Commit graph

479 commits

Author SHA1 Message Date
Sebastian Laskawiec
406097a508 KEYCLOAK-6749 Jetty App Server 2019-03-05 15:21:48 +01:00
mposolda
89d0c51e13 KEYCLOAK-3159 Migrate federation package from old testsuite 2019-03-04 13:37:12 +01:00
Hynek Mlnarik
37ef47d6ab KEYCLOAK-9509 Upgrade to Wildfly 15
KEYCLOAK-9584 Update Wildfly Arquillian version

KEYCLOAK-9581: Fix CookiePathTests

KEYCLOAK-9607 CLI sripts and configuration files update

KEYCLOAK-9580 Fix component registration error

KEYCLOAK-9590 Update JDG to newest version

* Infinispan is using whatever version is set in root pom.xml.

KEYCLOAK-9509 Fix Undertow tests

Co-Authored-By: vramik <vramik@redhat.com>
Co-Authored-By: sebastienblanc <scm.blanc@gmail.com>
2019-02-25 08:56:46 +01:00
stianst
e06c705ca8 Set version 5.0.0 2019-02-21 09:35:14 +01:00
mposolda
e4d4159743 KEYCLOAK-9586 Fix cluster tests. Fix cross-dc tests on embedded undertow 2019-02-20 19:11:38 +01:00
Sebastian Laskawiec
ee41a0450f KEYCLOAK-8349 KEYCLOAK-8659 Use TLS for all tests in the suite 2019-02-08 08:57:48 -02:00
vramik
c4a46a5591 KEYCLOAK-7677 KEYCLOAK-7723 fix version collision of httpclient
Co-authored-by: Pedro Igor <psilva@redhat.com>
2019-01-10 17:45:41 -02:00
stianst
7c9f15778a Set version to 4.8.3.Final 2019-01-09 20:39:30 +01:00
stianst
7c4890152c Set version to 4.8.2 2019-01-03 14:43:22 +01:00
Hynek Mlnarik
00e0ba8633 KEYCLOAK-8940 Stabilize SessionsPreloadCrossDCTest.loginFailuresPreloadTest 2018-12-04 14:27:57 +01:00
stianst
b674c0d4d9 Prepare for 4.8.0.Final 2018-12-04 13:54:25 +01:00
Pedro Igor
91637120ee [KEYCLOAK-5052] - LDAP group names containing / in the name violates SIBILING_NAME constraint in db 2018-11-23 08:48:08 -02:00
Takashi Norimatsu
0793234c19 KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 (#5603)
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

also support client signed signature verification by refactored token
verification mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

incorporate feedbacks and refactor client public key loading mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

unsigned request object not allowed

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

revert to re-support "none"
2018-11-19 14:28:32 +01:00
mposolda
0533782d90 KEYCLOAK-7275 KEYCLOAK-5479 Faster offline sessions preloading at startup. Track lastSessionRefresh timestamps more properly by support bulk update to DB 2018-11-16 14:23:28 +01:00
stianst
ecd476fb10 Prepare for 4.7.0.Final 2018-11-14 20:10:59 +01:00
mposolda
0897d969b1 KEYCLOAK-7340 2018-11-14 20:09:22 +01:00
mposolda
9652748ba9 KEYCLOAK-8484 Remove audience client scope template 2018-10-31 11:11:02 +01:00
vramik
7a96911a83 KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
Mark True
28b6e4dd5b cleaning up to do PR 2018-10-08 09:16:53 +02:00
mposolda
2a4cee6044 KEYCLOAK-6884 KEYCLOAK-3454 KEYCLOAK-8298 Default 'roles' and 'web-origins' client scopes. Add roles and allowed-origins to the token through protocol mappers 2018-10-04 12:00:38 +02:00
Pedro Igor
b4b3527df7 [KEYCLOAK-7950] - Fixes user pagination when using filtering users members of groups 2018-10-02 15:44:23 -03:00
stianst
c3fc9e9815 Set version to 4.6.0.Final-SNAPSHOT 2018-09-26 20:58:41 +02:00
wyvie
01051016f5 [KEYCLOAK-8185] add clear method to exportimport resource 2018-09-13 11:54:28 +02:00
stianst
bf758809ba KEYCLOAK-6229 OpenShift Token Review interface 2018-09-07 08:21:28 +02:00
stianst
1fb4ca4525 Set version to 4.5.0.Final 2018-09-06 20:08:02 +02:00
mposolda
6fc99cd749 KEYCLOAK-7594 Upgrade to Wildfly 13. Cross-DC: Upgrade to infinispan server 9.2.4 and JDG 7.2
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2018-08-27 12:52:53 +02:00
mposolda
575851d45c KEYCLOAK-6038 Kerberos cross-realm trust test 2018-08-10 13:31:36 +02:00
Martin Kanis
ee8c35a48e KEYCLOAK-6119 Create CI job for Postgres with schema 2018-08-08 08:57:11 +02:00
mposolda
27719565ae KEYCLOAK-4298 Migrate LDAP tests to the new testsuite 2018-08-06 12:08:19 +02:00
mposolda
959cd035ba Set version to 4.3.0.Final-SNAPSHOT 2018-08-01 22:40:05 +02:00
mposolda
d0a824dde4 Updating version to 4.2.0.Final-SNAPSHOT 2018-07-05 07:42:48 -04:00
vramik
d9f79fae79 KEYCLOAK-7510 Add Support for server specific ArchiveProcessor 2018-06-22 11:38:57 +02:00
stianst
e1a0e581b9 Update to 4.1.0.Final-SNAPSHOT 2018-06-14 14:22:28 +02:00
vramik
b0c89d739b KEYCLOAK-6541 app server undertow support 2018-06-11 13:46:59 +02:00
Marek Posolda
49407c2e4f
KEYCLOAK-6630 Client scopes initial support (#5076)
* KEYCLOAK-6630 KEYCLOAK-349 Client Scopes

