From d2bd921137d3f947d097914ebcca65046ee517b1 Mon Sep 17 00:00:00 2001
From: Jj! <jsjohnson@unicon.net>
Date: Tue, 23 Aug 2022 16:46:50 -0500
Subject: [PATCH] [NOTASK]

refactoring for consistency
update tests
---
 pom.xml                                       |  37 ++-
 .../authentication/plugin/ConfigUtils.java    |   5 +-
 .../plugin/Pac4jConfigFactory.java            |   2 +-
 .../plugin/config/OidcClientProvider.java     |   3 +-
 .../plugin/filter/ReinitializingTimer.java    |   3 +-
 .../Pac4JConfigFactoryTest.java               | 314 ++++++++++++++++++
 src/test/resources/grouper-ui.properties      |   2 -
 7 files changed, 349 insertions(+), 17 deletions(-)
 create mode 100644 src/test/java/edu/internet2/middleware/grouper/authentication/Pac4JConfigFactoryTest.java

diff --git a/pom.xml b/pom.xml
index 1455f01..d5bac77 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,20 +24,16 @@
 
     <modelVersion>4.0.0</modelVersion>
 
-    <parent>
-        <groupId>edu.internet2.middleware.grouper</groupId>
-        <artifactId>grouper-parent</artifactId>
-        <version>2.6.0-SNAPSHOT</version>
-        <relativePath>../../grouper-parent</relativePath>
-    </parent>
-
     <name>Grouper Authentication Plugin</name>
     <description>Authentication Library Plugin</description>
+    <groupId>edu.internet2.middleware.grouper.plugins</groupId>
     <artifactId>grouper-authentication-plugin</artifactId>
     <version>0.0.1-SNAPSHOT</version>
     <packaging>bundle</packaging>
 
     <properties>
+        <maven.compiler.source>1.8</maven.compiler.source>
+        <maven.compiler.target>1.8</maven.compiler.target>
         <pac4j.version>4.3.1</pac4j.version>
         <jee-pac4j.version>5.0.0</jee-pac4j.version>
         <grouper.version>2.6.0-SNAPSHOT</grouper.version>
@@ -45,7 +41,7 @@
 
     <dependencies>
         <dependency>
-            <groupId>${project.groupId}</groupId>
+            <groupId>edu.internet2.middleware.grouper</groupId>
             <artifactId>grouperClient</artifactId>
             <version>${grouper.version}</version>
             <scope>provided</scope>
@@ -113,14 +109,37 @@
             <scope>provided</scope>
         </dependency>
         <dependency>
-            <groupId>${project.groupId}</groupId>
+            <groupId>edu.internet2.middleware.grouper</groupId>
             <artifactId>grouper</artifactId>
             <version>${grouper.version}</version>
             <type>test-jar</type>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-inline</artifactId>
+            <version>4.7.0</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>edu.internet2.middleware.grouper</groupId>
+                <artifactId>grouper</artifactId>
+                <version>2.6.15</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
     <build>
         <plugins>
             <plugin>
diff --git a/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/ConfigUtils.java b/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/ConfigUtils.java
index 341cba7..fb0c971 100644
--- a/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/ConfigUtils.java
+++ b/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/ConfigUtils.java
@@ -1,6 +1,5 @@
 package edu.internet2.middleware.grouper.authentication.plugin;
 
-import edu.internet2.middleware.grouper.cfg.GrouperHibernateConfig;
 import edu.internet2.middleware.grouperClient.config.ConfigPropertiesCascadeBase;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.FrameworkUtil;
@@ -38,8 +37,8 @@ public static ConfigPropertiesCascadeBase getBestGrouperConfiguration() {
 
     public static ConfigPropertiesCascadeBase getConfigPropertiesCascadeBase(String type) {
         try {
-            ServiceReference<ConfigPropertiesCascadeBase> serviceReference = (ServiceReference<ConfigPropertiesCascadeBase>) FrameworkUtil.getBundle(ConfigUtils.class.getClassLoader()).get().getBundleContext().getServiceReferences(ConfigPropertiesCascadeBase.class, "(type=" + type + ")").toArray()[0];
-            return FrameworkUtil.getBundle(ConfigUtils.class.getClassLoader()).get().getBundleContext().getService(serviceReference);
+            ServiceReference<ConfigPropertiesCascadeBase> serviceReference = (ServiceReference<ConfigPropertiesCascadeBase>) bundleContext.getServiceReferences(ConfigPropertiesCascadeBase.class, "(type=" + type + ")").toArray()[0];
