
-import java.net.URL;
-import java.util.regex.Matcher;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public class Tomcat7Test {
-    @ClassRule
-    public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
-        @Override
-        protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
-            AdapterTestStrategy.baseAdapterTestInitialization(session, manager, adminRealm, getClass());
-       }
-    };
-
-    static Tomcat tomcat = null;
-
-    @BeforeClass
-    public static void initTomcat() throws Exception {
-        tomcat = new Tomcat();
-        String baseDir = getBaseDirectory();
-        tomcat.setBaseDir(baseDir);
-        tomcat.setPort(8082);
-
-        System.setProperty("app.server.base.url", "http://localhost:8082");
-        System.setProperty("my.host.name", "localhost");
-        URL dir = Tomcat7Test.class.getResource("/adapter-test/demorealm.json");
-        File base = new File(dir.getFile()).getParentFile();
-        tomcat.addWebapp("/customer-portal", new File(base, "customer-portal").toString());
-        tomcat.addWebapp("/customer-db", new File(base, "customer-db").toString());
-        tomcat.addWebapp("/customer-db-error-page", new File(base, "customer-db-error-page").toString());
-        tomcat.addWebapp("/product-portal", new File(base, "product-portal").toString());
-        tomcat.addWebapp("/secure-portal", new File(base, "secure-portal").toString());
-        tomcat.addWebapp("/session-portal", new File(base, "session-portal").toString());
-        tomcat.addWebapp("/input-portal", new File(base, "input-portal").toString());
-
-        tomcat.start();
-        //tomcat.getServer().await();
-    }
-
-    @AfterClass
-    public static void shutdownTomcat() throws Exception {
-        tomcat.stop();
-        tomcat.destroy();
-    }
-
-    @Rule
-    public AdapterTestStrategy testStrategy = new AdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule);
-
-    @Test
-    public void testLoginSSOAndLogout() throws Exception {
-        testStrategy.testLoginSSOAndLogout();
-    }
-
-    @Test
-    public void testLoginEncodedRedirectUri() throws Exception {
-        testStrategy.testLoginEncodedRedirectUri();
-    }
-
-
-    @Test
-    public void testSavedPostRequest() throws Exception {
-        testStrategy.testSavedPostRequest();
-    }
-
-
-    @Test
-    public void testServletRequestLogout() throws Exception {
-        testStrategy.testServletRequestLogout();
-    }
-
-    @Test
-    public void testLoginSSOIdle() throws Exception {
-        testStrategy.testLoginSSOIdle();
-
-    }
-
-    @Test
-    public void testLoginSSOIdleRemoveExpiredUserSessions() throws Exception {
-        testStrategy.testLoginSSOIdleRemoveExpiredUserSessions();
-    }
-
-    @Test
-    public void testLoginSSOMax() throws Exception {
-        testStrategy.testLoginSSOMax();
-    }
-
-    /**
-     * KEYCLOAK-518
-     * @throws Exception
-     */
-    @Test
-    public void testNullBearerToken() throws Exception {
-        testStrategy.testNullBearerToken();
-    }
-
-    /**
-     * KEYCLOAK-1368
-     * @throws Exception
-     */
-    @Test
-    public void testNullBearerTokenCustomErrorPage() throws Exception {
-        testStrategy.testNullBearerTokenCustomErrorPage();
-    }
-
-
-    /**
-     * KEYCLOAK-518
-     * @throws Exception
-     */
-    @Test
-    public void testBadUser() throws Exception {
-        testStrategy.testBadUser();
-    }
-
-    /**
-     * KEYCLOAK-732
-     *
-     * @throws Throwable
-     */
-    @Test
-    public void testSingleSessionInvalidated() throws Throwable {
-        testStrategy.testSingleSessionInvalidated();
-    }
-
-    /**
-     * KEYCLOAK-741
-     */
-    @Test
-    public void testSessionInvalidatedAfterFailedRefresh() throws Throwable {
-        testStrategy.testSessionInvalidatedAfterFailedRefresh();
-
-    }
-
-    /**
-     * KEYCLOAK-942
-     */
-    @Test
-    public void testAdminApplicationLogout() throws Throwable {
-        testStrategy.testAdminApplicationLogout();
-    }
-
-    /**
-     * KEYCLOAK-1216
-     */
-    @Test
-    public void testAccountManagementSessionsLogout() throws Throwable {
-        testStrategy.testAccountManagementSessionsLogout();
-    }
-
-
-    private static String getBaseDirectory() {
-        String dirPath = null;
-        String relativeDirPath = "testsuite" + File.separator + "tomcat7" + File.separator + "target";
-
-        if (System.getProperties().containsKey("maven.home")) {
-            dirPath = System.getProperty("user.dir").replaceFirst("testsuite.tomcat7.*", Matcher.quoteReplacement(relativeDirPath));
-        } else {
-            for (String c : System.getProperty("java.class.path").split(File.pathSeparator)) {
-                if (c.contains(File.separator + "testsuite" + File.separator + "tomcat7")) {
-                    dirPath = c.replaceFirst("testsuite.tomcat7.*", Matcher.quoteReplacement(relativeDirPath));
-                    break;
-                }
-            }
-        }
-
-        String absolutePath = new File(dirPath).getAbsolutePath();
-        return absolutePath;
-    }
-
-
-
-
-}