Co-authored-by: vramik <vramik@redhat.com>

* KEYCLOAK-6630 Change some clientTemplate occurences to clientScope
2018-06-08 15:38:38 +02:00
Pedro Igor
aa128d6c07
Merge pull request #5240 from pedroigor/KEYCLOAK-7353
[KEYCLOAK-7353] Support Policy Management in Protection API
2018-06-07 11:05:49 -03:00
Federico M. Facca
5a9bfea419 [KEYCLOAK-7353] Support Policy Management in Protection API
See https://issues.jboss.org/browse/KEYCLOAK-7353
2018-06-06 19:36:42 -03:00
Tomas Kyjovsky
1b4d9a6147 KEYCLOAK-7440 Modcluster configuration for functional cluster test is broken 2018-06-06 20:40:50 +02:00
Takashi Norimatsu
c586c63533 KEYCLOAK-6771 Holder of Key mechanism
OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access
Tokens
2018-06-05 08:18:29 +02:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final (#5224) 2018-05-24 19:02:30 +02:00
mhajas
3ced81a2c2 KEYCLOAK-7315 Fix issues in JavascriptAdapter tests (#5193)
more in issue KEYCLOAK-7315
2018-05-07 14:47:56 -04:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT (#5185) 2018-05-02 14:32:20 +02:00
mhajas
70b3f6bd92 KEYCLOAK-6840 Remove untracked file and unpack js adapter directly to testsuite provider target directory (#5133) 2018-04-06 11:47:10 +02:00
Bill Burke
06f32a47ec fake browser tests 2018-03-30 08:24:30 -04:00
stianst
07fea02146 Bump versions to 4.0.0.Beta2-SNAPSHOT 2018-03-26 18:17:38 +02:00
Pedro Igor
f824582aac
Merge pull request #5009 from pedroigor/KEYCLOAK-6116
[KEYCLOAK-6116] - Get email attribute from 'subject alternative name' using X509 certificate
2018-03-12 09:58:02 -03:00
Hynek Mlnarik
190771ddf1 KEYCLOAK-6783 Add authentication into cross-dc testing 2018-03-09 15:08:55 +01:00
pedroigor
1f13427dee [KEYCLOAK-6116] - Enabling tests for both jboss servers 2018-03-09 10:56:35 -03:00
pedroigor
6aee573e2e [KEYCLOAK-6116] - Tests for X509 Subject Alternative Name Extension 2018-03-09 10:56:35 -03:00
pedroigor
c5c285abc3 [KEYCLOAK-6116] - Adding a OpenSSL CA Authority for testing 2018-03-09 10:56:35 -03:00
vramik
569f26776e KEYCLOAK-5060 KEYCLOAK-3157 migrated Adapter package from old testsuite 2018-03-02 10:56:26 +01:00
vmuzikar
d70e4740fc KEYCLOAK-6693 Support external truststore in testsuite 2018-02-27 07:45:21 +01:00
mhajas
e2ad59a74d KEYCLOAK-4816 KEYCLOAK-4817 Move javascript tests to base testsuite and (#4964)
* KEYCLOAK-4816 KEYCLOAK-4817 Move javascript tests to base testsuite and
use JavascriptExecutor

* Use PhantomJS 2.1.1 instead of 1.9.8 in Travis CI
2018-02-26 10:49:05 +01:00
stianst
505cf5b251 KEYCLOAK-6519 Theme resource provider 2018-02-09 08:28:59 +01:00
Bill Burke
a571781240 hynek db changes 2018-01-30 17:00:55 -05:00
Bill Burke
4a044fe867 add ofline token test 2018-01-29 17:08:13 -05:00
Bill Burke
1d8e38f0c6 admin console 2018-01-27 13:05:02 -05:00
Bill Burke
6b84b9b4b6 done 1st iteration 2018-01-27 09:47:16 -05:00
Bill Burke
a9297df89c KEYCLOAK-6335 2018-01-23 12:09:49 -05:00
stianst
0bedbb4dd3 Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
Hynek Mlnarik
2a2e6c839b KEYCLOAK-5635 2017-12-13 21:07:46 +01:00
mposolda
b8416dfa3e KEYCLOAK-5981 Test Impersonation works when authenticationSession exists 2017-12-12 09:43:34 +01:00
mposolda
6c34b4c418 KEYCLOAK-5914 Periodic clean of detached client sessions 2017-12-05 08:25:30 +01:00
stianst
37de8e9f69 Bump version to 3.4.2.Final-SNAPSHOT 2017-12-01 09:34:48 +01:00
stianst
2be78a0239 KEYCLOAK-5924 Add error handler for uncaught errors 2017-11-30 10:33:13 +01:00
mposolda
bd1072d2eb KEYCLOAK-5747 Ensure refreshToken doesn't need to send request to the other DC. Other fixes and polishing 2017-11-22 11:55:12 +01:00
vramik
afd906b9a9 KEYCLOAK-5705 add missing dependency to module.xml for mssql in eap module 2017-11-21 21:51:19 +01:00
vramik
c083c1c4cf KEYCLOAK-5873 set DB_CLOSE_ON_EXIT to false when crossdc tests are run on in memory H2 2017-11-21 21:46:59 +01:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00
Pedro Igor
081ad09ed8 Merge pull request #4619 from pedroigor/KEYCLOAK-4901
[KEYCLOAK-4901] - Reviewing methods on provider spi
2017-10-26 15:33:09 -03:00
Pedro Igor
a70cab502c [KEYCLOAK-4901] - Reviewing methods on provider spis 2017-10-26 13:39:57 -02:00
Tomas Kyjovsky
a45a2acc4c KEYCLOAK-5691 Galera cluster, full testsuite 2017-10-26 15:27:57 +02:00
Hynek Mlnarik
75c354fd94 KEYCLOAK-5745 Separate user and client sessions in infinispan 2017-10-26 10:39:41 +02:00
Stan Silvert
9083e5fe5c KEYCLOAK-5298: Enable autoescaping in Freemarker (#4561)
* KEYCLOAK-5298: Enable autoescaping in Freemarker

