Examples with LDAPStorageProvider org.keycloak.storage.ldap.LDAPStorageProvider used on opensource projects

Search in sources :

Example 21 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LDAPProvidersIntegrationTest method testLDAPUserRefreshCache.

@Test
public void testLDAPUserRefreshCache() {
    testingClient.server().run(session -> {
        session.userCache().clear();
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "johndirect", "John", "Direct", "johndirect@email.org", null, "1234");
        // Fetch user from LDAP and check that postalCode is filled
        UserModel user = session.users().getUserByUsername(appRealm, "johndirect");
        String postalCode = user.getFirstAttribute("postal_code");
        Assert.assertEquals("1234", postalCode);
        LDAPTestUtils.removeLDAPUserByUsername(ldapProvider, appRealm, ldapProvider.getLdapIdentityStore().getConfig(), "johndirect");
    });
    // 5 minutes in future, user should be cached still
    setTimeOffset(60 * 5);
    testingClient.server().run(session -> {
        RealmModel appRealm = new RealmManager(session).getRealmByName("test");
        CachedUserModel user = (CachedUserModel) session.users().getUserByUsername(appRealm, "johndirect");
        String postalCode = user.getFirstAttribute("postal_code");
        String email = user.getEmail();
        Assert.assertEquals("1234", postalCode);
        Assert.assertEquals("johndirect@email.org", email);
    });
    // 20 minutes into future, cache will be invalidated
    setTimeOffset(60 * 20);
    testingClient.server().run(session -> {
        RealmModel appRealm = new RealmManager(session).getRealmByName("test");
        UserModel user = session.users().getUserByUsername(appRealm, "johndirect");
        Assert.assertNull(user);
    });
    setTimeOffset(0);
}
Also used : RealmModel(org.keycloak.models.RealmModel) CachedUserModel(org.keycloak.models.cache.CachedUserModel) UserModel(org.keycloak.models.UserModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) CachedUserModel(org.keycloak.models.cache.CachedUserModel) RealmManager(org.keycloak.services.managers.RealmManager) AbstractAuthTest(org.keycloak.testsuite.AbstractAuthTest) Test(org.junit.Test)

Example 22 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LDAPNoMSADTest method testMultivaluedRDN.

// KEYCLOAK-12842
@Test
public void testMultivaluedRDN() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        ComponentModel snMapper = null;
        // Create LDAP user with both "uid" and "sn" attribute in RDN. Something like "uid=johnkeycloak3+sn=Doe3,ou=People,dc=domain,dc=com"
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        LDAPObject john2 = LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "johnkeycloak3", "John3", "Doe3", "john3@email.org", null, "4321");
        john2.addRdnAttributeName("sn");
        ldapProvider.getLdapIdentityStore().update(john2);
        // Assert DN was changed
        String rdnAttrName = ldapProvider.getLdapIdentityStore().getConfig().getRdnLdapAttribute();
        Assert.assertEquals(rdnAttrName + "=johnkeycloak3+sn=Doe3", john2.getDn().getFirstRdn().toString());
    });
    // Update some user attributes not mapped to DN. DN won't be changed
    String userId = testRealm().users().search("johnkeycloak3").get(0).getId();
    UserResource user = testRealm().users().get(userId);
    UserRepresentation userRep = user.toRepresentation();
    assertFirstRDNEndsWith(userRep, "johnkeycloak3", "Doe3");
    userRep.setEmail("newemail@email.cz");
    user.update(userRep);
    userRep = user.toRepresentation();
    Assert.assertEquals("newemail@email.cz", userRep.getEmail());
    assertFirstRDNEndsWith(userRep, "johnkeycloak3", "Doe3");
    // Update some user attributes mapped to DN. DN will be changed
    userRep.setLastName("Doe3Changed");
    user.update(userRep);
    userRep = user.toRepresentation();
    // ApacheDS bug causes that attribute, which was added to DN, is lowercased. Works for other LDAPs (RHDS, OpenLDAP)
    Assert.assertThat("Doe3Changed", equalToIgnoringCase(userRep.getLastName()));
    assertFirstRDNEndsWith(userRep, "johnkeycloak3", "Doe3Changed");
    // Remove user
    user.remove();
}
Also used : RealmModel(org.keycloak.models.RealmModel) ComponentModel(org.keycloak.component.ComponentModel) UserResource(org.keycloak.admin.client.resource.UserResource) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 23 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LDAPProvidersFullNameMapperTest method testUpdatingFirstNameAndLastNamePropagatesToFullnameMapper.

