port kerberos
This commit is contained in:
parent
8794416241
commit
19575b2c8f
37 changed files with 321 additions and 255 deletions
|
@ -28,6 +28,10 @@
|
||||||
<artifactId>keycloak-kerberos-federation</artifactId>
|
<artifactId>keycloak-kerberos-federation</artifactId>
|
||||||
<name>Keycloak Kerberos Federation</name>
|
<name>Keycloak Kerberos Federation</name>
|
||||||
<description />
|
<description />
|
||||||
|
<properties>
|
||||||
|
<maven.compiler.target>1.8</maven.compiler.target>
|
||||||
|
<maven.compiler.source>1.8</maven.compiler.source>
|
||||||
|
</properties>
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
<dependency>
|
<dependency>
|
||||||
|
|
|
@ -19,7 +19,6 @@ package org.keycloak.federation.kerberos;
|
||||||
|
|
||||||
import org.keycloak.common.constants.KerberosConstants;
|
import org.keycloak.common.constants.KerberosConstants;
|
||||||
import org.keycloak.component.ComponentModel;
|
import org.keycloak.component.ComponentModel;
|
||||||
import org.keycloak.models.UserFederationProviderModel;
|
|
||||||
|
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
|
@ -30,45 +29,32 @@ import java.util.Map;
|
||||||
*/
|
*/
|
||||||
public abstract class CommonKerberosConfig {
|
public abstract class CommonKerberosConfig {
|
||||||
|
|
||||||
protected UserFederationProviderModel providerModel;
|
|
||||||
protected ComponentModel componentModel;
|
protected ComponentModel componentModel;
|
||||||
|
|
||||||
public CommonKerberosConfig(UserFederationProviderModel userFederationProvider) {
|
|
||||||
this.providerModel = userFederationProvider;
|
|
||||||
}
|
|
||||||
|
|
||||||
public CommonKerberosConfig(ComponentModel componentModel) {
|
public CommonKerberosConfig(ComponentModel componentModel) {
|
||||||
this.componentModel = componentModel;
|
this.componentModel = componentModel;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Should be always true for KerberosFederationProvider
|
// Should be always true for KerberosFederationProvider
|
||||||
public boolean isAllowKerberosAuthentication() {
|
public boolean isAllowKerberosAuthentication() {
|
||||||
if (providerModel != null) return Boolean.valueOf(getConfig().get(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION));
|
return Boolean.valueOf(componentModel.getConfig().getFirst(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION));
|
||||||
else return Boolean.valueOf(componentModel.getConfig().getFirst(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getKerberosRealm() {
|
public String getKerberosRealm() {
|
||||||
if (providerModel != null) return getConfig().get(KerberosConstants.KERBEROS_REALM);
|
return componentModel.getConfig().getFirst(KerberosConstants.KERBEROS_REALM);
|
||||||
else return componentModel.getConfig().getFirst(KerberosConstants.KERBEROS_REALM);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getServerPrincipal() {
|
public String getServerPrincipal() {
|
||||||
if (providerModel != null) return getConfig().get(KerberosConstants.SERVER_PRINCIPAL);
|
return componentModel.getConfig().getFirst(KerberosConstants.SERVER_PRINCIPAL);
|
||||||
else return componentModel.getConfig().getFirst(KerberosConstants.SERVER_PRINCIPAL);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getKeyTab() {
|
public String getKeyTab() {
|
||||||
if (providerModel != null) return getConfig().get(KerberosConstants.KEYTAB);
|
return componentModel.getConfig().getFirst(KerberosConstants.KEYTAB);
|
||||||
else return componentModel.getConfig().getFirst(KerberosConstants.KEYTAB);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isDebug() {
|
public boolean isDebug() {
|
||||||
if (providerModel != null) return Boolean.valueOf(getConfig().get(KerberosConstants.DEBUG));
|
return Boolean.valueOf(componentModel.getConfig().getFirst(KerberosConstants.DEBUG));
|
||||||
else return Boolean.valueOf(componentModel.getConfig().getFirst(KerberosConstants.DEBUG));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected Map<String, String> getConfig() {
|
|
||||||
return providerModel.getConfig();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,9 +18,12 @@
|
||||||
package org.keycloak.federation.kerberos;
|
package org.keycloak.federation.kerberos;
|
||||||
|
|
||||||
import org.keycloak.common.constants.KerberosConstants;
|
import org.keycloak.common.constants.KerberosConstants;
|
||||||
|
import org.keycloak.component.ComponentModel;
|
||||||
import org.keycloak.models.LDAPConstants;
|
import org.keycloak.models.LDAPConstants;
|
||||||
import org.keycloak.models.UserFederationProvider;
|
import org.keycloak.models.UserFederationProvider;
|
||||||
import org.keycloak.models.UserFederationProviderModel;
|
import org.keycloak.models.UserFederationProviderModel;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
|
import org.keycloak.storage.UserStorageProvider.EditMode;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Configuration specific to {@link KerberosFederationProvider}
|
* Configuration specific to {@link KerberosFederationProvider}
|
||||||
|
@ -29,25 +32,25 @@ import org.keycloak.models.UserFederationProviderModel;
|
||||||
*/
|
*/
|
||||||
public class KerberosConfig extends CommonKerberosConfig {
|
public class KerberosConfig extends CommonKerberosConfig {
|
||||||
|
|
||||||
public KerberosConfig(UserFederationProviderModel userFederationProvider) {
|
public KerberosConfig(ComponentModel component) {
|
||||||
super(userFederationProvider);
|
super(component);
|
||||||
}
|
}
|
||||||
|
|
||||||
public UserFederationProvider.EditMode getEditMode() {
|
public EditMode getEditMode() {
|
||||||
String editModeString = getConfig().get(LDAPConstants.EDIT_MODE);
|
String editModeString = componentModel.getConfig().getFirst(LDAPConstants.EDIT_MODE);
|
||||||
if (editModeString == null) {
|
if (editModeString == null) {
|
||||||
return UserFederationProvider.EditMode.UNSYNCED;
|
return EditMode.UNSYNCED;
|
||||||
} else {
|
} else {
|
||||||
return UserFederationProvider.EditMode.valueOf(editModeString);
|