* Fix several of the failing tests.

* Fix broken tests in integration-deprecated

* Fix last failing test.
2017-10-23 12:03:00 -04:00
vramik
25d785df02 KEYCLOAK-5705 add missing dependency to module.xml for mssql 2017-10-20 12:56:51 +02:00
Thomas Darimont
3103e0fd0a KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider (#4370)
* KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider

This introduces a new PasswordPolicy which can refer to
a named predefined password-blacklist to avoid users
choosing too easy to guess passwords.

The BlacklistPasswordPolicyProvider supports built-in as
well as custom blacklists.
built-in blacklists use the form `default/filename`
and custom ones `custom/filename`, where filename
is the name of the found blacklist-filename.

I'd propose to use some of the freely available password blacklists
from the [SecLists](https://github.com/danielmiessler/SecLists/tree/master/Passwords) project.

For testing purposes one can download the password blacklist
```
wget -O 10_million_password_list_top_1000000.txt https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_1000000.txt?raw=true
```
to /data/keycloak/blacklists/

Custom password policies can be configured with the SPI
configuration mechanism via jboss-cli:
```
/subsystem=keycloak-server/spi=password-policy:add()
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:add(enabled=true)
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:write-attribute(name=properties.blacklistsFolderUri, value=file:///data/keycloak/blacklists/)
```

Password blacklist is stored in a TreeSet.

* KEYCLOAK-5244 Encode PasswordBlacklist as a BloomFilter

We now use a dynamically sized BloomFilter with a
false positive probability of 1% as a backing store
for PasswordBlacklists.

BloomFilter implementation is provided by google-guava
which is available in wildfly.

Password blacklist files are now resolved against
the ${jboss.server.data.dir}/password-blacklists.

This can be overridden via system property, or SPI config.
See JavaDoc of BlacklistPasswordPolicyProviderFactory for details.

Revised implementation to be more extensible, e.g. it could be
possible to use other stores like databases etc.

Moved FileSystem specific methods to FileBasesPasswordBlacklistPolicy.

The PasswordBlacklistProvider uses the guava version 20.0
shipped with wildfly. Unfortunately the arquillian testsuite
transitively depends on guava 23.0 via the selenium-3.5.1
dependency. Hence we need to use version 23.0 for tests but 20.0
for the policy provider to avoid NoClassDefFoundErrors in the
server-dist.

