From 08bbb1fb9209beca37effb846a3bf2f32b46d68d Mon Sep 17 00:00:00 2001 From: Alexander Schwartz Date: Wed, 18 May 2022 10:53:21 +0200 Subject: [PATCH] Move LDAP REST Endpoints to LDAP package - Thus remove implicit dependency on services on the legacy modules - Disable tests for LDAP/Kerberos that won't work when map storage is enabled --- .../keycloak-ldap-federation/main/module.xml | 1 + .../keycloak-ldap-federation/main/module.xml | 1 + federation/ldap/pom.xml | 4 + .../LDAPServerCapabilitiesManager.java | 0 ...pServerCapabilitiesRealmAdminProvider.java | 40 +++++++ .../admin/LdapServerCapabilitiesResource.java | 87 +++++++++++++++ .../TestLdapConnectionRealmAdminProvider.java | 40 +++++++ .../admin/TestLdapConnectionResource.java | 104 ++++++++++++++++++ ...dmin.ext.AdminRealmResourceProviderFactory | 19 ++++ ...dmin.ext.AdminRealmResourceProviderFactory | 17 +++ services/pom.xml | 5 - .../resources/admin/RealmAdminResource.java | 64 ----------- .../broker/AbstractAdvancedBrokerTest.java | 5 + .../federation/kerberos/KerberosLdapTest.java | 9 +- .../kerberos/KerberosStandaloneTest.java | 8 ++ .../ldap/LDAPAccountRestApiTest.java | 4 + .../federation/ldap/LDAPLegacyImportTest.java | 7 ++ .../ldap/LDAPMultipleAttributesTest.java | 8 ++ .../ldap/LDAPPasswordModifyExtensionTest.java | 9 +- .../ldap/LDAPProvidersIntegrationTest.java | 8 ++ .../federation/ldap/LDAPReadOnlyTest.java | 9 ++ ...SamlIdPInitiatedVaryingLetterCaseTest.java | 5 + .../federation/ldap/LDAPSpecialCharsTest.java | 8 ++ .../federation/ldap/LDAPUserLoginTest.java | 9 ++ .../ldap/LDAPUserMultipleCredentialTest.java | 9 ++ 25 files changed, 408 insertions(+), 72 deletions(-) rename {services => federation/ldap}/src/main/java/org/keycloak/services/managers/LDAPServerCapabilitiesManager.java (100%) create mode 100644 federation/ldap/src/main/java/org/keycloak/services/resources/admin/LdapServerCapabilitiesRealmAdminProvider.java create mode 100644 federation/ldap/src/main/java/org/keycloak/services/resources/admin/LdapServerCapabilitiesResource.java create mode 100644 federation/ldap/src/main/java/org/keycloak/services/resources/admin/TestLdapConnectionRealmAdminProvider.java create mode 100644 federation/ldap/src/main/java/org/keycloak/services/resources/admin/TestLdapConnectionResource.java create mode 100644 federation/ldap/src/main/resources/META-INF/services/org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-ldap-federation/main/module.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-ldap-federation/main/module.xml index bf1bcf050e..443eead9db 100755 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-ldap-federation/main/module.xml +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-ldap-federation/main/module.xml @@ -33,6 +33,7 @@ + diff --git a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-ldap-federation/main/module.xml b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-ldap-federation/main/module.xml index bf1bcf050e..443eead9db 100755 --- a/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-ldap-federation/main/module.xml +++ b/distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-ldap-federation/main/module.xml @@ -33,6 +33,7 @@ + diff --git a/federation/ldap/pom.xml b/federation/ldap/pom.xml index 2e426e3e09..af29f5bd0c 100755 --- a/federation/ldap/pom.xml +++ b/federation/ldap/pom.xml @@ -80,6 +80,10 @@ org.keycloak keycloak-model-legacy-private + + org.keycloak + keycloak-services + diff --git a/services/src/main/java/org/keycloak/services/managers/LDAPServerCapabilitiesManager.java b/federation/ldap/src/main/java/org/keycloak/services/managers/LDAPServerCapabilitiesManager.java similarity index 100% rename from services/src/main/java/org/keycloak/services/managers/LDAPServerCapabilitiesManager.java rename to federation/ldap/src/main/java/org/keycloak/services/managers/LDAPServerCapabilitiesManager.java diff --git a/federation/ldap/src/main/java/org/keycloak/services/resources/admin/LdapServerCapabilitiesRealmAdminProvider.java b/federation/ldap/src/main/java/org/keycloak/services/resources/admin/LdapServerCapabilitiesRealmAdminProvider.java new file mode 100644 index 0000000000..d3299cd9a8 --- /dev/null +++ b/federation/ldap/src/main/java/org/keycloak/services/resources/admin/LdapServerCapabilitiesRealmAdminProvider.java @@ -0,0 +1,40 @@ +package org.keycloak.services.resources.admin; + +import org.keycloak.Config.Scope; +import org.keycloak.models.KeycloakSession; +import org.keycloak.models.KeycloakSessionFactory; +import org.keycloak.models.RealmModel; +import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider; +import org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory; +import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; + +public