[MGNLSSO-131] Create integration test for Direct client flow (Token auth) Created: 31/May/22  Updated: 19/Sep/22  Resolved: 25/Aug/22

Status: Closed
Project: Single Sign On
Component/s: None
Affects Version/s: None
Fix Version/s: 3.0.0

Type: Improvement Priority: Neutral
Reporter: Nguyen Phung Chi Assignee: Nguyen Phung Chi
Resolution: Fixed Votes: 0
Labels: None
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: 7d 2.5h Time Spent: 7d 2.5h
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Attachments: File Keycloak.postman_collection.json     Java Source File SsoModuleIT.java    
Issue Links:
Relates
relates to MGNLSSO-96 Non-interactive SSO access to REST en... Closed
Sub-Tasks:
Key
Summary
Type
Status
Assignee
MGNLSSO-164 Implement new test Sub-task Closed Nguyen Phung Chi  
MGNLSSO-165 Review Sub-task Closed Evzen Fochr  
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Epic Link: SSO support for custom IdPs
Sprint: AdminX 16, AdminX 17
Story Points: 5
Team: AdminX

 Description   

As a result of MGNLSSO-96, there is a missing integration test for the direct client flow.

The scenario is:

  • Prerequisite: Setup SSO module with an addition direct client
  • Get the token from Keycloak token endpoint
  • Use the token in the Authentication header Bearer type to get content from Magnolia

Please checkout the Postman requests collection to know more.

Dev notes:

  • Tried to create the test in SsoModuleIT class (see example in attachment), but it failed to run in current setup that IT is run on the Host and connect Keycloak in Docker container (localhost:8080) and Magnolia instance (localhost:8081)
  • The token obtained from Keycloak token endpoint (localhost:8080), but it can't be verified through "keycloak:8080" in SSO module because the token is issued by different host then the verification process. So, it's possible if we can reach the Keycloak from the host using host name (keycloak in this case) to get the token.
  • So, we may need to create the test in different setup to achieve this.

Generated at Mon Feb 12 10:51:24 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.