Configure password blacklist folder for tests

* KEYCLOAK-5244 Configure jboss.server.data.dir for test servers

* KEYCLOAK-5244 Translate blacklisted message in base/login
2017-10-17 20:41:44 +02:00
Hynek Mlnarik
056ba75a72 KEYCLOAK-5656 Use standard infinispan remote-store 2017-10-16 21:49:42 +02:00
mposolda
1874820008 KEYCLOAK-5371 Fix ConcurrentLoginCrossDCTest.concurrentLoginWithRandomDcFailures 2017-10-11 13:02:55 +02:00
Hynek Mlnarik
fe972ce12b KEYCLOAK-5656 Remove remoteServers configuration option 2017-10-09 11:58:28 +02:00
Hynek Mlnarik
6cbfbeca0b KEYCLOAK-5656 Remove KeycloakTcpTransportFactory 2017-10-06 13:20:17 +02:00
mposolda
bca4c35708 KEYCLOAK-5371 Fix ActionTokenCrossDCTest and BruteForceCrossDCTest 2017-10-04 13:25:45 +02:00
vramik
b0a1550df5 KEYCLOAK-5586 crossdc tests on Wildfly using real database 2017-10-04 12:00:18 +02:00
vramik
f806d4a5d6 KEYCLOAK-5586 Add support for testing cross dc tests on jboss-based containers 2017-10-03 14:01:45 +02:00
mposolda
3b6e1f4e93 KEYCLOAK-5007 Used single-use cache for tracke OAuth code. OAuth code changed to be encrypted and signed JWT 2017-09-29 13:20:22 +02:00
Antonio Howcroft Ferreira
a551195ddf KEYCLOAK-2035 update with feedback from PR by bburke 2017-09-22 15:05:49 +01:00
howcroft
e78bf5f876 Keycloak 2035
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
mhajas
330cb022eb KEYCLOAK-5320 Configure SSL using creaper 2017-09-08 13:19:48 +02:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Stian Thorgersen
20ac70d3fd KEYCLOAK-5119 (#4400) 2017-08-22 08:07:36 +02:00
mposolda
868e76fcf3 KEYCLOAK-4630 Added SessionsPreloadCrossDCTest for test preloading sessions and offline sessions. Support for manual.mode to control manually lifecycle of all servers. 2017-08-11 17:44:00 +02:00
mposolda
07e2136b3b KEYCLOAK-4187 Added UserSession support for cross-dc 2017-07-27 22:32:58 +02:00
Stian Thorgersen
badba7adaf KEYCLOAK-5143 Run auth-server-wildfly profile on Travis (#4317) 2017-07-14 07:01:54 +02:00
Stian Thorgersen
5fbb362710 KEYCLOAK-5119 Set encoding for TestingResourceProvider.runOnServer (#4292) 2017-07-05 13:39:16 +02:00
Stian Thorgersen
9a9f4137e5 KEYCLOAK-4556 KEYCLOAK-5022 Only cache keycloak.js and iframe if specific version is requested (#4289) 2017-07-04 21:18:34 +02:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
Hynek Mlnarik
5e16a32f86 KEYCLOAK-5106 Fix BasicSamlTest on auth-server-wildfly 2017-06-28 20:47:43 +02:00
Pavel Drozd
b02d48f772 Merge pull request #4249 from vramik/KEYCLOAK-5048
KEYCLOAK-5048 missing keycloak version in logs when staring auth-serv…
2017-06-27 11:40:26 +02:00
mposolda
756d996a4a KEYCLOAK-5085 RHSSO-1027 Fix to handle the exception thrown from alternative flow 2017-06-23 19:13:43 +02:00
vramik
e75f47d523 KEYCLOAK-5048 missing keycloak version in logs when staring auth-server-wildfly container. 2017-06-22 09:20:11 +02:00
mposolda
fc61a4e89f KEYCLOAK-4631 Move ClientInitialAccessModel from userSession model to realm model 2017-06-21 22:14:20 +02:00
Hynek Mlnarik
a0f3a6469f KEYCLOAK-4189 - Cross DC testing 2017-06-12 11:14:28 +02:00
Pavel Drozd
a52a1f4618 Merge pull request #4196 from vramik/KEYCLOAK-4481
KEYCLOAK-4481 some authz export tests
2017-05-30 16:56:54 +02:00
vramik
8f1938c28d KEYCLOAK-4481 Role based permission test 2017-05-30 13:10:09 +02:00
mposolda
c4f172afe7 KEYCLOAK-4977 Upgrade infinispan and undertow version to align with Wildfly 11.0.0.Alpha1 2017-05-26 14:29:30 +02:00
Pavel Drozd
c230edbf72 Merge pull request #4151 from pdrozd/KEYCLOAK-4931
KEYCLOAK-4931 - install patch available from http
2017-05-23 14:01:44 +02:00
Pavel Drozd
60ef910b5b KEYCLOAK-4931 - install patch available from http 2017-05-18 23:47:12 +02:00
Pavel Drozd
53ab314eb9 KEYCLOAK-4930 - Updated install-keycloak script for overlay installation - added ha installation. 2017-05-18 23:35:04 +02:00
mposolda
7d8796e614 KEYCLOAK-4626 Support for sticky sessions with AUTH_SESSION_ID cookie. Clustering tests with embedded undertow. Last fixes. 2017-05-11 22:24:07 +02:00
mposolda
e7272dc05a KEYCLOAK-4626 AuthenticationSessions - brokering works. Few other fixes and tests added 2017-05-11 22:16:26 +02:00
mposolda
a9ec69e424 KEYCLOAK-4626: AuthenticationSessions - working login, registration, resetPassword flows 2017-05-11 22:16:26 +02:00
mposolda
83b29c5080 KEYCLOAK-4626 AuthenticationSessions: start 2017-05-11 22:16:26 +02:00
Stian Thorgersen
87dedb56e5 Set version to 3.2.0.CR1-SNAPSHOT 2017-04-27 14:23:03 +02:00
Pedro Igor
80a80512ea [KEYCLOAK-4769] - Policy enforcer path matching tests 2017-04-20 13:21:01 -03:00
Pedro Igor
55f747ecd0 [KEYCLOAK-3135] - Part 1: Permission Management API 2017-04-12 00:52:13 -03:00
Peter Nalyvayko
b2f10359c8 KEYCLOAK-4335: x509 client certificate authentication
Started on implementing cert thumbprint validation as a part of x509 auth flow. Added a prompt screen to give users a choice to either log in based on the identity extracted from X509 cert or to continue with normal browser login flow authentication; clean up some of the comments

x509 authentication for browser and direct grant flows. Implemented certificate to user mapping based on user attribute

Implemented CRL and OCSP certificate revocation checking and added corresponding configuration settings to set up responderURI (OCSP), a location of a file containing X509CRL entries and switiches to enable/disable revocation checking; reworked the certificate validation; removed superflous logging; changed the certificate authentication prompt page to automatically log in the user after 10 seconds if no response from user is received

Support for loading CRL from LDAP directory; finished the CRL checking using the distribution points in the certificate; updated the instructions how to add X509 authentication to keycloak authentication flows; minor styling changes

Stashing x509 unit test related changes; added the steps to configure mutual SSL in WildFly to the summary document

A minor fix to throw a security exception when unable to check cert revocation status using OCSP; continue working on README

Changes to the formating of the readme

Added a list of features to readme

Fixed a potential bug in X509 cert user authenticator that may cause NPE if the client certificate does not define keyusage or extended key usage extensions

