From a9584b27287ada43c906beb277a1b7c33ceaa411 Mon Sep 17 00:00:00 2001 From: Filip Hanik Date: Mon, 22 Jan 2018 11:43:55 -0800 Subject: [PATCH] Add in ability to hard delete identity providers through manifest [#154004428] https://www.pivotaltracker.com/story/show/154004428 --- .../config/IdentityProviderBootstrap.java | 72 ++++- .../config/IdentityProviderBootstrapTest.java | 296 ++++++++++-------- .../main/webapp/WEB-INF/spring-servlet.xml | 1 + .../identity/uaa/login/BootstrapTests.java | 51 +-- ...IdentityProviderEndpointsMockMvcTests.java | 50 ++- .../test/bootstrap/all-properties-set.yml | 30 +- 6 files changed, 320 insertions(+), 180 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.java b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.java index 86a240ea53a..e27641d3cc2 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.java @@ -20,6 +20,7 @@ import java.util.List; import java.util.Map; +import org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.provider.AbstractIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition; @@ -39,17 +40,29 @@ import org.cloudfoundry.identity.uaa.util.UaaMapUtils; import org.cloudfoundry.identity.uaa.zone.IdentityZone; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.json.JSONException; import org.springframework.beans.factory.InitializingBean; +import org.springframework.context.ApplicationEventPublisher; +import org.springframework.context.ApplicationEventPublisherAware; +import org.springframework.context.ApplicationListener; +import org.springframework.context.event.ContextRefreshedEvent; import org.springframework.core.env.AbstractEnvironment; import org.springframework.core.env.Environment; import org.springframework.dao.EmptyResultDataAccessException; -import static org.cloudfoundry.identity.uaa.provider.LdapIdentityProviderDefinition.LDAP; +import static java.util.Collections.emptyList; +import static java.util.Optional.ofNullable; +import static org.cloudfoundry.identity.uaa.authentication.SystemAuthentication.SYSTEM_AUTHENTICATION; +import static org.cloudfoundry.identity.uaa.constants.OriginKeys.UAA; import static org.cloudfoundry.identity.uaa.provider.LdapIdentityProviderDefinition.LDAP_PROPERTY_NAMES; import static org.cloudfoundry.identity.uaa.provider.LdapIdentityProviderDefinition.LDAP_PROPERTY_TYPES; -public class IdentityProviderBootstrap implements InitializingBean { +public class IdentityProviderBootstrap + implements InitializingBean, ApplicationListener, ApplicationEventPublisherAware { + private static Log logger = LogFactory.getLog(IdentityProviderBootstrap.class); + private IdentityProviderProvisioning provisioning; private List providers = new LinkedList<>(); private BootstrapSamlIdentityProviderConfigurator configurator; @@ -61,6 +74,9 @@ public class IdentityProviderBootstrap implements InitializingBean { private LockoutPolicy defaultLockoutPolicy; private boolean disableInternalUserManagement; + private List originsToDelete = null; + private ApplicationEventPublisher publisher; + public IdentityProviderBootstrap(IdentityProviderProvisioning provisioning, Environment environment) { if (provisioning==null) { throw new NullPointerException("Constructor argument can't be null."); @@ -141,7 +157,7 @@ protected void addLdapProvider() { provider.setType(OriginKeys.LDAP); provider.setName("UAA LDAP Provider"); Map ldap = new HashMap<>(); - ldap.put(LDAP, ldapConfig); + ldap.put(LdapIdentityProviderDefinition.LDAP, ldapConfig); LdapIdentityProviderDefinition json = getLdapConfigAsDefinition(ldap); provider.setConfig(json); provider.setActive(ldapProfile && json.isConfigured()); @@ -200,6 +216,16 @@ protected void addKeystoneProvider() { } } + @Override + public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) { + this.publisher = applicationEventPublisher; + } + + @Override + public void onApplicationEvent(ContextRefreshedEvent event) { + deleteIdentityProviders(IdentityZone.getUaa().getId()); + } + @Override public void afterPropertiesSet() throws Exception { @@ -212,6 +238,10 @@ public void afterPropertiesSet() throws Exception { String zoneId = IdentityZone.getUaa().getId(); for (IdentityProvider provider: providers) { + if (getOriginsToDelete().contains(provider.getOriginKey())) { + //dont process origins slated for deletion + continue; + } IdentityProvider existing = null; try { existing = provisioning.retrieveByOrigin(provider.getOriginKey(), zoneId); @@ -231,20 +261,32 @@ public void afterPropertiesSet() throws Exception { updateDefaultZoneUaaIDP(); } - private void deactivateUnusedProviders(String zoneId) { - for (IdentityProvider provider: provisioning.retrieveAll(false, zoneId)) { - if (!OriginKeys.UAA.equals(provider.getType())) { - if (!isAmongProviders(provider.getOriginKey(), provider.getType())) { - provider.setActive(false); - provisioning.update(provider, zoneId); - } + private void deleteIdentityProviders(String zoneId) { + for (String origin : getOriginsToDelete()) { + if (!UAA.equals(origin) && !OriginKeys.LDAP.equals(origin)) { + try { + logger.debug("Attempting to deactivating identity provider:"+origin); + IdentityProvider provider = provisioning.retrieveByOrigin(origin, zoneId); + //delete provider + EntityDeletedEvent event = new EntityDeletedEvent<>(provider, SYSTEM_AUTHENTICATION); + if (this.publisher!