maximthomas · maximthomas · May 15, 2026 · May 14, 2026 · May 14, 2026 · May 14, 2026
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -102,30 +102,30 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
-      - name: Save docker image to tar
+      - name: Prepare environment
         shell: bash
         run: |
-          docker pull localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}
-          docker save -o ${{ runner.temp }}/openam-image.tar localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}
-      - name: Upload docker image
-        uses: actions/upload-artifact@v4
-        with:
-          name: myimage
-          path: ${{ runner.temp }}/openam-image.tar
+          echo "OPENAM_IMAGE=localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}" >> $GITHUB_ENV
+          docker network create test-openam
+          echo "127.0.0.1 openam.example.org sp.mycompany.org" | sudo tee -a /etc/hosts
 
-      - name: Docker test with an external OpenDJ identity store and an embedded OpenDJ configuration store
+      - name: Docker test with an external OpenDJ identity store and an embedded OpenDJ configuration store (IDP)
         shell: bash
         run: |
-          docker network create test-openam
-          docker run --rm -it -d --hostname opendj -p 1389:1389 -p 4444:4444 --name test-opendj --network test-openam openidentityplatform/opendj:latest
-          docker run --rm -it -d --memory="2g" -h openam.example.org --name=test-openam --network test-openam localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}
-
+          echo "Setup IDP"
+
+          docker run --rm -it -d --hostname opendj-idp --name opendj-idp --network test-openam openidentityplatform/opendj:latest
+          docker run --rm -it -d -p 8080:8080 -p 8000:8000 --memory="2g" -h openam.example.org --name=openam-idp --network test-openam \
+            -e JPDA_ADDRESS=*:8000 \
+            -e JPDA_TRANSPORT=dt_socket \
+            ${OPENAM_IMAGE} catalina.sh jpda run
+
           echo "waiting for OpenDJ to be alive..."
-          timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test-opendj | grep -q \"healthy\"; do sleep 10; done'
+          timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" opendj-idp | grep -q \"healthy\"; do sleep 10; done'
           echo "waiting for OpenAM to be alive..."
-          timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test-openam | grep -q \"healthy\"; do sleep 10; done'
-          
-          docker exec -w '/usr/openam/ssoconfiguratortools' test-openam bash -c \
+          timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" openam-idp | grep -q \"healthy\"; do sleep 10; done'
+
+          docker exec -w '/usr/openam/ssoconfiguratortools' openam-idp bash -c \
           'echo "ACCEPT_LICENSES=true
           SERVER_URL=http://openam.example.org:8080
           DEPLOYMENT_URI=/$OPENAM_PATH
@@ -147,54 +147,90 @@ jobs:
           DS_DIRMGRPASSWD=password
           USERSTORE_TYPE=LDAPv3ForOpenDS
           USERSTORE_SSL=SIMPLE
-          USERSTORE_HOST=opendj
+          USERSTORE_HOST=opendj-idp
           USERSTORE_PORT=1389
           USERSTORE_SUFFIX=dc=example,dc=com
           USERSTORE_MGRDN=cn=Directory Manager
           USERSTORE_PASSWD=password
           " > conf.file && java -jar openam-configurator-tool*.jar --file conf.file'
-
-          docker exec test-openam bash -c \
-          'curl \
-           --request POST \
-           --header "Content-Type: application/json" \
-           --header "X-OpenAM-Username: amadmin" \
-           --header "X-OpenAM-Password: ampassword" \
-           --data "{}" \
-           http://openam.example.org:8080/openam/json/authenticate | grep tokenId'
-
-          docker inspect --format="{{json .State.Health.Status}}" test-openam | grep -q \"healthy\"
-
-          echo "Stopping containers and removing the network"  
-          docker stop test-opendj test-openam
-          docker network rm test-openam          
 
