From 6bf27a212f5e058a935ed01b05ab4033d0068d18 Mon Sep 17 00:00:00 2001
From: Marcial Rosales <marcial.rosales@broadcom.com>
Date: Thu, 14 Nov 2024 19:38:27 +0100
Subject: [PATCH] Use tls in oauth providers and rabbitmq

---
 .github/workflows/test-authnz.yaml            |   8 +-
 .../workflows/test-management-ui-for-pr.yaml  |   6 +-
 .github/workflows/test-management-ui.yaml     |   6 +-
 selenium/.gitignore                           |   7 +
 .../com/rabbitmq/amqp1_0/RoundTripTest.java   |  46 ++++++-
 selenium/bin/components/devkeycloak           |   3 +
 selenium/bin/components/fakeportal            |  11 +-
 selenium/bin/components/fakeproxy             |  10 +-
 selenium/bin/components/keycloak              |   5 +-
 selenium/bin/components/prodkeycloak          |   3 +
 selenium/bin/components/rabbitmq              |  16 ++-
 selenium/bin/components/uaa                   |  12 +-
 selenium/bin/gen-env-file                     |   6 +-
 selenium/bin/suite_template                   | 120 ++++++++++++++++--
 selenium/fakeportal/app.js                    |   5 +-
 selenium/full-suite-authnz-messaging          |   1 +
 selenium/short-suite-management-ui            |   1 +
 .../authnz-messaging/auth-internal-backend.sh |   2 +-
 .../auth-internal-mtls-backend.sh             |   9 ++
 .../authnz-mgt/basic-auth-behind-proxy.sh     |   2 +-
 ...initiated-with-uaa-and-prefix-via-proxy.sh |   2 +-
 .../oauth-idp-initiated-with-uaa-via-proxy.sh |   2 +-
 selenium/suites/authnz-mgt/oauth-with-uaa.sh  |   2 +-
 selenium/test/authnz-msg-protocols/amqp10.js  |  10 +-
 .../test/authnz-msg-protocols/env.auth-mtls   |   2 +
 selenium/test/authnz-msg-protocols/env.local  |   1 -
 selenium/test/authnz-msg-protocols/env.tls    |   2 +
 selenium/test/authnz-msg-protocols/mqtt.js    |  25 +++-
 .../rabbitmq.auth-mtls.conf                   |  13 ++
 .../authnz-msg-protocols/rabbitmq.tls.conf    |  13 ++
 selenium/test/env.docker                      |   1 +
 selenium/test/env.local                       |   2 +
 selenium/test/env.tls.docker                  |   2 +
 selenium/test/env.tls.local                   |   3 +
 .../test/multi-oauth/certs/ca_certificate.pem |  21 ---
 .../certs/server_rabbitmq_certificate.pem     |  41 +++---
 .../multi-oauth/certs/server_rabbitmq_key.pem |  52 ++++----
 .../devkeycloak/ca_certificate.pem            |  21 ---
 .../devkeycloak/server_devkeycloak.p12        | Bin 3517 -> 3683 bytes
 .../server_devkeycloak_certificate.pem        |  42 +++---
 .../devkeycloak/server_devkeycloak_key.pem    |  52 ++++----
 .../test/multi-oauth/env.docker.devkeycloak   |   2 +-
 .../test/multi-oauth/env.docker.prodkeycloak  |   2 +-
 .../test/multi-oauth/env.local.devkeycloak    |   2 +-
 .../test/multi-oauth/env.local.prodkeycloak   |   2 +-
 .../prodkeycloak/ca_certificate.pem           |  21 ---
 .../prodkeycloak/server_prodkeycloak.p12      | Bin 3517 -> 3683 bytes
 .../server_prodkeycloak_certificate.pem       |  42 +++---
 .../prodkeycloak/server_prodkeycloak_key.pem  |  52 ++++----
 selenium/test/multi-oauth/rabbitmq.tls.conf   |  12 +-
 selenium/test/oauth/certs/ca_certificate.pem  |  21 ---
 .../certs/server_rabbitmq_certificate.pem     |  23 ----
 .../test/oauth/certs/server_rabbitmq_key.pem  |  28 ----
 selenium/test/oauth/env.docker.fakeportal     |   2 +-
 selenium/test/oauth/env.docker.fakeproxy      |   2 +-
 selenium/test/oauth/env.docker.keycloak       |   2 +-
 selenium/test/oauth/env.docker.uaa            |   2 +-
 selenium/test/oauth/env.local.fakeportal      |   2 +-
 selenium/test/oauth/env.local.keycloak        |   2 +-
 selenium/test/oauth/env.local.uaa             |   2 +-
 .../test/oauth/keycloak/ca_certificate.pem    |  21 ---
 selenium/test/oauth/keycloak/openssl.cnf.in   |   3 +
 .../keycloak/server_keycloak_certificate.pem  |  23 ----
 .../oauth/keycloak/server_keycloak_key.pem    |  28 ----
 selenium/test/oauth/rabbitmq.tls.conf         |  12 +-
 selenium/test/oauth/uaa/server.xml            |  43 +++++++
 selenium/test/oauth/uaa/uaa.yml               |   3 +
 67 files changed, 512 insertions(+), 430 deletions(-)
 create mode 100755 selenium/suites/authnz-messaging/auth-internal-mtls-backend.sh
 create mode 100644 selenium/test/authnz-msg-protocols/env.auth-mtls
 delete mode 100644 selenium/test/authnz-msg-protocols/env.local
 create mode 100644 selenium/test/authnz-msg-protocols/env.tls
 create mode 100644 selenium/test/authnz-msg-protocols/rabbitmq.auth-mtls.conf
 create mode 100644 selenium/test/authnz-msg-protocols/rabbitmq.tls.conf
 delete mode 100644 selenium/test/multi-oauth/certs/ca_certificate.pem
 delete mode 100644 selenium/test/multi-oauth/devkeycloak/ca_certificate.pem
 delete mode 100644 selenium/test/multi-oauth/prodkeycloak/ca_certificate.pem
 delete mode 100644 selenium/test/oauth/certs/ca_certificate.pem
 delete mode 100644 selenium/test/oauth/certs/server_rabbitmq_certificate.pem
 delete mode 100644 selenium/test/oauth/certs/server_rabbitmq_key.pem
 delete mode 100644 selenium/test/oauth/keycloak/ca_certificate.pem
 create mode 100644 selenium/test/oauth/keycloak/openssl.cnf.in
 delete mode 100644 selenium/test/oauth/keycloak/server_keycloak_certificate.pem
 delete mode 100644 selenium/test/oauth/keycloak/server_keycloak_key.pem
 create mode 100644 selenium/test/oauth/uaa/server.xml

diff --git a/.github/workflows/test-authnz.yaml b/.github/workflows/test-authnz.yaml
index 1e5e6c54c454..45dd825dcfa6 100644
--- a/.github/workflows/test-authnz.yaml
+++ b/.github/workflows/test-authnz.yaml
@@ -24,8 +24,8 @@ on:
       - 'deps/rabbitmq_auth_/**'
       - 'deps/rabbitmq_mqtt/**'
       - 'deps/rabbitmq_management/selenium/full-suite-authnz-messaging'
-      - 'deps/rabbitmq_management/selenium/suites/authnz-messaging'
-      - 'deps/rabbitmq_management/selenium/test/authnz-msg-protocols'
+      - 'deps/rabbitmq_management/selenium/suites/authnz-messaging/**'
+      - 'deps/rabbitmq_management/selenium/test/authnz-msg-protocols/**'
       - .github/workflows/test-authnz.yaml
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
@@ -83,7 +83,9 @@ jobs:
         IMAGE_TAG=$(find PACKAGES/rabbitmq-server-generic-unix-*.tar.xz | awk -F 'PACKAGES/rabbitmq-server-generic-unix-|.tar.xz' '{print $2}')
         RABBITMQ_DOCKER_IMAGE=pivotalrabbitmq/rabbitmq:$IMAGE_TAG \
          ${SELENIUM_DIR}/run-suites.sh full-suite-authnz-messaging
-
+        mkdir -p /tmp/full-suite-authnz-messaging
+        mv /tmp/selenium/* /tmp/full-suite-authnz-messaging
+        
     - name: Upload Test Artifacts
       if: always()
       uses: actions/upload-artifact@v4.3.2
diff --git a/.github/workflows/test-management-ui-for-pr.yaml b/.github/workflows/test-management-ui-for-pr.yaml
index 090e37bd0170..3a39253a1de0 100644
--- a/.github/workflows/test-management-ui-for-pr.yaml
+++ b/.github/workflows/test-management-ui-for-pr.yaml
@@ -63,11 +63,7 @@ jobs:
           ${SELENIUM_DIR}/run-suites.sh short-suite-management-ui
         mkdir -p /tmp/full-suite
         mv /tmp/selenium/* /tmp/full-suite
-        mkdir -p /tmp/full-suite/logs
-        mv ${SELENIUM_DIR}/logs/* /tmp/full-suite/logs
-        mkdir -p /tmp/full-suite/screens
-        mv ${SELENIUM_DIR}/screens/* /tmp/full-suite/screens
-
+        
     - name: Upload Test Artifacts
       if: always()
       uses: actions/upload-artifact@v4.3.2
diff --git a/.github/workflows/test-management-ui.yaml b/.github/workflows/test-management-ui.yaml
index a0b765eca0ab..d1cde41f27e9 100644
--- a/.github/workflows/test-management-ui.yaml
+++ b/.github/workflows/test-management-ui.yaml
@@ -78,11 +78,7 @@ jobs:
           ${SELENIUM_DIR}/run-suites.sh short-suite-management-ui
         mkdir -p /tmp/short-suite
         mv /tmp/selenium/* /tmp/short-suite
-        mkdir -p /tmp/short-suite/logs
-        mv ${SELENIUM_DIR}/logs/* /tmp/short-suite/logs
-        mkdir -p /tmp/short-suite/screens
-        mv ${SELENIUM_DIR}/screens/* /tmp/short-suite/screens
-
+        
     - name: Upload Test Artifacts
       if: always()
       uses: actions/upload-artifact@v4.3.2
diff --git a/selenium/.gitignore b/selenium/.gitignore
index 63c36b351eb4..250dd02db8df 100644
--- a/selenium/.gitignore
+++ b/selenium/.gitignore
@@ -7,3 +7,10 @@ suites/screens/*
 test/oauth/*/h2/*.trace.db
 test/oauth/*/h2/*.lock.db
 */target/*
+tls-gen
+test/*/certs/*.pem
+test/*/certs/*.p12
+test/*/certs/*.jks
+test/*/*/*.pem
+test/*/*/*.p12
+test/*/*/*.jks
diff --git a/selenium/amqp10-roundtriptest/src/main/java/com/rabbitmq/amqp1_0/RoundTripTest.java b/selenium/amqp10-roundtriptest/src/main/java/com/rabbitmq/amqp1_0/RoundTripTest.java
index d683e23d8bce..461f43722cbf 100644
--- a/selenium/amqp10-roundtriptest/src/main/java/com/rabbitmq/amqp1_0/RoundTripTest.java
+++ b/selenium/amqp10-roundtriptest/src/main/java/com/rabbitmq/amqp1_0/RoundTripTest.java
@@ -15,15 +15,45 @@ public class RoundTripTest {
   public static String getEnv(String property, String defaultValue) {
     return System.getenv(property) == null ? defaultValue : System.getenv(property);
   }
+  public static String getEnv(String property) {
+    String value = System.getenv(property);
+    if (value == null) {
+      throw new IllegalArgumentException("Missing env variable " + property);
+    }
+    return value;
+  }
   public static void main(String args[]) throws Exception {
     String hostname = getEnv("RABBITMQ_HOSTNAME", "localhost");
     String port = getEnv("RABBITMQ_AMQP_PORT", "5672");
     String scheme = getEnv("RABBITMQ_AMQP_SCHEME", "amqp");
+    String uri = scheme + "://" + hostname + ":" + port;
     String username = args.length > 0 ? args[0] : getEnv("RABBITMQ_AMQP_USERNAME", "guest");
     String password = args.length > 1 ? args[1] : getEnv("RABBITMQ_AMQP_PASSWORD", "guest");
-    String uri = scheme + "://" + hostname + ":" + port;
+    
+    boolean usemtls = Boolean.parseBoolean(getEnv("AMQP_USE_MTLS", "false"));
+    String certsLocation = getEnv("RABBITMQ_CERTS");
+    
+    if ("amqps".equals(scheme)) {
+      List<String> connectionParams = new ArrayList<String>();
+
+      connectionParams.add("transport.trustStoreLocation=" + certsLocation + "/truststore.jks");
+      connectionParams.add("transport.trustStorePassword=foobar");
+      connectionParams.add("transport.verifyHost=true");  
+      connectionParams.add("transport.trustAll=true");    
 
-    System.out.println("AMQPS Roundrip using uri " + uri);
+      if (usemtls) {
+        connectionParams.add("amqp.saslMechanisms=EXTERNAL");
+        connectionParams.add("transport.keyStoreLocation=" + certsLocation + "/client_rabbitmq.jks");
+        connectionParams.add("transport.keyStorePassword=foobar");
+        connectionParams.add("transport.keyAlias=client-rabbitmq-tls");
+      }
+      if (!connectionParams.isEmpty()) {
+        uri = uri + "?" + String.join("&", connectionParams);       
+        System.out.println("Using AMQP URI " + uri);
+      }
+    }
+
+    assertNotNull(uri);
 
     Hashtable<Object, Object> env = new Hashtable<>();
     env.put(Context.INITIAL_CONTEXT_FACTORY, "org.apache.qpid.jms.jndi.JmsInitialContextFactory");
@@ -33,12 +63,11 @@ public static void main(String args[]) throws Exception {
     env.put("jms.requestTimeout", 5);
     javax.naming.Context context = new javax.naming.InitialContext(env);
 
-    assertNotNull(uri);
-
     ConnectionFactory factory = (ConnectionFactory) context.lookup("myFactoryLookup");
     Destination queue = (Destination) context.lookup("myQueueLookup");
 
-    try (Connection connection = factory.createConnection(username, password)) {
+    try (Connection connection = 
+                      createConnection(factory, usemtls, username, password)) {
       connection.start();
 
       Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
@@ -56,5 +85,12 @@ public static void main(String args[]) throws Exception {
 
       assertEquals(message.getText(), receivedMessage.getText());
     }
+  }  
+  private static Connection createConnection(ConnectionFactory factory, 
+      boolean usemtls, String username, String password) throws jakarta.jms.JMSException {
+    if (usemtls) {
+      return factory.createConnection();      
+    }
+    return factory.createConnection(username, password);
   }
 }
diff --git a/selenium/bin/components/devkeycloak b/selenium/bin/components/devkeycloak
index 352544372c4a..2147695739ea 100644
--- a/selenium/bin/components/devkeycloak
+++ b/selenium/bin/components/devkeycloak
@@ -9,6 +9,9 @@ init_devkeycloak() {
   print "> DEVKEYCLOAK_CONFIG_DIR: ${DEVKEYCLOAK_CONFIG_DIR}"
   print "> DEVKEYCLOAK_URL: ${DEVKEYCLOAK_URL}"
   print "> DEVKEYCLOAK_DOCKER_IMAGE: ${KEYCLOAK_DOCKER_IMAGE}"
+
+  generate-ca-server-client-kpi devkeycloak $DEVKEYCLOAK_CONFIG_DIR
+
 }
 ensure_devkeycloak() {
   if docker ps | grep devkeycloak &> /dev/null; then
diff --git a/selenium/bin/components/fakeportal b/selenium/bin/components/fakeportal
index aadbda50327b..cd42c272fee9 100644
--- a/selenium/bin/components/fakeportal
+++ b/selenium/bin/components/fakeportal
@@ -1,3 +1,10 @@
+#!/usr/bin/env bash
+
+SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+if [[ ! -z "${DEBUG}" ]]; then
+  set -x
+fi
 
 ensure_fakeportal() {
   if docker ps | grep fakeportal &> /dev/null; then
@@ -9,7 +16,7 @@ ensure_fakeportal() {
 
 init_fakeportal() {
   FAKEPORTAL_URL=${FAKEPORTAL_URL:-http://fakeportal:3000}
-  FAKEPORTAL_DIR=${SCRIPT}/../fakeportal
+  FAKEPORTAL_DIR=${SCRIPT}/../../fakeportal
   CLIENT_ID="${CLIENT_ID:-rabbit_idp_user}"
   CLIENT_SECRET="${CLIENT_SECRET:-rabbit_idp_user}"
   RABBITMQ_HOST=${RABBITMQ_HOST:-proxy:9090}
@@ -44,6 +51,8 @@ start_fakeportal() {
     --env UAA_URL="${UAA_URL_FOR_FAKEPORTAL}" \
     --env CLIENT_ID="${CLIENT_ID}" \
     --env CLIENT_SECRET="${CLIENT_SECRET}" \
+    --env NODE_EXTRA_CA_CERTS=/etc/uaa/ca_uaa_certificate.pem \
+    -v ${TEST_CONFIG_PATH}/uaa:/etc/uaa \
     -v ${FAKEPORTAL_DIR}:/code/fakeportal \
     mocha-test:${mocha_test_tag} run fakeportal
 
diff --git a/selenium/bin/components/fakeproxy b/selenium/bin/components/fakeproxy
index 2705ee80427e..cf6983371f0a 100644
--- a/selenium/bin/components/fakeproxy
+++ b/selenium/bin/components/fakeproxy
@@ -1,4 +1,10 @@
+#!/usr/bin/env bash
 
+SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+if [[ ! -z "${DEBUG}" ]]; then
+  set -x
+fi
 
 ensure_fakeproxy() {
   if docker ps | grep fakeproxy &> /dev/null; then
@@ -10,7 +16,7 @@ ensure_fakeproxy() {
 
 init_fakeproxy() {
   FAKEPROXY_URL=${FAKEPROXY_URL:-http://fakeproxy:9090}
-  FAKEPROXY_DIR=${SCRIPT}/../fakeportal
+  FAKEPROXY_DIR=${SCRIPT}/../../fakeportal
   CLIENT_ID="${CLIENT_ID:-rabbit_idp_user}"
   CLIENT_SECRET="${CLIENT_SECRET:-rabbit_idp_user}"
   RABBITMQ_HOST_FOR_FAKEPROXY=${RABBITMQ_HOST_FOR_FAKEPROXY:-rabbitmq:15672}
@@ -43,6 +49,8 @@ start_fakeproxy() {
     --env UAA_URL="${UAA_URL_FOR_FAKEPROXY}" \
     --env CLIENT_ID="${CLIENT_ID}" \
     --env CLIENT_SECRET="${CLIENT_SECRET}" \
+    --env NODE_EXTRA_CA_CERTS=/etc/uaa/ca_uaa_certificate.pem \
+    -v ${TEST_CONFIG_PATH}/uaa:/etc/uaa \
     -v ${FAKEPROXY_DIR}:/code/fakeportal \
     mocha-test:${mocha_test_tag} run fakeproxy
 
diff --git a/selenium/bin/components/keycloak b/selenium/bin/components/keycloak
index d6470262f194..a632f6560b1e 100644
--- a/selenium/bin/components/keycloak
+++ b/selenium/bin/components/keycloak
@@ -17,6 +17,9 @@ init_keycloak() {
   print "> KEYCLOAK_CONFIG_DIR: ${KEYCLOAK_CONFIG_DIR}"
   print "> KEYCLOAK_URL: ${KEYCLOAK_URL}"
   print "> KEYCLOAK_DOCKER_IMAGE: ${KEYCLOAK_DOCKER_IMAGE}"
+
+  generate-ca-server-client-kpi keycloak $KEYCLOAK_CONFIG_DIR
+
 }
 start_keycloak() {
   begin "Starting keycloak ..."
@@ -44,7 +47,7 @@ start_keycloak() {
     --https-certificate-file=/opt/keycloak/data/import/server_keycloak_certificate.pem \
     --https-certificate-key-file=/opt/keycloak/data/import/server_keycloak_key.pem
 
-  wait_for_oidc_endpoint keycloak $KEYCLOAK_URL $MOUNT_KEYCLOAK_CONF_DIR/ca_certificate.pem
+  wait_for_oidc_endpoint keycloak $KEYCLOAK_URL $MOUNT_KEYCLOAK_CONF_DIR/ca_keycloak_certificate.pem
   end "Keycloak is ready"
 
   print " Note: If you modify keycloak configuration. Make sure to run the following command to export the configuration."
diff --git a/selenium/bin/components/prodkeycloak b/selenium/bin/components/prodkeycloak
index c0e3ee16192e..45e772eec48a 100644
--- a/selenium/bin/components/prodkeycloak
+++ b/selenium/bin/components/prodkeycloak
@@ -16,6 +16,9 @@ init_prodkeycloak() {
   print "> PRODKEYCLOAK_CONFIG_DIR: ${PRODKEYCLOAK_CONFIG_DIR}"
   print "> PRODKEYCLOAK_URL: ${PRODKEYCLOAK_URL}"
   print "> KEYCLOAK_DOCKER_IMAGE: ${KEYCLOAK_DOCKER_IMAGE}"
+
+    generate-ca-server-client-kpi prodkeycloak $PRODKEYCLOAK_CONFIG_DIR
+
 }
 start_prodkeycloak() {
   begin "Starting prodkeycloak ..."
diff --git a/selenium/bin/components/rabbitmq b/selenium/bin/components/rabbitmq
index 3fb9cb002f85..7a550bcdcf6e 100644
--- a/selenium/bin/components/rabbitmq
+++ b/selenium/bin/components/rabbitmq
@@ -1,5 +1,8 @@
 #!/usr/bin/env bash
 
+SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+
 init_rabbitmq() {
   RABBITMQ_CONFIG_DIR=${TEST_CONFIG_DIR}
   RABBITMQ_DOCKER_IMAGE=${RABBITMQ_DOCKER_IMAGE:-rabbitmq}
@@ -9,6 +12,13 @@ init_rabbitmq() {
   [[ -z "${OAUTH_SERVER_CONFIG_BASEDIR}" ]] || print "> OAUTH_SERVER_CONFIG_BASEDIR: ${OAUTH_SERVER_CONFIG_BASEDIR}"
   [[ -z "${OAUTH_SERVER_CONFIG_DIR}" ]] || print "> OAUTH_SERVER_CONFIG_DIR: ${OAUTH_SERVER_CONFIG_DIR}"
 
+  if [[ ! -d "${RABBITMQ_CONFIG_DIR}/certs" ]]; then 
+    mkdir ${RABBITMQ_CONFIG_DIR}/certs
+  fi 
+  generate-ca-server-client-kpi rabbitmq $RABBITMQ_CONFIG_DIR/certs
+  generate-server-keystore-if-required rabbitmq $RABBITMQ_CONFIG_DIR/certs
+  generate-client-keystore-if-required rabbitmq $RABBITMQ_CONFIG_DIR/certs
+  generate-truststore-if-required rabbitmq $RABBITMQ_CONFIG_DIR/certs
 }
 
 start_rabbitmq() {
@@ -157,7 +167,7 @@ start_docker_rabbitmq() {
   if [ -f ${RABBITMQ_CONFIG_DIR}/enabled_plugins ]; then
       cp ${RABBITMQ_CONFIG_DIR}/enabled_plugins $CONF_DIR/rabbitmq
   fi
-  if [ -d ${RABBITMQ_CONFIG_DIR}/certs ]; then
+  if [ -d "${RABBITMQ_CONFIG_DIR}/certs" ]; then      
       cp -r ${RABBITMQ_CONFIG_DIR}/certs $CONF_DIR/rabbitmq
   fi
   if [ -d ${RABBITMQ_CONFIG_DIR}/imports ]; then
@@ -175,10 +185,10 @@ start_docker_rabbitmq() {
     -p 15672:15672 \
     -p 15671:15671 \
     -v $CONF_DIR/rabbitmq/:/etc/rabbitmq \
-    -v $CONF_DIR/rabbitmq/:/var/rabbitmq \
+    -v $CONF_DIR/rabbitmq/imports:/var/rabbitmq/imports \
     -v ${TEST_DIR}:/config \
     ${RABBITMQ_DOCKER_IMAGE}
-
+    
   wait_for_message rabbitmq "Server startup complete"
   end "RabbitMQ ready"
 }
diff --git a/selenium/bin/components/uaa b/selenium/bin/components/uaa
index f07b535176f8..2a91fb468aa0 100644
--- a/selenium/bin/components/uaa
+++ b/selenium/bin/components/uaa
@@ -16,6 +16,9 @@ init_uaa() {
   print "> UAA_CONFIG_DIR: ${UAA_CONFIG_DIR}"
   print "> UAA_URL: ${UAA_URL}"
   print "> UAA_DOCKER_IMAGE: ${UAA_DOCKER_IMAGE}"
+  
+  generate-ca-server-client-kpi uaa $UAA_CONFIG_DIR
+  generate-server-keystore-if-required uaa $UAA_CONFIG_DIR
 }
 start_uaa() {
   begin "Starting UAA ..."
@@ -34,12 +37,13 @@ start_uaa() {
     --detach \
     --name uaa \
     --net ${DOCKER_NETWORK} \
-    --publish 8080:8080 \
-    --mount "type=bind,source=$MOUNT_UAA_CONF_DIR,target=/uaa" \
+    --publish 8443:8443 \
+    -v ${MOUNT_UAA_CONF_DIR}:/uaa \
+    -v ${UAA_CONFIG_DIR}/server.xml:/layers/paketo-buildpacks_apache-tomcat/catalina-base/conf/server.xml \
     --env UAA_CONFIG_PATH="/uaa" \
-    --env JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom" \
+    --env JAVA_OPTS="-Djava.security.policy=unlimited -Djava.security.egd=file:/dev/./urandom" \
     ${UAA_DOCKER_IMAGE}
-
+   
   wait_for_oidc_endpoint uaa $UAA_URL
   end "UAA is ready"
 }
diff --git a/selenium/bin/gen-env-file b/selenium/bin/gen-env-file
index 731cefcecb8b..6d327896172a 100755
--- a/selenium/bin/gen-env-file
+++ b/selenium/bin/gen-env-file
@@ -1,7 +1,10 @@
 #!/usr/bin/env bash
 SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
-#set -x
+if [[ ! -z "${DEBUG}" ]]; then
+  set -x
+fi
+
 
 ENV_FILE="/tmp/rabbitmq/.env"
 FIND_PATH=$1
@@ -14,6 +17,7 @@ generate_env_file() {
   echo "#!/usr/bin/env bash" > $ENV_FILE
   echo "set -u" >> $ENV_FILE
   echo "export SELENIUM=${SCRIPT}/.." >> $ENV_FILE
+  echo "export TEST_CONFIG_PATH=${FIND_PATH}" >> $ENV_FILE
 
   declare -a FILE_ARRAY
   for f in $($SCRIPT/find-template-files $FIND_PATH "env")
diff --git a/selenium/bin/suite_template b/selenium/bin/suite_template
index faad7cbb8031..ecad529b1985 100644
--- a/selenium/bin/suite_template
+++ b/selenium/bin/suite_template
@@ -30,9 +30,9 @@ find_selenium_dir() {
 SELENIUM_ROOT_FOLDER=$(find_selenium_dir $SCRIPT)
 TEST_DIR=$SELENIUM_ROOT_FOLDER/test
 BIN_DIR=$SELENIUM_ROOT_FOLDER/bin
-LOGS=${SELENIUM_ROOT_FOLDER}/logs/${SUITE}
 SCREENS=${SELENIUM_ROOT_FOLDER}/screens/${SUITE}
 CONF_DIR=/tmp/selenium/${SUITE}
+LOGS=${CONF_DIR}/logs
 ENV_FILE=$CONF_DIR/.env
 
 rm -rf $CONF_DIR
@@ -132,7 +132,7 @@ build_mocha_image() {
   tag=($(md5sum $SELENIUM_ROOT_FOLDER/package.json))
   print "> tag : $tag"
   if [[ $(docker images -q mocha-test:$tag 2> /dev/null) == "" ]]; then
-    docker build -t mocha-test:$tag  --target test $SCRIPT/..
+    docker build -t mocha-test:$tag  --target test $SELENIUM_ROOT_FOLDER
     print "> Built docker image mocha-test:$tag"
   fi
   end "mocha-test image exists"
@@ -170,13 +170,13 @@ wait_for_oidc_endpoint() {
 wait_for_oidc_endpoint_local() {
   NAME=$1
   BASE_URL=$2
-  CURL_ARGS="-L --fail "
+  CURL_ARGS="-k --tlsv1.2 -L --fail "
   DELAY_BETWEEN_ATTEMPTS=5
   if [[ $# -eq 3 ]]; then
     CURL_ARGS="$CURL_ARGS --cacert $3"
     DELAY_BETWEEN_ATTEMPTS=10
   fi
-  max_retry=10
+  max_retry=15
   counter=0
   print "Waiting for OIDC discovery endpoint $NAME ... (BASE_URL: $BASE_URL)"
   until (curl $CURL_ARGS ${BASE_URL}/.well-known/openid-configuration >/dev/null 2>&1)
@@ -191,7 +191,7 @@ wait_for_oidc_endpoint_local() {
 wait_for_oidc_endpoint_docker() {
   NAME=$1
   BASE_URL=$2
-  CURL_ARGS="-L --fail "
+  CURL_ARGS="-k --tlsv1.2 -L --fail "
   DOCKER_ARGS="--rm --net ${DOCKER_NETWORK} "
   DELAY_BETWEEN_ATTEMPTS=5
   if [[ $# -gt 2  ]]; then
@@ -199,7 +199,7 @@ wait_for_oidc_endpoint_docker() {
     CURL_ARGS="$CURL_ARGS --cacert /tmp/ca_certificate.pem"
     DELAY_BETWEEN_ATTEMPTS=10
   fi
-  max_retry=10
+  max_retry=15
   counter=0
   print "Waiting for OIDC discovery endpoint $NAME ... (BASE_URL: $BASE_URL)"
   until (docker run $DOCKER_ARGS curlimages/curl:7.85.0 $CURL_ARGS ${BASE_URL}/.well-known/openid-configuration >/dev/null 2>&1)
@@ -333,9 +333,11 @@ _test() {
     --env SELENIUM_POLLING=${SELENIUM_POLLING} \
     --env PROFILES="${PROFILES}" \
     --env ENV_FILE="/code/.env" \
+    --env RABBITMQ_CERTS=/etc/rabbitmq/certs \
     --env NODE_EXTRA_CA_CERTS=/nodejs/ca.pem \
     -v ${MOUNT_NODE_EXTRA_CA_CERTS}:/nodejs/ca.pem \
     -v ${TEST_DIR}:/code/test \
+    -v ${TEST_CONFIG_DIR}/certs:/etc/rabbitmq/certs \
     -v ${SCREENS}:/screens \
     -v ${ENV_FILE}:/code/.env \
     mocha-test:${mocha_test_tag} test /code/test${TEST_CASES_PATH}
@@ -371,10 +373,104 @@ profiles_with_local_or_docker() {
 generate_env_file() {
     begin "Generating env file ..."
     mkdir -p $CONF_DIR
-    ${BIN_DIR}/gen-env-file $TEST_CONFIG_DIR $ENV_FILE
-    source $ENV_FILE
+    ${BIN_DIR}/gen-env-file $TEST_CONFIG_DIR $ENV_FILE    
+    source $ENV_FILE    
     end "Finished generating env file."
 }
+generate-ca-server-client-kpi() {
+  NAME=$1
+  FOLDER=$2
+  if [[ ! -f "${FOLDER}/server_${NAME}_key.pem" ]]; then
+	  do_generate-ca-server-client-kpi $1 $2
+  fi
+}
+do_generate-ca-server-client-kpi() {
+  NAME=$1
+  FOLDER=$2
+  ROOT=$SELENIUM_ROOT_FOLDER
+
+  begin "Generate certs for $NAME"
+
+  if [ ! -d "$ROOT/tls-gen" ]; then
+    git clone https://github.com/michaelklishin/tls-gen $ROOT/tls-gen
+  fi
+
+  print "Generating CA and Server (localhost and $NAME) PKI under $FOLDER ..."
+  mkdir -p $FOLDER
+
+  CUR_DIR=$(pwd)
+  cd $ROOT/tls-gen/basic
+  cp openssl.cnf openssl.cnf.bak
+  if [ -f "$FOLDER/openssl.cnf.in" ]; then     
+    cp $FOLDER/openssl.cnf.in >> openssl.cnf
+  fi 
+  if [[ ! -z "${DEBUG}" ]]; then
+    print "Used this openssl.conf"
+    cat openssl.cnf
+  fi
+  make CN=$NAME CLIENT_ALT_NAME=internaluser
+  cp openssl.cnf.bak openssl.cnf  
+  cd $CUR_DIR
+
+  cp $ROOT/tls-gen/basic/result/ca_certificate.pem $FOLDER/ca_${NAME}_certificate.pem
+  cp $ROOT/tls-gen/basic/result/server_${NAME}_certificate.pem $FOLDER
+  cp $ROOT/tls-gen/basic/result/server_${NAME}_key.pem $FOLDER
+  cp $ROOT/tls-gen/basic/result/server_${NAME}.p12 $FOLDER
+  cp $ROOT/tls-gen/basic/result/client_${NAME}_certificate.pem $FOLDER
+  cp $ROOT/tls-gen/basic/result/client_${NAME}_key.pem $FOLDER
+  cp $ROOT/tls-gen/basic/result/client_${NAME}.p12 $FOLDER
+  chmod ugo+r $FOLDER/*.pem
+  end "SSL Certificates generated for $NAME under $FOLDER"
+}
+generate-truststore-if-required() {
+  NAME=$1
+  FOLDER=$2
+  if [[ ! -f "${FOLDER}/truststore.jks" ]]; then
+    keytool -import \
+      -trustcacerts \
+      -file ${FOLDER}/ca_${NAME}_certificate.pem \
+      -keystore ${FOLDER}/truststore.jks \
+      -storepass foobar \
+			-noprompt
+  fi
+}
+generate-server-keystore-if-required() {
+  NAME=$1
+  FOLDER=$2
+  if [ ! -f "${FOLDER}/server_${NAME}.jks" ]; then
+    keytool -importkeystore \
+        -destkeystore ${FOLDER}/server_${NAME}.jks \
+        -srckeystore ${FOLDER}/server_${NAME}.p12 \
+        -deststoretype pkcs12 \
+        -srcstoretype pkcs12 \
+        -alias 1 \
+        -destalias server-${NAME}-tls \
+        -deststorepass foobar \
+        -destkeypass foobar \
+        -srcstorepass "" \
+        -srckeypass "" \
+        -noprompt
+  fi
+}
+generate-client-keystore-if-required() {
+  NAME=$1
+  FOLDER=$2
+  if [ ! -f "${FOLDER}/client_${NAME}.jks" ]; then
+    keytool -importkeystore \
+        -destkeystore ${FOLDER}/client_${NAME}.jks \
+        -srckeystore ${FOLDER}/client_${NAME}.p12 \
+        -deststoretype pkcs12 \
+        -srcstoretype pkcs12 \
+        -alias 1 \
+        -destalias client-${NAME}-tls \
+        -deststorepass foobar \
+        -destkeypass foobar \
+        -srcstorepass "" \
+        -srckeypass "" \
+        -noprompt
+  fi
+}
+
 run() {
   runWith rabbitmq
 }
@@ -420,13 +516,13 @@ elif [[ "$COMMAND" == "stop-rabbitmq" ]]
   fi
 }
 determine_required_components_including_rabbitmq() {
-  if [[ "$@" != *"rabbitmq"* ]]; then
-    REQUIRED_COMPONENTS+=("rabbitmq")
-  fi
   for (( i=1; i<=$#; i++)) {
     eval val='$'$i
     REQUIRED_COMPONENTS+=( "$val" )
   }
+  if [[ "$@" != *"rabbitmq"* ]]; then
+    REQUIRED_COMPONENTS+=("rabbitmq")
+  fi
 }
 determine_required_components_excluding_rabbitmq() {
   for (( i=1; i<=$#; i++)) {
@@ -489,7 +585,7 @@ test_local() {
   export RABBITMQ_AMQP_PASSWORD=${RABBITMQ_AMQP_PASSWORD}
   export SELENIUM_TIMEOUT=${SELENIUM_TIMEOUT:-20000}
   export SELENIUM_POLLING=${SELENIUM_POLLING:-500}
-
+  
   print "> SELENIUM_TIMEOUT: ${SELENIUM_TIMEOUT}"
   print "> SELENIUM_POLLING: ${SELENIUM_POLLING}"
   print "> RABBITMQ_HOST: ${RABBITMQ_HOST}"
diff --git a/selenium/fakeportal/app.js b/selenium/fakeportal/app.js
index ea0ff1a37021..5b8d422d0375 100644
--- a/selenium/fakeportal/app.js
+++ b/selenium/fakeportal/app.js
@@ -56,8 +56,9 @@ function access_token(id, secret) {
   if (req.status == 200) {
     const token = JSON.parse(req.responseText).access_token;
     console.log("Token => " + token)
-    return token;
+    return token
   } else {
-    throw new Error(req.status + " : " + req.responseText);
+    throw new Error(req.status + " : " + " : " + 
+      req.response + " : " + req.responseText)
   }
 }
diff --git a/selenium/full-suite-authnz-messaging b/selenium/full-suite-authnz-messaging
index 5eec8081fa62..b86198f7a759 100644
--- a/selenium/full-suite-authnz-messaging
+++ b/selenium/full-suite-authnz-messaging
@@ -4,6 +4,7 @@ authnz-messaging/auth-http-backend.sh
 authnz-messaging/auth-http-internal-backends-with-internal.sh
 authnz-messaging/auth-http-internal-backends.sh
 authnz-messaging/auth-internal-backend.sh
+authnz-messaging/auth-internal-mtls-backend.sh
 authnz-messaging/auth-internal-http-backends.sh
 authnz-messaging/auth-ldap-backend.sh
 authnz-messaging/auth-http-backend.sh
diff --git a/selenium/short-suite-management-ui b/selenium/short-suite-management-ui
index dd0c79f0f889..30f2e1e803dc 100644
--- a/selenium/short-suite-management-ui
+++ b/selenium/short-suite-management-ui
@@ -1,5 +1,6 @@
 authnz-mgt/basic-auth.sh
 authnz-mgt/oauth-with-keycloak.sh
+authnz-mgt/oauth-with-uaa.sh
 mgt/vhosts.sh
 mgt/exchanges.sh
 mgt/limits.sh
diff --git a/selenium/suites/authnz-messaging/auth-internal-backend.sh b/selenium/suites/authnz-messaging/auth-internal-backend.sh
index a3f49c7ecf96..b513001e1f6c 100755
--- a/selenium/suites/authnz-messaging/auth-internal-backend.sh
+++ b/selenium/suites/authnz-messaging/auth-internal-backend.sh
@@ -3,7 +3,7 @@
 SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 TEST_CASES_PATH=/authnz-msg-protocols
-PROFILES="internal-user auth_backends-internal "
+PROFILES="internal-user auth_backends-internal"
 
 source $SCRIPT/../../bin/suite_template
 run
diff --git a/selenium/suites/authnz-messaging/auth-internal-mtls-backend.sh b/selenium/suites/authnz-messaging/auth-internal-mtls-backend.sh
new file mode 100755
index 000000000000..df92f9d9cd43
--- /dev/null
+++ b/selenium/suites/authnz-messaging/auth-internal-mtls-backend.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+TEST_CASES_PATH=/authnz-msg-protocols
+PROFILES="internal-user auth_backends-internal tls auth-mtls"
+
+source $SCRIPT/../../bin/suite_template
+run
diff --git a/selenium/suites/authnz-mgt/basic-auth-behind-proxy.sh b/selenium/suites/authnz-mgt/basic-auth-behind-proxy.sh
index 17c83430ebc9..5fc83d8d9818 100755
--- a/selenium/suites/authnz-mgt/basic-auth-behind-proxy.sh
+++ b/selenium/suites/authnz-mgt/basic-auth-behind-proxy.sh
@@ -6,4 +6,4 @@ TEST_CASES_PATH=/basic-auth
 PROFILES="proxy"
 
 source $SCRIPT/../../bin/suite_template
-runWith proxy
+runWith rabbitmq proxy
diff --git a/selenium/suites/authnz-mgt/oauth-idp-initiated-with-uaa-and-prefix-via-proxy.sh b/selenium/suites/authnz-mgt/oauth-idp-initiated-with-uaa-and-prefix-via-proxy.sh
index efbc223badc1..1217a386a998 100755
--- a/selenium/suites/authnz-mgt/oauth-idp-initiated-with-uaa-and-prefix-via-proxy.sh
+++ b/selenium/suites/authnz-mgt/oauth-idp-initiated-with-uaa-and-prefix-via-proxy.sh
@@ -7,4 +7,4 @@ TEST_CONFIG_PATH=/oauth
 PROFILES="uaa fakeportal fakeproxy fakeportal-mgt-oauth-provider idp-initiated mgt-prefix uaa-oauth-provider"
 
 source $SCRIPT/../../bin/suite_template $@
-runWith uaa fakeportal fakeproxy
+runWith rabbitmq uaa fakeportal fakeproxy
diff --git a/selenium/suites/authnz-mgt/oauth-idp-initiated-with-uaa-via-proxy.sh b/selenium/suites/authnz-mgt/oauth-idp-initiated-with-uaa-via-proxy.sh
index 1de40086af1d..fc348fb5e189 100755
--- a/selenium/suites/authnz-mgt/oauth-idp-initiated-with-uaa-via-proxy.sh
+++ b/selenium/suites/authnz-mgt/oauth-idp-initiated-with-uaa-via-proxy.sh
@@ -7,4 +7,4 @@ TEST_CONFIG_PATH=/oauth
 PROFILES="uaa fakeportal fakeproxy fakeportal-mgt-oauth-provider idp-initiated uaa-oauth-provider"
 
 source $SCRIPT/../../bin/suite_template $@
-runWith uaa fakeportal fakeproxy
+runWith rabbitmq uaa fakeportal fakeproxy
diff --git a/selenium/suites/authnz-mgt/oauth-with-uaa.sh b/selenium/suites/authnz-mgt/oauth-with-uaa.sh
index 2e382ab2c5f2..02c2e4c2ad0b 100755
--- a/selenium/suites/authnz-mgt/oauth-with-uaa.sh
+++ b/selenium/suites/authnz-mgt/oauth-with-uaa.sh
@@ -4,7 +4,7 @@ SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 TEST_CASES_PATH=/oauth/with-sp-initiated
 TEST_CONFIG_PATH=/oauth
-PROFILES="uaa uaa-oauth-provider uaa-mgt-oauth-provider"
+PROFILES="uaa uaa-oauth-provider uaa-mgt-oauth-provider tls"
 
 source $SCRIPT/../../bin/suite_template $@
 runWith uaa
diff --git a/selenium/test/authnz-msg-protocols/amqp10.js b/selenium/test/authnz-msg-protocols/amqp10.js
index 0901ae039ce3..98dedfdb421a 100644
--- a/selenium/test/authnz-msg-protocols/amqp10.js
+++ b/selenium/test/authnz-msg-protocols/amqp10.js
@@ -15,7 +15,10 @@ describe('Having AMQP 1.0 protocol enabled and the following auth_backends: ' +
   let expectations = []
   let username = process.env.RABBITMQ_AMQP_USERNAME
   let password = process.env.RABBITMQ_AMQP_PASSWORD
-
+  let usemtls = process.env.AMQP_USE_MTLS
+  let amqpClientCommand = "npm run amqp10_roundtriptest" + 
+    (usemtls ? "" : " " + username + " " + password)
+  
   before(function () {
     if (backends.includes("http") && username.includes("http")) {
       reset()
@@ -36,9 +39,8 @@ describe('Having AMQP 1.0 protocol enabled and the following auth_backends: ' +
     }
   })
 
-  it('can open an AMQP 1.0 connection', function () {
-    execSync("npm run amqp10_roundtriptest -- " + username + " " + password)
-
+  it('can open an AMQP 1.0 connection', function () {     
+    console.log(execSync(amqpClientCommand).toString())
   })
 
   after(function () {
diff --git a/selenium/test/authnz-msg-protocols/env.auth-mtls b/selenium/test/authnz-msg-protocols/env.auth-mtls
new file mode 100644
index 000000000000..d00282f8e180
--- /dev/null
+++ b/selenium/test/authnz-msg-protocols/env.auth-mtls
@@ -0,0 +1,2 @@
+export MQTT_USE_MTLS=true 
+export AMQP_USE_MTLS=true
diff --git a/selenium/test/authnz-msg-protocols/env.local b/selenium/test/authnz-msg-protocols/env.local
deleted file mode 100644
index 3e6bec3ad0ff..000000000000
--- a/selenium/test/authnz-msg-protocols/env.local
+++ /dev/null
@@ -1 +0,0 @@
-export IMPORT_DIR=selenium/test/authnz-msg-protocols/imports
diff --git a/selenium/test/authnz-msg-protocols/env.tls b/selenium/test/authnz-msg-protocols/env.tls
new file mode 100644
index 000000000000..73854e5666ea
--- /dev/null
+++ b/selenium/test/authnz-msg-protocols/env.tls
@@ -0,0 +1,2 @@
+export MQTT_PROTOCOL=mqtts
+export RABBITMQ_MQTT_URL=mqtts://rabbitmq:8883
diff --git a/selenium/test/authnz-msg-protocols/mqtt.js b/selenium/test/authnz-msg-protocols/mqtt.js
index 8a665c871834..5b120f20e36b 100644
--- a/selenium/test/authnz-msg-protocols/mqtt.js
+++ b/selenium/test/authnz-msg-protocols/mqtt.js
@@ -1,3 +1,4 @@
+const fs = require('fs')
 const assert = require('assert')
 const { tokenFor, openIdConfiguration } = require('../utils')
 const { reset, expectUser, expectVhost, expectResource, allow, verifyAll } = require('../mock_http_backend')
@@ -14,11 +15,14 @@ for (const element of profiles.split(" ")) {
 describe('Having MQTT protocol enbled and the following auth_backends: ' + backends, function () {
   let mqttOptions
   let expectations = []
-  let client_id = 'selenium-client'
+  let mqttProtocol = process.env.MQTT_PROTOCOL || 'mqtt'
+  let usemtls = process.env.MQTT_USE_MTLS || false
   let rabbit = process.env.RABBITMQ_HOSTNAME || 'localhost'
+  let mqttUrl = process.env.RABBITMQ_MQTT_URL || "mqtt://" + rabbit + ":1883"
   let username = process.env.RABBITMQ_AMQP_USERNAME
   let password = process.env.RABBITMQ_AMQP_PASSWORD
-
+  let client_id = process.env.RABBITMQ_AMQP_USERNAME || 'selenium-client'
+  
   before(function () {
     if (backends.includes("http") && username.includes("http")) {
       reset()
@@ -36,17 +40,26 @@ describe('Having MQTT protocol enbled and the following auth_backends: ' + backe
     mqttOptions = {
       clientId: client_id,
       protocolId: 'MQTT',
+      protocol: mqttProtocol,
       protocolVersion: 4,
       keepalive: 10000,
       clean: false,
-      reconnectPeriod: '1000',
-      username: username,
-      password: password,
+      reconnectPeriod: '1000'
+    }
+    if (mqttProtocol == 'mqtts') {
+      mqttOptions["ca"] = [fs.readFileSync(process.env.RABBITMQ_CERTS + "/ca_rabbitmq_certificate.pem")]      
+    } 
+    if (usemtls) {
+      mqttOptions["cert"] = fs.readFileSync(process.env.RABBITMQ_CERTS + "/client_rabbitmq_certificate.pem")
+      mqttOptions["key"] = fs.readFileSync(process.env.RABBITMQ_CERTS + "/client_rabbitmq_key.pem")
+    } else {
+      mqttOptions["username"] = username
+      mqttOptions["password"] = password
     }
   })
 
   it('can open an MQTT connection', function () {
-    var client = mqtt.connect("mqtt://" + rabbit + ":1883", mqttOptions)
+    var client = mqtt.connect(mqttUrl, mqttOptions)
     client.on('error', function(err) {
       assert.fail("Mqtt connection failed due to " + err)
       client.end()
diff --git a/selenium/test/authnz-msg-protocols/rabbitmq.auth-mtls.conf b/selenium/test/authnz-msg-protocols/rabbitmq.auth-mtls.conf
new file mode 100644
index 000000000000..9f40857d94fb
--- /dev/null
+++ b/selenium/test/authnz-msg-protocols/rabbitmq.auth-mtls.conf
@@ -0,0 +1,13 @@
+
+auth_mechanisms.1 = EXTERNAL
+
+ssl_cert_login_from = subject_alternative_name
+ssl_cert_login_san_type = dns 
+ssl_cert_login_san_index = 1
+ssl_options.verify     =  verify_peer
+ssl_options.fail_if_no_peer_cert = true
+
+mqtt.ssl_cert_login = true
+mqtt.ssl_cert_client_id_from = subject_alternative_name
+mqtt.ssl_cert_login_san_type = dns
+mqtt.ssl_cert_login_san_index = 1
diff --git a/selenium/test/authnz-msg-protocols/rabbitmq.tls.conf b/selenium/test/authnz-msg-protocols/rabbitmq.tls.conf
new file mode 100644
index 000000000000..8478c874bf2f
--- /dev/null
+++ b/selenium/test/authnz-msg-protocols/rabbitmq.tls.conf
@@ -0,0 +1,13 @@
+
+listeners.ssl.1 = 5671
+
+ssl_options.cacertfile = ${RABBITMQ_CERTS}/ca_rabbitmq_certificate.pem
+ssl_options.certfile = ${RABBITMQ_CERTS}/server_rabbitmq_certificate.pem
+ssl_options.keyfile = ${RABBITMQ_CERTS}/server_rabbitmq_key.pem
+
+management.ssl.port = 15671
+management.ssl.cacertfile = ${RABBITMQ_CERTS}/ca_rabbitmq_certificate.pem
+management.ssl.certfile = ${RABBITMQ_CERTS}/server_rabbitmq_certificate.pem
+management.ssl.keyfile = ${RABBITMQ_CERTS}/server_rabbitmq_key.pem
+
+mqtt.listeners.ssl.default = 8883
diff --git a/selenium/test/env.docker b/selenium/test/env.docker
index 1d058b9f4e88..f4f43406b01f 100644
--- a/selenium/test/env.docker
+++ b/selenium/test/env.docker
@@ -2,3 +2,4 @@ export RABBITMQ_SCHEME=http
 export RABBITMQ_HOSTNAME=rabbitmq
 export RABBITMQ_HOST=rabbitmq:15672
 export IMPORT_DIR=/var/rabbitmq/imports
+export RABBITMQ_CERTS=/etc/rabbitmq/certs
diff --git a/selenium/test/env.local b/selenium/test/env.local
index 8ec9aeac8fac..54202bca511a 100644
--- a/selenium/test/env.local
+++ b/selenium/test/env.local
@@ -1,3 +1,5 @@
 export RABBITMQ_SCHEME=http
 export RABBITMQ_HOSTNAME=localhost
 export RABBITMQ_HOST=localhost:15672
+export RABBITMQ_CERTS=${TEST_CONFIG_PATH}/certs
+export IMPORT_DIR=${TEST_CONFIG_PATH}/imports
diff --git a/selenium/test/env.tls.docker b/selenium/test/env.tls.docker
index e598d14b7439..a9caefca6df5 100644
--- a/selenium/test/env.tls.docker
+++ b/selenium/test/env.tls.docker
@@ -1,3 +1,5 @@
 export RABBITMQ_SCHEME=https
 export RABBITMQ_HOSTNAME=rabbitmq
 export RABBITMQ_HOST=rabbitmq:15671
+export RABBITMQ_AMQP_SCHEME=amqps
+export RABBITMQ_AMQP_PORT=5671
diff --git a/selenium/test/env.tls.local b/selenium/test/env.tls.local
index e39b7b520c8a..1be7c45ba4a9 100644
--- a/selenium/test/env.tls.local
+++ b/selenium/test/env.tls.local
@@ -1,3 +1,6 @@
 export RABBITMQ_SCHEME=https
 export RABBITMQ_HOSTNAME=localhost
 export RABBITMQ_HOST=localhost:15671
+export RABBITMQ_AMQP_SCHEME=amqps
+export RABBITMQ_AMQP_PORT=5671
+
diff --git a/selenium/test/multi-oauth/certs/ca_certificate.pem b/selenium/test/multi-oauth/certs/ca_certificate.pem
deleted file mode 100644
index cd37bea304f5..000000000000
--- a/selenium/test/multi-oauth/certs/ca_certificate.pem
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDezCCAmOgAwIBAgIJAOA06nrAwraBMA0GCSqGSIb3DQEBCwUAMEwxOzA5BgNV
-BAMMMlRMU0dlblNlbGZTaWduZWR0Um9vdENBIDIwMjMtMTEtMTZUMTI6MjQ6NDcu
-Mjg5MDkzMQ0wCwYDVQQHDAQkJCQkMB4XDTIzMTExNjExMjQ0N1oXDTMzMTExMzEx
-MjQ0N1owTDE7MDkGA1UEAwwyVExTR2VuU2VsZlNpZ25lZHRSb290Q0EgMjAyMy0x
-MS0xNlQxMjoyNDo0Ny4yODkwOTMxDTALBgNVBAcMBCQkJCQwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDWJrvvUvpkiAhvIiciuTbFHRMC7VdOXdIM3y3I
-Vt56Voj3dkCVitFcvTc+pkuqoQUaWRTc5M+875CaQSRIDfVyFTIGTyVXv6cZRcoz
-0gcmYvopIJ4Wi5/xG9Qp8uJMtr+UBJ57ez6Urau/L3zETAVZA+y1bTylAlh4tjMH
-I24bvyy4yNQbPtG4y5F9x484fn3H4x7lf6O/Xulcvy8vL1kyc/EgrF4fpjogwj58
-eQ5HLwbAlMRRxXxXX2U5tXlrv475WItp/1mhZ+j2yCMKB4tJ8tXbtpgou0JDtlN0
-8Jwm3+d5a6PxqynmgRAXStZ4Fda93Pa3FJfw1u63JrmOprG9AgMBAAGjYDBeMA8G
-A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBS2Icxjr1ucGCIx
-ikeSG9igJf558jAfBgNVHSMEGDAWgBS2Icxjr1ucGCIxikeSG9igJf558jANBgkq
-hkiG9w0BAQsFAAOCAQEAR0iG00uE2GnoWtaXEHYJTdvBBcStBB8qnRk19Qu/b8qd
-HAhRGb31IiuYzNJxLxhOtXWQMKvsKPAKpPXP3c5XVAf2O156GoXEPkKQktF738Pp
-rRlrQPqU9Qpm84rMC54EB7coxEs7HMx4do/kNaVPdqq++JIEAcWOEVKfudN+8TMR
-XyUJT54jBacsTpAZNfY6boJmuQ+G6tkpQvlHOU6388IFuLPkYRO7h7CHVbDsMEXD
-Ptg3PCK97nCVgs4xfQGR7nT2pawfEUQVMon/XShtXY0RIKpynwrgICHDdvMXRXlG
-a4haA7sz8Wyroy6Ub5+X3s4YRumSQrhiwRzqU+f75A==
------END CERTIFICATE-----
diff --git a/selenium/test/multi-oauth/certs/server_rabbitmq_certificate.pem b/selenium/test/multi-oauth/certs/server_rabbitmq_certificate.pem
index ef57ff61a411..bba7df99d6a7 100644
--- a/selenium/test/multi-oauth/certs/server_rabbitmq_certificate.pem
+++ b/selenium/test/multi-oauth/certs/server_rabbitmq_certificate.pem
@@ -1,23 +1,22 @@
 -----BEGIN CERTIFICATE-----
-MIIDxDCCAqygAwIBAgIBDTANBgkqhkiG9w0BAQsFADBMMTswOQYDVQQDDDJUTFNH
-ZW5TZWxmU2lnbmVkdFJvb3RDQSAyMDIzLTExLTE2VDEyOjI0OjQ3LjI4OTA5MzEN
-MAsGA1UEBwwEJCQkJDAeFw0yNDAyMDkwODE3MDFaFw0zNDAyMDYwODE3MDFaMCQx
-ETAPBgNVBAMMCHJhYmJpdG1xMQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQCjxmYRJeYfOnQ91ZSIZsjznnPiy0yukFnapF7Y
-iIXxFCygEnw/hwqSG7ddkvDjNlc6P+K4rEEBmER87mEl0YqvAZ9/C6K4OANJFuD7
-kQYH3Uyt+aXJfeyByAjr8HM/jSHDZm5DpysVlSBMkJGg4sV9h38i0aT27+J0a4xm
-Yb9pH+bbWKn4QflvOQi7IcyZ+PcB54/vCDZRtlypkT/6EuqTXqRHH9wGlYaos+Jo
-XMQDWykYtN2160E1gUwW1OhdRlDHj21Tej9fYObRjb326au4e3ivTPqKYLYsSz0Y
-dcRoM6SjvwGiAC131n2XeHyKTQrMeKOb+TTVHzJZG7iUM5iBAgMBAAGjgdgwgdUw
-CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-AQUFBwMCMCkGA1UdEQQiMCCCCHJhYmJpdG1xgglsb2NhbGhvc3SCCWxvY2FsaG9z
-dDAdBgNVHQ4EFgQUs9vJtNmoNWybsVgMmeRqcPGXRckwHwYDVR0jBBgwFoAUtiHM
-Y69bnBgiMYpHkhvYoCX+efIwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1z
-ZXJ2ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAHxsmfxpoGZg
-AlLu+Y62TQxqp2i+PqLJHuGBdB/93NV3S3P3tlDaqHwYt0mveS7ej+JXhw9wvSZz
-jmejWePL08FXD9KPggRP4/SsG6Adf/5+vcofYR23I7D4y9hsrDqZezCurWZ4LY4X
-dYmIQcI6IwgcjffWhsyt3CEbU+yVg6jrjVWv5sVPi3xZUu/dwpTdrdNzeUIFM8vf
-H3BS8EcLwtaNR4snLJlFIhuDfDv7Ewi1FsmM4zkSe/aHboUNDduI2poRW/EPtbdM
-zD1pVXNh1Q9hkqFCD7l4Vua+JVsA7PWD7yr73pm2ak6GfgjA7Enj0a6KbAfAXLMr
-otRknmbKCUU=
+MIIDujCCAqKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH
+ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjQtMTEtMTRUMTQ6MDc6NTQuNzIzODUyMQ0w
+CwYDVQQHDAQkJCQkMB4XDTI0MTExNDEzMDc1NFoXDTM0MTExMjEzMDc1NFowJDER
+MA8GA1UEAwwIcmFiYml0bXExDzANBgNVBAoMBnNlcnZlcjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAO+lLX4hl6pBOi8BNxOka5dxBblSIDUfES3yHwL2
+g/BoJv18DiBpLlT7262iUvrZk7WsGUdUccoikR8L9eArw04K8I8z7ATOMN7T/d8R
+4Kn1Rcbgrm11d2xS4R9gXy7lbhOCk8LWHJtWptDyPhg6I8SztHB7dtvzv1AVvmtp
+4QDYKN7YCJnF3+Uf9W2XJcH/rBU2mc0ow2EbTLoJug335bhIWJ7TVPS22BDy5xnP
+7MDG14PMU/W9BhN5GzCEqeJzwhXjqij/JfGICHBJeGzqQ+J9Qjm3DYdGoCheZqxP
+R1ml7ql14tBUIbgcJjlRCLSyaMLEOOOoLOrac5T/zT5YsV8CAwEAAaOBzzCBzDAJ
+BgNVHRMEAjAAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAqBgNV
+HREEIzAhgghyYWJiaXRtcYIKV0pSN0Q0RkhHWIIJbG9jYWxob3N0MB0GA1UdDgQW
+BBTEYcfPgofNbHR6lT4AtYpmhDwa7DAfBgNVHSMEGDAWgBQlM1NJapUaVlk0O7o6
+p7NnIKxtcTAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLXNlcnZlcjo4MDAw
+L2Jhc2ljLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAQ8lsUSlA50+RqyRr6kopSNxh
+ytQ/qKLmCZk8kveUkNVJK0VXRgo7ufINBrPVPlli4kofTv7FLizbm9dRYn22cskm
+LcUqOBoAgXQuevqM2sn/WEpybYH6HL3ETFol+/8r5zVTlrWFLOMEIlHFBIWs+LOr
+Zv5uNLfxqOBtG7ClCKB5oqnvRrL7Re5klMTPdSLoayiegk641SfxVeuyHYBe74LD
+HOV4NLUW7xm55A3FXW0mdUT1YbsKdCXM6q7Krkomq16s5c4sJtYDk+zGLOMdA6lT
+00Jaz74RbWwvpbpoW5XGeldn4T02CXOWVTXp0Ur+Br/PdsiKdmkrNos9ecBuvg==
 -----END CERTIFICATE-----
diff --git a/selenium/test/multi-oauth/certs/server_rabbitmq_key.pem b/selenium/test/multi-oauth/certs/server_rabbitmq_key.pem
index f5df03f73df8..40387b485dd4 100644
--- a/selenium/test/multi-oauth/certs/server_rabbitmq_key.pem
+++ b/selenium/test/multi-oauth/certs/server_rabbitmq_key.pem
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCjxmYRJeYfOnQ9
-1ZSIZsjznnPiy0yukFnapF7YiIXxFCygEnw/hwqSG7ddkvDjNlc6P+K4rEEBmER8
-7mEl0YqvAZ9/C6K4OANJFuD7kQYH3Uyt+aXJfeyByAjr8HM/jSHDZm5DpysVlSBM
-kJGg4sV9h38i0aT27+J0a4xmYb9pH+bbWKn4QflvOQi7IcyZ+PcB54/vCDZRtlyp
-kT/6EuqTXqRHH9wGlYaos+JoXMQDWykYtN2160E1gUwW1OhdRlDHj21Tej9fYObR
-jb326au4e3ivTPqKYLYsSz0YdcRoM6SjvwGiAC131n2XeHyKTQrMeKOb+TTVHzJZ
-G7iUM5iBAgMBAAECggEAOdYOpW+k3NJfypZqZeEmhiIm+qig4+TGVphFhmJwKrrd
-J4pfpm+iJAb1sm3588N0+nUlM+Jg8pc7WIM2e4yMVVFVaiBJzpS5VE5oFW8Zmh1k
-vuuyyH1X0F08CVZY3NCSY9cAiZO3e1+2kFNdmlt7MuFu3HT8tNfyOPriEiXi2tSA
-qmgUmMql305wYwjIp+mTP8X7YKKdIdCXwPC2E1Kj5SseEc9NYvHdmeJ3nZCVATbS
-h8aP7HB5GpsDMHbnnFzOqPfxIPxYkJ4JqE0iGpw+SMYbIGLVkMEGodpWjBwZiaaI
-EMeJJk3Qs/QvVLDxhSsFXsaLGLgYN0rItYX9dUyroQKBgQDOOLKJ9OPcm3sAWo9e
-byRYegDPPM06Es5s0hF0Pr0u6X8F7fDnpS74XVMlWxZzvXWgZQNwC2nYaGfNpK5t
-E2FxIC0S69W4m1L6sp2sTRLSJo5NiZc4kNVjGvnmgIrNqMhJK8pLOh5xx6/kAbpo
-/lydhtXWP0omw5imFkh3bGQuZwKBgQDLTsCu01OCNuQs0Y9hgW/iHzRpX1aHvp8X
-u8v/AtOS3z5a3WptrLah/HHM5B/4Hh9dW4uljuR0zTsk8dFD8lQ/mdxbXjPGEcN6
-QNe1Md2nV0xAZsW1Xp1iFDomS5xSn+qWDmR0EAXvs0hHMQnX1k7+dp2mK1whRwdM
-z4mv0cZg1wKBgDnuzaFZ7aVs/GoGBt7FpFVCuPV/JDxbSihh/0tD0MvcBrY4uQOq
-cP6O4SvOYglTwTa1CfkxC6Qi+H5Z9DJqTmaEXoVBQYIiCHarNQZRhKcK89EuhQ/8
-CCZWTrwFgnjyIIoFxkfJ5QGb0nrgTWjvhD8wwOP2VbN8IWcPPX5nMeGjAoGBAL7b
-y59T3E2d4k8A3C2ZKcOJr9ZMHhuJJClPr45SxPRYh10eB0+2mC0xpFPIxQpUnPUz
-f8GIh4fvMtrX+LBkyhp7ApbztH75Jh2ayeXcTk1OctLyqCBAFleAzaYtzS7z2XHN
-SRh8AlaoY+4RZ0AsfDP+frkEc5T57Sx6mLNpp2Y5AoGAXG5BGedrCMa44Ugpux41
-saTIlaXUOObxdsGTLMOy1Ppb9LW5yk4kS8ObP3SksjUUZrRUO/BagLukgcaS038/
-AbNDU5lMCmMfwxPN2lulERhaIA1BeVgmOwJYY7nqXkL5Yibu0OXnvvbCkt0eLnp2
-ATZBECwIxNuB9pixRmDhXsM=
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDvpS1+IZeqQTov
+ATcTpGuXcQW5UiA1HxEt8h8C9oPwaCb9fA4gaS5U+9utolL62ZO1rBlHVHHKIpEf
+C/XgK8NOCvCPM+wEzjDe0/3fEeCp9UXG4K5tdXdsUuEfYF8u5W4TgpPC1hybVqbQ
+8j4YOiPEs7Rwe3bb879QFb5raeEA2Cje2AiZxd/lH/VtlyXB/6wVNpnNKMNhG0y6
+CboN9+W4SFie01T0ttgQ8ucZz+zAxteDzFP1vQYTeRswhKnic8IV46oo/yXxiAhw
+SXhs6kPifUI5tw2HRqAoXmasT0dZpe6pdeLQVCG4HCY5UQi0smjCxDjjqCzq2nOU
+/80+WLFfAgMBAAECggEAH8tjcMOWMrF6vbfEjeeXmr0VDFRYD5QynEzuTl9Ue/Xl
+jmYCHcy2p/HOYIgTyFJLpaPSqsMKYc4aQOs+UOKdg+Ixrl4uJykQFNA9c3YUv5fa
+DRvMKJuYH5gTZC1OE5O++fmuDwCHRRjHAxvQnzg/fJ53ByFqUJ5TOJXZ8LhYcNr7
+P47OfZJb9t81YsrYPL6ZsRxw2a5Fc1C/Za2Wn7ZZbr4xx8CuBJ8WwQQWM+NjhHfD
+Kb3I3n2sWzyy1JhGcQCHix/nQnrIMCZ3TDemwTIegvAKkHt+estvgWlxVOCBHb86
+lZrhweuMWCzwuRJhvKZ2Up71fMmyw6chZJwR2AHaIQKBgQD5G4ZuEckodnIlH6jU
+9ps2AX114xNSnDBGOFn1pCE6gXQFtdLWvIyKpeQnFN9JUZoaQ2lp+pPQ+21O6ZXW
+z/5LGp6N0HZDFKOm3Fu9RqEiI4TM5w9EnUjRoqhD8qKjk3ym97raVEvjFlMycqs8
+3L5oRGFCHIWreDA6zaSpQq2cEQKBgQD2RqEgKIKxNpYicroVkaGwLM3W3E0corNM
+vj/oS2zwBJUgH7iwtDO+CBPd2FFQjwXi7DZwMzP1UyKOBxHUiTrFODtLj1NPp2BZ
+X29HEDy3QHh1TrVb2gG+Psll/cdurq+G2knJqSDwWnAoVHe5jxt0jWxaVFWKzNl5
+pcc9Lu+mbwKBgQCU/RZ47KBQWA9LDtVukhQgx+FeybJ73TiuNvPvC/xnvpdC9w2k
+K18vaaq8iSpG8sxlWt5IaXtRKZ+l6+UXdo0UJFaiYQTqeAStPuyLlxu2jGHYH3Yt
+RpkP8OYMxajqhsKuJkqWXIaKyoZ2DMlH/IrRV9yHqwFznc3Szb3nEh890QKBgQCL
+7BcRgVK3ws7MJajKJmLaCKquf54kPeBnItSGc4wiVkgv5zX0131qY4Z+DbAteAUd
+J53KY50KrkA8t5GO0qUcdlViGb14zRz1yj4b/wKwDyYhaCWsWRGSeHPOycAsh31c
+vdscg0YeqRN+Jnebas5riwpby/yKDtckwWaQwYERawKBgQDMqdNh0NqX+VyW786f
+M45xgL61jMwO3FNPatQsj329WJ9PfHQprryR4zzNZ9XswENKVM7jLq3koJkHYVs/
+wk23Zn3daJxYqoftEdYxW2azsouHV7/kMT+kiUjr4pcaxGhWjRjANDgEcYkMz3g6
+Uuot3qdOvr7IW0O0vRGvmd6Ojw==
 -----END PRIVATE KEY-----
diff --git a/selenium/test/multi-oauth/devkeycloak/ca_certificate.pem b/selenium/test/multi-oauth/devkeycloak/ca_certificate.pem
deleted file mode 100644
index cd37bea304f5..000000000000
--- a/selenium/test/multi-oauth/devkeycloak/ca_certificate.pem
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDezCCAmOgAwIBAgIJAOA06nrAwraBMA0GCSqGSIb3DQEBCwUAMEwxOzA5BgNV
-BAMMMlRMU0dlblNlbGZTaWduZWR0Um9vdENBIDIwMjMtMTEtMTZUMTI6MjQ6NDcu
-Mjg5MDkzMQ0wCwYDVQQHDAQkJCQkMB4XDTIzMTExNjExMjQ0N1oXDTMzMTExMzEx
-MjQ0N1owTDE7MDkGA1UEAwwyVExTR2VuU2VsZlNpZ25lZHRSb290Q0EgMjAyMy0x
-MS0xNlQxMjoyNDo0Ny4yODkwOTMxDTALBgNVBAcMBCQkJCQwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDWJrvvUvpkiAhvIiciuTbFHRMC7VdOXdIM3y3I
-Vt56Voj3dkCVitFcvTc+pkuqoQUaWRTc5M+875CaQSRIDfVyFTIGTyVXv6cZRcoz
-0gcmYvopIJ4Wi5/xG9Qp8uJMtr+UBJ57ez6Urau/L3zETAVZA+y1bTylAlh4tjMH
-I24bvyy4yNQbPtG4y5F9x484fn3H4x7lf6O/Xulcvy8vL1kyc/EgrF4fpjogwj58
-eQ5HLwbAlMRRxXxXX2U5tXlrv475WItp/1mhZ+j2yCMKB4tJ8tXbtpgou0JDtlN0
-8Jwm3+d5a6PxqynmgRAXStZ4Fda93Pa3FJfw1u63JrmOprG9AgMBAAGjYDBeMA8G
-A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBS2Icxjr1ucGCIx
-ikeSG9igJf558jAfBgNVHSMEGDAWgBS2Icxjr1ucGCIxikeSG9igJf558jANBgkq
-hkiG9w0BAQsFAAOCAQEAR0iG00uE2GnoWtaXEHYJTdvBBcStBB8qnRk19Qu/b8qd
-HAhRGb31IiuYzNJxLxhOtXWQMKvsKPAKpPXP3c5XVAf2O156GoXEPkKQktF738Pp
-rRlrQPqU9Qpm84rMC54EB7coxEs7HMx4do/kNaVPdqq++JIEAcWOEVKfudN+8TMR
-XyUJT54jBacsTpAZNfY6boJmuQ+G6tkpQvlHOU6388IFuLPkYRO7h7CHVbDsMEXD
-Ptg3PCK97nCVgs4xfQGR7nT2pawfEUQVMon/XShtXY0RIKpynwrgICHDdvMXRXlG
-a4haA7sz8Wyroy6Ub5+X3s4YRumSQrhiwRzqU+f75A==
------END CERTIFICATE-----
diff --git a/selenium/test/multi-oauth/devkeycloak/server_devkeycloak.p12 b/selenium/test/multi-oauth/devkeycloak/server_devkeycloak.p12
index 015ebc99a18bcce2112ff6f0d2fe0e7b0d9fb7dd..e106d72dcd27cf713a382508365827518d12a62d 100644
GIT binary patch
literal 3683
zcmai%S2P?9*M%9Qw_$V{Vbl=JsL^}$L@&_?(W3-G5QeCuMav{a?|mYACj`-=*C2X{
z7Il;_-}?XczL(#{S!eCNFV5Xw&w(K+tN^%pFeC*n0WoicTEsayE+K9<l7aw;qyWH>
z<hL*+k@LS1K{k@e?5|}Ez{UBybpB0nVOIYLd~%o`4F0bqgK+>sqK~>s0sV{POei88
z{|ihB06>HTBO@UCzpDUZd>j~rfY>@h4c8tIh|3EEwUGwv13AD{&^ufKypZQ^AxOgI
z?W0td1RQGR%`m77K-IljoiOFZ!F}zJ0RPFo^i%b|J4In`lXO3?R)*rkT>76azb&2M
zScs8PC!$qG=m8WZS$r<J2%d>dqIpq?{a%>e*DB#;6|4MAC?&+smV^Tfsa#nkZY_Er
zNzv-dCNP(@L^Y6ox^`pOr7$O%n|#+3VDAKVyI0RmB&CP53Zs0HAfc|T(c4W`GV^YS
z$Z?jU+aDE9Q!!s72YRI6(TKt?cDx&y+LP=lf(8_NpPZ*}+|?U(5~zP7aSVHy{J8G3
znGN6G?NX58mkGTl4r5^x&SAV)?z2vlT4%05A|Ye=Q0{!{QwGc$$r#9_{tc-=E??D-
z$c82HS<B@`slynr!N|{X*(N~J`?mgx`;M2ZhYk|Nsie<70eh5D{jF`yo_nt<DA-EF
zc=$?MO-*L40c=BBvQHwZ+8u!}O*t|z84DV-61*#13+bd-Sj*)KUj>>mm!MH)zxe17
zXD{_=X1a0C^)W&L@Ov;ydYwqc9QZo1s_&HM7h@!jdb8YNX1-txXJbJlx=XgMJ=InN
z+Qg;{*7-t(FdR3HjVl;Ly|^}7GgEdkTvmKt^6R+Y9gD4E7%*|#%!Lch-MX;}9f<O%
z8V6M?d{1=Op|+rP%>A5Iun1sfnpll%DN(t#4f~-&$RWbgliInf^~O!O%sFeFiyi-b
zLM;*VP)I#@E5jD;0Sj*_<Yg`%94g(+fU=#vYy*}G0Y8t#B&zu}k8zi1#hR~Z``txN
z<T`2}hg}s_cLYf#&oqe3psQ2ngB7txObXT3pD+-)Ytj5K>8^tM?}W<)e3k>meHt1v
zcIfux2c8{c8Q)LaB20&g)c95I(URYgw=o%^1wfDp&FGmVk+iUDMQZcGM$!@*4JTfd
zJBH8Yd4V%l&CYNohFuoTSD6F1P7>v<#%P7Q;mTal>Uh$Nw@+Kv(3U}m%m|U<(>h?7
zy9Bq(J5ha4)dh~Ir9LRv)9oQj2aqYhOb%$0?2;ub(rqwn;(o7oQIJNd|EPaE7k_~l
zt6A(jp7i@5p`^XpM5P**W6b5jc<zp^<y;(%M~$S0U4c5?Cs7=6<NjW4R2p5w^aASx
zLOIZW-{@>jjD5A5*NFCn$F~b<!XV~h9JC_(SNVHY&))h4Y43jAC9YWg#(59Ch!uB}
zjc4(hQ~EnUBLju#I}nYc#7sA%2nh+81<k}DG#Goo@DG2#NdlqobOWP&uv(u`w|Gd?
zD3b9cz>$0hF=K_q00c`(=jxiCZp4D))7OMz5LzVll>AwZ8dz!H%it2q1sP+plr;;?
zyvkPjXRxG_$(wmv^W6|4w9`0BM9yB!nOyHC=o%rgmPy@ax^Stkrr|P9TMI2Yd6r!7
za)+O2-3E3zrSeir&FJV?+mffA6kZW;7mA=%XH=lcj8xCe^CTSYLOZ`#O-wafM`kTa
z6`f;+Lw+7a+FB{ZCD^&cHnfy2bcd~-{TO7bwKn-!=rYX5+qL$#Ea0Q5lERG7+bMdR
zQWweml7S5rk8|)gh@ul@ClIY`lhUp8yIo5n^ZG2nL!Ltm2$aU7nH#A>ASRroF$Wq<
z^GQ#&&nxh?UL7!y9JtnDh&#aFzY<uV7K$Zxj8%i}n-gR0<1L|k48!q)Vh^H(J{`aI
zj5$bqS5GvG%`sHH<sxBHqT{}ym;Mw&V;_4sjxn-KS(!2LHt5|-Mx<6~GFNV=d+jc4
zF0NO;nF`&UXOxR!6ZJ5Nt3EkG-;tQ{b*~OK>vVV-D6$P1EssPLt_(!EuALH?FZrFg
zugn~fu+qv$8<UocR-M~fWE;4?yRlY+%(+lX2j4~7&t5a3xI8y%SOSbfANRAb@ELb1
z65SOKXY;N*a6F~FwyNWAtGZXf41P;-11hJD-}SwDaZ!5y=a6y;QW@8-6t|Vee7ij+
ztrF=By!u||li?!^Bb|VNlPU)vJ9)hxitT*P$`Y>;ST?C`mD3BfX)o&*OYPd5y;a(l
z-PB4!<0m|7*pX*~L>FHPgTh30jyWvu7yp=U_!RCFRig&xZQ3u$?&^RWzKXJEeZpf*
zp4$XMP3cJKtjEs-`8EsM$T#CgE$?SA$}uj~5pHCJsr(cZoRgLfKYZz0?T}Z5@ECS$
z=^em0_)2dc@3g<|z?oYXSV)0~z*3bS%*Fhsd#ruxaF#|CdXK}LSt>xuD@V`egzAY{
zCeuxZ*IsJigS>YxIe@(F?8NHw04lhc+T?V4^g0+21v1{KHBTkQcF`K~WiMR2lW3e3
zIytryN{=5j9~yqGg{}oO4pfqARF|yYm0k!mK{UfvPI_$Ibv(MS%rnu&_kTF9r4Sp_
z<j6w5MOkstT|U)VJPSM3l?2wGB`^e2^AU~WLAOigM&2GLJ&OEB#~tMKFf{3j7iv!X
zVi?4l9T3fUCC2<DYQk_IKY-<@yudn{KOo|ilU}w;JA1lD(Y0BR1eX5%i;<yQ<WoIQ
zAE;iMLMwJP-}E?C3^>tw<TUaMV3(QuL-t@`CL_MfhqX<eW|dI&P_s1=-M_7ImGH~D
z>5<0co!fQNW|nYAyP7m+A>TP)8{LSJm=2ztFZ4#DProM1OR9R)i&SAz3IV^Waq>^y
zLt@1%+E3_y2x#q<{hnrYxA^fkSCW<m?dF;=TKGQNZG5P(5{AS_{lg9a1rhupAQIpI
zukG`9JPAnupHaw2Z~=cqiNB`k{{jypgh9Z~<7HIVV0$@lK6c}Of=8FgFjWD~ox+F9
z#a(c?i6syT98HqrU!S6QUH1wd-ppcp+<`lB+gP2O?!@j$(Ppo+HLD8CgKV+sCFP%`
z0HS)D!Ak?)QHp~0v}8<GL3XR1B4dOiUDo7zj-(!62<UL%ol%$5n*~a7?jNJvpmi`y
zGmMRUftwO(dbD@1zseO{e!@s}Z91oYBG7xQ8SNZ5_<~yt!<tdf=JCk};msxaUbM>X
zx>m$)ImJ=_xKNaV{dtzjQPnSk;l&f_k_QBE{Z(^g(|)Sn56&txNDUI$!_)jL&Mq#s
z?(O#bD-!t3y@V73cUO?=7_dr-3-Qa~d;a=!U(HYY&4WEVo^~GEA*U?#Cd4)=)oN!H
zRYscw^V^$j$oo$8WvK!~cpAj?m$=O8tV=AFIZcv-Ig%k^wiaM+C&YkAi%>~%CUYRi
z{D%DeoKpV96{H(b(A~kEU<M=6%y<bgLFG=S{}5BdJ=^7!+Eo~d`tv)hyI>kT#=@0C
zrlsATH0=z0iRifT&+=tqbIZGsms)>c$^<eYOKaN{7$OH0ZqY@nSx%;8>mSgQe6Zlr
zU0N(LYWv!Z`0f{U{!EiTgZ#X0<L!n=H&~*3U-MB&b}$S7GUs?<<KTW(VVCJQbC~F4
znR9=|n^)xO=m`}TQqYd;t~v)C<mKZvy<+6%c|0)E57+3SUTLj2%F^)9j&N|MF`OCu
z^_wvXU74IC$PNbyr9RZ<kAbrC&A)v+TNGKtyRTcTx&z;RL)XRjD5p8BTvhkl1e+7D
zlIQK))L=61Hi9?z{o}x9+6Vu9yfmdWnUt{?XbG!JS%TG)HJjVXIveFD^tyyyvs`|v
zRZ3x)NW4u>ab>}lUU7M`*byFC<=?&JB7#oBrHp#TM?iUg%~Z0Fl$+vvAPH3-&(}XK
ztp9u_C-h7`1kP=d)B{ZEf@H2ddANPFq7iOl@!FRZDOkILP0qeyL?k%o?1pHUI=G2_
z4jW4`L@q4rrB+tXkT=-PF7`;D_+WtaXjnsQ0^?OTW8zXcN3|Sv7Bo~*(HmSV?$lOP
z*hX*pb}Y|b(l^UgaqD$hdHqS$X;|H4N<~ywM1=200>MeodA+>Hf4ufN^OH=+YIDzY
zID|jCLg@RXx2q)Ikc}=Ua@<$Y>h{oR$qfy>%|oU$(+)gz3@j4QC-jqE4v({iT%6iJ
zQ!SEXMC-Fg&!T$_cFq!B(QUm_-`DB{rhB6c{h!Ve?ldpdPa)VbvwdrxZpF8(I*&#<
zF-JO_D;#A>(lpxH?1EL{fJ7SF>c);F0#2_U*6^gtm`oL_!H__;V!6_=3sSuH+UU%t
z`lG&bnaKt+9Fh+L(&d_Dnlo)(qYWluv6X`_WceNKhvD`z@xgCQMA&L|e@?ZC2_<jP
z%Q!E8%jTTvLophh<X3!v_`c5!<k%5zZn^R-{zQCSEq~N(Ebtm*mXch*7v7)X5K=u%
z<Rxk))Jge)SqJBrME*Omly@xxOo~(sfS>-DPFn*golMPr3nt-vPri1k2TSx6O(iZ9
z2Xf9*_8)y@e)~P;oAwu__N#^f3E1OM)syF;PfYlnc%OmAr6dbNnaoDZn^ZiHD!U?Z
z_7EhjAzNyYOMJ@j7(IfeR-PCTR(F1u+S2AL=hl<rovseNFJOlN<JxPnoF;2HCyf1{
zq9vw<(*bGLqLu%ge|%=sx&<CWDSY1@v|(R?DZt<`@_*hk04_cbkhSeppep-gSCc|j
nYbz@D_hDae(yq*^&XqMoU3a0Mf;Nz7>?yq9JMg{Uf2;OCF<!t7

literal 3517
zcmV;u4MOrTf(^L>0Ru3C4Sxm+Duzgg_YDCD0ic2na0G%4Y%qciXfT2Z9|j33hDe6@
z4FLxRpn?bxFoFmS0s#Opf(Qi$2`Yw2hW8Bt2LUh~1_~;MNQU<f0So~KFb)I=EW0pB
za)=cW0s;sCfPx3u%Ss7JU*}dzBr%YVV*GH|I6#w|nu{su13fgx%V{up!f+yc$~~~=
zNP>Qq#7E_kzkvP7LQ#%LLScas&b!m7_hW8~+CD3*p{W$;UpfeK7@6ftyV2!@Jt)8F
zV}-WIa=?1wjk939rZ(m>)H&I)1uUjfw;tIuzURVLIRojf7o3*ZiXa-2ZpHk>$B4;C
zZk9OjA|L&W;14;ehNj7R2N{sW9UPjXjl#p~tfgXq(lfA-=t18*%l$#k64nYWJGZTn
zX(ksVDYkEjp@?Iw1u^zaJDnwmdozmVJ9(NHOwd&lNjuBQR<>JZ<zZcvh6Yf~1Ji9b
zg&lC_jsoUJ8+Q{ut<LKzxez^<MID{1Z!mSjo*^hGABq(EaXG~=q=6Rb+Gfe#-Zv|K
zd9sd=yoavOpNC=AUn<v>9OsJ4#$iy<hxoL_5TTWm^0E+*KEr@4;oC_F8P2?<eEnkh
zt}S(vkg?QpK8m6*M`#~EdycFj+YVnHnuBu^DJ$}1{NpECXQpp%0#%>UGNgk1dD`Kd
zugwo?+zDYxiqXRm^x8+!T+2bsd6es*J7PSt)57W9)%~M+EWi8TsIU^;)P(7F<;&HN
zFWY`L4`4O5-V|-Z;HTyr5PN@LV@R@F1*!AS72i(`fp_YnammLTrtNa?Ph^23_89iV
zqybMC32a<%Slb(Zaqvve)?F{E4sfrBgG&ciQ?M+}mP^q4c@-2yL?@U{6#&rrnW=7p
zZ_Ef%NC|W?BBvicp9ZBjMfG$4Yun4ZV0aqQ;kEIea6Z|rDVd+uq$#>3remV0oJw%Z
zI%p{b861iUtdvWd2F?sgb$pYS=`%yaJ*f<8sueI$ltroZ9Zh&7L?=YefLQ2+&}I+P
z>Y@s&AF(rb;(i}mwqmSa4V9G<bP>r;<Q$%I(B=1TUeSPruWe&unY{q=v$7D}3C`WG
zkl8+S@Xag=X!L*)J}~;mqa42y(_EY1Zzzw!jpx$CzsuE&CQ?pcr?Tx?0*vX+E3wpY
z>G4U^Ue2>KDWo`M(|JMlZ|ZRPik;nPm|T6|6X>GdmJ!9xoV&&Y@VV@Vht_F+w8DJ7
zsrTR7@U%@Hz$M570qFp<Y+5*vKmrPPJC@YqC0eE46JQTt@Xsx==)PG@H+=&59G-^p
zve-VQ=|lDoRd)>zxZjd2unoc~MZ2)l<t7i6$b&r&8(3oq0vl!ydp=cW{+aE}l_?C1
zzfN&u8G=eehA^i`naHs1M2!I;!pcmE&)vwzh&B9{d{c@I1iUh@n7;J$77}OVM1i6o
zW7QP<ke)B*O;JaIg-p0oEaX2hNiIL8Tsx|iO}eBsxW5s|*+y5^z}SBku<vG)Z`}Yx
zzP-&IB~4}+<77-)uz?jiQpXopzMt%(b!WYyaB~?CV-Xd+ZSExOx*WdfKBr}|_IO$4
zwd{8EKp=!0{4*p6@mWCwKlcOgIL?c>7ppNTGf2tYp-(LDp=-W*3-=x38t{HOB+9!@
zb7@!-Sw-Vy571j%%Z^c^D2U9yT;Th>s<B#(77(BpSCBBeHOf?&r`~=gtFe`PW##P6
z&{7jbFoAyQItg$ck`Vq1$9hq->g~Y#<aq67cl4ScOzWJ1<glAqh%UC94_v9;yxN|%
zH@O6w3;%>Wp|HnT$i4*sQI@R@!%-Z)_;Pz*BsiGBVXm`|gUHz(BC!e<73%)88}60;
zXYz`4qLgnNB?6gmkR=>d?_4{f$jsr1>&pO}xh?I(upp(27x$vO`EVM2-e-=h2K2_o
zjO8@&wk0fFMLM^01kh;s-}Pag@67h2Tg?kqyIcBTRV1EP$nF+==h1%rx#LLF^MAH7
zo`4I3^++1VhGg5tTSTYB+{TUi0OigLNq2Vf23Ur-0S>FH=(l|I^P<^rUYvuxBa8o*
zS?xVb);167t3R92-C@|eUNF(+8HaY~4whsW6!bR=lyZdfkzIcv0%kNzi{+L3LFgun
z^K@IUey5Hws<ipA6HE^a5(*C}Q^9kC2{;3P*OyQg-VgcUa@P`~4)n8NyND<t-~J;A
z2|lWD*LK6@Jb{6!0}t2LDS24sG7z1Z;7;m_fUd6@4FBSxID)JP$KzMF|NT3qvdGx;
znr4jqPxQ_aN0!oL?&Z|YcD@5cVZNLs>!nX!z6fv?qyYb=!nl%yW#w*AsfdjiF9kcC
zXT|3&9qC3b1e~COSfJ&?QT@dKD5oB2k2NnZzkHael>IV8!k~TgVy*r5|HI91sqmQJ
z(p{c;nAbM%gYGPS$wIhKIQ_FvK{2LRE=p_YvW!oHz`=+U5anK~1tTEK(+lC*$umK{
z?IZ@+0cdL*o!w-x&|cHn@R`JUpJ}hqwCoQYiK*lMnew(a8|vv`U*oJ7jE|HfPMPLz
zFUOqGwZLKvA2CdnJy?bpNnwV}fC0suCDEeaR8JB!$nwd=`U5|5wAG0qQySE<dryk;
z+1A~9wDux(61BiJ;fZh(N;&GPk=3BXDB1gsLB^q0Kx*S=KZK6;{+t~^#>U9q`ggDO
z)hfsi34W<Thu*o?dzeZ#d*Pa0j;~J6ZVo5Fte=5aFp8Gyb=BGIjos}BU6W7O_m&xq
z9Doh_zxu}fEDgJ&MQC-Fu?o8p*u~mAkyH|z0?nm;Z3D`C7{Q=*0tyeBFoFd^1_>&L
zNQU<f0S5t~f(0@Jf(0%xf(0rtf(0f93o3?4hW8Bt3<?1Ppn?SMFoFc?FdPO7Duzgg
z_YDCI0Ru1&1PBd-U9n}B%*+A;2ml0v1jzhLPBgu(q}#dP1dq9nxt$3%uLZNNHAB97
zY@vJ%R_UXzEtWZGRB1XAd;^gVBb8E+jJQ<bEL+ssp36Q%sa3Al+VnwX_wT~_Tx-H}
zY<Z+~x7Gg*yR|1PIDZ0f=hxL*5LmwF^UpM{!JjzU!Y}zBqDFn=@W>zGR0Cxi#a+to
zU2_tkirpq|C6#|?i@{BGNt2l4frl6mJ&PxfhKNM~xqQAdYIosZf^6rE8#}X!eBHDk
zIVEGYa1EWe(vC*4Va$lS-E&@%pCGSpR=4v7*W(kmSY!@zv|qa(T3pfaEG0Z|$5txG
z-3SE}CXa{Ouw_?K=D5qj7iYWii|=p>GFyP5ckXDqdad)&qX&uM$>?Ah%03V5cy@m{
zV_}>7pw%ne1+s;%eE$w)-Ye7y9IqpZ@xbej?~wuDwu||regp|BHKa#^;dG~N#D_=+
zPY;(}bnxC?f7$}`EU6X&<4v6H_ISEOi8c-HT;_FKG2yerQ57O^fm28%nlIj45|vZ<
zYk1K0LYYRYDtayq3@#S>y<Kf&Zbg`$7?S#Wor*%1DcFhSlM|{t%#a`%dMOe~*AZ|d
zT!mHW4kK*x7C+g1KBFVp6CNABRw{4P?CF&^(JO4aJwOv|+j)5N<%{<s%Y^k*d)Dyv
z3&p7!?^>Xr3v}?M04zgK%T@K#$75;Zf1lUQfD`<|*K-M>A@Foi1Wxn<GHw3C;og1V
zxq~d;{@p|j3ez5Z)Z^Kc7?~_Ep9S%EJAAwSSh_3nI|yy>l>gu{ko)r31AkBSw+x2-
z3ub^PRa<8qFvYoNz~<t*CAO1N4!T9V_2hM~Q^;cqJ`lE#gDhZ<nIuaudwXO2Pb}HB
z7Mug>q3VhRd2S>B;lwhi3)JgLr3~W5?(v>6JyAOy{4_hP5s?$QmnAHxrC)L)BlJd{
zbfayE1{KRK1iC(l&&-wr^kigp7mYV?rd+aU8IZcedn_LvJxyo5Fseu-{fC{rDm&#$
zk&-I%jbFcE0Ked7RZ<mU9j06tR%5Ghq?eGG9J(cX%y-i8qNeQ{dCw=VSi^LZmbQR2
z6EhU+Qh+ox@iWVqoeKIM=sNuRMuYNCLcWp_E$kQD77zVW<&=5+Vw;t6h8o`ODx#j!
z&)!0e2}Z%j6xuTI30QCjmHPGzAXpGe64BvgX;}jkRsV0<D=B&{XZXXS#wti}++E1W
z&cs_OJPFfXcuE1b2pIqfFAU#(A682r4i$Z)myf{k>lyaWx1}u)<eh^nOz%S|!R^wK
zhXm97^mk*tFcCF>>OZ{T0ad<@m-Ii|K6y<`pUf0AK$l(0GDvR?=E%Q3UDk6q*cO>F
zdUubo*?g&AV@H(TKW$v3hiDwPmCz3s<jlxV)5XL?j`p`LX?APun2n9ccW!kmq?Dl^
zyzD?hn0)}rokel@-Fd2-m?kvMiU}yYs(!&z38rK{V{j(twjtT*JFbEUVtPF8_BG`o
zTmSu+urU_>FYHL^y|>l#tv91muEMIq)51Lr58tWB9(B3i*qkGnB?ENMSFU{(j%JbX
zY~#>)g5qab26Ivd5I5i|_xO_wXsM%Qh}_F$r5bvO{CIlR4)bss#6lc=QhJ0>!8Kl!
zm9a4;Fe3&DDuzgg_YDCF6)_eB6wZFx79#NDQ51!JwqT}XMNgR^w=gj<AutIB1uG5%
r0vZJX1QfG3c{NXclmUsxBIMf~<obs@IF|$nj{i5*r*6|M0s;sCms+u<

diff --git a/selenium/test/multi-oauth/devkeycloak/server_devkeycloak_certificate.pem b/selenium/test/multi-oauth/devkeycloak/server_devkeycloak_certificate.pem
index 7c11ae263701..74169e5040a3 100644
--- a/selenium/test/multi-oauth/devkeycloak/server_devkeycloak_certificate.pem
+++ b/selenium/test/multi-oauth/devkeycloak/server_devkeycloak_certificate.pem
@@ -1,23 +1,23 @@
 -----BEGIN CERTIFICATE-----
-MIIDzDCCArSgAwIBAgIBCzANBgkqhkiG9w0BAQsFADBMMTswOQYDVQQDDDJUTFNH
-ZW5TZWxmU2lnbmVkdFJvb3RDQSAyMDIzLTExLTE2VDEyOjI0OjQ3LjI4OTA5MzEN
-MAsGA1UEBwwEJCQkJDAeFw0yNDAxMTMxMTU4MzRaFw0zNDAxMTAxMTU4MzRaMCcx
-FDASBgNVBAMMC2RldmtleWNsb2FrMQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt5/wvIdHr5FJvIWNiwoaict0G/pkHnUYs
-VIHjLjeR59q5qAojrKRqs32D9eeKqikHv/xTp9dpOa8qwpho11bSs/HgnXZKie1F
-fQG/8arfipHkODn10VoNtZ0Revu5on9h67kkgyjCk4WKG34o7ye4qacJhOAGV8LU
-HJXyA1kPFCtZzvcobYwbpPENpV7MWfxqa9gIV6IZln7EttzcraDfsYIr44uLbfeC
-2BcvJZP+JFXmTBZz0fbMfLsv6z5KF0pH4XKInINan9ajGLnE5SbvqMLHQ4KANwMP
-Q8OLtU4is6wNAgAQmCYphmdd5k3m2fwXN+YeMohBGjdKz/cxnx7LAgMBAAGjgd0w
-gdowCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
-CCsGAQUFBwMCMC4GA1UdEQQnMCWCC2RldmtleWNsb2FrggtkZXZrZXljbG9ha4IJ
-bG9jYWxob3N0MB0GA1UdDgQWBBTaLvUjHU7ggs6aF7YUycglgDeQCjAfBgNVHSME
-GDAWgBS2Icxjr1ucGCIxikeSG9igJf558jAxBgNVHR8EKjAoMCagJKAihiBodHRw
-Oi8vY3JsLXNlcnZlcjo4MDAwL2Jhc2ljLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
-i1wni0pi4RY1Txu3Lef5vd9FzUqKYBi2bcrMVliAmmCjKriwSP0/zd9LgoyC57/3
-WUZ3cLMSdmMc8go1QPEBmkwjtkw0HACN+XXOmocRimewmBhCQ5Lh90xuFJlk7snN
-FbwQmohE6w+DvQAy8vseHS6WKeVsMCSPtQk2ID9/DEhSndQDJeYDpjrwUOn2B+Kf
-WbHLryT//sk6xMq4++ljQEld1NU1z8bo1a5D2juH9724KlzZcE70nJOaCGLPdamt
-e+p0kw7xlQH67+R1IaYgDNand62P7b+KZZML0B88QUC166ZeablncyFca5SMCYlS
-z6HFKTiVN19ZgqC084RQOw==
+MIIDwDCCAqigAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH
+ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjQtMTEtMTRUMTQ6MDY6MjkuNjQwNzcxMQ0w
+CwYDVQQHDAQkJCQkMB4XDTI0MTExNDEzMDYzMFoXDTM0MTExMjEzMDYzMFowJzEU
+MBIGA1UEAwwLZGV2a2V5Y2xvYWsxDzANBgNVBAoMBnNlcnZlcjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAI+qfG/X9HQIIWQFC9Ibj7dNOiWdwhpclgDB
+h1e7oBM9fIBMKeU2M1xFPmSFigOB989dLZhBG5yypgZv+6jrMqnUF8fn0DVhUZag
+FI8VNx8KFc0U5ENo+FFe8Isf7yrl4FPc1EychoHiGI2DKM3QdIDYQhtdlPKk5wig
+vJEQopMmwsMGKfkw6ARVzTpv1FQmOn8MMHubT9L0AS4CkPcS7aartNJEzltBlx5V
+lHQq3jumf8CpbionQFWWRjeGFdYZhL7cfYk4fYB3rvnVg8opzju4spdTU2gloZy6
+GGRhVeUGspbk8gh8ecF/83AwKuAkrwM/wMDwyKKeeq3QKHBJc9cCAwEAAaOB0jCB
+zzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAt
+BgNVHREEJjAkggtkZXZrZXljbG9ha4IKV0pSN0Q0RkhHWIIJbG9jYWxob3N0MB0G
+A1UdDgQWBBTGCKXoyHd9jncVAeN3uiStdQbOPzAfBgNVHSMEGDAWgBRIFMiWpPs7
+k4WMbt9+JS/Box5EhDAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLXNlcnZl
+cjo4MDAwL2Jhc2ljLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAQrIxS/Zr832lJV82
+3yYIql12rbT8vG6HYxwaJ2Bd1QFwk0nHMoTqJ5JQxH6mYY8NasjLFS15rrSGLMCt
+4Ja8T/haUXzfxuOMFVDvvnexDXdldOPHycIsv+BMH/7CuDnnEgCiKLGVuHZIgE/k
+igNvTVmk/gX8OR5tGxizMhIBa5Wer2kLBvJKl/gFniV3LCMlm20ufXvTpJSU4lms
+u5AI/snnblD0HtZ+HQyKJM5WGj6PyFH620BBYvTFR3oFaEhaEmHNqQGiCQ+xvzpU
+8P5crISfzcllXjfBxXCn/Ffft8y6I8TGxdRTrMoHHX5FJZWKZdaGH0JYQ4unWJ3s
+1Ats7g==
 -----END CERTIFICATE-----
diff --git a/selenium/test/multi-oauth/devkeycloak/server_devkeycloak_key.pem b/selenium/test/multi-oauth/devkeycloak/server_devkeycloak_key.pem
index 9c2f3b11fda8..94392d234862 100644
--- a/selenium/test/multi-oauth/devkeycloak/server_devkeycloak_key.pem
+++ b/selenium/test/multi-oauth/devkeycloak/server_devkeycloak_key.pem
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCt5/wvIdHr5FJv
-IWNiwoaict0G/pkHnUYsVIHjLjeR59q5qAojrKRqs32D9eeKqikHv/xTp9dpOa8q
-wpho11bSs/HgnXZKie1FfQG/8arfipHkODn10VoNtZ0Revu5on9h67kkgyjCk4WK
-G34o7ye4qacJhOAGV8LUHJXyA1kPFCtZzvcobYwbpPENpV7MWfxqa9gIV6IZln7E
-ttzcraDfsYIr44uLbfeC2BcvJZP+JFXmTBZz0fbMfLsv6z5KF0pH4XKInINan9aj
-GLnE5SbvqMLHQ4KANwMPQ8OLtU4is6wNAgAQmCYphmdd5k3m2fwXN+YeMohBGjdK
-z/cxnx7LAgMBAAECggEAUJtrx8jsTWOqVfpq37b8wsVs77YI5n+erCOLhOrCNS37
-svxRntGB8Dc8IXNUnHBczkvNwFTWwt5K9A34qPfPNaDUp2E1GD2wLfpQWlDA/BZ1
-owvwyaD9FcetgxG3JgdM9e1WBreIqA/K4QX3Ry/7AFwaoY3mbOo20yxg0Cl/GT5j
-DtI+RpNvA480yQWTjJBE3bk9S/9k38bAtRT9C6ArQqhkasXxBbuZiyb5GOvBZ3iN
-hhMvgXrj2g038jbElWlo/uSLcsRadPnLAvXXROKrqLMnKTkv3BnqmPXQXdP0eNet
-XoXAxbb8FbYtTxHceiyfwTOqtvUv+07wh8tiZDiUKQKBgQDg0QPFm2hqpMWPhsal
-fwtVa7QMsF6MVaLB2eb3onZoQxZpWOXyeA7hfJz4iGiObM12EF98k+9G3Mg88gEI
-RV+ENE7XI/YZcfQQsT4JNtR9CS0xDihSrmr80ndFburMT3oucpw/76AOs38Oof1q
-cs3VLCYAIMHm6SHm1ylTN3bQvQKBgQDGBzPerVMnwntLPie1gAIYDIvlSim81nhm
-Aa2jCIAgtogTXJ/WCtznvAxhDUsBG5Mn4oaS38oaBXSlnp0Vuz9ibZCMPxc2hADU
-1GSpXl/xv9yC2HHjMeWWWPoF9Qtpo9x1XipkxYIeJYTulqaPXTd6YGSdQ7NENTuX
-f0o5Sgy6JwKBgQCYKT+5To8kpvNESn9G4i8EmMobUIAd0ZRASkCGWQJ1XPrdQJsa
-OmIwAcyodoL16vRBNaG7StFHkAVDIrTKKVIVw+Wcva1C2ZrMdXo8eEznd/+LVT67
-f2vQRI8PgpwOvrg+mbnhmEknyht0BvXjR2LDJodtzL4QkLguanCA72hOrQKBgBQw
-w88eaO4S3DNNwQq2ZIBDNzhHmX3ReDEeVq/avAWZ1sHynbFbJi7Sc4iprE4Om7Bj
-Xkk3XAnPKJeCVo3Sq6HDfgtum1VJnDQW+7RxFOM3JqqImwQJIFl19PgKhgFdXarx
-0Oy5XozoUmdpIM5ZOMDXdyq5rltz+gF2TwEMVcPdAoGAVAr+aCEmFmvo1B+VoUYg
-wMef7vU8CmSVXWFN9G+7vsJ5xbk6D1VLQf8+hTO2VvOjWfjMqxPuOT5Bz6lsKNh6
-wgzXljUx0ZB/9c6rXCf06IT+CvFWWr2j1hgaCSmDQ6x/FV0H6tV4oSIAztEuJfGk
-Hl/FLnRCHMe1OqG/Gh/WjTQ=
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCPqnxv1/R0CCFk
+BQvSG4+3TTolncIaXJYAwYdXu6ATPXyATCnlNjNcRT5khYoDgffPXS2YQRucsqYG
+b/uo6zKp1BfH59A1YVGWoBSPFTcfChXNFORDaPhRXvCLH+8q5eBT3NRMnIaB4hiN
+gyjN0HSA2EIbXZTypOcIoLyREKKTJsLDBin5MOgEVc06b9RUJjp/DDB7m0/S9AEu
+ApD3Eu2mq7TSRM5bQZceVZR0Kt47pn/AqW4qJ0BVlkY3hhXWGYS+3H2JOH2Ad675
+1YPKKc47uLKXU1NoJaGcuhhkYVXlBrKW5PIIfHnBf/NwMCrgJK8DP8DA8Miinnqt
+0ChwSXPXAgMBAAECggEACVm9zqO+H901myZu7gZoNLR8j900OHYFN1hhQDcQhKAQ
+XeNXKLl930gMdwtv/6lyYRc98/Zs3yaLgsjAFu7z9bS9tX+jgA3s+wJBREzLsSP9
+ZkMxVifbXaRxwIRcEy0yDBNH6BKZ+JMoKPG78qVaJ9ares989cwA04FutHxiMHSQ
+6ScywMspOrknJPbosoikJ3tg4vCvCVugrXpjieojuvpmeNSY3HThsudPXR6V1fZD
+iLvUS8hZuHJV0tCsWyGho6qvTGrv6bvpsorPq4zyuMwxNx9Wl7Fo2fZHACdAAnOk
+LF7Hjz9YUdI1oq+05nq+dApf5zkB9C9aEGjP7uwuuQKBgQDEHXxIex0TAh3Ne/72
+wAvhjQ7+3csuNXb1mgjI7vJlKl6+uza6WiD0MtALQG1LL3Y4IKZVcvhfVL72Id8q
+op3a9asiE3+E1Y07abzgwG3uuWj7SmXvmxURhl90Jlm4zAOioJUb4sTXfRCCyVSR
+CfoC5g3Na4k0gv8fUNbMVU6s2QKBgQC7iP6HQiBQaMs6Ka/fgKMkwOx1Bpjylv8w
+TT4MjWIAmfDefWD6tEq6hPP66E2OdBndJ/UcZly7NIMImJP5KqlRyLF24ZaAiNZC
+j+ppVy2OzV34GW4VBxIH0+h+GyUpdsdO+ou8suGzisXWFfUpp52Ei9DRPQsVLWC+
+rLaZ2SJ4LwKBgQCVeyf9EyHxGB7hPg7zwyQLMnpol2PD/+qBf3wMs9y8cZQv6wDm
+/8W4fHaI7P2hXjbMx04hOXXJLA42C1FP7Q1HFRPw8E21URTKYWkfIm1olZhIWcfi
+3yEq73IYVRb0PUTUE3Q0AiApY+FO3uh/eMxAo1uH5Nx60xJkqzheHPPP2QKBgQCx
+y2asa3fhZAjQorcX6YhCjxletZuJ2rgjXgfmtJ/mPAxNk4a/CPEUNnptNZJZ7R6c
+Ooa6nx1papaULruTbevLGr+NGsCqKZEg1/qAVmNd0Lw3PDzOeL6SZ0gzTp8D2ZWJ
+/iU/CETNCFMZ7gVZsYy4HioiRYJdWIExJOOVpnN0hwKBgQCy7iod/gAJagOURPhu
+6AievvlIc7XvNnEwvFS0uCqmGzvhdHtFriBFGIYMH5Ea+DDnL9efl529r/TthWzv
+ocz7lWDMlH4Vyzqs+Tt4UHWCu1gDh4UAVga6AS+DbCVzKleseWxKgxjMD96f+7LT
+FRNf7QlGgk0Ei6aQZ+p3gfva7w==
 -----END PRIVATE KEY-----
diff --git a/selenium/test/multi-oauth/env.docker.devkeycloak b/selenium/test/multi-oauth/env.docker.devkeycloak
index 8b1ad3234463..a5cc4c924dfc 100644
--- a/selenium/test/multi-oauth/env.docker.devkeycloak
+++ b/selenium/test/multi-oauth/env.docker.devkeycloak
@@ -1,2 +1,2 @@
 export DEVKEYCLOAK_URL=https://devkeycloak:8442/realms/dev
-export DEVKEYCLOAK_CA_CERT=/config/oauth/keycloak/ca_certificate.pem
+export DEVKEYCLOAK_CA_CERT=/config/multi-oauth/devkeycloak/ca_devkeycloak_certificate.pem
diff --git a/selenium/test/multi-oauth/env.docker.prodkeycloak b/selenium/test/multi-oauth/env.docker.prodkeycloak
index e929f0246e9f..80554f60335c 100644
--- a/selenium/test/multi-oauth/env.docker.prodkeycloak
+++ b/selenium/test/multi-oauth/env.docker.prodkeycloak
@@ -1,2 +1,2 @@
 export PRODKEYCLOAK_URL=https://prodkeycloak:8443/realms/prod
-export PRODKEYCLOAK_CA_CERT=/config/oauth/keycloak/ca_certificate.pem
+export PRODKEYCLOAK_CA_CERT=/config/multi-oauth/prodkeycloak/ca_prodkeycloak_certificate.pem
diff --git a/selenium/test/multi-oauth/env.local.devkeycloak b/selenium/test/multi-oauth/env.local.devkeycloak
index 1a2b7cb0c286..6a2eff63d0b3 100644
--- a/selenium/test/multi-oauth/env.local.devkeycloak
+++ b/selenium/test/multi-oauth/env.local.devkeycloak
@@ -1,2 +1,2 @@
 export DEVKEYCLOAK_URL=https://localhost:8442/realms/dev
-export DEVKEYCLOAK_CA_CERT=${SELENIUM}/test/multi-oauth/devkeycloak/ca_certificate.pem
+export DEVKEYCLOAK_CA_CERT=${SELENIUM}/test/multi-oauth/devkeycloak/ca_devkeycloak_certificate.pem
diff --git a/selenium/test/multi-oauth/env.local.prodkeycloak b/selenium/test/multi-oauth/env.local.prodkeycloak
index 2a2e9845c704..f3c18ec41e48 100644
--- a/selenium/test/multi-oauth/env.local.prodkeycloak
+++ b/selenium/test/multi-oauth/env.local.prodkeycloak
@@ -1,2 +1,2 @@
 export PRODKEYCLOAK_URL=https://localhost:8443/realms/prod
-export PRODKEYCLOAK_CA_CERT=${SELENIUM}/test/multi-oauth/prodkeycloak/ca_certificate.pem
+export PRODKEYCLOAK_CA_CERT=${SELENIUM}/test/multi-oauth/prodkeycloak/ca_prodkeycloak_certificate.pem
diff --git a/selenium/test/multi-oauth/prodkeycloak/ca_certificate.pem b/selenium/test/multi-oauth/prodkeycloak/ca_certificate.pem
deleted file mode 100644
index cd37bea304f5..000000000000
--- a/selenium/test/multi-oauth/prodkeycloak/ca_certificate.pem
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDezCCAmOgAwIBAgIJAOA06nrAwraBMA0GCSqGSIb3DQEBCwUAMEwxOzA5BgNV
-BAMMMlRMU0dlblNlbGZTaWduZWR0Um9vdENBIDIwMjMtMTEtMTZUMTI6MjQ6NDcu
-Mjg5MDkzMQ0wCwYDVQQHDAQkJCQkMB4XDTIzMTExNjExMjQ0N1oXDTMzMTExMzEx
-MjQ0N1owTDE7MDkGA1UEAwwyVExTR2VuU2VsZlNpZ25lZHRSb290Q0EgMjAyMy0x
-MS0xNlQxMjoyNDo0Ny4yODkwOTMxDTALBgNVBAcMBCQkJCQwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDWJrvvUvpkiAhvIiciuTbFHRMC7VdOXdIM3y3I
-Vt56Voj3dkCVitFcvTc+pkuqoQUaWRTc5M+875CaQSRIDfVyFTIGTyVXv6cZRcoz
-0gcmYvopIJ4Wi5/xG9Qp8uJMtr+UBJ57ez6Urau/L3zETAVZA+y1bTylAlh4tjMH
-I24bvyy4yNQbPtG4y5F9x484fn3H4x7lf6O/Xulcvy8vL1kyc/EgrF4fpjogwj58
-eQ5HLwbAlMRRxXxXX2U5tXlrv475WItp/1mhZ+j2yCMKB4tJ8tXbtpgou0JDtlN0
-8Jwm3+d5a6PxqynmgRAXStZ4Fda93Pa3FJfw1u63JrmOprG9AgMBAAGjYDBeMA8G
-A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBS2Icxjr1ucGCIx
-ikeSG9igJf558jAfBgNVHSMEGDAWgBS2Icxjr1ucGCIxikeSG9igJf558jANBgkq
-hkiG9w0BAQsFAAOCAQEAR0iG00uE2GnoWtaXEHYJTdvBBcStBB8qnRk19Qu/b8qd
-HAhRGb31IiuYzNJxLxhOtXWQMKvsKPAKpPXP3c5XVAf2O156GoXEPkKQktF738Pp
-rRlrQPqU9Qpm84rMC54EB7coxEs7HMx4do/kNaVPdqq++JIEAcWOEVKfudN+8TMR
-XyUJT54jBacsTpAZNfY6boJmuQ+G6tkpQvlHOU6388IFuLPkYRO7h7CHVbDsMEXD
-Ptg3PCK97nCVgs4xfQGR7nT2pawfEUQVMon/XShtXY0RIKpynwrgICHDdvMXRXlG
-a4haA7sz8Wyroy6Ub5+X3s4YRumSQrhiwRzqU+f75A==
------END CERTIFICATE-----
diff --git a/selenium/test/multi-oauth/prodkeycloak/server_prodkeycloak.p12 b/selenium/test/multi-oauth/prodkeycloak/server_prodkeycloak.p12
index 4e363100e5056ca2082272cfbf82eac798b1e3cc..83a87f72d68d7d9b076b449c522ca738dc3433d7 100644
GIT binary patch
literal 3683
zcmai%S1=q5_r~q&z4sC&t3_FzWkv6z_g<nCy@g;AtiB=I>LE)kD@vjzB-(1xMYJHI
z6D?Zs<(vP1-uLpmICJJa&&9boGtc}E7)Id$1mJ>U6!Zkdg3q;{pOXU!0c9`>0z4Q6
z5DX)~1;dEE{<R3oU_>^5B?}+`=WjFo*8zYX{u%Je!Ny>*e@8O#eLN~9_b1-eBCyg0
zTgeMY?oN6jkO&7%MnLp`TY<#*IAC@HV#nuNfXBFa06{#eBy#CkUi-Ua8s<YAi`wRZ
zSQz2=A7cspXU={K*tsm3aKc6&^M^6Mm(<fc2Jyc+D+#UP*Mg4RTA6a~kD$s+)A!N@
z<LUhRb%nhtDbz`knML8&IlmRbznX6%-Vq)YZ85!UxDaX0l<PsB0aF0W3X3RRPaUyJ
z8=IyB<2RlH-eGJ4T|IX})_HnZ%9k@d*xsw^muBNuXE`76`;H^E994>f&f04C1PG5;
z%{4zf+MYyS*xmkE`BZKSzxwiQfo*BeKATJ1X!O)YKN5HNRq%rtN*n)$!=ruw&oi%m
z^sZ13_Q4{Tv+8`iG`7}C+GN)O##B^qyhmhDNOo6?rCgwU%yk1b5QxykMCMXQ-XuPV
zVd8?}iIh%PVVHeY|51ZKzgsVRHG42ea<=7bbGg|8^R-3~s%>Qq1qLau3`sI}HkJ!!
zWZnKXLN|ksJbR6%hYgT2IB59VJs`9&yah<)M_;V$*?#vOD|)9aFKr)(bql|o90=Vr
zQ|=oYWZF}@e3#&Z=~D$Q8nOFMA(e@j6~{37S8zZ=xk~ZVZdJBVpw$V0AV^qZ=_h*6
z%j-jlilimQ7Z!rd7{%Y873Y03Xd@P~VMub!pC6GyuYSHR`B4OWwBT~GbHl{Z2e}Sz
z{#3kHUhvaldplGCQ0;^v#7=N$4>R7x>)8Bpb?nX*j|)jsUY8*@X+WICMzo3epCUNo
z*wiV!TxBXWlWrW7#A&Z}e|3<$s`I#M<YNbOdRiA;gH3svo>brYY<NQT*~&U&{Q7=h
zzQJ1h6`w^49W_(BCI*O7s07DeoKO!1{ye{4^mckse3ay*(X=D8+sOZcp=Ulp<kK*=
zYXRM{(stcET9s0UIbUzR@*%CVk`#<L_Rvv$yUKN{7d@fVql~b4fs^i<IVQ{$ASTaS
zeM3nbcZ<Y@5HNsi>1g1y#K-Z}m8c+s*z`ilsLd}mJ-(fPgwAx%Njn0&=}*QZGtiqa
z4hD#_5qeGL7|DH}F-@!+UwYL%@?)*5<VM^sG8q(6($PfZbG@^%_6OmtzgmLjSVr1L
z6wib{gzN736)$kKvv3W^<^jW1+X*={CkjY=_U2Yl!qx!T@FY<XS-Cwrr*H{pprZRx
z#-T$(YbCa+o7Q2{Vaeu{<;1$r!6&?4oA|QgIhs~4p0?o|PIN3u;~!RR`l{3sh83^C
zkkt6RKI0-j%c~0Vtda4oe9MZ`)DJVNLE(mmp9*7xEKcZ+0uPh+ms?m|pWqEDD(@<9
zYV4b!Nh@cwW}n>0Q9vx$z}z$sEVEXcb|8g`isgYKnOf`YNq*mt5kG@w{24*Er&}Qa
zeMQY0>S$U9Bj*4<ID<^Vj#9eBdBPH%qD94n`-^m~>iy-Az1YZ{)m)>zK;@=$?Eo0Z
zK*~zF)Z14LBRk4dzF&i`NR9h{46d~-ESrdTUHsX{d`G3Z&Ao`C4gGS8JQX34+w8UI
zoug;$6ltB_k^Rbe_FZU=Xv8$VeNNTu^3&5rf;R>8@#_c2XrqZexdrwvx_8MlQiARD
z=_^pv^2=ubQokvm6P<BSVwOzbg9`CU@-o7WMRD3!ZLN=HobB2{@4m#P=Z;g_$8gnn
zACYxeumvUh$y>xc)uvb7)N_XS8r0lZbe>aYG-4cvHZsMgG$k=v5q+i2Zb3b^tP)_(
zV-4}UIP==cA9kNskJ}omz!#alCWQou$$GH|=*NO(W*FFJhxj>{Jq>gSH>FD#pKe=N
z(`@VZ1U)>&CGJ63pCjts3Q|w1Q(kOhC8c_NKc_$PZe~iJ<8WqF;>bvow^sc%uUX6X
zd8<3DWzLOorIzZrUG~z5pjRs74D2}L<jPXV<K3-^U25*8(c?P!<Y9-_y=|WvV-A@K
z+z1#E8R9$h8_kFaCHu?{Z*~r3gpz({db<#dHfan?nIB`7bj~pTlp?26*p^<XfN~5|
zLf}P<ybcta<E0A~9v0}(nUpD`YawazE-TGFLWq4`Sjj(Vf9~1sI5ihI8Cvp;PW<~(
z4o(|P$j#0cI3CF?&6F=_wX?uru(mD)O_=oHyGuJ;#4Qx9c&0ZG(pi!|KOFX`bBU6W
zED`*6f*6>70Zqom10fC-w3tO&0CX`u<bfkYaq4zUAElQjs9kBW!v`_H?D-V$O%8^i
zkkN_rF8de$bYQviGoVVbTFM+8!&N(J<TomYEw${&EI&BHHGV2@Rpi0R;Q!&<$feAQ
zo7>uj%Zgr=Xe1U`l#=c-!+8==(DfL+Ai5EE>oRpIarJ;(=H^cEd7n1t#k=#kWuEyQ
z{Q=b>3BpyC2`a6rCj2dX4UmM(laIO*{W1%~@iSZ+HWqg;IY-GxXH`m%=%L;bk`%}!
z>ty$K94EW?L&ncYw93spc$`M2?iY5Y&+5<e@m1J6NwZ|aSE-)v`TW62tJv?jr(E8@
z_Na;l&V#%jnD;I)vSRrpu}amVhR1fk19}K4XEO;+-0-1~V+!Xv!)ENvsx1X3XZ3+<
zIuorBtvE)tBBEM>cOK+#K*Vpd;_5{F1f|S@-602EZ2b6`RrLgQ!-!wI?2-0AP3`zy
zTkN@+Tc=3ZpzBtW!MEHfZ_kgH6SFT+6;3Y8XoW$JT4C?mp?kM-?**DP!F~NBb@40_
zTr?OXZ3Euk0`7>@tTs{xIrun~M(2k%-dXKvcF|l8mC>Ynf&?{O^gtp548u?Rha3J2
zBKXmGF#L$Wa>(BbARzsJMj;~s0RNhDe?_VP1s(wjN5mdb#}BpLwvyq$_~rj6cx<=l
zmH6Jzu{cJ4P8FC2LhxXC<D<JJwUv~Rv*O>v1tS_vcAYD+H9d@x>MZiR1Ve{>ZnAig
z4fGwWYGij`M9!e5R57{Gt2gjx+<O&u+`*AlH?*Uj4pt`jURG1mt~iYw2v7yM<#%x*
zn!QI@Dt!xHBtfH1q>Ji30Z3Cka!m+{`U>)3;3ydKZc^oVryv$#APlsF%$Nifw{%h4
zx5TKePg2+OdKoPk90wRD!l!|j^<rFjuJd|^d)MU^g{7ci>r|8p8^g&HoK8%caAEy>
zx^LWLlCd|~hsq%Ya>Ef6ryo7-a2+z<G<$S0pDMvqvdS~8-8;mpGr#pzu|Fy%VjQBb
z#WVweP+Zl+uVFpOX>DX*@cm!=X`%YY)O4;`L>r}wbj9^GfNVYL<{<X`bVfP@<>kf$
zub%Cw)VgIPv*FY`4&)Bw%4(&fag<qDd_!ZD&RTl_K(w$ZJakf=SCo+1T>dU$6Y4oy
zV*Uj5HS;=`Tus9UhTW_=za;f3iK<(@DXHLbAi(%o%b+qc8T~##I@0HzWkpTuQ>0xr
zRX#O#`UKZLc8X@<HfYzStwPJz(=%3EUQC$r5B|>i*oH3gysl#X^P;0FbRZyWRMyc^
z&~a0i6H+EY>~!I74`Y&rs{Cq5LZn`s^%feqFWRJ}(rSTL22gt`w@rn*Klax<M~sri
zJY!L@->e?z+HEJwr*Vfi#D8fdk?b4FZy)g<B|)U7uY{0@DijND<s`H)gXWI%GK}ls
zk<(=kzpC3@5S)#a7UEIFEu-Ht_XH#R#aM_os>?b+B8z4Y5Tdw%-8y&o`PVzKQeuBk
z{kSkDyn^VPPcoAXFVF_Wm#qS86EnI|L1i(3%6SLRUTw<fH8P1=e?+g>qS@PI`rUfi
zP7Tg~%d#qawgpO80V3~RQ5hN5omi$)DcRa;o(1GaRCzpkoOh*Tg^@B@JRoHXKl(z4
z6U<OudXgm5W0o0Z&{}JXBDeBe*Rr&z?3e$p|K_c|gM|7Vy+A~kk6C?-+qN1@<imXo
z2c^rlmt`*WXJP8C(pL3N)A3(?GUeUPq}bE1gAm!Ssy{T83`}Tab$vj{ZQRl)f0UGU
zJkCG8--4VUWO!A*=TEQRuxVQ5{xyhU+cG#thleqW?%Lt~dqtYOc<?$cgCYI`-}4$W
zhmD|tq-41)+6<dRJFmfnZKag=Xl(8VPR!<G8VBZJj8%MLF@mdGz2almew|D^YM-0l
zm--n$ck1(cg1h1<+$vW6Xw6P5Bgw&8wGLvqa5w@k_exBfACf{)$W>Y#)aw<>qOu5a
zpVMu4Poy{u7Lw`(S8k8qf2~_8v)yD|(u?x+;gE`IFHH?rTWi!WATQXD6OVv$Lbs=N
zH`W9KcN8b@_JSpsUV5n}$>z!R=S#LGg<adBkqR%bP`81K(CSpa(i$GDY(ZJ}WLjcG
zEen*{X@Cr+^)bUQTWNvt>HD`ikH6!|UFV1`6x=V2?)l<Bbt#w?!hNATnt3}UOs`&=
zyZzfB<$SciH&kFuYkk?jn5DZ^D4t#0FYE`W{ElJO7Sr!WQ(m*mq14GuUsti*#Q8<T
z`;4?ODN&%IMmS2XEM)xgAHl8kKF-cK;;k&=tW87AuwudC(@yumL56L+mYs4rBzc<{
z2+Z?O&=S*&G2qdWF`nRu@*a)6H;r&mGk$<dz$W^EmBC_Q@_*hkAOIf+k5i>%LZKxt
sOzYTRBWvngd*#ngCDVcQLw{{Y&O_^+R5LuH*NF}OI`cNc|Bc%J05&P!j{pDw

literal 3517
zcmY+GbyO3Kzs4Di(I_brqjS2An3U4prIaWm2lB#@6v+Wf2of6|W3+TgE3G0S(&3Os
z=@x;>^*!g_`@8p#@A;nddCqzMe9i}sVQ3`>P{1(^VIUfb7dkI~F#xClcnkv?h+**f
zi&1b4HSd2S5FSH){V$>?2ax@Jl>bQpaBdLoe>czrKyXGN^=Q2vmYyr}8aX*NSvZDj
zh5<EkGlJQaETJ(V*Xj#^yi#UuE|1teQp*G^5BH~DFWn{jx?Rrg?1;y!;?S#QFbZAv
zt=`EW4ZJ?TkaQ9L3RU$cLEoX=6I!+j8N2hg5McZTO1l<yqlserj^r&a-H7r^<@dbZ
zR_EgyY7b1EzyzKW)HadN%yoI$T&%9^b)U;n3+1+4kod3n2L)iJRb9-R*_C)ZUFE3|
zul3Gu&^-l1m%b;8>@Q#rv0+nU?D>Nk%6pj{Yzc}1Tx)~DGjf**NO1F)j)s9XLz6?s
z?)=_Lx)Chk+pF;~T+U-&iw<tw{mE#J6ZXRW@Q-g-khDV#IoBUhHH4D;fuR*$6&&97
zhCv&m!_cP*)N679^m#AeEB}6JhBw<ttcdGgHoLRS;a+sIK?RPpzeB2ZW@@|oL{xvw
ze52r0&{qm8uD%exuQknh<Bf^5#Zfhma$CdmNV!;@scG_ewI_{LUfDwM@%Ygx(_Ixc
zP@QFlVF|%lKBjmBcjw()pN&}xeU`1%`_;4Wb1zBtxjuqCE54IDXF)aGH_1};zW`h<
zt>p3!)0D6H=ZnvFSq?O0l_T~aLBk)9_GRQG*TNg9^qk$tQPA}PNnB$0bOZlZ&H}Eb
zuCd7t-!NH(y;~wo7~0~dUuRVPP6p8%R=pMIJUp8(@;<QJ!%vb<tO}hqAV_MEnz=);
zjU3j_IUjm^U)s<?Sc$~Ei8AZ>8sqXQ`)3fKlE`7w?`o^zCYI>)B%;HCY$if5s0Jj0
z-w@P?upax>L}#Rj7{Ht?wZJ^&jW#hqJ$dcS?XF)D0Y}5(MVT>u4&@>Yy0?wO3KLx`
zMxn*;g~wZe05huYFM;-rODEQL<Tcb^Z9DHa_A;CS_fF9P!!PHlpZW+xQ}|`xq5gO)
zPI}X)c;$AX`!n;+EIFf-TdgGG#<0MG1QIe*oOg~AljVUr6&=ZXcd}IEpQ0A<U}=KR
zxH>KH`h;nBpCwcC4W?fSD3A}GeP@%uZC-F3f?FO#!Tu&dyhTVV48gdEqZ12qd!sId
zs4!HNl<p#e7j>zd<nq%sqe8lX6^Q)Ep*n3`y=C_)^JSpwEB?|n)pW~@9`rp>G*>X%
z>-A?IVhVY3V@**O{p8&2XYm0giLdgo+lvA(`+-9c{|1eyeX>tiaSDZ)^j%pesJ8y`
znnPz*a(ferAh%#LjH)d))i|rnh_$9AL1sU9U;O^64b`>YDl^T=zuMGmz2pvxR4w9t
zg+feU1Q({7h+u-UAS0?zQv2F6D|Ga=nLTisrVd5eKl19V0TD2*%;#-*+^;m<%Es3M
zMk)6NrsD_am|d6U6*OxRioA5-A7~Sj>$mt52G5i1K~G+n{CmjXFB%kucobtF)vFwH
zS=|Me<M4iZWGqJZaT!o;l{uJ`L1lbehgg8u^f&vsZV~$HoO<SE@gL?c?ZF3@F@BQS
zvKJ|^gQnnMPPNt@V~`Us0mAM(XGKCR9?MBf@TF4FHJ(ca74tLJ)j|`^hh1TC)9uwD
zWVG+S2CEOWwDunz=`>-7TK=;=Bcj_E&xDw9mnQ>DcFDaCEnh<(mrkZeLqiHJo@VCH
z`!6-DN%x1D%^6XITqi3k*3lWwCHupp4mA8+9`ylp3_i|iP3tmtGFe;X@V1WTvIV0L
zRARdzS5;4GYAM{v<_K&zSv)h5g`<(oB@+4pMiaYCo+Xl2ds~ibz;fu+Nm%c#G<U0J
zc>&JdwnO4Whk#mRU!935<nQ#LVkGm!E+w8(B;VVOUWW7*_bjY$i?JE3RL1#?;i-cf
zo_#)hv!c9hfD7oDKcfbayVK04qA`E=LT`jLLL-~O`ytulo3Y#@-b(<Rrws`~9N`^-
z1gKVj4V@puQyiHsHEqOUSPvW@&s4$=G}F)Z&vVbT&22=(cGLr&sh&tueS~)z*yoC(
zbbb=Lwi5kPoyP^7-DTG_?9T17kQ|oIG{Dh96)SVvRh{QBF%U%-x`5o}kFB9nPwr~m
zQxK^N@JuMkozC^~nV3sR)3Ocl1PP)>L+#!2&wi`_d}>feM+`ZDCDCp6*Fr^@8o)<^
zSwEfWpL!wN%ZNq(m;rh2ZQI8m9D7{&h_byqCC@`8O{%$}Q!xl)WC?&-6zxQm=qk4U
z2c1)qp&uC61L=8XIE*qFdq0#cYBV^Wn2k|odi5GTmh<o!v9!5oO*cL(Cph3jcCJ?2
zhxeF*na1hioZ7pIqvlQEsJ$K-FBA1NYAa!#pE>BP2YYn{hVwn6iGI*(>e)e(qtkw_
z(_49U&kB)MK!~4ZB}sdJ)HS@D(f+84L&rA*BU+|n!D+PT+FNY}R&m!eGndrzx#%_G
zU)GM-*kq5RTT2tsvrffUz`frrO)H2uAA}{(x5fTU_5tE+_abq##(6hF`fkO_X>X`4
zO4IjNu2)&>p^T%XSm8FFa?(XIVv*2{f5^w%t82ko4a%WSKTgN%-yA9ndFiI$IzY#=
zM$_R=0#o{X{;A@83!(M|dEa?IK92E_AnoO4J!-W0j_BTO(x6guN|<G-d$4hRBHm0)
zu+_NbMkGY6uu+$oyi|)Qw^q8DyBskkb>CszV~YVP-S>68_aNs}%1gJFIUVe;5|(!L
zjUz+rg0^aLom{LMOP(NeVx0hlT80$<5RRc#{XZgr$52WEF_h51SmN)Afav~53upo4
zcnokCjsb4|KU<*q*A^OT;<m1!v{e7v0uTfIBqI+By!}q*!*jkpk5`eZYv8f;rp)g%
zXg1-f#XtvQC~#a$`XZ*(aq~daaJ4z{hXwX=>r6L8eMoex&A3+anve>cMlTO+CB%#&
zqj1dHtZ6YHco2b%7ufJJE>r0m4Rc<6V(|pk)-)Xb+ija??<3joPdv_r$<aBwMeUnR
z3Yuq6>RAizVk?f{k33^0T+Wv);8xpS*+glNdSLZn)Lz~(s?!k;PGk!lYT9G|KlS1r
zQ*?Y{57cUW`}KU1_9Ky2z9%VNH=}9oD75e0H9;&zQka$!*q`6;NU9^;HeBDmooG08
z&7wgBUa&DC5kY98|DM=8!e+>0P4&PdOmmF4<9aTKH=Fub1svbowv4<kc~5!^ss?(|
zWwsmT$b>&71@LO@1Wmtzw{=w(TFxOjIbyz$CZsZQt9inhvO~b>EZ|JRa7k#E_<V9^
zWTCE?6Pn_&g|%N1%v4#3QifB}ogR;|M((9#z8zgK^#=xd3WxSVB%706NPV@f*Y4gP
zXj&o;HVvJz$E+5lnce|43X9%P3XQZ(=Tr`Dc?X{Q@iy_gZ7kciQgvdE?N*^27eQm{
zw7cJKU#yZ#bbbYXE{q|s$Ud!Rf_Bb!ez)0vK;%+!u?LOZ9(XXVB=JYI{$!<0C$Y{#
zc{VuR2jZt|&ancXExYMX<ZQ@n+eTDn#Gv<SI97Grgr+fyU<9egPbQk_#O2u<RgF;Q
z0%ML>n&t-;M(IB0gts@_*veKq1-|QU5mT<+)MeSexLuR&nwA!mwUKg~dge*VV99;_
ztZ`mOn;h^@ADdUeH)R!h_wOY=n%u0yolB2@D~r8m#gO3?e{xBM)npert!pV-e%Xic
zQ%t?^=80%!W3OeltS9(yvu(YR&`HpT0$zvYxGP=u>F<lGsQCMoxqe{*?cih#G`AkG
zpe(uR+hK{mCW32}LVGfqkn*=Ik7Dv-pBAt*3m&ku++f?m4|aZJXuzwe38YU?=rFu6
z2{`_!f3#aW1Sqh4<raH*;Zc4Zu<kv9aJ(3^+CSV3nT?tURhK&9Raqa^S0*5gd+(*y
zYj~=i`fwgTuMM8Qh)XX1^zwD!=cu{BdBWnMSy?G#yx~sU=*`1wb4Tj|CM}xCTZ5qD
zF2PCx1+x>PmdG%zwc(1}nRPg`hGIR-l3)Ci^U^xLClY@dk?(oV<I>D1Dj@O;DGcd^
zaKf{}aarURW>zFyStc3%;mN+>$v|_g?5+X`!jmI6H%>HnzV2nt!Eb_1GE9n2!j_na
z$A%&e@FxbuQEIH4j9ZjH4C`@~F6MnQBg^v@DVX=egZGUzDrxmF%|B|m^V#CzY{>h~
z<RzAKaVe)@={fNXtK)LZZXAin$ftcM)rs0AaU_o{?4d~$n+uV8;fsTFRs2D$ID%tr
zZ35{P`YyYn`{*CAapuM4NksD$)`^SxAuA)9v%jKWsb4-#F8EP0x%sU3s_&hHJ;Ljj
zj=b&h;hN<-ru}5o0c}0!zWk;8#%~)ds8*-h>rs;M4+bma;W8hD{o6?0spO>{VeMA%
zKZ>l;j{euahyOCyg+H43wz!}i)3hc0HGp6-T-TbV{HPq-J|y#wMrrKF?hGNxuj}Fk
z#m+Nk8w*KcxZwY;BMqA*JCL=X6mg06xuA6Hs<wTT%E4?uD0K>#g!98`K$H+h3UW?L
pG9YV<NPgXEcIDPf`@8b}CcH&IX_y><)SEcv!1WsscK=<;{{k<9lp6p5

diff --git a/selenium/test/multi-oauth/prodkeycloak/server_prodkeycloak_certificate.pem b/selenium/test/multi-oauth/prodkeycloak/server_prodkeycloak_certificate.pem
index f155d4123327..1e3fd2ef73f5 100644
--- a/selenium/test/multi-oauth/prodkeycloak/server_prodkeycloak_certificate.pem
+++ b/selenium/test/multi-oauth/prodkeycloak/server_prodkeycloak_certificate.pem
@@ -1,23 +1,23 @@
 -----BEGIN CERTIFICATE-----
-MIIDzzCCAregAwIBAgIBDDANBgkqhkiG9w0BAQsFADBMMTswOQYDVQQDDDJUTFNH
-ZW5TZWxmU2lnbmVkdFJvb3RDQSAyMDIzLTExLTE2VDEyOjI0OjQ3LjI4OTA5MzEN
-MAsGA1UEBwwEJCQkJDAeFw0yNDAxMTMxMTU4NDNaFw0zNDAxMTAxMTU4NDNaMCgx
-FTATBgNVBAMMDHByb2RrZXljbG9hazEPMA0GA1UECgwGc2VydmVyMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRzkMDxZj7DP52nc4voOCz07tfpam9Qp
-JbqJFwCb9SQkL/feGA86+IuzRJW9N3RozM5jeIa+yV7Obf+km4FYxPP6SffEEeM9
-SEqMAz1BNfUxGvo4XI6TmJ2u7YK0haVPDRSIGNmJO1tZgceOU0WeUkpNaNh4yF+f
-3AQEEtd78ywdR/NHnx6wFCEtlPkSIoBLUX0/lF78YLkDZRBCRasUWP3m3/StUYzx
-6V7LtBfiUhSd2W6AvxUo8NLRu70wNUyVuwwUthEj8AxeyX1SH3UybA/OT68c64NH
-gZauVdDbz7cBVJCJU2fGUO8+Rq/dS7lwRymee/nZ5iqg2cfCEIsehwIDAQABo4Hf
-MIHcMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
-BggrBgEFBQcDAjAwBgNVHREEKTAnggxwcm9ka2V5Y2xvYWuCDHByb2RrZXljbG9h
-a4IJbG9jYWxob3N0MB0GA1UdDgQWBBRHLuo22l4IoKXLxGFVjbG7bi6oJzAfBgNV
-HSMEGDAWgBS2Icxjr1ucGCIxikeSG9igJf558jAxBgNVHR8EKjAoMCagJKAihiBo
-dHRwOi8vY3JsLXNlcnZlcjo4MDAwL2Jhc2ljLmNybDANBgkqhkiG9w0BAQsFAAOC
-AQEAnawpUvXok9AVLD2JSnFT3hzc5sRkMMuLLR9nskGpmp594mgMKebVOMh7x/OT
-2/pO8RnqTyA5AB3DJPb+1bDBtFmcWaktOLOuYOw7GXvNRzTIRmW0i65l7cgnHOdU
-U3JW/D/FozY02w5nVh14NDhgHs0BsDOJXUmogsmlvKFfeKiaB8vIz6wdLlA2eg6L
-AQZNjiACNbzzd2C3duSDD6BhoImN0j7QsksPtwDwujAIFZcjlz7J11KRniDbecjq
-cCc/gU/Ms8q8aahK84fG9UcPZJe6MtFY0B9AmiEmq2ImFlWWHUh33eSwIr37jywN
-+8bxzT1vgTTqskv+wMbM+mQa2w==
+MIIDwjCCAqqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH
+ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjQtMTEtMTRUMTQ6MDc6MTIuMTg2NTg4MQ0w
+CwYDVQQHDAQkJCQkMB4XDTI0MTExNDEzMDcxMloXDTM0MTExMjEzMDcxMlowKDEV
+MBMGA1UEAwwMcHJvZGtleWNsb2FrMQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB1c4MHWnuqDBZ6VMYyk16W5qVKmoQnm9c
+bjXC5hkmUU7BitYjthT+udt5dtzcbPo0bJf9/YNsfG00EsT/8/rUufU6K3Uor6Dj
+4r8Q1e/rm19KNChe79iJ7VzYu9yh/mVujVkLF51OgcKDFe7eDAGxhhpp9yG9WbWe
+BG8Ueoqh4uIHekFE5+LizbjgDOrYwna8XXhThyJQqnAV+SL4GwkVe38S902Mf78Z
+vnrWfUSuo0ZOigJr+7s2R4/nsvoCC8Ec6cMiJApqJ+9JED9/nLcCPSsdh4exD+cJ
+dWOe7Jd1HyfjcQ5dGF6a8NS+o8JUzI2H6d961Q3hvzD44v4SgbYZAgMBAAGjgdMw
+gdAwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEw
+LgYDVR0RBCcwJYIMcHJvZGtleWNsb2FrggpXSlI3RDRGSEdYgglsb2NhbGhvc3Qw
+HQYDVR0OBBYEFHAbzqd72oqgHN5VZaJA94OxbVHxMB8GA1UdIwQYMBaAFPsm2Wgu
+4Sjb0Z7Bb48ZuwAJA7VnMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwtc2Vy
+dmVyOjgwMDAvYmFzaWMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA+GaPVxIP2BUH4
+DUSiuLr3NB04qWFEhTC4dros6ebU0B9q9VwNdns7TsnTf1K0c3MEv7Q9lgBq1sds
+PUP+oOygF/xunjup0a2Z4Dl13YWC8D/gsWMK5Lfhczjk9RFNRnzkysMfajXk5oA8
+i7Ne8Cw+ROzbNfP7b9d2KLYctfxTsUf9r52RFLyhDbDzhaZvpmeyBfq4VIUpi6Sa
+vE+MaDgJzg2FnS3EoSBELcPvy0Vhdqy+DnbCviIdJm8U39Ht4ygFJnSbCV1c7xjv
+64YKSPV7jECeDLhdo2rLNhiiN+5NLJvrC/Mj4919Etngr9oIyfX9TToNVTKtp3JT
+HU3R+2KE
 -----END CERTIFICATE-----
diff --git a/selenium/test/multi-oauth/prodkeycloak/server_prodkeycloak_key.pem b/selenium/test/multi-oauth/prodkeycloak/server_prodkeycloak_key.pem
index b2cf9e44c515..3f92f6940607 100644
--- a/selenium/test/multi-oauth/prodkeycloak/server_prodkeycloak_key.pem
+++ b/selenium/test/multi-oauth/prodkeycloak/server_prodkeycloak_key.pem
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJHOQwPFmPsM/n
-adzi+g4LPTu1+lqb1CkluokXAJv1JCQv994YDzr4i7NElb03dGjMzmN4hr7JXs5t
-/6SbgVjE8/pJ98QR4z1ISowDPUE19TEa+jhcjpOYna7tgrSFpU8NFIgY2Yk7W1mB
-x45TRZ5SSk1o2HjIX5/cBAQS13vzLB1H80efHrAUIS2U+RIigEtRfT+UXvxguQNl
-EEJFqxRY/ebf9K1RjPHpXsu0F+JSFJ3ZboC/FSjw0tG7vTA1TJW7DBS2ESPwDF7J
-fVIfdTJsD85Prxzrg0eBlq5V0NvPtwFUkIlTZ8ZQ7z5Gr91LuXBHKZ57+dnmKqDZ
-x8IQix6HAgMBAAECggEBAJ0IvzDe3rvxPtWedsiQogiqnoZA3yFQL3TzS3o3ko9+
-0fbWn4e/1LcgNjF2jpHPhsls2oTRCgYozh1cAUcfX5YiP6wkF+gzvLVG6D7bRKEC
-PH6pJPs4pQ0FCwMQDS9R3gEDqCVnLt23PZO1o29oK/BrbjhQ1zb2W9erFxczROih
-hHMpLucuY/X55/6QrbyosNqjXCTpoR98Bk6xnvMyuXuIwCgQCT6HD8yvKH3+gG06
-LOQ3t9jy+JIiiwX7l/JNJPYZr+ElXlZa4DGO15/91qcDZbBIsmGJsZHlaglojjUn
-utyrqnai1jInZPMGvlZfuLkAuOPtJKMZdXoS8LzlcXkCgYEA+ukTVtlxYHtGb84I
-xR2YQ7Zn1pYJj6Sc01wQuo+oHpFuOpi/VUGrsnKN9W1bxL7T8TJC0Rjffz7mfuGs
-5YoWFOplVju0sG1KtpQ2qBKAaMiGsPoa4L2VbZnlyzQj1rDa0RYwW+zNnbGfipdg
-jqfsjknvGA/aaLgbkMv0ZH5GJyMCgYEAzTE6P3EcZheU+swDUwpoOYkVRCH39xy5
-roX0VLwpU7ARUqgmBj22Z1dnh9WM1+9Rc+LYFOtY1C1IWfPy/x/edJel5hHW+8EF
-80kYp3Hv6CfYWlVDDxbmzpN8lHnYKigR/eKVq32jSMoQ4NTduwBb3NkMHHQG3cft
-885zPFrLU00CgYEAx7sLmwICn4PiIRQIpSiW0af85rOOrtqhwBo0ct3yPUsVTO3U
-uQBKtgU8fdbsyyQAwKp6x8od90PR5cSthhcy1rlzq35hqmOFqus2yvnXYBHoLi8Z
-gDdKIPH2G5jIwpkLxo78NeC+GL6ROpif009XHjk6a5QLD3sm7k98nxZpr7MCgYBD
-Oj27S3PifxdwlCcCrgY305IEIJz9eYvcgkbq/DsOEEGcszrCELYSZbCl8HGUzfQB
-4/Cn6fPQkIWD80lKDUb1LDpOhsnI8hThALHzKoFPrr5T2lt+NiKoy+mlO8Z3CWnb
-pMEkzqUQ1CNzhkqfWh6+3N369IjLYRW1K47V12mGgQKBgCXyTridJ0HZRuspKOo0
-SGQONUEELIs9jOyqZqt3/0vhhkD9rpyEL+J1dr+pKTAFTw3G0bC8A2FlykCnD2Ph
-rMUucItj6svLLPIN8GzLxI2c1h5lwbPpVDyVIkcZCqbJ9V0vLzP+JmIsDscQG3xw
-SyfaSuozFOSzgIg/ZZNEGT9P
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDB1c4MHWnuqDBZ
+6VMYyk16W5qVKmoQnm9cbjXC5hkmUU7BitYjthT+udt5dtzcbPo0bJf9/YNsfG00
+EsT/8/rUufU6K3Uor6Dj4r8Q1e/rm19KNChe79iJ7VzYu9yh/mVujVkLF51OgcKD
+Fe7eDAGxhhpp9yG9WbWeBG8Ueoqh4uIHekFE5+LizbjgDOrYwna8XXhThyJQqnAV
++SL4GwkVe38S902Mf78ZvnrWfUSuo0ZOigJr+7s2R4/nsvoCC8Ec6cMiJApqJ+9J
+ED9/nLcCPSsdh4exD+cJdWOe7Jd1HyfjcQ5dGF6a8NS+o8JUzI2H6d961Q3hvzD4
+4v4SgbYZAgMBAAECggEAUQs9gvg7ZfNBgB5bxZY0TdAGMo8Q2ND9m8ZiyRIe+tPt
+G2Qaw8SqQ5TfDIqjrrAL7yZmaGZ6cD4YBLlCUAgpXI9B1qf77N595TpVi8r/bOHC
+NkrXhFZBEe5CL0Zg6gRtUYtc6xPdDEmZ0+g0PvgDLz/0RFD1dO+Qzbhp30SbOTLh
+pZRMkz8KtjnwMKN8HJKsQctMVthnAfU5FW77+xpynovT9qs/zbZCcxGm/FMXc1VI
+Dxmy3yaztGLYD1amON7BdL7rYnfFvEbg+mhrc5tNvFN2KeQCpjdOmeRyuIG8VWJr
+u/P1O4ho1iWA5bhslhw1bbZh8JdR80uSL4q17x4WLwKBgQD6VApTzjW56KVu8RPs
+qup+7hLI81X6IT9naXwUTmfuHPj6ak5xoyKmnTYgA9RWL6em7KkK6o+OVwO0Gxlr
+tBGu2++QQjCNQjhzujgmlglk/oDh5HSys60g+BKkExpyk27rZHuvcduBmLuBvn3g
+Rr/0PzJPH5LzpfxyzH0pFbiHtwKBgQDGOheKeWUUaDOxMi5rrY2+NGHJtzrLkbHn
+9ss7Xb7OCOzZsw+AUnxIxTd9Ysloj9bhG7pRIn8xgofJ7z6m+mTVwF0+GwlhmrZd
+U9U1BOxkzR8q744tO5bGrF5wtGyMydILwJjz1tw9OiEwy58C1Ad5WOZt7Lu9/Rhn
+qQrdHyqQrwKBgHF9SHFWO+VdJCN4CKBznHyPUtTn/UK5cBViLW7HXTcGy5o8N/Qt
+EbiX7cH1+n5YfJmhEcJxNURDDtrIrm215Y5xB9tPJtPkAdP1yR81Rm0TNTs0Z/Pc
+odEgptLcFlF7pf3yQGD6LZpDtD7OLiNP8Ba70AMvPWBZEGq7asMFpfNhAoGAMQ6R
+YuC2Jj2/hTvRBy71ZDwcc0pYT6bn62tFUpTZsq28yAerb2t6fJvqJqq7A5iNajpt
+esTZy4vtRQljbPmM2OV5bfRM9w3N0fz8R9nHEw88hmiwu/sCTnq8CJJuRs1voR7x
++26SJMjtC+Fooc+NZfedV1j+AX/QeV75ZE3hP9sCgYEAsHtQuviAZ6LKKp3N6wrZ
+NnCvzF4sZhGBp32v07bVba0AN/omG39ab5SRp2G5+rtO7uyisOfonmeoOTQauYOb
+NcnsjJ++ZQ1PKaSV8cxMRdbbAup6XwBps+CXLAGLGhF4LGd0sKVa0aBpmFfmk7Qs
+A4LC20RdtOiu1s5krdmXQvg=
 -----END PRIVATE KEY-----
diff --git a/selenium/test/multi-oauth/rabbitmq.tls.conf b/selenium/test/multi-oauth/rabbitmq.tls.conf
index 61107323c637..4dd4a1c886a2 100644
--- a/selenium/test/multi-oauth/rabbitmq.tls.conf
+++ b/selenium/test/multi-oauth/rabbitmq.tls.conf
@@ -2,13 +2,13 @@ auth_backends.1 = rabbit_auth_backend_oauth2
 
 listeners.ssl.1 = 5671
 
-ssl_options.cacertfile = ${RABBITMQ_TEST_DIR}/certs/ca_certificate.pem
-ssl_options.certfile   = ${RABBITMQ_TEST_DIR}/certs/server_rabbitmq_certificate.pem
-ssl_options.keyfile    = ${RABBITMQ_TEST_DIR}/certs/server_rabbitmq_key.pem
+ssl_options.cacertfile = ${RABBITMQ_CERTS}/ca_rabbitmq_certificate.pem
+ssl_options.certfile   = ${RABBITMQ_CERTS}/server_rabbitmq_certificate.pem
+ssl_options.keyfile    = ${RABBITMQ_CERTS}/server_rabbitmq_key.pem
 ssl_options.verify     = verify_peer
 ssl_options.fail_if_no_peer_cert = true
 
 management.ssl.port = 15671
-management.ssl.cacertfile = ${RABBITMQ_TEST_DIR}/certs/ca_certificate.pem
-management.ssl.certfile   = ${RABBITMQ_TEST_DIR}/certs/server_rabbitmq_certificate.pem
-management.ssl.keyfile    = ${RABBITMQ_TEST_DIR}/certs/server_rabbitmq_key.pem
+management.ssl.cacertfile = ${RABBITMQ_CERTS}/ca_rabbitmq_certificate.pem
+management.ssl.certfile   = ${RABBITMQ_CERTS}/server_rabbitmq_certificate.pem
+management.ssl.keyfile    = ${RABBITMQ_CERTS}/server_rabbitmq_key.pem
diff --git a/selenium/test/oauth/certs/ca_certificate.pem b/selenium/test/oauth/certs/ca_certificate.pem
deleted file mode 100644
index cd37bea304f5..000000000000
--- a/selenium/test/oauth/certs/ca_certificate.pem
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDezCCAmOgAwIBAgIJAOA06nrAwraBMA0GCSqGSIb3DQEBCwUAMEwxOzA5BgNV
-BAMMMlRMU0dlblNlbGZTaWduZWR0Um9vdENBIDIwMjMtMTEtMTZUMTI6MjQ6NDcu
-Mjg5MDkzMQ0wCwYDVQQHDAQkJCQkMB4XDTIzMTExNjExMjQ0N1oXDTMzMTExMzEx
-MjQ0N1owTDE7MDkGA1UEAwwyVExTR2VuU2VsZlNpZ25lZHRSb290Q0EgMjAyMy0x
-MS0xNlQxMjoyNDo0Ny4yODkwOTMxDTALBgNVBAcMBCQkJCQwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDWJrvvUvpkiAhvIiciuTbFHRMC7VdOXdIM3y3I
-Vt56Voj3dkCVitFcvTc+pkuqoQUaWRTc5M+875CaQSRIDfVyFTIGTyVXv6cZRcoz
-0gcmYvopIJ4Wi5/xG9Qp8uJMtr+UBJ57ez6Urau/L3zETAVZA+y1bTylAlh4tjMH
-I24bvyy4yNQbPtG4y5F9x484fn3H4x7lf6O/Xulcvy8vL1kyc/EgrF4fpjogwj58
-eQ5HLwbAlMRRxXxXX2U5tXlrv475WItp/1mhZ+j2yCMKB4tJ8tXbtpgou0JDtlN0
-8Jwm3+d5a6PxqynmgRAXStZ4Fda93Pa3FJfw1u63JrmOprG9AgMBAAGjYDBeMA8G
-A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBS2Icxjr1ucGCIx
-ikeSG9igJf558jAfBgNVHSMEGDAWgBS2Icxjr1ucGCIxikeSG9igJf558jANBgkq
-hkiG9w0BAQsFAAOCAQEAR0iG00uE2GnoWtaXEHYJTdvBBcStBB8qnRk19Qu/b8qd
-HAhRGb31IiuYzNJxLxhOtXWQMKvsKPAKpPXP3c5XVAf2O156GoXEPkKQktF738Pp
-rRlrQPqU9Qpm84rMC54EB7coxEs7HMx4do/kNaVPdqq++JIEAcWOEVKfudN+8TMR
-XyUJT54jBacsTpAZNfY6boJmuQ+G6tkpQvlHOU6388IFuLPkYRO7h7CHVbDsMEXD
-Ptg3PCK97nCVgs4xfQGR7nT2pawfEUQVMon/XShtXY0RIKpynwrgICHDdvMXRXlG
-a4haA7sz8Wyroy6Ub5+X3s4YRumSQrhiwRzqU+f75A==
------END CERTIFICATE-----
diff --git a/selenium/test/oauth/certs/server_rabbitmq_certificate.pem b/selenium/test/oauth/certs/server_rabbitmq_certificate.pem
deleted file mode 100644
index ef57ff61a411..000000000000
--- a/selenium/test/oauth/certs/server_rabbitmq_certificate.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDxDCCAqygAwIBAgIBDTANBgkqhkiG9w0BAQsFADBMMTswOQYDVQQDDDJUTFNH
-ZW5TZWxmU2lnbmVkdFJvb3RDQSAyMDIzLTExLTE2VDEyOjI0OjQ3LjI4OTA5MzEN
-MAsGA1UEBwwEJCQkJDAeFw0yNDAyMDkwODE3MDFaFw0zNDAyMDYwODE3MDFaMCQx
-ETAPBgNVBAMMCHJhYmJpdG1xMQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQCjxmYRJeYfOnQ91ZSIZsjznnPiy0yukFnapF7Y
-iIXxFCygEnw/hwqSG7ddkvDjNlc6P+K4rEEBmER87mEl0YqvAZ9/C6K4OANJFuD7
-kQYH3Uyt+aXJfeyByAjr8HM/jSHDZm5DpysVlSBMkJGg4sV9h38i0aT27+J0a4xm
-Yb9pH+bbWKn4QflvOQi7IcyZ+PcB54/vCDZRtlypkT/6EuqTXqRHH9wGlYaos+Jo
-XMQDWykYtN2160E1gUwW1OhdRlDHj21Tej9fYObRjb326au4e3ivTPqKYLYsSz0Y
-dcRoM6SjvwGiAC131n2XeHyKTQrMeKOb+TTVHzJZG7iUM5iBAgMBAAGjgdgwgdUw
-CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-AQUFBwMCMCkGA1UdEQQiMCCCCHJhYmJpdG1xgglsb2NhbGhvc3SCCWxvY2FsaG9z
-dDAdBgNVHQ4EFgQUs9vJtNmoNWybsVgMmeRqcPGXRckwHwYDVR0jBBgwFoAUtiHM
-Y69bnBgiMYpHkhvYoCX+efIwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1z
-ZXJ2ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAHxsmfxpoGZg
-AlLu+Y62TQxqp2i+PqLJHuGBdB/93NV3S3P3tlDaqHwYt0mveS7ej+JXhw9wvSZz
-jmejWePL08FXD9KPggRP4/SsG6Adf/5+vcofYR23I7D4y9hsrDqZezCurWZ4LY4X
-dYmIQcI6IwgcjffWhsyt3CEbU+yVg6jrjVWv5sVPi3xZUu/dwpTdrdNzeUIFM8vf
-H3BS8EcLwtaNR4snLJlFIhuDfDv7Ewi1FsmM4zkSe/aHboUNDduI2poRW/EPtbdM
-zD1pVXNh1Q9hkqFCD7l4Vua+JVsA7PWD7yr73pm2ak6GfgjA7Enj0a6KbAfAXLMr
-otRknmbKCUU=
------END CERTIFICATE-----
diff --git a/selenium/test/oauth/certs/server_rabbitmq_key.pem b/selenium/test/oauth/certs/server_rabbitmq_key.pem
deleted file mode 100644
index f5df03f73df8..000000000000
--- a/selenium/test/oauth/certs/server_rabbitmq_key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCjxmYRJeYfOnQ9
-1ZSIZsjznnPiy0yukFnapF7YiIXxFCygEnw/hwqSG7ddkvDjNlc6P+K4rEEBmER8
-7mEl0YqvAZ9/C6K4OANJFuD7kQYH3Uyt+aXJfeyByAjr8HM/jSHDZm5DpysVlSBM
-kJGg4sV9h38i0aT27+J0a4xmYb9pH+bbWKn4QflvOQi7IcyZ+PcB54/vCDZRtlyp
-kT/6EuqTXqRHH9wGlYaos+JoXMQDWykYtN2160E1gUwW1OhdRlDHj21Tej9fYObR
-jb326au4e3ivTPqKYLYsSz0YdcRoM6SjvwGiAC131n2XeHyKTQrMeKOb+TTVHzJZ
-G7iUM5iBAgMBAAECggEAOdYOpW+k3NJfypZqZeEmhiIm+qig4+TGVphFhmJwKrrd
-J4pfpm+iJAb1sm3588N0+nUlM+Jg8pc7WIM2e4yMVVFVaiBJzpS5VE5oFW8Zmh1k
-vuuyyH1X0F08CVZY3NCSY9cAiZO3e1+2kFNdmlt7MuFu3HT8tNfyOPriEiXi2tSA
-qmgUmMql305wYwjIp+mTP8X7YKKdIdCXwPC2E1Kj5SseEc9NYvHdmeJ3nZCVATbS
-h8aP7HB5GpsDMHbnnFzOqPfxIPxYkJ4JqE0iGpw+SMYbIGLVkMEGodpWjBwZiaaI
-EMeJJk3Qs/QvVLDxhSsFXsaLGLgYN0rItYX9dUyroQKBgQDOOLKJ9OPcm3sAWo9e
-byRYegDPPM06Es5s0hF0Pr0u6X8F7fDnpS74XVMlWxZzvXWgZQNwC2nYaGfNpK5t
-E2FxIC0S69W4m1L6sp2sTRLSJo5NiZc4kNVjGvnmgIrNqMhJK8pLOh5xx6/kAbpo
-/lydhtXWP0omw5imFkh3bGQuZwKBgQDLTsCu01OCNuQs0Y9hgW/iHzRpX1aHvp8X
-u8v/AtOS3z5a3WptrLah/HHM5B/4Hh9dW4uljuR0zTsk8dFD8lQ/mdxbXjPGEcN6
-QNe1Md2nV0xAZsW1Xp1iFDomS5xSn+qWDmR0EAXvs0hHMQnX1k7+dp2mK1whRwdM
-z4mv0cZg1wKBgDnuzaFZ7aVs/GoGBt7FpFVCuPV/JDxbSihh/0tD0MvcBrY4uQOq
-cP6O4SvOYglTwTa1CfkxC6Qi+H5Z9DJqTmaEXoVBQYIiCHarNQZRhKcK89EuhQ/8
-CCZWTrwFgnjyIIoFxkfJ5QGb0nrgTWjvhD8wwOP2VbN8IWcPPX5nMeGjAoGBAL7b
-y59T3E2d4k8A3C2ZKcOJr9ZMHhuJJClPr45SxPRYh10eB0+2mC0xpFPIxQpUnPUz
-f8GIh4fvMtrX+LBkyhp7ApbztH75Jh2ayeXcTk1OctLyqCBAFleAzaYtzS7z2XHN
-SRh8AlaoY+4RZ0AsfDP+frkEc5T57Sx6mLNpp2Y5AoGAXG5BGedrCMa44Ugpux41
-saTIlaXUOObxdsGTLMOy1Ppb9LW5yk4kS8ObP3SksjUUZrRUO/BagLukgcaS038/
-AbNDU5lMCmMfwxPN2lulERhaIA1BeVgmOwJYY7nqXkL5Yibu0OXnvvbCkt0eLnp2
-ATZBECwIxNuB9pixRmDhXsM=
------END PRIVATE KEY-----
diff --git a/selenium/test/oauth/env.docker.fakeportal b/selenium/test/oauth/env.docker.fakeportal
index fc6d56f47b3a..685c0c17a056 100644
--- a/selenium/test/oauth/env.docker.fakeportal
+++ b/selenium/test/oauth/env.docker.fakeportal
@@ -1,3 +1,3 @@
 export FAKEPORTAL_URL=http://fakeportal:3000
 export RABBITMQ_HOST_FOR_FAKEPORTAL=${RABBITMQ_HOST}
-export UAA_URL_FOR_FAKEPORTAL=http://uaa:8080
+export UAA_URL_FOR_FAKEPORTAL=https://uaa:8443
diff --git a/selenium/test/oauth/env.docker.fakeproxy b/selenium/test/oauth/env.docker.fakeproxy
index 37d1e5eccd9f..9e9260d2f8d6 100644
--- a/selenium/test/oauth/env.docker.fakeproxy
+++ b/selenium/test/oauth/env.docker.fakeproxy
@@ -1,4 +1,4 @@
 export FAKEPROXY_URL=http://fakeproxy:9090
-export UAA_URL_FOR_FAKEPROXY=http://uaa:8080
+export UAA_URL_FOR_FAKEPROXY=https://uaa:8443
 export RABBITMQ_HOST_FOR_FAKEPROXY=${RABBITMQ_HOST}
 export PUBLIC_RABBITMQ_HOST=fakeproxy:9090
diff --git a/selenium/test/oauth/env.docker.keycloak b/selenium/test/oauth/env.docker.keycloak
index 774a99ff3c9b..b293b57bc2b9 100644
--- a/selenium/test/oauth/env.docker.keycloak
+++ b/selenium/test/oauth/env.docker.keycloak
@@ -1,3 +1,3 @@
 export KEYCLOAK_URL=https://keycloak:8443/realms/test
 export OAUTH_PROVIDER_URL=https://keycloak:8443/realms/test
-export OAUTH_PROVIDER_CA_CERT=/config/oauth/keycloak/ca_certificate.pem
+export OAUTH_PROVIDER_CA_CERT=/config/oauth/keycloak/ca_keycloak_certificate.pem
diff --git a/selenium/test/oauth/env.docker.uaa b/selenium/test/oauth/env.docker.uaa
index afc439185290..df2a89c61371 100644
--- a/selenium/test/oauth/env.docker.uaa
+++ b/selenium/test/oauth/env.docker.uaa
@@ -1 +1 @@
-export UAA_URL=http://uaa:8080
+export UAA_URL=https://uaa:8443
diff --git a/selenium/test/oauth/env.local.fakeportal b/selenium/test/oauth/env.local.fakeportal
index 520c2ce34c42..488f3fd447d8 100644
--- a/selenium/test/oauth/env.local.fakeportal
+++ b/selenium/test/oauth/env.local.fakeportal
@@ -1,3 +1,3 @@
 export FAKEPORTAL_URL=http://localhost:3000
 export RABBITMQ_HOST_FOR_FAKEPORTAL=localhost:15672
-export UAA_URL_FOR_FAKEPORTAL=http://host.docker.internal:8080
+export UAA_URL_FOR_FAKEPORTAL=https://uaa:8443
diff --git a/selenium/test/oauth/env.local.keycloak b/selenium/test/oauth/env.local.keycloak
index 3ff0eb199ea0..ccad940e247b 100644
--- a/selenium/test/oauth/env.local.keycloak
+++ b/selenium/test/oauth/env.local.keycloak
@@ -1,3 +1,3 @@
 export KEYCLOAK_URL=https://localhost:8443/realms/test
 export OAUTH_PROVIDER_URL=https://localhost:8443/realms/test
-export OAUTH_PROVIDER_CA_CERT=selenium/test/oauth/keycloak/ca_certificate.pem
+export OAUTH_PROVIDER_CA_CERT=selenium/test/oauth/keycloak/ca_keycloak_certificate.pem
diff --git a/selenium/test/oauth/env.local.uaa b/selenium/test/oauth/env.local.uaa
index 40d8bf716099..9caac0c8f537 100644
--- a/selenium/test/oauth/env.local.uaa
+++ b/selenium/test/oauth/env.local.uaa
@@ -1 +1 @@
-export UAA_URL=http://localhost:8080
+export UAA_URL=https://localhost:8443
diff --git a/selenium/test/oauth/keycloak/ca_certificate.pem b/selenium/test/oauth/keycloak/ca_certificate.pem
deleted file mode 100644
index cd37bea304f5..000000000000
--- a/selenium/test/oauth/keycloak/ca_certificate.pem
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDezCCAmOgAwIBAgIJAOA06nrAwraBMA0GCSqGSIb3DQEBCwUAMEwxOzA5BgNV
-BAMMMlRMU0dlblNlbGZTaWduZWR0Um9vdENBIDIwMjMtMTEtMTZUMTI6MjQ6NDcu
-Mjg5MDkzMQ0wCwYDVQQHDAQkJCQkMB4XDTIzMTExNjExMjQ0N1oXDTMzMTExMzEx
-MjQ0N1owTDE7MDkGA1UEAwwyVExTR2VuU2VsZlNpZ25lZHRSb290Q0EgMjAyMy0x
-MS0xNlQxMjoyNDo0Ny4yODkwOTMxDTALBgNVBAcMBCQkJCQwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDWJrvvUvpkiAhvIiciuTbFHRMC7VdOXdIM3y3I
-Vt56Voj3dkCVitFcvTc+pkuqoQUaWRTc5M+875CaQSRIDfVyFTIGTyVXv6cZRcoz
-0gcmYvopIJ4Wi5/xG9Qp8uJMtr+UBJ57ez6Urau/L3zETAVZA+y1bTylAlh4tjMH
-I24bvyy4yNQbPtG4y5F9x484fn3H4x7lf6O/Xulcvy8vL1kyc/EgrF4fpjogwj58
-eQ5HLwbAlMRRxXxXX2U5tXlrv475WItp/1mhZ+j2yCMKB4tJ8tXbtpgou0JDtlN0
-8Jwm3+d5a6PxqynmgRAXStZ4Fda93Pa3FJfw1u63JrmOprG9AgMBAAGjYDBeMA8G
-A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBS2Icxjr1ucGCIx
-ikeSG9igJf558jAfBgNVHSMEGDAWgBS2Icxjr1ucGCIxikeSG9igJf558jANBgkq
-hkiG9w0BAQsFAAOCAQEAR0iG00uE2GnoWtaXEHYJTdvBBcStBB8qnRk19Qu/b8qd
-HAhRGb31IiuYzNJxLxhOtXWQMKvsKPAKpPXP3c5XVAf2O156GoXEPkKQktF738Pp
-rRlrQPqU9Qpm84rMC54EB7coxEs7HMx4do/kNaVPdqq++JIEAcWOEVKfudN+8TMR
-XyUJT54jBacsTpAZNfY6boJmuQ+G6tkpQvlHOU6388IFuLPkYRO7h7CHVbDsMEXD
-Ptg3PCK97nCVgs4xfQGR7nT2pawfEUQVMon/XShtXY0RIKpynwrgICHDdvMXRXlG
-a4haA7sz8Wyroy6Ub5+X3s4YRumSQrhiwRzqU+f75A==
------END CERTIFICATE-----
diff --git a/selenium/test/oauth/keycloak/openssl.cnf.in b/selenium/test/oauth/keycloak/openssl.cnf.in
new file mode 100644
index 000000000000..5ac3282046c5
--- /dev/null
+++ b/selenium/test/oauth/keycloak/openssl.cnf.in
@@ -0,0 +1,3 @@
+[ client_alt_names ]
+email.1 = rabbit_client@localhost
+URI.1 = rabbit_client_id_uri
diff --git a/selenium/test/oauth/keycloak/server_keycloak_certificate.pem b/selenium/test/oauth/keycloak/server_keycloak_certificate.pem
deleted file mode 100644
index 242c153987b7..000000000000
--- a/selenium/test/oauth/keycloak/server_keycloak_certificate.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID0zCCArugAwIBAgIBAzANBgkqhkiG9w0BAQsFADBMMTswOQYDVQQDDDJUTFNH
-ZW5TZWxmU2lnbmVkdFJvb3RDQSAyMDIzLTExLTE2VDEyOjI0OjQ3LjI4OTA5MzEN
-MAsGA1UEBwwEJCQkJDAeFw0yMzExMTYxMTI0NDhaFw0zMzExMTMxMTI0NDhaMCQx
-ETAPBgNVBAMMCGtleWNsb2FrMQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDso0G4gflW5HDiBuwrjvyYy3rUx/24IxHQzZMT
-7o1qoXA/h8C0kUX7aS6XFij8hCNHdNG0GL/QPifKxwiW8JIK2Xpy6jdxDzooHaDU
-+Tyk8BDFYnQtXaMsqb5zXJ/P4u8bjBP4X2+/gnbNF/1yyOZxpRObrWxX+C2IJ+vy
-ruh+TCEqokJ5jE+m6GPgiqx56bytXX0KLhuI7jXT60NKGqNVCV8qn5fO4z/fh6FY
-tFxRc0QHy48YHBFo+I+R9nW4xq+0pbctnjTzlfRxHYEWvnsrptc4AOa6b49HSShf
-qmkxgVn3G/U5Gmtzu2IjPWfGVwRjBo4hhoeG/fV9FMhqz6fjAgMBAAGjgecwgeQw
-CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-AQUFBwMCMDgGA1UdEQQxMC+CCGtleWNsb2Frghhtcm9zYWxlczBMVkRRLnZtd2Fy
-ZS5jb22CCWxvY2FsaG9zdDAdBgNVHQ4EFgQUwxjubJIZkvDwv9aDtdNcDcfmSSQw
-HwYDVR0jBBgwFoAUtiHMY69bnBgiMYpHkhvYoCX+efIwMQYDVR0fBCowKDAmoCSg
-IoYgaHR0cDovL2NybC1zZXJ2ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQEL
-BQADggEBAFmcToMQTRER97Mk5CK3qopzdFveJWHgyAHh35DQdCxtBadOXmC3n82p
-dumNOKhSFNx6Hre38cQHBIuir2g4dvalfN7PwDttdi7TRPGS30bAbA4/VWtld9bt
-66QDSh5Obsuq23dA9eEs34GfggXpTyBSyX4AWsHOmUpeoYSJEsUmxoMAgezu0p8r
-kgOJQ0j63vG4S7jHMvtKHNG5LMTvIUk8FNW6SA/7AhJxmzEQiBFXMghenEqd682u
-TpeRHe6+/Nyge1B1FYUgDVbaZ2/694tdT3V3tFvKhqbTZrKMdFJRpiMUjgfs1GzI
-+NhzvUTa6MbV1ZgeXv3YmU+diCgiTmk=
------END CERTIFICATE-----
diff --git a/selenium/test/oauth/keycloak/server_keycloak_key.pem b/selenium/test/oauth/keycloak/server_keycloak_key.pem
deleted file mode 100644
index fb461404eea9..000000000000
--- a/selenium/test/oauth/keycloak/server_keycloak_key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDso0G4gflW5HDi
-BuwrjvyYy3rUx/24IxHQzZMT7o1qoXA/h8C0kUX7aS6XFij8hCNHdNG0GL/QPifK
-xwiW8JIK2Xpy6jdxDzooHaDU+Tyk8BDFYnQtXaMsqb5zXJ/P4u8bjBP4X2+/gnbN
-F/1yyOZxpRObrWxX+C2IJ+vyruh+TCEqokJ5jE+m6GPgiqx56bytXX0KLhuI7jXT
-60NKGqNVCV8qn5fO4z/fh6FYtFxRc0QHy48YHBFo+I+R9nW4xq+0pbctnjTzlfRx
-HYEWvnsrptc4AOa6b49HSShfqmkxgVn3G/U5Gmtzu2IjPWfGVwRjBo4hhoeG/fV9
-FMhqz6fjAgMBAAECggEBAM4lGqelcpUjxMLizPLVSW/CM2sSHhE/W9HOhIYklsWB
-hcuSc2nZ9GEkLBYqk+IHKsShG94MgWzj+L5JzU3QnSkec/GP4GR5o2w3A1kFFrOI
-/tM1BYhPvkq2RNcypXXwd+RDj1Ibsbnf6aaZc41/PmFaMU65MV0hMmkefgmYHamG
-86kdCX1vZ2NwJWL1ALAf2rRb30QWl+W+/qDnDZ1qdxVbok8106HXBB3uXhLyaBIR
-t9lGUqOoh3bdNsvPmma6T5y1cEXwcsVtfxB+myxils0XD0HsGa5FBGARh7/6jPeV
-zs9nvcwVvruNGb4k4T6yEz0JutaFSgmWjAMu2pe5i4ECgYEA+k8mvt9JVmqqKLHv
-Vr8BcLT2JK0/rrblth4fDiyZzKixaGnlZuXWOhiQF9+0lAk0zZjLXDZr6dWE/gMK
-ZyRj1xrmB37f6/Z6F9M4r/n3RjzINkD6D5sA+Gg5nR6+nh7gNq3J6F33ZUaODeBh
-EyTMXh7RT+Ug1G9BFg81tl0sNfECgYEA8gSI5otRI6i4zUZFg0ziwoIWJpdEyWwb
-q7UgYzn8N8LprVibwkhnjfXysbulo/7gvRZ+uCw702xUfv1uyEKc5PHmOer4ElRU
-iYdJeZblbrlk6eyOFEqucovPte82YnqFIQn6KJqNLKlG2KHIsYX1igVyGbMB2Pp/
-4iE32HefFxMCgYAEtJg13lyyky6/tRiauNx+EejOp7MaxbVrxwUubwg1ILa1D8iQ
-NqHgVbXfvQTYA5RKiSTJhvxgWPM3EzeO2NBHqunIGkp7VRbWe9IE/N35JAtfebk5
-seBCyzLKEVnj/xCX9oxlId8UuE7TU/R/N6Hf4xRsPBJx6+V9VKvd0cKTAQKBgCZU
-6Yn6TuOi+YIpuyDMsK22BOQf2Vk9sjRD/9k3eecrC+/UtPbUmPI3HjVgTx/mYpoQ
-UgnBl8goxElIwp8dTdRFK/3IZXohuTH/J3gGmlgrLPyP5wD3wyGJW2CpfqeiWCuf
-dOuxbuK//OSa2zqiyP0PV78SRxyisFaUhE/Ywm3ZAoGAYwa5t5kdPjVqtxRAsDuX
-itQM5qEqLZIYlN7ehKPn8okTCc761ddaI/+fluH5S4YCo21itq38UssAjp6vbwpy
-lHhvP03bpo63iz4RYwKDNEh2HD3z/a9eteColtXU8lPpfky360AwGQ1Bx7RaGGas
-ttPmhm+mk3G6fRHYvk6rtJY=
------END PRIVATE KEY-----
diff --git a/selenium/test/oauth/rabbitmq.tls.conf b/selenium/test/oauth/rabbitmq.tls.conf
index 61107323c637..4dd4a1c886a2 100644
--- a/selenium/test/oauth/rabbitmq.tls.conf
+++ b/selenium/test/oauth/rabbitmq.tls.conf
@@ -2,13 +2,13 @@ auth_backends.1 = rabbit_auth_backend_oauth2
 
 listeners.ssl.1 = 5671
 
-ssl_options.cacertfile = ${RABBITMQ_TEST_DIR}/certs/ca_certificate.pem
-ssl_options.certfile   = ${RABBITMQ_TEST_DIR}/certs/server_rabbitmq_certificate.pem
-ssl_options.keyfile    = ${RABBITMQ_TEST_DIR}/certs/server_rabbitmq_key.pem
+ssl_options.cacertfile = ${RABBITMQ_CERTS}/ca_rabbitmq_certificate.pem
+ssl_options.certfile   = ${RABBITMQ_CERTS}/server_rabbitmq_certificate.pem
+ssl_options.keyfile    = ${RABBITMQ_CERTS}/server_rabbitmq_key.pem
 ssl_options.verify     = verify_peer
 ssl_options.fail_if_no_peer_cert = true
 
 management.ssl.port = 15671
-management.ssl.cacertfile = ${RABBITMQ_TEST_DIR}/certs/ca_certificate.pem
-management.ssl.certfile   = ${RABBITMQ_TEST_DIR}/certs/server_rabbitmq_certificate.pem
-management.ssl.keyfile    = ${RABBITMQ_TEST_DIR}/certs/server_rabbitmq_key.pem
+management.ssl.cacertfile = ${RABBITMQ_CERTS}/ca_rabbitmq_certificate.pem
+management.ssl.certfile   = ${RABBITMQ_CERTS}/server_rabbitmq_certificate.pem
+management.ssl.keyfile    = ${RABBITMQ_CERTS}/server_rabbitmq_key.pem
diff --git a/selenium/test/oauth/uaa/server.xml b/selenium/test/oauth/uaa/server.xml
new file mode 100644
index 000000000000..f86407ddf87a
--- /dev/null
+++ b/selenium/test/oauth/uaa/server.xml
@@ -0,0 +1,43 @@
+<?xml version='1.0' encoding='utf-8'?>
+<Server port="-1">
+    <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+    <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+    <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+    <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+    <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+    <Service name="Catalina">
+    <Connector class="org.apache.coyote.http11.Http11NioProtocol" protocol="HTTP/1.1" connectionTimeout="20000"
+                scheme="https"
+                port="8443"
+                SSLEnabled="true"
+                sslEnabledProtocols="TLSv1.2"
+                ciphers="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+                secure="true"
+                clientAuth="false"
+                sslProtocol="TLS"
+                keystoreFile="/uaa/server_uaa.jks"
+                keystoreType="PKCS12"
+                keyAlias="server-uaa-tls"
+                keystorePass="foobar"
+                bindOnInit="false"/>
+    <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
+                connectionTimeout="20000"
+                port="8989"
+                address="127.0.0.1"
+                bindOnInit="true"/>
+    <Engine name="Catalina" defaultHost="localhost">
+        <Host name="localhost"
+            appBase="webapps"
+            unpackWARs="true"
+            autoDeploy="false"
+            failCtxIfServletStartFails="true">
+        <Valve className="org.apache.catalina.valves.RemoteIpValve"
+                remoteIpHeader="x-forwarded-for"
+                protocolHeader="x-forwarded-proto"
+                internalProxies="10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}"/>
+        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+                prefix="localhost_access" suffix=".log" rotatable="false" pattern="%h %l %u %t &quot;%r&quot; %s %b"/>
+        </Host>
+    </Engine>
+    </Service>
+</Server>
\ No newline at end of file
diff --git a/selenium/test/oauth/uaa/uaa.yml b/selenium/test/oauth/uaa/uaa.yml
index 546a78402f2a..45863216883f 100644
--- a/selenium/test/oauth/uaa/uaa.yml
+++ b/selenium/test/oauth/uaa/uaa.yml
@@ -1,3 +1,6 @@
+require_https: true
+https_port: 8443
+
 logging:
   config: /uaa/log4j2.properties