diff --git a/benchmark/src/main/java/org/keycloak/benchmark/Config.java b/benchmark/src/main/java/org/keycloak/benchmark/Config.java index 9cf81647b..92c9b83b2 100644 --- a/benchmark/src/main/java/org/keycloak/benchmark/Config.java +++ b/benchmark/src/main/java/org/keycloak/benchmark/Config.java @@ -1,5 +1,6 @@ package org.keycloak.benchmark; +import java.net.URI; import java.text.SimpleDateFormat; import java.util.Arrays; import java.util.List; @@ -190,7 +191,7 @@ public class Config { String serversProp = System.getProperty("server-url"); if (serversProp == null) { String serversEnv = System.getenv("KC_SERVER_URL"); - serverUris = serversEnv != null ? serversEnv : "http://localhost:8080/auth"; + serverUris = serversEnv != null ? serversEnv : "http://0.0.0.0:8080"; } else { serverUris = serversProp; } @@ -199,6 +200,46 @@ public class Config { serverUrisList = Arrays.asList(serverUris.split(" ")); } + public static void preventLocalhostServerUris() { + serverUrisList.stream().forEach(s -> { + URI uri = URI.create(s); + if (uri.getScheme().equals("http") && isLocalhostSecureContext(uri)) { + throw new RuntimeException(""" + Gatling won't send secure cookies to localhost addresses. Due to this, it is incompatible of running tests against with Keycloak 26. + See https://github.com/keycloak/keycloak-benchmark/issues/945 for more information. + As a workaround, use a different IP address on your current host, or use http://0.0.0.0 + """); + } + }); + } + + public static boolean isLocalhostSecureContext(URI uri) { + String host = uri.getHost(); + if (host == null) { + return false; + } + + // The host matches a CIDR notation of ::1/128 + if (host.equals("[::1]") || host.equals("[0000:0000:0000:0000:0000:0000:0000:0001]")) { + return true; + } + + // The host matches a CIDR notation of 127.0.0.0/8 + if (host.matches("127.\\d{1,3}.\\d{1,3}.\\d{1,3}")) { + return true; + } + + if (host.equals("localhost") || host.equals("localhost.")) { + return true; + } + + if (host.endsWith(".localhost") || host.endsWith(".localhost.")) { + return true; + } + + return false; + } + public static String toStringPopulationConfig() { return String.format( " realms: %s\n" diff --git a/benchmark/src/main/scala/keycloak/scenario/authentication/AuthorizationCode.scala b/benchmark/src/main/scala/keycloak/scenario/authentication/AuthorizationCode.scala index 98465ea61..6d9ea6ddd 100644 --- a/benchmark/src/main/scala/keycloak/scenario/authentication/AuthorizationCode.scala +++ b/benchmark/src/main/scala/keycloak/scenario/authentication/AuthorizationCode.scala @@ -1,9 +1,12 @@ package keycloak.scenario.authentication import keycloak.scenario.{CommonSimulation, KeycloakScenarioBuilder} +import org.keycloak.benchmark.Config class AuthorizationCode extends CommonSimulation { + Config.preventLocalhostServerUris() + setUp("Authentication - Authorization Code Username/Password", new KeycloakScenarioBuilder() .openLoginPage(true) .loginUsernamePassword() diff --git a/benchmark/src/main/scala/keycloak/scenario/authentication/LoginUserPassword.scala b/benchmark/src/main/scala/keycloak/scenario/authentication/LoginUserPassword.scala index 6ea4a1a0e..fec24eb44 100644 --- a/benchmark/src/main/scala/keycloak/scenario/authentication/LoginUserPassword.scala +++ b/benchmark/src/main/scala/keycloak/scenario/authentication/LoginUserPassword.scala @@ -1,9 +1,12 @@ package keycloak.scenario.authentication import keycloak.scenario.{CommonSimulation, KeycloakScenarioBuilder} +import org.keycloak.benchmark.Config class LoginUserPassword extends CommonSimulation { + Config.preventLocalhostServerUris() + setUp("Authentication - Login Username/Password", new KeycloakScenarioBuilder() .openLoginPage(true) .loginUsernamePassword()) diff --git a/doc/benchmark/modules/ROOT/pages/run/running-benchmark-cli.adoc b/doc/benchmark/modules/ROOT/pages/run/running-benchmark-cli.adoc index f8a136eb1..81fa09c5c 100644 --- a/doc/benchmark/modules/ROOT/pages/run/running-benchmark-cli.adoc +++ b/doc/benchmark/modules/ROOT/pages/run/running-benchmark-cli.adoc @@ -31,7 +31,7 @@ To start running tests, execute: ./kcb.sh ---- -By default, tests expect Keycloak to run on \http://localhost:8080/auth, and the default scenario is `keycloak.scenarion.authentication.ClientSecret`. +By default, tests expect Keycloak to run on \http://0.0.0.0:8080, and the default scenario is `keycloak.scenarion.authentication.ClientSecret`. To use a different server URL, realm and scenario: diff --git a/doc/benchmark/modules/ROOT/pages/scenario/authorization-code.adoc b/doc/benchmark/modules/ROOT/pages/scenario/authorization-code.adoc index 382a12533..3228ba2ca 100644 --- a/doc/benchmark/modules/ROOT/pages/scenario/authorization-code.adoc +++ b/doc/benchmark/modules/ROOT/pages/scenario/authorization-code.adoc @@ -14,6 +14,12 @@ See xref:scenario-overview.adoc[] for a list of all scenarios. See the source code at link:{github-files}/benchmark/src/main/scala/keycloak/scenario/authentication/AuthorizationCode.scala[AuthorizationCode.scala] for details. +[WARNING] +==== +Due to the circumstances described in issue https://github.com/keycloak/keycloak-benchmark/issues/945[#945], this scenario will not work with a non-TLS localhost URLs like `+http://localhost+`, `+http://127.0.0.1+` or similar. +Instead, use IP addresses of other interfaces, or `+http://0.0.0.0+`, or run Keycloak with a TLS certificate. +==== + == Running an example scenario === Prerequisites @@ -35,13 +41,13 @@ See xref:configuration.adoc[] for additional CLI options. ---- bin/kcb.sh \ --scenario=keycloak.scenario.authentication.AuthorizationCode \ - --server-url=http://localhost:8080/ \ + --server-url=http://0.0.0.0:8080/ \ --realm-name=realm-0 \ --username=user-0 \ --user-password=user-0-password \ --client-id=client-0 \ --client-secret=client-0-secret \ - --client-redirect-uri=http://localhost:8080 \ + --client-redirect-uri=http://0.0.0.0:8080 \ --log-http-on-failure ----