Example 26 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class LDAPGroupMapperTest method test06_addingUserToNewKeycloakGroup.
// KEYCLOAK-5017
@Test
public void test06_addingUserToNewKeycloakGroup() throws Exception {
// Add some groups to Keycloak
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
GroupModel group3 = appRealm.createGroup("group3");
GroupModel group31 = appRealm.createGroup("group31", group3);
GroupModel group32 = appRealm.createGroup("group32", group3);
GroupModel group4 = appRealm.createGroup("group4");
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
GroupModel group14 = appRealm.createGroup("group14", group1);
});
// Add user to some newly created KC groups
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
GroupModel group4 = KeycloakModelUtils.findGroupByPath(appRealm, "/group4");
john.joinGroup(group4);
GroupModel group31 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group31");
GroupModel group32 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group32");
john.joinGroup(group31);
john.joinGroup(group32);
GroupModel group14 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group14");
john.joinGroup(group14);
});
// Check user group memberships
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
GroupModel group14 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group14");
GroupModel group3 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3");
GroupModel group31 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group31");
GroupModel group32 = KeycloakModelUtils.findGroupByPath(appRealm, "/group3/group32");
GroupModel group4 = KeycloakModelUtils.findGroupByPath(appRealm, "/group4");
Set<GroupModel> groups = john.getGroupsStream().collect(Collectors.toSet());
Assert.assertTrue(groups.contains(group14));
Assert.assertFalse(groups.contains(group3));
Assert.assertTrue(groups.contains(group31));
Assert.assertTrue(groups.contains(group32));
Assert.assertTrue(groups.contains(group4));
long groupsCount = john.getGroupsCount();
Assert.assertEquals(4, groupsCount);
Assert.assertEquals(2, john.getGroupsStream("3", 0, 10).count());
Assert.assertEquals(1, john.getGroupsStream("3", 1, 10).count());
Assert.assertEquals(1, john.getGroupsStream("3", 1, 1).count());
Assert.assertEquals(0, john.getGroupsStream("3", 1, 0).count());
Assert.assertEquals(0, john.getGroupsStream("Keycloak", 0, 10).count());
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
GroupModel(org.keycloak.models.GroupModel)
Test(org.junit.Test)
Example 27 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class LDAPGroupMapperSyncTest method test03_syncWithDropNonExistingGroups.
@Test
public void test03_syncWithDropNonExistingGroups() throws Exception {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel realm = ctx.getRealm();
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper");
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
// KEYCLOAK-11415 - This test requires the group mapper to be configured with preserve group inheritance
// set to 'true' (the default setting). If preservation of group inheritance isn't configured, some of
// the previous test(s) failed to cleanup properly. Check the requirement as part of running the test
Assert.assertEquals(mapperModel.getConfig().getFirst("preserve.group.inheritance"), "true");
// Sync groups with inheritance
SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0);
// Assert groups are imported to keycloak including their inheritance from LDAP
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1");
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group12"));
Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count());
// Create some new groups in keycloak
GroupModel model1 = realm.createGroup("model1");
GroupModel model2 = realm.createGroup("model2", kcGroup1);
// Sync groups again from LDAP. Nothing deleted
syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0);
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group12"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/model1"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/model2"));
// Update group mapper to drop non-existing groups during sync
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.DROP_NON_EXISTING_GROUPS_DURING_SYNC, "true");
realm.updateComponent(mapperModel);
// Sync groups again from LDAP. Assert LDAP non-existing groups deleted
syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
Assert.assertEquals(3, syncResult.getUpdated());
Assert.assertTrue(syncResult.getRemoved() == 2);
// Sync and assert groups updated
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group11"));
Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group12"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/model1"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/model2"));
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
ComponentModel(org.keycloak.component.ComponentModel)
LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)
GroupModel(org.keycloak.models.GroupModel)
GroupLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory)
SynchronizationResult(org.keycloak.storage.user.SynchronizationResult)
Test(org.junit.Test)
Example 28 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class LDAPGroupMapperSyncTest method test02_syncWithGroupInheritance.