return EditMode.valueOf(editModeString);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isAllowPasswordAuthentication() {
|
public boolean isAllowPasswordAuthentication() {
|
||||||
return Boolean.valueOf(getConfig().get(KerberosConstants.ALLOW_PASSWORD_AUTHENTICATION));
|
return Boolean.valueOf(componentModel.getConfig().getFirst(KerberosConstants.ALLOW_PASSWORD_AUTHENTICATION));
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isUpdateProfileFirstLogin() {
|
public boolean isUpdateProfileFirstLogin() {
|
||||||
return Boolean.valueOf(getConfig().get(KerberosConstants.UPDATE_PROFILE_FIRST_LOGIN));
|
return Boolean.valueOf(componentModel.getConfig().getFirst(KerberosConstants.UPDATE_PROFILE_FIRST_LOGIN));
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,7 +19,10 @@ package org.keycloak.federation.kerberos;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.keycloak.common.constants.KerberosConstants;
|
import org.keycloak.common.constants.KerberosConstants;
|
||||||
|
import org.keycloak.credential.CredentialAuthentication;
|
||||||
import org.keycloak.credential.CredentialInput;
|
import org.keycloak.credential.CredentialInput;
|
||||||
|
import org.keycloak.credential.CredentialInputUpdater;
|
||||||
|
import org.keycloak.credential.CredentialInputValidator;
|
||||||
import org.keycloak.credential.CredentialModel;
|
import org.keycloak.credential.CredentialModel;
|
||||||
import org.keycloak.federation.kerberos.impl.KerberosUsernamePasswordAuthenticator;
|
import org.keycloak.federation.kerberos.impl.KerberosUsernamePasswordAuthenticator;
|
||||||
import org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator;
|
import org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator;
|
||||||
|
@ -34,6 +37,10 @@ import org.keycloak.models.UserFederationProvider;
|
||||||
import org.keycloak.models.UserFederationProviderModel;
|
import org.keycloak.models.UserFederationProviderModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.UserManager;
|
import org.keycloak.models.UserManager;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
|
import org.keycloak.storage.UserStorageProviderModel;
|
||||||
|
import org.keycloak.storage.user.ImportedUserValidation;
|
||||||
|
import org.keycloak.storage.user.UserLookupProvider;
|
||||||
|
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
@ -45,17 +52,22 @@ import java.util.Set;
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||||
*/
|
*/
|
||||||
public class KerberosFederationProvider implements UserFederationProvider {
|
public class KerberosFederationProvider implements UserStorageProvider,
|
||||||
|
UserLookupProvider,
|
||||||
|
CredentialInputValidator,
|
||||||
|
CredentialInputUpdater,
|
||||||
|
CredentialAuthentication,
|
||||||
|
ImportedUserValidation {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(KerberosFederationProvider.class);
|
private static final Logger logger = Logger.getLogger(KerberosFederationProvider.class);
|
||||||
public static final String KERBEROS_PRINCIPAL = "KERBEROS_PRINCIPAL";
|
public static final String KERBEROS_PRINCIPAL = "KERBEROS_PRINCIPAL";
|
||||||
|
|
||||||
protected KeycloakSession session;
|
protected KeycloakSession session;
|
||||||
protected UserFederationProviderModel model;
|
protected UserStorageProviderModel model;
|
||||||
protected KerberosConfig kerberosConfig;
|
protected KerberosConfig kerberosConfig;
|
||||||
protected KerberosFederationProviderFactory factory;
|
protected KerberosFederationProviderFactory factory;
|
||||||
|
|
||||||
public KerberosFederationProvider(KeycloakSession session,UserFederationProviderModel model, KerberosFederationProviderFactory factory) {
|
public KerberosFederationProvider(KeycloakSession session, UserStorageProviderModel model, KerberosFederationProviderFactory factory) {
|
||||||
this.session = session;
|
this.session = session;
|
||||||
this.model = model;
|
this.model = model;
|
||||||
this.kerberosConfig = new KerberosConfig(model);
|
this.kerberosConfig = new KerberosConfig(model);
|
||||||
|
@ -63,35 +75,20 @@ public class KerberosFederationProvider implements UserFederationProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserModel validateAndProxy(RealmModel realm, UserModel local) {
|
public UserModel validate(RealmModel realm, UserModel user) {
|
||||||
if (!isValid(realm, local)) {
|
if (!isValid(realm, user)) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (kerberosConfig.getEditMode() == EditMode.READ_ONLY) {
|
if (kerberosConfig.getEditMode() == EditMode.READ_ONLY) {
|
||||||
return new ReadOnlyKerberosUserModelDelegate(local, this);
|
return new ReadOnlyKerberosUserModelDelegate(user, this);
|
||||||
} else {
|
} else {
|
||||||
return local;
|
return user;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean synchronizeRegistrations() {
|
public UserModel getUserByUsername(String username, RealmModel realm) {
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public UserModel register(RealmModel realm, UserModel user) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean removeUser(RealmModel realm, UserModel user) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public UserModel getUserByUsername(RealmModel realm, String username) {
|
|
||||||
KerberosUsernamePasswordAuthenticator authenticator = factory.createKerberosUsernamePasswordAuthenticator(kerberosConfig);
|
KerberosUsernamePasswordAuthenticator authenticator = factory.createKerberosUsernamePasswordAuthenticator(kerberosConfig);
|
||||||
if (authenticator.isUserAvailable(username)) {
|
if (authenticator.isUserAvailable(username)) {
|
||||||
// Case when method was called with username including kerberos realm like john@REALM.ORG . Authenticator already checked that kerberos realm was correct
|
// Case when method was called with username including kerberos realm like john@REALM.ORG . Authenticator already checked that kerberos realm was correct
|
||||||
|
@ -106,18 +103,13 @@ public class KerberosFederationProvider implements UserFederationProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserModel getUserByEmail(RealmModel realm, String email) {
|