+            return bundleContext.getService(serviceReference);
         } catch (InvalidSyntaxException e) {
             throw new RuntimeException(e);
         }
diff --git a/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/Pac4jConfigFactory.java b/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/Pac4jConfigFactory.java
index 793f2b5..42c4f74 100644
--- a/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/Pac4jConfigFactory.java
+++ b/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/Pac4jConfigFactory.java
@@ -21,7 +21,7 @@ public class Pac4jConfigFactory implements ConfigFactory {
     private static final Log LOGGER;
     static {
         try {
-            BundleContext bundleContext = FrameworkUtil.getBundle(Pac4jConfigFactory.class).getBundleContext();
+            BundleContext bundleContext = FrameworkUtil.getBundle(GrouperAuthentication.class).getBundleContext();
             //TODO: figure out why this is weird
             ServiceReference<LogFactory> logfactoryReference = (ServiceReference<LogFactory>) bundleContext.getAllServiceReferences("org.apache.commons.logging.LogFactory", null)[0];
             LOGGER = bundleContext.getService(logfactoryReference).getInstance(ExternalAuthenticationServletContainerInitializer.class);
diff --git a/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/config/OidcClientProvider.java b/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/config/OidcClientProvider.java
index 2bb8558..8227173 100644
--- a/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/config/OidcClientProvider.java
+++ b/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/config/OidcClientProvider.java
@@ -2,6 +2,7 @@
 
 import edu.internet2.middleware.grouper.authentication.plugin.ConfigUtils;
 import edu.internet2.middleware.grouper.authentication.plugin.ExternalAuthenticationServletContainerInitializer;
+import edu.internet2.middleware.grouper.authentication.plugin.GrouperAuthentication;
 import edu.internet2.middleware.grouper.authentication.plugin.Pac4jConfigFactory;
 import edu.internet2.middleware.grouper.authentication.plugin.oidc.client.ClaimAsUsernameOidcClient;
 import edu.internet2.middleware.grouper.authentication.plugin.oidc.config.ClaimAsUsernameOidcConfiguration;
@@ -20,7 +21,7 @@ public class OidcClientProvider implements ClientProvider {
     private static final Log LOGGER;
     static {
         try {
-            BundleContext bundleContext = FrameworkUtil.getBundle(Pac4jConfigFactory.class).getBundleContext();
+            BundleContext bundleContext = FrameworkUtil.getBundle(GrouperAuthentication.class).getBundleContext();
             //TODO: figure out why this is weird
             ServiceReference<LogFactory> logfactoryReference = (ServiceReference<LogFactory>) bundleContext.getAllServiceReferences("org.apache.commons.logging.LogFactory", null)[0];
             LOGGER = bundleContext.getService(logfactoryReference).getInstance(ExternalAuthenticationServletContainerInitializer.class);
diff --git a/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/filter/ReinitializingTimer.java b/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/filter/ReinitializingTimer.java
index 9d98144..796686b 100644
--- a/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/filter/ReinitializingTimer.java
+++ b/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/filter/ReinitializingTimer.java
@@ -2,6 +2,7 @@
 
 import edu.internet2.middleware.grouper.authentication.plugin.ConfigUtils;
 import edu.internet2.middleware.grouper.authentication.plugin.ExternalAuthenticationServletContainerInitializer;
+import edu.internet2.middleware.grouper.authentication.plugin.GrouperAuthentication;
 import edu.internet2.middleware.grouper.authentication.plugin.Pac4jConfigFactory;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -18,7 +19,7 @@ public class ReinitializingTimer extends TimerTask {
     private static final Log LOGGER;
     static {
         try {
-            BundleContext bundleContext = FrameworkUtil.getBundle(Pac4jConfigFactory.class).getBundleContext();
+            BundleContext bundleContext = FrameworkUtil.getBundle(GrouperAuthentication.class).getBundleContext();
