Merge pull request #17064 from Thisara-Welmilla/merge-enable-tenant-q…

…ualified-url Enable tenanted qualified urls feature.
wso2 · Oct 20, 2023 · c5985e7 · c5985e7
2 parents 08a0157 + c9dfbba
commit c5985e7
Show file tree

Hide file tree

Showing 102 changed files with 691 additions and 306 deletions.
diff --git a/modules/distribution/src/repository/resources/conf/deployment.toml b/modules/distribution/src/repository/resources/conf/deployment.toml
@@ -3,6 +3,10 @@ hostname = "localhost"
 node_ip = "127.0.0.1"
 base_path = "https://$ref{server.hostname}:${carbon.management.port}"
 
+[tenant_context]
+enable_tenant_qualified_urls = "true"
+enable_tenanted_sessions = "true"
+
 [super_admin]
 username = "admin"
 password = "admin"

diff --git a/...est-utils/src/main/java/org/wso2/identity/integration/common/utils/ISIntegrationTest.java b/...est-utils/src/main/java/org/wso2/identity/integration/common/utils/ISIntegrationTest.java
@@ -20,23 +20,28 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.automation.engine.configurations.UrlGenerationUtil;
 import org.wso2.carbon.automation.engine.context.AutomationContext;
 import org.wso2.carbon.automation.engine.context.TestUserMode;
 import org.wso2.carbon.automation.engine.context.beans.ContextUrls;
+import org.wso2.carbon.automation.engine.context.beans.Instance;
 import org.wso2.carbon.automation.engine.context.beans.Tenant;
 import org.wso2.carbon.automation.engine.context.beans.User;
 import org.wso2.carbon.automation.engine.frameworkutils.FrameworkPathUtil;
 import org.wso2.carbon.automation.test.utils.common.TestConfigurationProvider;
 import org.wso2.carbon.integration.common.admin.client.AuthenticatorClient;
 import org.wso2.carbon.integration.common.utils.LoginLogoutClient;
-import org.wso2.carbon.utils.CarbonUtils;
+import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
 
 import javax.xml.xpath.XPathExpressionException;
 import java.io.File;
 
 public class ISIntegrationTest {
 
     public static final String URL_SEPARATOR = "/";
+    public static final String TENANTED_URL_PATH_SPECIFIER = "/t/";
+    private static final String PRODUCT_GROUP_PORT_HTTPS = "https";
+
     protected Log log = LogFactory.getLog(getClass());
     protected AutomationContext isServer;
     protected String backendURL;
@@ -143,6 +148,62 @@ public void setSystemproperties() {
         System.setProperty("javax.net.ssl.trustStoreType", "JKS");
     }
 
+
+    /**
+     * Get the qualified endpoint URL with the hostname for the given tenant.
+     *
+     * @param endpointURL   The endpoint URL with the hostname.
+     * @param tenantDomain  Tenanted domain.
+     * @return Tenant qualified URL.
+     */
+    public String getTenantQualifiedURL(String endpointURL, String tenantDomain) {
+
+        try {
+            if(!tenantDomain.isBlank() && !tenantDomain.equalsIgnoreCase(
+                    MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
+
+                String baseURL = getBaseURL();
+                endpointURL = endpointURL.replace(baseURL,
+                        baseURL + TENANTED_URL_PATH_SPECIFIER + tenantDomain);
+            }
+            return endpointURL;
+        } catch (XPathExpressionException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    /**
+     * Get the qualified endpoint URL without the hostname for the given tenant.
+     *
+     * @param endpointURLWithHostname   The endpoint URL without the hostname.
+     * @param tenantDomain              Tenanted domain.
+     * @return Tenant qualified URL without hostname.
+     */
+    public String getTenantedRelativePath(String endpointURLWithHostname, String tenantDomain) {
+
+        if(!tenantDomain.isBlank() && !tenantDomain.equalsIgnoreCase(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
+            endpointURLWithHostname = TENANTED_URL_PATH_SPECIFIER + tenantDomain + endpointURLWithHostname;
+        }
+        return endpointURLWithHostname;
+    }
+
+    /**
+     * Get the based URL eg: https://localhost:9443.
+     *
+     * @return The base URL.
+     */
+    private String getBaseURL() throws XPathExpressionException {
+
+        Instance instance = isServer.getInstance();
+        String httpsPort = isServer.getInstance().getPorts().get(PRODUCT_GROUP_PORT_HTTPS);
+        String hostName = UrlGenerationUtil.getWorkerHost(instance);
+
+        if(httpsPort != null) {
+            return PRODUCT_GROUP_PORT_HTTPS + "://" + hostName + ":" + httpsPort;
+        }
+        return PRODUCT_GROUP_PORT_HTTPS + "://" + hostName;
+    }
+
 //    protected void addJDBCUserStore(String dbURI, String driverName, String userName, String password,
 //                                    boolean disabled, String description, String domainName) throws Exception {
 //        UserStoreConfigAdminServiceClient userStoreConfigurationClient =