testsuite/tomcat7/src/test/java/org/keycloak/testsuite/TomcatSamlTest.java

@@ -1,207 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.keycloak.testsuite;
-
-import org.apache.catalina.startup.Tomcat;
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.keycloak.models.KeycloakSession;
-import org.keycloak.models.RealmModel;
-import org.keycloak.services.managers.RealmManager;
-import org.keycloak.testsuite.helper.adapter.SamlAdapterTestStrategy;
-import org.keycloak.testsuite.rule.AbstractKeycloakRule;
-import org.openqa.selenium.WebDriver;
-
-import java.io.File;
-import java.net.URL;
-import java.util.regex.Matcher;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public class TomcatSamlTest {
-    @Rule
-    public SamlAdapterTestStrategy testStrategy = new SamlAdapterTestStrategy("http://localhost:8081/auth", "http://localhost:8082", keycloakRule);
-    @ClassRule
-    public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
-        @Override
-        protected void configure(KeycloakSession session, RealmManager manager, RealmModel adminRealm) {
-            SamlAdapterTestStrategy.baseAdapterTestInitialization(session, manager, adminRealm, getClass());
-       }
-    };
-
-    static Tomcat tomcat = null;
-
-    @BeforeClass
-    public static void initTomcat() throws Exception {
-        tomcat = new Tomcat();
-        String baseDir = getBaseDirectory();
-        tomcat.setBaseDir(baseDir);
-        tomcat.setPort(8082);
-
-        System.setProperty("app.server.base.url", "http://localhost:8082");
-        System.setProperty("my.host.name", "localhost");
-        URL dir = TomcatSamlTest.class.getResource("/keycloak-saml/testsaml.json");
-        File base = new File(dir.getFile()).getParentFile();
-        tomcat.addWebapp("/sales-post", new File(base, "simple-post").toString());
-        tomcat.addWebapp("/sales-post-sig", new File(base, "signed-post").toString());
-        tomcat.addWebapp("/sales-post-sig-email", new File(base, "signed-post-email").toString());
-        tomcat.addWebapp("/sales-post-sig-transient", new File(base, "signed-post-transient").toString());
-        tomcat.addWebapp("/sales-post-sig-persistent", new File(base, "signed-post-persistent").toString());
-        tomcat.addWebapp("/sales-metadata", new File(base, "signed-metadata").toString());
-        tomcat.addWebapp("/employee-sig", new File(base, "signed-get").toString());
-        tomcat.addWebapp("/employee2", new File(base, "mappers").toString());
-        tomcat.addWebapp("/employee-sig-front", new File(base, "signed-front-get").toString());
-        tomcat.addWebapp("/bad-client-sales-post-sig", new File(base, "bad-client-signed-post").toString());
-        tomcat.addWebapp("/bad-realm-sales-post-sig", new File(base, "bad-realm-signed-post").toString());
-        tomcat.addWebapp("/sales-post-enc", new File(base, "encrypted-post").toString());
-        tomcat.addWebapp("/sales-post2", new File(base, "simple-post2").toString());
-        tomcat.addWebapp("/input-portal", new File(base, "simple-input").toString());
-        SamlAdapterTestStrategy.uploadSP("http://localhost:8081/auth");
-
-
-        tomcat.start();
-        //tomcat.getServer().await();
-    }
-
-    @AfterClass
-    public static void shutdownTomcat() throws Exception {
-        tomcat.stop();
-        tomcat.destroy();
-    }
-    @Test
-    public void testSavedPostRequest() throws Exception {
-        testStrategy.testSavedPostRequest();
-    }
-    @Test
-    public void testPostSimpleLoginLogoutIdpInitiatedRedirectTo() {