Fixed compile time errors in X509 validators caused by the changes to the user credentials model in upstream master

Removed a superfluous file created when merging x509 and main branches

X509 authentication: removed the PKIX path validation as superflous

Reverted changes to the AbstractAttributeMapper introduced during merging of x509 branch into main

Merge the unit tests from x509 branch

added mockito dependency to services project; changes to the x509 authenticators to expose methods in order to support unit tests; added a default ctor to CertificateValidator class to support unit testing; updated the direct grant and browser x509 authenticators to report consistent status messages; unit tests to validate X509 direct grant and browser authenticators; fixed OCSP validation to throw an exception if the certificate chain contains a single certificate; fixed the CRL revocation validation to only use CRL distribution point validation only if configured

CRL and OSCP mock tests using mock netty server. Changed the certificate validator to better support unit testing.

changes to the mockserver dependency to explicitly exclude xercesImpl that was causing SAMLParsingTest to fail

Added a utility class to build v3 certificates with optional extensions to facilitate X509 unit testing; removed supoerfluous certificate date validity check (undertow should be checking the certificate dates during PKIX path validation anyway)

X509: changes to make configuring the user identity extraction simplier for users - new identity sources to map certificate CN and email (E) attributes from X500 subject and issuer names directly rather than using regular expressions to parse them

X509 fixed a compile error caused by the changes to the user model in master

Integration tests to validate X509 client certificate authentication

Minor tweaks to X509 client auth related integration tests

CRLs to support x509 client cert auth integration tests

X509: reverted the changes to testrealm.json and updated the test to configure the realm at runtime

X509 - changes to the testsuite project configuration to specify a path to a trust store used to test x509 direct grant flow; integration tests to validate x509 authentication in browser and direct grant flows; updated the client certificate to extend its validatity dates; x509 integration tests and authenticators have been refactored to use a common configuration class

X509 separated the browser and direct grant x509 authenction integration tests

x509 updated the authenticator provider test to remove no longer supported cert thumbprint authenticator

x509 removed the dependency on mockito

x509 re-implemented OCSP certificate revocation client used to check revocation status when logging in with x509 certificate to work around the dependency on Sun OCSP implementation; integration tests to verify OCSP revocation requests

index.txt.attr is needed by openssl to run a simple OCSP server

x509: minor grammar fixes

Add OCSP stub responder to integration tests

This commit adds OCSP stub responder needed for the integration tests,
and eliminates the need to run external OCSP responder in order to run
the OCSP in X509OCSPResponderTest.

Replace printStackTrece with logging

This commit replaces call to printStackTrace that will end up going to
the stderr with logging statement of WARN severity.

Remove unused imports

Removed unused imports in
org.keycloak.authentication.authenticators.x509 package.

Parameterized Hashtable variable

Removed unused CertificateFactory variable

Declared serialVersionUID for Serializable class

Removed unused CertificateBuilder class

The CertificateBuilder was not used anywhere in the code, removing it to
prevent technical debt.

Removing unused variable declaration

`response` variable is not used in the test, removed it.

Made sure InputStreams are closed

Even though the InputStreams are memory based, added try-with-resources
to make sure that they are closed.

Removed deprecated usage of URLEncoder

Replaced invocation of deprecated method from URLEncoder with Encode
from Keycloak util package.

Made it more clear how to control OCSP stub responder in the tests

X509 Certificate user authentication: moved the integration unit tests into their own directory to fix a failing travis test job

KEYCLOAK-4335: reduced the logging level; added the instructions how to run X.509 related tests to HOW-TO-RUN.md doc; removed README.md from x509 folder; removed no longer used ocsp profile and fixed the exclusion filter; refactored the x509 base test class that was broken by the recent changes to the integration tests