@Test
public void test02_syncWithGroupInheritance() throws Exception {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel realm = ctx.getRealm();
String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper");
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, realm);
// KEYCLOAK-11415 - This test requires the group mapper to be configured with preserve group inheritance
// set to 'true' (the default setting). If preservation of group inheritance isn't configured, some of
// the previous test(s) failed to cleanup properly. Check the requirement as part of running the test
Assert.assertEquals(mapperModel.getConfig().getFirst("preserve.group.inheritance"), "true");
// Sync groups with inheritance
SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0);
// Assert groups are imported to keycloak including their inheritance from LDAP
GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1");
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group11"));
Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group12"));
GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group11");
GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group12");
Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count());
Assert.assertEquals("group1 - description", kcGroup1.getFirstAttribute(descriptionAttrName));
Assert.assertNull(kcGroup11.getFirstAttribute(descriptionAttrName));
Assert.assertEquals("group12 - description", kcGroup12.getFirstAttribute(descriptionAttrName));
// Update description attributes in LDAP
LDAPObject group1 = groupMapper.loadLDAPGroupByName("group1");
group1.setSingleAttribute(descriptionAttrName, "group1 - changed description");
ldapProvider.getLdapIdentityStore().update(group1);
LDAPObject group12 = groupMapper.loadLDAPGroupByName("group12");
group12.setAttribute(descriptionAttrName, null);
ldapProvider.getLdapIdentityStore().update(group12);
// Sync and assert groups updated
syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0);
// Assert attributes changed in keycloak
kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1");
kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group12");
Assert.assertEquals("group1 - changed description", kcGroup1.getFirstAttribute(descriptionAttrName));
Assert.assertNull(kcGroup12.getFirstAttribute(descriptionAttrName));
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
ComponentModel(org.keycloak.component.ComponentModel)
LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)
GroupModel(org.keycloak.models.GroupModel)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
GroupLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory)
SynchronizationResult(org.keycloak.storage.user.SynchronizationResult)
GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)
Test(org.junit.Test)
Example 29 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class LDAPGroupMapperTest method test05_getGroupsFromUserMemberOfStrategyTest.
// KEYCLOAK-5848
// Test GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE with custom 'Member-Of LDAP Attribute'. As a workaround, we are testing this with custom attribute "street"
// just because it's available on all the LDAP servers
@Test
public void test05_getGroupsFromUserMemberOfStrategyTest() throws Exception {
ComponentRepresentation groupMapperRep = findMapperRepByName("groupsMapper");
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// Create street attribute mapper
LDAPTestUtils.addUserAttributeMapper(appRealm, ctx.getLdapModel(), "streetMapper", "street", LDAPConstants.STREET);
// Find DN of "group1"
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ctx.getLdapProvider(), appRealm);
LDAPObject ldapGroup = groupMapper.loadLDAPGroupByName("group1");
String ldapGroupDN = ldapGroup.getDn().toString();
// Create new user in LDAP. Add him some "street" referencing existing LDAP Group
LDAPObject carlos = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "carloskeycloak", "Carlos", "Doel", "carlos.doel@email.org", ldapGroupDN, "1234");
LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), carlos, "Password1");
// Update group mapper
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.USER_ROLES_RETRIEVE_STRATEGY, GroupMapperConfig.GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE, GroupMapperConfig.MEMBEROF_LDAP_ATTRIBUTE, LDAPConstants.STREET);
appRealm.updateComponent(mapperModel);
});
ComponentRepresentation streetMapperRep = findMapperRepByName("streetMapper");
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// Get user in Keycloak. Ensure that he is member of requested group
UserModel carlos = session.users().getUserByUsername(appRealm, "carloskeycloak");
Set<GroupModel> carlosGroups = carlos.getGroupsStream().collect(Collectors.toSet());
GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1");
GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11");
GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12");
Assert.assertTrue(carlosGroups.contains(group1));
Assert.assertFalse(carlosGroups.contains(group11));
Assert.assertFalse(carlosGroups.contains(group12));
Assert.assertEquals(1, carlosGroups.size());
});
// Revert mappers
testRealm().components().component(streetMapperRep.getId()).remove();
groupMapperRep.getConfig().putSingle(GroupMapperConfig.USER_ROLES_RETRIEVE_STRATEGY, GroupMapperConfig.LOAD_GROUPS_BY_MEMBER_ATTRIBUTE);
testRealm().components().component(groupMapperRep.getId()).update(groupMapperRep);
}
Also used :
ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation)
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
ComponentModel(org.keycloak.component.ComponentModel)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
GroupModel(org.keycloak.models.GroupModel)
GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)
Test(org.junit.Test)
Example 30 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class LDAPGroupMapperTest method test08_ldapOnlyGroupMappingsRanged.
@Test
public void test08_ldapOnlyGroupMappingsRanged() {
testingClient.server().run(session -> {
// try to do 3 pages (30+30+1)
int membersToTest = 61;
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString());
appRealm.updateComponent(mapperModel);
// Ignoring this test on ActiveDirectory and rhds as it's currently impossible to import more than 60 users without timeout
LDAPConfig ldapConfig = ctx.getLdapProvider().getLdapIdentityStore().getConfig();
if (ldapConfig.isActiveDirectory() || LDAPConstants.VENDOR_RHDS.equals(ldapConfig.getVendor())) {
return;
}
// create big grups that use ranged search
String descriptionAttrName = getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
LDAPObject bigGroup = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "biggroup", descriptionAttrName, "biggroup - description");
// create the users to use range search and add them to the group
for (int i = 0; i < membersToTest; i++) {
String username = String.format("user%02d", i);
LDAPObject user = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, username, username, username, username + "@email.org", null, "1234");
LDAPUtils.addMember(ctx.getLdapProvider(), MembershipType.DN, LDAPConstants.MEMBER, "not-used", bigGroup, user);
}
// check if ranged intercetor is in place and working
GroupMapperConfig config = new GroupMapperConfig(mapperModel);
bigGroup = LDAPGroupMapperTest.searchObjectInBase(ctx.getLdapProvider(), bigGroup.getDn().toString(), config.getMembershipLdapAttribute());
Assert.assertNotNull(bigGroup.getAttributes().get(config.getMembershipLdapAttribute()));
Assert.assertFalse(bigGroup.isRangeComplete(config.getMembershipLdapAttribute()));
Assert.assertTrue(membersToTest > bigGroup.getAttributeAsSet(config.getMembershipLdapAttribute()).size());
Assert.assertEquals(bigGroup.getCurrentRange(config.getMembershipLdapAttribute()), bigGroup.getAttributeAsSet(config.getMembershipLdapAttribute()).size() - 1);
// now check the population of ranged attributes is OK
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm);
groupMapper.syncDataFromFederationProviderToKeycloak(appRealm);
GroupModel kcBigGroup = KeycloakModelUtils.findGroupByPath(appRealm, "/biggroup");
// check all the users have the group assigned
for (int i = 0; i < membersToTest; i++) {
UserModel kcUser = session.users().getUserByUsername(appRealm, String.format("user%02d", i));
Assert.assertTrue("User contains biggroup " + i, kcUser.getGroupsStream().collect(Collectors.toSet()).contains(kcBigGroup));
}
// check the group contains all the users as member
List<UserModel> groupMembers = session.users().getGroupMembersStream(appRealm, kcBigGroup, 0, membersToTest).collect(Collectors.toList());
Assert.assertEquals(membersToTest, groupMembers.size());
Set<String> usernames = groupMembers.stream().map(u -> u.getUsername()).collect(Collectors.toSet());
for (int i = 0; i < membersToTest; i++) {
Assert.assertTrue("Group contains user " + i, usernames.contains(String.format("user%02d", i)));
}
});
}
Also used :
MethodSorters(org.junit.runners.MethodSorters)
LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)
KeycloakModelUtils(org.keycloak.models.utils.KeycloakModelUtils)
SearchControls(javax.naming.directory.SearchControls)
LDAPConstants(org.keycloak.models.LDAPConstants)
ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation)
UserModel(org.keycloak.models.UserModel)
LDAPRule(org.keycloak.testsuite.util.LDAPRule)
ComponentModel(org.keycloak.component.ComponentModel)
GroupModel(org.keycloak.models.GroupModel)
ClassRule(org.junit.ClassRule)
LDAPGroupMapperMode(org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode)
LDAPDn(org.keycloak.storage.ldap.idm.model.LDAPDn)
MembershipType(org.keycloak.storage.ldap.mappers.membership.MembershipType)
RealmModel(org.keycloak.models.RealmModel)
LDAPConfig(org.keycloak.storage.ldap.LDAPConfig)
LDAPTestUtils(org.keycloak.testsuite.util.LDAPTestUtils)
Set(java.util.Set)
LDAPTestUtils.getGroupDescriptionLDAPAttrName(org.keycloak.testsuite.util.LDAPTestUtils.getGroupDescriptionLDAPAttrName)
Test(org.junit.Test)
LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)
Collectors(java.util.stream.Collectors)
GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
List(java.util.List)
Stream(java.util.stream.Stream)
LDAPUtils(org.keycloak.storage.ldap.LDAPUtils)
ModelException(org.keycloak.models.ModelException)
Assert(org.junit.Assert)
FixMethodOrder(org.junit.FixMethodOrder)
GroupMapperConfig(org.keycloak.storage.ldap.mappers.membership.group.GroupMapperConfig)
LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)
GroupModel(org.keycloak.models.GroupModel)
GroupMapperConfig(org.keycloak.storage.ldap.mappers.membership.group.GroupMapperConfig)
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
LDAPConfig(org.keycloak.storage.ldap.LDAPConfig)
ComponentModel(org.keycloak.component.ComponentModel)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)
Test(org.junit.Test)
Aggregations
GroupModel (org.keycloak.models.GroupModel)72
RealmModel (org.keycloak.models.RealmModel)40
Test (org.junit.Test)26
ComponentModel (org.keycloak.component.ComponentModel)23
UserModel (org.keycloak.models.UserModel)20
LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)18
LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)13
GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)12
RoleModel (org.keycloak.models.RoleModel)10
ClientModel (org.keycloak.models.ClientModel)9
GroupLDAPStorageMapperFactory (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory)9
HashMap (java.util.HashMap)8
List (java.util.List)8
NotFoundException (javax.ws.rs.NotFoundException)7
SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)7
HashSet (java.util.HashSet)6
Map (java.util.Map)6
Collectors (java.util.stream.Collectors)6
Path (javax.ws.rs.Path)6
Policy (org.keycloak.authorization.model.Policy)6
