wip: Annotate Disabled tests with more information

Signed-off-by: Duane May <duane.may@broadcom.com>

scripts/kill_uaa.sh

@@ -47,6 +47,7 @@ function main() {
   if $jps_command | egrep "^${pid} " > /dev/null; then
     echo -n " Forcibly killing: "
     kill -9 "${pid}" || true
+    sleep 2
   fi
 
   $jps_command | egrep "^${pid} "

server/src/main/java/org/cloudfoundry/identity/uaa/provider/saml/SamlAuthenticationFilterConfig.java

@@ -30,6 +30,9 @@
 @Configuration
 public class SamlAuthenticationFilterConfig {
 
+    /**
+     * Handles building and forwarding the SAML2 Authentication Request to the IDP.
+     */
     @Autowired
     @Bean
     Filter saml2WebSsoAuthenticationRequestFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
@@ -80,6 +83,9 @@ AuthenticationProvider samlAuthenticationProvider(IdentityZoneManager identityZo
         return samlResponseAuthenticationProvider;
     }
 
+    /**
+     * Handles the SAML2 Authentication Response and creates an Authentication object.
+     */
     @Autowired
     @Bean
     Filter saml2WebSsoAuthenticationFilter(AuthenticationProvider samlAuthenticationProvider,

server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/OpenSaml4AuthenticationProviderTests.java

@@ -330,7 +330,7 @@ void authenticationContainsAmr() {
     }
 
     @Test
-    void test_external_groups_as_scopes() {
+    void external_groups_as_scopes() {
         providerDefinition.setGroupMappingMode(SamlIdentityProviderDefinition.ExternalGroupMappingMode.AS_SCOPES);
         providerDefinition.addAttributeMapping(GROUP_ATTRIBUTE_NAME, Arrays.asList("2ndgroups", "groups"));
         provider.setConfig(providerDefinition);
@@ -346,7 +346,7 @@ void test_external_groups_as_scopes() {
     }
 
     @Test
-    void test_group_mapping() {
+    void group_mapping() {
         providerDefinition.addAttributeMapping(GROUP_ATTRIBUTE_NAME, "groups");
         provider.setConfig(providerDefinition);
         providerProvisioning.update(provider, identityZoneManager.getCurrentIdentityZone().getId());
@@ -359,7 +359,7 @@ void test_group_mapping() {
     }
 
     @Test
-    void test_non_string_attributes() {
+    void non_string_attributes() {
         providerDefinition.addAttributeMapping(USER_ATTRIBUTE_PREFIX + "XSURI", "XSURI");
         providerDefinition.addAttributeMapping(USER_ATTRIBUTE_PREFIX + "XSAny", "XSAny");
         providerDefinition.addAttributeMapping(USER_ATTRIBUTE_PREFIX + "XSQName", "XSQName");
@@ -438,7 +438,7 @@ void addExternalGroupsToAuthenticationWithWildcardWhitelist() {
     }
 
     @Test
-    @Disabled("SAML test doesn't compile")
+    @Disabled("SAML test doesn't compile: Invitations. Requires different response data")
     void update_invitedUser_whose_username_is_notEmail() throws Exception {
         ScimUser scimUser = getInvitedUser();
 
@@ -455,7 +455,7 @@ void update_invitedUser_whose_username_is_notEmail() throws Exception {
     }
 
     @Test
-    @Disabled("SAML test doesn't compile")
+    @Disabled("SAML test doesn't compile: Invitations. Requires different response data")
     void invitedUser_authentication_whenAuthenticatedEmailDoesNotMatchInvitedEmail()
             throws Exception {
         Map<String, Object> attributeMappings = new HashMap<>();

uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java

@@ -1,10 +1,10 @@
 /*******************************************************************************
  *     Cloud Foundry
  *     Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved.
- *
+ * <p/>
  *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
  *     You may not use this product except in compliance with the License.
- *
+ * <p/>
  *     This product includes a number of subcomponents with
  *     separate copyright notices and license terms. Your use of these
  *     subcomponents is subject to the terms and conditions of the
@@ -203,7 +203,7 @@ void samlSPMetadata() {
         ResponseEntity<String> response = request.getForEntity(
                 baseUrl + "/saml/metadata", String.class);
         assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
-        String metadataXml = (String) response.getBody();
+        String metadataXml = response.getBody();
 
