Skip checking for the reserved realm (#76687) (#77126)

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

x-pack/test/api_integration/apis/security/basic_login.js

@@ -148,11 +148,8 @@ export default function ({ getService }) {
       ]);
       expect(apiResponse.body.username).to.be(validUsername);
       expect(apiResponse.body.authentication_provider).to.eql('__http__');
-      expect(apiResponse.body.authentication_realm).to.eql({
-        name: 'reserved',
-        type: 'reserved',
-      });
       expect(apiResponse.body.authentication_type).to.be('realm');
+      // Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
     });
 
     describe('with session cookie', () => {
@@ -197,11 +194,8 @@ export default function ({ getService }) {
         ]);
         expect(apiResponse.body.username).to.be(validUsername);
         expect(apiResponse.body.authentication_provider).to.eql('basic');
-        expect(apiResponse.body.authentication_realm).to.eql({
-          name: 'reserved',
-          type: 'reserved',
-        });
         expect(apiResponse.body.authentication_type).to.be('realm');
+        // Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
       });
 
       it('should extend cookie on every successful non-system API call', async () => {

x-pack/test/kerberos_api_integration/apis/security/kerberos_login.ts

@@ -79,9 +79,9 @@ export default function ({ getService }: FtrProviderContext) {
         .expect(200);
 
       expect(user.username).to.eql(username);
-      expect(user.authentication_realm).to.eql({ name: 'reserved', type: 'reserved' });
       expect(user.authentication_provider).to.eql('basic');
       expect(user.authentication_type).to.eql('realm');
+      // Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
     });
 
     describe('initiating SPNEGO', () => {

x-pack/test/login_selector_api_integration/apis/login_selector.ts

@@ -36,7 +36,7 @@ export default function ({ getService }: FtrProviderContext) {
     sessionCookie: Cookie,
     username: string,
     providerName: string,
-    authenticationRealm: { name: string; type: string },
+    authenticationRealm: { name: string; type: string } | null,
     authenticationType: string
   ) {
     expect(sessionCookie.key).to.be('sid');
@@ -67,7 +67,9 @@ export default function ({ getService }: FtrProviderContext) {
 
     expect(apiResponse.body.username).to.be(username);
     expect(apiResponse.body.authentication_provider).to.be(providerName);
-    expect(apiResponse.body.authentication_realm).to.eql(authenticationRealm);
+    if (authenticationRealm) {
+      expect(apiResponse.body.authentication_realm).to.eql(authenticationRealm);
+    }
     expect(apiResponse.body.authentication_type).to.be(authenticationType);
   }
 
@@ -228,16 +230,9 @@ export default function ({ getService }: FtrProviderContext) {
           const basicSessionCookie = request.cookie(
             basicAuthenticationResponse.headers['set-cookie'][0]
           )!;
-          await checkSessionCookie(
-            basicSessionCookie,
-            'elastic',
-            'basic1',
-            {
-              name: 'reserved',
-              type: 'reserved',
-            },
-            'realm'
-          );
+          // Skip auth provider check since this comes from the reserved realm,
+          // which is not available when running on ESS
+          await checkSessionCookie(basicSessionCookie, 'elastic', 'basic1', null, 'realm');
 
           const authenticationResponse = await supertest
             .post('/api/security/saml/callback')

x-pack/test/oidc_api_integration/apis/authorization_code_flow/oidc_auth.ts

@@ -43,9 +43,9 @@ export default function ({ getService }: FtrProviderContext) {
         .expect(200);
 
       expect(user.username).to.eql(username);
-      expect(user.authentication_realm).to.eql({ name: 'reserved', type: 'reserved' });
       expect(user.authentication_provider).to.eql('basic');
       expect(user.authentication_type).to.be('realm');
+      // Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
     });
 
     describe('initiating handshake', () => {

x-pack/test/pki_api_integration/apis/security/pki_auth.ts

@@ -93,8 +93,8 @@ export default function ({ getService }: FtrProviderContext) {
         .expect(200);
 
       expect(user.username).to.eql(username);
-      expect(user.authentication_realm).to.eql({ name: 'reserved', type: 'reserved' });
       expect(user.authentication_provider).to.eql('basic');
+      // Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
     });
 
     it('should properly set cookie and authenticate user', async () => {

x-pack/test/saml_api_integration/apis/security/saml_login.ts

@@ -93,9 +93,9 @@ export default function ({ getService }: FtrProviderContext) {
         .expect(200);
 
       expect(user.username).to.eql(username);
-      expect(user.authentication_realm).to.eql({ name: 'reserved', type: 'reserved' });
       expect(user.authentication_provider).to.eql('basic');
       expect(user.authentication_type).to.be('realm');
+      // Do not assert on the `authentication_realm`, as the value differes for on-prem vs cloud
     });
 
     describe('initiating handshake', () => {