Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce New Integration Tests to Validate Functionality of IdPs #21913

Merged
merged 13 commits into from
Dec 10, 2024
Merged

Introduce New Integration Tests to Validate Functionality of IdPs #21913

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
622eb04
Add new tests to validate OIDC IdPs
Shenali-SJ Dec 4, 2024
762b4ee
Add test cases for SAML and empty search
Shenali-SJ Dec 5, 2024
9852a13
Add a test for IdP export
Shenali-SJ Dec 5, 2024
d13d4f2
Merge upstream master
Shenali-SJ Dec 6, 2024
be797d1
Address comments
Shenali-SJ Dec 6, 2024
0af9894
Template OIDC IdP payloads
Shenali-SJ Dec 9, 2024
c4e099d
Update OIDC IdP create payload
Shenali-SJ Dec 9, 2024
2f657be
Addressed comments
Shenali-SJ Dec 9, 2024
3f84127
Merge upstream master
Shenali-SJ Dec 10, 2024
e084e26
Bump api-server version
Shenali-SJ Dec 10, 2024
3c49e9e
Template OIDC IdP Name
Shenali-SJ Dec 10, 2024
f8c2f30
Bump api-server version
Shenali-SJ Dec 10, 2024
d72edae
Merge branch 'master' into custom-fed-mgt-integration-tests-system-de…
Thisara-Welmilla Dec 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions ...c/test/java/org/wso2/identity/integration/test/rest/api/server/idp/v1/IdPFailureTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
import java.util.Map;

import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.Matchers.nullValue;
import static org.hamcrest.core.IsNull.notNullValue;
import static org.testng.Assert.assertNotNull;

Expand Down Expand Up @@ -213,6 +214,36 @@ public void testUpdateIdPWithDuplicateOIDCScopes() throws IOException {
deleteCreatedIdP(oidcIdPId);
}

@Test
public void testUpdateOIDCIdPWithoutOpenidScope() throws IOException {

String body = readResource("add-idp-oidc-standard-based.json");
Response response = getResponseOfPost(IDP_API_BASE_PATH, body);
response.then()
.log().ifValidationFails()
.assertThat()
.statusCode(HttpStatus.SC_CREATED)
.header(HttpHeaders.LOCATION, notNullValue());

String location = response.getHeader(HttpHeaders.LOCATION);
assertNotNull(location);
String oidcIdPId = location.substring(location.lastIndexOf("/") + 1);
assertNotNull(oidcIdPId);

// update the OIDC IdP without openid scope
String updateBody = readResource("update-idp-oidc-without-openid-scope.json");
Response updateResponse = getResponseOfPut(IDP_API_BASE_PATH + PATH_SEPARATOR + oidcIdPId +
PATH_SEPARATOR + IDP_FEDERATED_AUTHENTICATORS_PATH + PATH_SEPARATOR + OIDC_IDP_ID, updateBody);
updateResponse.then()
.log().ifValidationFails()
.assertThat()
.statusCode(HttpStatus.SC_BAD_REQUEST)
.body("message", equalTo("Invalid OIDC Scopes."))
.body("description", equalTo("Scopes must contain 'openid'."));

deleteCreatedIdP(oidcIdPId);
}

/**
* Deletes an Identity Provider by its ID and verifies the deletion.
*
Expand Down
82 changes: 82 additions & 0 deletions ...c/test/java/org/wso2/identity/integration/test/rest/api/server/idp/v1/IdPSuccessTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import org.apache.commons.lang.StringUtils;
import org.apache.http.HttpHeaders;
import org.apache.http.HttpStatus;
import org.hamcrest.Matchers;
import org.testng.annotations.AfterClass;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
Expand Down Expand Up @@ -277,6 +278,64 @@ public void testAddIdP() throws IOException {
assertNotNull(idPId);
}

@Test()
public void addIdPWithoutAuthenticator() throws IOException {

String body = readResource("add-idp-without-authenticator.json");
Response response = getResponseOfPost(IDP_API_BASE_PATH, body);
response.then()
.log().ifValidationFails()
.assertThat()
.statusCode(HttpStatus.SC_CREATED)
.body("federatedAuthenticators.authenticators", Matchers.emptyIterable())
.header(HttpHeaders.LOCATION, notNullValue());

String location = response.getHeader(HttpHeaders.LOCATION);
assertNotNull(location);
String idpIdWithoutAuth = location.substring(location.lastIndexOf("/") + 1);
assertNotNull(idpIdWithoutAuth);

deleteCreatedIdP(idpIdWithoutAuth);
}

@Test
public void addIdPWithDuplicatedOIDCScopes() throws IOException {

String body = readResource("add-oidc-idp-with-duplicated-scopes.json");
Response response = getResponseOfPost(IDP_API_BASE_PATH, body);
response.then()
.log().ifValidationFails()
.assertThat()
.statusCode(HttpStatus.SC_CREATED)
.header(HttpHeaders.LOCATION, notNullValue());