         // The SAML SP metadata should match the following UAA configs:
         // login.entityID
@@ -264,7 +264,7 @@ void simpleSamlLoginWithAddShadowUserOnLoginFalse() throws Exception {
         // create a UAA user with the email address as the username.
         deleteUser(SAML_ORIGIN, testAccounts.getEmail());
 
-        IdentityProvider provider = IntegrationTestUtils.createIdentityProvider(SAML_ORIGIN, false, baseUrl, serverRunning);
+        IdentityProvider<?> provider = IntegrationTestUtils.createIdentityProvider(SAML_ORIGIN, false, baseUrl, serverRunning);
         String clientId = "app-addnew-false" + new RandomValueStringGenerator().generate();
         String redirectUri = "http://nosuchhostname:0/nosuchendpoint";
         createClientAndSpecifyProvider(clientId, provider, redirectUri);
@@ -278,7 +278,7 @@ void simpleSamlLoginWithAddShadowUserOnLoginFalse() throws Exception {
     }
 
     @Test
-    @Disabled("SAML test fails")
+    @Disabled("SAML test fails: Requires zones")
     void incorrectResponseFromSamlIDP_showErrorFromSaml() {
         String zoneId = "testzone3";
         String zoneUrl = baseUrl.replace("localhost", zoneId + ".localhost");
@@ -311,7 +311,7 @@ void incorrectResponseFromSamlIDP_showErrorFromSaml() {
                         "secr3T");
 
         SamlIdentityProviderDefinition samlIdentityProviderDefinition = createSimplePHPSamlIDP(SAML_ORIGIN, "testzone3");
-        IdentityProvider provider = new IdentityProvider();
+        IdentityProvider<SamlIdentityProviderDefinition> provider = new IdentityProvider<>();
         provider.setIdentityZoneId(zoneId);
         provider.setType(OriginKeys.SAML);
         provider.setActive(true);
@@ -343,10 +343,11 @@ void simpleSamlPhpLogin() throws Exception {
     }
 
     @Test
-    @Disabled("SAML test fails")
+    @Disabled("SAML test fails: requires LogoutRequest to be sent to the IDP")
     void simpleSamlPhpLoginDisplaysLastLogin() throws Exception {
+        createIdentityProvider(SAML_ORIGIN);
+
         Long beforeTest = System.currentTimeMillis();
-        IdentityProvider<SamlIdentityProviderDefinition> provider = createIdentityProvider(SAML_ORIGIN);
         LoginPage.go(webDriver, baseUrl)
                 .clickSamlLink_goesToSamlLoginPage(SAML_ORIGIN)
                 .login_goesToHomePage(testAccounts.getUserName(), testAccounts.getPassword())
@@ -362,9 +363,9 @@ void simpleSamlPhpLoginDisplaysLastLogin() throws Exception {
     }
 
     @Test
-    @Disabled("SAML test fails")
+    @Disabled("SAML test fails: Requires logout")
     void singleLogout() throws Exception {
-        IdentityProvider<SamlIdentityProviderDefinition> provider = createIdentityProvider(SAML_ORIGIN);
+        createIdentityProvider(SAML_ORIGIN);
 
         LoginPage.go(webDriver, baseUrl)
                 .clickSamlLink_goesToSamlLoginPage(SAML_ORIGIN)
@@ -374,7 +375,7 @@ void singleLogout() throws Exception {
     }
 
     @Test
-    @Disabled("SAML test fails")
+    @Disabled("SAML test fails: Requires zones and logout")
     void singleLogoutWithNoLogoutUrlOnIDPWithLogoutRedirect() {
         String zoneId = "testzone2";
         String zoneUrl = baseUrl.replace("localhost", zoneId + ".localhost");
@@ -410,7 +411,7 @@ void singleLogoutWithNoLogoutUrlOnIDPWithLogoutRedirect() {
                         email,
                         "secr3T");
         SamlIdentityProviderDefinition providerDefinition = createIDPWithNoSLOSConfigured();
-        IdentityProvider<SamlIdentityProviderDefinition> provider = new IdentityProvider();
+        IdentityProvider<SamlIdentityProviderDefinition> provider = new IdentityProvider<>();
         provider.setIdentityZoneId(zoneId);
         provider.setType(OriginKeys.SAML);
         provider.setActive(true);
@@ -435,10 +436,10 @@ void singleLogoutWithNoLogoutUrlOnIDPWithLogoutRedirect() {
     }
 