public UserModel getUserByEmail(String email, RealmModel realm) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<UserModel> searchByAttributes(Map<String, String> attributes, RealmModel realm, int maxResults) {
|
public UserModel getUserById(String id, RealmModel realm) {
|
||||||
return Collections.emptyList();
|
return null;
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public List<UserModel> getGroupMembers(RealmModel realm, GroupModel group, int firstResult, int maxResults) {
|
|
||||||
return Collections.emptyList();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -135,7 +127,6 @@ public class KerberosFederationProvider implements UserFederationProvider {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean isValid(RealmModel realm, UserModel local) {
|
public boolean isValid(RealmModel realm, UserModel local) {
|
||||||
// KerberosUsernamePasswordAuthenticator.isUserAvailable is an overhead, so avoid it for now
|
// KerberosUsernamePasswordAuthenticator.isUserAvailable is an overhead, so avoid it for now
|
||||||
|
|
||||||
|
@ -143,13 +134,6 @@ public class KerberosFederationProvider implements UserFederationProvider {
|
||||||
return kerberosPrincipal.equalsIgnoreCase(local.getFirstAttribute(KERBEROS_PRINCIPAL));
|
return kerberosPrincipal.equalsIgnoreCase(local.getFirstAttribute(KERBEROS_PRINCIPAL));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
public Set<String> getSupportedCredentialTypes() {
|
|
||||||
Set<String> supportedCredTypes = new HashSet<String>();
|
|
||||||
supportedCredTypes.add(UserCredentialModel.KERBEROS);
|
|
||||||
return supportedCredTypes;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input) {
|
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input) {
|
||||||
if (!(input instanceof UserCredentialModel) || !CredentialModel.PASSWORD.equals(input.getType())) return false;
|
if (!(input instanceof UserCredentialModel) || !CredentialModel.PASSWORD.equals(input.getType())) return false;
|
||||||
|
@ -174,6 +158,11 @@ public class KerberosFederationProvider implements UserFederationProvider {
|
||||||
return credentialType.equals(CredentialModel.KERBEROS) || (kerberosConfig.isAllowPasswordAuthentication() && credentialType.equals(CredentialModel.PASSWORD));
|
return credentialType.equals(CredentialModel.KERBEROS) || (kerberosConfig.isAllowPasswordAuthentication() && credentialType.equals(CredentialModel.PASSWORD));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean supportsCredentialAuthenticationFor(String type) {
|
||||||
|
return CredentialModel.KERBEROS.equals(type);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType) {
|
public boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType) {
|
||||||
return supportsCredentialType(credentialType);
|
return supportsCredentialType(credentialType);
|
||||||
|
@ -199,7 +188,9 @@ public class KerberosFederationProvider implements UserFederationProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public CredentialValidationOutput validCredentials(RealmModel realm, UserCredentialModel credential) {
|
public CredentialValidationOutput authenticate(RealmModel realm, CredentialInput input) {
|
||||||
|
if (!(input instanceof UserCredentialModel)) return null;
|
||||||
|
UserCredentialModel credential = (UserCredentialModel)input;
|
||||||
if (credential.getType().equals(UserCredentialModel.KERBEROS)) {
|
if (credential.getType().equals(UserCredentialModel.KERBEROS)) {
|
||||||
String spnegoToken = credential.getValue();
|
String spnegoToken = credential.getValue();
|
||||||
SPNEGOAuthenticator spnegoAuthenticator = factory.createSPNEGOAuthenticator(spnegoToken, kerberosConfig);
|
SPNEGOAuthenticator spnegoAuthenticator = factory.createSPNEGOAuthenticator(spnegoToken, kerberosConfig);
|
||||||
|
@ -226,7 +217,7 @@ public class KerberosFederationProvider implements UserFederationProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
return CredentialValidationOutput.failed();
|
return null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -243,22 +234,23 @@ public class KerberosFederationProvider implements UserFederationProvider {
|
||||||
* @return user if found or successfully created. Null if user with same username already exists, but is not linked to this provider
|
* @return user if found or successfully created. Null if user with same username already exists, but is not linked to this provider
|
||||||
*/
|
*/
|
||||||
protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username) {
|
protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username) {
|
||||||
UserModel user = session.userStorage().getUserByUsername(username, realm);
|
UserModel user = session.userLocalStorage().getUserByUsername(username, realm);
|
||||||
if (user != null) {
|
if (user != null) {
|
||||||
|
user = session.users().getUserById(user.getId(), realm); // make sure we get a cached instance
|
||||||
logger.debug("Kerberos authenticated user " + username + " found in Keycloak storage");
|
logger.debug("Kerberos authenticated user " + username + " found in Keycloak storage");
|
||||||
|
|
||||||
if (!model.getId().equals(user.getFederationLink())) {
|
if (!model.getId().equals(user.getFederationLink())) {
|
||||||
logger.warn("User with username " + username + " already exists, but is not linked to provider [" + model.getDisplayName() + "]");
|
logger.warn("User with username " + username + " already exists, but is not linked to provider [" + model.getName() + "]");
|
||||||
return null;
|
return null;
|
||||||
} else {
|
} else {
|
||||||
UserModel proxied = validateAndProxy(realm, user);
|
UserModel proxied = validate(realm, user);
|
||||||
if (proxied != null) {
|
if (proxied != null) {
|
||||||
return proxied;
|
return proxied;
|
||||||
} else {
|
} else {
|
||||||
logger.warn("User with username " + username + " already exists and is linked to provider [" + model.getDisplayName() +
|
logger.warn("User with username " + username + " already exists and is linked to provider [" + model.getName() +
|
||||||