             //TODO: figure out why this is weird
             ServiceReference<LogFactory> logfactoryReference = (ServiceReference<LogFactory>) bundleContext.getAllServiceReferences("org.apache.commons.logging.LogFactory", null)[0];
             LOGGER = bundleContext.getService(logfactoryReference).getInstance(ExternalAuthenticationServletContainerInitializer.class);
diff --git a/src/test/java/edu/internet2/middleware/grouper/authentication/Pac4JConfigFactoryTest.java b/src/test/java/edu/internet2/middleware/grouper/authentication/Pac4JConfigFactoryTest.java
new file mode 100644
index 0000000..c094936
--- /dev/null
+++ b/src/test/java/edu/internet2/middleware/grouper/authentication/Pac4JConfigFactoryTest.java
@@ -0,0 +1,314 @@
+package edu.internet2.middleware.grouper.authentication;
+
+import edu.internet2.middleware.grouper.authentication.plugin.ConfigUtils;
+import edu.internet2.middleware.grouper.authentication.plugin.GrouperAuthentication;
+import edu.internet2.middleware.grouper.authentication.plugin.Pac4jConfigFactory;
+import edu.internet2.middleware.grouper.cfg.GrouperHibernateConfig;
+import edu.internet2.middleware.grouper.ui.util.GrouperUiConfig;
+import edu.internet2.middleware.grouper.ui.util.GrouperUiConfigInApi;
+import edu.internet2.middleware.grouperClient.config.ConfigPropertiesCascadeBase;
+import junit.framework.TestCase;
+import junit.textui.TestRunner;
+import org.apache.commons.logging.LogFactory;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.MockedStatic;
+import org.mockito.Mockito;
+import org.osgi.framework.Bundle;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.FrameworkUtil;
+import org.osgi.framework.ServiceReference;
+import org.pac4j.cas.client.CasClient;
+import org.pac4j.cas.config.CasConfiguration;
+import org.pac4j.core.config.Config;
+import org.pac4j.oidc.client.OidcClient;
+import org.pac4j.oidc.config.OidcConfiguration;
+import org.pac4j.saml.client.SAML2Client;
+import org.pac4j.saml.config.SAML2Configuration;
+
+import java.time.Period;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Map;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class Pac4JConfigFactoryTest {
+    MockedStatic<FrameworkUtil> frameworkUtilMockedStatic;
+
+    @Before
+    public void setup() throws Exception {
+        this.frameworkUtilMockedStatic = Mockito.mockStatic(FrameworkUtil.class);
+
+        Bundle bundle = mock(Bundle.class);
+        this.frameworkUtilMockedStatic.when(() -> FrameworkUtil.getBundle(GrouperAuthentication.class)).thenReturn(bundle);
+
+        BundleContext bundleContext = mock(BundleContext.class);
+        when(bundle.getBundleContext()).thenReturn(bundleContext);
+
+
+        ServiceReference<LogFactory> logFactoryServiceReference = mock(ServiceReference.class);
+        when(bundleContext.getAllServiceReferences("org.apache.commons.logging.LogFactory", null)).thenReturn(new ServiceReference[]{logFactoryServiceReference});
+        when(bundleContext.getService(logFactoryServiceReference)).thenReturn(LogFactory.getFactory());
+
+        ServiceReference<ConfigPropertiesCascadeBase> UIConfigPropertiesCascadeBaseServiceReference = mock(ServiceReference.class);
+        when(bundleContext.getServiceReferences(ConfigPropertiesCascadeBase.class, "(type=ui)")).thenReturn(Collections.singletonList(UIConfigPropertiesCascadeBaseServiceReference));
+        when(bundleContext.getService(UIConfigPropertiesCascadeBaseServiceReference)).thenReturn(GrouperUiConfigInApi.retrieveConfig());
+
+        ServiceReference<ConfigPropertiesCascadeBase> HibernateConfigPropertiesCascadeBaseServiceReference = mock(ServiceReference.class);
+        when(bundleContext.getServiceReferences(ConfigPropertiesCascadeBase.class, "(type=hibernate)")).thenReturn(Collections.singletonList(HibernateConfigPropertiesCascadeBaseServiceReference));
+        when(bundleContext.getService(HibernateConfigPropertiesCascadeBaseServiceReference)).thenReturn(GrouperHibernateConfig.retrieveConfig());
+    }
+
+    @After
+    public void tearDown() {
+        this.frameworkUtilMockedStatic.close();
+    }
+
+    /*
+        reads configuration from the `grouper-ui.properties` file in the test resources directory to verify that
+        elconfig still works
+     */
+    @Test
+    public void testElConfig() {