     @Test
-    @Disabled("SAML test fails")
+    @Disabled("SAML test fails: Requires logout")
     void singleLogoutWithNoLogoutUrlOnIDP() throws Exception {
         SamlIdentityProviderDefinition providerDefinition = createIDPWithNoSLOSConfigured();
-        IdentityProvider<SamlIdentityProviderDefinition> provider = new IdentityProvider();
+        IdentityProvider<SamlIdentityProviderDefinition> provider = new IdentityProvider<>();
         provider.setIdentityZoneId(OriginKeys.UAA);
         provider.setType(OriginKeys.SAML);
         provider.setActive(true);
@@ -447,8 +448,7 @@ void singleLogoutWithNoLogoutUrlOnIDP() throws Exception {
         provider.setName("simplesamlphp for uaa");
 
         String zoneAdminToken = getZoneAdminToken(baseUrl, serverRunning);
-
-        provider = IntegrationTestUtils.createOrUpdateProvider(zoneAdminToken, baseUrl, provider);
+        IntegrationTestUtils.createOrUpdateProvider(zoneAdminToken, baseUrl, provider);
 
         LoginPage.go(webDriver, baseUrl)
                 .clickSamlLink_goesToSamlLoginPage("simplesamlphp")
@@ -474,31 +474,14 @@ void faviconShouldNotSave() throws Exception {
                 .login_goesToHomePage(MARISSA4_USERNAME, MARISSA4_PASSWORD);
     }
 
-
-    private void testSimpleSamlLogin(String firstUrl, String lookfor) throws Exception {
-        testSimpleSamlLogin(firstUrl, lookfor, testAccounts.getUserName(), testAccounts.getPassword());
-    }
-
-    private void testSimpleSamlLogin(String firstUrl, String lookfor, String username, String password) throws Exception {
-        IdentityProvider<SamlIdentityProviderDefinition> provider = createIdentityProvider(SAML_ORIGIN);
-
-        webDriver.get(baseUrl + firstUrl);
-        assertThat(webDriver.getTitle()).isEqualTo("Cloud Foundry");
-        webDriver.findElement(By.xpath("//a[text()='" + provider.getConfig().getLinkText() + "']")).click();
-        //takeScreenShot();
-        assertThat(webDriver.getCurrentUrl()).contains("loginuserpass");
-        sendCredentials(username, password);
-        assertThat(webDriver.findElement(By.cssSelector("h1")).getText()).contains(lookfor);
-    }
-
     protected IdentityProvider<SamlIdentityProviderDefinition> createIdentityProvider(String originKey) throws Exception {
         return IntegrationTestUtils.createIdentityProvider(originKey, true, baseUrl, serverRunning);
     }
 
     protected UaaClientDetails createClientAndSpecifyProvider(String clientId, IdentityProvider provider,
                                                               String redirectUri) {
 
-        RestTemplate identityClient = IntegrationTestUtils.getClientCredentialsTemplate(
+        IntegrationTestUtils.getClientCredentialsTemplate(
                 IntegrationTestUtils.getClientCredentialsResource(baseUrl, new String[0], "identity", "identitysecret")
         );
         RestTemplate adminClient = IntegrationTestUtils.getClientCredentialsTemplate(
@@ -529,7 +512,6 @@ protected UaaClientDetails createClientAndSpecifyProvider(String clientId, Ident
     }
 
     protected void deleteUser(String origin, String username) {
-
         String zoneAdminToken = IntegrationTestUtils.getClientCredentialsToken(serverRunning,
                 "admin", "adminsecret");
 
@@ -542,8 +524,8 @@ protected void deleteUser(String origin, String username) {
     }
 
     @Test
-    @Disabled("SAML test fails")
-    void saml_invitation_automatic_redirect_in_zone2() throws Exception {
+    @Disabled("SAML test fails: Requires zones")
+    void saml_invitation_automatic_redirect_in_zone2() {
         perform_SamlInvitation_Automatic_Redirect_In_Zone2(MARISSA2_USERNAME, MARISSA2_PASSWORD, true);
         perform_SamlInvitation_Automatic_Redirect_In_Zone2(MARISSA2_USERNAME, MARISSA2_PASSWORD, true);
         perform_SamlInvitation_Automatic_Redirect_In_Zone2(MARISSA2_USERNAME, MARISSA2_PASSWORD, true);
@@ -643,7 +625,7 @@ public void perform_SamlInvitation_Automatic_Redirect_In_Zone2(String username,
     }
 