"] but kerberos principal is not correct. Kerberos principal on user is: " + user.getFirstAttribute(KERBEROS_PRINCIPAL));
|
"] but kerberos principal is not correct. Kerberos principal on user is: " + user.getFirstAttribute(KERBEROS_PRINCIPAL));
|
||||||
logger.warn("Will re-create user");
|
logger.warn("Will re-create user");
|
||||||
new UserManager(session).removeUser(realm, user, session.userStorage());
|
new UserManager(session).removeUser(realm, user, session.userLocalStorage());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -272,7 +264,7 @@ public class KerberosFederationProvider implements UserFederationProvider {
|
||||||
String email = username + "@" + kerberosConfig.getKerberosRealm().toLowerCase();
|
String email = username + "@" + kerberosConfig.getKerberosRealm().toLowerCase();
|
||||||
|
|
||||||
logger.debugf("Creating kerberos user: %s, email: %s to local Keycloak storage", username, email);
|
logger.debugf("Creating kerberos user: %s, email: %s to local Keycloak storage", username, email);
|
||||||
UserModel user = session.userStorage().addUser(realm, username);
|
UserModel user = session.userLocalStorage().addUser(realm, username);
|
||||||
user.setEnabled(true);
|
user.setEnabled(true);
|
||||||
user.setEmail(email);
|
user.setEmail(email);
|
||||||
user.setFederationLink(model.getId());
|
user.setFederationLink(model.getId());
|
||||||
|
@ -282,6 +274,6 @@ public class KerberosFederationProvider implements UserFederationProvider {
|
||||||
user.addRequiredAction(UserModel.RequiredAction.UPDATE_PROFILE);
|
user.addRequiredAction(UserModel.RequiredAction.UPDATE_PROFILE);
|
||||||
}
|
}
|
||||||
|
|
||||||
return validateAndProxy(realm, user);
|
return validate(realm, user);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,18 +19,29 @@ package org.keycloak.federation.kerberos;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
|
import org.keycloak.common.constants.KerberosConstants;
|
||||||
|
import org.keycloak.component.ComponentModel;
|
||||||
|
import org.keycloak.component.ComponentValidationException;
|
||||||
import org.keycloak.federation.kerberos.impl.KerberosServerSubjectAuthenticator;
|
import org.keycloak.federation.kerberos.impl.KerberosServerSubjectAuthenticator;
|
||||||
import org.keycloak.federation.kerberos.impl.KerberosUsernamePasswordAuthenticator;
|
import org.keycloak.federation.kerberos.impl.KerberosUsernamePasswordAuthenticator;
|
||||||
import org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator;
|
import org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
import org.keycloak.models.KeycloakSessionFactory;
|
||||||
|
import org.keycloak.models.LDAPConstants;
|
||||||
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserFederationProvider;
|
import org.keycloak.models.UserFederationProvider;
|
||||||
import org.keycloak.models.UserFederationProviderFactory;
|
import org.keycloak.models.UserFederationProviderFactory;
|
||||||
import org.keycloak.models.UserFederationProviderModel;
|
import org.keycloak.models.UserFederationProviderModel;
|
||||||
import org.keycloak.models.UserFederationSyncResult;
|
import org.keycloak.models.UserFederationSyncResult;
|
||||||
|
import org.keycloak.provider.ProviderConfigProperty;
|
||||||
|
import org.keycloak.provider.ProviderConfigurationBuilder;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
|
import org.keycloak.storage.UserStorageProviderFactory;
|
||||||
|
import org.keycloak.storage.UserStorageProviderModel;
|
||||||
|
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -39,18 +50,14 @@ import java.util.Set;
|
||||||
*
|
*
|
||||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||||
*/
|
*/
|
||||||
public class KerberosFederationProviderFactory implements UserFederationProviderFactory {
|
public class KerberosFederationProviderFactory implements UserStorageProviderFactory<KerberosFederationProvider> {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(KerberosFederationProviderFactory.class);
|
private static final Logger logger = Logger.getLogger(KerberosFederationProviderFactory.class);
|
||||||
public static final String PROVIDER_NAME = "kerberos";
|
public static final String PROVIDER_NAME = "kerberos";
|
||||||
@Override
|
|
||||||
public UserFederationProvider getInstance(KeycloakSession session, UserFederationProviderModel model) {
|
|
||||||
return new KerberosFederationProvider(session, model, this);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<String> getConfigurationOptions() {
|
public KerberosFederationProvider create(KeycloakSession session, ComponentModel model) {
|
||||||
return Collections.emptySet();
|
return new KerberosFederationProvider(session, new UserStorageProviderModel(model), this);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -58,23 +65,62 @@ public class KerberosFederationProviderFactory implements UserFederationProvider
|
||||||
return PROVIDER_NAME;
|
return PROVIDER_NAME;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
protected static final List<ProviderConfigProperty> configProperties;
|
||||||
public UserFederationSyncResult syncAllUsers(KeycloakSessionFactory sessionFactory, String realmId, UserFederationProviderModel model) {
|
|
||||||
logger.warn("Sync users not supported for this provider");
|
static {
|
||||||
return UserFederationSyncResult.empty();
|
configProperties = getConfigProps();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
private static List<ProviderConfigProperty> getConfigProps() {
|
||||||
public UserFederationSyncResult syncChangedUsers(KeycloakSessionFactory sessionFactory, String realmId, UserFederationProviderModel model, Date lastSync) {
|
return ProviderConfigurationBuilder.create()
|
||||||
logger.warn("Sync users not supported for this provider");
|
.property().name(KerberosConstants.KERBEROS_REALM)
|
||||||
return UserFederationSyncResult.empty();
|
.label("kerberos-realm")
|
||||||
|
.helpText("kerberos-realm.tooltip")
|
||||||
|
.type(ProviderConfigProperty.STRING_TYPE)
|
||||||
|
.add()
|
||||||
|
.property().name(KerberosConstants.SERVER_PRINCIPAL)
|
||||||
|
.label("server-principal")
|
||||||
|
