wip

Author: wolf4ood

.github/workflows/verify.yaml

@@ -162,6 +162,7 @@ jobs:
 
   miw-integration-tests:
     runs-on: ubuntu-latest
+    continue-on-error: true
     needs: [ verify-formatting, verify-license-headers ]
 
     steps:

edc-tests/e2e-tests/src/test/resources/docker-compose.yml

@@ -47,6 +47,7 @@ services:
       APPLICATION_ENVIRONMENT: dev
       DB_HOST: postgres
       DB_PORT: 5432
+      USE_SSL: false
 
       #create miw database and update below properties
       DB_USER_NAME: keycloak
@@ -55,7 +56,7 @@ services:
       KEYCLOAK_MIW_PUBLIC_CLIENT: miw_public
       MANAGEMENT_PORT: 8090
       MIW_HOST_NAME: localhost:8080
-      ENFORCE_HTTPS_IN_DID_RESOLUTION: 'false'
+      ENFORCE_HTTPS_IN_DID_RESOLUTION: false
       ENCRYPTION_KEY: Woh9waid4Ei5eez0aitieghoow9so4oe
       AUTHORITY_WALLET_BPN: BPNL000000000000
       AUTHORITY_WALLET_NAME: Catena-X

edc-tests/e2e-tests/src/test/resources/miw_test_realm.json

@@ -211,16 +211,16 @@
                 "create-client",
                 "manage-events",
                 "view-realm",
-                "view-identity-providers",
                 "manage-users",
+                "view-identity-providers",
                 "impersonation",
                 "query-realms",
                 "view-users",
                 "view-clients",
                 "view-authorization",
                 "query-groups",
-                "view-events",
                 "query-clients",
+                "view-events",
                 "manage-clients",
                 "manage-realm"
               ]
@@ -473,8 +473,9 @@
   "otpPolicyPeriod": 30,
   "otpPolicyCodeReusable": false,
   "otpSupportedApplications": [
-    "totpAppFreeOTPName",
-    "totpAppGoogleName"
+    "totpAppMicrosoftAuthenticatorName",
+    "totpAppGoogleName",
+    "totpAppFreeOTPName"
   ],
   "webAuthnPolicyRpEntityName": "keycloak",
   "webAuthnPolicySignatureAlgorithms": [
@@ -502,8 +503,8 @@
   "webAuthnPolicyPasswordlessAcceptableAaguids": [],
   "users": [
     {
-      "id": "eb4c29c6-4fca-43be-a124-883400f2d777",
-      "createdTimestamp": 1685594018433,
+      "id": "7e5c957b-2f20-41e0-85fb-e84656caadfe",
+      "createdTimestamp": 1687957169104,
       "username": "service-account-miw_private_client",
       "enabled": true,
       "totp": false,
@@ -517,10 +518,10 @@
       "clientRoles": {
         "miw_private_client": [
           "view_wallets",
-          "view_wallet",
+          "update_wallet",
           "add_wallets",
-          "update_wallets",
-          "update_wallet"
+          "view_wallet",
+          "update_wallets"
         ]
       },
       "notBefore": 0,
@@ -666,7 +667,9 @@
       "publicClient": true,
       "frontchannelLogout": false,
       "protocol": "openid-connect",
-      "attributes": {},
+      "attributes": {
+        "post.logout.redirect.uris": "+"
+      },
       "authenticationFlowBindingOverrides": {},
       "fullScopeAllowed": false,
       "nodeReRegistrationTimeout": 0,
@@ -704,7 +707,9 @@
       "publicClient": false,
       "frontchannelLogout": false,
       "protocol": "openid-connect",
-      "attributes": {},
+      "attributes": {
+        "post.logout.redirect.uris": "+"
+      },
       "authenticationFlowBindingOverrides": {},
       "fullScopeAllowed": false,
       "nodeReRegistrationTimeout": 0,
@@ -751,6 +756,7 @@
         "oidc.ciba.grant.enabled": "false",
         "client.secret.creation.time": "1684923648",
         "backchannel.logout.session.required": "true",
+        "post.logout.redirect.uris": "+",
         "display.on.consent.screen": "false",
         "oauth2.device.authorization.grant.enabled": "false",
         "backchannel.logout.revoke.offline.tokens": "false"
@@ -812,6 +818,7 @@
           "consentRequired": false,
           "config": {
             "user.session.note": "clientAddress",
+            "userinfo.token.claim": "true",
             "id.token.claim": "true",
             "access.token.claim": "true",
             "claim.name": "clientAddress",
@@ -826,6 +833,7 @@
           "consentRequired": false,
           "config": {
             "user.session.note": "clientId",
+            "userinfo.token.claim": "true",
             "id.token.claim": "true",
             "access.token.claim": "true",
             "claim.name": "clientId",
@@ -840,6 +848,7 @@
           "consentRequired": false,
           "config": {
             "user.session.note": "clientHost",
+            "userinfo.token.claim": "true",
             "id.token.claim": "true",
             "access.token.claim": "true",
             "claim.name": "clientHost",
@@ -874,14 +883,14 @@
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "redirectUris": [
+        "http://localhost:8080/*",
         "http://localhost/*",
-        "http://localhost:8087/*",
-        "http://localhost:8080/*"
+        "http://localhost:8087/*"
       ],
       "webOrigins": [
+        "http://localhost:8080",
         "http://localhost",
-        "http://localhost:8087",
-        "http://localhost:8080"
+        "http://localhost:8087"
       ],
       "notBefore": 0,
       "bearerOnly": false,
@@ -895,9 +904,10 @@
       "protocol": "openid-connect",
       "attributes": {
         "oidc.ciba.grant.enabled": "false",
+        "backchannel.logout.session.required": "true",
+        "post.logout.redirect.uris": "+",
         "display.on.consent.screen": "false",
         "oauth2.device.authorization.grant.enabled": "false",
-        "backchannel.logout.session.required": "true",
         "backchannel.logout.revoke.offline.tokens": "false"
       },
       "authenticationFlowBindingOverrides": {},
@@ -955,7 +965,9 @@
       "publicClient": false,
       "frontchannelLogout": false,
       "protocol": "openid-connect",
-      "attributes": {},
+      "attributes": {
+        "post.logout.redirect.uris": "+"
+      },
       "authenticationFlowBindingOverrides": {},
       "fullScopeAllowed": false,
       "nodeReRegistrationTimeout": 0,
@@ -1134,6 +1146,7 @@
           "consentRequired": false,
           "config": {
             "multivalued": "true",
+            "userinfo.token.claim": "true",
             "user.attribute": "foo",
             "id.token.claim": "true",
             "access.token.claim": "true",
@@ -1176,7 +1189,8 @@
           "consentRequired": false,
           "config": {
             "id.token.claim": "true",
-            "access.token.claim": "true"
+            "access.token.claim": "true",
+            "userinfo.token.claim": "true"
           }
         }
       ]
@@ -1625,13 +1639,13 @@
         "subComponents": {},
         "config": {
           "allowed-protocol-mapper-types": [
-            "oidc-full-name-mapper",
-            "saml-role-list-mapper",
+            "oidc-sha256-pairwise-sub-mapper",
             "saml-user-attribute-mapper",
-            "oidc-usermodel-attribute-mapper",
             "saml-user-property-mapper",
+            "oidc-full-name-mapper",
+            "oidc-usermodel-attribute-mapper",
+            "saml-role-list-mapper",
             "oidc-address-mapper",
-            "oidc-sha256-pairwise-sub-mapper",
             "oidc-usermodel-property-mapper"
           ]
         }
@@ -1645,13 +1659,13 @@
         "config": {
           "allowed-protocol-mapper-types": [
             "oidc-full-name-mapper",
-            "saml-role-list-mapper",
-            "oidc-usermodel-attribute-mapper",
+            "saml-user-attribute-mapper",
             "oidc-address-mapper",
+            "oidc-sha256-pairwise-sub-mapper",
             "oidc-usermodel-property-mapper",
             "saml-user-property-mapper",
-            "oidc-sha256-pairwise-sub-mapper",
-            "saml-user-attribute-mapper"
+            "oidc-usermodel-attribute-mapper",
+            "saml-role-list-mapper"
           ]
         }
       },
@@ -1752,7 +1766,7 @@
   "supportedLocales": [],
   "authenticationFlows": [
     {
-      "id": "fb171175-b83a-42fa-af99-d3f99cd44db2",
+      "id": "04cc2aa7-9e5b-4178-a1a2-dad58cf99367",