diff --git a/modules/integration/tests-integration/tests-backend/pom.xml b/modules/integration/tests-integration/tests-backend/pom.xml
@@ -499,6 +499,7 @@
                         <configuration>
                             <tasks>
                                 <ant antfile="src/test/resources/artifacts/IS/saml/saml-app-build.xml" target="saml-tenant-signingdisabled" />
+                                <ant antfile="src/test/resources/artifacts/IS/saml/supertenant-saml-app-build.xml" target="saml-supertenant-signingdisabled" />
                                 <ant antfile="src/test/resources/artifacts/IS/saml/registrymount/registry-app-build.xml" target="saml-tenant-registrymount" />
                             </tasks>
                         </configuration>

diff --git a/...backend/src/test/java/org/wso2/identity/integration/test/CrossProtocolLogoutTestCase.java b/...backend/src/test/java/org/wso2/identity/integration/test/CrossProtocolLogoutTestCase.java
@@ -421,7 +421,6 @@ private HttpResponse sendSAMLMessage(String url, String samlMsgKey, String samlM
         HttpPost post = new HttpPost(url);
         post.setHeader(USER_AGENT, OAuth2Constant.USER_AGENT);
         urlParameters.add(new BasicNameValuePair(samlMsgKey, samlMsgValue));
-        urlParameters.add(new BasicNameValuePair("tenantDomain", "carbon.super"));
         post.setEntity(new UrlEncodedFormEntity(urlParameters));
         return client.execute(post);
     }

diff --git a/...tion/tests-backend/src/test/java/org/wso2/identity/integration/test/EmailOTPTestCase.java b/...tion/tests-backend/src/test/java/org/wso2/identity/integration/test/EmailOTPTestCase.java
@@ -106,7 +106,6 @@ public class EmailOTPTestCase extends ISIntegrationTest {
             CommonConstants.IS_DEFAULT_HTTPS_PORT + "/authenticationendpoint/email_otp.do";
     private static final String USER_AGENT = "Apache-HttpClient/4.2.5 (java 1.5)";
     private static final String profileName = "default";
-    private static final String TENANT_DOMAIN_PARAM = "tenantDomain";
 
     private Lookup<CookieSpecProvider> cookieSpecRegistry;
     private RequestConfig requestConfig;
@@ -225,10 +224,9 @@ private void deleteUser() {
     private HttpResponse sendSAMLMessage(String url, String samlMsgValue) throws IOException {
 
         List<NameValuePair> urlParameters = new ArrayList<>();
-        HttpPost post = new HttpPost(url);
+        HttpPost post = new HttpPost(getTenantQualifiedURL(url, tenantInfo.getDomain()));
         post.setHeader("User-Agent", USER_AGENT);
         urlParameters.add(new BasicNameValuePair(CommonConstants.SAML_REQUEST_PARAM, samlMsgValue));
-        urlParameters.add(new BasicNameValuePair(TENANT_DOMAIN_PARAM, config.getTenantDomain()));
         post.setEntity(new UrlEncodedFormEntity(urlParameters));
         return httpClient.execute(post);
     }

diff --git a/...o2/identity/integration/test/analytics/authentication/AbstractAnalyticsLoginTestCase.java b/...o2/identity/integration/test/analytics/authentication/AbstractAnalyticsLoginTestCase.java
@@ -63,7 +63,6 @@ public abstract class AbstractAnalyticsLoginTestCase extends ISIntegrationTest {
     private static final String INBOUND_AUTH_TYPE = "samlsso";
     private static final String ATTRIBUTE_CS_INDEX_VALUE = "1239245949";
     private static final String ATTRIBUTE_CS_INDEX_NAME = "attrConsumServiceIndex";
-    private static final String TENANT_DOMAIN_PARAM = "tenantDomain";
 
     private static final String SAML_SSO_URL = "https://localhost:9853/samlsso";
     private static final String ACS_URL = "http://localhost:8490/%s/home.jsp";
@@ -390,12 +389,9 @@ private HttpResponse sendSAMLMessage(String url, String samlMsgKey, String samlM
 
