Tests for TARA (both Hydra OIDC and Estonian specific login service component)
- SUT (TARA) must be deployed in the cluster. The deployment can be done in two different setups:
a) General - deployment of TARA service as Estonian domestic authentication service.
b) idp - deployment of TARA service as identity provider for eIDAS Proxy service.
The configuration changes made in these setups may result test failures if the tests are not kept in sync.
- Fetch the tests:
git clone https://github.com/e-gov/TARA-Test
- Configure the properties file.
application.properties file needs to be either in
src/test/resources
directory or its location configured with .env filesrc/test/resources
. Example of .env file:
configuration_base_path=/home/me/IdeaProjects/tara-configuration
configuration_path=dev-local
The example application.properties file with values are given ../src/test/resource/sample_application.properties
Description of values:
oidcservice - Hydra OIDC service parameters
loginservice - Estonian specific login service parameters
oidcclient - Tests act like connecting OIDC client. This client must be registered in TARA service.
ca-proxyservice - Foreign country (CA) proxy service configuration for eIDAS authentication tests.
idp - Foreign country (CA) identity provider configuration for eIDAS authentication tests.
ee-connector - Estonian connector service configuration for eIDAS authentication tests.
Parameter | Default | Description |
---|---|---|
oidcservice.protocol | https | Service protocol. |
oidcservice.host | oidc-service | Service URL. |
oidcservice.port | 8443 | Service port. |
oidcservice.authenticationRequestUrl | /oauth2/auth | OIDC flow start endpoint. |
oidcservice.configurationUrl | /.well-known/openid-configuration | OIDC metadata endpoint. |
oidcservice.jwksUrl | /.well-known/jwks.json | Signing key info endpoint. |
loginservice.protocol | https | Service protocol. |
loginservice.host | login-service-backend | Service URL. |
loginservice.port | 8444 | Service port. |
loginservice.node.protocol | https | Specific service node protocol. |
loginservice.node.host | login-service-backend | Specific service node URL. |
loginservice.node.port | 8444 | Specific service node port. |
loginservice.initUrl | /auth/init | Authentication start endpoint in login service. |
loginservice.midInitUrl | /auth/mid/init | Mobile-ID start endpoint. |
loginservice.midPollUrl | /auth/mid/poll | Mobile-ID status polling endpoint. |
loginservice.midCancelUrl | /auth/mid/poll/cancel | Mobile-ID cancel endpoint. |
loginservice.webEidInitUrl | /auth/id/init | ID-card start endpoint. |
loginservice.webEidLoginUrl | /auth/id/login | ID-card authentication endpoint for submitting Web eID token. |
loginservice.sidInitUrl | /auth/sid/init | Smart-ID start endpoint. |
loginservice.sidPollUrl | /auth/sid/poll | Smart-ID status polling endpoint. |
loginservice.sidCancelUrl | /auth/sid/poll/cancel | Smart-ID cancel endpoint. |
loginservice.authAcceptUrl | /auth/accept | Authentication accept endpoint. |
loginservice.authRejectUrl | /auth/reject | Authentication reject endpoint. |
loginservice.errorUrl | /oidc-error | Error status endpoint. |
loginservice.eidasInitUrl | /auth/eidas/init | eIDAS authentication start endpoint. |
loginservice.eidasCallbackUrl | /auth/eidas/callback | eIDAS authentication return endpoint. |
loginservice.authLegalInitUrl | /auth/legalperson/init | Legal person authentication start endpoint. |
loginservice.authLegalPersonUrl | /auth/legalperson | Legal person selection endpoint. |
loginservice.authLegalConfirmUrl | /auth/legalperson/confirm | Legal person confirmation endpoint. |
loginservice.consentUrl | /auth/consent | Authentication consent selection endpoint. |
loginservice.consentConfirmUrl | /auth/consent/confirm | Authentication consent confirmation endpoint |
loginservice.heartbeatUrl | /heartbeat | Service heartbeat endpoint. |
oidcclientpublic.protocol | https | Service protocol. |
oidcclientpublic.host | oidc-client-mock | Service URL. |
oidcclientpublic.port | 8451 | Service port. |
oidcclientpublic.responseUrl | /oauth/response | Authentication response endpoint. |
oidcclientpublic.clientId | dev-mock-oidc-client | Registered client id with client_secret_basic configuration. |
oidcclientpublic.secret | secret | Registered client secret. |
oidcclientpost.protocol | https | Service protocol. |
oidcclientpost.host | oidc-client-mock | Service URL. |
oidcclientpost.port | 8451 | Service port. |
oidcclientpost.responseUrl | /oauth/response | Authentication response endpoint. |
oidcclientpost.clientId | dev-mock-oidc-client | Registered client id with client_secret_post. |
oidcclientpost.secret | secret | Registered client secret. |
oidcclientprivate.protocol | https | Service protocol. |
oidcclientprivate.host | oidc-client-mock | Service URL. |
oidcclientprivate.port | 8451 | Service port. |
oidcclientprivate.responseUrl | /oauth/response | Authentication response endpoint. |
oidcclientprivate.clientId | dev-mock-oidc-client | Registered private sector client id. |
oidcclientprivate.secret | secret | Registered client secret. |
ca-proxyservice.protocol | https | Service protocol. |
ca-proxyservice.host | eidas-caproxy | Service URL. |
ca-proxyservice.port | 8080 | Service port. |
ca-proxyservice.consentUrl | /SpecificProxyService/AfterCitizenConsentResponse | Authentication consent endpoint. |
idp.protocol | https | Service protocol. |
idp.host | eidas-caproxy | Service URL. |
idp.port | 8081 | Service port. |
idp.responseUrl | /IdP/Response | Authentication response endpoint. |
ee-connector.protocol | https | Service protocol. |
ee-connector.host | eidas-specificconnector | Service URL. |
ee-connector.port | 8443 | Service port. |
ee-connector.authenticationRequestUrl | /SpecificConnector/ServiceProvider | Estonian eIDAS conenctor authentication start endpoint. |
- To run the tests:
a) for domestic deployment:
./mvn clean test
b) for idp specific deployment:
./mvn clean test -Dtest.deployment.env="idp"
- To check the results:
a) Surefire plugin generates reports in ../target/surefire-reports folder.
b) For a comprehensive report, Allure is required (instructions for download.). To generate the report execute:
allure serve .../tara-test/allure-results/
Configure correct Allure results directory in IntelliJ in order to view Allure report when running tests from IntelliJ
Run-> Edit configurations-> Templates-> JUnit-> VM Options: -ea -Dallure.results.directory=$ProjectFileDir$/target/allure-results
And delete all existing run configurations