KEYCLOAK-4335: fixed a few issues after rebasing
2017-03-17 05:24:57 -04:00
Stian Thorgersen
a87ee04024 Bump to 3.1.0.CR1-SNAPSHOT 2017-03-16 14:21:40 +01:00
Pavel Drozd
7ab67d205b Merge pull request #3903 from tkyjovsk/KEYCLOAK-4515
KEYCLOAK-4515 Make it possible to clean-up other DB types than mysql or postgres
2017-03-07 21:50:48 +01:00
mposolda
091b376624 KEYCLOAK-1590 Realm import per test class 2017-03-01 09:38:44 +01:00
Tomas Kyjovsky
c94b7922aa Added profile jdbc-driver-depencency to arq. testsuite; changed jdbc module path from layers/base/com/${db} to layers/base/test/jdbc/${db} 2017-03-01 01:37:53 +01:00
Tomas Kyjovsky
a5677e87db UserStorageTest migrated to Arquillian testsuite 2017-02-22 13:54:11 +01:00
mposolda
f6bc0806d5 KEYCLOAK-4368 Switch default WebDriver impl to htmlUnit 2017-02-20 21:52:15 +01:00
Stian Thorgersen
5b5dc3e442 KEYCLOAK-4265 Social login tests 2017-02-06 13:50:10 +01:00
Bill Burke
bb77ab4a81 account link tests 2017-01-27 17:37:08 -05:00
Stian Thorgersen
5fd3eb2990 KEYCLOAK-3729 Ability to run tests within Keycloak server 2017-01-27 12:14:19 +01:00
Stian Thorgersen
6f22f88d85 Bump version to 3.0.0.CR1 2017-01-26 06:18:11 +01:00
mposolda
a09bc6520f KEYCLOAK-2888 KEYCLOAK-3927 Fully migrate kerberos tests to the new testsuite 2017-01-09 13:50:41 +01:00
Stian Thorgersen
e805ffd945 Bump version to 2.5.1.Final-SNAPSHOT 2016-12-22 08:22:18 +01:00
Pedro Igor
40591cff25 Merge pull request #3662 from pedroigor/KEYCLOAK-4034
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 16:49:10 -02:00
Pedro Igor
c9c9f05e29 [KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup 2016-12-19 11:22:37 -02:00
Stian Thorgersen
f29bb7d501 KEYCLOAK-4092 key provider for HMAC signatures 2016-12-19 10:50:43 +01:00
Bill Burke
62029e8a33 KEYCLOAK-3506 2016-12-10 11:59:29 -05:00
mposolda
a38544796f KEYCLOAK-3823 KEYCLOAK-3824 Added public-key-cache-ttl for OIDC adapters. Invalidate cache when notBefore sent 2016-12-01 12:25:07 +01:00
Stian Thorgersen
b771b84f56 Bump to 2.5.0.Final-SNAPSHOT 2016-11-30 15:44:51 +01:00
Bill Burke
9e50a45b4c UserBulkUpdateProvider interface 2016-11-29 18:43:22 -05:00
mposolda
803fde6c1d KEYCLOAK-3124 Possibility test adapter on embedded undertow 2016-11-29 22:08:23 +01:00
mposolda
69ce1e05f0 KEYCLOAK-3822 Changing signature validation settings of an external IdP is not sometimes reflected 2016-11-28 15:27:25 +01:00
mposolda
7c6032cc84 KEYCLOAK-3825 Ability to expire publicKeys cache. Migrated OIDCBrokerWithSignatureTest to new testsuite 2016-11-25 17:45:37 +01:00
Bill Burke
ccbd8e8c70 remove User Fed SPI 2016-11-23 16:06:44 -05:00
Bill Burke
d5925b8ccf remove realm UserFed SPI methods 2016-11-23 08:31:20 -05:00
Stian Thorgersen
6ec82865d3 Bump version to 2.4.1.Final-SNAPSHOT 2016-11-22 14:56:21 +01:00
Vlasta Ramik
50339f6f0e Test backwards compatibility of realm import 2016-11-16 13:17:04 +01:00
Bill Burke
cc0eb47814 merge 2016-11-14 15:09:41 -05:00
Stian Thorgersen
7e33f4a7d1 KEYCLOAK-3882 Split server-spi into server-spi and server-spi-private 2016-11-10 13:28:42 +01:00
Bill Burke
c75dcb90c2 ldap port 2016-11-04 21:25:47 -04:00
Bill Burke
73e3f2a89b REST API for disable cred type 2016-10-26 15:48:45 -04:00
Stian Thorgersen
4d47f758fc Merge pull request #3405 from stianst/master
Bump version
2016-10-21 10:11:59 +02:00
Stian Thorgersen
c615674cbb Bump version 2016-10-21 07:03:15 +02:00
Stian Thorgersen
5a00aaefa8 KEYCLOAK-2594
bind credential being leaked in admin tool JSON response

