Intersmash
diff --git a/‎testsuite/README.md‎
Lines changed: 1 addition & 1 deletion b/‎testsuite/README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎testsuite/src/test/java/org/jboss/intersmash/tests/wildfly/elytron/oidc/client/keycloak/BasicKeycloakOperatorDynamicClientOidcApplication.java‎
Lines changed: 1 addition & 1 deletion b/‎testsuite/src/test/java/org/jboss/intersmash/tests/wildfly/elytron/oidc/client/keycloak/BasicKeycloakOperatorDynamicClientOidcApplication.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎testsuite/src/test/java/org/jboss/intersmash/tests/wildfly/elytron/oidc/client/keycloak/BasicKeycloakOperatorOidcApplication.java‎
Lines changed: 1 addition & 31 deletions b/‎testsuite/src/test/java/org/jboss/intersmash/tests/wildfly/elytron/oidc/client/keycloak/BasicKeycloakOperatorOidcApplication.java‎
Lines changed: 1 addition & 31 deletions
diff --git a/‎testsuite/src/test/java/org/jboss/intersmash/tests/wildfly/elytron/oidc/client/keycloak/BasicKeycloakOperatorOidcHttpsApplication.java‎
Lines changed: 72 additions & 0 deletions b/‎testsuite/src/test/java/org/jboss/intersmash/tests/wildfly/elytron/oidc/client/keycloak/BasicKeycloakOperatorOidcHttpsApplication.java‎
Lines changed: 72 additions & 0 deletions
@@ -11,7 +11,7 @@ This tests validates an interoperability use case based on a WildFly/JBoss EAP/J
 uses the Elytron subsystem to configure an OIDC client for a remote Keycloak/Red Hat Build of Keycloak service,
 which is configured to allow OIDC Single-sign-on in order to secure the application resources.
 
-The deployed application descriptor sets the `SSO_APP_SERVICE` environment variable to the URL of the Keycloak service.
+The deployed application descriptor sets the `SSO_OIDC_KEYCLOAK_URL` environment variable to the URL of the Keycloak service.
 
 We have two variations of this test:
 
 
@@ -66,7 +66,7 @@ public class BasicKeycloakOperatorDynamicClientOidcApplication implements Keyclo
 	/** Number of Keycloak instances to deploy. */
 	protected static final long KEYCLOAK_INSTANCES = 1;
 	/** Shared secret for OIDC client authentication. */
-	protected static final String OIDC_SECURE_DEPLOYMENT_SECRET = "3up7r37cr7doidccli7ntpa33word";
+	protected static final String SSO_OIDC_CLIENT_SECRET = "3up7r37cr7doidccli7ntpa33word";
 
 	/** The Keycloak instance custom resource. */
 	protected final Keycloak keycloak;
 
@@ -20,9 +20,6 @@
 import org.jboss.intersmash.application.operator.KeycloakOperatorApplication;
 import org.keycloak.k8s.v2alpha1.keycloakrealmimportspec.realm.Clients;
 import org.keycloak.k8s.v2alpha1.keycloakrealmimportspec.realm.ClientsBuilder;
-import org.keycloak.k8s.v2alpha1.keycloakrealmimportspec.realm.Users;
-import org.keycloak.k8s.v2alpha1.keycloakrealmimportspec.realm.UsersBuilder;
-import org.keycloak.k8s.v2alpha1.keycloakrealmimportspec.realm.users.CredentialsBuilder;
 
 /**
  * Deploys one basic Keycloak instance with a realm with users and a client.
@@ -41,33 +38,6 @@ public BasicKeycloakOperatorOidcApplication() throws IOException {
 		super();
 	}
 
