From 2965f3e18375ff202e1877e86c53d20eb8163611 Mon Sep 17 00:00:00 2001
From: Larry Gregory <larry.gregory@elastic.co>
Date: Wed, 9 Sep 2020 19:48:07 -0400
Subject: [PATCH] Skip checking for the reserved realm (#76687)

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
---
 .../apis/security/basic_login.js              | 10 ++--------
 .../apis/security/kerberos_login.ts           |  2 +-
 .../apis/login_selector.ts                    | 19 +++++++------------
 .../apis/authorization_code_flow/oidc_auth.ts |  2 +-
 .../apis/security/pki_auth.ts                 |  2 +-
 .../apis/security/saml_login.ts               |  2 +-
 6 files changed, 13 insertions(+), 24 deletions(-)

diff --git a/x-pack/test/api_integration/apis/security/basic_login.js b/x-pack/test/api_integration/apis/security/basic_login.js
index 4b39b1bf32d5b..43ef8e6b81eac 100644
--- a/x-pack/test/api_integration/apis/security/basic_login.js
+++ b/x-pack/test/api_integration/apis/security/basic_login.js
@@ -148,11 +148,8 @@ export default function ({ getService }) {
       ]);
       expect(apiResponse.body.username).to.be(validUsername);
       expect(apiResponse.body.authentication_provider).to.eql('__http__');
-      expect(apiResponse.body.authentication_realm).to.eql({
-        name: 'reserved',
-        type: 'reserved',
-      });
       expect(apiResponse.body.authentication_type).to.be('realm');
+      // Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
     });
 
     describe('with session cookie', () => {
@@ -197,11 +194,8 @@ export default function ({ getService }) {
         ]);
         expect(apiResponse.body.username).to.be(validUsername);
         expect(apiResponse.body.authentication_provider).to.eql('basic');
-        expect(apiResponse.body.authentication_realm).to.eql({
-          name: 'reserved',
-          type: 'reserved',
-        });
         expect(apiResponse.body.authentication_type).to.be('realm');
+        // Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
       });
 
       it('should extend cookie on every successful non-system API call', async () => {
diff --git a/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts b/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts
index 1f4428e198539..459dc4739897c 100644
--- a/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts
+++ b/x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts
@@ -79,9 +79,9 @@ export default function ({ getService }: FtrProviderContext) {
         .expect(200);
 
       expect(user.username).to.eql(username);
-      expect(user.authentication_realm).to.eql({ name: 'reserved', type: 'reserved' });
       expect(user.authentication_provider).to.eql('basic');
       expect(user.authentication_type).to.eql('realm');
+      // Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
     });
 
     describe('initiating SPNEGO', () => {
diff --git a/x-pack/test/login_selector_api_integration/apis/login_selector.ts b/x-pack/test/login_selector_api_integration/apis/login_selector.ts
index 7eb1f07d67506..44582355cf890 100644
--- a/x-pack/test/login_selector_api_integration/apis/login_selector.ts
+++ b/x-pack/test/login_selector_api_integration/apis/login_selector.ts
@@ -36,7 +36,7 @@ export default function ({ getService }: FtrProviderContext) {
     sessionCookie: Cookie,
     username: string,
     providerName: string,
-    authenticationRealm: { name: string; type: string },
+    authenticationRealm: { name: string; type: string } | null,
     authenticationType: string
   ) {
     expect(sessionCookie.key).to.be('sid');
@@ -67,7 +67,9 @@ export default function ({ getService }: FtrProviderContext) {
 
     expect(apiResponse.body.username).to.be(username);
     expect(apiResponse.body.authentication_provider).to.be(providerName);
-    expect(apiResponse.body.authentication_realm).to.eql(authenticationRealm);
+    if (authenticationRealm) {
+      expect(apiResponse.body.authentication_realm).to.eql(authenticationRealm);
+    }
     expect(apiResponse.body.authentication_type).to.be(authenticationType);
   }
 
@@ -228,16 +230,9 @@ export default function ({ getService }: FtrProviderContext) {
           const basicSessionCookie = request.cookie(
             basicAuthenticationResponse.headers['set-cookie'][0]
           )!;
-          await checkSessionCookie(
-            basicSessionCookie,
-            'elastic',
-            'basic1',
-            {
-              name: 'reserved',
-              type: 'reserved',
-            },
-            'realm'
-          );
+          // Skip auth provider check since this comes from the reserved realm,
+          // which is not available when running on ESS
+          await checkSessionCookie(basicSessionCookie, 'elastic', 'basic1', null, 'realm');
 
           const authenticationResponse = await supertest
             .post('/api/security/saml/callback')
diff --git a/x-pack/test/oidc_api_integration/apis/authorization_code_flow/oidc_auth.ts b/x-pack/test/oidc_api_integration/apis/authorization_code_flow/oidc_auth.ts
index 0a230ac84d991..c2335cf04504f 100644
--- a/x-pack/test/oidc_api_integration/apis/authorization_code_flow/oidc_auth.ts
+++ b/x-pack/test/oidc_api_integration/apis/authorization_code_flow/oidc_auth.ts
@@ -43,9 +43,9 @@ export default function ({ getService }: FtrProviderContext) {
         .expect(200);
 
       expect(user.username).to.eql(username);
-      expect(user.authentication_realm).to.eql({ name: 'reserved', type: 'reserved' });
       expect(user.authentication_provider).to.eql('basic');
       expect(user.authentication_type).to.be('realm');
+      // Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
     });
 
     describe('initiating handshake', () => {
diff --git a/x-pack/test/pki_api_integration/apis/security/pki_auth.ts b/x-pack/test/pki_api_integration/apis/security/pki_auth.ts
index 2f6b088ab7190..0559e9e96fe3f 100644
--- a/x-pack/test/pki_api_integration/apis/security/pki_auth.ts
+++ b/x-pack/test/pki_api_integration/apis/security/pki_auth.ts
@@ -93,8 +93,8 @@ export default function ({ getService }: FtrProviderContext) {
         .expect(200);
 
       expect(user.username).to.eql(username);
-      expect(user.authentication_realm).to.eql({ name: 'reserved', type: 'reserved' });
       expect(user.authentication_provider).to.eql('basic');
+      // Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
     });
 
     it('should properly set cookie and authenticate user', async () => {
diff --git a/x-pack/test/saml_api_integration/apis/security/saml_login.ts b/x-pack/test/saml_api_integration/apis/security/saml_login.ts
index 501e1e5f2c203..2da7c92cd07b6 100644
--- a/x-pack/test/saml_api_integration/apis/security/saml_login.ts
+++ b/x-pack/test/saml_api_integration/apis/security/saml_login.ts
@@ -93,9 +93,9 @@ export default function ({ getService }: FtrProviderContext) {
         .expect(200);
 
       expect(user.username).to.eql(username);
-      expect(user.authentication_realm).to.eql({ name: 'reserved', type: 'reserved' });
       expect(user.authentication_provider).to.eql('basic');
       expect(user.authentication_type).to.be('realm');
+      // Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
     });
 
     describe('initiating handshake', () => {