uaa Bug in test suite: Logging in against client that only allows SAML IDP should redirect Java

What version of UAA are you running?

This is a test suite bug

How are you deploying the UAA?

This is a test suite bug

What did you do?

This line declares SAML is the only allowed IDP: https://github.com/cloudfoundry/uaa/blob/db47c2b1c4a66da22f75a9159076887cfb5adf41/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java#L303

This test passes: https://github.com/cloudfoundry/uaa/blob/db47c2b1c4a66da22f75a9159076887cfb5adf41/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java#L281-L287

What did you expect to see? What goal are you trying to achieve with the UAA?

The test should fail. UAA should redirect in this scenario.

What did you see instead?

The test passes.

Further details

I've created a branch with a properly failing test to illustrate what I think should happen here. https://github.com/cloudfoundry/uaa/blob/611c0b42ca1e61c3b7ff7b1730ba916b0dfd34b1/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java#L309-L333

I suspect the same problem exists for a client that only allows OIDC.

I believe this subtle bug was introduced in "Restructure login method to not read all IdentityProviders on login_hint"

Asked Oct 08 '21 08:10
avatar staylor14
staylor14

1 Answer:

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/178572890

The labels on this github issue will be updated when the story is started.

1
Answered Jun 17 '21 at 15:19
avatar  of cf-gitbot
cf-gitbot