KEYCLOAK-2972
Keycloak leaks configuration passwords in Admin Event logs
2016-10-20 19:30:59 +02:00
Vlasta Ramik
041413d8de KEYCLOAK-3619 Update default datasource definition to non-XA 2016-10-18 12:12:41 +02:00
Marek Posolda
2fd680092a Merge pull request #3336 from mposolda/master
KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for …
2016-10-18 08:33:26 +02:00
mposolda
00879b39b7 KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for 'List' type instead of defaultValue 2016-10-17 21:34:21 +02:00
Vlasta Ramik
b0448d1b6f KEYCLOAK-3589 Add support for manual upgrade of database schema to testsuite 2016-10-17 11:32:43 +02:00
mposolda
18e0c0277f KEYCLOAK-3666 Dynamic client registration policies 2016-10-14 20:20:40 +02:00
Stian Thorgersen
d2cae0f8c3 KEYCLOAK-905
Realm key rotation for OIDC
2016-10-13 11:19:52 +02:00
Vlasta Ramik
bc2eb2b9ea KEYCLOAK-3489 KEYCLOAK-3609 2016-10-12 12:28:56 +02:00
Stian Thorgersen
f1156a49cf Merge pull request #3273 from vramik/KEYCLOAK-3619
KEYCLOAK-3619 Update default datasource definition to XA
2016-10-03 13:54:20 +02:00
Bill Burke
d4c3fae546 merge conflicts 2016-09-30 19:19:12 -04:00
mposolda
f9a0abcfc4 KEYCLOAK-3493 KEYCLOAK-3532 Added KeyStorageProvider. Support key rotation for OIDC clients and identity providers with JWKS url. 2016-09-30 21:28:23 +02:00
Vlasta Ramik
550ec2ff51 Update default datasource definition to XA 2016-09-30 12:50:17 +02:00
Bill Burke
8967ca4066 refactor mongo entities, optimize imports 2016-09-28 15:25:39 -04:00
Bill Burke
ecc104719d bump pom version 2016-09-26 11:01:18 -04:00
Pavel Drozd
9ee58909ab Merge pull request #3248 from pdrozd/patches
KEYCLOAK-3597 - Arquillian testuite - server preparation (overlay & p…
2016-09-26 10:26:13 +02:00
Bill Burke
8e65356891 creds 2016-09-22 19:57:39 -04:00
Bill Burke
7209a95dce credential refactoring 2016-09-22 08:34:45 -04:00
Pavel Drozd
59eec8d5b4 KEYCLOAK-3597 - Arquillian testuite - server preparation (overlay & patches installation) 2016-09-20 13:00:54 +02:00
Stian Thorgersen
b2fd429749 Merge pull request #3234 from vramik/KEYCLOAK-3549
KEYCLOAK-3549 fix xsl locator to work with ibmjdk
2016-09-16 09:22:23 +02:00
Vlasta Ramik
bde45eaa07 fix xsl locator to work with ibmjdk 2016-09-14 14:43:14 +02:00
Martin Hardselius
04d03452bd KEYCLOAK-3422 support pairwise subject identifier in oidc 2016-09-13 09:18:45 +02:00
Vlasta Ramik
fa8f60a5f0 remove jta=false from default datasource definition 2016-09-08 15:25:17 +02:00
mposolda
5a015a6518 KEYCLOAK-3494 Input elements backed by user attributes fail to update in themes 2016-09-07 20:08:09 +02:00
Stian Thorgersen
22e85b11eb Merge pull request #3190 from vramik/KEYCLOAK-3489
KEYCLOAK-3489 Database migration testing
2016-09-05 15:19:24 +02:00
Vlasta Ramik
39fe439573 Database migration testing 2016-09-05 13:39:21 +02:00
mposolda
a24a43c4be KEYCLOAK-3349 Support for 'request' and 'request_uri' parameters 2016-09-02 20:20:38 +02:00
mposolda
892d5fd1b7 TestingExportImport in separate resource 2016-09-02 20:20:38 +02:00
Vlasta Ramik
099de9e6e3 KEYCLOAK-3459 Adapt testsuite according to server configuration inside standalone.xml instead of keycloak-server.json 2016-08-25 12:36:39 +02:00
mposolda
3eb9134e02 KEYCLOAK-3424 Support for save JWKS in OIDC ClientRegistration endpoint 2016-08-12 15:51:14 +02:00
mposolda
d52e043322 Set version to 2.2.0-SNAPSHOT 2016-08-10 08:57:18 +02:00
fkiss
4974079794 KEYCLOAK-3211 - ExportImportTest fix for Wildfly 2016-08-09 15:20:40 +02:00
Thomas Darimont
e49afb2d83 KEYCLOAK-3142 - Revised according to codereview
Liquibase Moved schema evolution configuration from jpa-changelog-2.1.0
to jpa-changelog-2.2.0.
Corrected wrong ResourceType references in tests.
Adapted AdminEvents copy-routines to be aware of resourceType attribute.
Added ResourceType enum to exposed ENUMS of ServerInfoAdminResource.