String location = response.getHeader(HttpHeaders.LOCATION);
assertNotNull(location);
String oidcIdpId = location.substring(location.lastIndexOf("/") + 1);
assertNotNull(oidcIdpId);

deleteCreatedIdP(oidcIdpId);
}

@Test
public void addOIDCIdPWithoutOpenidScope() throws IOException {

String body = readResource("add-oidc-idp-without-openid-scope.json");
Response response = getResponseOfPost(IDP_API_BASE_PATH, body);
response.then()
.log().ifValidationFails()
.assertThat()
.statusCode(HttpStatus.SC_CREATED)
.header(HttpHeaders.LOCATION, notNullValue());

String location = response.getHeader(HttpHeaders.LOCATION);
assertNotNull(location);
String oidcIdpId = location.substring(location.lastIndexOf("/") + 1);
assertNotNull(oidcIdpId);

deleteCreatedIdP(oidcIdpId);
}

@Test(dependsOnMethods = {"testAddIdP"})
public void testGetIdP() throws IOException {

Expand Down Expand Up @@ -760,4 +819,27 @@ public void testDeleteIdPTemplate() throws Exception {
.assertThat()
.statusCode(HttpStatus.SC_NO_CONTENT);
}

/**
* Deletes an Identity Provider by its ID and verifies the deletion.
*
* @param idPId ID of the Identity Provider to be deleted.
*/
private void deleteCreatedIdP(String idPId) {

Response response = getResponseOfDelete(IDP_API_BASE_PATH + PATH_SEPARATOR + idPId);
response.then()
.log().ifValidationFails()
.assertThat()
.statusCode(HttpStatus.SC_NO_CONTENT);