         HttpClient httpClient = sharedHttpClient;
         List<NameValuePair> urlParameters = new ArrayList<NameValuePair>();
-        HttpPost post = new HttpPost(url);
+        HttpPost post = new HttpPost(getTenantQualifiedURL(url, tenantInfo.getDomain()));
         post.setHeader("User-Agent", USER_AGENT);
         urlParameters.add(new BasicNameValuePair(samlMsgKey, samlMsgValue));
-        if (config.getUserMode() == TestUserMode.TENANT_ADMIN || config.getUserMode() == TestUserMode.TENANT_USER) {
-            urlParameters.add(new BasicNameValuePair(TENANT_DOMAIN_PARAM, config.getUser().getTenantDomain()));
-        }
         post.setEntity(new UrlEncodedFormEntity(urlParameters));
         return httpClient.execute(post);
     }

diff --git a/.../org/wso2/identity/integration/test/application/authz/ApplicationAuthzTenantTestCase.java b/.../org/wso2/identity/integration/test/application/authz/ApplicationAuthzTenantTestCase.java
@@ -61,7 +61,6 @@ public class ApplicationAuthzTenantTestCase extends AbstractApplicationAuthzTest
     private static final String AZ_TEST_TENANT_USER_PW = "azTest123";
     private static final String NON_AZ_TEST_TENANT_USER = "nonAzTestTenantUser";
     private static final String NON_AZ_TEST_TENANT_USER_PW = "nonAzTest123";
-    private static final String WSO2_DOMAIN = "@wso2.com";
     private static final Log log = LogFactory.getLog(ApplicationAuthzTenantTestCase.class);
     private static final String APPLICATION_NAME = "travelocity.com-saml-tenantwithoutsigning";
     private static final String POLICY_ID = "spTenantAuthPolicy";
@@ -93,11 +92,13 @@ public class ApplicationAuthzTenantTestCase extends AbstractApplicationAuthzTest
                     "</Policy>";
 
     private String userId;
+    private String tenantQualifiedCommonAuthURL;
 
     @BeforeClass(alwaysRun = true)
     public void testInit() throws Exception {
 
         super.init(TestUserMode.TENANT_ADMIN);
+        tenantQualifiedCommonAuthURL = getTenantQualifiedURL(COMMON_AUTH_URL, tenantInfo.getDomain());
         ConfigurationContext configContext = ConfigurationContextFactory
                 .createConfigurationContextFromFileSystem(null, null);
         applicationManagementServiceClient =
@@ -157,16 +158,16 @@ public void testAuthorizedTenantSAMLSSOLogin() throws Exception {
                 Utils.sendGetRequest(String.format(SAML_SSO_LOGIN_URL, APPLICATION_NAME, HTTP_REDIRECT), USER_AGENT,
                         httpClientAzUser);
         String sessionKey = Utils.extractDataFromResponse(response, CommonConstants.SESSION_DATA_KEY, 1);
-        response = Utils.sendPOSTMessage(sessionKey, COMMON_AUTH_URL, USER_AGENT, ACS_URL, APPLICATION_NAME,
-                AZ_TEST_TENANT_USER + WSO2_DOMAIN, AZ_TEST_TENANT_USER_PW, httpClientAzUser);
+        response = Utils.sendPOSTMessage(sessionKey, tenantQualifiedCommonAuthURL, USER_AGENT, ACS_URL, APPLICATION_NAME,
+                AZ_TEST_TENANT_USER, AZ_TEST_TENANT_USER_PW, httpClientAzUser, tenantQualifiedCommonAuthURL);
 
         String locationHeader = Utils.getRedirectUrl(response);
         if (Utils.requestMissingClaims(response)) {
             String pastrCookie = Utils.getPastreCookie(response);
             Assert.assertNotNull(pastrCookie, "pastr cookie not found in response.");
             EntityUtils.consume(response.getEntity());
 
-            response = Utils.sendPOSTConsentMessage(response, COMMON_AUTH_URL, USER_AGENT, locationHeader,
+            response = Utils.sendPOSTConsentMessage(response, tenantQualifiedCommonAuthURL, USER_AGENT, locationHeader,
                     httpClientAzUser, pastrCookie);
         }
         EntityUtils.consume(response.getEntity());
@@ -176,9 +177,9 @@ public void testAuthorizedTenantSAMLSSOLogin() throws Exception {
             Assert.assertNotNull(pastrCookie, "pastr cookie not found in response.");
             EntityUtils.consume(response.getEntity());
 
