cloudfoundry · jorbaum · Feb 17, 2026 · Feb 17, 2026 · Feb 23, 2026 · Feb 23, 2026
diff --git a/README.md b/README.md
@@ -298,6 +298,10 @@ Name | Description
 `TEST_PROXY_USERNAME` | _(Optional)_ The username for a proxy to route all requests through
 `TEST_SKIPSSLVALIDATION` | _(Optional)_ Whether to skip SSL validation when connecting to the Cloud Foundry instance.  Defaults to `false`.
 `UAA_API_REQUEST_LIMIT` | _(Optional)_ If your UAA server does rate limiting and returns 429 errors, set this variable to the smallest limit configured there. Whether your server limits UAA calls is shown in the log, together with the location of the configuration file on the server. Defaults to `0` (no limit).
+`SKIP_BROWSER_AUTH_TESTS` | _(Optional)_ Set to `true` to skip integration tests that require browser-based authentication (e.g., SSO tests). Useful when the Cloud Foundry instance does not support browser-based authentication or when running tests in a non-interactive environment. Defaults to `false`.
+`SKIP_METRIC_REGISTRAR_TESTS` | _(Optional)_ Set to `true` to skip integration tests that require the Metric Registrar service (e.g., MetricRegistrarTest). Useful when the Cloud Foundry instance does not have the Metric Registrar service available. Defaults to `false`.
+`SKIP_TCP_ROUTING_TESTS` | _(Optional)_ Set to `true` to skip TCP routing integration tests (TcpRoutesTest, RouterGroupsTest). Useful when the Cloud Foundry instance does not have TCP routing configured (i.e., no `routing_endpoint` in the info payload). Defaults to `false`.
+`SKIP_V2_TESTS` | _(Optional)_ Set to `true` to skip all V2 API integration tests. Useful when the Cloud Foundry V2 API is rate-limited or unavailable. When enabled, tests annotated with `@RequiresV2Api` will be skipped, including V3 tests that depend on V2 API calls (e.g., service broker creation). Defaults to `false`.
 
 If you do not have access to a CloudFoundry instance with admin access, you can run one locally using [bosh-deployment](https://github.com/cloudfoundry/bosh-deployment) & [cf-deployment](https://github.com/cloudfoundry/cf-deployment/) and Virtualbox.
 

diff --git a/...client-reactor/src/test/java/org/cloudfoundry/reactor/uaa/clients/ReactorClientsTest.java b/...client-reactor/src/test/java/org/cloudfoundry/reactor/uaa/clients/ReactorClientsTest.java
@@ -24,6 +24,7 @@
 import static io.netty.handler.codec.http.HttpResponseStatus.OK;
 import static org.cloudfoundry.uaa.tokens.GrantType.AUTHORIZATION_CODE;
 import static org.cloudfoundry.uaa.tokens.GrantType.CLIENT_CREDENTIALS;
+import static org.cloudfoundry.uaa.tokens.GrantType.JWT_BEARER;
 import static org.cloudfoundry.uaa.tokens.GrantType.REFRESH_TOKEN;
 
 import java.time.Duration;
@@ -620,6 +621,7 @@ void get() {
                                 .allowedProviders("uaa", "ldap", "my-saml-provider")
                                 .authorities("clients.read", "clients.write")
                                 .authorizedGrantType(CLIENT_CREDENTIALS)
+                                .authorizedGrantType(JWT_BEARER)
                                 .autoApprove("true")
                                 .clientId("4Z3t1r")
                                 .lastModified(1468364445592L)

diff --git a/...or/src/test/java/org/cloudfoundry/reactor/uaa/identityzones/ReactorIdentityZonesTest.java b/...or/src/test/java/org/cloudfoundry/reactor/uaa/identityzones/ReactorIdentityZonesTest.java
@@ -832,6 +832,8 @@ void list() {
                                                                                             + " /passcode)")
                                                                                 .build())
                                                                 .ldapDiscoveryEnabled(false)
+                                                                .defaultIdentityProvider(
+                                                                        "test-identity-provider")
                                                                 .accountChooserEnabled(false)
                                                                 .build())
                                                 .name("The Twiglet Zone")

