use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPAccountTest method beforeSigningInTest.
@Before
public void beforeSigningInTest() {
passwordCredentialType = signingInPage.getCredentialType(PasswordCredentialModel.TYPE);
testingClient.testing().ldap(TEST).createLDAPProvider(ldapRule.getConfig(), true);
log.infof("LDAP Provider created");
String userName = "johnkeycloak";
String firstName = "Jonh";
String lastName = "Doe";
String email = "john@email.org";
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// Delete all LDAP users and add some new for testing
LDAPTestUtils.removeAllLDAPUsers(ctx.getLdapProvider(), appRealm);
LDAPObject john = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, userName, firstName, lastName, email, null, "1234");
LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), john, PASSWORD);
});
testRealmLoginPage.setAuthRealm(testRealmPage);
testRealmAccountPage.setAuthRealm(testRealmPage);
testUser = createUserRepresentation(userName, email, firstName, lastName, true);
setPasswordFor(testUser, PASSWORD);
resetTestRealmSession();
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPTestUtils method removeAllLDAPRoles.
public static void removeAllLDAPRoles(KeycloakSession session, RealmModel appRealm, ComponentModel ldapModel, String mapperName) {
ComponentModel mapperModel = getSubcomponentByName(appRealm, ldapModel, mapperName);
LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
try (LDAPQuery roleQuery = getRoleMapper(mapperModel, ldapProvider, appRealm).createRoleQuery(false)) {
List<LDAPObject> ldapRoles = roleQuery.getResultList();
for (LDAPObject ldapRole : ldapRoles) {
ldapProvider.getLdapIdentityStore().remove(ldapRole);
}
}
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPTestUtils method addLdapOU.
public static LDAPObject addLdapOU(LDAPStorageProvider ldapProvider, String name) {
LDAPObject ldapObject = new LDAPObject();
ldapObject.setRdnAttributeName("ou");
ldapObject.setObjectClasses(Collections.singletonList("organizationalUnit"));
ldapObject.setSingleAttribute("ou", name);
LDAPDn dn = LDAPDn.fromString(ldapProvider.getLdapIdentityStore().getConfig().getUsersDn());
dn.addFirst("ou", name);
ldapObject.setDn(dn);
ldapProvider.getLdapIdentityStore().add(ldapObject);
return ldapObject;
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPProvidersIntegrationTest method updateLDAPUsernameTest.
@Test
public void updateLDAPUsernameTest() {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
// Add user to LDAP
LDAPObject becky = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "beckybecks", "Becky", "Becks", "becky-becks@email.org", null, "123");
LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), becky, "Password1");
});
loginSuccessAndLogout("beckybecks", "Password1");
String origKeycloakUserId = testingClient.server().fetchString(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel testRealm = ctx.getRealm();
UserModel importedUser = session.userLocalStorage().getUserByUsername(testRealm, "beckybecks");
// Update user 'beckybecks' in LDAP
LDAPObject becky = ctx.getLdapProvider().loadLDAPUserByUsername(testRealm, importedUser.getUsername());
// NOTE: Changing LDAP Username directly here
String userNameLdapAttributeName = ctx.getLdapProvider().getLdapIdentityStore().getConfig().getUsernameLdapAttribute();
becky.setSingleAttribute(userNameLdapAttributeName, "beckyupdated");
becky.setSingleAttribute(LDAPConstants.EMAIL, "becky-updated@email.org");
ctx.getLdapProvider().getLdapIdentityStore().update(becky);
LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), becky, "MyChangedPassword11");
return importedUser.getId();
});
loginSuccessAndLogout("beckyupdated", "MyChangedPassword11");
loginPage.open();
loginPage.login("beckybecks", "Password1");
Assert.assertEquals("Invalid username or password.", loginPage.getInputError());
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
// The original username is not possible to use as username was changed in LDAP.
// However the call to LDAPStorageProvider.loadAndValidateUser shouldn't delete the user just because his username changed in LDAP
UserModel user = session.users().getUserByUsername(ctx.getRealm(), "beckybecks");
Assert.assertNull(user);
// Assert user can be found with new username from LDAP. And it is same user as before
user = session.users().getUserByUsername(ctx.getRealm(), "beckyupdated");
Assert.assertNotNull(user);
String newKeycloakUserId = user.getId();
// Need to remove double quotes from server response
Assert.assertEquals(origKeycloakUserId.replace("\"", ""), newKeycloakUserId);
});
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPProvidersIntegrationTest method testUnsynced.
@Test
public void testUnsynced() throws Exception {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserStorageProviderModel model = new UserStorageProviderModel(ctx.getLdapModel());
model.getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.UNSYNCED.toString());
appRealm.updateComponent(model);
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserModel user = session.users().getUserByUsername(appRealm, "johnkeycloak");
Assert.assertNotNull(user);
Assert.assertNotNull(user.getFederationLink());
Assert.assertEquals(user.getFederationLink(), ctx.getLdapModel().getId());
UserCredentialModel cred = UserCredentialModel.password("Candycand1", true);
session.userCredentialManager().updateCredential(appRealm, user, cred);
CredentialModel userCredentialValueModel = session.userCredentialManager().getStoredCredentialsByTypeStream(appRealm, user, PasswordCredentialModel.TYPE).findFirst().orElse(null);
Assert.assertNotNull(userCredentialValueModel);
Assert.assertEquals(PasswordCredentialModel.TYPE, userCredentialValueModel.getType());
Assert.assertTrue(session.userCredentialManager().isValid(appRealm, user, cred));
// LDAP password is still unchanged
try {
LDAPObject ldapUser = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
ctx.getLdapProvider().getLdapIdentityStore().validatePassword(ldapUser, "Password1");
} catch (AuthenticationException ex) {
throw new RuntimeException(ex);
}
});
// Test admin REST endpoints
UserResource userResource = ApiUtil.findUserByUsernameId(testRealm(), "johnkeycloak");
// Assert password is stored locally
List<String> storedCredentials = userResource.credentials().stream().map(CredentialRepresentation::getType).collect(Collectors.toList());
Assert.assertTrue(storedCredentials.contains(PasswordCredentialModel.TYPE));
// Assert password is supported in the LDAP too.
List<String> userStorageCredentials = userResource.getConfiguredUserStorageCredentialTypes();
Assert.assertTrue(userStorageCredentials.contains(PasswordCredentialModel.TYPE));
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserModel user = session.users().getUserByUsername(appRealm, "johnkeycloak");
// User is deleted just locally
Assert.assertTrue(session.users().removeUser(appRealm, user));
// Assert user not available locally, but will be reimported from LDAP once searched
Assert.assertNull(session.userLocalStorage().getUserByUsername(appRealm, "johnkeycloak"));
Assert.assertNotNull(session.users().getUserByUsername(appRealm, "johnkeycloak"));
});
// Revert
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
ctx.getLdapModel().getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString());
appRealm.updateComponent(ctx.getLdapModel());
Assert.assertEquals(UserStorageProvider.EditMode.WRITABLE.toString(), appRealm.getComponent(ctx.getLdapModel().getId()).getConfig().getFirst(LDAPConstants.EDIT_MODE));
});
}
Aggregations