-            response = Utils.sendPOSTConsentMessage(response, COMMON_AUTH_URL, USER_AGENT,
-                                                    String.format(ACS_URL, APPLICATION_NAME),
-                                                    httpClientAzUser, pastrCookie);
+            response = Utils.sendPOSTConsentMessage(response, tenantQualifiedCommonAuthURL, USER_AGENT,
+                    String.format(ACS_URL, APPLICATION_NAME),
+                    httpClientAzUser, pastrCookie);
             EntityUtils.consume(response.getEntity());
         }
 
@@ -198,16 +199,17 @@ public void testUnauthorizedTenantSAMLSSOLogin() throws Exception {
         HttpResponse response = Utils.sendGetRequest(String.format(SAML_SSO_LOGIN_URL, APPLICATION_NAME,
                 HTTP_REDIRECT), USER_AGENT, httpClientNonAzUser);
         String sessionKey = Utils.extractDataFromResponse(response, CommonConstants.SESSION_DATA_KEY, 1);
-        response = Utils.sendPOSTMessage(sessionKey, COMMON_AUTH_URL, USER_AGENT, ACS_URL, APPLICATION_NAME,
-                NON_AZ_TEST_TENANT_USER + WSO2_DOMAIN, NON_AZ_TEST_TENANT_USER_PW, httpClientNonAzUser);
+        response = Utils.sendPOSTMessage(sessionKey, tenantQualifiedCommonAuthURL, USER_AGENT, ACS_URL, APPLICATION_NAME,
+                NON_AZ_TEST_TENANT_USER, NON_AZ_TEST_TENANT_USER_PW, httpClientNonAzUser,
+                tenantQualifiedCommonAuthURL);
 
         String redirectUrl = Utils.getRedirectUrl(response);
         if (Utils.requestMissingClaims(response)) {
             String pastrCookie = Utils.getPastreCookie(response);
             Assert.assertNotNull(pastrCookie, "pastr cookie not found in response.");
             EntityUtils.consume(response.getEntity());
 
-            response = Utils.sendPOSTConsentMessage(response, COMMON_AUTH_URL, USER_AGENT, redirectUrl,
+            response = Utils.sendPOSTConsentMessage(response, tenantQualifiedCommonAuthURL, USER_AGENT, redirectUrl,
                     httpClientNonAzUser, pastrCookie);
             redirectUrl = Utils.getRedirectUrl(response);
         }

diff --git a/...kend/src/test/java/org/wso2/identity/integration/test/base/TomcatInitializerTestCase.java b/...kend/src/test/java/org/wso2/identity/integration/test/base/TomcatInitializerTestCase.java
@@ -38,6 +38,7 @@ public class TomcatInitializerTestCase extends ISIntegrationTest {
 
     private static final String[] APPLICATIONS = {
             "travelocity.com",
+            "travelocity.com-saml-supertenantwithoutsigning",
             "travelocity.com-saml-tenantwithoutsigning",
             "travelocity.com-registrymount",
             "avis.com",

diff --git a/...ckend/src/test/java/org/wso2/identity/integration/test/consent/SelfSignUpConsentTest.java b/...ckend/src/test/java/org/wso2/identity/integration/test/consent/SelfSignUpConsentTest.java
@@ -69,7 +69,6 @@ public class SelfSignUpConsentTest extends ISIntegrationTest {
     private static final String COUNTRY_WSO2_CLAIM = "http://wso2.org/claims/country";
     private static final String CALLBACK_QUERY_PARAM = "callback";
     private static final String USERNAME_QUERY_PARAM = "username";
-    private static final String TENANT_DOMAIN_QUERY_PARAM = "tenantDomain";
     private static final String ADMIN = "admin";
     private static final String EBONY = "ebony";
     private static final String PASSWORD = "UsEr@123";
@@ -79,7 +78,7 @@ public class SelfSignUpConsentTest extends ISIntegrationTest {
     private static final String FINANCIAL = "Financial";
     private static final String ERROR_MESSAGE_SELF_REGISTRATION_DISABLED = "Self registration is disabled for tenant" +
             " - %s";
-    private static final String ERROR_MESSAGE_INVALID_TENANT = "Invalid tenant domain :%s";
+    private static final String ERROR_MESSAGE_INVALID_TENANT = "%s is an invalid tenant domain";
     private static final String ERROR_MESSAGE_USERNAME_TAKEN = "Username &#39;%s&#39; is already taken. Please pick a " +
             "different username";
 
