Search in sources :

Example 81 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPAccountTest method beforeSigningInTest.

@Before
public void beforeSigningInTest() {
    passwordCredentialType = signingInPage.getCredentialType(PasswordCredentialModel.TYPE);
    testingClient.testing().ldap(TEST).createLDAPProvider(ldapRule.getConfig(), true);
    log.infof("LDAP Provider created");
    String userName = "johnkeycloak";
    String firstName = "Jonh";
    String lastName = "Doe";
    String email = "john@email.org";
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        // Delete all LDAP users and add some new for testing
        LDAPTestUtils.removeAllLDAPUsers(ctx.getLdapProvider(), appRealm);
        LDAPObject john = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, userName, firstName, lastName, email, null, "1234");
        LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), john, PASSWORD);
    });
    testRealmLoginPage.setAuthRealm(testRealmPage);
    testRealmAccountPage.setAuthRealm(testRealmPage);
    testUser = createUserRepresentation(userName, email, firstName, lastName, true);
    setPasswordFor(testUser, PASSWORD);
    resetTestRealmSession();
}
Also used : RealmModel(org.keycloak.models.RealmModel) LDAPTestContext(org.keycloak.testsuite.federation.ldap.LDAPTestContext) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) Before(org.junit.Before)

Example 82 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPTestUtils method removeAllLDAPRoles.

public static void removeAllLDAPRoles(KeycloakSession session, RealmModel appRealm, ComponentModel ldapModel, String mapperName) {
    ComponentModel mapperModel = getSubcomponentByName(appRealm, ldapModel, mapperName);
    LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
    try (LDAPQuery roleQuery = getRoleMapper(mapperModel, ldapProvider, appRealm).createRoleQuery(false)) {
        List<LDAPObject> ldapRoles = roleQuery.getResultList();
        for (LDAPObject ldapRole : ldapRoles) {
            ldapProvider.getLdapIdentityStore().remove(ldapRole);
        }
    }
}
Also used : LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Example 83 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPTestUtils method addLdapOU.

public static LDAPObject addLdapOU(LDAPStorageProvider ldapProvider, String name) {
    LDAPObject ldapObject = new LDAPObject();
    ldapObject.setRdnAttributeName("ou");
    ldapObject.setObjectClasses(Collections.singletonList("organizationalUnit"));
    ldapObject.setSingleAttribute("ou", name);
    LDAPDn dn = LDAPDn.fromString(ldapProvider.getLdapIdentityStore().getConfig().getUsersDn());
    dn.addFirst("ou", name);
    ldapObject.setDn(dn);
    ldapProvider.getLdapIdentityStore().add(ldapObject);
    return ldapObject;
}
Also used : LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) LDAPDn(org.keycloak.storage.ldap.idm.model.LDAPDn)

Example 84 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPProvidersIntegrationTest method updateLDAPUsernameTest.

@Test
public void updateLDAPUsernameTest() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        // Add user to LDAP
        LDAPObject becky = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "beckybecks", "Becky", "Becks", "becky-becks@email.org", null, "123");
        LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), becky, "Password1");
    });
    loginSuccessAndLogout("beckybecks", "Password1");
    String origKeycloakUserId = testingClient.server().fetchString(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel testRealm = ctx.getRealm();
        UserModel importedUser = session.userLocalStorage().getUserByUsername(testRealm, "beckybecks");
        // Update user 'beckybecks' in LDAP
        LDAPObject becky = ctx.getLdapProvider().loadLDAPUserByUsername(testRealm, importedUser.getUsername());
        // NOTE: Changing LDAP Username directly here
        String userNameLdapAttributeName = ctx.getLdapProvider().getLdapIdentityStore().getConfig().getUsernameLdapAttribute();
        becky.setSingleAttribute(userNameLdapAttributeName, "beckyupdated");
        becky.setSingleAttribute(LDAPConstants.EMAIL, "becky-updated@email.org");
        ctx.getLdapProvider().getLdapIdentityStore().update(becky);
        LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), becky, "MyChangedPassword11");
        return importedUser.getId();
    });
    loginSuccessAndLogout("beckyupdated", "MyChangedPassword11");
    loginPage.open();
    loginPage.login("beckybecks", "Password1");
    Assert.assertEquals("Invalid username or password.", loginPage.getInputError());
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        // The original username is not possible to use as username was changed in LDAP.
        // However the call to LDAPStorageProvider.loadAndValidateUser shouldn't delete the user just because his username changed in LDAP
        UserModel user = session.users().getUserByUsername(ctx.getRealm(), "beckybecks");
        Assert.assertNull(user);
        // Assert user can be found with new username from LDAP. And it is same user as before
        user = session.users().getUserByUsername(ctx.getRealm(), "beckyupdated");
        Assert.assertNotNull(user);
        String newKeycloakUserId = user.getId();
        // Need to remove double quotes from server response
        Assert.assertEquals(origKeycloakUserId.replace("\"", ""), newKeycloakUserId);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) CachedUserModel(org.keycloak.models.cache.CachedUserModel) UserModel(org.keycloak.models.UserModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) AbstractAuthTest(org.keycloak.testsuite.AbstractAuthTest) Test(org.junit.Test)

Example 85 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPProvidersIntegrationTest method testUnsynced.

@Test
public void testUnsynced() throws Exception {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        UserStorageProviderModel model = new UserStorageProviderModel(ctx.getLdapModel());
        model.getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.UNSYNCED.toString());
        appRealm.updateComponent(model);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        UserModel user = session.users().getUserByUsername(appRealm, "johnkeycloak");
        Assert.assertNotNull(user);
        Assert.assertNotNull(user.getFederationLink());
        Assert.assertEquals(user.getFederationLink(), ctx.getLdapModel().getId());
        UserCredentialModel cred = UserCredentialModel.password("Candycand1", true);
        session.userCredentialManager().updateCredential(appRealm, user, cred);
        CredentialModel userCredentialValueModel = session.userCredentialManager().getStoredCredentialsByTypeStream(appRealm, user, PasswordCredentialModel.TYPE).findFirst().orElse(null);
        Assert.assertNotNull(userCredentialValueModel);
        Assert.assertEquals(PasswordCredentialModel.TYPE, userCredentialValueModel.getType());
        Assert.assertTrue(session.userCredentialManager().isValid(appRealm, user, cred));
        // LDAP password is still unchanged
        try {
            LDAPObject ldapUser = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
            ctx.getLdapProvider().getLdapIdentityStore().validatePassword(ldapUser, "Password1");
        } catch (AuthenticationException ex) {
            throw new RuntimeException(ex);
        }
    });
    // Test admin REST endpoints
    UserResource userResource = ApiUtil.findUserByUsernameId(testRealm(), "johnkeycloak");
    // Assert password is stored locally
    List<String> storedCredentials = userResource.credentials().stream().map(CredentialRepresentation::getType).collect(Collectors.toList());
    Assert.assertTrue(storedCredentials.contains(PasswordCredentialModel.TYPE));
    // Assert password is supported in the LDAP too.
    List<String> userStorageCredentials = userResource.getConfiguredUserStorageCredentialTypes();
    Assert.assertTrue(userStorageCredentials.contains(PasswordCredentialModel.TYPE));
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        UserModel user = session.users().getUserByUsername(appRealm, "johnkeycloak");
        // User is deleted just locally
        Assert.assertTrue(session.users().removeUser(appRealm, user));
        // Assert user not available locally, but will be reimported from LDAP once searched
        Assert.assertNull(session.userLocalStorage().getUserByUsername(appRealm, "johnkeycloak"));
        Assert.assertNotNull(session.users().getUserByUsername(appRealm, "johnkeycloak"));
    });
    // Revert
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        ctx.getLdapModel().getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString());
        appRealm.updateComponent(ctx.getLdapModel());
        Assert.assertEquals(UserStorageProvider.EditMode.WRITABLE.toString(), appRealm.getComponent(ctx.getLdapModel().getId()).getConfig().getFirst(LDAPConstants.EDIT_MODE));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) CachedUserModel(org.keycloak.models.cache.CachedUserModel) UserModel(org.keycloak.models.UserModel) UserCredentialModel(org.keycloak.models.UserCredentialModel) CredentialModel(org.keycloak.credential.CredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) AuthenticationException(javax.naming.AuthenticationException) UserResource(org.keycloak.admin.client.resource.UserResource) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) UserStorageProviderModel(org.keycloak.storage.UserStorageProviderModel) UserCredentialModel(org.keycloak.models.UserCredentialModel) AbstractAuthTest(org.keycloak.testsuite.AbstractAuthTest) Test(org.junit.Test)

Aggregations

LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)105 RealmModel (org.keycloak.models.RealmModel)61 Test (org.junit.Test)38 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)37 ComponentModel (org.keycloak.component.ComponentModel)35 UserModel (org.keycloak.models.UserModel)28 GroupModel (org.keycloak.models.GroupModel)18 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)16 GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)14 ModelException (org.keycloak.models.ModelException)11 LDAPDn (org.keycloak.storage.ldap.idm.model.LDAPDn)10 LDAPQuery (org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)10 HashMap (java.util.HashMap)9 AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)8 HashSet (java.util.HashSet)7 List (java.util.List)7 CachedUserModel (org.keycloak.models.cache.CachedUserModel)7 LDAPConfig (org.keycloak.storage.ldap.LDAPConfig)7 LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)7 Map (java.util.Map)6