TARA integration tests

Tests for TARA (both Hydra OIDC and Estonian specific login service component)


  1. SUT (TARA) must be deployed in the cluster. The deployment can be done in two different setups:

a) General - deployment of TARA service as Estonian domestic authentication service.

b) idp - deployment of TARA service as identity provider for eIDAS Proxy service.

The configuration changes made in these setups may result test failures if the tests are not kept in sync.

  1. Fetch the tests:

git clone

Configuring the test

  1. Configure the properties file. file needs to be either in src/test/resources directory or its location configured with .env file src/test/resources. Example of .env file:

The example file with values are given ../src/test/resource/

Description of values:

oidcservice - Hydra OIDC service parameters

loginservice - Estonian specific login service parameters

oidcclient - Tests act like connecting OIDC client. This client must be registered in TARA service.

ca-proxyservice - Foreign country (CA) proxy service configuration for eIDAS authentication tests.

idp - Foreign country (CA) identity provider configuration for eIDAS authentication tests.

ee-connector - Estonian connector service configuration for eIDAS authentication tests.

Parameter Default Description
oidcservice.protocol https Service protocol. oidc-service Service URL.
oidcservice.port 8443 Service port.
oidcservice.authenticationRequestUrl /oauth2/auth OIDC flow start endpoint.
oidcservice.configurationUrl /.well-known/openid-configuration OIDC metadata endpoint.
oidcservice.jwksUrl /.well-known/jwks.json Signing key info endpoint.
loginservice.protocol https Service protocol. login-service-backend Service URL.
loginservice.port 8444 Service port.
loginservice.node.protocol https Specific service node protocol. login-service-backend Specific service node URL.
loginservice.node.port 8444 Specific service node port.
loginservice.initUrl /auth/init Authentication start endpoint in login service.
loginservice.midInitUrl /auth/mid/init Mobile-ID start endpoint.
loginservice.midPollUrl /auth/mid/poll Mobile-ID status polling endpoint.
loginservice.midCancelUrl /auth/mid/poll/cancel Mobile-ID cancel endpoint.
loginservice.webEidInitUrl /auth/id/init ID-card start endpoint.
loginservice.webEidLoginUrl /auth/id/login ID-card authentication endpoint for submitting Web eID token.
loginservice.sidInitUrl /auth/sid/init Smart-ID start endpoint.
loginservice.sidPollUrl /auth/sid/poll Smart-ID status polling endpoint.
loginservice.sidCancelUrl /auth/sid/poll/cancel Smart-ID cancel endpoint.
loginservice.authAcceptUrl /auth/accept Authentication accept endpoint.
loginservice.authRejectUrl /auth/reject Authentication reject endpoint.
loginservice.errorUrl /oidc-error Error status endpoint.
loginservice.eidasInitUrl /auth/eidas/init eIDAS authentication start endpoint.
loginservice.eidasCallbackUrl /auth/eidas/callback eIDAS authentication return endpoint.
loginservice.authLegalInitUrl /auth/legalperson/init Legal person authentication start endpoint.
loginservice.authLegalPersonUrl /auth/legalperson Legal person selection endpoint.
loginservice.authLegalConfirmUrl /auth/legalperson/confirm Legal person confirmation endpoint.
loginservice.consentUrl /auth/consent Authentication consent selection endpoint.
loginservice.consentConfirmUrl /auth/consent/confirm Authentication consent confirmation endpoint
loginservice.heartbeatUrl /heartbeat Service heartbeat endpoint.
oidcclientpublic.protocol https Service protocol. oidc-client-mock Service URL.
oidcclientpublic.port 8451 Service port.
oidcclientpublic.responseUrl /oauth/response Authentication response endpoint.
oidcclientpublic.clientId dev-mock-oidc-client Registered client id with client_secret_basic configuration.
oidcclientpublic.secret secret Registered client secret.
oidcclientpost.protocol https Service protocol. oidc-client-mock Service URL.
oidcclientpost.port 8451 Service port.
oidcclientpost.responseUrl /oauth/response Authentication response endpoint.
oidcclientpost.clientId dev-mock-oidc-client Registered client id with client_secret_post.
oidcclientpost.secret secret Registered client secret.
oidcclientprivate.protocol https Service protocol. oidc-client-mock Service URL.
oidcclientprivate.port 8451 Service port.
oidcclientprivate.responseUrl /oauth/response Authentication response endpoint.
oidcclientprivate.clientId dev-mock-oidc-client Registered private sector client id.
oidcclientprivate.secret secret Registered client secret.
ca-proxyservice.protocol https Service protocol. eidas-caproxy Service URL.
ca-proxyservice.port 8080 Service port.
ca-proxyservice.consentUrl /SpecificProxyService/AfterCitizenConsentResponse Authentication consent endpoint.
idp.protocol https Service protocol. eidas-caproxy Service URL.
idp.port 8081 Service port.
idp.responseUrl /IdP/Response Authentication response endpoint.
ee-connector.protocol https Service protocol. eidas-specificconnector Service URL.
ee-connector.port 8443 Service port.
ee-connector.authenticationRequestUrl /SpecificConnector/ServiceProvider Estonian eIDAS conenctor authentication start endpoint.

Execute tests and generate report

  1. To run the tests:

a) for domestic deployment:

./mvn clean test

b) for idp specific deployment:

./mvn clean test -Dtest.deployment.env="idp"

  1. To check the results:

a) Surefire plugin generates reports in ../target/surefire-reports folder.

b) For a comprehensive report, Allure is required (instructions for download.). To generate the report execute:

allure serve .../tara-test/allure-results/

To see Allure report after running tests in IntelliJ

Configure correct Allure results directory in IntelliJ in order to view Allure report when running tests from IntelliJ

Run-> Edit configurations-> Templates-> JUnit-> VM Options: -ea$ProjectFileDir$/target/allure-results

And delete all existing run configurations