Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CI] OpenIdConnectRealmTests testBuildingAuthenticationRequest failing #89241

Closed
albertzaharovits opened this issue Aug 10, 2022 · 4 comments
Closed

[CI] OpenIdConnectRealmTests testBuildingAuthenticationRequest failing #89241

albertzaharovits opened this issue Aug 10, 2022 · 4 comments
Assignees
@slobodanadamovic
Labels
:Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team >test-failure Triaged test failures from CI

Comments

@albertzaharovits
Copy link
Contributor

This is a JDK 19 specific issue

Build scan:
https://gradle-enterprise.elastic.co/s/oahvuxuwmluie/tests/:x-pack:plugin:security:test/org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectRealmTests/testBuildingAuthenticationRequest

Reproduction line:
./gradlew ':x-pack:plugin:security:test' --tests "org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectRealmTests.testBuildingAuthenticationRequest" -Dtests.seed=BF071174B712B29A -Dtests.locale=en-AU -Dtests.timezone=Etc/GMT+12 -Druntime.java=19

Applicable branches:
7.17

Reproduces locally?:
Yes

Failure history:
https://gradle-enterprise.elastic.co/scans/tests?tests.container=org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectRealmTests&tests.test=testBuildingAuthenticationRequest

Failure excerpt:

java.lang.AssertionError: 
Expected: "https://op.example.com/login?scope=openid+scope1+scope2&response_type=code&redirect_uri=https%3A%2F%2Frp.my.com%2Fcb&state=aONlJ9H-g7K-l3iobPVxW7J23qcEngoxjGDXOg_zmXU&nonce=8ocOLDDn9qRK3zzyC6d9XV3ryOsPSAOPZuAHY2ENak4&client_id=rp-my"
     but: was "https://op.example.com/login?response_type=code&redirect_uri=https%3A%2F%2Frp.my.com%2Fcb&state=aONlJ9H-g7K-l3iobPVxW7J23qcEngoxjGDXOg_zmXU&nonce=8ocOLDDn9qRK3zzyC6d9XV3ryOsPSAOPZuAHY2ENak4&client_id=rp-my&scope=openid+scope1+scope2"

  at __randomizedtesting.SeedInfo.seed([BF071174B712B29A:35A56F292AAE3781]:0)
  at org.hamcrest.MatcherAssert.assertThat(MatcherAssert.java:18)
  at org.junit.Assert.assertThat(Assert.java:956)
  at org.junit.Assert.assertThat(Assert.java:923)
  at org.elasticsearch.xpack.security.authc.oidc.OpenIdConnectRealmTests.testBuildingAuthenticationRequest(OpenIdConnectRealmTests.java:312)
  at jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
  at java.lang.reflect.Method.invoke(Method.java:578)
  at com.carrotsearch.randomizedtesting.RandomizedRunner.invoke(RandomizedRunner.java:1758)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$8.evaluate(RandomizedRunner.java:946)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$9.evaluate(RandomizedRunner.java:982)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$10.evaluate(RandomizedRunner.java:996)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.util.TestRuleSetupTeardownChained$1.evaluate(TestRuleSetupTeardownChained.java:49)
  at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
  at org.apache.lucene.util.TestRuleThreadAndTestName$1.evaluate(TestRuleThreadAndTestName.java:48)
  at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
  at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:390)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl.forkTimeoutingTask(ThreadLeakControl.java:843)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$3.evaluate(ThreadLeakControl.java:490)
  at com.carrotsearch.randomizedtesting.RandomizedRunner.runSingleTest(RandomizedRunner.java:955)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$5.evaluate(RandomizedRunner.java:840)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$6.evaluate(RandomizedRunner.java:891)
  at com.carrotsearch.randomizedtesting.RandomizedRunner$7.evaluate(RandomizedRunner.java:902)
  at org.apache.lucene.util.AbstractBeforeAfterRule$1.evaluate(AbstractBeforeAfterRule.java:45)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.util.TestRuleStoreClassName$1.evaluate(TestRuleStoreClassName.java:41)
  at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
  at com.carrotsearch.randomizedtesting.rules.NoShadowingOrOverridesOnMethodsRule$1.evaluate(NoShadowingOrOverridesOnMethodsRule.java:40)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at org.apache.lucene.util.TestRuleAssertionsRequired$1.evaluate(TestRuleAssertionsRequired.java:53)
  at org.apache.lucene.util.TestRuleMarkFailure$1.evaluate(TestRuleMarkFailure.java:47)
  at org.apache.lucene.util.TestRuleIgnoreAfterMaxFailures$1.evaluate(TestRuleIgnoreAfterMaxFailures.java:64)
  at org.apache.lucene.util.TestRuleIgnoreTestSuites$1.evaluate(TestRuleIgnoreTestSuites.java:54)
  at com.carrotsearch.randomizedtesting.rules.StatementAdapter.evaluate(StatementAdapter.java:36)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl$StatementRunner.run(ThreadLeakControl.java:390)
  at com.carrotsearch.randomizedtesting.ThreadLeakControl.lambda$forkTimeoutingTask$0(ThreadLeakControl.java:850)
  at java.lang.Thread.run(Thread.java:1589)
@albertzaharovits albertzaharovits added :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) >test-failure Triaged test failures from CI labels Aug 10, 2022
@elasticsearchmachine elasticsearchmachine added the Team:Security Meta label for security team label Aug 10, 2022
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@astefan
Copy link
Contributor

astefan commented Aug 17, 2022

Another failure here https://gradle-enterprise.elastic.co/s/pt3falm7nz2du.
Also, it does reproduce locally.

@slobodanadamovic
Copy link
Contributor

This test has been fixed in 8.3.0. We need to backport it to 7.17.

@slobodanadamovic slobodanadamovic self-assigned this Aug 17, 2022
@slobodanadamovic slobodanadamovic mentioned this issue Aug 18, 2022
Merged
@slobodanadamovic
Copy link
Contributor

Backported to 7.17 -> #89448

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@slobodanadamovic slobodanadamovic

Labels
:Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team >test-failure Triaged test failures from CI
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@astefan @slobodanadamovic @albertzaharovits @elasticsearchmachine