use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPSyncTest method afterImportTestRealm.
@Override
protected void afterImportTestRealm() {
// Don't sync registrations in this test
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
// Add group mapper
LDAPTestUtils.addOrUpdateGroupMapper(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY, descriptionAttrName);
// Remove all LDAP groups
LDAPTestUtils.removeAllLDAPGroups(session, appRealm, ctx.getLdapModel(), "groupsMapper");
ComponentModel ldapModel = LDAPTestUtils.getLdapProviderModel(appRealm);
ldapModel.put(LDAPConstants.SYNC_REGISTRATIONS, "false");
appRealm.updateComponent(ldapModel);
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
LDAPTestUtils.addLocalUser(session, appRealm, "marykeycloak", "mary@test.com", "password-app");
ComponentModel ldapModel = LDAPTestUtils.getLdapProviderModel(appRealm);
LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ldapModel);
// Delete all LDAP users and add 5 new users for testing
LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm);
for (int i = 1; i <= 5; i++) {
LDAPObject ldapUser = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "user" + i, "User" + i + "FN", "User" + i + "LN", "user" + i + "@email.org", null, "12" + i);
LDAPTestUtils.updateLDAPPassword(ldapFedProvider, ldapUser, "Password1");
}
});
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPUserMultipleCredentialTest method afterImportTestRealm.
@Override
protected void afterImportTestRealm() {
getTestingClient().server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// Delete all LDAP users
LDAPTestUtils.removeAllLDAPUsers(ctx.getLdapProvider(), appRealm);
// Add some new LDAP users for testing
LDAPObject user1 = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "test-user", "John", "Doe", "test-user@something.org", "some street", "00000");
LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), user1, "some-password");
LDAPObject user2 = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "test-user-with-otp", "John", "Doe", "test-user-with-otp@something.org", "some street", "00000");
LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), user2, "some-other-password");
UserModel userWithOtp = session.users().getUserByUsername(appRealm, "test-user-with-otp");
OTPCredentialModel otpCredential = OTPCredentialModel.createHOTP("DJmQfC73VGFhw7D4QJ8A", 6, 0, "HmacSHA1");
session.userCredentialManager().createCredential(appRealm, userWithOtp, otpCredential);
});
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPUserPropertiesMappingTest method createAndReadUser.
@Test
public void createAndReadUser() {
testingClient.server(TEST_REALM_NAME).run(session -> {
KeycloakContext context = session.getContext();
RealmModel realm = context.getRealm();
UserModel test10 = session.users().getUserByUsername(DIETMAR, realm);
Assert.assertTrue(test10.isEnabled());
Assert.assertTrue(test10.isEmailVerified());
UserModel test11 = session.users().getUserByUsername(STEFAN, realm);
Assert.assertFalse(test11.isEnabled());
Assert.assertFalse(test11.isEmailVerified());
ComponentModel ldapProviderModel = LDAPTestUtils.getLdapProviderModel(realm);
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapProviderModel);
LDAPObject user10FromLdap = ldapProvider.loadLDAPUserByUsername(realm, DIETMAR);
Assert.assertTrue(Boolean.parseBoolean(user10FromLdap.getAttributeAsString(USER_EMAIL_VERIFIED_LDAP_ATTRIBUTE)));
Assert.assertTrue(Boolean.parseBoolean(user10FromLdap.getAttributeAsString(USER_ENABLED_LDAP_ATTRIBUTE)));
LDAPObject user11FromLdap = ldapProvider.loadLDAPUserByUsername(realm, STEFAN);
Assert.assertFalse(Boolean.parseBoolean(user11FromLdap.getAttributeAsString(USER_EMAIL_VERIFIED_LDAP_ATTRIBUTE)));
Assert.assertFalse(Boolean.parseBoolean(user11FromLdap.getAttributeAsString(USER_ENABLED_LDAP_ATTRIBUTE)));
});
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPRoleMappingsTest method afterImportTestRealm.
@Override
protected void afterImportTestRealm() {
// Disable pagination
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
ctx.getLdapModel().put(LDAPConstants.PAGINATION, "false");
appRealm.updateComponent(ctx.getLdapModel());
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserStorageProviderModel ldapModel = ctx.getLdapModel();
LDAPTestUtils.addLocalUser(session, appRealm, "mary", "mary@test.com", "password-app");
// Delete all LDAP users
LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm);
// Add sample application
ClientModel finance = appRealm.addClient("finance");
// Delete all LDAP roles
LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY);
LDAPTestUtils.removeAllLDAPRoles(session, appRealm, ldapModel, "realmRolesMapper");
LDAPTestUtils.removeAllLDAPRoles(session, appRealm, ldapModel, "financeRolesMapper");
// Add some users for testing
LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234");
LDAPTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1");
LDAPObject mary = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "marykeycloak", "Mary", "Kelly", "mary@email.org", null, "5678");
LDAPTestUtils.updateLDAPPassword(ldapFedProvider, mary, "Password1");
LDAPObject rob = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "robkeycloak", "Rob", "Brown", "rob@email.org", null, "8910");
LDAPTestUtils.updateLDAPPassword(ldapFedProvider, rob, "Password1");
// Add some roles for testing
LDAPTestUtils.createLDAPRole(session, appRealm, ldapModel, "realmRolesMapper", "realmRole1");
LDAPTestUtils.createLDAPRole(session, appRealm, ldapModel, "realmRolesMapper", "realmRole2");
LDAPTestUtils.createLDAPRole(session, appRealm, ldapModel, "financeRolesMapper", "financeRole1");
// Sync LDAP roles to Keycloak DB
LDAPTestUtils.syncRolesFromLDAP(appRealm, ldapFedProvider, ldapModel);
});
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPRoleMappingsTest method test02_readOnlyRoleMappings.
@Test
public void test02_readOnlyRoleMappings() {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.READ_ONLY);
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
RoleModel realmRole1 = appRealm.getRole("realmRole1");
RoleModel realmRole2 = appRealm.getRole("realmRole2");
RoleModel realmRole3 = appRealm.getRole("realmRole3");
if (realmRole3 == null) {
realmRole3 = appRealm.addRole("realmRole3");
}
// Add some role mappings directly into LDAP
ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper");
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm);
LDAPObject maryLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "marykeycloak");
roleMapper.addRoleMappingInLDAP("realmRole1", maryLdap);
roleMapper.addRoleMappingInLDAP("realmRole2", maryLdap);
// Add some role to model
mary.grantRole(realmRole3);
// Assert that mary has both LDAP and DB mapped roles
Set<RoleModel> maryRoles = mary.getRealmRoleMappingsStream().collect(Collectors.toSet());
Assert.assertTrue(maryRoles.contains(realmRole1));
Assert.assertTrue(maryRoles.contains(realmRole2));
Assert.assertTrue(maryRoles.contains(realmRole3));
// Assert that access through DB will have just DB mapped role
UserModel maryDB = session.userLocalStorage().getUserByUsername(appRealm, "marykeycloak");
Set<RoleModel> maryDBRoles = maryDB.getRealmRoleMappingsStream().collect(Collectors.toSet());
Assert.assertFalse(maryDBRoles.contains(realmRole1));
Assert.assertFalse(maryDBRoles.contains(realmRole2));
Assert.assertTrue(maryDBRoles.contains(realmRole3));
mary.deleteRoleMapping(realmRole3);
try {
mary.deleteRoleMapping(realmRole1);
Assert.fail("It wasn't expected to successfully delete LDAP role mappings in READ_ONLY mode");
} catch (ModelException expected) {
}
// Delete role mappings directly in LDAP
deleteRoleMappingsInLDAP(roleMapper, maryLdap, "realmRole1");
deleteRoleMappingsInLDAP(roleMapper, maryLdap, "realmRole2");
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
// Assert role mappings is not available
Set<RoleModel> maryRoles = mary.getRealmRoleMappingsStream().collect(Collectors.toSet());
Assert.assertFalse(maryRoles.contains(appRealm.getRole("realmRole1")));
Assert.assertFalse(maryRoles.contains(appRealm.getRole("realmRole2")));
Assert.assertFalse(maryRoles.contains(appRealm.getRole("realmRole3")));
});
}
Aggregations