Examples with LDAPStorageProvider org.keycloak.storage.ldap.LDAPStorageProvider used on opensource projects

Search in sources :

Example 1 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LDAPGroupMapper2WaySyncTest method test01_syncNoPreserveGroupInheritance.

@Test
public void test01_syncNoPreserveGroupInheritance() throws Exception {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        // Update group mapper to skip preserve inheritance and check it will pass now
        LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.PRESERVE_GROUP_INHERITANCE, "false");
        realm.updateComponent(mapperModel);
        // Sync from Keycloak into LDAP
        SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(realm);
        LDAPTestAsserts.assertSyncEquals(syncResult, 4, 0, 0, 0);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        // Delete all KC groups now
        removeAllModelGroups(realm);
        Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group1"));
        Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group11"));
        Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group2"));
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper");
        // Sync from LDAP back into Keycloak
        SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
        LDAPTestAsserts.assertSyncEquals(syncResult, 4, 0, 0, 0);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper");
        // Assert groups are imported to keycloak. All are at top level
        GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1");
        GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, "/group11");
        GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group12");
        GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(realm, "/group2");
        Assert.assertEquals(0, kcGroup1.getSubGroupsStream().count());
        Assert.assertEquals("group1 - description1", kcGroup1.getFirstAttribute(descriptionAttrName));
        Assert.assertNull(kcGroup11.getFirstAttribute(descriptionAttrName));
        Assert.assertEquals("group12 - description12", kcGroup12.getFirstAttribute(descriptionAttrName));
        Assert.assertNull(kcGroup2.getFirstAttribute(descriptionAttrName));
        // test drop non-existing works
        testDropNonExisting(session, ctx, mapperModel);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) GroupModel(org.keycloak.models.GroupModel) GroupLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) Test(org.junit.Test)

Example 2 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LDAPGroupMapper2WaySyncTest method test02_syncWithGroupInheritance.

@Test
public void test02_syncWithGroupInheritance() throws Exception {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        // Update group mapper to skip preserve inheritance and check it will pass now
        LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.PRESERVE_GROUP_INHERITANCE, "true");
        LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.DROP_NON_EXISTING_GROUPS_DURING_SYNC, "false");
        realm.updateComponent(mapperModel);
        // Sync from Keycloak into LDAP
        SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(realm);
        LDAPTestAsserts.assertSyncEquals(syncResult, 4, 0, 0, 0);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        // Delete all KC groups now
        removeAllModelGroups(realm);
        Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group1"));
        Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group11"));
        Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group2"));
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        // Sync from LDAP back into Keycloak
        SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
        LDAPTestAsserts.assertSyncEquals(syncResult, 4, 0, 0, 0);
        // Assert groups are imported to keycloak. All are at top level
        GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1");
        GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group11");
        GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group12");
        GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(realm, "/group2");
        Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count());
        Assert.assertEquals("group1 - description1", kcGroup1.getFirstAttribute(descriptionAttrName));
        Assert.assertNull(kcGroup11.getFirstAttribute(descriptionAttrName));
        Assert.assertEquals("group12 - description12", kcGroup12.getFirstAttribute(descriptionAttrName));
        Assert.assertNull(kcGroup2.getFirstAttribute(descriptionAttrName));
        // test drop non-existing works
        testDropNonExisting(session, ctx, mapperModel);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) GroupModel(org.keycloak.models.GroupModel) GroupLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) Test(org.junit.Test)

Example 3 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LDAPGroupMapperSyncWithGroupsPathTest method test01_syncWithGroupInheritance.

@Test
public void test01_syncWithGroupInheritance() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, realm);
        // KEYCLOAK-11415 - This test requires the group mapper to be configured with preserve group inheritance
        // set to 'true' (the default setting). If preservation of group inheritance isn't configured, some of
        // the previous test(s) failed to cleanup properly. Check the requirement as part of running the test
        Assert.assertEquals(mapperModel.getConfig().getFirst("preserve.group.inheritance"), "true");
        // Sync groups with inheritance
        SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
        LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0);
        // Assert groups are imported to keycloak including their inheritance from LDAP
        GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1");
        Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group11"));
        Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group12"));
        GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group11");
        GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group12");
        Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count());
        Assert.assertEquals("group1 - description", kcGroup1.getFirstAttribute(descriptionAttrName));
        Assert.assertNull(kcGroup11.getFirstAttribute(descriptionAttrName));
        Assert.assertEquals("group12 - description", kcGroup12.getFirstAttribute(descriptionAttrName));
        // Update description attributes in LDAP
        LDAPObject group1 = groupMapper.loadLDAPGroupByName("group1");
        group1.setSingleAttribute(descriptionAttrName, "group1 - changed description");
        ldapProvider.getLdapIdentityStore().update(group1);
        LDAPObject group12 = groupMapper.loadLDAPGroupByName("group12");
        group12.setAttribute(descriptionAttrName, null);
        ldapProvider.getLdapIdentityStore().update(group12);
        // Sync and assert groups updated
        syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
        LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0);
        // Assert attributes changed in keycloak
        kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1");
        kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group12");
        Assert.assertEquals("group1 - changed description", kcGroup1.getFirstAttribute(descriptionAttrName));
        Assert.assertNull(kcGroup12.getFirstAttribute(descriptionAttrName));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) GroupModel(org.keycloak.models.GroupModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) GroupLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) Test(org.junit.Test)

Example 4 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LDAPHardcodedAttributeTest method afterImportTestRealm.

@Override
protected void afterImportTestRealm() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        ComponentModel localeMapperModel = KeycloakModelUtils.createComponentModel("localeMapper", ctx.getLdapModel().getId(), HardcodedAttributeMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), HardcodedAttributeMapper.USER_MODEL_ATTRIBUTE, "locale", HardcodedAttributeMapper.ATTRIBUTE_VALUE, "en");
        ComponentModel emailVerifiedMapperModel = KeycloakModelUtils.createComponentModel("emailVerifiedMapper", ctx.getLdapModel().getId(), HardcodedAttributeMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), HardcodedAttributeMapper.USER_MODEL_ATTRIBUTE, "emailVerified", HardcodedAttributeMapper.ATTRIBUTE_VALUE, "true");
        appRealm.addComponentModel(localeMapperModel);
        appRealm.addComponentModel(emailVerifiedMapperModel);
        // Delete all LDAP users and add some new for testing
        LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm);
        LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234");
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) LDAPStorageMapper(org.keycloak.storage.ldap.mappers.LDAPStorageMapper) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)

Example 5 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class TestLDAPResource method prepareRolesLDAPTest.

/**
 * Prepare groups LDAP tests. Creates some LDAP mappers as well as some built-in GRoups and users in LDAP
 */
@POST
@Path("/configure-roles")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
public void prepareRolesLDAPTest() {
    ComponentModel ldapModel = LDAPTestUtils.getLdapProviderModel(realm);
    LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
    // Add role mapper
    LDAPTestUtils.addOrUpdateRoleMapper(realm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY);
    // Remove all LDAP groups and users
    LDAPTestUtils.removeAllLDAPGroups(session, realm, ldapModel, "rolesMapper");
    LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, realm);
    // Add some LDAP users for testing
    LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, realm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234");
    LDAPTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1");
    LDAPObject mary = LDAPTestUtils.addLDAPUser(ldapFedProvider, realm, "marykeycloak", "Mary", "Kelly", "mary@email.org", null, "5678");
    LDAPTestUtils.updateLDAPPassword(ldapFedProvider, mary, "Password1");
    LDAPObject rob = LDAPTestUtils.addLDAPUser(ldapFedProvider, realm, "robkeycloak", "Rob", "Brown", "rob@email.org", null, "8910");
    LDAPTestUtils.updateLDAPPassword(ldapFedProvider, rob, "Password1");
    LDAPObject james = LDAPTestUtils.addLDAPUser(ldapFedProvider, realm, "jameskeycloak", "James", "Brown", "james@email.org", null, "8910");
    LDAPTestUtils.updateLDAPPassword(ldapFedProvider, james, "Password1");
    // Add some groups for testing
    LDAPObject group1 = LDAPTestUtils.createLDAPGroup("rolesMapper", session, realm, ldapModel, "group1");
    LDAPObject group2 = LDAPTestUtils.createLDAPGroup("rolesMapper", session, realm, ldapModel, "group2");
    LDAPObject group3 = LDAPTestUtils.createLDAPGroup("rolesMapper", session, realm, ldapModel, "group3");
    // add the users to the groups
    LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, john);
    LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, mary);
    LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, rob);
    LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, john);
    LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, mary);
    // Sync LDAP groups to Keycloak DB roles
    ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ldapModel, "rolesMapper");
    new RoleLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
}
Also used : RoleLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapperFactory) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces) Consumes(javax.ws.rs.Consumes)

Aggregations

LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)56 RealmModel (org.keycloak.models.RealmModel)46 ComponentModel (org.keycloak.component.ComponentModel)44 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)34 Test (org.junit.Test)29 UserModel (org.keycloak.models.UserModel)17 GroupModel (org.keycloak.models.GroupModel)12 GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)12 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)9 UserStorageProviderModel (org.keycloak.storage.UserStorageProviderModel)8 GroupLDAPStorageMapperFactory (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory)8 LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)7 UserStorageProvider (org.keycloak.storage.UserStorageProvider)6 Path (javax.ws.rs.Path)4 KeycloakSession (org.keycloak.models.KeycloakSession)4 LDAPTestContext (org.keycloak.testsuite.federation.ldap.LDAPTestContext)4 HashMap (java.util.HashMap)3 Set (java.util.Set)3 Consumes (javax.ws.rs.Consumes)3 POST (javax.ws.rs.POST)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial