diff --git a/jboss-eap-config-openshift/EAP7.4.0/added/standalone-openshift.xml b/jboss-eap-config-openshift/EAP7.4.0/added/standalone-openshift.xml
index acb79248..a435c5d7 100644
--- a/jboss-eap-config-openshift/EAP7.4.0/added/standalone-openshift.xml
+++ b/jboss-eap-config-openshift/EAP7.4.0/added/standalone-openshift.xml
@@ -257,6 +257,7 @@
+
@@ -268,6 +269,7 @@
+
@@ -288,6 +290,7 @@
+
@@ -316,6 +319,8 @@
+
+
diff --git a/jboss-kie-wildfly-common/added/launch/jboss-kie-wildfly-elytron.sh b/jboss-kie-wildfly-common/added/launch/jboss-kie-wildfly-elytron.sh
index 5220b20f..7f61ce6c 100644
--- a/jboss-kie-wildfly-common/added/launch/jboss-kie-wildfly-elytron.sh
+++ b/jboss-kie-wildfly-common/added/launch/jboss-kie-wildfly-elytron.sh
@@ -44,6 +44,7 @@ function configure() {
configure_elytron_role_mapping
configure_ldap_sec_domain
configure_new_identity_attributes
+ configure_rhsso
configure_role_decoder
update_activemq_domain
update_jboss_web_xml
@@ -84,8 +85,11 @@ function configure_role_decoder() {
}
function update_security_domain() {
- if [ "${SSO_URL}x" == "x" ]; then
- # undertow subsystem
+ if [ "${SSO_URL}x" != "x" ]; then
+ # undertow subsystem
+ sed -i "s||\n\
+ |" $CONFIG_FILE
+ else
sed -i "s||\n\
|" $CONFIG_FILE
fi
@@ -136,6 +140,53 @@ EOF
fi
}
+function configure_rhsso(){
+ if [ "${SSO_URL}x" != "x" ]; then
+ configure_rhsso_custom_realm
+ configure_rhsso_security_domain
+ configure_rhsso_constant_realm_mapper
+ configure_rhsso_aggregate_http_server_mechanism_factory
+ configure_rhsso_http_authentication_factory
+ fi
+}
+
+function configure_rhsso_custom_realm() {
+ local custom_realm=""
+ sed -i "s||${custom_realm}|" $CONFIG_FILE
+}
+
+function configure_rhsso_security_domain() {
+ local sec_domain="\n\
+ \n\
+ "
+ sed -i "s||${sec_domain}|" $CONFIG_FILE
+}
+
+function configure_rhsso_constant_realm_mapper() {
+ local constant_realm_mapper=""
+ sed -i "s||${constant_realm_mapper}|" $CONFIG_FILE
+}
+
+function configure_rhsso_aggregate_http_server_mechanism_factory() {
+ local aggregate_http_server_mechanism_factory="\n\
+ \n\
+ \n\
+ \n\
+ "
+ sed -i "s||${aggregate_http_server_mechanism_factory}|" $CONFIG_FILE
+}
+
+function configure_rhsso_http_authentication_factory() {
+ local http_auth_factory="\n\
+ \n\
+ \n\
+ \n\
+ \n\
+ \n\
+ "
+ sed -i "s||${http_auth_factory}|" $CONFIG_FILE
+}
+
function get_security_domain() {
local sec_domain="ApplicationDomain"
if [ "${AUTH_LDAP_URL}x" != "x" ]; then
@@ -143,6 +194,8 @@ function get_security_domain() {
if [ "${AUTH_LDAP_LOGIN_FAILOVER^^}" == "TRUE" ]; then
sec_domain="KIELdapWithFailOverSecDomain"
fi
+ elif [ "${SSO_URL}x" != "x" ]; then
+ sec_domain="KeycloakDomain"
fi
echo ${sec_domain}
}
diff --git a/jboss-kie-wildfly-common/tests/bats/jboss-kie-wildfly-elytron.bats b/jboss-kie-wildfly-common/tests/bats/jboss-kie-wildfly-elytron.bats
index c1d12c4f..feed6138 100644
--- a/jboss-kie-wildfly-common/tests/bats/jboss-kie-wildfly-elytron.bats
+++ b/jboss-kie-wildfly-common/tests/bats/jboss-kie-wildfly-elytron.bats
@@ -12,7 +12,7 @@ cp $BATS_TEST_DIRNAME/../../../jboss-eap-config-openshift/EAP7.4.0/added/standal
source $BATS_TEST_DIRNAME/../../added/launch/jboss-kie-wildfly-elytron.sh
teardown() {
- rm -rf $JBOSS_HOMEs
+ rm -rf $JBOSS_HOME
}
@test "[KIE Server] test if the default kie-fs-realm is correctly added for rhpam" {
@@ -175,17 +175,18 @@ teardown() {
[ "${expected}" = "${result}" ]
}
+
@test "test if the correct sso application domain is set on the config file" {
export SSO_URL="http://test"
update_security_domain
- expected=""
+ expected="
+"
result=$(xmllint --xpath "//*[local-name()='application-security-domain']" $CONFIG_FILE)
echo "expected: ${expected}"
echo "result : ${result}"
[ "${expected}" = "${result}" ]
-
}
@@ -736,6 +737,17 @@ teardown() {
}
+@test "test if the get_security_domain function returns the expected value when sso url is set" {
+ SSO_URL="http://sso=url"
+ result=$(get_security_domain)
+ expected="KeycloakDomain"
+ echo "result : ${result}"
+ echo "expected: ${expected}"
+
+ [ "${expected}" = "${result}" ]
+}
+
+
@test "test if the get_ldap_realm function returns the expected default value" {
result=$(get_ldap_realm)
expected="KIELdapRealm"
@@ -960,3 +972,82 @@ teardown() {
echo "result_aggregate_role_mapper : ${result_aggregate_role_mapper}"
[ "${expected_aggregate_role_mapper}" = "${result_aggregate_role_mapper}" ]
}
+
+
+@test "test if rhsso custom-realm is correctly added" {
+ configure_rhsso_custom_realm
+
+ expected=""
+ result="$(xmllint --xpath "//*[local-name()='custom-realm']" $CONFIG_FILE)"
+
+ echo "expected: ${expected}"
+ echo "result : ${result}"
+ [ "${expected}" = "${result}" ]
+}
+
+
+@test "test if rhsso security-domain is correctly added" {
+ configure_rhsso_security_domain
+
+ expected="
+
+ "
+ result="$(xmllint --xpath "//*[local-name()='security-domain'][3]" $CONFIG_FILE)"
+
+ echo "expected: ${expected}"
+ echo "result : ${result}"
+ [ "${expected}" = "${result}" ]
+}
+
+
+@test "test if rhsso constant realm mapper is correctly added" {
+ configure_rhsso_constant_realm_mapper
+
+ expected=""
+ result="$(xmllint --xpath "//*[local-name()='constant-realm-mapper'][2]" $CONFIG_FILE)"
+
+ echo "expected: ${expected}"
+ echo "result : ${result}"
+ [ "${expected}" = "${result}" ]
+}
+
+
+@test "test if rhsso factory mechanism are correctly added" {
+ configure_rhsso_aggregate_http_server_mechanism_factory
+
+ expected="
+
+
+ "
+ result="$(xmllint --xpath "//*[local-name()='aggregate-http-server-mechanism-factory']" $CONFIG_FILE)"
+
+ expected_service_loader=""
+ result_service_loader="$(xmllint --xpath "//*[local-name()='service-loader-http-server-mechanism-factory']" $CONFIG_FILE)"
+
+ echo "expected: ${expected}"
+ echo "result : ${result}"
+ [ "${expected}" = "${result}" ]
+
+ echo "expected_service_loader: ${expected_service_loader}"
+ echo "result_service_loader : ${result_service_loader}"
+ [ "${expected_service_loader}" = "${result_service_loader}" ]
+}
+
+
+@test "test if rhsso http authentication factory is correctly added" {
+ SSO_URL="http://sso-url"
+ configure_rhsso_http_authentication_factory
+
+ expected="
+
+
+
+
+
+ "
+ result="$(xmllint --xpath "//*[local-name()='http-authentication-factory'][3]" $CONFIG_FILE)"
+
+ echo "expected: ${expected}"
+ echo "result : ${result}"
+ [ "${expected}" = "${result}" ]
+}
\ No newline at end of file
diff --git a/tests/features/common/kie-common.feature b/tests/features/common/kie-common.feature
index ef5f7ae7..b1fa46e1 100644
--- a/tests/features/common/kie-common.feature
+++ b/tests/features/common/kie-common.feature
@@ -1,4 +1,11 @@
-@rhdm-7/rhdm-kieserver-rhel8 @rhpam-7/rhpam-kieserver-rhel8 @rhdm-7/rhdm-decisioncentral-rhel8 @rhpam-7/rhpam-businesscentral-rhel8 @rhpam-7/rhpam-businesscentral-monitoring-rhel8 @rhpam-7/rhpam-dashbuilder-rhel8 @rhpam-7/rhpam-controller-rhel8 @rhdm-7/rhdm-controller-rhel8
+@rhdm-7/rhdm-kieserver-rhel8
+@rhpam-7/rhpam-kieserver-rhel8
+@rhdm-7/rhdm-decisioncentral-rhel8
+@rhpam-7/rhpam-businesscentral-rhel8
+@rhpam-7/rhpam-businesscentral-monitoring-rhel8
+@rhpam-7/rhpam-dashbuilder-rhel8
+@rhpam-7/rhpam-controller-rhel8
+@rhdm-7/rhdm-controller-rhel8
Feature: RHPAM and RHDM common tests
Scenario: Ensure the openjdk8 packages are not installed on container.
@@ -277,6 +284,22 @@ Feature: RHPAM and RHDM common tests
And container log should contain External authentication/authorization enabled, skipping the embedded users creation.
And container log should contain Make sure to configure KIE_ADMIN_USER user to access the application with the roles kie-server,rest-all,admin,kiemgmt,Administrators,user
+ Scenario: Check if elytron is correctly configured when SSO is enabled.
+ When container is started with env
+ | variable | value |
+ | SSO_URL | http://url |
+ Then file /opt/eap/standalone/configuration/standalone-openshift.xml should contain
+ And file /opt/eap/standalone/configuration/standalone-openshift.xml should contain
+ And file /opt/eap/standalone/configuration/standalone-openshift.xml should contain
+ And file /opt/eap/standalone/configuration/standalone-openshift.xml should contain
+ And file /opt/eap/standalone/configuration/standalone-openshift.xml should contain
+ And file /opt/eap/standalone/configuration/standalone-openshift.xml should contain
+ And file /opt/eap/standalone/configuration/standalone-openshift.xml should contain
+ And file /opt/eap/standalone/configuration/standalone-openshift.xml should contain
+ And file /opt/eap/standalone/configuration/standalone-openshift.xml should contain
+ And file /opt/eap/standalone/configuration/standalone-openshift.xml should contain
+ And file /opt/eap/standalone/configuration/standalone-openshift.xml should contain
+
Scenario: KIECLOUD-274 Prepare PAM/DM images to accept the logger category configuration
When container is started with env
| variable | value |