class LdapServerCapabilitiesRealmAdminProvider implements AdminRealmResourceProviderFactory, AdminRealmResourceProvider { + + @Override + public AdminRealmResourceProvider create(KeycloakSession session) { + return this; + } + + @Override + public void init(Scope config) { + } + + @Override + public void postInit(KeycloakSessionFactory factory) { + } + + @Override + public void close() { + } + + @Override + public String getId() { + return "ldap-server-capabilities"; + } + + @Override + public Object getResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { + return new LdapServerCapabilitiesResource(realm, auth, adminEvent); + } + +} diff --git a/federation/ldap/src/main/java/org/keycloak/services/resources/admin/LdapServerCapabilitiesResource.java b/federation/ldap/src/main/java/org/keycloak/services/resources/admin/LdapServerCapabilitiesResource.java new file mode 100644 index 0000000000..500481f905 --- /dev/null +++ b/federation/ldap/src/main/java/org/keycloak/services/resources/admin/LdapServerCapabilitiesResource.java @@ -0,0 +1,87 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.services.resources.admin; + +import org.jboss.logging.Logger; +import org.jboss.resteasy.annotations.cache.NoCache; +import org.keycloak.common.ClientConnection; +import org.keycloak.models.KeycloakSession; +import org.keycloak.models.RealmModel; +import org.keycloak.representations.idm.LDAPCapabilityRepresentation; +import org.keycloak.representations.idm.TestLdapConnectionRepresentation; +import org.keycloak.services.ErrorResponse; +import org.keycloak.services.managers.LDAPServerCapabilitiesManager; +import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; + +import javax.ws.rs.Consumes; +import javax.ws.rs.POST; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import java.util.Set; + +/** + * @resource User Storage Provider + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class LdapServerCapabilitiesResource { + private static final Logger logger = Logger.getLogger(LdapServerCapabilitiesResource.class); + + protected RealmModel realm; + + protected AdminPermissionEvaluator auth; + + protected AdminEventBuilder adminEvent; + + @Context + protected ClientConnection clientConnection; + + @Context + protected KeycloakSession session; + + @Context + protected HttpHeaders headers; + + public LdapServerCapabilitiesResource(RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { + this.auth = auth; + this.realm = realm; + this.adminEvent = adminEvent; + } + + /** + * Get LDAP supported extensions. + * @param config LDAP configuration + * @return + */ + @POST + @NoCache + @Consumes(MediaType.APPLICATION_JSON) + @Produces(javax.ws.rs.core.MediaType.APPLICATION_JSON) + public Response ldapServerCapabilities(TestLdapConnectionRepresentation config) { + auth.realm().requireManageRealm(); + try { + Set ldapCapabilities = LDAPServerCapabilitiesManager.queryServerCapabilities(config, session, realm); + return Response.ok().entity(ldapCapabilities).build(); + } catch (Exception e) { + return ErrorResponse.error("ldapServerCapabilities error", Response.Status.BAD_REQUEST); + } + } + +} diff --git a/federation/ldap/src/main/java/org/keycloak/services/resources/admin/TestLdapConnectionRealmAdminProvider.java b/federation/ldap/src/main/java/org/keycloak/services/resources/admin/TestLdapConnectionRealmAdminProvider.java new file mode 100644 index 0000000000..658bbd9f6e --- /dev/null +++ b/federation/ldap/src/main/java/org/keycloak/services/resources/admin/TestLdapConnectionRealmAdminProvider.java @@ -0,0 +1,40 @@ +package org.keycloak.services.resources.admin; + +import org.keycloak.Config.Scope; +import org.keycloak.models.KeycloakSession; +import org.keycloak.models.KeycloakSessionFactory; +import org.keycloak.models.RealmModel; +import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider; +import org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory; +import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; + +public class TestLdapConnectionRealmAdminProvider implements AdminRealmResourceProviderFactory, AdminRealmResourceProvider { + + @Override + public AdminRealmResourceProvider create(KeycloakSession session) { + return this; + } + + @Override + public void init(Scope config) { + } + + @Override + public void postInit(KeycloakSessionFactory factory) { + } + + @Override + public void close() { + } + + @Override + public String getId() { + return "testLDAPConnection"; + } + + @Override + public Object getResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { + return new TestLdapConnectionResource(realm, auth, adminEvent); + } + +} diff --git a/federation/ldap/src/main/java/org/keycloak/services/resources/admin/TestLdapConnectionResource.java