Skip to content

[OID4VCI-FAPI2] Pass fapi2-security-profile-final-state-only-outside-request-object-not-used#48326

Draft
tdiesler wants to merge 1 commit intokeycloak:mainfrom
tdiesler:ghi48047
Draft

[OID4VCI-FAPI2] Pass fapi2-security-profile-final-state-only-outside-request-object-not-used#48326
tdiesler wants to merge 1 commit intokeycloak:mainfrom
tdiesler:ghi48047

Conversation

@tdiesler
Copy link
Copy Markdown
Contributor

@tdiesler tdiesler commented Apr 21, 2026

closes #48047

@tdiesler tdiesler requested a review from a team as a code owner April 21, 2026 14:09
@tdiesler tdiesler force-pushed the ghi48047 branch 3 times, most recently from dc687d8 to 4395d10 Compare April 21, 2026 14:22
@tdiesler tdiesler requested review from a team as code owners April 21, 2026 14:22
@tdiesler tdiesler force-pushed the ghi48047 branch 3 times, most recently from 98ad67f to 25da467 Compare April 21, 2026 15:30
@tdiesler tdiesler marked this pull request as draft April 21, 2026 16:49
@tdiesler tdiesler marked this pull request as ready for review April 21, 2026 19:05
@tdiesler tdiesler force-pushed the ghi48047 branch 2 times, most recently from 185eb89 to 6714f1b Compare April 21, 2026 19:16
@keycloak-github-bot keycloak-github-bot Bot mentioned this pull request Apr 21, 2026
Closed
@tdiesler tdiesler marked this pull request as draft April 22, 2026 01:00
@tdiesler tdiesler force-pushed the ghi48047 branch 4 times, most recently from 30e362b to b3f3fc6 Compare April 22, 2026 15:06
@tdiesler tdiesler force-pushed the ghi48047 branch 4 times, most recently from 8b36e82 to 30b230d Compare April 22, 2026 20:49
This was referenced Apr 22, 2026
Open
Open
Open
This was referenced Apr 22, 2026
Open
Open
Open
Open
keycloak-github-bot[bot]
keycloak-github-bot Bot reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown

@keycloak-github-bot keycloak-github-bot Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

@keycloak-github-bot
Copy link
Copy Markdown

keycloak-github-bot Bot commented Apr 22, 2026

Unreported flaky test detected

If the flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.forms.RPInitiatedFrontChannelLogoutTest#testFrontChannelLogoutWithoutSessionRequired

Keycloak CI - Forms IT (firefox)

org.openqa.selenium.TimeoutException: 
Navigation timed out after 10000 ms
Build info: version: '4.28.1', revision: '73f5ad48a2'
System info: os.name: 'Linux', os.arch: 'amd64', os.version: '6.17.0-1010-azure', java.version: '25.0.2'
Driver info: org.openqa.selenium.firefox.FirefoxDriver
...

Report flaky test

@tdiesler tdiesler marked this pull request as ready for review April 22, 2026 22:43
@tnorimat
Copy link
Copy Markdown
Contributor

tnorimat commented Apr 23, 2026

@tdiesler Hello, I would like to confirm the following point.

It seems that you run OpenID Foundation's conformance test. It has several test plan.
Which test plan you run againt keycloak?

In OAuth-SIG activity, whenever the new keycloak version is released, I run the following test plan for FAPI 2.0 Final against that, and I confirm that keycloak can pass the test "fapi2-security-profile-final-state-only-outside-request-object-not-used" in both test plans (to say more precisely, "REVIEW" status by uploading the screen shot of error response).

  • fapi2-security-profile-final-test-plan (FAPI 2.0 Security Profile Final)
  • fapi2-message-signing-final-test-plan (FAPI 2.0 Message Signing Final)

In these test plans' "fapi2-security-profile-final-state-only-outside-request-object-not-used" test, it expects AS that it returns error response in either way:

  • an error response to a client (to redirect_uri)
  • an error response to a user's browser
    In the latter case, the test requres AS to upload its screenshot. Keycloak corresponds to the latter case.

@tdiesler tdiesler force-pushed the ghi48047 branch 3 times, most recently from f044a6f to 7fff9c8 Compare April 23, 2026 10:51
@keycloak-github-bot keycloak-github-bot Bot mentioned this pull request Apr 23, 2026
Open
@tdiesler tdiesler mentioned this pull request Apr 23, 2026
Draft
@keycloak-github-bot keycloak-github-bot Bot mentioned this pull request Apr 23, 2026
Open
keycloak-github-bot[bot]
keycloak-github-bot Bot reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown

@keycloak-github-bot keycloak-github-bot Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

@keycloak-github-bot
Copy link
Copy Markdown

keycloak-github-bot Bot commented Apr 23, 2026

Unreported flaky test detected

If the flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.authz.PolicyEvaluationTest#

Keycloak CI - Base IT (3)

org.opentest4j.AssertionFailedError: expected: <PERMIT> but was: <null>
	at org.junit.jupiter.api.AssertionFailureBuilder.build(AssertionFailureBuilder.java:151)
	at org.junit.jupiter.api.AssertionFailureBuilder.buildAndThrow(AssertionFailureBuilder.java:132)
	at org.junit.jupiter.api.AssertEquals.failNotEqual(AssertEquals.java:197)
	at org.junit.jupiter.api.AssertEquals.assertEquals(AssertEquals.java:182)
...

org.opentest4j.AssertionFailedError: expected: <PERMIT> but was: <null>
	at org.junit.jupiter.api.AssertionFailureBuilder.build(AssertionFailureBuilder.java:151)
	at org.junit.jupiter.api.AssertionFailureBuilder.buildAndThrow(AssertionFailureBuilder.java:132)
	at org.junit.jupiter.api.AssertEquals.failNotEqual(AssertEquals.java:197)
	at org.junit.jupiter.api.AssertEquals.assertEquals(AssertEquals.java:182)
...

org.opentest4j.AssertionFailedError: expected: <PERMIT> but was: <null>
	at org.junit.jupiter.api.AssertionFailureBuilder.build(AssertionFailureBuilder.java:151)
	at org.junit.jupiter.api.AssertionFailureBuilder.buildAndThrow(AssertionFailureBuilder.java:132)
	at org.junit.jupiter.api.AssertEquals.failNotEqual(AssertEquals.java:197)
	at org.junit.jupiter.api.AssertEquals.assertEquals(AssertEquals.java:182)
...

Report flaky test

@tdiesler tdiesler marked this pull request as draft April 23, 2026 13:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@keycloak-github-bot keycloak-github-bot[bot] keycloak-github-bot[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@mposolda mposolda

@tnorimat tnorimat

Labels

flaky-test team/cloud-native team/core-clients team/core-iam

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[OID4VCI-FAPI2] Pass fapi2-security-profile-final-state-only-outside-request-object-not-used

3 participants

@tdiesler @tnorimat @mposolda