Response responseOfGet = getResponseOfGet(IDP_API_BASE_PATH + PATH_SEPARATOR + idPId);
responseOfGet.then()
.log().ifValidationFails()
.assertThat()
.statusCode(HttpStatus.SC_NOT_FOUND)
.body("message", equalTo("Resource not found."))
.body("description", equalTo("Unable to find a resource matching the provided identity " +
"provider identifier " + idPId + "."));
}
}
77 changes: 77 additions & 0 deletions .../wso2/identity/integration/test/rest/api/server/idp/v1/add-idp-without-authenticator.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
{
"name": "Google-3",
"description": "IDP for Google Federation",
"image": "google-logo-url",
"isPrimary": false,
"isFederationHub": false,
"homeRealmIdentifier": "localhost",
"certificate": {
"certificates": [
"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURzRENDQXBpZ0F3SUJBZ0lKQUs0eml2ckVsYzBJTUEwR0NTcUdTSWIzRFFFQkN3VUFNSUdETVJFd0R3WUQKVlFRRERBaENkV1JrYUdsdFlURUxNQWtHQTFVRUJoTUNVMHd4RURBT0JnTlZCQWdNQjFkbGMzUmxjbTR4RURBTwpCZ05WQkFjTUIwTnZiRzl0WW04eERUQUxCZ05WQkFvTUJGZFRUekl4Q3pBSkJnTlZCQXNNQWxGQk1TRXdId1lKCktvWklodmNOQVFrQkZoSmlkV1JrYUdsdFlYVkFkM052TWk1amIyMHdJQmNOTVRrd056RTJNRFF5TXpFd1doZ1AKTXpBeE9ERXhNVFl3TkRJek1UQmFNSUdETVJFd0R3WURWUVFEREFoQ2RXUmthR2x0WVRFTE1Ba0dBMVVFQmhNQwpVMHd4RURBT0JnTlZCQWdNQjFkbGMzUmxjbTR4RURBT0JnTlZCQWNNQjBOdmJHOXRZbTh4RFRBTEJnTlZCQW9NCkJGZFRUekl4Q3pBSkJnTlZCQXNNQWxGQk1TRXdId1lKS29aSWh2Y05BUWtCRmhKaWRXUmthR2x0WVhWQWQzTnYKTWk1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDcFo3V09VMTZpeGpiQwpiWGR3R3JhTW5xbmxnb2kzMDN5aVFxbHAySzlWTmZHT21nTlFhdFdlbjB0MVVWcjYxd0Y4eVlHaDJyc1lnbithCjhwYXVmUVVQQ1laeFRFR1FpT2RPZ0RNcE5tWW82ZHU2K2MvenJqcHNncGh5SHIxNEZPVHAxaVRDSXBmanVwVjEKd1BUeXJveURySGRvMkpuOHI3V3F1cklJVTRBYllBN2NrdVVqL0tqYUovTTZrZitwRFd5SVJvaDBKTFJlWWM4UQp5bmhYcjdrQWp5RnFqNitnWndBYkh4ckhrckVzYTJoVjQ0UFJXWjFQUERxTCswVU8veE1hQW5udndsdGd4QlVpCkhLUTFXWDVwdVVPaC9kQTQ5b0RsbEpraHpxd2d5eDQxc1FYbFNhVmdKaklUZVdSQmdvNnh6ajNmd3VvenBGS1gKbzRaeXBITDNBZ01CQUFHakl6QWhNQjhHQTFVZEVRUVlNQmFDQkhkemJ6S0NDSGR6YnpJdVkyOXRnZ1IzYzI4eQpNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJTSzBKa1pyYlpvYmRDNHhZSG1IcnlVbkZVbkZZWUFvZmc0TFVGCkJRbWxDY0NKR0ZwR1BtN2ZDWHM0Y0h4Z0hPVTN5SkhtQ2pYaU9FRTc2dzhIU0NRcVhkNmROSEwxRkxtN0pqQTUKTEZmbHhiWXNOcmVVNVpJTmREVGZvWmxSSXR0Mkd4MlpIa3pjQVRJZm1yUFNwODV2WDhGem1mbTNBVTVpM3FXZQo4a2YyZk5nQjlMbE5XRFk1V09paVlHUWMrRk13WWdLcDJkNGM3dzMrWnRTUXJWRy9YdGpqYTJYV09Xdm1sV3dLCnB4b3pyNjIvTTdUUmVkc3hJNU90bzJvWExGZXp1MUdCWHdpNEFaempMSFVsNWpSR2hMbkNZa05qdWZGZi9EQ0cKeUFWdnpMVXQwZ2F0b0dJdTV2eG9la05JVWV5YTZpRzJBaG9jSmM0SEJMT3l4TXE3Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
]
},
"alias": "https://localhost:9444/oauth2/token",
"claims": {
"userIdClaim": {
"uri": "http://wso2.org/claims/username"
},
"roleClaim": {
"uri": "http://wso2.org/claims/role"
},
"provisioningClaims": [
{
"claim": {
"uri": "http://wso2.org/claims/username"
},
"defaultValue": "sathya"
}
]
},
"roles": {
"mappings": [
{
"idpRole": "google-manager",
"localRole": "admin"
}
],
"outboundProvisioningRoles": [
"admin"
]
},
"provisioning": {
"jit": {
"isEnabled": true,
"scheme": "PROVISION_SILENTLY",
"userstore": "PRIMARY"
},
"outboundConnectors": {
"defaultConnectorId": "c2NpbQ",
"connectors": [
{
"connectorId": "c2NpbQ",
"isEnabled": true,
"blockingEnabled": false,
"rulesEnabled": false,
"properties": [
{
"key": "scim-user-ep",
"value": "https://localhost:9445/userinfo"
},
{
"key": "scim-username",
"value": "admin"
},
{
"key": "scim-enable-pwd-provisioning",
"value": "true"
},
{
"key": "scim-password",
"value": "admin"
}
]
}
]
}
}
}
112 changes: 112 additions & 0 deletions ...identity/integration/test/rest/api/server/idp/v1/add-oidc-idp-with-duplicated-scopes.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
{
"name": "Google-3",
"description": "IDP for Google Federation",
"image": "google-logo-url",
"isPrimary": false,
"isFederationHub": false,
"homeRealmIdentifier": "localhost",
"certificate": {
"certificates": [
"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURzRENDQXBpZ0F3SUJBZ0lKQUs0eml2ckVsYzBJTUEwR0NTcUdTSWIzRFFFQkN3VUFNSUdETVJFd0R3WUQKVlFRRERBaENkV1JrYUdsdFlURUxNQWtHQTFVRUJoTUNVMHd4RURBT0JnTlZCQWdNQjFkbGMzUmxjbTR4RURBTwpCZ05WQkFjTUIwTnZiRzl0WW04eERUQUxCZ05WQkFvTUJGZFRUekl4Q3pBSkJnTlZCQXNNQWxGQk1TRXdId1lKCktvWklodmNOQVFrQkZoSmlkV1JrYUdsdFlYVkFkM052TWk1amIyMHdJQmNOTVRrd056RTJNRFF5TXpFd1doZ1AKTXpBeE9ERXhNVFl3TkRJek1UQmFNSUdETVJFd0R3WURWUVFEREFoQ2RXUmthR2x0WVRFTE1Ba0dBMVVFQmhNQwpVMHd4RURBT0JnTlZCQWdNQjFkbGMzUmxjbTR4RURBT0JnTlZCQWNNQjBOdmJHOXRZbTh4RFRBTEJnTlZCQW9NCkJGZFRUekl4Q3pBSkJnTlZCQXNNQWxGQk1TRXdId1lKS29aSWh2Y05BUWtCRmhKaWRXUmthR2x0WVhWQWQzTnYKTWk1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDcFo3V09VMTZpeGpiQwpiWGR3R3JhTW5xbmxnb2kzMDN5aVFxbHAySzlWTmZHT21nTlFhdFdlbjB0MVVWcjYxd0Y4eVlHaDJyc1lnbithCjhwYXVmUVVQQ1laeFRFR1FpT2RPZ0RNcE5tWW82ZHU2K2MvenJqcHNncGh5SHIxNEZPVHAxaVRDSXBmanVwVjEKd1BUeXJveURySGRvMkpuOHI3V3F1cklJVTRBYllBN2NrdVVqL0tqYUovTTZrZitwRFd5SVJvaDBKTFJlWWM4UQp5bmhYcjdrQWp5RnFqNitnWndBYkh4ckhrckVzYTJoVjQ0UFJXWjFQUERxTCswVU8veE1hQW5udndsdGd4QlVpCkhLUTFXWDVwdVVPaC9kQTQ5b0RsbEpraHpxd2d5eDQxc1FYbFNhVmdKaklUZVdSQmdvNnh6ajNmd3VvenBGS1gKbzRaeXBITDNBZ01CQUFHakl6QWhNQjhHQTFVZEVRUVlNQmFDQkhkemJ6S0NDSGR6YnpJdVkyOXRnZ1IzYzI4eQpNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJTSzBKa1pyYlpvYmRDNHhZSG1IcnlVbkZVbkZZWUFvZmc0TFVGCkJRbWxDY0NKR0ZwR1BtN2ZDWHM0Y0h4Z0hPVTN5SkhtQ2pYaU9FRTc2dzhIU0NRcVhkNmROSEwxRkxtN0pqQTUKTEZmbHhiWXNOcmVVNVpJTmREVGZvWmxSSXR0Mkd4MlpIa3pjQVRJZm1yUFNwODV2WDhGem1mbTNBVTVpM3FXZQo4a2YyZk5nQjlMbE5XRFk1V09paVlHUWMrRk13WWdLcDJkNGM3dzMrWnRTUXJWRy9YdGpqYTJYV09Xdm1sV3dLCnB4b3pyNjIvTTdUUmVkc3hJNU90bzJvWExGZXp1MUdCWHdpNEFaempMSFVsNWpSR2hMbkNZa05qdWZGZi9EQ0cKeUFWdnpMVXQwZ2F0b0dJdTV2eG9la05JVWV5YTZpRzJBaG9jSmM0SEJMT3l4TXE3Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
]
},
"alias": "https://localhost:9444/oauth2/token",
"claims": {
"userIdClaim": {
"uri": "http://wso2.org/claims/username"
},
"roleClaim": {
"uri": "http://wso2.org/claims/role"
},
"provisioningClaims": [
{
"claim": {
"uri": "http://wso2.org/claims/username"
},
"defaultValue": "sathya"
}
]
},
"roles": {
"mappings": [
{
"idpRole": "google-manager",
"localRole": "admin"
}
],
"outboundProvisioningRoles": [
"admin"
]
},
"federatedAuthenticators": {
"defaultAuthenticatorId": "R29vZ2xlT0lEQ0F1dGhlbnRpY2F0b3I",
"authenticators": [
{
"authenticatorId": "R29vZ2xlT0lEQ0F1dGhlbnRpY2F0b3I",
"isEnabled": true,
"properties": [
{
"key": "AdditionalQueryParameters",
"value": "scope=openid email profile"
},
{
"key": "ClientId",
"value": "165474950684-7mvqd8m6hieb8mdnffcarnku2aua0tpl.apps.googleusercontent.com"
},
{
"key": "ClientSecret",
"value": "testclientsecret"
},
{
"key": "callbackUrl",
"value": "https://mydomain2.com:9443/commonauth"
}
]
}
]
},
"provisioning": {
"jit": {
"isEnabled": true,
"scheme": "PROVISION_SILENTLY",
"userstore": "PRIMARY"
},
"outboundConnectors": {
"defaultConnectorId": "c2NpbQ",
"connectors": [
{
"connectorId": "c2NpbQ",
"isEnabled": true,
"blockingEnabled": false,
"rulesEnabled": false,
"properties": [
{
"key": "scim-user-ep",
"value": "https://localhost:9445/userinfo"
},
{
"key": "scim-username",
"value": "admin"
},
{
"key": "scim-enable-pwd-provisioning",
"value": "true"
},
{
"key": "scim-password",
"value": "admin"
},
{
"key": "commonAuthQueryParams",
"value": "scope=openid country profile"
},
{
"key": "Scopes",
"value": "openid country profile"
}
]
}
]
}
}
}
Loading