b/federation/ldap/src/main/java/org/keycloak/services/resources/admin/TestLdapConnectionResource.java new file mode 100644 index 0000000000..aa07cc3593 --- /dev/null +++ b/federation/ldap/src/main/java/org/keycloak/services/resources/admin/TestLdapConnectionResource.java @@ -0,0 +1,104 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.keycloak.services.resources.admin; + +import org.jboss.logging.Logger; +import org.jboss.resteasy.annotations.cache.NoCache; +import org.keycloak.common.ClientConnection; +import org.keycloak.models.KeycloakSession; +import org.keycloak.models.LDAPConstants; +import org.keycloak.models.RealmModel; +import org.keycloak.representations.idm.TestLdapConnectionRepresentation; +import org.keycloak.services.ErrorResponse; +import org.keycloak.services.managers.LDAPServerCapabilitiesManager; +import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator; + +import javax.ws.rs.Consumes; +import javax.ws.rs.FormParam; +import javax.ws.rs.POST; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; + +/** + * @resource User Storage Provider + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class TestLdapConnectionResource { + private static final Logger logger = Logger.getLogger(TestLdapConnectionResource.class); + + protected RealmModel realm; + + protected AdminPermissionEvaluator auth; + + protected AdminEventBuilder adminEvent; + + @Context + protected ClientConnection clientConnection; + + @Context + protected KeycloakSession session; + + @Context + protected HttpHeaders headers; + + public TestLdapConnectionResource(RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) { + this.auth = auth; + this.realm = realm; + this.adminEvent = adminEvent; + } + + /** + * Test LDAP connection + * + * @param action + * @param connectionUrl + * @param bindDn + * @param bindCredential + * @return + */ + @POST + @NoCache + @Consumes(MediaType.APPLICATION_FORM_URLENCODED) + @Deprecated + public Response testLDAPConnection(@FormParam("action") String action, @FormParam("connectionUrl") String connectionUrl, + @FormParam("bindDn") String bindDn, @FormParam("bindCredential") String bindCredential, + @FormParam("useTruststoreSpi") String useTruststoreSpi, @FormParam("connectionTimeout") String connectionTimeout, + @FormParam("componentId") String componentId, @FormParam("startTls") String startTls) { + auth.realm().requireManageRealm(); + + TestLdapConnectionRepresentation config = new TestLdapConnectionRepresentation(action, connectionUrl, bindDn, bindCredential, useTruststoreSpi, connectionTimeout, startTls, LDAPConstants.AUTH_TYPE_SIMPLE); + config.setComponentId(componentId); + boolean result = LDAPServerCapabilitiesManager.testLDAP(config, session, realm); + return result ? Response.noContent().build() : ErrorResponse.error("LDAP test error", Response.Status.BAD_REQUEST); + } + + /** + * Test LDAP connection + * @return + */ + @POST + @NoCache + @Consumes(MediaType.APPLICATION_JSON) + public Response testLDAPConnection(TestLdapConnectionRepresentation config) { + boolean result = LDAPServerCapabilitiesManager.testLDAP(config, session, realm); + return result ? Response.noContent().build() : ErrorResponse.error("LDAP test error", Response.Status.BAD_REQUEST); + } + +} diff --git a/federation/ldap/src/main/resources/META-INF/services/org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory b/federation/ldap/src/main/resources/META-INF/services/org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory new file mode 100644 index 0000000000..8dc953d24d --- /dev/null +++ b/federation/ldap/src/main/resources/META-INF/services/org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory @@ -0,0 +1,19 @@ +# +# Copyright 2022 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +org.keycloak.services.resources.admin.TestLdapConnectionRealmAdminProvider +org.keycloak.services.resources.admin.LdapServerCapabilitiesRealmAdminProvider diff --git a/model/legacy-services/src/main/resources/META-INF/services/org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory b/model/legacy-services/src/main/resources/META-INF/services/org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory index 030e4fd3ab..ac600edf4c 100644 --- a/model/legacy-services/src/main/resources/META-INF/services/org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory +++ b/model/legacy-services/src/main/resources/META-INF/services/org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory @@ -1 +1,18 @@ +# +# Copyright 2022 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + org.keycloak.services.resources.admin.UserStorageProviderRealmAdminProvider diff --git a/services/pom.xml b/services/pom.xml index bf4e4fbd40..3e1e4fcb64 