Search in sources :

Example 31 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LDAPUserPropertiesMappingTest method createAndReadUser.

@Test
public void createAndReadUser() {
    testingClient.server(TEST_REALM_NAME).run(session -> {
        KeycloakContext context = session.getContext();
        RealmModel realm = context.getRealm();
        UserModel test10 = session.users().getUserByUsername(DIETMAR, realm);
        Assert.assertTrue(test10.isEnabled());
        Assert.assertTrue(test10.isEmailVerified());
        UserModel test11 = session.users().getUserByUsername(STEFAN, realm);
        Assert.assertFalse(test11.isEnabled());
        Assert.assertFalse(test11.isEmailVerified());
        ComponentModel ldapProviderModel = LDAPTestUtils.getLdapProviderModel(realm);
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapProviderModel);
        LDAPObject user10FromLdap = ldapProvider.loadLDAPUserByUsername(realm, DIETMAR);
        Assert.assertTrue(Boolean.parseBoolean(user10FromLdap.getAttributeAsString(USER_EMAIL_VERIFIED_LDAP_ATTRIBUTE)));
        Assert.assertTrue(Boolean.parseBoolean(user10FromLdap.getAttributeAsString(USER_ENABLED_LDAP_ATTRIBUTE)));
        LDAPObject user11FromLdap = ldapProvider.loadLDAPUserByUsername(realm, STEFAN);
        Assert.assertFalse(Boolean.parseBoolean(user11FromLdap.getAttributeAsString(USER_EMAIL_VERIFIED_LDAP_ATTRIBUTE)));
        Assert.assertFalse(Boolean.parseBoolean(user11FromLdap.getAttributeAsString(USER_ENABLED_LDAP_ATTRIBUTE)));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) KeycloakContext(org.keycloak.models.KeycloakContext) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) Test(org.junit.Test)

Example 32 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LDAPUserPropertiesMappingTest method afterImportTestRealm.

@Override
protected void afterImportTestRealm() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        ComponentModel ldapModel = appRealm.getComponentsStream(appRealm.getId(), UserStorageProvider.class.getName()).findFirst().get();
        ldapModel.getConfig().putSingle(UserStorageProviderModel.IMPORT_ENABLED, "false");
        appRealm.updateComponent(ldapModel);
        ComponentModel emailVerifiedMapperModel = LDAPTestUtils.addUserAttributeMapper(appRealm, ldapModel, "customEmailVerifiedMapper", "emailVerified", USER_EMAIL_VERIFIED_LDAP_ATTRIBUTE);
        appRealm.updateComponent(emailVerifiedMapperModel);
        ComponentModel enabledMapperModel = LDAPTestUtils.addUserAttributeMapper(appRealm, ldapModel, "customEnabledMapper", "enabled", USER_ENABLED_LDAP_ATTRIBUTE);
        appRealm.updateComponent(enabledMapperModel);
        appRealm.getClientByClientId("test-app").setDirectAccessGrantsEnabled(true);
        LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
        LDAPTestUtils.addLdapUser(session, appRealm, ldapFedProvider, DIETMAR, null, user -> {
            user.setEnabled(true);
            user.setEmailVerified(true);
        });
        LDAPTestUtils.addLdapUser(session, appRealm, ldapFedProvider, STEFAN, null, user -> {
            user.setEnabled(false);
            user.setEmailVerified(false);
        });
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserStorageProvider(org.keycloak.storage.UserStorageProvider) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)

Example 33 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LDAPRoleMappingsTest method afterImportTestRealm.

@Override
protected void afterImportTestRealm() {
    // Disable pagination
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        ctx.getLdapModel().put(LDAPConstants.PAGINATION, "false");
        appRealm.updateComponent(ctx.getLdapModel());
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        UserStorageProviderModel ldapModel = ctx.getLdapModel();
        LDAPTestUtils.addLocalUser(session, appRealm, "mary", "mary@test.com", "password-app");
        // Delete all LDAP users
        LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
        LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm);
        // Add sample application
        ClientModel finance = appRealm.addClient("finance");
        // Delete all LDAP roles
        LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY);
        LDAPTestUtils.removeAllLDAPRoles(session, appRealm, ldapModel, "realmRolesMapper");
        LDAPTestUtils.removeAllLDAPRoles(session, appRealm, ldapModel, "financeRolesMapper");
        // Add some users for testing
        LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234");
        LDAPTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1");
        LDAPObject mary = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "marykeycloak", "Mary", "Kelly", "mary@email.org", null, "5678");
        LDAPTestUtils.updateLDAPPassword(ldapFedProvider, mary, "Password1");
        LDAPObject rob = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "robkeycloak", "Rob", "Brown", "rob@email.org", null, "8910");
        LDAPTestUtils.updateLDAPPassword(ldapFedProvider, rob, "Password1");
        // Add some roles for testing
        LDAPTestUtils.createLDAPRole(session, appRealm, ldapModel, "realmRolesMapper", "realmRole1");
        LDAPTestUtils.createLDAPRole(session, appRealm, ldapModel, "realmRolesMapper", "realmRole2");
        LDAPTestUtils.createLDAPRole(session, appRealm, ldapModel, "financeRolesMapper", "financeRole1");
        // Sync LDAP roles to Keycloak DB
        LDAPTestUtils.syncRolesFromLDAP(appRealm, ldapFedProvider, ldapModel);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ClientModel(org.keycloak.models.ClientModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) UserStorageProviderModel(org.keycloak.storage.UserStorageProviderModel)

Example 34 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class LDAPRoleMappingsTest method test02_readOnlyRoleMappings.

@Test
public void test02_readOnlyRoleMappings() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.READ_ONLY);
        UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
        RoleModel realmRole1 = appRealm.getRole("realmRole1");
        RoleModel realmRole2 = appRealm.getRole("realmRole2");
        RoleModel realmRole3 = appRealm.getRole("realmRole3");
        if (realmRole3 == null) {
            realmRole3 = appRealm.addRole("realmRole3");
        }
        // Add some role mappings directly into LDAP
        ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm);
        LDAPObject maryLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "marykeycloak");
        roleMapper.addRoleMappingInLDAP("realmRole1", maryLdap);
        roleMapper.addRoleMappingInLDAP("realmRole2", maryLdap);
        // Add some role to model
        mary.grantRole(realmRole3);
        // Assert that mary has both LDAP and DB mapped roles
        Set<RoleModel> maryRoles = mary.getRealmRoleMappingsStream().collect(Collectors.toSet());
        Assert.assertTrue(maryRoles.contains(realmRole1));
        Assert.assertTrue(maryRoles.contains(realmRole2));
        Assert.assertTrue(maryRoles.contains(realmRole3));
        // Assert that access through DB will have just DB mapped role
        UserModel maryDB = session.userLocalStorage().getUserByUsername(appRealm, "marykeycloak");
        Set<RoleModel> maryDBRoles = maryDB.getRealmRoleMappingsStream().collect(Collectors.toSet());
        Assert.assertFalse(maryDBRoles.contains(realmRole1));
        Assert.assertFalse(maryDBRoles.contains(realmRole2));
        Assert.assertTrue(maryDBRoles.contains(realmRole3));
        mary.deleteRoleMapping(realmRole3);
        try {
            mary.deleteRoleMapping(realmRole1);
            Assert.fail("It wasn't expected to successfully delete LDAP role mappings in READ_ONLY mode");
        } catch (ModelException expected) {
        }
        // Delete role mappings directly in LDAP
        deleteRoleMappingsInLDAP(roleMapper, maryLdap, "realmRole1");
        deleteRoleMappingsInLDAP(roleMapper, maryLdap, "realmRole2");
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
        // Assert role mappings is not available
        Set<RoleModel> maryRoles = mary.getRealmRoleMappingsStream().collect(Collectors.toSet());
        Assert.assertFalse(maryRoles.contains(appRealm.getRole("realmRole1")));
        Assert.assertFalse(maryRoles.contains(appRealm.getRole("realmRole2")));
        Assert.assertFalse(maryRoles.contains(appRealm.getRole("realmRole3")));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ModelException(org.keycloak.models.ModelException) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) RoleModel(org.keycloak.models.RoleModel) RoleLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper) Test(org.junit.Test)

Example 35 with LDAPStorageProvider

use of org.keycloak.storage.ldap.LDAPStorageProvider in project keycloak by keycloak.

the class TestLDAPResource method removeLDAPUser.

/**
 * Remove specified user directly just from the LDAP server
 */
@DELETE
@Path("/remove-ldap-user")
@Consumes(MediaType.APPLICATION_JSON)
public void removeLDAPUser(@QueryParam("username") String ldapUsername) {
    ComponentModel ldapCompModel = LDAPTestUtils.getLdapProviderModel(realm);
    UserStorageProviderModel ldapModel = new UserStorageProviderModel(ldapCompModel);
    LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
    LDAPTestUtils.removeLDAPUserByUsername(ldapProvider, realm, ldapProvider.getLdapIdentityStore().getConfig(), ldapUsername);
}
Also used : ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) UserStorageProviderModel(org.keycloak.storage.UserStorageProviderModel) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) Consumes(javax.ws.rs.Consumes)

Aggregations

LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)56 RealmModel (org.keycloak.models.RealmModel)46 ComponentModel (org.keycloak.component.ComponentModel)44 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)34 Test (org.junit.Test)29 UserModel (org.keycloak.models.UserModel)17 GroupModel (org.keycloak.models.GroupModel)12 GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)12 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)9 UserStorageProviderModel (org.keycloak.storage.UserStorageProviderModel)8 GroupLDAPStorageMapperFactory (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory)8 LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)7 UserStorageProvider (org.keycloak.storage.UserStorageProvider)6 Path (javax.ws.rs.Path)4 KeycloakSession (org.keycloak.models.KeycloakSession)4 LDAPTestContext (org.keycloak.testsuite.federation.ldap.LDAPTestContext)4 HashMap (java.util.HashMap)3 Set (java.util.Set)3 Consumes (javax.ws.rs.Consumes)3 POST (javax.ws.rs.POST)3