     @Test
-    @Disabled("SAML test fails")
+    @Disabled("SAML test fails: Requires zones")
     void relay_state_redirect_from_idp() {
         //ensure we are able to resolve DNS for hostname testzone1.localhost
         String zoneId = "testzone1";
@@ -706,7 +688,7 @@ void relay_state_redirect_from_idp() {
     }
 
     @Test
-    @Disabled("SAML test fails")
+    @Disabled("SAML test fails: Requires zones")
     void samlLoginClientIDPAuthorizationAutomaticRedirectInZone1() {
         //ensure we are able to resolve DNS for hostname testzone1.localhost
         String zoneId = "testzone1";
@@ -758,7 +740,7 @@ void samlLoginClientIDPAuthorizationAutomaticRedirectInZone1() {
         clientDetails.setClientSecret("secret");
         clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, idps);
         clientDetails.setAutoApproveScopes(Collections.singleton("true"));
-        clientDetails = IntegrationTestUtils.createClientAsZoneAdmin(zoneAdminToken, baseUrl, zoneId, clientDetails);
+        IntegrationTestUtils.createClientAsZoneAdmin(zoneAdminToken, baseUrl, zoneId, clientDetails);
 
         webDriver.get(zoneUrl + "/logout.do");
 
@@ -774,7 +756,7 @@ void samlLoginClientIDPAuthorizationAutomaticRedirectInZone1() {
     }
 
     @Test
-    @Disabled("SAML test fails")
+    @Disabled("SAML test fails: Requires zones and logout")
     void samlLoginMapGroupsInZone1() {
         //ensure we are able to resolve DNS for hostname testzone1.localhost
         String zoneId = "testzone1";
@@ -835,7 +817,6 @@ void samlLoginMapGroupsInZone1() {
         clientDetails = IntegrationTestUtils.createClientAsZoneAdmin(zoneAdminToken, baseUrl, zoneId, clientDetails);
         String adminTokenInZone = IntegrationTestUtils.getClientCredentialsToken(zoneUrl, clientDetails.getClientId(), "secret");
 
-
         ScimGroup uaaSamlUserGroup = new ScimGroup(null, "uaa.saml.user", zoneId);
         uaaSamlUserGroup = IntegrationTestUtils.createOrUpdateGroup(adminTokenInZone, null, zoneUrl, uaaSamlUserGroup);
 
@@ -878,7 +859,7 @@ void samlLoginMapGroupsInZone1() {
     }
 
     @Test
-    @Disabled("SAML test fails")
+    @Disabled("SAML test fails: Requires zones and logout")
     void samlLoginCustomUserAttributesAndRolesInIDToken() throws Exception {
 
         final String COST_CENTER = "costCenter";
@@ -1029,9 +1010,8 @@ void samlLoginCustomUserAttributesAndRolesInIDToken() throws Exception {
         assertThat(userInfoRoles).containsExactlyInAnyOrder(expectedRoles);
     }
 
-    // TODO: work on this next
     @Test
-    @Disabled("SAML test fails")
+    @Disabled("SAML test fails: Requires zones and logout")
     void samlLoginEmailInIDTokenWhenUserIDIsNotEmail() {
 
         //ensure we are able to resolve DNS for hostname testzone1.localhost
@@ -1069,8 +1049,7 @@ void samlLoginEmailInIDTokenWhenUserIDIsNotEmail() {
         SamlIdentityProviderDefinition samlIdentityProviderDefinition = createTestZoneIDP(SAML_ORIGIN, zoneId);
         samlIdentityProviderDefinition.addAttributeMapping(EMAIL_ATTRIBUTE_NAME, "emailAddress");
 
-        IdentityProvider<SamlIdentityProviderDefinition> provider = new IdentityProvider();
-        provider.setIdentityZoneId(zoneId);
+        IdentityProvider<SamlIdentityProviderDefinition> provider = new IdentityProvider<>();
         provider.setType(OriginKeys.SAML);
         provider.setActive(true);
         provider.setConfig(samlIdentityProviderDefinition);
@@ -1091,7 +1070,7 @@ void samlLoginEmailInIDTokenWhenUserIDIsNotEmail() {
         clientDetails = IntegrationTestUtils.createClientAsZoneAdmin(zoneAdminToken, baseUrl, zoneId, clientDetails);
         clientDetails.setClientSecret("secret");
 