100755 --- a/services/pom.xml +++ b/services/pom.xml @@ -74,11 +74,6 @@ keycloak-server-spi-private provided - - org.keycloak - keycloak-ldap-federation - provided - org.twitter4j twitter4j-core diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java index b65284a614..70c259ab8d 100644 --- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java @@ -27,7 +27,6 @@ import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.Set; import java.util.stream.Collectors; import java.util.stream.Stream; @@ -79,7 +78,6 @@ import org.keycloak.models.ClientScopeModel; import org.keycloak.models.Constants; import org.keycloak.models.GroupModel; import org.keycloak.models.KeycloakSession; -import org.keycloak.models.LDAPConstants; import org.keycloak.models.ModelDuplicateException; import org.keycloak.models.ModelException; import org.keycloak.models.RealmModel; @@ -101,15 +99,12 @@ import org.keycloak.representations.idm.ClientScopeRepresentation; import org.keycloak.representations.idm.ComponentRepresentation; import org.keycloak.representations.idm.EventRepresentation; import org.keycloak.representations.idm.GroupRepresentation; -import org.keycloak.representations.idm.LDAPCapabilityRepresentation; import org.keycloak.representations.idm.ManagementPermissionReference; import org.keycloak.representations.idm.PartialImportRepresentation; import org.keycloak.representations.idm.RealmEventsConfigRepresentation; import org.keycloak.representations.idm.RealmRepresentation; -import org.keycloak.representations.idm.TestLdapConnectionRepresentation; import org.keycloak.services.ErrorResponse; import org.keycloak.services.managers.AuthenticationManager; -import org.keycloak.services.managers.LDAPServerCapabilitiesManager; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.ResourceAdminManager; import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider; @@ -924,65 +919,6 @@ public class RealmAdminResource { eventStore.clearAdmin(realm); } - /** - * Test LDAP connection - * - * @param action - * @param connectionUrl - * @param bindDn - * @param bindCredential - * @return - */ - @Path("testLDAPConnection") - @POST - @NoCache - @Consumes(MediaType.APPLICATION_FORM_URLENCODED) - @Deprecated - public Response testLDAPConnection(@FormParam("action") String action, @FormParam("connectionUrl") String connectionUrl, - @FormParam("bindDn") String bindDn, @FormParam("bindCredential") String bindCredential, - @FormParam("useTruststoreSpi") String useTruststoreSpi, @FormParam("connectionTimeout") String connectionTimeout, - @FormParam("componentId") String componentId, @FormParam("startTls") String startTls) { - auth.realm().requireManageRealm(); - - TestLdapConnectionRepresentation config = new TestLdapConnectionRepresentation(action, connectionUrl, bindDn, bindCredential, useTruststoreSpi, connectionTimeout, startTls, LDAPConstants.AUTH_TYPE_SIMPLE); - config.setComponentId(componentId); - boolean result = LDAPServerCapabilitiesManager.testLDAP(config, session, realm); - return result ? Response.noContent().build() : ErrorResponse.error("LDAP test error", Response.Status.BAD_REQUEST); - } - - /** - * Test LDAP connection - * @return - */ - @Path("testLDAPConnection") - @POST - @NoCache - @Consumes(MediaType.APPLICATION_JSON) - public Response testLDAPConnection(TestLdapConnectionRepresentation config) { - boolean result = LDAPServerCapabilitiesManager.testLDAP(config, session, realm); - return result ? Response.noContent().build() : ErrorResponse.error("LDAP test error", Response.Status.BAD_REQUEST); - } - - /** - * Get LDAP supported extensions. - * @param config LDAP configuration - * @return - */ - @POST - @Path("ldap-server-capabilities") - @NoCache - @Consumes(MediaType.APPLICATION_JSON) - @Produces(javax.ws.rs.core.MediaType.APPLICATION_JSON) - public Response ldapServerCapabilities(TestLdapConnectionRepresentation config) { - auth.realm().requireManageRealm(); - try { - Set ldapCapabilities = LDAPServerCapabilitiesManager.queryServerCapabilities(config, session, realm); - return Response.ok().entity(ldapCapabilities).build(); - } catch (Exception e) { - return ErrorResponse.error("ldapServerCapabilities error", Status.BAD_REQUEST); - } - } - /** * Test SMTP connection with current logged in user * diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractAdvancedBrokerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractAdvancedBrokerTest.java index 7bc43aae66..a3b296a55b 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractAdvancedBrokerTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractAdvancedBrokerTest.java @@ -4,6 +4,7 @@ import org.junit.Test; import org.keycloak.admin.client.resource.IdentityProviderResource; import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.common.Profile; import