From c8625160e9f918bbf165894379f68c281cfc48de Mon Sep 17 00:00:00 2001 From: Jacek Kowalski <Jacek@jacekk.info> Date: Fri, 24 Nov 2023 15:41:48 +0000 Subject: [PATCH] Switch to JDK 17 (already a Keycloak prerequisite) --- integrationTest/suite.sh | 83 ++++++++++++++++++++++++++++++++--------- 1 files changed, 65 insertions(+), 18 deletions(-) diff --git a/integrationTest/suite.sh b/integrationTest/suite.sh index 35d9f00..3f6f56a 100755 --- a/integrationTest/suite.sh +++ b/integrationTest/suite.sh @@ -1,41 +1,88 @@ #!/bin/bash set -e +keycloak_cas_url='http://localhost:8080/realms/master/protocol/cas' action_pattern='action="([^"]+)"' -ticket_pattern='Location: .*\?ticket=(ST-[-A-Za-z0-9_.=]+)' +CURL="curl --fail --silent --verbose" get_ticket() { - login_response=$(curl --fail --silent -c /tmp/cookies http://localhost:8080/auth/realms/master/protocol/cas/login?service=http://localhost) - if [[ !($login_response =~ $action_pattern) ]] ; then + local cookie_options="-b /tmp/cookies" + local ticket_pattern='Location: .*\?ticket=(ST-[-A-Za-z0-9_.=]+)' + local client_url_param=service + + if [ "$1" == "save_cookies" ]; then + cookie_options="${cookie_options} -c /tmp/cookies" + elif [ "$1" == "SAML" ]; then + ticket_pattern='Location: .*\?SAMLart=(ST-[-A-Za-z0-9_.=]+)' + client_url_param=TARGET + fi + + local login_response=$($CURL -c /tmp/cookies "${keycloak_cas_url}/login?${client_url_param}=http://localhost") + if [[ ! ($login_response =~ $action_pattern) ]] ; then echo "Could not parse login form in response" - echo $login_response + echo "${login_response}" exit 1 fi - login_url=${BASH_REMATCH[1]} - redirect_response=$(curl --fail --silent -D - -b /tmp/cookies --data 'username=admin&password=admin' "$login_url") - if [[ !($redirect_response =~ $ticket_pattern) ]] ; then + local login_url=${BASH_REMATCH[1]//&/&} + local redirect_response=$($CURL -D - $cookie_options --data 'username=admin&password=admin' "$login_url") + if [[ ! ($redirect_response =~ $ticket_pattern) ]] ; then echo "No service ticket found in response" - echo $redirect_response + echo "${redirect_response}" exit 1 fi - ticket=${BASH_REMATCH[1]} - echo $ticket + echo "${BASH_REMATCH[1]}" } -get_ticket -curl --fail --silent "http://localhost:8080/auth/realms/master/protocol/cas/validate?service=http://localhost&ticket=$ticket" +# CAS 1.0 +echo "Testing CAS 1.0..." +ticket=$(get_ticket) +$CURL "${keycloak_cas_url}/validate?service=http://localhost&ticket=$ticket" echo -get_ticket -curl --fail --silent "http://localhost:8080/auth/realms/master/protocol/cas/serviceValidate?service=http://localhost&format=XML&ticket=$ticket" +# CAS 2.0 +echo "Testing CAS 2.0 - XML..." +ticket=$(get_ticket) +$CURL "${keycloak_cas_url}/serviceValidate?service=http://localhost&format=XML&ticket=$ticket" echo -get_ticket -curl --fail --silent "http://localhost:8080/auth/realms/master/protocol/cas/serviceValidate?service=http://localhost&format=JSON&ticket=$ticket" +echo "Testing CAS 2.0 - JSON..." +ticket=$(get_ticket) +$CURL "${keycloak_cas_url}/serviceValidate?service=http://localhost&format=JSON&ticket=$ticket" echo -get_ticket -curl --fail --silent "http://localhost:8080/auth/realms/master/protocol/cas/p3/serviceValidate?service=http://localhost&format=JSON&ticket=$ticket" +# CAS 3.0 +echo "Testing CAS 3.0..." +ticket=$(get_ticket save_cookies) +$CURL "${keycloak_cas_url}/p3/serviceValidate?service=http://localhost&format=JSON&ticket=$ticket" echo + +# SAML 1.1 +echo "Testing SAML 1.1..." +ticket=$(get_ticket SAML) +timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ") +saml_template=$(dirname "$0")/samlValidateTemplate.xml +sed -e "s/CAS_TICKET/$ticket/g" -e "s/TIMESTAMP/$timestamp/g" "$saml_template" \ + | $CURL -X POST -H "Content-Type: text/xml" \ + -H "SOAPAction: http://www.oasis-open.org/committees/security" \ + --data-binary @- "${keycloak_cas_url}/samlValidate?TARGET=http://localhost" +echo + +# CAS - gateway option +echo "Testing CAS - gateway option, stage 1..." +get_ticket save_cookies +login_response=$($CURL -D - -b /tmp/cookies "${keycloak_cas_url}/login?service=http://localhost&gateway=true") +if echo "${login_response}" | grep '^Location: http://localhost\?ticket='; then + echo "Gateway option did not redirect back to service with ticket" + echo "${login_response}" + exit 1 +fi + +echo "Testing CAS - gateway option, stage 2..." +login_response=$($CURL -D - "${keycloak_cas_url}/login?service=http://localhost&gateway=true") +if echo "${login_response}" | grep '^Location: http://localhost$'; then + echo "Gateway option did not redirect back to service without ticket" + echo "${login_response}" + exit 1 +fi -- Gitblit v1.9.1