Enable ra_select-raa features

Both features have been enabled. Enabling gssp (demo_gssp) authn in the
process.

The removed stepup. example.org institution was removed from the
whitelist

stepup/middleware/middleware-whitelist.json

@@ -1,6 +1,5 @@
 {
   "institutions": [
-    "stepup.example.com",
     "dev.openconext.local",
     "institution-a.example.com",
     "institution-b.example.com",

stepup/tests/behat/features/bootstrap/RaContext.php

@@ -145,6 +145,9 @@ public function iTryToLoginIntoTheRaPortalAs($userName, $tokenType)
             case "yubikey":
                 $this->authContext->verifyYuikeySecondFactor();
                 break;
+            case "demo-gssp":
+                $this->authContext->verifyGsspSecondFactor();
+                break;
             default:
                 throw new Exception(
                     sprintf(

stepup/tests/behat/features/bootstrap/SecondFactorAuthContext.php

@@ -157,6 +157,11 @@ public function verifyYuikeySecondFactor()
         $this->authenticateUserYubikeyInGateway();
     }
 
+    public function verifyGsspSecondFactor()
+    {
+        $this->authenticateUserGsspInGateway();
+    }
+
     /**
      * @When I cancel the :arg1 second factor authentication
      */
@@ -225,14 +230,13 @@ public function authenticateUserYubikeyInGateway()
         $this->minkContext->pressButton('Submit');
     }
 
-    private function debugOut($arg = null)
+    public function authenticateUserGsspInGateway()
     {
-        if ($arg !== null) {
-            var_dump($arg);
-        }
-        echo $this->minkContext->getSession()->getCurrentUrl();
-        echo PHP_EOL . PHP_EOL;
-        die($this->minkContext->getSession()->getPage()->getHtml());
+        $this->minkContext->assertPageAddress('https://demogssp.dev.openconext.local/authentication');
+        $this->minkContext->pressButton('button_authenticate');
+        // Pass through the 'return to sp' redirection page.
+        $this->minkContext->pressButton('Submit');
+        $this->minkContext->pressButton('Submit');
     }
 
     public function authenticateUserSmsInGateway(string $challenge)

stepup/tests/behat/features/ra_select-raa.feature

@@ -1,33 +1,35 @@
-@SKIP
 Feature: A RAA manages RA(A)'s on the promotion page
   In order to manage RA(A)'s
   As a RAA
   I must be able to promote and demote identities to RA(A)'s
 
   Scenario: Provision a institution and a user to promote later on by an authorized institution
-    Given a user "Joe Satriani" identified by "urn:collab:person:institution-d.example.com:joe-d1" from institution "institution-d.example.com"
-    And the user "urn:collab:person:institution-d.example.com:joe-d1" has a vetted "yubikey"
+    Given a user "jane-a2" identified by "urn:collab:person:institution-a.example.com:jane-a2" from institution "institution-a.example.com"
+    Given a user "joe-d1" identified by "urn:collab:person:institution-d.example.com:joe-d1" from institution "institution-d.example.com"
+    And the user "urn:collab:person:institution-a.example.com:jane-a2" has a vetted "yubikey" identified by "00000001"
+    And the user "urn:collab:person:institution-d.example.com:joe-d1" has a vetted "yubikey" identified by "00000005"
     And institution "institution-a.example.com" can "select_raa" from institution "institution-a.example.com"
     And institution "institution-a.example.com" can "select_raa" from institution "institution-d.example.com"
     And institution "institution-d.example.com" can "use_raa" from institution "institution-a.example.com"
     And institution "institution-a.example.com" can "use_raa" from institution "institution-a.example.com"
-
-  Scenario: SRAA user promotes "jane-a1" to be an RAA
+    And institution "institution-d.example.com" can "use_ra" from institution "institution-a.example.com"
+    And institution "institution-a.example.com" can "use_ra" from institution "institution-a.example.com"
+  Scenario: SRAA user promotes "jane-a2" to be an RAA
     Given I am logged in into the ra portal as "admin" with a "yubikey" token
     And I visit the RA promotion page
-    Then I change the role of "jane-a1 institution-a.example.com" to become "RAA" for institution "institution-a.example.com"
+    Then I change the role of "jane-a2" to become "RAA" for institution "institution-a.example.com"
 
-  Scenario: User "jane-a1" promotes "joe-d1" to be an RA
-    Given I am logged in into the ra portal as "jane-a1" with a "yubikey" token
+  Scenario: User "jane-a2" promotes "joe-d1" to be an RA
+    Given I am logged in into the ra portal as "jane-a2" with a "yubikey" token
     And I visit the RA promotion page
-    Then I change the role of "Joe Satriani" to become "RA" for institution "institution-a.example.com"
+    Then I change the role of "joe-d1" to become "RA" for institution "institution-a.example.com"
 
-  Scenario: User "jane-a1" demotes "joe-d1" to no longer be an RA
-    Given I am logged in into the ra portal as "jane-a1" with a "yubikey" token
+  Scenario: User "jane-a2" demotes "joe-d1" to no longer be an RA
+    Given I am logged in into the ra portal as "jane-a2" with a "yubikey" token
     And I visit the RA Management page
-    Then I relieve "Joe Satriani" from "institution-a.example.com" of his "RA" role
+    Then I relieve "joe-d1" from "institution-a.example.com" of his "RA" role
 
-  Scenario: SRAA user demotes "jane-a1" to no longer be an RAA
+  Scenario: SRAA user demotes "jane-a2" to no longer be an RAA
     Given I am logged in into the ra portal as "admin" with a "yubikey" token
     And I visit the RA Management page
-    Then I relieve "jane-a1 institution-a.example.com" from "institution-a.example.com" of his "RAA" role
+    Then I relieve "jane-a2" from "institution-a.example.com" of his "RAA" role

stepup/tests/behat/features/ra_select-raa_use_raa.feature

@@ -1,23 +1,19 @@
-@SKIP
 Feature: A RAA can only manage R RA(A)'s on the promotion page
   In order to manage RA(A)'s
   As a RAA
   I must only be able to manage RA(A)'s if select_raa is set but also use_raa is explicitly set
 
   Scenario: Provision an institution and a user to promote later on by an authorized institution without "institution-d" having "select_raa" rights from "instituition-d"
     Given a user "joe-a-raa" identified by "urn:collab:person:institution-a.example.com:joe-a-raa" from institution "institution-a.example.com" with UUID "00000000-0000-4000-a000-000000000001"
-    And the user "urn:collab:person:institution-a.example.com:joe-a-raa" has a vetted "yubikey" with identifier "00000004"
-    Given a user "jane-d-user" identified by "urn:collab:person:institution-d.example.com:jane-d-user" from institution "institution-d.example.com" with UUID "00000000-0000-4000-a000-000000000002"
-    And the user "urn:collab:person:institution-d.example.com:jane-d-user" has a vetted "yubikey" with identifier "00000005"
-
+    And the user "urn:collab:person:institution-a.example.com:joe-a-raa" has a vetted "yubikey" with identifier "00000010"
+    And a user "jane-d-user" identified by "urn:collab:person:institution-d.example.com:jane-d-user" from institution "institution-d.example.com" with UUID "00000000-0000-4000-a000-000000000002"
+    And the user "urn:collab:person:institution-d.example.com:jane-d-user" has a vetted "yubikey" with identifier "183928174"
     And institution "institution-a.example.com" can "use_raa" from institution "institution-a.example.com"
     And institution "institution-a.example.com" can "use_raa" from institution "institution-d.example.com"
     And institution "institution-a.example.com" can "select_raa" from institution "institution-a.example.com"
     And institution "institution-a.example.com" can "select_raa" from institution "institution-d.example.com"
-
     And institution "institution-d.example.com" can "use_raa" from institution "institution-a.example.com"
     And institution "institution-d.example.com" can "use_raa" from institution "institution-d.example.com"
-#    And institution "institution-d.example.com" can "select_raa" from institution "institution-d.example.com"
     And institution "institution-d.example.com" can "select_raa" from institution "institution-a.example.com"
 
   Scenario: SRAA user promotes "joe-a-raa" to be an RAA