+        ConfigPropertiesCascadeBase grouperConfig = ConfigUtils.getConfigPropertiesCascadeBase("ui");
+        grouperConfig.propertiesOverrideMap().clear();
+        Map<String, String> properties = grouperConfig.propertiesOverrideMap();
+
+        properties.put("external.authentication.provider.elConfig", "${\"cas\"}");
+        properties.put("external.authentication.cas.loginUrl.elConfig", "${\"login\"}");
+
+        Pac4jConfigFactory pac4jConfigFactory = new Pac4jConfigFactory();
+        Config config = pac4jConfigFactory.build();
+
+        Assert.assertTrue(config.getClients().getClients().get(0) instanceof CasClient);
+
+        CasConfiguration configuration = ((CasClient) config.getClients().getClients().get(0)).getConfiguration();
+        Assert.assertEquals(configuration.getLoginUrl(), "login");
+    }
+
+    /**
+     *
+     */
+    @Test
+    public void testPac4JConfigFactorCAS() {
+        ConfigPropertiesCascadeBase grouperConfig = ConfigUtils.getConfigPropertiesCascadeBase("ui");
+        grouperConfig.propertiesOverrideMap().clear();
+        Map<String, String> properties = grouperConfig.propertiesOverrideMap();
+        properties.put("external.authentication.provider","cas");
+        properties.put("external.authentication.grouperContextUrl","localhost");
+        properties.put("external.authentication.callbackUrl","callback");
+        properties.put("external.authentication.cas.encoding","UTF-8");
+        properties.put("external.authentication.cas.loginUrl","login");
+        properties.put("external.authentication.cas.prefixUrl","localhost");
+        properties.put("external.authentication.cas.restUrl","rest");
+        properties.put("external.authentication.cas.timeTolerance","1000");
+        properties.put("external.authentication.cas.renew","true");
+        properties.put("external.authentication.cas.gateway","false");
+        properties.put("external.authentication.cas.acceptAnyProxy","true");
+        properties.put("external.authentication.cas.postLogoutUrlParameter","logout");
+        properties.put("external.authentication.cas.customParams","param1=value1,param2=value2,param3=value3");
+        properties.put("external.authentication.cas.method","post");
+        properties.put("external.authentication.cas.privateKeyPath","http://localhost/key");
+        properties.put("external.authentication.cas.privateKeyAlgorithm","AES");
+
+        Pac4jConfigFactory pac4jConfigFactory = new Pac4jConfigFactory();
+        Config config = pac4jConfigFactory.build();
+
+        Assert.assertTrue(config.getClients().getClients().get(0) instanceof CasClient);
+
+        CasConfiguration configuration = ((CasClient) config.getClients().getClients().get(0)).getConfiguration();
+
+        Assert.assertEquals(configuration.getEncoding(), properties.get("external.authentication.cas.encoding"));
+        Assert.assertEquals(configuration.getLoginUrl(), properties.get("external.authentication.cas.loginUrl"));
+        Assert.assertEquals(configuration.getPrefixUrl(), properties.get("external.authentication.cas.prefixUrl"));
+        Assert.assertEquals(configuration.getRestUrl(), properties.get("external.authentication.cas.restUrl"));
+        Assert.assertEquals(configuration.getTimeTolerance(), Integer.parseInt(properties.get("external.authentication.cas.timeTolerance")));
+        Assert.assertEquals(configuration.isRenew(), Boolean.parseBoolean(properties.get("external.authentication.cas.renew")));
+        Assert.assertEquals(configuration.isGateway(), Boolean.parseBoolean(properties.get("external.authentication.cas.gateway")));
+        Assert.assertEquals(configuration.isAcceptAnyProxy(), Boolean.parseBoolean(properties.get("external.authentication.cas.acceptAnyProxy")));
+        Assert.assertEquals(configuration.getPostLogoutUrlParameter(), properties.get("external.authentication.cas.postLogoutUrlParameter"));
+        Assert.assertEquals(configuration.getMethod(), properties.get("external.authentication.cas.method"));
+        Assert.assertEquals(configuration.getPrivateKeyPath(), properties.get("external.authentication.cas.privateKeyPath"));
+        Assert.assertEquals(configuration.getPrivateKeyAlgorithm(), properties.get("external.authentication.cas.privateKeyAlgorithm"));
+        Assert.assertEquals(configuration.getCustomParams().size(), Arrays.asList(properties.get("external.authentication.cas.customParams").split(",")).size());
+    }
+
+    /**
+     *
+     */
+    @Test
+    public void testPac4JConfigFactorSAML() {
+        ConfigPropertiesCascadeBase grouperConfig = ConfigUtils.getConfigPropertiesCascadeBase("ui");
+        grouperConfig.propertiesOverrideMap().clear();
+        Map<String, String> properties = grouperConfig.propertiesOverrideMap();
+        properties.put("external.authentication.provider","saml");
+        properties.put("external.authentication.grouperContextUrl","localhost");
+        properties.put("external.authentication.callbackUrl","callback");
+        properties.put("external.authentication.saml.keystorePassword","changeme");
+        properties.put("external.authentication.saml.privateKeyPassword","secret");
+        properties.put("external.authentication.saml.certificateNameToAppend","cert");
+        properties.put("external.authentication.saml.identityProviderEntityId","idPid");
+        properties.put("external.authentication.saml.serviceProviderEntityId","sPEid");
+        properties.put("external.authentication.saml.maximumAuthenticationLifetime","500");
+        properties.put("external.authentication.saml.acceptedSkew","10");
+        properties.put("external.authentication.saml.forceAuth","true");
+        properties.put("external.authentication.saml.passive","false");
+        properties.put("external.authentication.saml.comparisonType","close");
+        properties.put("external.authentication.saml.authnRequestBindingType","urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+        properties.put("external.authentication.saml.responseBindingType","urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+        properties.put("external.authentication.saml.spLogoutRequestBindingType","urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+        properties.put("external.authentication.saml.spLogoutResponseBindingType","urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+        properties.put("external.authentication.saml.authnContextClassRefs","type1,type2,type3,type4");
+        properties.put("external.authentication.saml.nameIdPolicyFormat","####");
+        properties.put("external.authentication.saml.useNameQualifier","true");
+        properties.put("external.authentication.saml.signMetadata","false");
+        properties.put("external.authentication.saml.forceServiceProviderMetadataGeneration","true");
+        properties.put("external.authentication.saml.forceKeystoreGeneration","false");
+        properties.put("external.authentication.saml.authnRequestSigned","true");
+        properties.put("external.authentication.saml.spLogoutRequestSigned","false");
+        properties.put("external.authentication.saml.blackListedSignatureSigningAlgorithms","col1,col2,col3,col4");
+        properties.put("external.authentication.saml.signatureAlgorithms","RSA,ECDSA");
+        properties.put("external.authentication.saml.signatureReferenceDigestMethods","md5,sha256");
+        properties.put("external.authentication.saml.signatureCanonicalizationAlgorithm","qweafsdf");
+        properties.put("external.authentication.saml.wantsAssertionsSigned","true");
+        properties.put("external.authentication.saml.wantsResponsesSigned","false");
+        properties.put("external.authentication.saml.allSignatureValidationDisabled","true");
+        properties.put("external.authentication.saml.keyStoreAlias","fred");
+        properties.put("external.authentication.saml.keyStoreType","text");
+        properties.put("external.authentication.saml.assertionConsumerServiceIndex","5");
+        properties.put("external.authentication.saml.attributeConsumingServiceIndex","2");
+        properties.put("external.authentication.saml.providerName","paul");
+        properties.put("external.authentication.saml.attributeAsId","george");
+        properties.put("external.authentication.saml.mappedAttributes","key1=value1,key2=value2,key3=value3");
+        properties.put("external.authentication.saml.postLogoutURL","logout");
+        properties.put("external.authentication.saml.certificateExpirationPeriod","P2Y3M5D");
+        properties.put("external.authentication.saml.certificateSignatureAlg","SHA1WithRSA");