org.keycloak.common.util.Time; import org.keycloak.models.IdentityProviderMapperSyncMode; import org.keycloak.models.IdentityProviderSyncMode; @@ -17,6 +18,7 @@ import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.services.Urls; import org.keycloak.storage.UserStorageProvider; import org.keycloak.testsuite.Assert; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.federation.DummyUserFederationProviderFactory; import org.keycloak.testsuite.util.ClientBuilder; @@ -576,6 +578,9 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest { */ @Test public void testWithLinkedFederationProvider() { + // don't run this test when map storage is enabled, as map storage doesn't support the legacy style federation + ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE); + try { updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosLdapTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosLdapTest.java index 3978497b61..4222a3781f 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosLdapTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosLdapTest.java @@ -24,6 +24,7 @@ import java.util.Map; import javax.ws.rs.core.Response; import org.junit.Assert; +import org.junit.Before; import org.junit.ClassRule; import org.junit.Test; import org.keycloak.common.Profile; @@ -38,6 +39,7 @@ import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.storage.UserStorageProvider; import org.keycloak.storage.ldap.LDAPStorageProviderFactory; import org.keycloak.storage.ldap.kerberos.LDAPProviderKerberosConfig; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.arquillian.annotation.DisableFeature; import org.keycloak.testsuite.util.KerberosRule; import org.keycloak.testsuite.KerberosEmbeddedServer; @@ -49,7 +51,6 @@ import org.keycloak.testsuite.KerberosEmbeddedServer; */ @DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228) public class KerberosLdapTest extends AbstractKerberosSingleRealmTest { - private static final String PROVIDER_CONFIG_LOCATION = "classpath:kerberos/kerberos-ldap-connection.properties"; @ClassRule @@ -72,7 +73,11 @@ public class KerberosLdapTest extends AbstractKerberosSingleRealmTest { return getUserStorageConfiguration("kerberos-ldap", LDAPStorageProviderFactory.PROVIDER_NAME); } - + @Before + public void before() { + // don't run this test when map storage is enabled, as map storage doesn't support the legacy style federation + ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE); + } @Test public void spnegoLoginTest() throws Exception { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java index 92d7433963..9fcceeb3ba 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java @@ -23,8 +23,10 @@ import javax.ws.rs.client.Entity; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import org.junit.Assert; +import org.junit.Before; import org.junit.ClassRule; import org.junit.Test; +import org.keycloak.common.Profile; import org.keycloak.common.constants.KerberosConstants; import org.keycloak.federation.kerberos.CommonKerberosConfig; import org.keycloak.federation.kerberos.KerberosConfig; @@ -34,6 +36,7 @@ import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.storage.UserStorageProvider; import org.keycloak.testsuite.ActionURIUtils; import org.keycloak.testsuite.KerberosEmbeddedServer; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected; import org.keycloak.testsuite.util.KerberosRule; @@ -55,6 +58,11 @@ public class KerberosStandaloneTest extends AbstractKerberosSingleRealmTest { return kerberosRule; } + @Before + public void before() { + // don't run this test when map storage is enabled, as map storage doesn't support the legacy style federation + ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE); + } @Override protected CommonKerberosConfig getKerberosConfig() { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPAccountRestApiTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPAccountRestApiTest.java index dde7b459c2..552148115b 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPAccountRestApiTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPAccountRestApiTest.java @@ -34,6 +34,7 @@ import org.junit.Rule; import org.junit.Test; import org.junit.runners.MethodSorters; import org.keycloak.broker.provider.util.SimpleHttp; +import org.keycloak.common.Profile; import org.keycloak.federation.kerberos.KerberosFederationProvider; import org.keycloak.models.LDAPConstants; import org.keycloak.models.RealmModel; @@ -44,6 +45,7 @@ import org.keycloak.representations.idm.ErrorRepresentation; import org.keycloak.services.messages.Messages; import org.keycloak.services.resources.account.AccountCredentialResource; import org.keycloak.storage.ldap.idm.model.LDAPObject; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.util.LDAPRule; import org.keycloak.testsuite.util.LDAPTestUtils; import org.keycloak.testsuite.util.TokenUtil; @@ -70,6 +72,8 @@ public class LDAPAccountRestApiTest extends AbstractLDAPTest { @Before public void before() { + // don't run this test when map storage is enabled, as map storage doesn't support the legacy style federation + ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE); httpClient = HttpClientBuilder.create().build(); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPLegacyImportTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPLegacyImportTest.java index 1f2b67dcf7..2abb341c49 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPLegacyImportTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPLegacyImportTest.java @@ -18,6 +18,7 @@ package org.keycloak.testsuite.federation.ldap; import org.junit.Assert; +import org.junit.Before; import org.junit.ClassRule; import org.junit.FixMethodOrder; import org.junit.Test; @@ -30,6 +31,7 @@ import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.storage.UserStorageProvider; import org.keycloak.storage.ldap.LDAPStorageProvider; import org.keycloak.storage.ldap.idm.model.LDAPObject; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.arquillian.annotation.DisableFeature; import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.util.LDAPRule; @@ -61,6 +63,11 @@ public class LDAPLegacyImportTest extends AbstractLDAPTest { return ldapRule; } + @Before + public void before() { + // don't run this test when map storage is enabled, as map storage doesn't support the legacy style federation + ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE); + } @Override public void addTestRealms(List testRealms) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMultipleAttributesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMultipleAttributesTest.java index 2339846425..20af03b39b 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMultipleAttributesTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMultipleAttributesTest.java @@ -19,10 +19,12 @@ package org.keycloak.testsuite.federation.ldap; import org.junit.Assert; import org.junit.Assume; +import org.junit.Before; import org.junit.ClassRule; import org.junit.FixMethodOrder; import org.junit.Test; import org.junit.runners.MethodSorters; +import org.keycloak.common.Profile; import org.keycloak.models.ClientModel; import org.keycloak.models.LDAPConstants; import org.keycloak.models.RealmModel; @@ -33,6 +35,7 @@ import org.keycloak.representations.IDToken; import org.keycloak.storage.UserStoragePrivateUtil; import org.keycloak.storage.ldap.LDAPStorageProvider; import org.keycloak.storage.ldap.idm.model.LDAPObject; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.util.LDAPRule; import org.keycloak.testsuite.util.LDAPTestConfiguration; import org.keycloak.testsuite.util.LDAPTestUtils; @@ -67,6 +70,11 @@ public class LDAPMultipleAttributesTest extends AbstractLDAPTest { return ldapRule; } + @Before + public void before() { + // don't run this test when map storage is enabled, as map storage doesn't support LDAP, yet + ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE); + } @Override protected void afterImportTestRealm() { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPPasswordModifyExtensionTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPPasswordModifyExtensionTest.java index 730a0cf9b8..fde1d519a6 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPPasswordModifyExtensionTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPPasswordModifyExtensionTest.java @@ -19,6 +19,7 @@ package org.keycloak.testsuite.federation.ldap; import org.junit.Assert; +import org.junit.Before; import org.junit.ClassRule; import org.junit.FixMethodOrder; import org.junit.Test; @@ -36,6 +37,7 @@ import org.keycloak.storage.ldap.idm.model.LDAPObject; import org.keycloak.storage.ldap.mappers.HardcodedLDAPAttributeMapper; import org.keycloak.storage.ldap.mappers.HardcodedLDAPAttributeMapperFactory; import org.keycloak.storage.ldap.mappers.LDAPStorageMapper; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.arquillian.annotation.DisableFeature; import org.keycloak.testsuite.pages.AppPage; @@ -65,7 +67,6 @@ public class LDAPPasswordModifyExtensionTest extends AbstractLDAPTest { return ldapRule; } - @Override protected void afterImportTestRealm() { testingClient.server().run(session -> { @@ -97,6 +98,12 @@ public class LDAPPasswordModifyExtensionTest extends AbstractLDAPTest { }); } + @Before + public void before() { + // don't run this test when map storage is enabled, as map storage doesn't support the legacy style federation + ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE); + } + @Test @DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228) public void ldapPasswordChangeWithAccountConsole() throws Exception { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java index 30d2cfc541..a93238345e 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java @@ -19,6 +19,7 @@ package org.keycloak.testsuite.federation.ldap; import org.junit.Assert; import org.junit.Assume; +import org.junit.Before; import org.junit.ClassRule; import org.junit.FixMethodOrder; import org.junit.Test; @@ -63,6 +64,7 @@ import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapperFactory; import org.keycloak.storage.ldap.mappers.LDAPStorageMapper; import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper; import org.keycloak.testsuite.AbstractAuthTest; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.arquillian.annotation.DisableFeature; import org.keycloak.testsuite.pages.AppPage; @@ -95,6 +97,12 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest { return ldapRule; } + @Before + public void before() { + // don't run this test when map storage is enabled, as map storage doesn't support LDAP, yet + ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE); + } + @Override protected void afterImportTestRealm() { testingClient.server().run(session -> { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPReadOnlyTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPReadOnlyTest.java index af8a90f22c..9a8f01e957 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPReadOnlyTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPReadOnlyTest.java @@ -20,12 +20,14 @@ package org.keycloak.testsuite.federation.ldap; import org.jboss.arquillian.graphene.page.Page; import org.junit.Assert; +import org.junit.Before; import org.junit.ClassRule; import org.junit.FixMethodOrder; import org.junit.Test; import org.junit.runners.MethodSorters; import org.keycloak.OAuth2Constants; import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.common.Profile; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.LDAPConstants; import org.keycloak.models.RealmModel; @@ -39,6 +41,7 @@ import org.keycloak.storage.StorageId; import org.keycloak.storage.UserStorageProvider; import org.keycloak.storage.ldap.LDAPStorageProvider; import org.keycloak.storage.ldap.idm.model.LDAPObject; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.pages.LoginConfigTotpPage; @@ -74,6 +77,12 @@ public class LDAPReadOnlyTest extends AbstractLDAPTest { private TimeBasedOTP totp = new TimeBasedOTP(); + @Before + public void before() { + // don't run this test when map storage is enabled, as map storage doesn't support LDAP, yet + ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE); + } + @Override protected void afterImportTestRealm() { testingClient.server().run(session -> { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSamlIdPInitiatedVaryingLetterCaseTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSamlIdPInitiatedVaryingLetterCaseTest.java index 7fbafba51c..08ffe3cf3b 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSamlIdPInitiatedVaryingLetterCaseTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSamlIdPInitiatedVaryingLetterCaseTest.java @@ -23,6 +23,7 @@ import org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAu import org.keycloak.broker.saml.SAMLIdentityProviderConfig; import org.keycloak.broker.saml.mappers.UsernameTemplateMapper; import org.keycloak.broker.saml.mappers.UsernameTemplateMapper.Target; +import org.keycloak.common.Profile; import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.dom.saml.v2.protocol.ResponseType; import org.keycloak.models.AuthenticationExecutionModel.Requirement; @@ -45,6 +46,7 @@ import org.keycloak.storage.ldap.idm.model.LDAPObject; import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper; import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapperFactory; import org.keycloak.testsuite.Assert; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.broker.KcSamlBrokerConfiguration; import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.updaters.Creator; @@ -142,6 +144,9 @@ public class LDAPSamlIdPInitiatedVaryingLetterCaseTest extends AbstractLDAPTest @Before public void setupIdentityProvider() { + // don't run this test when map storage is enabled, as map storage doesn't support LDAP, yet + ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE); + // Configure autolink flow AuthenticationFlowRepresentation newFlow = new AuthenticationFlowRepresentation(); newFlow.setAlias(FLOW_AUTO_LINK); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSpecialCharsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSpecialCharsTest.java