Examples with SynchronizationResult org.keycloak.storage.user.SynchronizationResult used on opensource projects

Search in sources :

Example 1 with SynchronizationResult

use of org.keycloak.storage.user.SynchronizationResult in project keycloak by keycloak.

the class LDAPGroupMapper2WaySyncTest method test01_syncNoPreserveGroupInheritance.

@Test
public void test01_syncNoPreserveGroupInheritance() throws Exception {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        // Update group mapper to skip preserve inheritance and check it will pass now
        LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.PRESERVE_GROUP_INHERITANCE, "false");
        realm.updateComponent(mapperModel);
        // Sync from Keycloak into LDAP
        SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(realm);
        LDAPTestAsserts.assertSyncEquals(syncResult, 4, 0, 0, 0);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        // Delete all KC groups now
        removeAllModelGroups(realm);
        Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group1"));
        Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group11"));
        Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group2"));
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper");
        // Sync from LDAP back into Keycloak
        SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
        LDAPTestAsserts.assertSyncEquals(syncResult, 4, 0, 0, 0);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper");
        // Assert groups are imported to keycloak. All are at top level
        GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1");
        GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, "/group11");
        GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group12");
        GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(realm, "/group2");
        Assert.assertEquals(0, kcGroup1.getSubGroupsStream().count());
        Assert.assertEquals("group1 - description1", kcGroup1.getFirstAttribute(descriptionAttrName));
        Assert.assertNull(kcGroup11.getFirstAttribute(descriptionAttrName));
        Assert.assertEquals("group12 - description12", kcGroup12.getFirstAttribute(descriptionAttrName));
        Assert.assertNull(kcGroup2.getFirstAttribute(descriptionAttrName));
        // test drop non-existing works
        testDropNonExisting(session, ctx, mapperModel);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) GroupModel(org.keycloak.models.GroupModel) GroupLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) Test(org.junit.Test)

Example 2 with SynchronizationResult

use of org.keycloak.storage.user.SynchronizationResult in project keycloak by keycloak.

the class LDAPGroupMapper2WaySyncTest method testDropNonExisting.

private static void testDropNonExisting(KeycloakSession session, LDAPTestContext ctx, ComponentModel mapperModel) {
    RealmModel realm = ctx.getRealm();
    // Put some group directly to LDAP
    LDAPTestUtils.createLDAPGroup(session, realm, ctx.getLdapModel(), "group3");
    // Sync and assert our group is still in LDAP
    SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(realm);
    LDAPTestAsserts.assertSyncEquals(syncResult, 0, 4, 0, 0);
    Assert.assertNotNull(LDAPTestUtils.getGroupMapper(mapperModel, ctx.getLdapProvider(), realm).loadLDAPGroupByName("group3"));
    // Change config to drop non-existing groups
    LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.DROP_NON_EXISTING_GROUPS_DURING_SYNC, "true");
    realm.updateComponent(mapperModel);
    // Sync and assert group removed from LDAP
    syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(realm);
    LDAPTestAsserts.assertSyncEquals(syncResult, 0, 4, 1, 0);
    Assert.assertNull(LDAPTestUtils.getGroupMapper(mapperModel, ctx.getLdapProvider(), realm).loadLDAPGroupByName("group3"));
}
Also used : RealmModel(org.keycloak.models.RealmModel) GroupLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult)

Example 3 with SynchronizationResult

use of org.keycloak.storage.user.SynchronizationResult in project keycloak by keycloak.

the class LDAPGroupMapper2WaySyncTest method test02_syncWithGroupInheritance.