-        String adminTokenInZone = IntegrationTestUtils.getClientCredentialsToken(zoneUrl, clientDetails.getClientId(), "secret");
+        IntegrationTestUtils.getClientCredentialsToken(zoneUrl, clientDetails.getClientId(), "secret");
 
         webDriver.get(zoneUrl + "/logout.do");
 
@@ -1140,7 +1119,7 @@ void samlLoginEmailInIDTokenWhenUserIDIsNotEmail() {
 
 
     @Test
-    @Disabled("SAML test fails")
+    @Disabled("SAML test fails: Requires zones and logout")
     void simpleSamlPhpLoginInTestZone1Works() {
         String zoneId = "testzone1";
 
@@ -1159,7 +1138,6 @@ void simpleSamlPhpLoginInTestZone1Works() {
         String groupId = IntegrationTestUtils.findGroupId(adminClient, baseUrl, "zones." + zoneId + ".admin");
         IntegrationTestUtils.addMemberToGroup(adminClient, baseUrl, user.getId(), groupId);
 
-
         String zoneAdminToken =
                 IntegrationTestUtils.getAccessTokenByAuthCode(serverRunning,
                         UaaTestAccounts.standard(serverRunning),
@@ -1177,7 +1155,6 @@ void simpleSamlPhpLoginInTestZone1Works() {
         provider.setOriginKey(samlIdentityProviderDefinition.getIdpEntityAlias());
         provider.setName("simplesamlphp for testzone1");
 
-
         provider = IntegrationTestUtils.createOrUpdateProvider(zoneAdminToken, baseUrl, provider);
 
         //we have to create two providers to avoid automatic redirect
@@ -1191,7 +1168,7 @@ void simpleSamlPhpLoginInTestZone1Works() {
         provider1.setConfig(samlIdentityProviderDefinition1);
         provider1.setOriginKey(samlIdentityProviderDefinition1.getIdpEntityAlias());
         provider1.setName("simplesamlphp 1 for testzone1");
-        provider1 = IntegrationTestUtils.createOrUpdateProvider(zoneAdminToken, baseUrl, provider1);
+        IntegrationTestUtils.createOrUpdateProvider(zoneAdminToken, baseUrl, provider1);
 
         assertThat(provider.getId()).isNotNull();
 
@@ -1287,7 +1264,7 @@ void loginSamlOnlyProviderNoUsernamePassword() throws Exception {
     }
 
     @Test
-    @Disabled("SAML test fails")
+    @Disabled("SAML test fails: Requires logout")
     void samlLoginClientIDPAuthorizationAutomaticRedirect() throws Exception {
         IdentityProvider<SamlIdentityProviderDefinition> provider = createIdentityProvider(SAML_ORIGIN);
         assertThat(provider.getConfig().getIdpEntityAlias()).isEqualTo(provider.getOriginKey());
@@ -1334,7 +1311,7 @@ void loginClientIDPAuthorizationAlreadyLoggedIn() {
     }
 
     @Test
-    @Disabled("SAML test fails")
+    @Disabled("SAML test fails: Requires logout")
     void springSamlEndpointsWithEmptyContext() throws IOException {
         CallEmpptyPageAndCheckHttpStatusCode("/saml/discovery", 200);
         CallEmpptyPageAndCheckHttpStatusCode("/saml/SingleLogout", 400);
@@ -1394,19 +1371,6 @@ private SamlIdentityProviderDefinition createIDPWithNoSLOSConfigured() {
         return def;
     }
 
-    private void logout() {
-        webDriver.findElement(By.cssSelector(".dropdown-trigger")).click();
-        webDriver.findElement(By.linkText("Sign Out")).click();
-    }
-
-    private void login(IdentityProvider<SamlIdentityProviderDefinition> provider) {
-        webDriver.get(baseUrl + "/login");
-        assertThat(webDriver.getTitle()).isEqualTo("Cloud Foundry");
-        webDriver.findElement(By.xpath("//a[text()='" + provider.getConfig().getLinkText() + "']")).click();
-        webDriver.findElement(By.xpath(SIMPLESAMLPHP_LOGIN_PROMPT_XPATH_EXPR));
-        sendCredentials(testAccounts.getUserName(), testAccounts.getPassword());
-    }
-
     private void sendCredentials(String username, String password, By loginButtonSelector) {
         webDriver.findElement(By.name("username")).clear();
         webDriver.findElement(By.name("username")).sendKeys(username);