uaa Bug in test suite: Logging in against client that only allows SAML IDP should redirect Java
What version of UAA are you running?
This is a test suite bug
How are you deploying the UAA?
This is a test suite bug
What did you do?
This line declares SAML is the only allowed IDP:
https://github.com/cloudfoundry/uaa/blob/db47c2b1c4a66da22f75a9159076887cfb5adf41/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java#L303
This test passes: https://github.com/cloudfoundry/uaa/blob/db47c2b1c4a66da22f75a9159076887cfb5adf41/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java#L281-L287
What did you expect to see? What goal are you trying to achieve with the UAA?
The test should fail. UAA should redirect in this scenario.
What did you see instead?
The test passes.
Further details
I've created a branch with a properly failing test to illustrate what I think should happen here. https://github.com/cloudfoundry/uaa/blob/611c0b42ca1e61c3b7ff7b1730ba916b0dfd34b1/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java#L309-L333
I suspect the same problem exists for a client that only allows OIDC.
I believe this subtle bug was introduced in "Restructure login method to not read all IdentityProviders on login_hint"
1 Answer:
We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/178572890
The labels on this github issue will be updated when the story is started.
Read next
- rails test:system race condition(?) with webpacker Ruby
- openemr UuidMapping registry for vital records creates extremely slow API requests - PHP
- Routing key handling - PHP RabbitMqBundle
- More frequent releases please! - tsdx JavaScript
- Docker setup pgpass file - OpenSlides
- ipsec协商失败,请大佬解惑 - Shell setup-ipsec-vpn
- Reload the left view table - Swift LGSideMenuController
- transmission A use-after-free bug in concurrent environment C++