@Test
public void test02_syncWithGroupInheritance() throws Exception {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        // Update group mapper to skip preserve inheritance and check it will pass now
        LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.PRESERVE_GROUP_INHERITANCE, "true");
        LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.DROP_NON_EXISTING_GROUPS_DURING_SYNC, "false");
        realm.updateComponent(mapperModel);
        // Sync from Keycloak into LDAP
        SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(realm);
        LDAPTestAsserts.assertSyncEquals(syncResult, 4, 0, 0, 0);
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        // Delete all KC groups now
        removeAllModelGroups(realm);
        Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group1"));
        Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group11"));
        Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group2"));
    });
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        // Sync from LDAP back into Keycloak
        SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
        LDAPTestAsserts.assertSyncEquals(syncResult, 4, 0, 0, 0);
        // Assert groups are imported to keycloak. All are at top level
        GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1");
        GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group11");
        GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group12");
        GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(realm, "/group2");
        Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count());
        Assert.assertEquals("group1 - description1", kcGroup1.getFirstAttribute(descriptionAttrName));
        Assert.assertNull(kcGroup11.getFirstAttribute(descriptionAttrName));
        Assert.assertEquals("group12 - description12", kcGroup12.getFirstAttribute(descriptionAttrName));
        Assert.assertNull(kcGroup2.getFirstAttribute(descriptionAttrName));
        // test drop non-existing works
        testDropNonExisting(session, ctx, mapperModel);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) GroupModel(org.keycloak.models.GroupModel) GroupLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) Test(org.junit.Test)

Example 4 with SynchronizationResult

use of org.keycloak.storage.user.SynchronizationResult in project keycloak by keycloak.

the class LDAPGroupMapperSyncWithGroupsPathTest method test01_syncWithGroupInheritance.

@Test
public void test01_syncWithGroupInheritance() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
        ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper");
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
        GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, realm);
        // KEYCLOAK-11415 - This test requires the group mapper to be configured with preserve group inheritance
        // set to 'true' (the default setting). If preservation of group inheritance isn't configured, some of
        // the previous test(s) failed to cleanup properly. Check the requirement as part of running the test
        Assert.assertEquals(mapperModel.getConfig().getFirst("preserve.group.inheritance"), "true");
        // Sync groups with inheritance
        SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
        LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0);
        // Assert groups are imported to keycloak including their inheritance from LDAP
        GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1");
        Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group11"));
        Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group12"));
        GroupModel kcGroup11 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group11");
        GroupModel kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group12");
        Assert.assertEquals(2, kcGroup1.getSubGroupsStream().count());
        Assert.assertEquals("group1 - description", kcGroup1.getFirstAttribute(descriptionAttrName));
        Assert.assertNull(kcGroup11.getFirstAttribute(descriptionAttrName));
        Assert.assertEquals("group12 - description", kcGroup12.getFirstAttribute(descriptionAttrName));
        // Update description attributes in LDAP
        LDAPObject group1 = groupMapper.loadLDAPGroupByName("group1");
        group1.setSingleAttribute(descriptionAttrName, "group1 - changed description");
        ldapProvider.getLdapIdentityStore().update(group1);
        LDAPObject group12 = groupMapper.loadLDAPGroupByName("group12");
        group12.setAttribute(descriptionAttrName, null);
        ldapProvider.getLdapIdentityStore().update(group12);
        // Sync and assert groups updated
        syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm);
        LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0);
        // Assert attributes changed in keycloak
        kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1");
        kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, LDAP_GROUPS_PATH + "/group1/group12");
        Assert.assertEquals("group1 - changed description", kcGroup1.getFirstAttribute(descriptionAttrName));
        Assert.assertNull(kcGroup12.getFirstAttribute(descriptionAttrName));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) GroupModel(org.keycloak.models.GroupModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) GroupLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper) Test(org.junit.Test)

Example 5 with SynchronizationResult

use of org.keycloak.storage.user.SynchronizationResult in project keycloak by keycloak.

the class RoleLDAPStorageMapper method syncDataFromKeycloakToFederationProvider.

// Sync roles from Keycloak back to LDAP
@Override
public SynchronizationResult syncDataFromKeycloakToFederationProvider(RealmModel realm) {
    SynchronizationResult syncResult = new SynchronizationResult() {

