🔐 KMS SSO Manual Testing Suite

Environment Status: Local Development

Loading service status...

🎯 OAuth2/OIDC Testing (Keycloak)

Test Users:
• admin@example.com / admin123 (Full access)
• test@example.com / test123 (Limited access)
• limited@example.com / limited123 (Read-only)

Admin Console:
Open Keycloak Admin Login: admin / admin

OAuth2 Authorization Flow:
Test OAuth2 Login

Discovery Document:
View OIDC Config

📝 SAML Testing (SimpleSAMLphp)

Test Users:
• user1 / user1pass
• user2 / user2pass

Admin Console:
Open SAML Admin Login: admin / secret

SAML Metadata:
View Metadata

Test Authentication:
Test SAML Login

🚀 KMS API Testing

Frontend Application:
Open KMS Frontend

API Health Check:
Check API Health

Test API with Header Auth (simulates SSO result):

curl -H "X-User-Email: admin@example.com" \
     -H "Accept: application/json" \
     http://localhost:8081/api/applications

🔍 Testing Workflows

1. OAuth2 Flow Test

Click "Test OAuth2 Login" above
Login with admin@example.com / admin123
You'll be redirected to your callback URL with an authorization code
Note: This currently shows a 404 because the callback isn't implemented yet

2. SAML Flow Test

Open "SAML Admin" console
Go to "Authentication" → "Test authentication"
Login with user1 / user1pass
View the SAML assertion that would be sent to your app

3. Permission System Test

Use the API test above with different user emails
Try: admin@example.com, test@example.com, limited@example.com
See how responses differ based on user permissions

📊 Current Implementation Status

✅ Working:
• Keycloak OAuth2/OIDC provider with test realm
• SimpleSAMLphp SAML IdP with test users
• KMS API with header authentication
• Hierarchical permission system (25+ permissions)
• Application and token management
• Database with proper permission structure

❌ Missing:
• OAuth2 callback handler in KMS API
• SAML assertion processing in KMS API
• Frontend SSO login integration
• Automatic permission mapping from SSO claims

ℹ️ Next Steps:
• Complete OAuth2 callback implementation
• Add SAML response handling
• Map SSO user attributes to KMS permissions
• Add SSO login buttons to frontend

🛠️ Development Commands

# Start SSO services
podman-compose -f docker-compose.yml -f docker-compose.sso.yml up -d

# Run automated tests
./test/quick_sso_test.sh

# Check service logs
podman-compose logs keycloak
podman-compose logs saml-idp
podman-compose logs api-service

# Reset to header auth mode
podman-compose up -d