-        testStrategy.testPostSimpleLoginLogoutIdpInitiatedRedirectTo();
-    }
-
-
-    @Test
-    public void testErrorHandlingSigned() throws Exception {
-        testStrategy.testErrorHandlingSigned();
-    }
-    @Test
-    public void testErrorHandlingUnsigned() throws Exception {
-        testStrategy.testErrorHandlingUnsigned();
-    }
-
-    @Test
-    public void testPostSimpleLoginLogout() {
-        testStrategy.testPostSimpleLoginLogout();
-    }
-
-    @Test
-    public void testPostSimpleLoginLogoutIdpInitiated() {
-        testStrategy.testPostSimpleLoginLogoutIdpInitiated();
-    }
-
-    @Test
-    public void testPostSignedLoginLogout() {
-        testStrategy.testPostSignedLoginLogout();
-    }
-
-    @Test
-    public void testPostSignedLoginLogoutTransientNameID() {
-        testStrategy.testPostSignedLoginLogoutTransientNameID();
-    }
-
-    @Test
-    public void testPostSignedLoginLogoutPersistentNameID() {
-        testStrategy.testPostSignedLoginLogoutPersistentNameID();
-    }
-
-    @Test
-    public void testPostSignedLoginLogoutEmailNameID() {
-        testStrategy.testPostSignedLoginLogoutEmailNameID();
-    }
-
-    @Test
-    public void testAttributes() throws Exception {
-        testStrategy.testAttributes();
-    }
-
-    @Test
-    public void testRedirectSignedLoginLogout() {
-        testStrategy.testRedirectSignedLoginLogout();
-    }
-
-    @Test
-    public void testRedirectSignedLoginLogoutFrontNoSSO() {
-        testStrategy.testRedirectSignedLoginLogoutFrontNoSSO();
-    }
-
-    @Test
-    public void testRedirectSignedLoginLogoutFront() {
-        testStrategy.testRedirectSignedLoginLogoutFront();
-    }
-
-    @Test
-    public void testPostEncryptedLoginLogout() {
-        testStrategy.testPostEncryptedLoginLogout();
-    }
-
-    @Test
-    public void testPostBadClientSignature() {
-        testStrategy.testPostBadClientSignature();
-    }
-
-    @Test
-    public void testPostBadRealmSignature() {
-        testStrategy.testPostBadRealmSignature();
-    }
-
-    @Test
-    public void testPostSimpleUnauthorized() {
-        testStrategy.testPostSimpleUnauthorized( new SamlAdapterTestStrategy.CheckAuthError() {
-            @Override
-            public void check(WebDriver driver) {
-                Assert.assertTrue(driver.getPageSource().contains("forbidden"));
-            }
-        });
-    }
-
-    @Test
-    public void testMetadataPostSignedLoginLogout() throws Exception {
-        testStrategy.testMetadataPostSignedLoginLogout();
-    }
-
-    private static String getBaseDirectory() {
-        String dirPath = null;
-        String relativeDirPath = "testsuite" + File.separator + "tomcat7" + File.separator + "target";
-
-        if (System.getProperties().containsKey("maven.home")) {
-            dirPath = System.getProperty("user.dir").replaceFirst("testsuite.tomcat7.*", Matcher.quoteReplacement(relativeDirPath));
-        } else {
-            for (String c : System.getProperty("java.class.path").split(File.pathSeparator)) {
-                if (c.contains(File.separator + "testsuite" + File.separator + "tomcat7")) {
-                    dirPath = c.replaceFirst("testsuite.tomcat7.*", Matcher.quoteReplacement(relativeDirPath));
-                    break;
-                }
-            }
-        }
-
-        String absolutePath = new File(dirPath).getAbsolutePath();
-        return absolutePath;
-    }
-}

testsuite/tomcat7/src/test/resources/adapter-test/customer-db-error-page/META-INF/context.xml

