Search in sources :

Example 71 with ModelException

use of org.keycloak.models.ModelException in project keycloak by keycloak.

the class LDAPGroupMapperSyncTest method test01_syncNoPreserveGroupInheritance.

@Test
public void test01_syncNoPreserveGroupInheritance() throws Exception {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, realm);
        // Add recursive group mapping to LDAP. Check that sync with preserve group inheritance will fail
        LDAPObject group1 = groupMapper.loadLDAPGroupByName("group1");
        LDAPObject group12 = groupMapper.loadLDAPGroupByName("group12");
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group12, group1);
        try {
            new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
            Assert.fail("Not expected group sync to pass");
        } catch (ModelException expected) {
            Assert.assertTrue(expected.getMessage().contains("Recursion detected"));
        }
    });
    // Update group mapper to skip preserve inheritance
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(ctx.getRealm(), ctx.getLdapModel(), "groupsMapper");
        LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.PRESERVE_GROUP_INHERITANCE, "false");
        ctx.getRealm().updateComponent(mapperModel);
    });
    // Run the LDAP sync again and check it will pass now
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(ctx.getRealm(), ctx.getLdapModel(), "groupsMapper");
        new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(ctx.getRealm(), ctx.getLdapModel(), "groupsMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, realm);
        // Assert groups are imported to keycloak. All are at top level
        GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1");
        GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, "/group11");
        GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group12");
        Assert.assertEquals(0, kcGroup1.getSubGroupsStream().count());
        Assert.assertEquals("group1 - description", kcGroup1.getFirstAttribute(descriptionAttrName));
        Assert.assertNull(kcGroup11.getFirstAttribute(descriptionAttrName));
        Assert.assertEquals("group12 - description", kcGroup12.getFirstAttribute(descriptionAttrName));
        // Cleanup - remove recursive mapping in LDAP
        LDAPObject group1 = groupMapper.loadLDAPGroupByName("group1");
        LDAPObject group12 = groupMapper.loadLDAPGroupByName("group12");
        LDAPUtils.deleteMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group12, group1);
    });
    // Cleanup - revert (non-default) group mapper config
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(ctx.getRealm(), ctx.getLdapModel(), "groupsMapper");
        LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.PRESERVE_GROUP_INHERITANCE, "true");
        ctx.getRealm().updateComponent(mapperModel);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ModelException(org.keycloak.models.ModelException) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) GroupModel(org.keycloak.models.GroupModel) GroupLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) Test(org.junit.Test)

Example 72 with ModelException

use of org.keycloak.models.ModelException in project keycloak by keycloak.

the class AuthenticationFlowResolver method resolveBrowserFlow.

public static AuthenticationFlowModel resolveBrowserFlow(AuthenticationSessionModel authSession) {
    AuthenticationFlowModel flow = null;
    ClientModel client = authSession.getClient();
    String clientFlow = client.getAuthenticationFlowBindingOverride(AuthenticationFlowBindings.BROWSER_BINDING);
    if (clientFlow != null) {
        flow = authSession.getRealm().getAuthenticationFlowById(clientFlow);
        if (flow == null) {
            throw new ModelException("Client " + client.getClientId() + " has browser flow override, but this flow does not exist");
        }
        return flow;
    }
    return authSession.getRealm().getBrowserFlow();
}
Also used : ClientModel(org.keycloak.models.ClientModel) ModelException(org.keycloak.models.ModelException) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)

Example 73 with ModelException

use of org.keycloak.models.ModelException in project keycloak by keycloak.

the class SerializedBrokeredIdentityContext method deserialize.

public BrokeredIdentityContext deserialize(KeycloakSession session, AuthenticationSessionModel authSession) {
    BrokeredIdentityContext ctx = new BrokeredIdentityContext(getId());
    ctx.setUsername(getBrokerUsername());
    ctx.setModelUsername(getModelUsername());
    ctx.setEmail(getEmail());
    ctx.setFirstName(getFirstName());
    ctx.setLastName(getLastName());
    ctx.setBrokerSessionId(getBrokerSessionId());
    ctx.setBrokerUserId(getBrokerUserId());
    ctx.setToken(getToken());
    RealmModel realm = authSession.getRealm();
    IdentityProviderModel idpConfig = realm.getIdentityProviderByAlias(getIdentityProviderId());
    if (idpConfig == null) {
        throw new ModelException("Can't find identity provider with ID " + getIdentityProviderId() + " in realm " + realm.getName());
    }
    IdentityProvider idp = IdentityBrokerService.getIdentityProvider(session, realm, idpConfig.getAlias());
    ctx.setIdpConfig(idpConfig);
    ctx.setIdp(idp);
    IdentityProviderDataMarshaller serializer = idp.getMarshaller();
    for (Map.Entry<String, ContextDataEntry> entry : getContextData().entrySet()) {
        try {
            ContextDataEntry value = entry.getValue();
            Class<?> clazz = Reflections.classForName(value.getClazz(), this.getClass().getClassLoader());
            Object deserialized = serializer.deserialize(value.getData(), clazz);
            ctx.getContextData().put(entry.getKey(), deserialized);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
    ctx.setAuthenticationSession(authSession);
    return ctx;
}
Also used : ModelException(org.keycloak.models.ModelException) IdentityProvider(org.keycloak.broker.provider.IdentityProvider) IdentityProviderModel(org.keycloak.models.IdentityProviderModel) BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext) IOException(java.io.IOException) ModelException(org.keycloak.models.ModelException) RealmModel(org.keycloak.models.RealmModel) IdentityProviderDataMarshaller(org.keycloak.broker.provider.IdentityProviderDataMarshaller) HashMap(java.util.HashMap) Map(java.util.Map)

Example 74 with ModelException

use of org.keycloak.models.ModelException in project keycloak by keycloak.

the class PasswordPolicyTest method testInvalidPolicyName.

@Test
public void testInvalidPolicyName() {
    testingClient.server("passwordPolicy").run(session -> {
        RealmModel realmModel = session.getContext().getRealm();
        PasswordPolicyManagerProvider policyManager = session.getProvider(PasswordPolicyManagerProvider.class);
        try {
            realmModel.setPasswordPolicy(PasswordPolicy.parse(session, "noSuchPolicy"));
            Assert.fail("Expected exception");
        } catch (ModelException e) {
            assertEquals("Password policy not found", e.getMessage());
        }
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ModelException(org.keycloak.models.ModelException) PasswordPolicyManagerProvider(org.keycloak.policy.PasswordPolicyManagerProvider) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Aggregations

ModelException (org.keycloak.models.ModelException)74 RealmModel (org.keycloak.models.RealmModel)20 NamingException (javax.naming.NamingException)13 UserModel (org.keycloak.models.UserModel)13 ClientModel (org.keycloak.models.ClientModel)11 ComponentModel (org.keycloak.component.ComponentModel)10 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)10 IOException (java.io.IOException)9 Consumes (javax.ws.rs.Consumes)9 NotFoundException (javax.ws.rs.NotFoundException)8 BasicAttribute (javax.naming.directory.BasicAttribute)7 KeycloakSession (org.keycloak.models.KeycloakSession)7 RoleModel (org.keycloak.models.RoleModel)7 ErrorResponseException (org.keycloak.services.ErrorResponseException)7 ReadOnlyException (org.keycloak.storage.ReadOnlyException)7 POST (javax.ws.rs.POST)6 Path (javax.ws.rs.Path)6 Test (org.junit.Test)6 ArrayList (java.util.ArrayList)5 AttributeInUseException (javax.naming.directory.AttributeInUseException)5