.helpText("server-principal.tooltip")
|
||||||
|
.type(ProviderConfigProperty.STRING_TYPE)
|
||||||
|
.add()
|
||||||
|
.property().name(KerberosConstants.KEYTAB)
|
||||||
|
.label("keytab")
|
||||||
|
.helpText("keytab.tooltip")
|
||||||
|
.type(ProviderConfigProperty.STRING_TYPE)
|
||||||
|
.add()
|
||||||
|
.property().name(KerberosConstants.DEBUG)
|
||||||
|
.label("debug")
|
||||||
|
.helpText("debug.tooltip")
|
||||||
|
.type(ProviderConfigProperty.BOOLEAN_TYPE)
|
||||||
|
.defaultValue("false")
|
||||||
|
.add()
|
||||||
|
.property().name(KerberosConstants.ALLOW_PASSWORD_AUTHENTICATION)
|
||||||
|
.label("allow-password-authentication")
|
||||||
|
.helpText("allow-password-authentication.tooltip")
|
||||||
|
.type(ProviderConfigProperty.BOOLEAN_TYPE)
|
||||||
|
.defaultValue("false")
|
||||||
|
.add()
|
||||||
|
.property().name(LDAPConstants.EDIT_MODE)
|
||||||
|
.label("edit-mode")
|
||||||
|
.helpText("edit-mode.tooltip")
|
||||||
|
.type(ProviderConfigProperty.LIST_TYPE)
|
||||||
|
.options(UserStorageProvider.EditMode.READ_ONLY.toString(), UserStorageProvider.EditMode.UNSYNCED.toString())
|
||||||
|
.add()
|
||||||
|
.property().name(KerberosConstants.UPDATE_PROFILE_FIRST_LOGIN)
|
||||||
|
.label("update-profile-first-login")
|
||||||
|
.helpText("update-profile-first-login.tooltip")
|
||||||
|
.type(ProviderConfigProperty.BOOLEAN_TYPE)
|
||||||
|
.defaultValue("false")
|
||||||
|
.add()
|
||||||
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserFederationProvider create(KeycloakSession session) {
|
public List<ProviderConfigProperty> getConfigProperties() {
|
||||||
throw new IllegalAccessError("Illegal to call this method");
|
return configProperties;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void init(Config.Scope config) {
|
public void init(Config.Scope config) {
|
||||||
|
|
||||||
|
|
|
@ -19,6 +19,7 @@ package org.keycloak.storage.ldap;
|
||||||
|
|
||||||
import org.keycloak.common.util.MultivaluedHashMap;
|
import org.keycloak.common.util.MultivaluedHashMap;
|
||||||
import org.keycloak.models.LDAPConstants;
|
import org.keycloak.models.LDAPConstants;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
|
|
||||||
import javax.naming.directory.SearchControls;
|
import javax.naming.directory.SearchControls;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
@ -171,12 +172,12 @@ public class LDAPConfig {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public LDAPStorageProviderFactory.EditMode getEditMode() {
|
public UserStorageProvider.EditMode getEditMode() {
|
||||||
String editModeString = config.getFirst(LDAPConstants.EDIT_MODE);
|
String editModeString = config.getFirst(LDAPConstants.EDIT_MODE);
|
||||||
if (editModeString == null) {
|
if (editModeString == null) {
|
||||||
return LDAPStorageProviderFactory.EditMode.READ_ONLY;
|
return UserStorageProvider.EditMode.READ_ONLY;
|
||||||
} else {
|
} else {
|
||||||
return LDAPStorageProviderFactory.EditMode.valueOf(editModeString);
|
return UserStorageProvider.EditMode.valueOf(editModeString);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -85,7 +85,7 @@ public class LDAPStorageProvider implements UserStorageProvider,
|
||||||
protected KeycloakSession session;
|
protected KeycloakSession session;
|
||||||
protected ComponentModel model;
|
protected ComponentModel model;
|
||||||
protected LDAPIdentityStore ldapIdentityStore;
|
protected LDAPIdentityStore ldapIdentityStore;
|
||||||
protected LDAPStorageProviderFactory.EditMode editMode;
|
protected EditMode editMode;
|
||||||
protected LDAPProviderKerberosConfig kerberosConfig;
|
protected LDAPProviderKerberosConfig kerberosConfig;
|
||||||
protected PasswordUpdated updater;
|
protected PasswordUpdated updater;
|
||||||
|
|
||||||
|
@ -117,7 +117,7 @@ public class LDAPStorageProvider implements UserStorageProvider,
|
||||||
return this.ldapIdentityStore;
|
return this.ldapIdentityStore;
|
||||||
}
|
}
|
||||||
|
|
||||||
public LDAPStorageProviderFactory.EditMode getEditMode() {
|
public EditMode getEditMode() {
|
||||||
return editMode;
|
return editMode;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -174,12 +174,12 @@ public class LDAPStorageProvider implements UserStorageProvider,
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean synchronizeRegistrations() {
|
public boolean synchronizeRegistrations() {
|
||||||
return "true".equalsIgnoreCase(model.getConfig().getFirst(LDAPConstants.SYNC_REGISTRATIONS)) && editMode == LDAPStorageProviderFactory.EditMode.WRITABLE;
|
return "true".equalsIgnoreCase(model.getConfig().getFirst(LDAPConstants.SYNC_REGISTRATIONS)) && editMode == UserStorageProvider.EditMode.WRITABLE;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserModel addUser(RealmModel realm, String username) {
|
public UserModel addUser(RealmModel realm, String username) {
|
||||||
if (editMode == LDAPStorageProviderFactory.EditMode.READ_ONLY || editMode == LDAPStorageProviderFactory.EditMode.UNSYNCED) throw new IllegalStateException("Registration is not supported by this ldap server");
|
if (editMode == UserStorageProvider.EditMode.READ_ONLY || editMode == UserStorageProvider.EditMode.UNSYNCED) throw new IllegalStateException("Registration is not supported by this ldap server");
|
||||||
if (!synchronizeRegistrations()) throw new IllegalStateException("Registration is not supported by this ldap server");
|
if (!synchronizeRegistrations()) throw new IllegalStateException("Registration is not supported by this ldap server");
|
||||||
UserModel user = session.userLocalStorage().addUser(realm, username);
|
UserModel user = session.userLocalStorage().addUser(realm, username);
|
||||||
user.setFederationLink(model.getId());
|
user.setFederationLink(model.getId());
|
||||||
|
@ -193,7 +193,7 @@ public class LDAPStorageProvider implements UserStorageProvider,
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean removeUser(RealmModel realm, UserModel user) {
|
public boolean removeUser(RealmModel realm, UserModel user) {
|
||||||
if (editMode == LDAPStorageProviderFactory.EditMode.READ_ONLY || editMode == LDAPStorageProviderFactory.EditMode.UNSYNCED) {