@@ -1,20 +0,0 @@
-<!--
-  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
-  ~ and other contributors as indicated by the @author tags.
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~ http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<Context path="/customer-db-error-page">
-    <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
-</Context>

testsuite/tomcat7/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/keycloak.json

@@ -1,10 +0,0 @@
-{
-  "realm" : "demo",
-  "resource" : "customer-db",
-  "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
-  "auth-server-url": "http://localhost:8081/auth",
-  "ssl-required" : "external",
-  "bearer-only" : true,
-  "enable-cors" : true
-
-}

testsuite/tomcat7/src/test/resources/adapter-test/customer-db-error-page/WEB-INF/web.xml

@@ -1,96 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
-  ~ and other contributors as indicated by the @author tags.
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~ http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<web-app xmlns="http://java.sun.com/xml/ns/javaee"
-      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
-      version="3.0">
-
-	<module-name>adapter-test</module-name>
-
-    <servlet>
-        <servlet-name>Servlet</servlet-name>
-        <servlet-class>org.keycloak.testsuite.adapter.servlet.CustomerDatabaseServlet</servlet-class>
-    </servlet>
-    <servlet>
-        <servlet-name>Error Servlet</servlet-name>
-        <servlet-class>org.keycloak.testsuite.rule.ErrorServlet</servlet-class>
-    </servlet>
-
-    <servlet-mapping>
-        <servlet-name>Servlet</servlet-name>
-        <url-pattern>/*</url-pattern>
-    </servlet-mapping>
-
-    <servlet-mapping>
-        <servlet-name>Error Servlet</servlet-name>
-        <url-pattern>/error.html</url-pattern>
-    </servlet-mapping>
-
-    <error-page>
-        <error-code>400</error-code>
-        <location>/error.html</location>
-    </error-page>
-
-    <error-page>
-        <error-code>401</error-code>
-        <location>/error.html</location>
-    </error-page>
-
-    <error-page>
-        <error-code>403</error-code>
-        <location>/error.html</location>
-    </error-page>
-
-    <error-page>
-        <error-code>500</error-code>
-        <location>/error.html</location>
-    </error-page>
-
-    <security-constraint>
-        <web-resource-collection>
-            <web-resource-name>Users</web-resource-name>
-            <url-pattern>/*</url-pattern>
-        </web-resource-collection>
-        <auth-constraint>
-            <role-name>user</role-name>
-        </auth-constraint>
-    </security-constraint>
-    <security-constraint>
-        <web-resource-collection>
-            <web-resource-name>Errors</web-resource-name>
-            <url-pattern>/error.html</url-pattern>
-        </web-resource-collection>
-    </security-constraint>
-
-    <login-config>
-        <auth-method>BASIC</auth-method>
-        <realm-name>demo</realm-name>
-        <form-login-config>
-            <form-login-page>/error.html</form-login-page>
-            <form-error-page>/error.html</form-error-page>
-        </form-login-config>
-    </login-config>
-
-    <security-role>
-        <role-name>admin</role-name>
-    </security-role>
-    <security-role>
-        <role-name>user</role-name>
-    </security-role>
-</web-app>

testsuite/tomcat7/src/test/resources/adapter-test/customer-db/WEB-INF/keycloak.json

@@ -1,10 +0,0 @@
-{
-  "realm" : "demo",
-  "resource" : "customer-db",
-  "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
-  "auth-server-url": "http://localhost:8081/auth",
-  "ssl-required" : "external",
-  "bearer-only" : true,
-  "enable-cors" : true
-
-}

testsuite/tomcat7/src/test/resources/adapter-test/customer-db/WEB-INF/web.xml

@@ -1,57 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
-  ~ and other contributors as indicated by the @author tags.
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~ http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<web-app xmlns="http://java.sun.com/xml/ns/javaee"
-      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
-      version="3.0">
-
-	<module-name>adapter-test</module-name>
-
-    <servlet>
-        <servlet-name>Servlet</servlet-name>
-        <servlet-class>org.keycloak.testsuite.adapter.servlet.CustomerDatabaseServlet</servlet-class>
-    </servlet>
-
-    <servlet-mapping>
-        <servlet-name>Servlet</servlet-name>
-        <url-pattern>/*</url-pattern>
-    </servlet-mapping>
-
-    <security-constraint>
-        <web-resource-collection>
-            <web-resource-name>Users</web-resource-name>
-            <url-pattern>/*</url-pattern>
-        </web-resource-collection>
-        <auth-constraint>
-            <role-name>user</role-name>
-        </auth-constraint>
-    </security-constraint>
-
-    <login-config>
-        <auth-method>BASIC</auth-method>
-        <realm-name>demo</realm-name>
-    </login-config>
-
-    <security-role>
-        <role-name>admin</role-name>
-    </security-role>
-    <security-role>
-        <role-name>user</role-name>
-    </security-role>
-</web-app>

testsuite/tomcat7/src/test/resources/adapter-test/customer-portal/WEB-INF/keycloak.json

@@ -1,11 +0,0 @@
-{
-    "realm": "demo",
-    "resource": "customer-portal",
-    "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
-    "auth-server-url": "http://localhost:8081/auth",
-    "ssl-required" : "external",
-    "expose-token": true,
-    "credentials": {
-        "secret": "password"
-    }
-}

testsuite/tomcat7/src/test/resources/adapter-test/customer-portal/WEB-INF/web.xml

@@ -1,76 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
-  ~ and other contributors as indicated by the @author tags.
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~ http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<web-app xmlns="http://java.sun.com/xml/ns/javaee"
-      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
-      version="3.0">
-
-	<module-name>adapter-test</module-name>
-
-    <servlet>
-        <servlet-name>Servlet</servlet-name>
-        <servlet-class>org.keycloak.testsuite.adapter.servlet.CustomerServlet</servlet-class>
-    </servlet>
-    <servlet>
-        <servlet-name>Error Servlet</servlet-name>
-        <servlet-class>org.keycloak.testsuite.rule.ErrorServlet</servlet-class>
-    </servlet>
-
-    <servlet-mapping>
-        <servlet-name>Servlet</servlet-name>
-        <url-pattern>/*</url-pattern>
-    </servlet-mapping>
-
-    <servlet-mapping>
-        <servlet-name>Error Servlet</servlet-name>
-        <url-pattern>/error.html</url-pattern>
-    </servlet-mapping>
-
-    <security-constraint>
-        <web-resource-collection>
-            <web-resource-name>Users</web-resource-name>
-            <url-pattern>/*</url-pattern>
-        </web-resource-collection>
-        <auth-constraint>
-            <role-name>user</role-name>
-        </auth-constraint>
-    </security-constraint>
-    <security-constraint>
-        <web-resource-collection>
-            <web-resource-name>Errors</web-resource-name>
-            <url-pattern>/error.html</url-pattern>
-        </web-resource-collection>
-    </security-constraint>
-
-    <login-config>
-        <auth-method>BASIC</auth-method>
-        <realm-name>demo</realm-name>
-        <form-login-config>
-            <form-login-page>/error.html</form-login-page>
-            <form-error-page>/error.html</form-error-page>
-        </form-login-config>
-    </login-config>
-
-    <security-role>
-        <role-name>admin</role-name>
-    </security-role>
-    <security-role>
-        <role-name>user</role-name>
-    </security-role>
-</web-app>

testsuite/tomcat7/src/test/resources/adapter-test/demorealm.json

@@ -1,164 +0,0 @@
-{
-    "id": "demo",
-    "realm": "demo",
-    "enabled": true,
-    "accessTokenLifespan": 3000,
-    "accessCodeLifespan": 10,
-    "accessCodeLifespanUserAction": 6000,
-    "sslRequired": "external",
-    "registrationAllowed": false,
-    "privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
-    "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
-    "requiredCredentials": [ "password" ],
-    "users" : [
-        {
-            "username" : "bburke@redhat.com",
-            "enabled": true,
-            "email" : "bburke@redhat.com",
-            "firstName": "Bill",
-            "lastName": "Burke",
-            "credentials" : [
-                { "type" : "password",
-                    "value" : "password" }
-            ],
-            "realmRoles": [ "user" ],
-            "applicationRoles": {
-                "account": [ "manage-account" ]
-            }
-        },
-        {
-            "username" : "mposolda",
-            "enabled": true,
-            "email" : "mposolda@redhat.com",
-            "firstName": "Marek",
-            "lastName": "Posolda",
-            "credentials" : [
-                { "type" : "password",
-                  "value" : "password" }
-            ],
-            "realmRoles": [ "user" ],
-            "applicationRoles": {
-                "account": [ "manage-account" ]
-            }
-        }
-    ],
-    "roles" : {
-        "realm" : [
-            {
-                "name": "user",
-                "description": "User privileges"
-            },
-            {
-                "name": "admin",
-                "description": "Administrator privileges"
-            }
-        ]
-    },
-    "scopeMappings": [
-        {
-            "client": "third-party",
-            "roles": ["user"]
-        },
-        {
-            "client": "customer-portal",
-            "roles": ["user"]
-        },
-        {
-            "client": "product-portal",
-            "roles": ["user"]
-        }
-
-    ],
-    "applications": [
-        {
-            "name": "customer-portal",
-            "enabled": true,
-            "adminUrl": "http://localhost:8082/customer-portal",
-            "baseUrl": "http://localhost:8082/customer-portal",
-            "directAccessGrantsEnabled": true,
-            "redirectUris": [
-                "http://localhost:8082/customer-portal/*"
-            ],
-            "secret": "password"
-        },
-        {
-            "name": "customer-cookie-portal",
-            "enabled": true,
-            "baseUrl": "http://localhost:8082/customer-cookie-portal",
-            "redirectUris": [
-                "http://localhost:8082/customer-cookie-portal/*"
-            ],
-            "secret": "password"
-        },
-        {
-            "name": "customer-portal-js",
-            "enabled": true,
-            "publicClient": true,
-            "adminUrl": "http://localhost:8082/customer-portal-js",
-            "baseUrl": "http://localhost:8082/customer-portal-js",
-            "redirectUris": [
-                "http://localhost:8080/customer-portal-js/*"
-            ]
-        },
-        {
-            "name": "customer-portal-cli",
-            "enabled": true,
-            "publicClient": true,
-            "redirectUris": [
-                "urn:ietf:wg:oauth:2.0:oob",
-                "http://localhost"
-            ]
-        },
-        {
-            "name": "product-portal",
-            "enabled": true,
-            "adminUrl": "http://localhost:8082/product-portal",
-            "baseUrl": "http://localhost:8082/product-portal",
-            "redirectUris": [
-                "http://localhost:8082/product-portal/*"
-            ],
-            "secret": "password"
-        },
-        {
-            "name": "secure-portal",
-            "enabled": true,
-            "adminUrl": "http://localhost:8082/secure-portal",
-            "baseUrl": "http://localhost:8082/secure-portal",
-            "redirectUris": [
-                "http://localhost:8082/secure-portal/*"
-            ],
-            "secret": "password"
-        },
-        {
-            "name": "session-portal",
-            "enabled": true,
-            "adminUrl": "http://localhost:8082/session-portal",
-            "baseUrl": "http://localhost:8082/session-portal",
-            "redirectUris": [
-                "http://localhost:8082/session-portal/*"
-            ],
-            "secret": "password"
-        },
-        {
-            "name": "input-portal",
-            "enabled": true,
-            "adminUrl": "http://localhost:8082/input-portal",
-            "baseUrl": "http://localhost:8082/input-portal",
-            "redirectUris": [
-                "http://localhost:8082/input-portal/*"
-            ],
-            "secret": "password"
-        }
-    ],
-    "oauthClients": [
-        {
-            "name": "third-party",
-            "enabled": true,
-            "redirectUris": [
-                "http://localhost:8082/oauth-client/*",
-                "http://localhost:8082/oauth-client-cdi/*"
-            ],
-            "secret": "password"
-        }
-    ]
-}

testsuite/tomcat7/src/test/resources/adapter-test/input-portal/WEB-INF/keycloak.json