       "alias": "Account verification options",
       "description": "Method with which to verity the existing account",
       "providerId": "basic-flow",
@@ -1778,7 +1792,7 @@
       ]
     },
     {
-      "id": "ccd861f8-be9b-4d54-9722-c753e155b342",
+      "id": "fa4d6b27-5fac-4b3b-9cbc-badb7cfe90ed",
       "alias": "Authentication Options",
       "description": "Authentication options.",
       "providerId": "basic-flow",
@@ -1812,7 +1826,7 @@
       ]
     },
     {
-      "id": "4e85d167-f0de-4d21-9675-7cbd4d30e12d",
+      "id": "266db702-5928-4149-b2bd-701d0722eb93",
       "alias": "Browser - Conditional OTP",
       "description": "Flow to determine if the OTP is required for the authentication",
       "providerId": "basic-flow",
@@ -1838,7 +1852,7 @@
       ]
     },
     {
-      "id": "e70aa7d3-68a9-44e9-9f1d-0961dd5430d1",
+      "id": "dd326252-8827-445d-a098-9ec953932387",
       "alias": "Direct Grant - Conditional OTP",
       "description": "Flow to determine if the OTP is required for the authentication",
       "providerId": "basic-flow",
@@ -1864,7 +1878,7 @@
       ]
     },
     {
-      "id": "089a1b04-f00d-4b16-a4f6-836cf97c73af",
+      "id": "b8f5c247-b9ba-40c7-a14e-05a235bed46f",
       "alias": "First broker login - Conditional OTP",
       "description": "Flow to determine if the OTP is required for the authentication",
       "providerId": "basic-flow",
@@ -1890,7 +1904,7 @@
       ]
     },
     {
-      "id": "36a2147c-f4ea-4d7f-862b-6c7d7bcfd458",
+      "id": "f40cbe9a-ad2a-476c-b85d-ec426ce100b2",
       "alias": "Handle Existing Account",
       "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
       "providerId": "basic-flow",
@@ -1916,7 +1930,7 @@
       ]
     },
     {
-      "id": "09f37d50-270b-4c6f-8d1c-248bd2fad894",
+      "id": "60ba180d-92f3-4195-abd4-a925121994e7",
       "alias": "Reset - Conditional OTP",
       "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
       "providerId": "basic-flow",
@@ -1942,7 +1956,7 @@
       ]
     },
     {
-      "id": "145d5b8c-0ea1-44c7-94d5-9c68e4aebdfb",
+      "id": "0b5f7bb3-59e5-4d0e-9e8e-6d0e52984ad2",
       "alias": "User creation or linking",
       "description": "Flow for the existing/non-existing user alternatives",
       "providerId": "basic-flow",
@@ -1969,7 +1983,7 @@
       ]
     },
     {
-      "id": "b73cf97b-b3e2-4720-a6d6-5f2545cf84ca",
+      "id": "37290b7b-23f8-4653-ad2c-2593db5760f3",
       "alias": "Verify Existing Account by Re-authentication",
       "description": "Reauthentication of existing account",
       "providerId": "basic-flow",
@@ -1995,7 +2009,7 @@
       ]
     },
     {
-      "id": "fdbabc6d-21e1-4fae-8bc3-384f9eac9363",
+      "id": "2e5ceac1-9c0d-4109-b8f2-22c9efb00f0b",
       "alias": "browser",
       "description": "browser based authentication",
       "providerId": "basic-flow",
@@ -2037,7 +2051,7 @@
       ]
     },
     {
-      "id": "b381d57b-c3a3-4bd1-99dc-8ab1b61b6eef",
+      "id": "c35579f7-cd70-4c66-9ee7-c21bf7ddd1e0",
       "alias": "clients",
       "description": "Base authentication for clients",
       "providerId": "client-flow",
@@ -2079,7 +2093,7 @@
       ]
     },
     {
-      "id": "8c327c5a-256d-4b77-abfd-b29a9abcabc4",
+      "id": "c2487b50-dbf9-4536-be9d-940c8ac5eb21",
       "alias": "direct grant",
       "description": "OpenID Connect Resource Owner Grant",
       "providerId": "basic-flow",
@@ -2113,7 +2127,7 @@
       ]
     },
     {
-      "id": "06e02fd2-1e3a-462a-b56f-343adf6b497e",
+      "id": "e98419d1-4cb4-469d-a866-2adc9fdb4c6a",
       "alias": "docker auth",
       "description": "Used by Docker clients to authenticate against the IDP",
       "providerId": "basic-flow",
@@ -2131,7 +2145,7 @@
       ]
     },
     {
-      "id": "c7549abe-4291-455c-9237-e14327f0242a",
+      "id": "672acd89-be23-48ee-ac51-c5d846e77faf",
       "alias": "first broker login",
       "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
       "providerId": "basic-flow",
@@ -2158,7 +2172,7 @@
       ]
     },
     {
-      "id": "6aeeac48-e580-489d-a714-8a9e492c2f38",
+      "id": "1099c284-d2f6-44de-b1b3-87d5cb0990c1",
       "alias": "forms",
       "description": "Username, password, otp and other auth forms.",
       "providerId": "basic-flow",
@@ -2184,7 +2198,7 @@
       ]
     },
     {
-      "id": "b374af96-bbea-4b80-8847-6e6de58df0b3",
+      "id": "d02c9502-c51d-4968-ba5d-d3771054e85a",
       "alias": "http challenge",
       "description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
       "providerId": "basic-flow",
@@ -2210,7 +2224,7 @@
       ]
     },
     {
-      "id": "4012e109-120c-4754-bc53-838a158edfcc",
+      "id": "18ee7c5d-3b4b-45c7-8d5a-761c2de30711",
       "alias": "registration",
       "description": "registration flow",
       "providerId": "basic-flow",
@@ -2229,7 +2243,7 @@
       ]
     },
     {
-      "id": "058f9688-74be-46f2-9e13-ca28a71dc0f0",
+      "id": "41c9dfb7-686d-4679-b471-abd04c08519d",
       "alias": "registration form",
       "description": "registration form",
       "providerId": "form-flow",
@@ -2271,7 +2285,7 @@
       ]
     },
     {
-      "id": "b2b7b5fc-462b-447e-9ec3-64577571ddff",
+      "id": "2d4c9ede-ca14-4454-bf7b-60e9c23b1951",
       "alias": "reset credentials",
       "description": "Reset credentials for a user if they forgot their password or something",
       "providerId": "basic-flow",
@@ -2313,7 +2327,7 @@
       ]
     },
     {
-      "id": "6f762a68-34f5-4f0b-bb59-af7c0df4840d",
+      "id": "d1fea7bd-8e31-4b67-9cb8-b720c2b5b49c",
       "alias": "saml ecp",
       "description": "SAML ECP Profile Authentication Flow",
       "providerId": "basic-flow",
@@ -2333,14 +2347,14 @@
   ],
   "authenticatorConfig": [
     {
-      "id": "f7370c8e-6047-44e2-a447-2c20b42d75f2",
+      "id": "519345fd-5f36-411f-ac29-9a28fea6e1f1",
       "alias": "create unique user config",
       "config": {
         "require.password.update.after.registration": "false"
       }
     },
     {
-      "id": "47af4717-f9cd-4dd9-b980-246e33a5829b",
+      "id": "2ad5fe8b-f6aa-4608-bbc2-cbf2ff218b67",
       "alias": "review profile config",
       "config": {
         "update.profile.on.first.login": "missing"
@@ -2358,9 +2372,9 @@
       "config": {}
     },
     {
-      "alias": "terms_and_conditions",
+      "alias": "TERMS_AND_CONDITIONS",
       "name": "Terms and Conditions",
-      "providerId": "terms_and_conditions",
+      "providerId": "TERMS_AND_CONDITIONS",
       "enabled": false,
       "defaultAction": false,
       "priority": 20,
@@ -2439,8 +2453,8 @@
   "attributes": {
     "cibaBackchannelTokenDeliveryMode": "poll",
     "cibaAuthRequestedUserHint": "login_hint",
-    "oauth2DevicePollingInterval": "5",
     "clientOfflineSessionMaxLifespan": "0",
+    "oauth2DevicePollingInterval": "5",
     "clientSessionIdleTimeout": "0",
     "actionTokenGeneratedByUserLifespan-execute-actions": "",
     "actionTokenGeneratedByUserLifespan-verify-email": "",
@@ -2454,46 +2468,12 @@
     "parRequestUriLifespan": "60",
     "clientSessionMaxLifespan": "0"
   },
-  "keycloakVersion": "20.0.3",
+  "keycloakVersion": "21.0.2",
   "userManagedAccessAllowed": false,
   "clientProfiles": {
     "profiles": []
   },
   "clientPolicies": {
     "policies": []
-  },
-  "users": [
-    {
-      "username": "catena-x",
-      "email": "miwuser@test.test",
-      "firstName": "miwuser",
-      "lastName": "miwuser",
-      "enabled": true,
-      "emailVerified": true,
-      "attributes": {
-        "BPN": [
-          "BPNL000000000000"
-        ]
-      },
-      "credentials": [
-        {
-          "type": "password",
-          "value": "password"
-        }
-      ],
-      "clientRoles": {
-        "account": [
-          "view-profile",
-          "manage-account"
-        ],
-        "miw_private_client": [
-          "view_wallets",
-          "view_wallet",
-          "add_wallets",
-          "update_wallets",
-          "update_wallet"
-        ]
-      }
-    }
-  ]
+  }
 }