Skip to content

Commit

Permalink
don't use client auth on http management port (#146)
Browse files Browse the repository at this point in the history
  • Loading branch information
@dasniko
dasniko committed Jun 3, 2024
1 parent 861ffe6 commit 317a2bc
Show file tree
Hide file tree
Showing 3 changed files with 1 addition and 6 deletions.
1 change: 1 addition & 0 deletions src/main/java/dasniko/testcontainers/keycloak/ExtendableKeycloakContainer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,7 @@ protected void configure() {
withEnv("KC_TRUSTSTORE_PATHS", String.join(",", truststorePaths));
}
withEnv("KC_HTTPS_CLIENT_AUTH", httpsClientAuth.toString());
withEnv("KC_HTTPS_MANAGEMENT_CLIENT_AUTH", HttpsClientAuth.NONE.toString());

withEnv("KC_METRICS_ENABLED", Boolean.toString(metricsEnabled));
withEnv("KC_HEALTH_ENABLED", Boolean.toString(Boolean.TRUE));
Expand Down
3 changes: 0 additions & 3 deletions src/test/java/dasniko/testcontainers/keycloak/KeycloakContainerHttpsLegacyTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
import org.junit.jupiter.api.Test;

import javax.net.ssl.SSLHandshakeException;
import java.time.Duration;

import static io.restassured.RestAssured.given;
import static org.hamcrest.MatcherAssert.assertThat;
Expand Down Expand Up @@ -46,7 +45,6 @@ public void shouldStartKeycloakWithMutualTlsRequiredWithMutualTls() {
try (KeycloakContainer keycloak = new KeycloakContainer()
.useTlsKeystore("keycloak.jks", "keycloak")
.useMutualTls("keycloak.jks", "keycloak", HttpsClientAuth.REQUIRED)
.waitingFor(KeycloakContainer.LOG_WAIT_STRATEGY.withStartupTimeout(Duration.ofMinutes(2))) // this is hopefully only a workaround until mgmt port does not require mutual tls
) {
keycloak.start();
checkMutualTls(keycloak, "keycloak.jks", "keycloak", "keycloak.jks", "keycloak");
Expand All @@ -58,7 +56,6 @@ public void shouldStartKeycloakWithMutualTlsRequiredWithoutMutualTls() {
try (KeycloakContainer keycloak = new KeycloakContainer()
.useTlsKeystore("keycloak.jks", "keycloak")
.useMutualTls("keycloak.jks", "keycloak", HttpsClientAuth.REQUIRED)
.waitingFor(KeycloakContainer.LOG_WAIT_STRATEGY.withStartupTimeout(Duration.ofMinutes(2))) // this is hopefully only a workaround until mgmt port does not require mutual tls
) {
keycloak.start();
assertThrows(SSLHandshakeException.class, () -> checkTls(keycloak, "keycloak.jks", "keycloak"));
Expand Down
3 changes: 0 additions & 3 deletions src/test/java/dasniko/testcontainers/keycloak/KeycloakContainerHttpsTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
import org.keycloak.admin.client.resource.ServerInfoResource;

import javax.net.ssl.SSLHandshakeException;
import java.time.Duration;
import java.util.List;

import static io.restassured.RestAssured.given;
Expand Down Expand Up @@ -96,7 +95,6 @@ public void shouldStartKeycloakWithMutualTlsRequiredWithMutualTls() {
.useTlsKeystore("keycloak.jks", "keycloak")
.withTrustedCertificates(List.of("keycloak.crt"))
.withHttpsClientAuth(HttpsClientAuth.REQUIRED)
.waitingFor(KeycloakContainer.LOG_WAIT_STRATEGY.withStartupTimeout(Duration.ofMinutes(2))) // this is hopefully only a workaround until mgmt port does not require mutual tls
) {
keycloak.start();
checkMutualTls(keycloak, "keycloak.jks", "keycloak", "keycloak.jks", "keycloak");
Expand All @@ -109,7 +107,6 @@ public void shouldStartKeycloakWithMutualTlsRequiredWithoutMutualTls() {
.useTlsKeystore("keycloak.jks", "keycloak")
.withTrustedCertificates(List.of("keycloak.crt"))
.withHttpsClientAuth(HttpsClientAuth.REQUIRED)
.waitingFor(KeycloakContainer.LOG_WAIT_STRATEGY.withStartupTimeout(Duration.ofMinutes(2))) // this is hopefully only a workaround until mgmt port does not require mutual tls
) {
keycloak.start();
assertThrows(SSLHandshakeException.class, () -> checkTls(keycloak, "keycloak.jks", "keycloak"));
Expand Down

0 comments on commit 317a2bc

Please sign in to comment.