=null) { + publisher.publishEvent(event); + logger.debug("Identity provider deactivated:"+origin); + } else { + logger.warn( + String.format("Unable to delete identity provider with origin '%s', no application publisher", + origin) + ); + } + + } catch (EmptyResultDataAccessException x) {} } } } protected void updateDefaultZoneUaaIDP() throws JSONException { String zoneId = IdentityZone.getUaa().getId(); - IdentityProvider internalIDP = provisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId()); + IdentityProvider internalIDP = provisioning.retrieveByOrigin(UAA, IdentityZone.getUaa().getId()); UaaIdentityProviderDefinition identityProviderDefinition = new UaaIdentityProviderDefinition(defaultPasswordPolicy, defaultLockoutPolicy, disableInternalUserManagement); internalIDP.setConfig(identityProviderDefinition); String disableInternalAuth = environment.getProperty("disableInternalAuth"); @@ -288,4 +330,12 @@ public void setDisableInternalUserManagement(boolean disableInternalUserManageme public void setOauthIdpDefinitions(Map oauthIdpDefintions) { this.oauthIdpDefintions = oauthIdpDefintions; } + + public void setOriginsToDelete(List originsToDelete) { + this.originsToDelete = originsToDelete; + } + + public List getOriginsToDelete() { + return ofNullable(originsToDelete).orElse(emptyList()); + } } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java index b8ccdc6fd64..00ad1284363 100755 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java @@ -23,6 +23,7 @@ import java.util.List; import java.util.Map; +import org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.impl.config.IdentityProviderBootstrap; import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition; @@ -46,8 +47,14 @@ import org.junit.After; import org.junit.Before; import org.junit.Test; +import org.mockito.ArgumentCaptor; +import org.springframework.context.ApplicationContext; +import org.springframework.context.ApplicationEventPublisher; +import org.springframework.context.event.ContextRefreshedEvent; +import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.mock.env.MockEnvironment; +import static java.util.stream.Collectors.toList; import static org.cloudfoundry.identity.uaa.constants.OriginKeys.KEYSTONE; import static org.cloudfoundry.identity.uaa.constants.OriginKeys.OAUTH20; import static org.cloudfoundry.identity.uaa.constants.OriginKeys.OIDC10; @@ -56,38 +63,85 @@ import static org.cloudfoundry.identity.uaa.provider.ExternalIdentityProviderDefinition.ATTRIBUTE_MAPPINGS; import static org.cloudfoundry.identity.uaa.provider.ExternalIdentityProviderDefinition.EXTERNAL_GROUPS_WHITELIST; import static org.cloudfoundry.identity.uaa.provider.ExternalIdentityProviderDefinition.STORE_CUSTOM_ATTRIBUTES_NAME; +import static org.hamcrest.Matchers.containsInAnyOrder; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertThat; import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.reset; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; public class IdentityProviderBootstrapTest extends JdbcTestBase { + private SamlIdentityProviderDefinition samlIdentityProviderDefinition; + private SamlIdentityProviderDefinition samlIdentityProviderDefinition1; + private BootstrapSamlIdentityProviderConfigurator configurator; + private ApplicationEventPublisher publisher; + private IdentityProviderProvisioning provisioning; + private IdentityProviderBootstrap bootstrap; + private MockEnvironment environment; + private AbstractXOAuthIdentityProviderDefinition oauthProvider; + private AbstractXOAuthIdentityProviderDefinition oidcProvider; + private HashMap oauthProviderConfig; + @After - @Before public void clearIdentityHolder() { IdentityZoneHolder.clear(); } + @Before + public void setup() throws Exception { + IdentityZoneHolder.clear(); + samlIdentityProviderDefinition = new SamlIdentityProviderDefinition(); + samlIdentityProviderDefinition.setAssertionConsumerIndex(0); + samlIdentityProviderDefinition.setIconUrl("iconUrl"); + samlIdentityProviderDefinition.setIdpEntityAlias("alias"); + samlIdentityProviderDefinition.setLinkText("text"); + samlIdentityProviderDefinition.setMetaDataLocation("http://location"); + samlIdentityProviderDefinition.setNameID("nameId"); + samlIdentityProviderDefinition.setShowSamlLink(true); + samlIdentityProviderDefinition.setMetadataTrustCheck(true); + samlIdentityProviderDefinition1 = samlIdentityProviderDefinition.clone( + + ); + samlIdentityProviderDefinition.setIdpEntityAlias("alias2"); + samlIdentityProviderDefinition.setMetaDataLocation("http://location2"); + + oauthProvider = new RawXOAuthIdentityProviderDefinition(); + setCommonProperties(oauthProvider); + oidcProvider = new OIDCIdentityProviderDefinition(); + setCommonProperties(oidcProvider); + + oauthProviderConfig = new HashMap<>(); + oauthProviderConfig.put(OAUTH20, oauthProvider); + oauthProviderConfig.put(OIDC10, oidcProvider); + + + configurator = mock(BootstrapSamlIdentityProviderConfigurator.class); + publisher = mock(ApplicationEventPublisher.class); + provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); + environment = new MockEnvironment(); + bootstrap = new IdentityProviderBootstrap(provisioning, environment); + bootstrap.setApplicationEventPublisher(publisher); + + } + @Test public void testUpgradeLDAPProvider() throws Exception { String insertSQL = "INSERT INTO identity_provider (id,identity_zone_id,name,origin_key,type,config)VALUES ('ldap','uaa','ldap','ldap2','ldap','{\"ldapdebug\":\"Test debug\",\"profile\":{\"file\":\"ldap/ldap-search-and-bind.xml\"},\"base\":{\"url\":\"ldap://localhost:389/\",\"userDn\":\"cn=admin,dc=test,dc=com\",\"password\":\"password\",\"searchBase\":\"dc=test,dc=com\",\"searchFilter\":\"cn={0}\",\"referral\":\"follow\"},\"groups\":{\"file\":\"ldap/ldap-groups-map-to-scopes.xml\",\"searchBase\":\"dc=test,dc=com\",\"groupSearchFilter\":\"member={0}\",\"searchSubtree\":true,\"maxSearchDepth\":10,\"autoAdd\":true,\"ignorePartialResultException\":true}}')"; jdbcTemplate.update(insertSQL); - IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); - IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, environment); bootstrap.afterPropertiesSet(); } @Test public void testLdapProfileBootstrap() throws Exception { - MockEnvironment environment = new MockEnvironment(); environment.setActiveProfiles(OriginKeys.LDAP); - IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); - IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, environment); bootstrap.afterPropertiesSet(); IdentityProvider ldapProvider = provisioning.retrieveByOrigin(OriginKeys.LDAP, IdentityZoneHolder.get().getId()); @@ -102,8 +156,6 @@ public void testLdapProfileBootstrap() throws Exception { @Test public void testLdapBootstrap() throws Exception { - IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); - IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, new MockEnvironment()); HashMap ldapConfig = new HashMap<>(); ldapConfig.put(EMAIL_DOMAIN_ATTR, Arrays.asList("test.domain")); @@ -134,11 +186,8 @@ public void testLdapBootstrap() throws Exception { } @Test - public void testRemovedLdapBootstrapIsInactive() throws Exception { - IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); - MockEnvironment env = new MockEnvironment(); - env.setActiveProfiles(OriginKeys.LDAP); - IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, env); + public void testRemovedLdapBootstrapRemainsActive() throws Exception { + environment.setActiveProfiles(OriginKeys.LDAP); HashMap ldapConfig = new HashMap<>(); ldapConfig.put("base.url","ldap://localhost:389/"); bootstrap.setLdapConfig(ldapConfig); @@ -168,14 +217,20 @@ public void testRemovedLdapBootstrapIsInactive() throws Exception { assertNotNull(ldapProvider.getLastModified()); assertEquals(OriginKeys.LDAP, ldapProvider.getType()); assertTrue(ldapProvider.isActive()); + + environment.setActiveProfiles("default"); + bootstrap.afterPropertiesSet(); + ldapProvider = provisioning.retrieveByOrigin(OriginKeys.LDAP, IdentityZoneHolder.get().getId()); + assertNotNull(ldapProvider); + assertNotNull(ldapProvider.getCreated()); + assertNotNull(ldapProvider.getLastModified()); + assertEquals(OriginKeys.LDAP, ldapProvider.getType()); + assertFalse(ldapProvider.isActive()); } @Test public void testKeystoneProfileBootstrap() throws Exception { - MockEnvironment environment = new MockEnvironment(); environment.setActiveProfiles(KEYSTONE); - IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); - IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, environment); bootstrap.afterPropertiesSet(); IdentityProvider keystoneProvider = provisioning.retrieveByOrigin(KEYSTONE, IdentityZoneHolder.get().getId()); @@ -190,8 +245,6 @@ public void testKeystoneProfileBootstrap() throws Exception { @Test public void testKeystoneBootstrap() throws Exception { - IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); - IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, new MockEnvironment()); HashMap keystoneConfig = new HashMap<>(); keystoneConfig.put("testkey", "testvalue"); bootstrap.setKeystoneConfig(keystoneConfig); @@ -207,10 +260,7 @@ public void testKeystoneBootstrap() throws Exception { @Test public void testRemovedKeystoneBootstrapIsInactive() throws Exception { - MockEnvironment env = new MockEnvironment(); - env.setActiveProfiles(KEYSTONE); - IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); - IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, env); + environment.setActiveProfiles(KEYSTONE); HashMap keystoneConfig = new HashMap<>(); keystoneConfig.put("testkey", "testvalue"); bootstrap.setKeystoneConfig(keystoneConfig); @@ -246,25 +296,29 @@ public void testRemovedKeystoneBootstrapIsInactive() throws Exception { @Test - public void test_oauth_and_oidc_provider() throws Exception { - AbstractXOAuthIdentityProviderDefinition oauthProvider = new RawXOAuthIdentityProviderDefinition(); - setCommonProperties(oauthProvider); - AbstractXOAuthIdentityProviderDefinition oidcProvider = new OIDCIdentityProviderDefinition(); - setCommonProperties(oidcProvider); - oidcProvider.setResponseType("code id_token"); - IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); + public void test_oauth_and_oidc_provider_deletion() throws Exception { + bootstrap.setOauthIdpDefinitions(oauthProviderConfig); + bootstrap.setOriginsToDelete(new LinkedList(oauthProviderConfig.keySet())); + bootstrap.afterPropertiesSet(); + for (Map.Entry provider : oauthProviderConfig.entrySet()) { + try { + provisioning.retrieveByOrigin(provider.getKey(), IdentityZoneHolder.get().getId()); + fail(String.format("Provider '%s' should not exist.", provider.getKey())); + } catch (EmptyResultDataAccessException e) { + } - IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, new MockEnvironment()); - HashMap oauthProviderConfig = new HashMap<>(); - oauthProviderConfig.put(OAUTH20, oauthProvider); - oauthProviderConfig.put(OIDC10, oidcProvider); + } + } + @Test + public void test_oauth_and_oidc_provider_activation() throws Exception { bootstrap.setOauthIdpDefinitions(oauthProviderConfig); + oidcProvider.setResponseType("code id_token"); bootstrap.afterPropertiesSet(); for (Map.Entry provider : oauthProviderConfig.entrySet()) { IdentityProvider bootstrapOauthProvider = provisioning.retrieveByOrigin(provider.getKey(), IdentityZoneHolder.get().getId()); assertNotNull(bootstrapOauthProvider); - assertThat(oauthProviderConfig.values(), PredicateMatcher.has(c -> c.equals(bootstrapOauthProvider.getConfig()))); + assertThat(oauthProviderConfig.values(), PredicateMatcher.has(c -> c.equals(bootstrapOauthProvider.getConfig()))); assertNotNull(bootstrapOauthProvider.getCreated()); assertNotNull(bootstrapOauthProvider.getLastModified()); assertEquals(provider.getKey(), bootstrapOauthProvider.getType()); @@ -283,32 +337,24 @@ public void test_oauth_and_oidc_provider() throws Exception { for (Map.Entry provider : oauthProviderConfig.entrySet()) { IdentityProvider bootstrapOauthProvider = provisioning.retrieveByOrigin(provider.getKey(), IdentityZoneHolder.get().getId()); assertNotNull(bootstrapOauthProvider); - assertThat(oauthProviderConfig.values(), PredicateMatcher.has(c -> c.equals(bootstrapOauthProvider.getConfig()))); + assertThat(oauthProviderConfig.values(), PredicateMatcher.has(c -> c.equals(bootstrapOauthProvider.getConfig()))); assertNotNull(bootstrapOauthProvider.getCreated()); assertNotNull(bootstrapOauthProvider.getLastModified()); assertEquals(provider.getKey(), bootstrapOauthProvider.getType()); assertTrue(bootstrapOauthProvider.isActive()); } + } @Test(expected = IllegalArgumentException.class) public void bootstrap_failsIf_samlAndOauth_haveTheSameAlias() throws Exception { - AbstractXOAuthIdentityProviderDefinition oauthProvider = setCommonProperties(new RawXOAuthIdentityProviderDefinition()); - IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); - IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, new MockEnvironment()); - HashMap oauthProviderConfig = new HashMap<>(); + oauthProviderConfig.clear(); oauthProviderConfig.put("same-alias", oauthProvider); - SamlIdentityProviderDefinition definition = new SamlIdentityProviderDefinition(); - definition.setIdpEntityAlias("same-alias"); - definition.setLinkText("text"); - definition.setMetaDataLocation("http://location"); - definition.setNameID("nameId"); - definition.setShowSamlLink(true); - definition.setMetadataTrustCheck(true); + samlIdentityProviderDefinition.setIdpEntityAlias("same-alias"); - BootstrapSamlIdentityProviderConfigurator configurator = mock(BootstrapSamlIdentityProviderConfigurator.class); - when(configurator.getIdentityProviderDefinitions()).thenReturn(Arrays.asList(definition)); + reset(configurator); + when(configurator.getIdentityProviderDefinitions()).thenReturn(Arrays.asList(samlIdentityProviderDefinition)); bootstrap.setOauthIdpDefinitions(oauthProviderConfig); bootstrap.setSamlProviders(configurator); @@ -329,121 +375,115 @@ protected AbstractXOAuthIdentityProviderDefinition setCommonProperties(AbstractX @Test public void testSamlBootstrap() throws Exception { - SamlIdentityProviderDefinition definition = new SamlIdentityProviderDefinition(); - definition.setAssertionConsumerIndex(0); - definition.setIconUrl("iconUrl"); - definition.setIdpEntityAlias("alias"); - definition.setLinkText("text"); - definition.setMetaDataLocation("http://location"); - definition.setNameID("nameId"); - definition.setShowSamlLink(true); - definition.setMetadataTrustCheck(true); - definition.setEmailDomain(Arrays.asList("test.domain")); - List externalGroupsWhitelist = new ArrayList<>(); - externalGroupsWhitelist.add("value1"); - externalGroupsWhitelist.add("value2"); - definition.setExternalGroupsWhitelist(externalGroupsWhitelist); - - Map attributeMappings = new HashMap<>(); - attributeMappings.put("given_name", "first_name"); - definition.setAttributeMappings(attributeMappings); - - BootstrapSamlIdentityProviderConfigurator configurator = mock(BootstrapSamlIdentityProviderConfigurator.class); - when(configurator.getIdentityProviderDefinitions()).thenReturn(Arrays.asList(definition)); - - IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); - IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, new MockEnvironment()); bootstrap.setSamlProviders(configurator); + reset(configurator); + when(configurator.getIdentityProviderDefinitions()).thenReturn(Arrays.asList(samlIdentityProviderDefinition)); + bootstrap.afterPropertiesSet(); - IdentityProvider samlProvider = provisioning.retrieveByOrigin(definition.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); + IdentityProvider samlProvider = provisioning.retrieveByOrigin(samlIdentityProviderDefinition.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); assertNotNull(samlProvider); - definition.setZoneId(IdentityZoneHolder.get().getId()); - assertEquals(definition, samlProvider.getConfig()); + samlIdentityProviderDefinition.setZoneId(IdentityZoneHolder.get().getId()); + assertEquals(samlIdentityProviderDefinition, samlProvider.getConfig()); assertNotNull(samlProvider.getCreated()); assertNotNull(samlProvider.getLastModified()); assertEquals(OriginKeys.SAML, samlProvider.getType()); } + @Test + public void test_providers_deleted_and_not_created() throws Exception { + when(configurator.getIdentityProviderDefinitions()).thenReturn(Arrays.asList(samlIdentityProviderDefinition, samlIdentityProviderDefinition1)); + List originsToDelete = Arrays.asList( + samlIdentityProviderDefinition.getIdpEntityAlias(), + OIDC10 + ); + + bootstrap.setSamlProviders(configurator); + bootstrap.setOauthIdpDefinitions(oauthProviderConfig); + bootstrap.afterPropertiesSet(); + ContextRefreshedEvent event = new ContextRefreshedEvent(mock(ApplicationContext.class)); + bootstrap.onApplicationEvent(event); + bootstrap.setOriginsToDelete(originsToDelete); + bootstrap.afterPropertiesSet(); + bootstrap.onApplicationEvent(event); + + ArgumentCaptor> captor = ArgumentCaptor.forClass(EntityDeletedEvent.class); + verify(publisher, times(2)).publishEvent(captor.capture()); + assertThat( + captor + .getAllValues() + .stream() + .map( + p -> p.getDeleted().getOriginKey() + ).collect(toList() + ), + containsInAnyOrder(originsToDelete.toArray()) + ); + } + @Test public void test_saml_provider_not_deactivated() throws Exception { - SamlIdentityProviderDefinition definition = new SamlIdentityProviderDefinition(); - definition.setAssertionConsumerIndex(0); - definition.setIconUrl("iconUrl"); - definition.setIdpEntityAlias("alias"); - definition.setLinkText("text"); - definition.setMetaDataLocation("http://location"); - definition.setNameID("nameId"); - definition.setShowSamlLink(true); - definition.setMetadataTrustCheck(true); - - SamlIdentityProviderDefinition definition2 = definition.clone(); - definition.setIdpEntityAlias("alias2"); - definition.setMetaDataLocation("http://location2"); - - BootstrapSamlIdentityProviderConfigurator configurator = mock(BootstrapSamlIdentityProviderConfigurator.class); - when(configurator.getIdentityProviderDefinitions()).thenReturn(Arrays.asList(definition, definition2)); - - IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); - IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, new MockEnvironment()); + when(configurator.getIdentityProviderDefinitions()).thenReturn(Arrays.asList(samlIdentityProviderDefinition, samlIdentityProviderDefinition1)); + bootstrap.setSamlProviders(configurator); + bootstrap.afterPropertiesSet(); - IdentityProvider samlProvider = provisioning.retrieveByOrigin(definition.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); + IdentityProvider samlProvider = provisioning.retrieveByOrigin(samlIdentityProviderDefinition.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); assertNotNull(samlProvider); - definition.setZoneId(IdentityZoneHolder.get().getId()); - assertEquals(definition, samlProvider.getConfig()); + samlIdentityProviderDefinition.setZoneId(IdentityZoneHolder.get().getId()); + assertEquals(samlIdentityProviderDefinition, samlProvider.getConfig()); assertNotNull(samlProvider.getCreated()); assertNotNull(samlProvider.getLastModified()); assertEquals(OriginKeys.SAML, samlProvider.getType()); assertTrue(samlProvider.isActive()); - IdentityProvider samlProvider2 = provisioning.retrieveByOrigin(definition2.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); + IdentityProvider samlProvider2 = provisioning.retrieveByOrigin(samlIdentityProviderDefinition1.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); assertNotNull(samlProvider2); - definition2.setZoneId(IdentityZoneHolder.get().getId()); - assertEquals(definition2, samlProvider2.getConfig()); + samlIdentityProviderDefinition1.setZoneId(IdentityZoneHolder.get().getId()); + assertEquals(samlIdentityProviderDefinition1, samlProvider2.getConfig()); assertNotNull(samlProvider2.getCreated()); assertNotNull(samlProvider2.getLastModified()); assertEquals(OriginKeys.SAML, samlProvider2.getType()); assertTrue(samlProvider2.isActive()); configurator = mock(BootstrapSamlIdentityProviderConfigurator.class); - when(configurator.getIdentityProviderDefinitions()).thenReturn(Arrays.asList(definition)); + when(configurator.getIdentityProviderDefinitions()).thenReturn(Arrays.asList(samlIdentityProviderDefinition)); bootstrap.setSamlProviders(configurator); bootstrap.afterPropertiesSet(); - samlProvider = provisioning.retrieveByOrigin(definition.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); + samlProvider = provisioning.retrieveByOrigin(samlIdentityProviderDefinition.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); assertNotNull(samlProvider); - assertEquals(definition, samlProvider.getConfig()); + assertEquals(samlIdentityProviderDefinition, samlProvider.getConfig()); assertNotNull(samlProvider.getCreated()); assertNotNull(samlProvider.getLastModified()); assertEquals(OriginKeys.SAML, samlProvider.getType()); assertTrue(samlProvider.isActive()); - samlProvider2 = provisioning.retrieveByOrigin(definition2.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); + samlProvider2 = provisioning.retrieveByOrigin(samlIdentityProviderDefinition1.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); assertNotNull(samlProvider2); - assertEquals(definition2, samlProvider2.getConfig()); + assertEquals(samlIdentityProviderDefinition1, samlProvider2.getConfig()); assertNotNull(samlProvider2.getCreated()); assertNotNull(samlProvider2.getLastModified()); assertEquals(OriginKeys.SAML, samlProvider2.getType()); assertTrue(samlProvider2.isActive()); configurator = mock(BootstrapSamlIdentityProviderConfigurator.class); - when(configurator.getIdentityProviderDefinitions()).thenReturn(Arrays.asList(definition2)); + when(configurator.getIdentityProviderDefinitions()).thenReturn(Arrays.asList(samlIdentityProviderDefinition1)); bootstrap.setSamlProviders(configurator); bootstrap.afterPropertiesSet(); - samlProvider = provisioning.retrieveByOrigin(definition.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); + samlProvider = provisioning.retrieveByOrigin(samlIdentityProviderDefinition.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); assertNotNull(samlProvider); - assertEquals(definition, samlProvider.getConfig()); + assertEquals(samlIdentityProviderDefinition, samlProvider.getConfig()); assertNotNull(samlProvider.getCreated()); assertNotNull(samlProvider.getLastModified()); assertEquals(OriginKeys.SAML, samlProvider.getType()); assertTrue(samlProvider.isActive()); - samlProvider2 = provisioning.retrieveByOrigin(definition2.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); + samlProvider2 = provisioning.retrieveByOrigin(samlIdentityProviderDefinition1.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); assertNotNull(samlProvider2); - assertEquals(definition2, samlProvider2.getConfig()); + assertEquals(samlIdentityProviderDefinition1, samlProvider2.getConfig()); assertNotNull(samlProvider2.getCreated()); assertNotNull(samlProvider2.getLastModified()); assertEquals(OriginKeys.SAML, samlProvider2.getType()); @@ -454,43 +494,42 @@ public void test_saml_provider_not_deactivated() throws Exception { bootstrap.setSamlProviders(configurator); bootstrap.afterPropertiesSet(); - samlProvider = provisioning.retrieveByOrigin(definition.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); + samlProvider = provisioning.retrieveByOrigin(samlIdentityProviderDefinition.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); assertNotNull(samlProvider); - assertEquals(definition, samlProvider.getConfig()); + assertEquals(samlIdentityProviderDefinition, samlProvider.getConfig()); assertNotNull(samlProvider.getCreated()); assertNotNull(samlProvider.getLastModified()); assertEquals(OriginKeys.SAML, samlProvider.getType()); assertTrue(samlProvider.isActive()); - samlProvider2 = provisioning.retrieveByOrigin(definition2.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); + samlProvider2 = provisioning.retrieveByOrigin(samlIdentityProviderDefinition1.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); assertNotNull(samlProvider2); - assertEquals(definition2, samlProvider2.getConfig()); + assertEquals(samlIdentityProviderDefinition1, samlProvider2.getConfig()); assertNotNull(samlProvider2.getCreated()); assertNotNull(samlProvider2.getLastModified()); assertEquals(OriginKeys.SAML, samlProvider2.getType()); assertTrue(samlProvider2.isActive()); configurator = mock(BootstrapSamlIdentityProviderConfigurator.class); - when(configurator.getIdentityProviderDefinitions()).thenReturn(Arrays.asList(definition2,definition)); + when(configurator.getIdentityProviderDefinitions()).thenReturn(Arrays.asList(samlIdentityProviderDefinition1, samlIdentityProviderDefinition)); bootstrap.setSamlProviders(configurator); bootstrap.afterPropertiesSet(); - samlProvider = provisioning.retrieveByOrigin(definition.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); + samlProvider = provisioning.retrieveByOrigin(samlIdentityProviderDefinition.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); assertNotNull(samlProvider); - assertEquals(definition, samlProvider.getConfig()); + assertEquals(samlIdentityProviderDefinition, samlProvider.getConfig()); assertNotNull(samlProvider.getCreated()); assertNotNull(samlProvider.getLastModified()); assertEquals(OriginKeys.SAML, samlProvider.getType()); assertTrue(samlProvider.isActive()); - samlProvider2 = provisioning.retrieveByOrigin(definition2.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); + samlProvider2 = provisioning.retrieveByOrigin(samlIdentityProviderDefinition1.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); assertNotNull(samlProvider2); - assertEquals(definition2, samlProvider2.getConfig()); + assertEquals(samlIdentityProviderDefinition1, samlProvider2.getConfig()); assertNotNull(samlProvider2.getCreated()); assertNotNull(samlProvider2.getLastModified()); assertEquals(OriginKeys.SAML, samlProvider2.getType()); assertTrue(samlProvider2.isActive()); - } @Test @@ -509,13 +548,7 @@ public void setInternalUserManagementNotSet() throws Exception { } private void setDisableInternalUserManagement(String expectedValue) throws Exception { - IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); - - MockEnvironment mock = new MockEnvironment(); - - IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, mock); bootstrap.setDisableInternalUserManagement(Boolean.valueOf(expectedValue)); - bootstrap.afterPropertiesSet(); IdentityProvider internalIDP = provisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId()); @@ -527,8 +560,6 @@ private void setDisableInternalUserManagement(String expectedValue) throws Excep @Test public void setPasswordPolicyToInternalIDP() throws Exception { - IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); - IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, new MockEnvironment()); bootstrap.setDefaultPasswordPolicy(new PasswordPolicy(123, 4567, 1, 0, 1, 0, 6)); bootstrap.afterPropertiesSet(); @@ -545,8 +576,6 @@ public void setPasswordPolicyToInternalIDP() throws Exception { @Test public void setLockoutPolicyToInternalIDP() throws Exception { - IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); - IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, new MockEnvironment()); LockoutPolicy lockoutPolicy = new LockoutPolicy(); lockoutPolicy.setLockoutPeriodSeconds(123); lockoutPolicy.setLockoutAfterFailures(3); @@ -564,10 +593,7 @@ public void setLockoutPolicyToInternalIDP() throws Exception { @Test public void deactivate_and_activate_InternalIDP() throws Exception { - MockEnvironment environment = new MockEnvironment(); environment.setProperty("disableInternalAuth", "true"); - IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); - IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, environment); bootstrap.afterPropertiesSet(); IdentityProvider internalIdp = provisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId()); @@ -582,11 +608,7 @@ public void deactivate_and_activate_InternalIDP() throws Exception { @Test public void defaultActiveFlagOnInternalIDP() throws Exception { - MockEnvironment environment = new MockEnvironment(); - IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); - IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, environment); bootstrap.afterPropertiesSet(); - IdentityProvider internalIdp = provisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId()); assertTrue(internalIdp.isActive()); } diff --git a/uaa/src/main/webapp/WEB-INF/spring-servlet.xml b/uaa/src/main/webapp/WEB-INF/spring-servlet.xml index 224cfb1d547..be644f8a7e8 100755 --- a/uaa/src/main/webapp/WEB-INF/spring-servlet.xml +++ b/uaa/src/main/webapp/WEB-INF/spring-servlet.xml @@ -521,6 +521,7 @@ + diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java index c4e2835fcaa..45949a3b4d1 100755 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java @@ -12,7 +12,23 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.login; -import org.apache.tomcat.jdbc.pool.DataSource; +import javax.servlet.RequestDispatcher; +import java.io.File; +import java.io.IOException; +import java.lang.reflect.Field; +import java.net.URL; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.EventListener; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Properties; +import java.util.Scanner; +import java.util.Set; +import java.util.stream.Collectors; + import org.cloudfoundry.identity.uaa.account.ResetPasswordController; import org.cloudfoundry.identity.uaa.authentication.manager.AuthzAuthenticationManager; import org.cloudfoundry.identity.uaa.authentication.manager.PeriodLockoutPolicy; @@ -75,6 +91,8 @@ import org.cloudfoundry.identity.uaa.zone.Links; import org.cloudfoundry.identity.uaa.zone.SamlConfig; import org.cloudfoundry.identity.uaa.zone.TokenPolicy; + +import org.apache.tomcat.jdbc.pool.DataSource; import org.flywaydb.core.Flyway; import org.junit.After; import org.junit.AfterClass; @@ -90,6 +108,7 @@ import org.springframework.beans.factory.xml.XmlBeanDefinitionReader; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.core.env.Environment; +import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.http.HttpMethod; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.mail.javamail.JavaMailSenderImpl; @@ -109,23 +128,6 @@ import org.springframework.web.context.support.AbstractRefreshableWebApplicationContext; import org.springframework.web.servlet.ViewResolver; -import javax.servlet.RequestDispatcher; -import java.io.File; -import java.io.IOException; -import java.lang.reflect.Field; -import java.net.URL; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.EventListener; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Properties; -import java.util.Scanner; -import java.util.Set; -import java.util.stream.Collectors; - import static org.cloudfoundry.identity.uaa.constants.OriginKeys.OAUTH20; import static org.cloudfoundry.identity.uaa.constants.OriginKeys.OIDC10; import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.TokenFormat.JWT; @@ -147,6 +149,7 @@ import static org.junit.Assert.assertSame; import static org.junit.Assert.assertThat; import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; import static org.springframework.http.HttpHeaders.ACCEPT; import static org.springframework.http.HttpHeaders.ACCEPT_LANGUAGE; import static org.springframework.http.HttpHeaders.AUTHORIZATION; @@ -762,6 +765,14 @@ public void all_properties_set() throws Exception { assertTrue(defaultOauthProvider.getConfig().isStoreCustomAttributes()); assertFalse(defaultOauthProvider.getConfig().isSkipSslValidation()); + List deletedIdps = Arrays.asList("delete-discovery-provider", "delete.local"); + for (String deleteOrigin : deletedIdps) { + try { + idpProvisioning.retrieveByOrigin(deleteOrigin, IdentityZone.getUaa().getId()); + fail("The identity provider '" + deleteOrigin + "' should have been deleted"); + } catch (EmptyResultDataAccessException e) {} + } + IdentityZoneResolvingFilter filter = context.getBean(IdentityZoneResolvingFilter.class); assertThat(filter.getDefaultZoneHostnames(), containsInAnyOrder(uaa, login, "localhost", "host1.domain.com", "host2", "test3.localhost", "test4.localhost")); DataSource ds = context.getBean(DataSource.class); @@ -857,7 +868,9 @@ public void all_properties_set() throws Exception { assertTrue(samlProviders.getIdentityProviderDefinitions().size() >= 4); //verify that they got loaded in the DB for (SamlIdentityProviderDefinition def : samlProviders.getIdentityProviderDefinitions()) { - assertNotNull(providerProvisioning.retrieveByOrigin(def.getIdpEntityAlias(), IdentityZone.getUaa().getId())); + if (!deletedIdps.contains(def.getIdpEntityAlias())) { + assertNotNull(providerProvisioning.retrieveByOrigin(def.getIdpEntityAlias(), IdentityZone.getUaa().getId())); + } } assertEquals(3600, context.getBean("webSSOprofileConsumer", WebSSOProfileConsumerImpl.class).getMaxAuthenticationAge()); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsMockMvcTests.java index 9641e88369d..da5cef70fd0 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsMockMvcTests.java @@ -12,10 +12,18 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.mock.providers; -import com.fasterxml.jackson.core.type.TypeReference; -import org.apache.commons.lang.RandomStringUtils; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Date; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + import org.cloudfoundry.identity.uaa.audit.AuditEventType; import org.cloudfoundry.identity.uaa.constants.OriginKeys; +import org.cloudfoundry.identity.uaa.impl.config.IdentityProviderBootstrap; import org.cloudfoundry.identity.uaa.mock.InjectedMockContextTest; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition; @@ -35,9 +43,14 @@ import org.cloudfoundry.identity.uaa.zone.IdentityZoneSwitchingFilter; import org.cloudfoundry.identity.uaa.zone.MultitenancyFixture; import org.cloudfoundry.identity.uaa.zone.event.IdentityProviderModifiedEvent; + +import com.fasterxml.jackson.core.type.TypeReference; +import org.apache.commons.lang.RandomStringUtils; import org.junit.After; import org.junit.Before; import org.junit.Test; +import org.springframework.context.event.ContextRefreshedEvent; +import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import org.springframework.security.oauth2.provider.client.BaseClientDetails; @@ -46,15 +59,6 @@ import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder; import org.springframework.util.StringUtils; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Date; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - import static org.cloudfoundry.identity.uaa.provider.ExternalIdentityProviderDefinition.USER_NAME_ATTRIBUTE_NAME; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.not; @@ -63,6 +67,7 @@ import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertThat; import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; import static org.springframework.http.MediaType.APPLICATION_JSON; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; @@ -109,6 +114,25 @@ public void clearUaaConfig() throws Exception { mockMvcUtils.removeEventListener(getWebApplicationContext(), eventListener); } + @Test + public void test_delete_through_event() throws Exception { + String accessToken = setUpAccessToken(); + IdentityProvider idp = createAndUpdateIdentityProvider(accessToken, null); + String origin = idp.getOriginKey(); + IdentityProviderBootstrap bootstrap = getWebApplicationContext().getBean(IdentityProviderBootstrap.class); + assertNotNull(identityProviderProvisioning.retrieveByOrigin(origin, IdentityZone.getUaa().getId() )); + try { + bootstrap.setOriginsToDelete(Arrays.asList(origin)); + bootstrap.onApplicationEvent(new ContextRefreshedEvent(getWebApplicationContext())); + } finally { + bootstrap.setOriginsToDelete(null); + } + try { + identityProviderProvisioning.retrieveByOrigin(origin, IdentityZone.getUaa().getId() ); + fail("Identity provider should have been deleted"); + } catch (EmptyResultDataAccessException e) {} + } + @Test public void testCreateAndUpdateIdentityProvider() throws Exception { String accessToken = setUpAccessToken(); @@ -250,7 +274,7 @@ private void testRetrieveIdps(boolean retrieveActive) throws Exception { } } - private void createAndUpdateIdentityProvider(String accessToken, String zoneId) throws Exception { + private IdentityProvider createAndUpdateIdentityProvider(String accessToken, String zoneId) throws Exception { IdentityProvider identityProvider = MultitenancyFixture.identityProvider("testorigin", IdentityZone.getUaa().getId()); // create // check response @@ -286,6 +310,8 @@ private void createAndUpdateIdentityProvider(String accessToken, String zoneId) assertEquals(2, eventListener.getEventCount()); event = eventListener.getLatestEvent(); assertEquals(AuditEventType.IdentityProviderModifiedEvent, event.getAuditEvent().getType()); + + return identityProvider; } @Test diff --git a/uaa/src/test/resources/test/bootstrap/all-properties-set.yml b/uaa/src/test/resources/test/bootstrap/all-properties-set.yml index 4ded1c9d0e3..87907df9da5 100644 --- a/uaa/src/test/resources/test/bootstrap/all-properties-set.yml +++ b/uaa/src/test/resources/test/bootstrap/all-properties-set.yml @@ -53,13 +53,16 @@ database: delete: expirationRunTime: 3000 + identityProviders: + - delete-discovery-provider + - delete.local clients: - client-should-not-exist-1 - client-should-not-exist-2 - users: - delete-user-1 - delete-user-2 + disableInternalAuth: true disableInternalUserManagement: true issuer: @@ -189,6 +192,12 @@ login: relyingPartySecret: secret showLinkText: true type: oidc1.0 + delete-discovery-provider: + discoveryUrl: https://accounts.google.com/.well-known/openid-configuration + relyingPartyId: uaa + relyingPartySecret: secret + showLinkText: true + type: oidc1.0 mfa: providers: mfaprovider1: @@ -413,6 +422,25 @@ login: nameID: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent showSamlLoginLink: true skipSslValidation: true + delete.local: + assertionConsumerIndex: 0 + idpMetadata: | + MIICmTCCAgKgAwIBAgIGAUPATqmEMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEG + A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU + MBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB1Bpdm90YWwxHDAaBgkqhkiG9w0BCQEWDWlu + Zm9Ab2t0YS5jb20wHhcNMTQwMTIzMTgxMjM3WhcNNDQwMTIzMTgxMzM3WjCBjzELMAkGA1UEBhMC + VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM + BE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdQaXZvdGFsMRwwGgYJKoZIhvcN + AQkBFg1pbmZvQG9rdGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeil67/TLOiTZU + WWgW2XEGgFZ94bVO90v5J1XmcHMwL8v5Z/8qjdZLpGdwI7Ph0CyXMMNklpaR/Ljb8fsls3amdT5O + Bw92Zo8ulcpjw2wuezTwL0eC0wY/GQDAZiXL59npE6U+fH1lbJIq92hx0HJSru/0O1q3+A/+jjZL + 3tL/SwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAI5BoWZoH6Mz9vhypZPOJCEKa/K+biZQsA4Zqsuk + vvphhSERhqk/Nv76Vkl8uvJwwHbQrR9KJx4L3PRkGCG24rix71jEuXVGZUsDNM3CUKnARx4MEab6 + GFHNkZ6DmoT/PFagngecHu+EwmuDtaG0rEkFrARwe+d8Ru0BN558abFburn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + linkText: This one will be deleted + nameID: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + showSamlLoginLink: true + skipSslValidation: true signatureAlgorithm: SHA256 wantAssertionSigned: false disableInResponseToCheck: true