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-08-05 00:01:03 +02:00
Pavel Drozd
0e470d75e9 KEYCLOAK-3336 Arquillian testuite: Added possibility to install server patch 2016-07-19 14:22:49 +02:00
mposolda
38f89b93ff KEYCLOAK-3281 OIDC 'state' parameter is url-encoded twice when responseMode=form_post 2016-07-13 18:07:57 +02:00
Bill Burke
a19469aba5 Merge remote-tracking branch 'upstream/master' 2016-06-30 17:18:17 -04:00
Bill Burke
b224917fc5 bump version 2016-06-30 17:17:53 -04:00
Bill Burke
3f1eecc4be Merge remote-tracking branch 'upstream/master' 2016-06-30 16:47:55 -04:00
Bill Burke
3ba3be877e fixes 2016-06-30 16:47:49 -04:00
Pedro Igor
46d02f15fe [KEYCLOAK-2999] - Authorization arquillian tests 2016-06-30 10:26:05 -03:00
mhajas
69919902b4 Fix duplicate plugin for adding truststore 2016-06-24 12:50:39 +02:00
Stan Silvert
38722e8273 KEYCLOAK-3031 Migrate exportimport package to arquillian testsuite 2016-06-23 11:09:55 -04:00
Stian Thorgersen
e2082ce29f Merge pull request #2950 from vramik/KEYCLOAK-3140
KEYCLOAK-3140 - fixed HTTP 404 Not Found by removing duplicate declaration of plugins in auth-server-jboss
2016-06-22 15:12:01 +02:00
mposolda
da945a69e6 KEYCLOAK-2474 Added test 2016-06-21 13:47:41 +02:00
Vlasta Ramik
48bd019165 fixed duplicate declaration of plugins in auth-server-jboss 2016-06-21 11:21:52 +02:00
fkiss
b50513a946 KEYCLOAK-2283 added email truststore test 2016-06-14 13:49:16 +02:00
mposolda
e6b3586b87 KEYCLOAK-3106 EventStoreProviderTest.query is failing in some environments 2016-06-13 15:02:10 +02:00
Pavel Drozd
54d9943a3b KEYCLOAK-3085 - Add module org.jboss.resteasy.resteasy-jaxrs to integration-arquillian-testsuite-providers 2016-06-06 11:51:20 +02:00
mposolda
c42b8f81e3 KEYCLOAK-3074 Change the TestingResourceProvider to always both firstResults and maxResults in JPA criteria query 2016-06-03 10:31:32 +02:00
mposolda
13bf36ce49 KEYCLOAK-3074 Change the signature of TestingResourceProvider.getAdminEvents to use String instead of java.util.Date 2016-06-03 10:31:24 +02:00
Tomas Kyjovsky
ef95510da4 Updates to the performance tests.
Conflicts:
	testsuite/integration-arquillian/tests/other/adapters/jboss/remote/pom.xml
	testsuite/integration-arquillian/tests/other/clean-start/pom.xml
2016-06-01 16:06:51 +02:00
Stan Silvert
1042a22cf7 KEYCLOAK-2912 Migrate events package to new testsuite 2016-05-25 15:22:17 -04:00
mhajas
183feeb952 Fix ssl adapter tests on wildfly 2016-05-20 14:53:44 +02:00
Bruno Oliveira
c434dc8dcc
KEYCLOAK-2908 - Migration of oidc package 2016-05-14 00:50:23 -03:00
mposolda
fc9dbcf6cb KEYCLOAK-2881 Admin events testing 2016-05-13 11:29:08 +02:00
Marko Strukelj
0878109647 KEYCLOAK-2993 Fix integration-arquillian tests failing with -Pauth-server-wildfly 2016-05-12 09:39:25 +02:00
Bruno Oliveira
4664bb01d8
Migration of AuthorizationCodeTest 2016-05-11 06:21:12 -03:00
mposolda
bea2678e85 KEYCLOAK-2862 AuthenticationManagementResource tests 2016-05-06 20:19:58 +02:00
Stian Thorgersen
0ca117b8e9 KEYCLOAK-2865 Extend coverage of client admin endpoints 2016-05-06 08:08:52 +02:00
Bruno Oliveira
a5687e4660 Migration of RefreshTokenTest 2016-05-05 15:20:52 -03:00
Stian Thorgersen
20dac1d885 KEYCLOAK-2933
RealmTest is failing on WildFly
2016-04-28 12:22:41 +02:00
Stian Thorgersen
83370f0666 Merge pull request #2737 from mhajas/adapter-ssl-PR
KEYCLOAK-2915 Fix adapter ssl tests on EAP/EAP6
2016-04-27 13:50:08 +02:00
Stian Thorgersen
95724e36f3 KEYCLOAK-2871 Extend coverage on RealmAdminResource 2016-04-27 10:29:24 +02:00
mhajas
57ccbb7f49 Fix adapter ssl tests on EAP/EAP6 2016-04-26 09:15:12 +02:00
Marek Posolda
6c3d31dd4c Merge pull request #2728 from mstruk/KEYCLOAK-2899
KEYCLOAK-2899 Tests fail with -Pauth-server-wildfly due to missing logging dependecy
2016-04-22 21:37:48 +02:00
Marko Strukelj
eea19e7850 KEYCLOAK-2899 Tests fail with -Pauth-server-wildfly due to missing logging dependecy 2016-04-22 19:48:13 +02:00
mposolda
e0aedfb93d KEYCLOAK-2878 UserFederation mapper testing 2016-04-22 14:03:42 +02:00
mposolda
f6a718f10a KEYCLOAK-2878 Testing of UserFederation admin REST endpoints 2016-04-21 23:11:14 +02:00
Marko Strukelj
b8832d2d71 KEYCLOAK-2755 Refactor testsuite events provider 2016-04-20 16:43:20 +02:00
Stian Thorgersen
656161ff61 Merge pull request #2651 from mhajas/truststore
KEYCLOAK-2841 Trustore support in adapter tests
2016-04-20 06:57:01 +02:00
mhajas
77c37ccaf6 Trustore support in adapter tests + fix tests 2016-04-18 16:14:10 +02:00
Tomas Kyjovsky
92d9808cc0 Added module 'adapters/jboss/remote' with performance tests. 2016-04-18 14:10:36 +02:00
Stan Silvert
ca72a3bd70 KEYCLOAK-2743: Port OAuthClient to new testsuite 2016-04-14 15:39:03 -04:00
mposolda
5a108c60a0 KEYCLOAK-2812 Make testsuite-arquillian working with -Pauth-server-wildfly 2016-04-13 16:05:03 +02:00
Vlasta Ramik
36266b8574 Change undertow-embedded version from snapshot to released version 1.0.0.Alpha2 2016-04-12 09:40:57 +02:00
Marek Posolda
c469109d22 Merge pull request #2517 from mposolda/master
KEYCLOAK-1982 Some builtin objects might be missing when import JSON exported from previous versions
2016-04-06 13:24:32 +02:00
mposolda
f0b168c18f Ensure KeycloakSessionFactory.close is called before shutdown of auth-server-undertow 2016-04-06 11:43:49 +02:00
Stian Thorgersen
0fc4ca0d12 KEYCLOAK-2590 Add custom rest endpoint to set time offset 2016-04-06 11:14:37 +02:00
Bill Burke
020d090aee Merge pull request #2430 from mstruk/assert-events
KEYCLOAK-2589 KEYCLOAK-2607 KEYCLOAK-2597 Port AssertEvents to integration-arquillian
2016-03-30 15:16:25 -04:00
Tomas Kyjovsky
6b6a673642 KEYCLOAK-2641 updated READMEs 2016-03-30 18:11:09 +02:00
Tomas Kyjovsky
47773371e3 KEYCLOAK-2641 Fixed location of module.xsl 2016-03-30 14:48:19 +02:00
Marko Strukelj
95d222348d KEYCLOAK-2589 Copy AssertEvents to Arquillian testsuite and modify to pull events from admin endpoints 2016-03-24 17:13:00 +01:00
Tomas Kyjovsky
a9c7bbd44c KEYCLOAK-2641 moved app-server configurations from adapter tests to servers/app-server module 2016-03-24 11:24:21 +01:00