|
if (editMode == UserStorageProvider.EditMode.READ_ONLY || editMode == UserStorageProvider.EditMode.UNSYNCED) {
|
||||||
logger.warnf("User '%s' can't be deleted in LDAP as editMode is '%s'. Deleting user just from Keycloak DB, but he will be re-imported from LDAP again once searched in Keycloak", user.getUsername(), editMode.toString());
|
logger.warnf("User '%s' can't be deleted in LDAP as editMode is '%s'. Deleting user just from Keycloak DB, but he will be re-imported from LDAP again once searched in Keycloak", user.getUsername(), editMode.toString());
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -479,10 +479,10 @@ public class LDAPStorageProvider implements UserStorageProvider,
|
||||||
@Override
|
@Override
|
||||||
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input) {
|
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input) {
|
||||||
if (!CredentialModel.PASSWORD.equals(input.getType()) || ! (input instanceof UserCredentialModel)) return false;
|
if (!CredentialModel.PASSWORD.equals(input.getType()) || ! (input instanceof UserCredentialModel)) return false;
|
||||||
if (editMode == LDAPStorageProviderFactory.EditMode.READ_ONLY) {
|
if (editMode == UserStorageProvider.EditMode.READ_ONLY) {
|
||||||
throw new ModelReadOnlyException("Federated storage is not writable");
|
throw new ModelReadOnlyException("Federated storage is not writable");
|
||||||
|
|
||||||
} else if (editMode == LDAPStorageProviderFactory.EditMode.WRITABLE) {
|
} else if (editMode == UserStorageProvider.EditMode.WRITABLE) {
|
||||||
LDAPIdentityStore ldapIdentityStore = getLdapIdentityStore();
|
LDAPIdentityStore ldapIdentityStore = getLdapIdentityStore();
|
||||||
UserCredentialModel cred = (UserCredentialModel)input;
|
UserCredentialModel cred = (UserCredentialModel)input;
|
||||||
String password = cred.getValue();
|
String password = cred.getValue();
|
||||||
|
|
|
@ -63,27 +63,6 @@ import java.util.List;
|
||||||
*/
|
*/
|
||||||
public class LDAPStorageProviderFactory implements UserStorageProviderFactory<LDAPStorageProvider>, ImportSynchronization {
|
public class LDAPStorageProviderFactory implements UserStorageProviderFactory<LDAPStorageProvider>, ImportSynchronization {
|
||||||
|
|
||||||
/**
|
|
||||||
* Optional type that can be by implementations to describe edit mode of federation storage
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
public enum EditMode {
|
|
||||||
/**
|
|
||||||
* federation storage is read-only
|
|
||||||
*/
|
|
||||||
READ_ONLY,
|
|
||||||
/**
|
|
||||||
* federation storage is writable
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
WRITABLE,
|
|
||||||
/**
|
|
||||||
* updates to user are stored locally and not synced with federation storage.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
UNSYNCED
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(LDAPStorageProviderFactory.class);
|
private static final Logger logger = Logger.getLogger(LDAPStorageProviderFactory.class);
|
||||||
public static final String PROVIDER_NAME = LDAPConstants.LDAP_PROVIDER;
|
public static final String PROVIDER_NAME = LDAPConstants.LDAP_PROVIDER;
|
||||||
|
@ -100,7 +79,7 @@ public class LDAPStorageProviderFactory implements UserStorageProviderFactory<LD
|
||||||
boolean readOnly = false;
|
boolean readOnly = false;
|
||||||
if (parent != null) {
|
if (parent != null) {
|
||||||
LDAPConfig config = new LDAPConfig(parent.getConfig());
|
LDAPConfig config = new LDAPConfig(parent.getConfig());
|
||||||
readOnly = config.getEditMode() != LDAPStorageProviderFactory.EditMode.WRITABLE;
|
readOnly = config.getEditMode() != UserStorageProvider.EditMode.WRITABLE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -229,11 +208,11 @@ public class LDAPStorageProviderFactory implements UserStorageProviderFactory<LD
|
||||||
LDAPConfig ldapConfig = new LDAPConfig(model.getConfig());
|
LDAPConfig ldapConfig = new LDAPConfig(model.getConfig());
|
||||||
|
|
||||||
boolean activeDirectory = ldapConfig.isActiveDirectory();
|
boolean activeDirectory = ldapConfig.isActiveDirectory();
|
||||||
EditMode editMode = ldapConfig.getEditMode();
|
UserStorageProvider.EditMode editMode = ldapConfig.getEditMode();
|
||||||
String readOnly = String.valueOf(editMode == EditMode.READ_ONLY || editMode == EditMode.UNSYNCED);
|
String readOnly = String.valueOf(editMode == UserStorageProvider.EditMode.READ_ONLY || editMode == UserStorageProvider.EditMode.UNSYNCED);
|
||||||
String usernameLdapAttribute = ldapConfig.getUsernameLdapAttribute();
|
String usernameLdapAttribute = ldapConfig.getUsernameLdapAttribute();
|
||||||
|
|
||||||
String alwaysReadValueFromLDAP = String.valueOf(editMode==EditMode.READ_ONLY || editMode== EditMode.WRITABLE);
|
String alwaysReadValueFromLDAP = String.valueOf(editMode== UserStorageProvider.EditMode.READ_ONLY || editMode== UserStorageProvider.EditMode.WRITABLE);
|
||||||
|
|
||||||
ComponentModel mapperModel;
|
ComponentModel mapperModel;
|
||||||
mapperModel = KeycloakModelUtils.createComponentModel("username", model.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(),
|
mapperModel = KeycloakModelUtils.createComponentModel("username", model.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(),
|
||||||
|
@ -259,7 +238,7 @@ public class LDAPStorageProviderFactory implements UserStorageProviderFactory<LD
|
||||||
realm.addComponentModel(mapperModel);
|
realm.addComponentModel(mapperModel);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
if (editMode == EditMode.WRITABLE) {
|
if (editMode == UserStorageProvider.EditMode.WRITABLE) {
|
||||||
|
|
||||||
// For AD deployments with "sAMAccountName" as username and writable, we need to map "cn" as username as well (this is needed so we can register new users from KC into LDAP) and we will map "givenName" to first name.
|
// For AD deployments with "sAMAccountName" as username and writable, we need to map "cn" as username as well (this is needed so we can register new users from KC into LDAP) and we will map "givenName" to first name.