diff --git a/...est/java/org/cloudfoundry/reactor/uaa/serverinformation/ReactorServerInformationTest.java b/...est/java/org/cloudfoundry/reactor/uaa/serverinformation/ReactorServerInformationTest.java
@@ -151,6 +151,7 @@ void getInfo() {
                                 .showLoginLinks(true)
                                 .timestamp("2017-09-08T23:11:58+0000")
                                 .zoneName("uaa")
+                                .defaultIdpName("test-idp-name")
                                 .build())
                 .expectComplete()
                 .verify(Duration.ofSeconds(5));

diff --git a/cloudfoundry-client-reactor/src/test/resources/fixtures/uaa/clients/GET_{id}_response.json b/cloudfoundry-client-reactor/src/test/resources/fixtures/uaa/clients/GET_{id}_response.json
@@ -8,7 +8,8 @@
     "none"
   ],
   "authorized_grant_types": [
-    "client_credentials"
+    "client_credentials",
+    "urn:ietf:params:oauth:grant-type:jwt-bearer"
   ],
   "redirect_uri": [
     "http*://ant.path.wildcard/**/passback/*",

diff --git a/cloudfoundry-client-reactor/src/test/resources/fixtures/uaa/identity-zones/GET_response.json b/cloudfoundry-client-reactor/src/test/resources/fixtures/uaa/identity-zones/GET_response.json
@@ -97,6 +97,7 @@
           "text": "One Time Code (Get on at /passcode)"
         }
       ],
+      "defaultIdentityProvider": "test-identity-provider",
       "idpDiscoveryEnabled": false,
       "accountChooserEnabled": false
     },

diff --git a/cloudfoundry-client-reactor/src/test/resources/fixtures/uaa/info/GET_response.json b/cloudfoundry-client-reactor/src/test/resources/fixtures/uaa/info/GET_response.json
@@ -30,5 +30,6 @@
       "One Time Code ( Get one at http://localhost:8080/uaa/passcode )"
     ]
   },
-  "timestamp": "2017-09-08T23:11:58+0000"
+  "timestamp": "2017-09-08T23:11:58+0000",
+  "defaultIdpName": "test-idp-name"
 }
diff --git a/...y-client/src/main/java/org/cloudfoundry/uaa/identityzones/_IdentityZoneConfiguration.java b/...y-client/src/main/java/org/cloudfoundry/uaa/identityzones/_IdentityZoneConfiguration.java
@@ -65,6 +65,13 @@ abstract class _IdentityZoneConfiguration {
     @Nullable
     abstract CorsPolicy getCorsPolicy();
 
+    /**
+     * The default identity provider for this zone
+     */
+    @JsonProperty("defaultIdentityProvider")
+    @Nullable
+    abstract String getDefaultIdentityProvider();
+
     /**
      * The issuer of this zone
      */

diff --git a/...foundry-client/src/main/java/org/cloudfoundry/uaa/serverinformation/_GetInfoResponse.java b/...foundry-client/src/main/java/org/cloudfoundry/uaa/serverinformation/_GetInfoResponse.java
@@ -93,4 +93,12 @@ abstract class _GetInfoResponse {
     @Nullable
     abstract String getZoneName();
 
+    /**
+     * The default identity provider name
+     */
+    @JsonProperty("defaultIdpName")
+    @Nullable
+    abstract String getDefaultIdpName();
+
+
 }
diff --git a/cloudfoundry-client/src/main/java/org/cloudfoundry/uaa/tokens/GrantType.java b/cloudfoundry-client/src/main/java/org/cloudfoundry/uaa/tokens/GrantType.java
@@ -39,6 +39,11 @@ public enum GrantType {
      */
     IMPLICIT("implicit"),
 
+    /**
+     * The JWT bearer grant type
+     */
+    JWT_BEARER("urn:ietf:params:oauth:grant-type:jwt-bearer"),
+
     /**
      * The password grant type
      */
@@ -68,6 +73,8 @@ public static GrantType from(String s) {
                 return PASSWORD;
             case "refresh_token":
                 return REFRESH_TOKEN;
+            case "urn:ietf:params:oauth:grant-type:jwt-bearer":
+                return JWT_BEARER;
             default:
                 throw new IllegalArgumentException(String.format("Unknown grant type: %s", s));
         }

diff --git a/integration-test/src/test/java/org/cloudfoundry/CloudFoundryCleaner.java b/integration-test/src/test/java/org/cloudfoundry/CloudFoundryCleaner.java
@@ -76,6 +76,7 @@
 import org.cloudfoundry.client.v3.Metadata;
 import org.cloudfoundry.client.v3.Relationship;
 import org.cloudfoundry.client.v3.applications.Application;
+import org.cloudfoundry.client.v3.applications.ApplicationResource;
 import org.cloudfoundry.client.v3.applications.DeleteApplicationRequest;
 import org.cloudfoundry.client.v3.applications.ListApplicationsRequest;
 import org.cloudfoundry.client.v3.serviceinstances.ListSharedSpacesRelationshipRequest;
@@ -129,6 +130,12 @@ final class CloudFoundryCleaner implements InitializingBean, DisposableBean {
 
     private static final Logger LOGGER = LoggerFactory.getLogger("cloudfoundry-client.test");
 
+    private static final boolean RUN_V2_CLEANUP = isRunV2Tests();
+
+    private static boolean isRunV2Tests() {
+        return !"true".equalsIgnoreCase(System.getenv("SKIP_V2_TESTS"));
+    }
+
     private static final Map<String, Boolean> STANDARD_FEATURE_FLAGS =
             FluentMap.<String, Boolean>builder()
                     .entry("app_bits_upload", true)
@@ -186,6 +193,32 @@ public void destroy() {
     }
 
     void clean() {
+        if (!RUN_V2_CLEANUP) {
+            LOGGER.info("Skipping V2 API cleanup operations (SKIP_V2_TESTS=true)");
+            // Only run V3 and UAA cleanup operations
+            Flux.empty()
+                    .thenMany(
+                            Mono.when( // No prerequisites - V3/UAA only
+                                    cleanClients(this.uaaClient, this.nameFactory),
+                                    cleanGroups(this.uaaClient, this.nameFactory),
+                                    cleanIdentityProviders(this.uaaClient, this.nameFactory),
+                                    cleanIdentityZones(this.uaaClient, this.nameFactory),
+                                    cleanUsersV3(this.cloudFoundryClient, this.nameFactory)))
+                    .thenMany(
+                            Mono.when(
+                                    cleanApplicationsV3(
+                                            this.cloudFoundryClient,
+                                            this.nameFactory,
+                                            false), // runV2Calls = false (V3-only path)
+                                    cleanUsers(this.uaaClient, this.nameFactory)))
+                    .retryWhen(Retry.max(5).filter(SSLException.class::isInstance))
+                    .doOnSubscribe(s -> LOGGER.debug(">> CLEANUP (V3 only) <<"))
+                    .doOnComplete(() -> LOGGER.debug("<< CLEANUP (V3 only) >>"))
+                    .then()
+                    .block(Duration.ofMinutes(30));
+            return;
+        }
+
         Flux.empty()
                 .thenMany(
                         Mono.when( // Before Routes
@@ -218,7 +251,8 @@ void clean() {
                         Mono.when(
                                 cleanApplicationsV3(
                                         this.cloudFoundryClient,
-                                        this.nameFactory), // After Routes, cannot run with
+                                        this.nameFactory,
+                                        true), // After Routes, cannot run with
                                 // other cleanApps
                                 cleanUsers(this.uaaClient, this.nameFactory) // After CF Users
                                 ))
@@ -241,32 +275,43 @@ void clean() {
     }
 
     private static Flux<Void> cleanApplicationsV3(
-            CloudFoundryClient cloudFoundryClient, NameFactory nameFactory) {
-        return PaginationUtils.requestClientV3Resources(
-                        page ->
-                                cloudFoundryClient
-                                        .applicationsV3()
-                                        .list(ListApplicationsRequest.builder().page(page).build()))
-                .filter(application -> nameFactory.isApplicationName(application.getName()))
-                .delayUntil(
-                        application ->
-                                removeApplicationServiceBindings(cloudFoundryClient, application))
-                .flatMap(
-                        application ->
-                                cloudFoundryClient
-                                        .applicationsV3()
-                                        .delete(
-                                                DeleteApplicationRequest.builder()
-                                                        .applicationId(application.getId())
-                                                        .build())
-                                        .then()
-                                        .doOnError(
-                                                t ->
-                                                        LOGGER.error(
-                                                                "Unable to delete V3 application"
-                                                                        + " {}",
-                                                                application.getName(),
-                                                                t)));
+            CloudFoundryClient cloudFoundryClient, NameFactory nameFactory, boolean runV2Calls) {
+        Flux<ApplicationResource> apps =
+                PaginationUtils.requestClientV3Resources(
+                                page ->
+                                        cloudFoundryClient
+                                                .applicationsV3()
+                                                .list(
+                                                        ListApplicationsRequest.builder()
+                                                                .page(page)
+                                                                .build()))
+                        .filter(
+                                application ->
+                                        nameFactory.isApplicationName(application.getName()));
+
+        if (runV2Calls) {
+            apps =
+                    apps.delayUntil(
+                            application ->
+                                    removeApplicationServiceBindings(
+                                            cloudFoundryClient, application));
+        }
+
+        return apps.flatMap(
+                application ->
+                        cloudFoundryClient
+                                .applicationsV3()
+                                .delete(
+                                        DeleteApplicationRequest.builder()
+                                                .applicationId(application.getId())
+                                                .build())
+                                .then()
+                                .doOnError(
+                                        t ->
+                                                LOGGER.error(
+                                                        "Unable to delete V3 application" + " {}",
+                                                        application.getName(),
+                                                        t)));
     }
 
     private static Flux<Void> cleanBuildpacks(

diff --git a/integration-test/src/test/java/org/cloudfoundry/IntegrationTestConfiguration.java b/integration-test/src/test/java/org/cloudfoundry/IntegrationTestConfiguration.java
@@ -85,6 +85,7 @@
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.DependsOn;
@@ -350,6 +351,7 @@ RandomNameFactory nameFactory() {
 
     @Bean(initMethod = "block")
     @DependsOn("cloudFoundryCleaner")
+    @ConditionalOnProperty(name = "SKIP_V2_TESTS", havingValue = "false", matchIfMissing = true)
     Mono<String> metricRegistrarServiceInstance(
             CloudFoundryClient cloudFoundryClient, Mono<String> spaceId, NameFactory nameFactory) {
         return spaceId.flatMap(
@@ -377,6 +379,7 @@ NetworkingClient networkingClient(
 
     @Bean(initMethod = "block")
     @DependsOn("cloudFoundryCleaner")
+    @ConditionalOnProperty(name = "SKIP_V2_TESTS", havingValue = "false", matchIfMissing = true)
     Mono<String> organizationId(
             CloudFoundryClient cloudFoundryClient,
             String organizationName,
@@ -516,6 +519,7 @@ String serviceName(NameFactory nameFactory) {
 
     @Bean(initMethod = "block")
     @DependsOn("cloudFoundryCleaner")
+    @ConditionalOnProperty(name = "SKIP_V2_TESTS", havingValue = "false", matchIfMissing = true)
     Mono<String> spaceId(
             CloudFoundryClient cloudFoundryClient, Mono<String> organizationId, String spaceName) {
         return organizationId
@@ -542,6 +546,7 @@ String spaceName(NameFactory nameFactory) {
 