-	/**
-	 * Defines users for the Keycloak realm.
-	 *
-	 * @return users for the Keycloak realm
-	 */
-	protected Users[] getUsers() {
-		return new Users[] {
-				new UsersBuilder()
-						.withUsername(USER_NAME_WITH_CORRECT_ROLE)
-						.withEnabled(true)
-						.withCredentials(new CredentialsBuilder()
-								.withType("password")
-								.withValue(USER_PASSWORD_WITH_CORRECT_ROLE)
-								.build())
-						.withRealmRoles("user")
-						.build(),
-				new UsersBuilder()
-						.withUsername(USER_NAME_WITH_WRONG_ROLE)
-						.withEnabled(true)
-						.withCredentials(new CredentialsBuilder()
-								.withType("password")
-								.withValue(USER_PASSWORD_WITH_WRONG_ROLE)
-								.build())
-						.withRealmRoles("admin")
-						.build() };
-	}
-
 	/**
 	 * Return the list of pre-configured OIDC Clients
 	 * @return the list of pre-configured OIDC Clients
@@ -88,7 +58,7 @@ protected Clients getClients() {
 						String.format("http://%s/", wildflyWithElytronOidcClientRoute))
 				.withWebOrigins(
 						String.format("http://%s/", wildflyWithElytronOidcClientRoute))
-				.withSecret(OIDC_SECURE_DEPLOYMENT_SECRET)
+				.withSecret(SSO_OIDC_CLIENT_SECRET)
 				.withFullScopeAllowed(true)
 				.build();
 	}
 
@@ -0,0 +1,72 @@
+/**
+* Copyright (C) 2025 Red Hat, Inc.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*         http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.jboss.intersmash.tests.wildfly.elytron.oidc.client.keycloak;
+
+import java.io.IOException;
+import org.jboss.intersmash.application.openshift.OpenShiftApplication;
+import org.jboss.intersmash.application.operator.KeycloakOperatorApplication;
+import org.keycloak.k8s.v2alpha1.keycloakrealmimportspec.realm.Clients;
+import org.keycloak.k8s.v2alpha1.keycloakrealmimportspec.realm.ClientsBuilder;
+
+/**
+ * Deploys one basic Keycloak instance with a realm with users and a client.
+ * This can be re-used and extended with other realms and/or clients for different applications.
+ */
+public class BasicKeycloakOperatorOidcHttpsApplication
+		extends BasicKeycloakOperatorDynamicClientOidcApplication
+		implements KeycloakOperatorApplication, OpenShiftApplication {
+
+	/** The OIDC client identifier used for authentication with Keycloak. */
+	public static final String SSO_OIDC_CLIENT_ID = "elytron-oidc-client-id";
+
+	/** The OIDC client secret used for authentication with Keycloak. */
+	public static final String SSO_OIDC_CLIENT_SECRET = "3up7r37cr7doidccli7ntpa33word";
+
+	/**
+	 * Creates a new Keycloak instance which is pre-configured with an OIDC Client; that is for cases when we DON'T use
+	 * dynamic client registration.
+	 *
+	 * @throws IOException if an I/O error occurs during certificate generation
+	 */
+	public BasicKeycloakOperatorOidcHttpsApplication() throws IOException {
+		super();
+	}
+
+	/**
+	 * Return the list of pre-configured OIDC Clients
+	 * @return the list of pre-configured OIDC Clients
+	 */
+	@Override
+	protected Clients getClients() {
+		String route = WildflyBootableJarWithElytronOidcClientApplication.getRoute();
+		return new ClientsBuilder()
+				.withClientId(SSO_OIDC_CLIENT_ID)
+				.withPublicClient(true)
+				.withStandardFlowEnabled(true)
+				.withEnabled(true)
+				.withRootUrl(
+						String.format("https://%s/", route))
+				.withRedirectUris(
+						String.format("https://%s/*", route))
+				.withAdminUrl(
+						String.format("https://%s/", route))
+				.withWebOrigins(
+						String.format("https://%s/", route))
+				.withSecret(SSO_OIDC_CLIENT_SECRET)
+				.withFullScopeAllowed(true)
+				.build();
+	}
+}