|
||||||
mapperModel = KeycloakModelUtils.createComponentModel("first name", model.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID,LDAPStorageMapper.class.getName(),
|
mapperModel = KeycloakModelUtils.createComponentModel("first name", model.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID,LDAPStorageMapper.class.getName(),
|
||||||
|
|
|
@ -21,8 +21,8 @@ import org.keycloak.component.ComponentModel;
|
||||||
import org.keycloak.models.LDAPConstants;
|
import org.keycloak.models.LDAPConstants;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
|
||||||
import org.keycloak.storage.ldap.idm.model.LDAPObject;
|
import org.keycloak.storage.ldap.idm.model.LDAPObject;
|
||||||
import org.keycloak.storage.ldap.idm.query.Condition;
|
import org.keycloak.storage.ldap.idm.query.Condition;
|
||||||
import org.keycloak.storage.ldap.idm.query.internal.EqualCondition;
|
import org.keycloak.storage.ldap.idm.query.internal.EqualCondition;
|
||||||
|
@ -84,7 +84,7 @@ public class FullNameLDAPStorageMapper extends AbstractLDAPStorageMapper {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserModel proxy(LDAPObject ldapUser, UserModel delegate) {
|
public UserModel proxy(LDAPObject ldapUser, UserModel delegate) {
|
||||||
if (ldapProvider.getEditMode() == LDAPStorageProviderFactory.EditMode.WRITABLE && !isReadOnly()) {
|
if (ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE && !isReadOnly()) {
|
||||||
|
|
||||||
|
|
||||||
TxAwareLDAPUserModelDelegate txDelegate = new TxAwareLDAPUserModelDelegate(delegate, ldapProvider, ldapUser) {
|
TxAwareLDAPUserModelDelegate txDelegate = new TxAwareLDAPUserModelDelegate(delegate, ldapProvider, ldapUser) {
|
||||||
|
|
|
@ -22,17 +22,13 @@ import org.keycloak.component.ComponentValidationException;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.LDAPConstants;
|
import org.keycloak.models.LDAPConstants;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserFederationProvider;
|
|
||||||
import org.keycloak.models.UserFederationProviderModel;
|
|
||||||
import org.keycloak.provider.ProviderConfigProperty;
|
import org.keycloak.provider.ProviderConfigProperty;
|
||||||
import org.keycloak.provider.ProviderConfigurationBuilder;
|
import org.keycloak.provider.ProviderConfigurationBuilder;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPConfig;
|
import org.keycloak.storage.ldap.LDAPConfig;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
|
||||||
|
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||||
|
@ -51,7 +47,7 @@ public class FullNameLDAPStorageMapperFactory extends AbstractLDAPStorageMapperF
|
||||||
boolean readOnly = false;
|
boolean readOnly = false;
|
||||||
if (parent != null) {
|
if (parent != null) {
|
||||||
LDAPConfig config = new LDAPConfig(parent.getConfig());
|
LDAPConfig config = new LDAPConfig(parent.getConfig());
|
||||||
readOnly = config.getEditMode() != LDAPStorageProviderFactory.EditMode.WRITABLE;
|
readOnly = config.getEditMode() != UserStorageProvider.EditMode.WRITABLE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -107,9 +103,9 @@ public class FullNameLDAPStorageMapperFactory extends AbstractLDAPStorageMapperF
|
||||||
|
|
||||||
}
|
}
|
||||||
LDAPConfig cfg = new LDAPConfig(parent.getConfig());
|
LDAPConfig cfg = new LDAPConfig(parent.getConfig());
|
||||||
LDAPStorageProviderFactory.EditMode editMode = cfg.getEditMode();
|
UserStorageProvider.EditMode editMode = cfg.getEditMode();
|
||||||
|
|
||||||
if (writeOnly && cfg.getEditMode() != LDAPStorageProviderFactory.EditMode.WRITABLE) {
|
if (writeOnly && cfg.getEditMode() != UserStorageProvider.EditMode.WRITABLE) {
|
||||||
throw new ComponentValidationException("ldapErrorCantWriteOnlyForReadOnlyLdap");
|
throw new ComponentValidationException("ldapErrorCantWriteOnlyForReadOnlyLdap");
|
||||||
}
|
}
|
||||||
if (writeOnly && readOnly) {
|
if (writeOnly && readOnly) {
|
||||||
|
|
|
@ -29,8 +29,8 @@ import org.keycloak.models.utils.UserModelDelegate;
|
||||||
import org.keycloak.models.utils.reflection.Property;
|
import org.keycloak.models.utils.reflection.Property;
|
||||||
import org.keycloak.models.utils.reflection.PropertyCriteria;
|
import org.keycloak.models.utils.reflection.PropertyCriteria;
|
||||||
import org.keycloak.models.utils.reflection.PropertyQueries;
|
import org.keycloak.models.utils.reflection.PropertyQueries;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
|
||||||
import org.keycloak.storage.ldap.idm.model.LDAPObject;
|
import org.keycloak.storage.ldap.idm.model.LDAPObject;
|
||||||
import org.keycloak.storage.ldap.idm.query.Condition;
|
import org.keycloak.storage.ldap.idm.query.Condition;
|
||||||
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
|
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
|
||||||
|
@ -179,7 +179,7 @@ public class UserAttributeLDAPStorageMapper extends AbstractLDAPStorageMapper {
|
||||||
final boolean isMandatoryInLdap = parseBooleanParameter(mapperModel, IS_MANDATORY_IN_LDAP);
|
final boolean isMandatoryInLdap = parseBooleanParameter(mapperModel, IS_MANDATORY_IN_LDAP);
|
||||||
|
|
||||||
// For writable mode, we want to propagate writing of attribute to LDAP as well
|
// For writable mode, we want to propagate writing of attribute to LDAP as well
|
||||||
if (ldapProvider.getEditMode() == LDAPStorageProviderFactory.EditMode.WRITABLE && !isReadOnly()) {
|
if (ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE && !isReadOnly()) {
|
||||||
|
|
||||||
delegate = new TxAwareLDAPUserModelDelegate(delegate, ldapProvider, ldapUser) {
|
delegate = new TxAwareLDAPUserModelDelegate(delegate, ldapProvider, ldapUser) {
|
||||||
|
|
||||||
|
|
|
@ -21,17 +21,13 @@ import org.keycloak.component.ComponentModel;
|
||||||
import org.keycloak.component.ComponentValidationException;
|
import org.keycloak.component.ComponentValidationException;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserFederationProvider;
|
|
||||||
import org.keycloak.models.UserFederationProviderModel;
|
|
||||||
import org.keycloak.provider.ProviderConfigProperty;
|
import org.keycloak.provider.ProviderConfigProperty;
|
||||||
import org.keycloak.provider.ProviderConfigurationBuilder;
|
import org.keycloak.provider.ProviderConfigurationBuilder;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPConfig;
|
import org.keycloak.storage.ldap.LDAPConfig;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
|
||||||
|
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||||
|
@ -50,7 +46,7 @@ public class UserAttributeLDAPStorageMapperFactory extends AbstractLDAPStorageMa
|
||||||
String readOnly = "false";
|
String readOnly = "false";
|
||||||
if (parent != null) {
|
if (parent != null) {
|
||||||
