Commit graph

52 commits

Author SHA1 Message Date
Vaclav Muzikar
da9a88c45c KEYCLOAK-5229 Update testsuite dependencies 2017-08-23 15:36:29 +02:00
mposolda
0f7440d344 KEYCLOAK-4187 Fixes and tests related to sessions expiration and bulk removal in cross-dc environment 2017-08-10 08:29:59 +02:00
mposolda
07e2136b3b KEYCLOAK-4187 Added UserSession support for cross-dc 2017-07-27 22:32:58 +02:00
Josh Cain
89fcddd605 KEYCLOAK-3592 Docker auth implementation 2017-06-29 06:37:34 +02:00
Hynek Mlnarik
5e16a32f86 KEYCLOAK-5106 Fix BasicSamlTest on auth-server-wildfly 2017-06-28 20:47:43 +02:00
Hynek Mlnarik
955cbc76d7 KEYCLOAK-5030 Change action tokens cache type to distributed 2017-06-26 10:11:53 +02:00
Pavel Drozd
a7fbcaaef4 Merge pull request #4211 from vramik/KEYCLOAK-5027
KEYCLOAK-5027 Add possibility to attach debugger to jboss based servers
2017-06-22 09:34:58 +02:00
Hynek Mlnarik
2e2d15be9f KEYCLOAK-4189 Infinispan cache and channel statistics for Cross-DC-testing 2017-06-20 12:48:08 +02:00
Hynek Mlnarik
a0f3a6469f KEYCLOAK-4189 - Cross DC testing 2017-06-12 11:14:28 +02:00
vramik
7381ec456a KEYCLOAK-5027 Add possibility to attach debugger to jboss based servers 2017-06-07 14:35:33 +02:00
mposolda
7d8796e614 KEYCLOAK-4626 Support for sticky sessions with AUTH_SESSION_ID cookie. Clustering tests with embedded undertow. Last fixes. 2017-05-11 22:24:07 +02:00
Vaclav Muzikar
6a093abfdb KEYCLOAK-4660 Add support for Chrome CLI switches to Arquillian Testsuite 2017-03-24 12:25:49 +01:00
Peter Nalyvayko
b2f10359c8 KEYCLOAK-4335: x509 client certificate authentication
Started on implementing cert thumbprint validation as a part of x509 auth flow. Added a prompt screen to give users a choice to either log in based on the identity extracted from X509 cert or to continue with normal browser login flow authentication; clean up some of the comments

x509 authentication for browser and direct grant flows. Implemented certificate to user mapping based on user attribute

Implemented CRL and OCSP certificate revocation checking and added corresponding configuration settings to set up responderURI (OCSP), a location of a file containing X509CRL entries and switiches to enable/disable revocation checking; reworked the certificate validation; removed superflous logging; changed the certificate authentication prompt page to automatically log in the user after 10 seconds if no response from user is received

Support for loading CRL from LDAP directory; finished the CRL checking using the distribution points in the certificate; updated the instructions how to add X509 authentication to keycloak authentication flows; minor styling changes

Stashing x509 unit test related changes; added the steps to configure mutual SSL in WildFly to the summary document

A minor fix to throw a security exception when unable to check cert revocation status using OCSP; continue working on README

Changes to the formating of the readme

Added a list of features to readme

Fixed a potential bug in X509 cert user authenticator that may cause NPE if the client certificate does not define keyusage or extended key usage extensions

Fixed compile time errors in X509 validators caused by the changes to the user credentials model in upstream master

Removed a superfluous file created when merging x509 and main branches

X509 authentication: removed the PKIX path validation as superflous

Reverted changes to the AbstractAttributeMapper introduced during merging of x509 branch into main

Merge the unit tests from x509 branch

added mockito dependency to services project; changes to the x509 authenticators to expose methods in order to support unit tests; added a default ctor to CertificateValidator class to support unit testing; updated the direct grant and browser x509 authenticators to report consistent status messages; unit tests to validate X509 direct grant and browser authenticators; fixed OCSP validation to throw an exception if the certificate chain contains a single certificate; fixed the CRL revocation validation to only use CRL distribution point validation only if configured

CRL and OSCP mock tests using mock netty server. Changed the certificate validator to better support unit testing.

changes to the mockserver dependency to explicitly exclude xercesImpl that was causing SAMLParsingTest to fail

Added a utility class to build v3 certificates with optional extensions to facilitate X509 unit testing; removed supoerfluous certificate date validity check (undertow should be checking the certificate dates during PKIX path validation anyway)

X509: changes to make configuring the user identity extraction simplier for users - new identity sources to map certificate CN and email (E) attributes from X500 subject and issuer names directly rather than using regular expressions to parse them

X509 fixed a compile error caused by the changes to the user model in master

Integration tests to validate X509 client certificate authentication

Minor tweaks to X509 client auth related integration tests

CRLs to support x509 client cert auth integration tests

X509: reverted the changes to testrealm.json and updated the test to configure the realm at runtime

X509 - changes to the testsuite project configuration to specify a path to a trust store used to test x509 direct grant flow; integration tests to validate x509 authentication in browser and direct grant flows; updated the client certificate to extend its validatity dates; x509 integration tests and authenticators have been refactored to use a common configuration class

X509 separated the browser and direct grant x509 authenction integration tests

x509 updated the authenticator provider test to remove no longer supported cert thumbprint authenticator

x509 removed the dependency on mockito

x509 re-implemented OCSP certificate revocation client used to check revocation status when logging in with x509 certificate to work around the dependency on Sun OCSP implementation; integration tests to verify OCSP revocation requests

index.txt.attr is needed by openssl to run a simple OCSP server

x509: minor grammar fixes

Add OCSP stub responder to integration tests

This commit adds OCSP stub responder needed for the integration tests,
and eliminates the need to run external OCSP responder in order to run
the OCSP in X509OCSPResponderTest.

Replace printStackTrece with logging

This commit replaces call to printStackTrace that will end up going to
the stderr with logging statement of WARN severity.

Remove unused imports

Removed unused imports in
org.keycloak.authentication.authenticators.x509 package.

Parameterized Hashtable variable

Removed unused CertificateFactory variable

Declared serialVersionUID for Serializable class

Removed unused CertificateBuilder class

The CertificateBuilder was not used anywhere in the code, removing it to
prevent technical debt.

Removing unused variable declaration

`response` variable is not used in the test, removed it.

Made sure InputStreams are closed

Even though the InputStreams are memory based, added try-with-resources
to make sure that they are closed.

Removed deprecated usage of URLEncoder

Replaced invocation of deprecated method from URLEncoder with Encode
from Keycloak util package.

Made it more clear how to control OCSP stub responder in the tests

X509 Certificate user authentication: moved the integration unit tests into their own directory to fix a failing travis test job

KEYCLOAK-4335: reduced the logging level; added the instructions how to run X.509 related tests to HOW-TO-RUN.md doc; removed README.md from x509 folder; removed no longer used ocsp profile and fixed the exclusion filter; refactored the x509 base test class that was broken by the recent changes to the integration tests

KEYCLOAK-4335: fixed a few issues after rebasing
2017-03-17 05:24:57 -04:00
mposolda
f6bc0806d5 KEYCLOAK-4368 Switch default WebDriver impl to htmlUnit 2017-02-20 21:52:15 +01:00
Vlasta Ramik
b0644ce18c test for KEYCLOAK-4109 + fix AuthorizationDisabledInPreviewTest 2017-01-05 11:14:41 +01:00
Tomas Kyjovsky
d7c5f991c8 KEYCLOAK-3579: added ability to select keycloak.profile in testsuite 2016-11-02 15:58:01 +01:00
Vlasta Ramik
bc2eb2b9ea KEYCLOAK-3489 KEYCLOAK-3609 2016-10-12 12:28:56 +02:00
Vlasta Ramik
39fe439573 Database migration testing 2016-09-05 13:39:21 +02:00
Vlasta Ramik
a37d43714d support for smoke test - clean start domain mode 2016-05-23 13:29:05 +02:00
Vlasta Ramik
ef716b8b94 Add support for smoke test - clean start - standalone mode 2016-05-17 13:55:24 +02:00
Stian Thorgersen
656161ff61 Merge pull request #2651 from mhajas/truststore
KEYCLOAK-2841 Trustore support in adapter tests
2016-04-20 06:57:01 +02:00
mhajas
77c37ccaf6 Trustore support in adapter tests + fix tests 2016-04-18 16:14:10 +02:00
Tomas Kyjovsky
92d9808cc0 Added module 'adapters/jboss/remote' with performance tests. 2016-04-18 14:10:36 +02:00
Tomas Kyjovsky
a9c7bbd44c KEYCLOAK-2641 moved app-server configurations from adapter tests to servers/app-server module 2016-03-24 11:24:21 +01:00
Stian Thorgersen
45b940ad2d Merge pull request #2308 from tkyjovsk/auth-server-eap7-cluster
KEYCLOAK-1679 Auth server eap7 cluster
2016-03-02 07:54:24 +01:00
Tomas Kyjovsky
73b6751219 KEYCLOAK-1679 added cluster profile for eap7 2016-03-01 16:13:12 +01:00
Tomas Kyjovsky
c65ed96bd7 Added property "auth.server.java.home" to the Arquillian testsuite. 2016-03-01 08:46:17 +01:00
Marek Baluch
072fe0d8a0 KPR-147 - Initial login scenarios around admin password - test 2016-02-26 12:21:51 +01:00
Tomas Kyjovsky
9fd9a1a5ad KEYCLOAK-1678 customizable server outputs to console 2016-02-15 23:56:44 +01:00
Tomas Kyjovsky
fd327bb225 KEYCLOAK-1678 fixed cluster containers setup (-Djava.net.preferIPv4Stack=true is needed for cluster to form) 2016-02-09 16:35:40 +01:00
Tomas Kyjovsky
4a8b19cfce KEYCLOAK-1678 Added initial cluster test for 2-node cluster. 2016-02-09 05:21:11 +01:00
Tomas Kyjovsky
a275a24797 Added auth-server-wildfly-cluster profile. 2016-02-08 16:12:47 +01:00
Tomas Kyjovsky
1752ac8e63 Refactoring of auth-server-* and auth server migration Maven profiles 2016-02-07 21:30:54 +01:00
Tomas Kyjovsky
585f1035f9 Updated Arquillian testsuite README. 2016-02-05 03:54:22 +01:00
Tomas Kyjovsky
3a51b3530d KEYCLOAK-1678 Reorganized containers handling. (WIP: adapter-libs installation via CLI doesn't work) 2016-02-04 20:24:58 +01:00
Stian Thorgersen
c7a8742a36 KEYCLOAK-1524
Source code headers
2016-02-03 11:20:22 +01:00
Vlasta Ramik
8e49d4ff90 Update arquillian testsuite for eap7 2016-02-02 11:05:35 +01:00
Vlasta Ramik
0211798161 KEYCLOAK-2340: Update arquillian testsuite for dr3 build 2016-01-19 11:09:08 +01:00
Vlasta Ramik
36461aabc1 renamed version.eap6.server.dist proprty to version.server.dist, removed auth-server-eap6 profile 2016-01-13 15:37:30 +01:00
Vlasta Ramik
a2f5d46764 add support for firefox_binary for second browser 2016-01-12 14:59:21 +01:00
vramik
53ca4b9294 integration-arquillian prod: add support for non default firefox 2015-12-17 10:27:42 +01:00
vramik
e1de2c0661 integration-arquillian: add support for prod testing 2015-12-15 13:14:30 +01:00
Tomas Kyjovsky
b0e9720f88 Increased arquillian timeouts. 2015-12-02 16:46:15 +01:00
Tomas Kyjovsky
29e05ecf0d Fixed arquillian wait intervals config. 2015-12-01 17:28:28 +01:00
Tomas Kyjovsky
a8317e0cc2 1) Pageload timeout set to 60s. Other timeouts set by arq props in arquillian.xml 2) Refactoring: FlashMessage --> AdminConsoleAlert and AccountManagementAlert 2015-11-30 16:43:18 +01:00
vramik
c2e14cb924 arquillian testsuite, migration test: fixed typo in arquillian.xml, add migration test for 1.5.1.Final 2015-10-30 11:32:01 +01:00
vramik
52c02f03ae arquillian testsuite, migration test: fixed assembly.xml for 1.6.1.Final 2015-10-29 15:09:33 +01:00
vramik
84da341912 arquillian testsuite, migration test: add support for 1.5.1.Final 2015-10-29 14:48:05 +01:00
vramik
e6620ca005 arquillian-testsuite added initial version of migration test 2015-10-27 14:31:15 +01:00
vramik
edfc7ea103 add support for migration tests - KC1.6.0.Final 2015-10-20 17:00:57 +02:00