@Test
public void testUpdatingFirstNameAndLastNamePropagatesToFullnameMapper() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        ComponentModel ldapModel = LDAPTestUtils.getLdapProviderModel(appRealm);
        LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
        LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "fullname", "James", "Dee", "fullname@email.org", null, "4578");
        // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName
        LDAPTestAsserts.assertUserImported(session.users(), appRealm, "fullname", "James", "Dee", "fullname@email.org", "4578");
    });
    // Assert user will be changed in LDAP too
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        UserModel fullnameUser = session.users().getUserByUsername(appRealm, "fullname");
        fullnameUser.setFirstName("James2");
        fullnameUser.setLastName("Dee2");
    });
    // Assert changed user available in Keycloak
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName
        LDAPTestAsserts.assertUserImported(session.users(), appRealm, "fullname", "James2", "Dee2", "fullname@email.org", "4578");
        // Remove "fullnameUser" to assert he is removed from LDAP.
        UserModel fullnameUser = session.users().getUserByUsername(appRealm, "fullname");
        session.users().removeUser(appRealm, fullnameUser);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) Test(org.junit.Test)

Example 24 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LDAPReadOnlyTest method afterImportTestRealm.

@Override
protected void afterImportTestRealm() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ctx.getLdapModel());
        // Delete all LDAP users and add some new for testing
        LDAPTestUtils.removeAllLDAPUsers(ctx.getLdapProvider(), appRealm);
        LDAPObject john = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234");
        LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), john, "Password1");
        LDAPObject existing = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "existing", "Existing", "Foo", "existing@email.org", null, "5678");
        appRealm.getClientByClientId("test-app").setDirectAccessGrantsEnabled(true);
        LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        ldapFedProvider.getModel().put(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.READ_ONLY.toString());
        appRealm.updateComponent(ldapFedProvider.getModel());
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)

Example 25 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LDAPAccountTest method updateProfileWithAttributePresent.

// KEYCLOAK-15634
@Test
public void updateProfileWithAttributePresent() {
    RealmResource testRealm = adminClient.realm("test");
    assertEquals(getAccountThemeName(), testRealm.toRepresentation().getAccountTheme());
    UserRepresentation userRepBefore = ApiUtil.findUserByUsername(testRealm, "keycloak-15634");
    assertNull("User should not exist", userRepBefore);
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        ldapFedProvider.getModel().put(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.UNSYNCED.toString());
        appRealm.updateComponent(ldapFedProvider.getModel());
        LDAPObject testUser = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "keycloak-15634", "firstName", "lastName", "keycloak-15634@test.local", null, "1234");
        LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), testUser, PASSWORD);
    });
    // Check our test user is ok before updating profile
    userRepBefore = ApiUtil.findUserByUsername(testRealm, "keycloak-15634");
    assertEquals("Test user should have an email address set", "keycloak-15634@test.local", userRepBefore.getEmail());
    assertTrue("Test user should have the LDAP_ID attribute set", userRepBefore.getAttributes().containsKey("LDAP_ID"));
    assertFalse("Test user should not have locale attribute set", userRepBefore.getAttributes().containsKey("locale"));
    personalInfoPage.navigateTo();
    loginPage.assertCurrent();
    loginPage.form().login("keycloak-15634", "password");
    personalInfoPage.assertCurrent();
    assertEquals("keycloak-15634@test.local", personalInfoPage.getEmail());
    // Trigger the JS involved in KEYCLOAK-15634
    personalInfoPage.setEmail("keycloak-15634@domain.local");
    personalInfoPage.clickSave();
    // Check if updateProfile went well and if user is still there
    UserRepresentation userRepAfter = ApiUtil.findUserByUsername(testRealm, "keycloak-15634");
    assertNotNull("Test user should still be there", userRepAfter);
    assertEquals("Email should have been updated", "keycloak-15634@domain.local", userRepAfter.getEmail());
    assertTrue("LDAP_ID attribute should still be there", userRepAfter.getAttributes().containsKey("LDAP_ID"));
    // Clean up
    ApiUtil.removeUserByUsername(testRealm, "keycloak-15634");
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        LDAPTestUtils.removeAllLDAPUsers(ctx.getLdapProvider(), appRealm);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) RealmResource(org.keycloak.admin.client.resource.RealmResource) LDAPTestContext(org.keycloak.testsuite.federation.ldap.LDAPTestContext) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) Test(org.junit.Test)

Aggregations

LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)56 RealmModel (org.keycloak.models.RealmModel)46 ComponentModel (org.keycloak.component.ComponentModel)44 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)34 Test (org.junit.Test)29 UserModel (org.keycloak.models.UserModel)17 GroupModel (org.keycloak.models.GroupModel)12 GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)12 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)9 UserStorageProviderModel (org.keycloak.storage.UserStorageProviderModel)8 GroupLDAPStorageMapperFactory (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory)8 LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)7 UserStorageProvider (org.keycloak.storage.UserStorageProvider)6 Path (javax.ws.rs.Path)4 KeycloakSession (org.keycloak.models.KeycloakSession)4 LDAPTestContext (org.keycloak.testsuite.federation.ldap.LDAPTestContext)4 HashMap (java.util.HashMap)3 Set (java.util.Set)3 Consumes (javax.ws.rs.Consumes)3 POST (javax.ws.rs.POST)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial