Example 6 with LDAPTestContext
use of org.keycloak.testsuite.federation.ldap.LDAPTestContext in project keycloak by keycloak.
the class LDAPProvidersIntegrationNoImportTest method testFullNameMapperWriteOnly.
@Test
public void testFullNameMapperWriteOnly() {
ComponentRepresentation firstNameMapperRep = testingClient.server().fetch(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// assert that user "fullnameUser" is not in local DB
Assert.assertNull(session.users().getUserByUsername(appRealm, "fullname"));
// Add the user with some fullName into LDAP directly. Ensure that fullName is saved into "cn" attribute in LDAP (currently mapped to model firstName)
ComponentModel ldapModel = LDAPTestUtils.getLdapProviderModel(appRealm);
LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel);
LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "fullname", "James Dee", "Dee", "fullname@email.org", null, "4578");
// add fullname mapper to the provider and remove "firstNameMapper". For this test, we will simply map full name to the LDAP attribute, which was before firstName ( "givenName" on active directory, "cn" on other LDAP servers)
ComponentModel firstNameMapper = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "first name");
String ldapFirstNameAttributeName = firstNameMapper.getConfig().getFirst(UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE);
appRealm.removeComponent(firstNameMapper);
ComponentRepresentation firstNameMapperRepp = ModelToRepresentation.toRepresentation(session, firstNameMapper, true);
ComponentModel fullNameMapperModel = KeycloakModelUtils.createComponentModel("full name", ldapModel.getId(), FullNameLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), FullNameLDAPStorageMapper.LDAP_FULL_NAME_ATTRIBUTE, ldapFirstNameAttributeName, FullNameLDAPStorageMapper.READ_ONLY, "false");
appRealm.addComponentModel(fullNameMapperModel);
return firstNameMapperRepp;
}, ComponentRepresentation.class);
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// Assert user is successfully imported in Keycloak DB now with correct firstName and lastName
LDAPTestAsserts.assertUserImported(session.users(), appRealm, "fullname", "James", "Dee", "fullname@email.org", "4578");
// change mapper to writeOnly
ComponentModel fullNameMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "full name");
fullNameMapperModel.getConfig().putSingle(FullNameLDAPStorageMapper.WRITE_ONLY, "true");
appRealm.updateComponent(fullNameMapperModel);
});
// User will be changed in LDAP too
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserModel fullnameUser = session.users().getUserByUsername(appRealm, "fullname");
fullnameUser.setFirstName("James2");
fullnameUser.setLastName("Dee2");
});
// Assert changed user available in Keycloak, but his firstName is null (due the fullnameMapper is write-only and firstName mapper is removed)
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// Assert user is successfully imported in Keycloak DB now with correct firstName and lastName
LDAPTestAsserts.assertUserImported(session.users(), appRealm, "fullname", null, "Dee2", "fullname@email.org", "4578");
// Remove "fullnameUser" to assert he is removed from LDAP. Revert mappers to previous state
UserModel fullnameUser = session.users().getUserByUsername(appRealm, "fullname");
session.users().removeUser(appRealm, fullnameUser);
// Revert mappers
ComponentModel fullNameMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "full name");
appRealm.removeComponent(fullNameMapperModel);
});
firstNameMapperRep.setId(null);
Response response = testRealm().components().add(firstNameMapperRep);
Assert.assertEquals(201, response.getStatus());
response.close();
}
Also used :
ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation)
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
Response(javax.ws.rs.core.Response)
LDAPStorageMapper(org.keycloak.storage.ldap.mappers.LDAPStorageMapper)
FullNameLDAPStorageMapper(org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapper)
UserAttributeLDAPStorageMapper(org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper)
ComponentModel(org.keycloak.component.ComponentModel)
LDAPTestContext(org.keycloak.testsuite.federation.ldap.LDAPTestContext)
LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)
LDAPProvidersIntegrationTest(org.keycloak.testsuite.federation.ldap.LDAPProvidersIntegrationTest)
Test(org.junit.Test)
Example 7 with LDAPTestContext
use of org.keycloak.testsuite.federation.ldap.LDAPTestContext in project keycloak by keycloak.
the class LDAPAccountTest method updateProfileWithAttributePresent.
// KEYCLOAK-15634
@Test
public void updateProfileWithAttributePresent() {
RealmResource testRealm = adminClient.realm("test");
assertEquals(getAccountThemeName(), testRealm.toRepresentation().getAccountTheme());
UserRepresentation userRepBefore = ApiUtil.findUserByUsername(testRealm, "keycloak-15634");
assertNull("User should not exist", userRepBefore);
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
ldapFedProvider.getModel().put(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.UNSYNCED.toString());
appRealm.updateComponent(ldapFedProvider.getModel());
LDAPObject testUser = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "keycloak-15634", "firstName", "lastName", "keycloak-15634@test.local", null, "1234");
LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), testUser, PASSWORD);
});
// Check our test user is ok before updating profile
userRepBefore = ApiUtil.findUserByUsername(testRealm, "keycloak-15634");
assertEquals("Test user should have an email address set", "keycloak-15634@test.local", userRepBefore.getEmail());
assertTrue("Test user should have the LDAP_ID attribute set", userRepBefore.getAttributes().containsKey("LDAP_ID"));
assertFalse("Test user should not have locale attribute set", userRepBefore.getAttributes().containsKey("locale"));
personalInfoPage.navigateTo();
loginPage.assertCurrent();
loginPage.form().login("keycloak-15634", "password");
personalInfoPage.assertCurrent();
assertEquals("keycloak-15634@test.local", personalInfoPage.getEmail());
// Trigger the JS involved in KEYCLOAK-15634
personalInfoPage.setEmail("keycloak-15634@domain.local");
personalInfoPage.clickSave();
// Check if updateProfile went well and if user is still there
UserRepresentation userRepAfter = ApiUtil.findUserByUsername(testRealm, "keycloak-15634");
assertNotNull("Test user should still be there", userRepAfter);
assertEquals("Email should have been updated", "keycloak-15634@domain.local", userRepAfter.getEmail());
assertTrue("LDAP_ID attribute should still be there", userRepAfter.getAttributes().containsKey("LDAP_ID"));
// Clean up
ApiUtil.removeUserByUsername(testRealm, "keycloak-15634");
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
LDAPTestUtils.removeAllLDAPUsers(ctx.getLdapProvider(), appRealm);
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
LDAPTestContext(org.keycloak.testsuite.federation.ldap.LDAPTestContext)
LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
Test(org.junit.Test)
Example 8 with LDAPTestContext
use of org.keycloak.testsuite.federation.ldap.LDAPTestContext in project keycloak by keycloak.
the class LDAPProvidersIntegrationNoImportTest method testSearchWithCustomLDAPFilter.
@Test
@Override
public void testSearchWithCustomLDAPFilter() {
// Add custom filter for searching users
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
ctx.getLdapModel().getConfig().putSingle(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(|(mail=user5@email.org)(mail=user6@email.org))");
appRealm.updateComponent(ctx.getLdapModel());
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username5", "John5", "Doel5", "user5@email.org", null, "125");
LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username6", "John6", "Doel6", "user6@email.org", null, "126");
LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username7", "John7", "Doel7", "user7@email.org", null, "127");
// search by email
UserModel user = session.users().searchForUserStream(appRealm, "user5@email.org").findFirst().get();
LDAPTestAsserts.assertLoaded(user, "username5", "John5", "Doel5", "user5@email.org", "125");
user = session.users().searchForUserStream(appRealm, "John6 Doel6").findFirst().get();
LDAPTestAsserts.assertLoaded(user, "username6", "John6", "Doel6", "user6@email.org", "126");
Assert.assertEquals(0, session.users().searchForUserStream(appRealm, "user7@email.org").count());
Assert.assertEquals(0, session.users().searchForUserStream(appRealm, "John7 Doel7").count());
// Remove custom filter
ctx.getLdapModel().getConfig().remove(LDAPConstants.CUSTOM_USER_SEARCH_FILTER);
appRealm.updateComponent(ctx.getLdapModel());
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
LDAPTestContext(org.keycloak.testsuite.federation.ldap.LDAPTestContext)
LDAPProvidersIntegrationTest(org.keycloak.testsuite.federation.ldap.LDAPProvidersIntegrationTest)
Test(org.junit.Test)
Example 9 with LDAPTestContext
use of org.keycloak.testsuite.federation.ldap.LDAPTestContext in project keycloak by keycloak.
the class LDAPRoleMappingsNoImportTest method test02WriteMappings.
@Test
public void test02WriteMappings() {
testingClient.server().run(session -> {
session.userCache().clear();
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY);
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
// make sure we are in no-import mode
Assert.assertNull(session.userLocalStorage().getUserByUsername(appRealm, "johnkeycloak"));
Assert.assertNull(session.userLocalStorage().getUserByUsername(appRealm, "marykeycloak"));
// 1 - Grant some roles in LDAP
// This role should already exists as it was imported from LDAP
RoleModel realmRole1 = appRealm.getRole("realmRole1");
john.grantRole(realmRole1);
// This role should already exists as it was imported from LDAP
RoleModel realmRole2 = appRealm.getRole("realmRole2");
mary.grantRole(realmRole2);
// This role may already exists from previous test (was imported from LDAP), but may not
RoleModel realmRole3 = appRealm.getRole("realmRole3");
if (realmRole3 == null) {
realmRole3 = appRealm.addRole("realmRole3");
}
john.grantRole(realmRole3);
mary.grantRole(realmRole3);
ClientModel accountApp = appRealm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
ClientModel financeApp = appRealm.getClientByClientId("finance");
RoleModel manageAccountRole = accountApp.getRole(AccountRoles.MANAGE_ACCOUNT);
RoleModel financeRole1 = financeApp.getRole("financeRole1");
john.grantRole(financeRole1);
session.userCache().clear();
});
testingClient.server().run(session -> {
session.userCache().clear();
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
UserModel mary = session.users().getUserByUsername(appRealm, "marykeycloak");
// make sure we are in no-import mode
Assert.assertNull(session.userLocalStorage().getUserByUsername(appRealm, "johnkeycloak"));
Assert.assertNull(session.userLocalStorage().getUserByUsername(appRealm, "marykeycloak"));
RoleModel realmRole1 = appRealm.getRole("realmRole1");
RoleModel realmRole2 = appRealm.getRole("realmRole2");
RoleModel realmRole3 = appRealm.getRole("realmRole3");
ClientModel accountApp = appRealm.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
ClientModel financeApp = appRealm.getClientByClientId("finance");
RoleModel financeRole1 = financeApp.getRole("financeRole1");
// 3 - Check that role mappings are in LDAP and hence available through federation
Set<RoleModel> johnRoles = john.getRoleMappingsStream().collect(Collectors.toSet());
Assert.assertTrue(johnRoles.contains(realmRole1));
Assert.assertFalse(johnRoles.contains(realmRole2));
Assert.assertTrue(johnRoles.contains(realmRole3));
Assert.assertTrue(johnRoles.contains(financeRole1));
Set<RoleModel> johnRealmRoles = john.getRealmRoleMappingsStream().collect(Collectors.toSet());
Assert.assertEquals(2, johnRealmRoles.size());
Assert.assertTrue(johnRealmRoles.contains(realmRole1));
Assert.assertTrue(johnRealmRoles.contains(realmRole3));
Set<RoleModel> johnFinanceRoles = john.getClientRoleMappingsStream(financeApp).collect(Collectors.toSet());
Assert.assertEquals(1, johnFinanceRoles.size());
Assert.assertTrue(johnFinanceRoles.contains(financeRole1));
// 4 - Delete some role mappings and check they are deleted
john.deleteRoleMapping(realmRole3);
john.deleteRoleMapping(realmRole1);
john.deleteRoleMapping(financeRole1);
johnRoles = john.getRoleMappingsStream().collect(Collectors.toSet());
Assert.assertFalse(johnRoles.contains(realmRole1));
Assert.assertFalse(johnRoles.contains(realmRole2));
Assert.assertFalse(johnRoles.contains(realmRole3));
Assert.assertFalse(johnRoles.contains(financeRole1));
// Cleanup
mary.deleteRoleMapping(realmRole2);
mary.deleteRoleMapping(realmRole3);
session.userCache().clear();
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
ClientModel(org.keycloak.models.ClientModel)
LDAPTestContext(org.keycloak.testsuite.federation.ldap.LDAPTestContext)
RoleModel(org.keycloak.models.RoleModel)
Test(org.junit.Test)
AbstractLDAPTest(org.keycloak.testsuite.federation.ldap.AbstractLDAPTest)
Example 10 with LDAPTestContext
use of org.keycloak.testsuite.federation.ldap.LDAPTestContext in project keycloak by keycloak.
the class LDAPAccountTest method beforeSigningInTest.
@Before
public void beforeSigningInTest() {
passwordCredentialType = signingInPage.getCredentialType(PasswordCredentialModel.TYPE);
testingClient.testing().ldap(TEST).createLDAPProvider(ldapRule.getConfig(), true);
log.infof("LDAP Provider created");
String userName = "johnkeycloak";
String firstName = "Jonh";
String lastName = "Doe";
String email = "john@email.org";
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// Delete all LDAP users and add some new for testing
LDAPTestUtils.removeAllLDAPUsers(ctx.getLdapProvider(), appRealm);
LDAPObject john = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, userName, firstName, lastName, email, null, "1234");
LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), john, PASSWORD);
});
testRealmLoginPage.setAuthRealm(testRealmPage);
testRealmAccountPage.setAuthRealm(testRealmPage);
testUser = createUserRepresentation(userName, email, firstName, lastName, true);
setPasswordFor(testUser, PASSWORD);
resetTestRealmSession();
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
LDAPTestContext(org.keycloak.testsuite.federation.ldap.LDAPTestContext)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
Before(org.junit.Before)
Aggregations
RealmModel (org.keycloak.models.RealmModel)10
LDAPTestContext (org.keycloak.testsuite.federation.ldap.LDAPTestContext)10
Test (org.junit.Test)8
UserModel (org.keycloak.models.UserModel)7
LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)4
LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)4
RoleModel (org.keycloak.models.RoleModel)3
AbstractLDAPTest (org.keycloak.testsuite.federation.ldap.AbstractLDAPTest)3
LDAPProvidersIntegrationTest (org.keycloak.testsuite.federation.ldap.LDAPProvidersIntegrationTest)3
ComponentModel (org.keycloak.component.ComponentModel)2
ClientModel (org.keycloak.models.ClientModel)2
Response (javax.ws.rs.core.Response)1
Before (org.junit.Before)1
RealmResource (org.keycloak.admin.client.resource.RealmResource)1
ComponentRepresentation (org.keycloak.representations.idm.ComponentRepresentation)1
UserStorageProviderModel (org.keycloak.storage.UserStorageProviderModel)1
FullNameLDAPStorageMapper (org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapper)1
LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)1
UserAttributeLDAPStorageMapper (org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper)1
RoleLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper)1