        @Override
        public String getStatus() {
            return String.format("%d roles imported to LDAP, %d roles already existed in LDAP", getAdded(), getUpdated());
        }
    };
    if (config.getMode() != LDAPGroupMapperMode.LDAP_ONLY) {
        logger.warnf("Ignored sync for federation mapper '%s' as it's mode is '%s'", mapperModel.getName(), config.getMode().toString());
        return syncResult;
    }
    logger.debugf("Syncing roles from Keycloak into LDAP. Mapper is [%s], LDAP provider is [%s]", mapperModel.getName(), ldapProvider.getModel().getName());
    // Send LDAP query to see which roles exists there
    try (LDAPQuery ldapQuery = createRoleQuery(false)) {
        List<LDAPObject> ldapRoles = LDAPUtils.loadAllLDAPObjects(ldapQuery, ldapProvider);
        Set<String> ldapRoleNames = new HashSet<>();
        String rolesRdnAttr = config.getRoleNameLdapAttribute();
        for (LDAPObject ldapRole : ldapRoles) {
            String roleName = ldapRole.getAttributeAsString(rolesRdnAttr);
            ldapRoleNames.add(roleName);
        }
        RoleContainerModel roleContainer = getTargetRoleContainer(realm);
        Stream<RoleModel> keycloakRoles = roleContainer.getRolesStream();
        Consumer<String> syncRoleFromKCToLDAP = roleName -> {
            if (ldapRoleNames.contains(roleName)) {
                syncResult.increaseUpdated();
            } else {
                logger.debugf("Syncing role [%s] from Keycloak to LDAP", roleName);
                createLDAPRole(roleName);
                syncResult.increaseAdded();
            }
        };
        keycloakRoles.map(RoleModel::getName).forEach(syncRoleFromKCToLDAP);
        return syncResult;
    }
}
Also used : ClientModel(org.keycloak.models.ClientModel) AbstractLDAPStorageMapper(org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) Logger(org.jboss.logging.Logger) RoleContainerModel(org.keycloak.models.RoleContainerModel) RoleUtils(org.keycloak.models.utils.RoleUtils) HashSet(java.util.HashSet) UserRolesRetrieveStrategy(org.keycloak.storage.ldap.mappers.membership.UserRolesRetrieveStrategy) UserModel(org.keycloak.models.UserModel) ComponentModel(org.keycloak.component.ComponentModel) LDAPGroupMapperMode(org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode) UserModelDelegate(org.keycloak.models.utils.UserModelDelegate) MembershipType(org.keycloak.storage.ldap.mappers.membership.MembershipType) LDAPQueryConditionsBuilder(org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder) RealmModel(org.keycloak.models.RealmModel) LDAPConfig(org.keycloak.storage.ldap.LDAPConfig) Collection(java.util.Collection) Set(java.util.Set) RoleModel(org.keycloak.models.RoleModel) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) Collectors(java.util.stream.Collectors) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) Objects(java.util.Objects) Consumer(java.util.function.Consumer) List(java.util.List) Stream(java.util.stream.Stream) LDAPUtils(org.keycloak.storage.ldap.LDAPUtils) ModelException(org.keycloak.models.ModelException) CommonLDAPGroupMapperConfig(org.keycloak.storage.ldap.mappers.membership.CommonLDAPGroupMapperConfig) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) CommonLDAPGroupMapper(org.keycloak.storage.ldap.mappers.membership.CommonLDAPGroupMapper) Collections(java.util.Collections) Condition(org.keycloak.storage.ldap.idm.query.Condition) LDAPQuery(org.keycloak.storage.ldap.idm.query.internal.LDAPQuery) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) RoleModel(org.keycloak.models.RoleModel) SynchronizationResult(org.keycloak.storage.user.SynchronizationResult) RoleContainerModel(org.keycloak.models.RoleContainerModel) HashSet(java.util.HashSet)

Aggregations

SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)33 RealmModel (org.keycloak.models.RealmModel)20 Test (org.junit.Test)18 ComponentModel (org.keycloak.component.ComponentModel)18 LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)16 UserStorageSyncManager (org.keycloak.services.managers.UserStorageSyncManager)12 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)11 GroupModel (org.keycloak.models.GroupModel)9 KeycloakSessionFactory (org.keycloak.models.KeycloakSessionFactory)9 GroupLDAPStorageMapperFactory (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory)9 HashMap (java.util.HashMap)8 UserModel (org.keycloak.models.UserModel)7 UserStorageProvider (org.keycloak.storage.UserStorageProvider)7 UserStorageProviderModel (org.keycloak.storage.UserStorageProviderModel)7 KeycloakSession (org.keycloak.models.KeycloakSession)5 LDAPQuery (org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)5 KeycloakSessionTask (org.keycloak.models.KeycloakSessionTask)4 UserStorageProviderFactory (org.keycloak.storage.UserStorageProviderFactory)4 ImportSynchronization (org.keycloak.storage.user.ImportSynchronization)4 List (java.util.List)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial