From cad787f5f8c70a1821c496f53f39efeab5bbaa89 Mon Sep 17 00:00:00 2001 From: Enrico Risa Date: Wed, 28 Jun 2023 15:11:59 +0200 Subject: [PATCH] wip --- .github/workflows/verify.yaml | 1 + .../src/test/resources/docker-compose.yml | 3 +- .../src/test/resources/miw_test_realm.json | 154 ++++++++---------- 3 files changed, 70 insertions(+), 88 deletions(-) diff --git a/.github/workflows/verify.yaml b/.github/workflows/verify.yaml index fbb639c8c..a6a6f5ae7 100644 --- a/.github/workflows/verify.yaml +++ b/.github/workflows/verify.yaml @@ -162,6 +162,7 @@ jobs: miw-integration-tests: runs-on: ubuntu-latest + continue-on-error: true needs: [ verify-formatting, verify-license-headers ] steps: diff --git a/edc-tests/e2e-tests/src/test/resources/docker-compose.yml b/edc-tests/e2e-tests/src/test/resources/docker-compose.yml index eaa4f89e7..15d77ba73 100644 --- a/edc-tests/e2e-tests/src/test/resources/docker-compose.yml +++ b/edc-tests/e2e-tests/src/test/resources/docker-compose.yml @@ -47,6 +47,7 @@ services: APPLICATION_ENVIRONMENT: dev DB_HOST: postgres DB_PORT: 5432 + USE_SSL: false #create miw database and update below properties DB_USER_NAME: keycloak @@ -55,7 +56,7 @@ services: KEYCLOAK_MIW_PUBLIC_CLIENT: miw_public MANAGEMENT_PORT: 8090 MIW_HOST_NAME: localhost:8080 - ENFORCE_HTTPS_IN_DID_RESOLUTION: 'false' + ENFORCE_HTTPS_IN_DID_RESOLUTION: false ENCRYPTION_KEY: Woh9waid4Ei5eez0aitieghoow9so4oe AUTHORITY_WALLET_BPN: BPNL000000000000 AUTHORITY_WALLET_NAME: Catena-X diff --git a/edc-tests/e2e-tests/src/test/resources/miw_test_realm.json b/edc-tests/e2e-tests/src/test/resources/miw_test_realm.json index c8f042228..77c7c4368 100644 --- a/edc-tests/e2e-tests/src/test/resources/miw_test_realm.json +++ b/edc-tests/e2e-tests/src/test/resources/miw_test_realm.json @@ -211,16 +211,16 @@ "create-client", "manage-events", "view-realm", - "view-identity-providers", "manage-users", + "view-identity-providers", "impersonation", "query-realms", "view-users", "view-clients", "view-authorization", "query-groups", - "view-events", "query-clients", + "view-events", "manage-clients", "manage-realm" ] @@ -473,8 +473,9 @@ "otpPolicyPeriod": 30, "otpPolicyCodeReusable": false, "otpSupportedApplications": [ - "totpAppFreeOTPName", - "totpAppGoogleName" + "totpAppMicrosoftAuthenticatorName", + "totpAppGoogleName", + "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", "webAuthnPolicySignatureAlgorithms": [ @@ -502,8 +503,8 @@ "webAuthnPolicyPasswordlessAcceptableAaguids": [], "users": [ { - "id": "eb4c29c6-4fca-43be-a124-883400f2d777", - "createdTimestamp": 1685594018433, + "id": "7e5c957b-2f20-41e0-85fb-e84656caadfe", + "createdTimestamp": 1687957169104, "username": "service-account-miw_private_client", "enabled": true, "totp": false, @@ -517,10 +518,10 @@ "clientRoles": { "miw_private_client": [ "view_wallets", - "view_wallet", + "update_wallet", "add_wallets", - "update_wallets", - "update_wallet" + "view_wallet", + "update_wallets" ] }, "notBefore": 0, @@ -666,7 +667,9 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -704,7 +707,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -751,6 +756,7 @@ "oidc.ciba.grant.enabled": "false", "client.secret.creation.time": "1684923648", "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "+", "display.on.consent.screen": "false", "oauth2.device.authorization.grant.enabled": "false", "backchannel.logout.revoke.offline.tokens": "false" @@ -812,6 +818,7 @@ "consentRequired": false, "config": { "user.session.note": "clientAddress", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientAddress", @@ -826,6 +833,7 @@ "consentRequired": false, "config": { "user.session.note": "clientId", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientId", @@ -840,6 +848,7 @@ "consentRequired": false, "config": { "user.session.note": "clientHost", + "userinfo.token.claim": "true", "id.token.claim": "true", "access.token.claim": "true", "claim.name": "clientHost", @@ -874,14 +883,14 @@ "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "redirectUris": [ + "http://localhost:8080/*", "http://localhost/*", - "http://localhost:8087/*", - "http://localhost:8080/*" + "http://localhost:8087/*" ], "webOrigins": [ + "http://localhost:8080", "http://localhost", - "http://localhost:8087", - "http://localhost:8080" + "http://localhost:8087" ], "notBefore": 0, "bearerOnly": false, @@ -895,9 +904,10 @@ "protocol": "openid-connect", "attributes": { "oidc.ciba.grant.enabled": "false", + "backchannel.logout.session.required": "true", + "post.logout.redirect.uris": "+", "display.on.consent.screen": "false", "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.session.required": "true", "backchannel.logout.revoke.offline.tokens": "false" }, "authenticationFlowBindingOverrides": {}, @@ -955,7 +965,9 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -1134,6 +1146,7 @@ "consentRequired": false, "config": { "multivalued": "true", + "userinfo.token.claim": "true", "user.attribute": "foo", "id.token.claim": "true", "access.token.claim": "true", @@ -1176,7 +1189,8 @@ "consentRequired": false, "config": { "id.token.claim": "true", - "access.token.claim": "true" + "access.token.claim": "true", + "userinfo.token.claim": "true" } } ] @@ -1625,13 +1639,13 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "saml-role-list-mapper", "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper" ] } @@ -1645,13 +1659,13 @@ "config": { "allowed-protocol-mapper-types": [ "oidc-full-name-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper", "oidc-address-mapper", + "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-user-attribute-mapper" + "oidc-usermodel-attribute-mapper", + "saml-role-list-mapper" ] } }, @@ -1752,7 +1766,7 @@ "supportedLocales": [], "authenticationFlows": [ { - "id": "fb171175-b83a-42fa-af99-d3f99cd44db2", + "id": "04cc2aa7-9e5b-4178-a1a2-dad58cf99367", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -1778,7 +1792,7 @@ ] }, { - "id": "ccd861f8-be9b-4d54-9722-c753e155b342", + "id": "fa4d6b27-5fac-4b3b-9cbc-badb7cfe90ed", "alias": "Authentication Options", "description": "Authentication options.", "providerId": "basic-flow", @@ -1812,7 +1826,7 @@ ] }, { - "id": "4e85d167-f0de-4d21-9675-7cbd4d30e12d", + "id": "266db702-5928-4149-b2bd-701d0722eb93", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1838,7 +1852,7 @@ ] }, { - "id": "e70aa7d3-68a9-44e9-9f1d-0961dd5430d1", + "id": "dd326252-8827-445d-a098-9ec953932387", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1864,7 +1878,7 @@ ] }, { - "id": "089a1b04-f00d-4b16-a4f6-836cf97c73af", + "id": "b8f5c247-b9ba-40c7-a14e-05a235bed46f", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1890,7 +1904,7 @@ ] }, { - "id": "36a2147c-f4ea-4d7f-862b-6c7d7bcfd458", + "id": "f40cbe9a-ad2a-476c-b85d-ec426ce100b2", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1916,7 +1930,7 @@ ] }, { - "id": "09f37d50-270b-4c6f-8d1c-248bd2fad894", + "id": "60ba180d-92f3-4195-abd4-a925121994e7", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -1942,7 +1956,7 @@ ] }, { - "id": "145d5b8c-0ea1-44c7-94d5-9c68e4aebdfb", + "id": "0b5f7bb3-59e5-4d0e-9e8e-6d0e52984ad2", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -1969,7 +1983,7 @@ ] }, { - "id": "b73cf97b-b3e2-4720-a6d6-5f2545cf84ca", + "id": "37290b7b-23f8-4653-ad2c-2593db5760f3", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -1995,7 +2009,7 @@ ] }, { - "id": "fdbabc6d-21e1-4fae-8bc3-384f9eac9363", + "id": "2e5ceac1-9c0d-4109-b8f2-22c9efb00f0b", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -2037,7 +2051,7 @@ ] }, { - "id": "b381d57b-c3a3-4bd1-99dc-8ab1b61b6eef", + "id": "c35579f7-cd70-4c66-9ee7-c21bf7ddd1e0", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -2079,7 +2093,7 @@ ] }, { - "id": "8c327c5a-256d-4b77-abfd-b29a9abcabc4", + "id": "c2487b50-dbf9-4536-be9d-940c8ac5eb21", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -2113,7 +2127,7 @@ ] }, { - "id": "06e02fd2-1e3a-462a-b56f-343adf6b497e", + "id": "e98419d1-4cb4-469d-a866-2adc9fdb4c6a", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -2131,7 +2145,7 @@ ] }, { - "id": "c7549abe-4291-455c-9237-e14327f0242a", + "id": "672acd89-be23-48ee-ac51-c5d846e77faf", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -2158,7 +2172,7 @@ ] }, { - "id": "6aeeac48-e580-489d-a714-8a9e492c2f38", + "id": "1099c284-d2f6-44de-b1b3-87d5cb0990c1", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -2184,7 +2198,7 @@ ] }, { - "id": "b374af96-bbea-4b80-8847-6e6de58df0b3", + "id": "d02c9502-c51d-4968-ba5d-d3771054e85a", "alias": "http challenge", "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId": "basic-flow", @@ -2210,7 +2224,7 @@ ] }, { - "id": "4012e109-120c-4754-bc53-838a158edfcc", + "id": "18ee7c5d-3b4b-45c7-8d5a-761c2de30711", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -2229,7 +2243,7 @@ ] }, { - "id": "058f9688-74be-46f2-9e13-ca28a71dc0f0", + "id": "41c9dfb7-686d-4679-b471-abd04c08519d", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -2271,7 +2285,7 @@ ] }, { - "id": "b2b7b5fc-462b-447e-9ec3-64577571ddff", + "id": "2d4c9ede-ca14-4454-bf7b-60e9c23b1951", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -2313,7 +2327,7 @@ ] }, { - "id": "6f762a68-34f5-4f0b-bb59-af7c0df4840d", + "id": "d1fea7bd-8e31-4b67-9cb8-b720c2b5b49c", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -2333,14 +2347,14 @@ ], "authenticatorConfig": [ { - "id": "f7370c8e-6047-44e2-a447-2c20b42d75f2", + "id": "519345fd-5f36-411f-ac29-9a28fea6e1f1", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "47af4717-f9cd-4dd9-b980-246e33a5829b", + "id": "2ad5fe8b-f6aa-4608-bbc2-cbf2ff218b67", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" @@ -2358,9 +2372,9 @@ "config": {} }, { - "alias": "terms_and_conditions", + "alias": "TERMS_AND_CONDITIONS", "name": "Terms and Conditions", - "providerId": "terms_and_conditions", + "providerId": "TERMS_AND_CONDITIONS", "enabled": false, "defaultAction": false, "priority": 20, @@ -2439,8 +2453,8 @@ "attributes": { "cibaBackchannelTokenDeliveryMode": "poll", "cibaAuthRequestedUserHint": "login_hint", - "oauth2DevicePollingInterval": "5", "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", "clientSessionIdleTimeout": "0", "actionTokenGeneratedByUserLifespan-execute-actions": "", "actionTokenGeneratedByUserLifespan-verify-email": "", @@ -2454,46 +2468,12 @@ "parRequestUriLifespan": "60", "clientSessionMaxLifespan": "0" }, - "keycloakVersion": "20.0.3", + "keycloakVersion": "21.0.2", "userManagedAccessAllowed": false, "clientProfiles": { "profiles": [] }, "clientPolicies": { "policies": [] - }, - "users": [ - { - "username": "catena-x", - "email": "miwuser@test.test", - "firstName": "miwuser", - "lastName": "miwuser", - "enabled": true, - "emailVerified": true, - "attributes": { - "BPN": [ - "BPNL000000000000" - ] - }, - "credentials": [ - { - "type": "password", - "value": "password" - } - ], - "clientRoles": { - "account": [ - "view-profile", - "manage-account" - ], - "miw_private_client": [ - "view_wallets", - "view_wallet", - "add_wallets", - "update_wallets", - "update_wallet" - ] - } - } - ] + } } \ No newline at end of file