-      - name: Docker test with a dedicated OpenDJ container
+          echo "Setup ssoadm tools for OpenAM IDP"
+
+          docker exec -w '/usr/openam/ssoadmintools' openam-idp bash -c './setup -p /usr/openam/config --acceptLicense'
+
+          docker exec -w '/usr/openam/ssoadmintools/openam/bin' openam-idp bash -c 'echo ampassword > pwd.txt && chmod 400 pwd.txt'
+
+          echo "Test IDP authentication"
+
+          ADMIN_TOKEN=$(docker exec openam-idp bash -c \
+          'curl -sf \
+            --request POST \
+            --header "Content-Type: application/json" \
+            --header "X-OpenAM-Username: amadmin" \
+            --header "X-OpenAM-Password: ampassword" \
+            --data "{}" \
+            http://openam.example.org:8080/openam/json/authenticate' |  jq -r .tokenId)
+
+          docker inspect --format="{{json .State.Health.Status}}" openam-idp | grep -q \"healthy\"
+
+          echo "Setup IDP test user"
+
+          curl -sS -X POST \
+            -H "iPlanetDirectoryPro: ${ADMIN_TOKEN}" \
+            -H "Content-Type: application/json" \
+            -H "Accept-API-Version: resource=3.0, protocol=2.1" \
+            -d "{
+              \"username\": \"demo\",
+              \"userpassword\": \"changeit\",
+              \"mail\": \"demo@example.com\",
+              \"sn\": \"Demo\",
+              \"givenName\": \"Demo\",
+              \"cn\": \"Demo Demo\"
+              }" \
+            "http://openam.example.org:8080/openam/json/realms/root/users?_action=create"
+
+          echo "Test demo user Auth"
+
+          docker exec openam-idp bash -c \
+            'curl -sf \
+              --request POST \
+              --header "Content-Type: application/json" \
+              --header "X-OpenAM-Username: demo" \
+              --header "X-OpenAM-Password: changeit" \
+              --data "{}" \
+              http://openam.example.org:8080/openam/json/authenticate'
+
+      - name: Docker start with a dedicated OpenDJ container (SP)
         shell: bash
         run: |
-          docker network create test-openam
-          docker run --rm -it -d --hostname opendj -p 1389:1389 -p 4444:4444 --name test-opendj --network test-openam openidentityplatform/opendj:latest
-          docker run --rm -it -d --memory="2g" -h openam.example.org --name=test-openam --network test-openam localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}
-
+          echo "Setup SP"
+
+          docker run --rm -it -d --hostname opendj-sp --name opendj-sp --network test-openam openidentityplatform/opendj:latest
+
+          docker run --rm -it -d -p 8081:8080 -p 8001:8000 --memory="2g" -h sp.mycompany.org --name=openam-sp --network test-openam \
+            -e JPDA_ADDRESS=*:8000 \
+            -e JPDA_TRANSPORT=dt_socket \
+            ${OPENAM_IMAGE} catalina.sh jpda run
+
           echo "waiting for OpenDJ to be alive..."
-          timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test-opendj | grep -q \"healthy\"; do sleep 10; done'
+          timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" opendj-sp | grep -q \"healthy\"; do sleep 10; done'
           echo "waiting for OpenAM to be alive..."
-          timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test-openam | grep -q \"healthy\"; do sleep 10; done'
-          
-          docker exec -w '/usr/openam/ssoconfiguratortools' test-openam bash -c \
+          timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" openam-sp | grep -q \"healthy\"; do sleep 10; done'
+
+          docker exec -w '/usr/openam/ssoconfiguratortools' openam-sp bash -c \
           'echo "ACCEPT_LICENSES=true
-          SERVER_URL=http://openam.example.org:8080
+          SERVER_URL=http://sp.mycompany.org:8080
           DEPLOYMENT_URI=/$OPENAM_PATH
           BASE_DIR=$OPENAM_DATA_DIR
           locale=en_US
           PLATFORM_LOCALE=en_US
           AM_ENC_KEY=
           ADMIN_PWD=ampassword
           AMLDAPUSERPASSWD=password
-          COOKIE_DOMAIN=example.org
+          COOKIE_DOMAIN=mycompany.org
           DATA_STORE=dirServer
           DIRECTORY_SSL=SIMPLE
-          DIRECTORY_SERVER=opendj
+          DIRECTORY_SERVER=opendj-sp
           DIRECTORY_PORT=1389
           DIRECTORY_ADMIN_PORT=4444
           DIRECTORY_JMX_PORT=1689
@@ -203,26 +239,65 @@ jobs:
           DS_DIRMGRPASSWD=password
           USERSTORE_TYPE=LDAPv3ForOpenDS
           USERSTORE_SSL=SIMPLE
-          USERSTORE_HOST=opendj
+          USERSTORE_HOST=opendj-sp
           USERSTORE_PORT=1389
           USERSTORE_SUFFIX=dc=example,dc=com
           USERSTORE_MGRDN=cn=Directory Manager
           USERSTORE_PASSWD=password
           " > conf.file && java -jar openam-configurator-tool*.jar --file conf.file'
+
+          echo "Setup ssoadm tools for OpenAM SP"
+
+          docker exec -w '/usr/openam/ssoadmintools' openam-sp bash -c './setup -p /usr/openam/config --acceptLicense'
+
+          docker exec -w '/usr/openam/ssoadmintools/openam/bin' openam-sp bash -c 'echo ampassword > pwd.txt && chmod 400 pwd.txt'
 
-          docker exec test-openam bash -c \
-          'curl \
-           --request POST \
-           --header "Content-Type: application/json" \
-           --header "X-OpenAM-Username: amadmin" \
-           --header "X-OpenAM-Password: ampassword" \
-           --data "{}" \
-           http://openam.example.org:8080/openam/json/authenticate | grep tokenId'
-
-          docker inspect --format="{{json .State.Health.Status}}" test-openam | grep -q \"healthy\"
-
-          echo "Stopping containers and removing the network"  
-          docker stop test-opendj test-openam
+          echo "Test SP authentication"
+
+          docker exec openam-sp bash -c \
+            'curl \
+              --request POST \
+              --header "Content-Type: application/json" \
+              --header "X-OpenAM-Username: amadmin" \
+              --header "X-OpenAM-Password: ampassword" \
+              --data "{}" \
+              http://sp.mycompany.org:8080/openam/json/authenticate | grep tokenId'
+
+          docker inspect --format="{{json .State.Health.Status}}" openam-sp | grep -q \"healthy\"
+
+      - name: Cache Playwright browsers
+        uses: actions/cache@v5
+        with:
+          path: ~/.cache/ms-playwright
+          key: ${{ runner.os }}-playwright-browsers
+          restore-keys: ${{ runner.os }}-playwright-
+
+      - uses: actions/checkout@v6
+        with:
+          sparse-checkout: e2e
+
+      - name: UI Smoke Tests (Playwright)
+        run: |
+          cd e2e
+          npm init -y
+          npm install @playwright/test
+          npx playwright install chromium --with-deps
+          npx playwright test --reporter=list
+
+      - name: Upload failure artifacts
+        uses: actions/upload-artifact@v7
+        if: ${{ failure() }}
+        with:
+          name: failure-ui
+          retention-days: 1
+          path: |
+            e2e/playwright-report/**
+            e2e/test-results/**    
+
+      - name: Stopping containers and removing the network
+        shell: bash
+        run: |
+          docker stop openam-idp opendj-idp opendj-sp openam-sp
           docker network rm test-openam
 
       - name: Docker multi-server test
@@ -370,62 +445,3 @@ jobs:
           http://openam3.example.org:8080/openam/json/authenticate | grep tokenId'
 
           docker inspect --format="{{json .State.Health.Status}}" test-openam3 | grep -q \"healthy\"
-  ui-smoke-tests:
-    runs-on: ubuntu-latest
-    needs: build-docker
-    services:
-      registry:
-        image: registry:2
-        ports:
-          - 5000:5000
-    strategy:
-      fail-fast: false
-    steps:
-      - uses: actions/checkout@v6
-
-      - name: Set env
-        run: |
-          export git_version_last="$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenAM/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4)" ; echo "last release: $git_version_last"
-          echo "release_version=$git_version_last" >> $GITHUB_ENV
-          echo "REPO_LC=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV
-
-      - name: Download artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: myimage
-          path: ${{ runner.temp }}
-
-      - name: Load Docker image
-        run: |
-          docker load --input ${{ runner.temp }}/openam-image.tar
-          docker image ls -a
-
-      - name: Set Integration Test Environment
-        run: |
-          echo "127.0.0.1 idp.acme.org sp.mycompany.org" | sudo tee -a /etc/hosts
-
-      - name: Cache Playwright browsers
-        uses: actions/cache@v5
-        with:
-          path: ~/.cache/ms-playwright
-          key: ${{ runner.os }}-playwright-browsers
-          restore-keys: ${{ runner.os }}-playwright-
-
-      - name: UI Smoke Tests (Playwright)
-        run: |
-          cd e2e
-          npm init -y
-          npm install @playwright/test
-          npx playwright install chromium --with-deps
-          npx playwright test --reporter=list
-        env:
-          OPENAM_IMAGE: localhost:5000/${{ env.REPO_LC }}:${{ env.release_version }}
-      - name: Upload failure artifacts
-        uses: actions/upload-artifact@v7
-        if: ${{ failure() }}
-        with:
-          name: failure-ui-java${{ matrix.java }}-${{ matrix.context_label }}-${{ matrix.samples_label }}
-          retention-days: 1
-          path: |
-            e2e/playwright-report/**
-            e2e/test-results/**