[CI] OpenIdConnectRealmTests testBuildingAuthenticationRequest failing #86291

bpintea · 2022-04-29T10:34:04Z

Build scan:
https://gradle-enterprise.elastic.co/s/s7fof6ot7om2e/tests/:x-pack:plugin:security:test/org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectRealmTests/testBuildingAuthenticationRequest

Reproduction line:
./gradlew ':x-pack:plugin:security:test' --tests "org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectRealmTests.testBuildingAuthenticationRequest" -Dtests.seed=87001F4B4DB8EE88 -Dtests.locale=ko -Dtests.timezone=America/Guyana -Druntime.java=19

Applicable branches:
master

Reproduces locally?:
Didn't try

Failure history:
https://gradle-enterprise.elastic.co/scans/tests?tests.container=org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectRealmTests&tests.test=testBuildingAuthenticationRequest

Failure excerpt:

java.lang.AssertionError: 
Expected: "https://op.example.com/login?scope=openid+scope1+scope2&response_type=code&redirect_uri=https%3A%2F%2Frp.my.com%2Fcb&state=wVKBmO4der29qj-MXnRAEt6WuB_KBdPxxUq-gXxrMGA&nonce=agcl7gdEy7xhtjvHUuBdTmYYxb3qftlfszK55B32O_I&client_id=rp-my"
     but: was "https://op.example.com/login?response_type=code&redirect_uri=https%3A%2F%2Frp.my.com%2Fcb&state=wVKBmO4der29qj-MXnRAEt6WuB_KBdPxxUq-gXxrMGA&nonce=agcl7gdEy7xhtjvHUuBdTmYYxb3qftlfszK55B32O_I&client_id=rp-my&scope=openid+scope1+scope2"

  at __randomizedtesting.SeedInfo.seed([87001F4B4DB8EE88:DA26116D0046B93]:0)
  at org.hamcrest.MatcherAssert.assertThat(MatcherAssert.java:18)
  at org.junit.Assert.assertThat(Assert.java:956)
  at org.junit.Assert.assertThat(Assert.java:923)
  at org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectRealmTests.testBuildingAuthenticationRequest(OpenIdConnectRealmTests.java:316)
  at jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
  at java.lang.reflect.Method.invoke(Method.java:578)
  at com.carrotsearch.randomizedtesting.RandomizedRunner.invoke(RandomizedRunner.java:1758)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$8.evaluate(RandomizedRunner.java:946)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$9.evaluate(RandomizedRunner.java:982)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$10.evaluate(RandomizedRunner.java:996)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.tests.util.TestRuleSetupTeardownChained$1.evaluate(TestRuleSetupTeardownChained.java:44)
  at org.apache.lucene.tests.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:43)
  at org.apache.lucene.tests.util.TestRuleThreadAndTestName$1.evaluate(TestRuleThreadAndTestName.java:45)
  at org.apache.lucene.tests.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:60)
  at org.apache.lucene.tests.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:44)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:375)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl.forkTimeoutingTask(ThreadLeakControl.java:824)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$3.evaluate(ThreadLeakControl.java:475)
  at com.carrotsearch.randomizedtesting.RandomizedRunner.runSingleTest(RandomizedRunner.java:955)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$5.evaluate(RandomizedRunner.java:840)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$6.evaluate(RandomizedRunner.java:891)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$7.evaluate(RandomizedRunner.java:902)
  at org.apache.lucene.tests.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:43)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.tests.util.TestRuleStoreClassName$1.evaluate(TestRuleStoreClassName.java:38)
  at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
  at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.tests.util.TestRuleAssertionsRequired$1.evaluate(TestRuleAssertionsRequired.java:53)
  at org.apache.lucene.tests.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:43)
  at org.apache.lucene.tests.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:44)
  at org.apache.lucene.tests.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:60)
  at org.apache.lucene.tests.util.TestRuleIgnoreTestSuites$1.evaluate(TestRuleIgnoreTestSuites.java:47)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:375)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl.lambda$forkTimeoutingTask$0(ThreadLeakControl.java:831)
  at java.lang.Thread.run(Thread.java:828)

The text was updated successfully, but these errors were encountered:

elasticmachine · 2022-04-29T10:34:06Z

Pinging @elastic/es-security (Team:Security)

mark-vieira · 2022-05-03T01:45:05Z

Any thoughts on these failures. It'd be nice to get the Java 19 builds green. @ChrisHegarty I remember you said you might take a look here.

The String representation of OIDC url is not stable because the query parameters can be different orders (underlying backed by a HashMap). This PR improves the robustness of URL comparison by comparing the parsed query parameters instead of the non-stable serialised string form. Resolves: elastic#86291

ywangd · 2022-05-03T02:44:38Z

I raised #86374

The String representation of OIDC url is not stable because the query parameters can be different orders (underlying backed by a HashMap). This PR improves the robustness of URL comparison by comparing the parsed query parameters instead of the non-stable serialised string form. Resolves: #86291

bpintea added :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) >test-failure Triaged test failures from CI labels Apr 29, 2022

elasticmachine added the Team:Security Meta label for security team label Apr 29, 2022

ywangd self-assigned this May 3, 2022

ywangd mentioned this issue May 3, 2022

[Test] More robust comparison for OIDC URLs #86374

Merged

ywangd mentioned this issue May 3, 2022

[CI] OpenIdConnectRealmTests testBuilidingAuthenticationRequestWithDefaultScope failing #86384

Closed

elasticsearchmachine closed this as completed in #86374 May 3, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[CI] OpenIdConnectRealmTests testBuildingAuthenticationRequest failing #86291

[CI] OpenIdConnectRealmTests testBuildingAuthenticationRequest failing #86291

bpintea commented Apr 29, 2022

elasticmachine commented Apr 29, 2022

mark-vieira commented May 3, 2022

ywangd commented May 3, 2022

[CI] OpenIdConnectRealmTests testBuildingAuthenticationRequest failing #86291

[CI] OpenIdConnectRealmTests testBuildingAuthenticationRequest failing #86291

Comments

bpintea commented Apr 29, 2022

elasticmachine commented Apr 29, 2022

mark-vieira commented May 3, 2022

ywangd commented May 3, 2022