+        properties.put("external.authentication.saml.privateKeySize","15");
+        properties.put("external.authentication.saml.issuerFormat","urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
+        properties.put("external.authentication.saml.nameIdPolicyAllowCreate","true");
+        properties.put("external.authentication.saml.supportedProtocols","urn:oasis:names:tc:SAML:2.0:protocol, urn:oasis:names:tc:SAML:1.0:protocol, urn:oasis:names:tc:SAML:1.1:protocol");
+        properties.put("external.authentication.saml.normalizedCertificateName","ringo");
+
+        Pac4jConfigFactory pac4jConfigFactory = new Pac4jConfigFactory();
+        Config config = pac4jConfigFactory.build();
+
+        Assert.assertTrue(config.getClients().getClients().get(0) instanceof  SAML2Client);
+
+        SAML2Configuration configuration = ((SAML2Client) config.getClients().getClients().get(0)).getConfiguration();
+
+        Assert.assertEquals(configuration.getKeystorePassword(), properties.get("external.authentication.saml.keystorePassword"));
+        Assert.assertEquals(configuration.getPrivateKeyPassword(), properties.get("external.authentication.saml.privateKeyPassword"));
+        Assert.assertEquals(configuration.getCertificateNameToAppend(), properties.get("external.authentication.saml.certificateNameToAppend"));
+        Assert.assertEquals(configuration.getIdentityProviderEntityId(), properties.get("external.authentication.saml.identityProviderEntityId"));
+        Assert.assertEquals(configuration.getServiceProviderEntityId(), properties.get("external.authentication.saml.serviceProviderEntityId"));
+        Assert.assertEquals(configuration.getMaximumAuthenticationLifetime(), Integer.parseInt(properties.get("external.authentication.saml.maximumAuthenticationLifetime")));
+        Assert.assertEquals(configuration.getAcceptedSkew(), Integer.parseInt(properties.get("external.authentication.saml.acceptedSkew")));
+        Assert.assertEquals(configuration.isForceAuth(), Boolean.parseBoolean(properties.get("external.authentication.saml.forceAuth")));
+        Assert.assertEquals(configuration.isPassive(), Boolean.parseBoolean(properties.get("external.authentication.saml.passive")));
+        Assert.assertEquals(configuration.getComparisonType(), properties.get("external.authentication.saml.comparisonType"));
+        Assert.assertEquals(configuration.getAuthnRequestBindingType(), properties.get("external.authentication.saml.authnRequestBindingType"));
+        Assert.assertEquals(configuration.getResponseBindingType(), properties.get("external.authentication.saml.responseBindingType"));
+        Assert.assertEquals(configuration.getSpLogoutRequestBindingType(), properties.get("external.authentication.saml.spLogoutRequestBindingType"));
+        Assert.assertEquals(configuration.getSpLogoutResponseBindingType(), properties.get("external.authentication.saml.spLogoutResponseBindingType"));
+        Assert.assertEquals(configuration.getNameIdPolicyFormat(), properties.get("external.authentication.saml.nameIdPolicyFormat"));
+        Assert.assertEquals(configuration.isUseNameQualifier(), Boolean.parseBoolean(properties.get("external.authentication.saml.useNameQualifier")));
+        Assert.assertEquals(configuration.isSignMetadata(), Boolean.parseBoolean(properties.get("external.authentication.saml.signMetadata")));
+        Assert.assertEquals(configuration.isForceServiceProviderMetadataGeneration(), Boolean.parseBoolean(properties.get("external.authentication.saml.forceServiceProviderMetadataGeneration")));
+        Assert.assertEquals(configuration.isForceKeystoreGeneration(), Boolean.parseBoolean(properties.get("external.authentication.saml.forceKeystoreGeneration")));
+        Assert.assertEquals(configuration.isAuthnRequestSigned(), Boolean.parseBoolean(properties.get("external.authentication.saml.authnRequestSigned")));
+        Assert.assertEquals(configuration.isSpLogoutRequestSigned(), Boolean.parseBoolean(properties.get("external.authentication.saml.spLogoutRequestSigned")));
+        Assert.assertEquals(configuration.getSignatureCanonicalizationAlgorithm(), properties.get("external.authentication.saml.signatureCanonicalizationAlgorithm"));
+        Assert.assertEquals(configuration.isWantsAssertionsSigned(), Boolean.parseBoolean(properties.get("external.authentication.saml.wantsAssertionsSigned")));
+        Assert.assertEquals(configuration.isWantsResponsesSigned(), Boolean.parseBoolean(properties.get("external.authentication.saml.wantsResponsesSigned")));
+        Assert.assertEquals(configuration.isAllSignatureValidationDisabled(), Boolean.parseBoolean(properties.get("external.authentication.saml.allSignatureValidationDisabled")));
+        Assert.assertEquals(configuration.getKeyStoreAlias(), properties.get("external.authentication.saml.keyStoreAlias"));
+        Assert.assertEquals(configuration.getKeyStoreType(), properties.get("external.authentication.saml.keyStoreType"));
+        Assert.assertEquals(configuration.getAssertionConsumerServiceIndex(), Integer.parseInt(properties.get("external.authentication.saml.assertionConsumerServiceIndex")));
+        Assert.assertEquals(configuration.getAttributeConsumingServiceIndex(), Integer.parseInt(properties.get("external.authentication.saml.attributeConsumingServiceIndex")));
+        Assert.assertEquals(configuration.getProviderName(), properties.get("external.authentication.saml.providerName"));
+        Assert.assertEquals(configuration.getAttributeAsId(), properties.get("external.authentication.saml.attributeAsId"));
+        Assert.assertEquals(configuration.getPostLogoutURL(), properties.get("external.authentication.saml.postLogoutURL"));
+        Assert.assertEquals(configuration.getCertificateExpirationPeriod(), Period.parse(properties.get("external.authentication.saml.certificateExpirationPeriod")));
+        Assert.assertEquals(configuration.getCertificateSignatureAlg(), properties.get("external.authentication.saml.certificateSignatureAlg"));
+        Assert.assertEquals(configuration.getPrivateKeySize(), Integer.parseInt(properties.get("external.authentication.saml.privateKeySize")));
+        Assert.assertEquals(configuration.getIssuerFormat(), properties.get("external.authentication.saml.issuerFormat"));
+        Assert.assertEquals(configuration.isNameIdPolicyAllowCreate(), Boolean.parseBoolean(properties.get("external.authentication.saml.nameIdPolicyAllowCreate")));
+        Assert.assertEquals(configuration.getAuthnContextClassRefs().size(), Arrays.asList(properties.get("external.authentication.saml.authnContextClassRefs").split(",")).size());
+        Assert.assertEquals(configuration.getBlackListedSignatureSigningAlgorithms().size(), Arrays.asList(properties.get("external.authentication.saml.blackListedSignatureSigningAlgorithms").split(",")).size());
+        Assert.assertEquals(configuration.getSignatureReferenceDigestMethods().size(), Arrays.asList(properties.get("external.authentication.saml.signatureReferenceDigestMethods").split(",")).size());
+        Assert.assertEquals(configuration.getMappedAttributes().size(), Arrays.asList(properties.get("external.authentication.saml.mappedAttributes").split(",")).size());
+        Assert.assertEquals(configuration.getSupportedProtocols().size(), Arrays.asList(properties.get("external.authentication.saml.supportedProtocols").split(",")).size());
+    }
+
+    /**
+     *
+     */
+    @Test
+    public void testPac4JConfigFactorOidc() {
+        ConfigPropertiesCascadeBase grouperConfig = ConfigUtils.getConfigPropertiesCascadeBase("ui");
+        grouperConfig.propertiesOverrideMap().clear();
+        Map<String, String> properties = grouperConfig.propertiesOverrideMap();
+        properties.put("external.authentication.provider","oidc");
+        properties.put("external.authentication.grouperContextUrl","localhost");
+        properties.put("external.authentication.callbackUrl","callback");
+        properties.put("external.authentication.oidc.clientId","myClientId");
+        properties.put("external.authentication.oidc.secret","secret");
+        properties.put("external.authentication.oidc.discoveryURI","https://localhost/oidc");
+        properties.put("external.authentication.oidc.scope","PUBLIC");
+        properties.put("external.authentication.oidc.customParams","key1=value1, key2=value2, key3=value3");
+        properties.put("external.authentication.oidc.useNonce","true");
+        properties.put("external.authentication.oidc.disablePkce","false");