index 995ff00414..c5ebb047d8 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSpecialCharsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSpecialCharsTest.java @@ -18,11 +18,13 @@ package org.keycloak.testsuite.federation.ldap; import org.junit.Assert; +import org.junit.Before; import org.junit.ClassRule; import org.junit.FixMethodOrder; import org.junit.Test; import org.junit.runners.MethodSorters; import org.keycloak.OAuth2Constants; +import org.keycloak.common.Profile; import org.keycloak.component.ComponentModel; import org.keycloak.models.GroupModel; import org.keycloak.models.LDAPConstants; @@ -34,6 +36,7 @@ import org.keycloak.storage.ldap.idm.model.LDAPObject; import org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode; import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory; import org.keycloak.storage.ldap.mappers.membership.group.GroupMapperConfig; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.pages.AppPage; import org.keycloak.testsuite.util.LDAPRule; import org.keycloak.testsuite.util.LDAPTestConfiguration; @@ -93,6 +96,11 @@ public class LDAPSpecialCharsTest extends AbstractLDAPTest { }); } + @Before + public void before() { + // don't run this test when map storage is enabled, as map storage doesn't support the legacy style federation + ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE); + } @Test public void test01_userSearch() { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPUserLoginTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPUserLoginTest.java index f0cb818987..34f0c0cf1e 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPUserLoginTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPUserLoginTest.java @@ -19,11 +19,13 @@ package org.keycloak.testsuite.federation.ldap; import org.jboss.arquillian.graphene.page.Page; +import org.junit.Before; import org.junit.FixMethodOrder; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExternalResource; import org.junit.runners.MethodSorters; +import org.keycloak.common.Profile; import org.keycloak.events.Errors; import org.keycloak.events.EventType; import org.keycloak.models.LDAPConstants; @@ -33,6 +35,7 @@ import org.keycloak.models.ModelException; import org.keycloak.representations.idm.EventRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.storage.ldap.idm.model.LDAPObject; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude; import org.keycloak.testsuite.arquillian.annotation.EnableVault; import org.keycloak.testsuite.Assert; @@ -111,6 +114,12 @@ public class LDAPUserLoginTest extends AbstractLDAPTest { DEFAULT_TEST_USERS.put("VALID_USER_STREET", "1th Avenue"); } + @Before + public void before() { + // don't run this test when map storage is enabled, as map storage doesn't support LDAP, yet + ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE); + } + @Override protected void afterImportTestRealm() { try { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPUserMultipleCredentialTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPUserMultipleCredentialTest.java index 4903de2248..4810cc54a1 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPUserMultipleCredentialTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPUserMultipleCredentialTest.java @@ -3,6 +3,7 @@ package org.keycloak.testsuite.federation.ldap; import org.jboss.arquillian.graphene.page.Page; import org.junit.Assert; +import org.junit.Before; import org.junit.FixMethodOrder; import org.junit.Rule; import org.junit.Test; @@ -11,6 +12,7 @@ import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.authentication.authenticators.browser.OTPFormAuthenticatorFactory; import org.keycloak.authentication.authenticators.browser.PasswordFormFactory; import org.keycloak.authentication.authenticators.browser.UsernameFormFactory; +import org.keycloak.common.Profile; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; @@ -18,6 +20,7 @@ import org.keycloak.models.credential.OTPCredentialModel; import org.keycloak.models.utils.DefaultAuthenticationFlows; import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.storage.ldap.idm.model.LDAPObject; +import org.keycloak.testsuite.ProfileAssume; import org.keycloak.testsuite.arquillian.annotation.EnableVault; import org.keycloak.testsuite.client.KeycloakTestingClient; import org.keycloak.testsuite.pages.LoginTotpPage; @@ -61,6 +64,12 @@ public class LDAPUserMultipleCredentialTest extends AbstractLDAPTest { return ldapRule; } + @Before + public void before() { + // don't run this test when map storage is enabled, as map storage doesn't support LDAP, yet + ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE); + } + @Override protected void afterImportTestRealm() { getTestingClient().server().run(session -> {