@@ -142,6 +141,7 @@ public void testInitialSelfSignUpPage() throws IOException {
 
         HttpClient client = HttpClientBuilder.create().build();
         String selfRegisterEndpoint = selfRegisterDoEndpoint + "?" + CALLBACK_QUERY_PARAM + "=" + CALLBACK_ENDPOINT;
+        selfRegisterEndpoint = getTenantQualifiedURL(selfRegisterEndpoint, secondaryTenantDomain);
         HttpResponse httpResponse = sendGetRequest(client, selfRegisterEndpoint);
         String content = DataExtractUtil.getContentData(httpResponse);
         Assert.assertNotNull(content);
@@ -296,8 +296,8 @@ private String doCallSignUpDo(String username) throws IOException {
             username = MultitenantUtils.getTenantAwareUsername(username);
         }
         String selfRegisterEndpoint =
-                signupDoEndpoint + "?" + USERNAME_QUERY_PARAM + "=" + username + "&" + TENANT_DOMAIN_QUERY_PARAM + "="
-                        + tenantDomain;
+                signupDoEndpoint + "?" + USERNAME_QUERY_PARAM + "=" + username;
+        selfRegisterEndpoint = getTenantQualifiedURL(selfRegisterEndpoint, tenantDomain);
         HttpResponse httpResponse = sendGetRequest(client, selfRegisterEndpoint);
         return DataExtractUtil.getContentData(httpResponse);
     }
@@ -436,12 +436,12 @@ private void selfRegister(String username, String password, String givenName, St
 
     private String getConsentReqBody(String purposeId, int piiCategoryId, String username) {
 
-       return  "{\\\"jurisdiction\\\":\\\"someJurisdiction\\\",\\\"collectionMethod\\\":\\\"Web Form - Self " +
+        return  "{\\\"jurisdiction\\\":\\\"someJurisdiction\\\",\\\"collectionMethod\\\":\\\"Web Form - Self " +
                 "Registration\\\"," +
                 "\\\"language\\\":\\\"en\\\",\\\"piiPrincipalId\\\":\\\""+username+"\\\",\\\"services\\\":" +
                 "[{\\\"tenantDomain\\\":\\\"wso2.com\\\",\\\"serviceDisplayName\\\":\\\"Resident IDP\\\"," +
                 "\\\"serviceDescription\\\":\\\"Resident IDP\\\",\\\"purposes\\\":[{\\\"purposeId\\\":"+purposeId+"," +
-               "\\\"purposeCategoryId\\\":[1]," +
+                "\\\"purposeCategoryId\\\":[1]," +
                 "\\\"consentType\\\":\\\"EXPLICIT\\\",\\\"piiCategory\\\":[{\\\"piiCategoryId\\\":"+piiCategoryId+"," +
                 "\\\"validity\\\":\\\"DATE_UNTIL:INDEFINITE\\\"}],\\\"primaryPurpose\\\":true," +
                 "\\\"termination\\\":\\\"DATE_UNTIL:INDEFINITE\\\",\\\"thirdPartyDisclosure\\\":false}],\\\"tenantId\\\":1}]," +

diff --git a/...t/java/org/wso2/identity/integration/test/idp/mgt/PreferenceAPIIntegrationUITestCase.java b/...t/java/org/wso2/identity/integration/test/idp/mgt/PreferenceAPIIntegrationUITestCase.java
@@ -93,7 +93,7 @@ public void testInit() throws Exception {
         superTenantResidentIDP = superTenantIDPMgtClient.getResidentIdP();
         adminClient = new OauthAdminClient(backendURL, sessionCookie);
         String isServerBackendUrl = isServer.getContextUrls().getWebAppURLHttps();
-        recoveryEndpoint = isServerBackendUrl +"/t/" + activeTenant + RECOVERY_ENDPOINT_URL;
+        recoveryEndpoint = getTenantQualifiedURL(isServerBackendUrl + RECOVERY_ENDPOINT_URL, tenantInfo.getDomain());
         createOIDCApplication();
     }
 
@@ -225,8 +225,8 @@ private void updateResidentIDP(IdentityProvider residentIdentityProvider) throws
 
     private String getAuthzRequestUrl(String clientId, String callbackUrl) {
 
-        return OAuth2Constant.AUTHORIZE_ENDPOINT_URL + "?" + "client_id=" + clientId + "&redirect_uri=" + callbackUrl +
-                "&response_type=code&scope=openid";
+        return getTenantQualifiedURL(OAuth2Constant.AUTHORIZE_ENDPOINT_URL + "?" + "client_id=" + clientId + "&redirect_uri=" + callbackUrl +
+                "&response_type=code&scope=openid", tenantInfo.getDomain());
     }
 
     private String sendAuthorizeRequest() throws IOException {