@@ -1,10 +0,0 @@
-{
-  "realm" : "demo",
-  "resource" : "input-portal",
-  "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
-  "auth-server-url" : "http://${my.host.name}:8081/auth",
-  "ssl-required" : "external",
-  "credentials" : {
-      "secret": "password"
-   }
-}

testsuite/tomcat7/src/test/resources/adapter-test/input-portal/WEB-INF/web.xml

@@ -1,57 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
-  ~ and other contributors as indicated by the @author tags.
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~ http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<web-app xmlns="http://java.sun.com/xml/ns/javaee"
-      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
-      version="3.0">
-
-	<module-name>adapter-test</module-name>
-
-    <servlet>
-        <servlet-name>Servlet</servlet-name>
-        <servlet-class>org.keycloak.testsuite.adapter.servlet.InputServlet</servlet-class>
-    </servlet>
-
-    <servlet-mapping>
-        <servlet-name>Servlet</servlet-name>
-        <url-pattern>/*</url-pattern>
-    </servlet-mapping>
-
-    <security-constraint>
-        <web-resource-collection>
-            <web-resource-name>Users</web-resource-name>
-            <url-pattern>/secured/*</url-pattern>
-        </web-resource-collection>
-        <auth-constraint>
-            <role-name>user</role-name>
-        </auth-constraint>
-    </security-constraint>
-
-    <login-config>
-        <auth-method>BASIC</auth-method>
-        <realm-name>demo</realm-name>
-    </login-config>
-
-    <security-role>
-        <role-name>admin</role-name>
-    </security-role>
-    <security-role>
-        <role-name>user</role-name>
-    </security-role>
-</web-app>

testsuite/tomcat7/src/test/resources/adapter-test/product-portal/META-INF/context.xml

@@ -1,20 +0,0 @@
-<!--
-  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
-  ~ and other contributors as indicated by the @author tags.
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~ http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<Context path="/customer-portal">
-    <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
-</Context>

testsuite/tomcat7/src/test/resources/adapter-test/product-portal/WEB-INF/keycloak.json

@@ -1,10 +0,0 @@
-{
-  "realm" : "demo",
-  "resource" : "product-portal",
-  "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
-  "auth-server-url" : "http://localhost:8081/auth",
-  "ssl-required" : "external",
-  "credentials" : {
-      "secret": "password"
-   }
-}

testsuite/tomcat7/src/test/resources/adapter-test/product-portal/WEB-INF/web.xml

@@ -1,57 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
-  ~ and other contributors as indicated by the @author tags.
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~ http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<web-app xmlns="http://java.sun.com/xml/ns/javaee"
-      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
-      version="3.0">
-
-	<module-name>adapter-test</module-name>
-
-    <servlet>
-        <servlet-name>Servlet</servlet-name>
-        <servlet-class>org.keycloak.testsuite.adapter.servlet.ProductServlet</servlet-class>
-    </servlet>
-
-    <servlet-mapping>
-        <servlet-name>Servlet</servlet-name>
-        <url-pattern>/*</url-pattern>
-    </servlet-mapping>
-
-    <security-constraint>
-        <web-resource-collection>
-            <web-resource-name>Users</web-resource-name>
-            <url-pattern>/*</url-pattern>
-        </web-resource-collection>
-        <auth-constraint>
-            <role-name>user</role-name>
-        </auth-constraint>
-    </security-constraint>
-
-    <login-config>
-        <auth-method>BASIC</auth-method>
-        <realm-name>demo</realm-name>
-    </login-config>
-
-    <security-role>
-        <role-name>admin</role-name>
-    </security-role>
-    <security-role>
-        <role-name>user</role-name>
-    </security-role>
-</web-app>

testsuite/tomcat7/src/test/resources/adapter-test/secure-portal/META-INF/context.xml

@@ -1,20 +0,0 @@
-<!--
-  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
-  ~ and other contributors as indicated by the @author tags.
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~ http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<Context path="/customer-portal">
-    <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
-</Context>