Example 1 with UserAccountControl
use of org.keycloak.storage.ldap.mappers.msad.UserAccountControl in project keycloak by keycloak.
the class LDAPMSADMapperTest method test06RegisterNewUser.
@Test
public void test06RegisterNewUser() {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
// Register user
registerPage.register("firstName", "lastName", "email3@check.cz", "registeruser3", "Password1", "Password1");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
// Check user enabled in MSAD
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
LDAPObject ldapJohn = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
String pwdLastSet = ldapJohn.getAttributeAsString(LDAPConstants.PWD_LAST_SET);
Assert.assertTrue(Long.parseLong(pwdLastSet) > 0);
String userAccountControl = ldapJohn.getAttributeAsString(LDAPConstants.USER_ACCOUNT_CONTROL);
long longValue = userAccountControl == null ? 0 : Long.parseLong(userAccountControl);
Assert.assertFalse(new UserAccountControl(longValue).has(UserAccountControl.ACCOUNTDISABLE));
});
// Logout and login again. Success
ApiUtil.findUserByUsernameId(adminClient.realm("test"), "registeruser3").logout();
loginPage.open();
loginPage.login("registeruser3", "Password1");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserAccountControl(org.keycloak.storage.ldap.mappers.msad.UserAccountControl)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
Test(org.junit.Test)
Example 2 with UserAccountControl
use of org.keycloak.storage.ldap.mappers.msad.UserAccountControl in project keycloak by keycloak.
the class LDAPMSADMapperTest method isJohnEnabledInMSAD.
private boolean isJohnEnabledInMSAD() {
String userAccountControls = testingClient.server().fetchString(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
LDAPObject ldapJohn = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
String userAccountControl = ldapJohn.getAttributeAsString(LDAPConstants.USER_ACCOUNT_CONTROL);
return userAccountControl;
});
if (userAccountControls == null) {
Assert.fail("LDAP user johnkeycloak does not have userAccountControl attribute on him");
}
// Need to remove double quotes TODO: Ideally fix fetchString method and all the tests, which uses it as it is dummy to need to remove quotes in each test individually...
UserAccountControl acControl = new UserAccountControl(Long.parseLong(userAccountControls.replace("\"", "")));
return !acControl.has(UserAccountControl.ACCOUNTDISABLE);
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserAccountControl(org.keycloak.storage.ldap.mappers.msad.UserAccountControl)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
Example 3 with UserAccountControl
use of org.keycloak.storage.ldap.mappers.msad.UserAccountControl in project keycloak by keycloak.
the class LDAPMSADMapperTest method test07DisabledUserInMSADSwitchedToEnabledInKeycloak.
@Test
public void test07DisabledUserInMSADSwitchedToEnabledInKeycloak() {
// Disable user in MSAD
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
LDAPObject ldapJohn = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
String userAccountControlStr = ldapJohn.getAttributeAsString(LDAPConstants.USER_ACCOUNT_CONTROL);
UserAccountControl control = new UserAccountControl(Long.parseLong(userAccountControlStr));
control.add(UserAccountControl.ACCOUNTDISABLE);
ldapJohn.setSingleAttribute(LDAPConstants.USER_ACCOUNT_CONTROL, String.valueOf(control.getValue()));
ctx.getLdapProvider().getLdapIdentityStore().update(ldapJohn);
});
// Check user disabled in both admin REST API and MSAD
UserResource john = ApiUtil.findUserByUsernameId(adminClient.realm("test"), "johnkeycloak");
UserRepresentation johnRep = john.toRepresentation();
Assert.assertFalse(johnRep.isEnabled());
Assert.assertFalse(isJohnEnabledInMSAD());
// Login as johnkeycloak, but user disabled
loginPage.open();
loginPage.login("johnkeycloak", "Password1");
Assert.assertEquals("Account is disabled, contact your administrator.", loginPage.getError());
// Enable user in admin REST API
johnRep.setEnabled(true);
john.update(johnRep);
// Assert user enabled also in MSAD
Assert.assertTrue(isJohnEnabledInMSAD());
// Logout and login again. There should not be a need to update required action anymore
john.logout();
loginPage.open();
loginPage.login("johnkeycloak", "Password1");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserAccountControl(org.keycloak.storage.ldap.mappers.msad.UserAccountControl)
UserResource(org.keycloak.admin.client.resource.UserResource)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
Test(org.junit.Test)
Aggregations
RealmModel (org.keycloak.models.RealmModel)3
LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)3
UserAccountControl (org.keycloak.storage.ldap.mappers.msad.UserAccountControl)3
Test (org.junit.Test)2
UserResource (org.keycloak.admin.client.resource.UserResource)1
UserRepresentation (org.keycloak.representations.idm.UserRepresentation)1
