This is a test application to verify that all of the components provided in this repository work together according to OpenID Connect Standards

Prerequisites

The single sign-on application needs to be up and running. Instructions on how to accomplish that can be found in ../../README.md.

Create oAuth Client

You also need to create an oAuth2-Client to enable this application to communicate with the oAuth server.

To do that you can run the create-hydra-client script in this repository:

bash ../create-hydra-client.bash testapplication clientsecret http://localhost:4445 http://localhost:13337/callback http://localhost:13337/ http://localhost:13337/logout

http://localhost:4445 refers to the hydra-admin service. http://localhost:13337/callback is the callback uri of the test application. The third uri (http://localhost:13337) will be used as a post logout redirect uri. The agent is forwarded to this address after the single-sign-off process finishes. The last argument specifies the uri that is used to trigger a OIDC frontchanel logout.

Make sure that the callback url you specified as the 4th argument when executing the create-hydra-client.bash script exactly matches one of the insecure redirect urls that are specified in ../../docker-compose.yml (line 16). The argument to look out for is called --dangerous-allow-insecure-redirect-urls:

serve all --dangerous-force-http --dangerous-allow-insecure-redirect-urls "http://localhost:13337/callback"

Create users

In the default setup, users can be created by executing the scripts contained in ../../user-panel/backend/utils/

bash ../../user-panel/backend/utils/create-user.bash admin <choose-password-here> admin@example.net
bash ../../user-panel/backend/utils/create-application.bash testapplication
bash ../../user-panel/backend/utils/grant-access.bash admin testapplication
bash ../../user-panel/backend/utils/create-role.bash admin
bash ../../user-panel/backend/utils/assign-role.bash admin admin

Installation

Install the requirements with:

python3 -m venv venv
. venv/bin/activate
pip3 install -r requrements.txt

Configuration

Make sure you export the following environment variables with values according to your setup. Use the default values provided here if you run your setup locally.

export BASE_URL=http://localhost:4444/                         # Hydra public API Base
export KEY=testapplication                                     # name of your oauth/openID Connect client (application)
export SECRET=clientsecret                                     # secret of your oauth/openID Connect client (application)

Run the tests

Start the application with:

flask run --port=13337

Navigate to http://localhost:13337/ to trigger the openID connect authentication flow. During the login process your agent's browser will be redirected multiple times. If successful, you will see a json reply containing your oAuth token.

Navigate to http://localhost:13337/userinfo after you received the token to pull userinfo via openID Connect scopes.

Run auto tests

Run the following commands to run the tests

export TESTUSER_USERNAME=user
export TESTUSER_PASSWORD=secret
export TESTUSER_USERNAME2=user2
export TESTUSER_EMAIL=test@example.net
export ROLE=admin
bash ../../user-panel/utils/create-user.bash $TESTUSER_USERNAME $TESTUSER_PASSWORD $TESTUSER_EMAIL
bash ../../user-panel/utils/create-user.bash $TESTUSER_USERNAME2 RANDOMPW $TESTUSER_EMAIL
bash ../../user-panel/utils/create-application.bash testapplication
bash ../../user-panel/utils/grant-access.bash $TESTUSER_USERNAME testapplication
bash ../../user-panel/utils/create-role.bash $ROLE
bash ../../user-panel/utils/assign-role.bash $TESTUSER_USERNAME $ROLE
python3 -m behave \
-D headless=True \
-D url=http://localhost:13337 \
-D username=${TESTUSER_USERNAME} \
-D username2=${TESTUSER_USERNAME2} \
-D password=${TESTUSER_PASSWORD} \
-D email=${TESTUSER_EMAIL} \
-D role=${ROLE}

Note: You need to have chromedriver isntalled to run the tests