Example 46 with ComponentModel
use of org.keycloak.component.ComponentModel in project keycloak by keycloak.
the class LDAPRoleMapperTest method test02RoleMapperClientRoles.
@Test
public void test02RoleMapperClientRoles() {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// create a client to set the roles in it
ClientModel rolesClient = session.clients().addClient(appRealm, "role-mapper-client");
try {
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "rolesMapper");
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, RoleMapperConfig.USE_REALM_ROLES_MAPPING, "false", RoleMapperConfig.CLIENT_ID, rolesClient.getClientId());
appRealm.updateComponent(mapperModel);
// synch to the client to create the roles at the client
new RoleLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm);
// check users
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
Assert.assertNotNull(john);
Assert.assertThat(john.getClientRoleMappingsStream(rolesClient).map(RoleModel::getName).collect(Collectors.toSet()), Matchers.containsInAnyOrder("group1", "group2"));
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
Assert.assertNotNull(mary);
Assert.assertThat(mary.getClientRoleMappingsStream(rolesClient).map(RoleModel::getName).collect(Collectors.toSet()), Matchers.containsInAnyOrder("group1", "group2"));
UserModel rob = session.users().getUserByUsername(appRealm, "robkeycloak");
Assert.assertNotNull(rob);
Assert.assertThat(rob.getClientRoleMappingsStream(rolesClient).map(RoleModel::getName).collect(Collectors.toSet()), Matchers.containsInAnyOrder("group1"));
UserModel james = session.users().getUserByUsername(appRealm, "jameskeycloak");
Assert.assertNotNull(james);
Assert.assertThat(james.getClientRoleMappingsStream(rolesClient).map(RoleModel::getName).collect(Collectors.toSet()), Matchers.empty());
// check groups
RoleModel group1 = rolesClient.getRole("group1");
Assert.assertNotNull(group1);
Assert.assertThat(session.users().getRoleMembersStream(appRealm, group1).map(UserModel::getUsername).collect(Collectors.toSet()), Matchers.containsInAnyOrder("johnkeycloak", "marykeycloak", "robkeycloak"));
RoleModel group2 = rolesClient.getRole("group2");
Assert.assertNotNull(group2);
Assert.assertThat(session.users().getRoleMembersStream(appRealm, group2).map(UserModel::getUsername).collect(Collectors.toSet()), Matchers.containsInAnyOrder("johnkeycloak", "marykeycloak"));
RoleModel group3 = rolesClient.getRole("group3");
Assert.assertNotNull(group3);
Assert.assertThat(session.users().getRoleMembersStream(appRealm, group3).collect(Collectors.toSet()), Matchers.empty());
} finally {
appRealm.removeClient(rolesClient.getId());
}
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
ClientModel(org.keycloak.models.ClientModel)
RoleLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapperFactory)
ComponentModel(org.keycloak.component.ComponentModel)
RoleModel(org.keycloak.models.RoleModel)
Test(org.junit.Test)
Example 47 with ComponentModel
use of org.keycloak.component.ComponentModel in project keycloak by keycloak.
the class LDAPRoleMappingsTest method test03_importRoleMappings.
@Test
public void test03_importRoleMappings() {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.IMPORT);
// Add some role mappings directly in LDAP
ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper");
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm);
LDAPObject robLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "robkeycloak");
roleMapper.addRoleMappingInLDAP("realmRole1", robLdap);
roleMapper.addRoleMappingInLDAP("realmRole2", robLdap);
// Get user and check that he has requested roles from LDAP
UserModel rob = session.users().getUserByUsername(appRealm, "robkeycloak");
RoleModel realmRole1 = appRealm.getRole("realmRole1");
RoleModel realmRole2 = appRealm.getRole("realmRole2");
RoleModel realmRole3 = appRealm.getRole("realmRole3");
if (realmRole3 == null) {
realmRole3 = appRealm.addRole("realmRole3");
}
Set<RoleModel> robRoles = rob.getRealmRoleMappingsStream().collect(Collectors.toSet());
Assert.assertTrue(robRoles.contains(realmRole1));
Assert.assertTrue(robRoles.contains(realmRole2));
Assert.assertFalse(robRoles.contains(realmRole3));
// Add some role mappings in model and check that user has it
rob.grantRole(realmRole3);
robRoles = rob.getRealmRoleMappingsStream().collect(Collectors.toSet());
Assert.assertTrue(robRoles.contains(realmRole3));
// Delete some role mappings in LDAP and check that it doesn't have any effect and user still has role
deleteRoleMappingsInLDAP(roleMapper, robLdap, "realmRole1");
deleteRoleMappingsInLDAP(roleMapper, robLdap, "realmRole2");
robRoles = rob.getRealmRoleMappingsStream().collect(Collectors.toSet());
Assert.assertTrue(robRoles.contains(realmRole1));
Assert.assertTrue(robRoles.contains(realmRole2));
// Delete role mappings through model and verifies that user doesn't have them anymore
rob.deleteRoleMapping(realmRole1);
rob.deleteRoleMapping(realmRole2);
rob.deleteRoleMapping(realmRole3);
robRoles = rob.getRealmRoleMappingsStream().collect(Collectors.toSet());
Assert.assertFalse(robRoles.contains(realmRole1));
Assert.assertFalse(robRoles.contains(realmRole2));
Assert.assertFalse(robRoles.contains(realmRole3));
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
ComponentModel(org.keycloak.component.ComponentModel)
LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
RoleModel(org.keycloak.models.RoleModel)
RoleLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper)
Test(org.junit.Test)
Example 48 with ComponentModel
use of org.keycloak.component.ComponentModel in project keycloak by keycloak.
the class LDAPRoleMappingsTest method test05_getRolesFromUserMemberOfStrategyTest.
// KEYCLOAK-5848
// Test GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE with custom 'Member-Of LDAP Attribute'. As a workaround, we are testing this with custom attribute "street"
// just because it's available on all the LDAP servers
@Test
public void test05_getRolesFromUserMemberOfStrategyTest() throws Exception {
ComponentRepresentation realmRoleMapper = findMapperRepByName("realmRolesMapper");
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// Create street attribute mapper
LDAPTestUtils.addUserAttributeMapper(appRealm, ctx.getLdapModel(), "streetMapper", "street", LDAPConstants.STREET);
// Find DN of "group1"
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper");
RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(mapperModel, ctx.getLdapProvider(), appRealm);
LDAPObject ldapRole = roleMapper.loadLDAPRoleByName("realmRole1");
String ldapRoleDN = ldapRole.getDn().toString();
// Create new user in LDAP. Add him some "street" referencing existing LDAP Group
LDAPObject carlos = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "carloskeycloak", "Carlos", "Doel", "carlos.doel@email.org", ldapRoleDN, "1234");
LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), carlos, "Password1");
// Update group mapper
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, RoleMapperConfig.USER_ROLES_RETRIEVE_STRATEGY, RoleMapperConfig.GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE, RoleMapperConfig.MEMBEROF_LDAP_ATTRIBUTE, LDAPConstants.STREET);
appRealm.updateComponent(mapperModel);
});
ComponentRepresentation streetMapper = findMapperRepByName("streetMapper");
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// Get user in Keycloak. Ensure that he is member of requested group
UserModel carlos = session.users().getUserByUsername(appRealm, "carloskeycloak");
Set<RoleModel> carlosRoles = carlos.getRealmRoleMappingsStream().collect(Collectors.toSet());
RoleModel realmRole1 = appRealm.getRole("realmRole1");
RoleModel realmRole2 = appRealm.getRole("realmRole2");
Assert.assertTrue(carlosRoles.contains(realmRole1));
Assert.assertFalse(carlosRoles.contains(realmRole2));
});
// Revert mappers
testRealm().components().component(streetMapper.getId()).remove();
testRealm().components().component(realmRoleMapper.getId()).remove();
realmRoleMapper.setId(null);
testRealm().components().add(realmRoleMapper);
}
Also used :
ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation)
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
ComponentModel(org.keycloak.component.ComponentModel)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
RoleModel(org.keycloak.models.RoleModel)
RoleLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper)
Test(org.junit.Test)
Example 49 with ComponentModel
use of org.keycloak.component.ComponentModel in project keycloak by keycloak.
the class LDAPRoleMappingsTest method test04_syncRoleMappings.
/**
* KEYCLOAK-5698
*/
@Test
public void test04_syncRoleMappings() {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
LDAPObject john = LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "johnrolemapper", "John", "RoleMapper", "johnrolemapper@email.org", null, "1234");
LDAPTestUtils.updateLDAPPassword(ldapProvider, john, "Password1");
LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY);
UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(session.getKeycloakSessionFactory(), appRealm.getId(), new UserStorageProviderModel(ctx.getLdapModel()));
syncResult.getAdded();
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// make sure user is cached.
UserModel johnRoleMapper = session.users().getUserByUsername(appRealm, "johnrolemapper");
Assert.assertNotNull(johnRoleMapper);
Assert.assertEquals(0, johnRoleMapper.getRealmRoleMappingsStream().count());
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// Add some role mappings directly in LDAP
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper");
RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm);
LDAPObject johnLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "johnrolemapper");
roleMapper.addRoleMappingInLDAP("realmRole1", johnLdap);
roleMapper.addRoleMappingInLDAP("realmRole2", johnLdap);
// Get user and check that he has requested roles from LDAP
UserModel johnRoleMapper = session.users().getUserByUsername(appRealm, "johnrolemapper");
RoleModel realmRole1 = appRealm.getRole("realmRole1");
RoleModel realmRole2 = appRealm.getRole("realmRole2");
Set<RoleModel> johnRoles = johnRoleMapper.getRealmRoleMappingsStream().collect(Collectors.toSet());
Assert.assertFalse(johnRoles.contains(realmRole1));
Assert.assertFalse(johnRoles.contains(realmRole2));
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// Add some role mappings directly in LDAP
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper");
RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm);
LDAPObject johnLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "johnrolemapper");
// not sure why it is here for second time, but it is failing for Active directory - mapping already exists
if (!ctx.getLdapProvider().getLdapIdentityStore().getConfig().isActiveDirectory()) {
roleMapper.addRoleMappingInLDAP("realmRole1", johnLdap);
roleMapper.addRoleMappingInLDAP("realmRole2", johnLdap);
}
UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(session.getKeycloakSessionFactory(), appRealm.getId(), new UserStorageProviderModel(ctx.getLdapModel()));
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// Get user and check that he has requested roles from LDAP
UserModel johnRoleMapper = session.users().getUserByUsername(appRealm, "johnrolemapper");
RoleModel realmRole1 = appRealm.getRole("realmRole1");
RoleModel realmRole2 = appRealm.getRole("realmRole2");
Set<RoleModel> johnRoles = johnRoleMapper.getRealmRoleMappingsStream().collect(Collectors.toSet());
Assert.assertTrue(johnRoles.contains(realmRole1));
Assert.assertTrue(johnRoles.contains(realmRole2));
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
UserStorageSyncManager(org.keycloak.services.managers.UserStorageSyncManager)
ComponentModel(org.keycloak.component.ComponentModel)
LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
RoleModel(org.keycloak.models.RoleModel)
SynchronizationResult(org.keycloak.storage.user.SynchronizationResult)
UserStorageProviderModel(org.keycloak.storage.UserStorageProviderModel)
RoleLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper)
Test(org.junit.Test)
Example 50 with ComponentModel
use of org.keycloak.component.ComponentModel in project keycloak by keycloak.
the class LDAPSpecialCharsTest method test03_specialCharUserJoiningSpecialCharGroup.
@Test
public void test03_specialCharUserJoiningSpecialCharGroup() {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString());
appRealm.updateComponent(mapperModel);
UserModel specialUser = session.users().getUserByUsername(appRealm, "jamees,key*cložak)ppp");
Assert.assertNotNull(specialUser);
// 1 - Grant some groups in LDAP
// This group should already exists as it was imported from LDAP
GroupModel specialGroup = KeycloakModelUtils.findGroupByPath(appRealm, "/group-spec,ia*l_characžter)s");
Assert.assertNotNull(specialGroup);
specialUser.joinGroup(specialGroup);
GroupModel groupWithSlashes = KeycloakModelUtils.findGroupByPath(appRealm, "/group/with/three/slashes");
Assert.assertNotNull(groupWithSlashes);
specialUser.joinGroup(groupWithSlashes);
// 2 - Check that group mappings are in LDAP and hence available through federation
Set<GroupModel> userGroups = specialUser.getGroupsStream().collect(Collectors.toSet());
Assert.assertEquals(2, userGroups.size());
Assert.assertTrue(userGroups.contains(specialGroup));
// 3 - Check through userProvider
List<UserModel> groupMembers = session.users().getGroupMembersStream(appRealm, specialGroup, 0, 10).collect(Collectors.toList());
Assert.assertEquals(1, groupMembers.size());
Assert.assertEquals("jamees,key*cložak)ppp", groupMembers.get(0).getUsername());
groupMembers = session.users().getGroupMembersStream(appRealm, groupWithSlashes, 0, 10).collect(Collectors.toList());
Assert.assertEquals(1, groupMembers.size());
Assert.assertEquals("jamees,key*cložak)ppp", groupMembers.get(0).getUsername());
// 4 - Delete some group mappings and check they are deleted
specialUser.leaveGroup(specialGroup);
specialUser.leaveGroup(groupWithSlashes);
Assert.assertEquals(0, specialUser.getGroupsStream().count());
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
ComponentModel(org.keycloak.component.ComponentModel)
GroupModel(org.keycloak.models.GroupModel)
Test(org.junit.Test)
Aggregations
ComponentModel (org.keycloak.component.ComponentModel)155
RealmModel (org.keycloak.models.RealmModel)74
Test (org.junit.Test)52
LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)46
LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)34
UserModel (org.keycloak.models.UserModel)29
HashMap (java.util.HashMap)22
UserStorageProviderModel (org.keycloak.storage.UserStorageProviderModel)22
GroupModel (org.keycloak.models.GroupModel)21
MultivaluedHashMap (org.keycloak.common.util.MultivaluedHashMap)18
SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)18
ComponentValidationException (org.keycloak.component.ComponentValidationException)16
UserStorageProvider (org.keycloak.storage.UserStorageProvider)16
LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)15
GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)15
Path (javax.ws.rs.Path)14
DeclarativeUserProfileProvider (org.keycloak.userprofile.DeclarativeUserProfileProvider)13
ModelException (org.keycloak.models.ModelException)11
UPAttribute (org.keycloak.userprofile.config.UPAttribute)11
UPConfig (org.keycloak.userprofile.config.UPConfig)11
