diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/ant/configure.xml b/testsuite/integration-arquillian/servers/auth-server/jboss/common/ant/configure.xml
index d97f0cc99e..edc2758ace 100644
--- a/testsuite/integration-arquillian/servers/auth-server/jboss/common/ant/configure.xml
+++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/ant/configure.xml
@@ -60,13 +60,15 @@
cli scripts for standalone prepared
@@ -74,7 +76,8 @@
cli scripts for crossdc prepared
@@ -92,7 +95,7 @@
-
+
@@ -100,6 +103,14 @@
+
+
+
+
+
+
+
+
diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/jboss-cli/keycloak-server-subsystem.cli b/testsuite/integration-arquillian/servers/auth-server/jboss/common/jboss-cli/keycloak-server-subsystem.cli
index 3362d7b189..7f4bb64a1e 100644
--- a/testsuite/integration-arquillian/servers/auth-server/jboss/common/jboss-cli/keycloak-server-subsystem.cli
+++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/jboss-cli/keycloak-server-subsystem.cli
@@ -1,13 +1,5 @@
echo *** Updating keycloak-server subsystem ***
-echo ** Adding truststore spi**
-/subsystem=keycloak-server/spi=truststore/:add
-/subsystem=keycloak-server/spi=truststore/provider=file/:add(enabled=true,properties={ \
- file => "${auth.server.truststore:${jboss.home.dir}/standalone/configuration/keycloak.truststore}", \
- password => "${auth.server.truststore.password:secret}", \
- hostname-verification-policy => "WILDCARD", \
- disabled => "false"})
-
echo ** Adding login-protocol spi **
/subsystem=keycloak-server/spi=login-protocol/:add
/subsystem=keycloak-server/spi=login-protocol/provider=saml/:add(enabled=true,properties={knownProtocols => "[\"http=${auth.server.http.port}\",\"https=${auth.server.https.port}\"]"})
diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/jboss-cli/truststore.cli b/testsuite/integration-arquillian/servers/auth-server/jboss/common/jboss-cli/truststore.cli
new file mode 100644
index 0000000000..d6ead8c8da
--- /dev/null
+++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/jboss-cli/truststore.cli
@@ -0,0 +1,8 @@
+
+echo ** Adding truststore spi**
+/subsystem=keycloak-server/spi=truststore/:add
+/subsystem=keycloak-server/spi=truststore/provider=file/:add(enabled=true,properties={ \
+ file => "${auth.server.truststore:${jboss.home.dir}/standalone/configuration/keycloak.truststore}", \
+ password => "${auth.server.truststore.password:secret}", \
+ hostname-verification-policy => "WILDCARD", \
+ disabled => "false"})
diff --git a/testsuite/integration-arquillian/servers/migration/pom.xml b/testsuite/integration-arquillian/servers/migration/pom.xml
index 6f1a1f90be..0482175248 100644
--- a/testsuite/integration-arquillian/servers/migration/pom.xml
+++ b/testsuite/integration-arquillian/servers/migration/pom.xml
@@ -130,6 +130,30 @@
+
+ maven-resources-plugin
+
+
+ copy-keystore
+ process-resources
+
+ copy-resources
+
+
+ ${auth.server.home}/standalone/configuration
+
+
+ ${common.resources}/keystore
+
+ keycloak.jks
+ keycloak.truststore
+
+
+
+
+
+
+
org.apache.maven.plugins
maven-antrun-plugin
@@ -157,6 +181,18 @@
+
+ inject-truststore
+ generate-resources
+
+ run
+
+
+
+
+
+
+
ant-apply-prepared-clis
process-resources
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java
index 2146aadf9c..b8e0760c76 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/arquillian/AuthServerTestEnricher.java
@@ -370,6 +370,7 @@ public class AuthServerTestEnricher {
if (suiteContext.isAuthServerMigrationEnabled()) {
log.info("\n\n### Starting keycloak " + System.getProperty("migrated.auth.server.version", "- previous") + " ###\n\n");
startContainerEvent.fire(new StartContainer(suiteContext.getMigratedAuthServerInfo().getArquillianContainer()));
+ initializeTLS(suiteContext.getMigratedAuthServerInfo());
}
}
@@ -411,8 +412,6 @@ public class AuthServerTestEnricher {
//frontend-only (either load-balancer or auth-server)
log.debug("Starting auth server before suite");
- setJsseSecurityProviderForOutboundSslConnectionsOfElytronClient();
-
try {
startContainerEvent.fire(new StartContainer(suiteContext.getAuthServerInfo().getArquillianContainer()));
} catch (Exception e) {
@@ -550,10 +549,8 @@ public class AuthServerTestEnricher {
public static void initializeTLS(ContainerInfo containerInfo) {
if (ServerURLs.AUTH_SERVER_SSL_REQUIRED && containerInfo.isJBossBased()) {
log.infof("\n\n### Setting up TLS for %s ##\n\n", containerInfo);
- try {
- OnlineManagementClient client = getManagementClient(containerInfo);
+ try (OnlineManagementClient client = getManagementClient(containerInfo)) {
AuthServerTestEnricher.enableTLS(client);
- client.close();
} catch (Exception e) {
log.warn("Failed to set up TLS for container '" + containerInfo.getQualifier() + "'. This may lead to unexpected behavior unless the test" +
" sets it up manually", e);
@@ -584,7 +581,7 @@ public class AuthServerTestEnricher {
* the platform providers for respective property.
*
*/
- public static void setJsseSecurityProviderForOutboundSslConnectionsOfElytronClient() {
+ public static void setJsseSecurityProviderForOutboundSslConnectionsOfElytronClient(@Observes(precedence = 100) StartSuiteContainers event) {
log.info(
"Determining the JSSE security provider to use for outbound " +
"SSL/TLS connections of the Elytron client..."