Profile Flow Unit Tests

The idp-conf Maven module, which includes most of the as-delivered configuration files that end up in the distribution, includes TestNG unit tests that exercise many of the webflows, but without using a browser (so just programmatically with mock objects).

The tests in extend AbstractFlowTest, which is responsible for :

creating mock objects such as HttpServletRequest, HttpServletResponse, and the Spring Web Flow ExternalContext
overriding flows to return the OpenSAML ProfileRequestContext as a Spring Web Flow output attribute

Tests of SAML flows extract the SAML Response from the OpenSAML ProfileRequestContext and validate the Response using a validator, for example the SAML2TestResponseValidator.

Eclipse Testbed

The java-idp-testbed project is a stand-alone project that runs the IdP inside Eclipse (programmatically starting Jetty as the container). The code being run is the code in Eclipse under active development, so it's possible to test changes to all of the libraries or third party extensions in-situ.

A very simple mock SP included in the testbed simply displays the messages it receives for diagnostic purposes and it can initiate SAML profiles in various ways.

The testbed provides :

an IdP configured by idp-conf from the classpath (by setting the idp.home and idp.webflows system properties)
a mock SAML SP
a test in-memory LDAP directory server

To run the testbed via Eclipse :

Checkout the java-idp-testbed, java-identity-provider, and java-idp-jetty-base projects as peers in the same directory and import them into Eclipse. You can optionally do the same for the rest of the stack (java-opensaml, etc.) if you wish.
Switch to the '9.3' branch of java-idp-jetty-base.
Install Jetty (download and unpack jetty-distribution)
- The version of Jetty should match the jetty.version property in the testbed POM (java-idp-testbed/pom.xml)
- The Jetty installation directory should be set as the jetty.home system property in the Eclipse Launcher for the testbed's Main.java, see below

Add testbed.xml to idp-jetty-base/src/main/resources/jetty-base/webapps/ :

idp-jetty-base webapps/testbed.xml

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
  <Set name="war">../../../../../java-idp-testbed/src/main/webapp/</Set>
  <Set name="contextPath">/</Set>
  <Set name="extractWAR">false</Set>
  <Set name="copyWebDir">false</Set>
  <Set name="copyWebInf">true</Set>
</Configure>

Adjust paths in idp-jetty-base/src/main/resources/jetty-base/start.d/idp.ini :

idp-jetty-base start.d/idp.ini

jetty.war.path = ../../../../../java-identity-provider/idp-war/src/main/webapp
jetty.backchannel.keystore.path=../../../../../java-identity-provider/idp-conf/src/test/resources/credentials/idp-backchannel.p12
jetty.browser.keystore.path=../../../../../java-identity-provider/idp-conf/src/test/resources/credentials/idp-userfacing.p12

Configure the Eclipse Launcher for the testbed's Main.java :
- Program arguments : --lib=${workspace_loc:idp-conf/src/test/resources} --lib=${workspace_loc:idp-conf/src/main/resources}
- VM arguments : -Djetty.home=<path to jetty-distribution> -Didp.home=classpath: -Didp.webflows=classpath*:/flows -Djava.io.tmpdir=tmp
- working directory : ${workspace_loc:idp-jetty-base/src/main/resources/jetty-base}
Run Main.java from java-idp-testbed as a Java Application (there's an Eclipse launcher file included, but it may need customization).
Access https://localhost:8443/index.html with a browser on the same machine.

Properties

Note that the Jetty WebAppProvider configured in idp-jetty-base's jetty-deploy.xml reads properties from idp-jetty-base's start.d/idp.ini, hence properties used in a deployment descriptor XML file are not overridable via command line arguments or via other start.d/*.ini files.

Logging

Jetty will log to ${workspace_loc:idp-jetty-base}/src/main/resources/jetty-base/logs

The IdP will log to ${workspace_loc:idp-jetty-base}/src/main/resources/jetty-base/classpath/logs

To log to the Eclipse console :

comment out --module=logging in ${workspace_loc:idp-jetty-base}/src/main/resources/jetty-base/start.ini
add <include resource="conf/logback-include-console.xml" /> to the end of ${workspace_loc:idp-conf}/src/main/resources/conf/logback.xml (this includes ${workspace_loc:idp-conf}/src/test/resources/conf/logback-include-console.xml)

Storage

To interact with IdP storage services via HTTP, add the following to idp-war/src/main/webapp/WEB-INF/web.xml :

web.xml

<!-- The /storage app space. Interact with storage services via HTTP. -->
<servlet>
    <servlet-name>storage</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:/system/conf/storage-context.xml</param-value>
     </init-param>
     <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>storage</servlet-name>
    <url-pattern>/storage/*</url-pattern>
</servlet-mapping>

See the Javadoc for the testbed StorageServiceWrapperController for usage.

Troubleshooting Eclipse Testbed

ClassNotFoundException

If Eclipse can not find Jetty classes :

WARNING: Nothing to start, exiting ...
java.lang.ClassNotFoundException: org.eclipse.jetty.xml.XmlConfiguration

make sure that the version of Jetty specified via jetty.home and the testbed POM match.

-Djetty.home=/opt/jetty/jetty-distribution-9.3.16.v20170120

<jetty.version>9.3.16.v20170120</jetty.version>

Integration Tests

The java-idp-integration-tests project exercises profile flows using a browser via Selenium.

The tests configure and run the IdP and testbed web apps. The SAML assertion produced by the IdP and received by the testbed SP is retrieved by the browser and validated using the same validator used by the idp-conf tests.

See How to Run IdP Browser/Integration Tests for further information.