+        properties.put("external.authentication.oidc.maxAge","60000");
+        properties.put("external.authentication.oidc.maxClockSkew","10000");
+        properties.put("external.authentication.oidc.responseMode","token");
+        properties.put("external.authentication.oidc.logoutUrl","logout");
+        properties.put("external.authentication.oidc.connectTimeout","30000");
+        properties.put("external.authentication.oidc.readTimeout","15000");
+        properties.put("external.authentication.oidc.withState","false");
+        properties.put("external.authentication.oidc.expireSessionWithToken","true");
+        properties.put("external.authentication.oidc.tokenExpirationAdvance","5000");
+
+        Pac4jConfigFactory pac4jConfigFactory = new Pac4jConfigFactory();
+        Config config = pac4jConfigFactory.build();
+
+        Assert.assertTrue(config.getClients().getClients().get(0) instanceof OidcClient);
+
+        OidcConfiguration configuration = ((OidcClient) config.getClients().getClients().get(0)).getConfiguration();
+
+        Assert.assertEquals(configuration.getClientId(), properties.get("external.authentication.oidc.clientId"));
+        Assert.assertEquals(configuration.getSecret(), properties.get("external.authentication.oidc.secret"));
+        Assert.assertEquals(configuration.getDiscoveryURI(), properties.get("external.authentication.oidc.discoveryURI"));
+        Assert.assertEquals(configuration.getScope(), properties.get("external.authentication.oidc.scope"));
+        Assert.assertEquals(configuration.isUseNonce(), Boolean.parseBoolean(properties.get("external.authentication.oidc.useNonce")));
+        Assert.assertEquals(configuration.isDisablePkce(), Boolean.parseBoolean(properties.get("external.authentication.oidc.disablePkce")));
+        Assert.assertEquals(configuration.getMaxAge().intValue(), Integer.parseInt(properties.get("external.authentication.oidc.maxAge")));
+        Assert.assertEquals(configuration.getMaxClockSkew(), Integer.parseInt(properties.get("external.authentication.oidc.maxClockSkew")));
+        Assert.assertEquals(configuration.getResponseMode(), properties.get("external.authentication.oidc.responseMode"));
+        Assert.assertEquals(configuration.getLogoutUrl(), properties.get("external.authentication.oidc.logoutUrl"));
+        Assert.assertEquals(configuration.getConnectTimeout(), Integer.parseInt(properties.get("external.authentication.oidc.connectTimeout")));
+        Assert.assertEquals(configuration.getReadTimeout(), Integer.parseInt(properties.get("external.authentication.oidc.readTimeout")));
+        Assert.assertEquals(configuration.isWithState(), Boolean.parseBoolean(properties.get("external.authentication.oidc.withState")));
+        Assert.assertEquals(configuration.isExpireSessionWithToken(), Boolean.parseBoolean(properties.get("external.authentication.oidc.expireSessionWithToken")));
+        Assert.assertEquals(configuration.getTokenExpirationAdvance(), Integer.parseInt(properties.get("external.authentication.oidc.tokenExpirationAdvance")));
+        Assert.assertEquals(configuration.getCustomParams().size(), Arrays.asList(properties.get("external.authentication.oidc.customParams").split(",")).size());
+    }
+
+    @Test
+    public void testPac4jForManualProvider() {
+        ConfigPropertiesCascadeBase grouperConfig = ConfigUtils.getConfigPropertiesCascadeBase("ui");
+        grouperConfig.propertiesOverrideMap().clear();
+        Map<String, String> overrides = grouperConfig.propertiesOverrideMap();
+        overrides.put("external.authentication.provider", "edu.internet2.middleware.grouper.authentication.plugin.config.SAML2ClientProvider");
+
+        Pac4jConfigFactory pac4jConfigFactory = new Pac4jConfigFactory();
+        Config config = pac4jConfigFactory.build();
+
+        Assert.assertTrue(config.getClients().getClients().get(0) instanceof SAML2Client);
+
+        Assert.assertTrue(true);
+    }
+}
\ No newline at end of file
diff --git a/src/test/resources/grouper-ui.properties b/src/test/resources/grouper-ui.properties
index 63ad58d..e69de29 100644
--- a/src/test/resources/grouper-ui.properties
+++ b/src/test/resources/grouper-ui.properties
@@ -1,2 +0,0 @@
-external.authentication.mechanism.elConfig = ${"cas"}
-external.authentication.cas.loginUrl.elConfig = ${"login"}