     @Bean(initMethod = "block")
     @DependsOn("cloudFoundryCleaner")
+    @ConditionalOnProperty(name = "SKIP_V2_TESTS", havingValue = "false", matchIfMissing = true)
     Mono<String> stackId(CloudFoundryClient cloudFoundryClient, Mono<String> stackName) {
         return stackName
                 .flux()
@@ -570,6 +575,7 @@ Mono<String> stackId(CloudFoundryClient cloudFoundryClient, Mono<String> stackNa
      */
     @Bean(initMethod = "block")
     @DependsOn("cloudFoundryCleaner")
+    @ConditionalOnProperty(name = "SKIP_V2_TESTS", havingValue = "false", matchIfMissing = true)
     Mono<String> stackName(CloudFoundryClient cloudFoundryClient) {
         return PaginationUtils.requestClientV2Resources(
                         page ->
@@ -587,6 +593,7 @@ Mono<String> stackName(CloudFoundryClient cloudFoundryClient) {
     @Lazy
     @Bean(initMethod = "block")
     @DependsOn("cloudFoundryCleaner")
+    @ConditionalOnProperty(name = "SKIP_V2_TESTS", havingValue = "false", matchIfMissing = true)
     Mono<ApplicationUtils.ApplicationMetadata> testLogCacheApp(
             CloudFoundryClient cloudFoundryClient,
             Mono<String> spaceId,
@@ -621,8 +628,14 @@ String testLogCacheAppName(NameFactory nameFactory) {
         return nameFactory.getApplicationName();
     }
 
+    @Bean
+    String testLogCacheAppGuid() {
+        return System.getenv("TEST_LOGCACHE_APP_GUID");
+    }
+
     @Lazy
     @Bean
+    @ConditionalOnProperty(name = "SKIP_V2_TESTS", havingValue = "false", matchIfMissing = true)
     TestLogCacheEndpoints testLogCacheEndpoints(
             ConnectionContext connectionContext,
             TokenProvider tokenProvider,

diff --git a/integration-test/src/test/java/org/cloudfoundry/RequiresBrowserAuth.java b/integration-test/src/test/java/org/cloudfoundry/RequiresBrowserAuth.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2026 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.cloudfoundry;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.junit.jupiter.api.extension.ConditionEvaluationResult;
+import org.junit.jupiter.api.extension.ExecutionCondition;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.api.extension.ExtensionContext;
+
+/**
+ * Annotation to mark tests that require browser-based authentication (e.g., OAuth
+ * authorization code grants, implicit grants). Tests annotated with this will be skipped
+ * if the environment variable {@code SKIP_BROWSER_AUTH_TESTS} is set to "true".
+ *
+ * <p>Usage:
+ * <pre>
+ * &#64;RequiresBrowserAuth
+ * public class MyAuthTest extends AbstractIntegrationTest {
+ *     // ...
+ * }
+ * </pre>
+ *
+ * <p>To skip browser auth tests, set the environment variable:
+ * <pre>
+ * export SKIP_BROWSER_AUTH_TESTS=true
+ * </pre>
+ */
+@Target({ElementType.METHOD, ElementType.TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+@Inherited
+@ExtendWith(RequiresBrowserAuth.BrowserAuthCondition.class)
+public @interface RequiresBrowserAuth {
+
+    /**
+     * JUnit 5 ExecutionCondition that checks if Browser Auth tests should be skipped.
+     */
+    class BrowserAuthCondition implements ExecutionCondition {
+
+        private static final String SKIP_BROWSER_AUTH_ENV = "SKIP_BROWSER_AUTH_TESTS";
+
+        @Override
+        public ConditionEvaluationResult evaluateExecutionCondition(ExtensionContext context) {
+            if ("true".equalsIgnoreCase(System.getenv(SKIP_BROWSER_AUTH_ENV))) {
+                return ConditionEvaluationResult.disabled(
+                        "Tests requiring Browser Authentication are disabled via "
+                                + SKIP_BROWSER_AUTH_ENV
+                                + " environment variable");
+            }
+
+            return ConditionEvaluationResult.enabled("Browser authentication tests are enabled");
+        }
+    }
+}