Test SAML Login With a SP Client

John Westcott

unread,

Jul 13, 2022, 12:09:01 PM7/13/22

to Keycloak User

Hello,

I have an SP client using Keycloak as its IdP and I want to write some automated tests that validate that my SP correctly handles the information provided by Keycloak on user login.

I've been able to mimic a browsers HTTP conversation to programmatically login to my SP through Keycloak but there are two form posts in the process and I have to parse the HTML form to scrape up all of the inputs. Is there a more programatic way to test the logins?

Thanks for any responses,

-John

dc...@prosentient.com.au

unread,

Jul 17, 2022, 7:24:41 PM7/17/22

to John Westcott, Keycloak User

Initially, I’d just unit test the function that handles the Keycloak response using mock data. That should tell you that your SP correctly handles the information provided by Keycloak on user login.

For an automated integration test with Keycloak, I’d say Selenium/Cypress/Playwright/Puppeteer would be the way to go. As for how to use those, it depends on what language you’re working with.

David Cook

Senior Software Engineer

Prosentient Systems

Suite 7.03

6a Glen St

Milsons Point NSW 2061

Australia

Office: 02 9212 0899

Online: 02 8005 0595

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/1974f32b-49f2-494d-a5ba-ec1a35ad4e23n%40googlegroups.com.

Michal Hajas

unread,

Jul 19, 2022, 3:41:25 AM7/19/22

to dc...@prosentient.com.au, John Westcott, Keycloak User

Hello John,

maybe you can have a look into the Keycloak testsuite. We have a tool called SamlClient [1] for exactly what you are describing. It is using HttpClient under the hood. You can see it in action for example in this test: https://github.com/keycloak/keycloak/blob/3f5a087db9ff9e3625fd38286807f52e442691e1/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLServletAdapterTest.java#L995-L1012

The test is using these steps:

1. (line 1000) Sends request to SP

2. (line 1001) Parses POST Binding form and send POST request based on form data

3. (line 1002) Parses login page and submit form with provided credentials

4. (line 1003-1009) Parses POST Binding form with resulting SAML message update the email attribute and sends the resulting message to SP

5. (line 1010) Stores response data within the resultPage variable on line 999

6. (line 1012) Checks the resultPage have correct data

Note this is using a builder pattern, you need to use execute at the end otherwise nothing is executed.

[1] https://github.com/keycloak/keycloak/blob/main/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/SamlClient.java

Regards,

Michal

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/00a201d89a34%245ee718d0%241cb54a70%24%40prosentient.com.au.

Reply all

Reply to author

Forward