LDAPConfig ldapConfig = new LDAPConfig(parent.getConfig());
|
LDAPConfig ldapConfig = new LDAPConfig(parent.getConfig());
|
||||||
readOnly = ldapConfig.getEditMode() == LDAPStorageProviderFactory.EditMode.WRITABLE ? "false" : "true";
|
readOnly = ldapConfig.getEditMode() == UserStorageProvider.EditMode.WRITABLE ? "false" : "true";
|
||||||
}
|
}
|
||||||
return ProviderConfigurationBuilder.create()
|
return ProviderConfigurationBuilder.create()
|
||||||
.property().name(UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE)
|
.property().name(UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE)
|
||||||
|
|
|
@ -22,14 +22,11 @@ import org.keycloak.component.ComponentValidationException;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.LDAPConstants;
|
import org.keycloak.models.LDAPConstants;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserFederationProvider;
|
|
||||||
import org.keycloak.models.UserFederationProviderModel;
|
|
||||||
import org.keycloak.provider.ProviderConfigProperty;
|
import org.keycloak.provider.ProviderConfigProperty;
|
||||||
import org.keycloak.provider.ProviderConfigurationBuilder;
|
import org.keycloak.provider.ProviderConfigurationBuilder;
|
||||||
import org.keycloak.representations.idm.UserFederationMapperSyncConfigRepresentation;
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPConfig;
|
import org.keycloak.storage.ldap.LDAPConfig;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
|
||||||
import org.keycloak.storage.ldap.LDAPUtils;
|
import org.keycloak.storage.ldap.LDAPUtils;
|
||||||
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper;
|
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper;
|
||||||
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapperFactory;
|
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapperFactory;
|
||||||
|
@ -80,7 +77,7 @@ public class GroupLDAPStorageMapperFactory extends AbstractLDAPStorageMapperFact
|
||||||
if (parent != null) {
|
if (parent != null) {
|
||||||
LDAPConfig config = new LDAPConfig(parent.getConfig());
|
LDAPConfig config = new LDAPConfig(parent.getConfig());
|
||||||
roleObjectClasses = config.isActiveDirectory() ? LDAPConstants.GROUP : LDAPConstants.GROUP_OF_NAMES;
|
roleObjectClasses = config.isActiveDirectory() ? LDAPConstants.GROUP : LDAPConstants.GROUP_OF_NAMES;
|
||||||
mode = config.getEditMode() == LDAPStorageProviderFactory.EditMode.WRITABLE ? LDAPGroupMapperMode.LDAP_ONLY.toString() : LDAPGroupMapperMode.READ_ONLY.toString();
|
mode = config.getEditMode() == UserStorageProvider.EditMode.WRITABLE ? LDAPGroupMapperMode.LDAP_ONLY.toString() : LDAPGroupMapperMode.READ_ONLY.toString();
|
||||||
}
|
}
|
||||||
return ProviderConfigurationBuilder.create()
|
return ProviderConfigurationBuilder.create()
|
||||||
.property().name(GroupMapperConfig.GROUPS_DN)
|
.property().name(GroupMapperConfig.GROUPS_DN)
|
||||||
|
|
|
@ -22,14 +22,11 @@ import org.keycloak.component.ComponentValidationException;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.LDAPConstants;
|
import org.keycloak.models.LDAPConstants;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserFederationProvider;
|
|
||||||
import org.keycloak.models.UserFederationProviderModel;
|
|
||||||
import org.keycloak.provider.ProviderConfigProperty;
|
import org.keycloak.provider.ProviderConfigProperty;
|
||||||
import org.keycloak.provider.ProviderConfigurationBuilder;
|
import org.keycloak.provider.ProviderConfigurationBuilder;
|
||||||
import org.keycloak.representations.idm.UserFederationMapperSyncConfigRepresentation;
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPConfig;
|
import org.keycloak.storage.ldap.LDAPConfig;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
|
||||||
import org.keycloak.storage.ldap.LDAPUtils;
|
import org.keycloak.storage.ldap.LDAPUtils;
|
||||||
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper;
|
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper;
|
||||||
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapperFactory;
|
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapperFactory;
|
||||||
|
@ -80,7 +77,7 @@ public class RoleLDAPStorageMapperFactory extends AbstractLDAPStorageMapperFacto
|
||||||
if (parent != null) {
|
if (parent != null) {
|
||||||
LDAPConfig config = new LDAPConfig(parent.getConfig());
|
LDAPConfig config = new LDAPConfig(parent.getConfig());
|
||||||
roleObjectClasses = config.isActiveDirectory() ? LDAPConstants.GROUP : LDAPConstants.GROUP_OF_NAMES;
|
roleObjectClasses = config.isActiveDirectory() ? LDAPConstants.GROUP : LDAPConstants.GROUP_OF_NAMES;
|
||||||
mode = config.getEditMode() == LDAPStorageProviderFactory.EditMode.WRITABLE ? LDAPGroupMapperMode.LDAP_ONLY.toString() : LDAPGroupMapperMode.READ_ONLY.toString();
|
mode = config.getEditMode() == UserStorageProvider.EditMode.WRITABLE ? LDAPGroupMapperMode.LDAP_ONLY.toString() : LDAPGroupMapperMode.READ_ONLY.toString();
|
||||||
}
|
}
|
||||||
return ProviderConfigurationBuilder.create()
|
return ProviderConfigurationBuilder.create()
|
||||||
.property().name(RoleMapperConfig.ROLES_DN)
|
.property().name(RoleMapperConfig.ROLES_DN)
|
||||||
|
|
|
@ -25,8 +25,8 @@ import org.keycloak.models.ModelException;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.utils.UserModelDelegate;
|
import org.keycloak.models.utils.UserModelDelegate;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
|
||||||
import org.keycloak.storage.ldap.idm.model.LDAPObject;
|
import org.keycloak.storage.ldap.idm.model.LDAPObject;
|
||||||
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
|
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
|
||||||
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper;
|
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper;
|
||||||
|
@ -64,7 +64,7 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp
|
||||||
// This needs to be read-only and can be set to writable just on demand
|
// This needs to be read-only and can be set to writable just on demand
|
||||||
query.addReturningReadOnlyLdapAttribute(LDAPConstants.PWD_LAST_SET);
|
query.addReturningReadOnlyLdapAttribute(LDAPConstants.PWD_LAST_SET);
|
||||||
|
|
||||||
if (ldapProvider.getEditMode() != LDAPStorageProviderFactory.EditMode.WRITABLE) {
|
if (ldapProvider.getEditMode() != UserStorageProvider.EditMode.WRITABLE) {
|
||||||
query.addReturningReadOnlyLdapAttribute(LDAPConstants.USER_ACCOUNT_CONTROL);
|
query.addReturningReadOnlyLdapAttribute(LDAPConstants.USER_ACCOUNT_CONTROL);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -119,7 +119,7 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp
|
||||||
protected boolean processAuthErrorCode(String errorCode, UserModel user) {
|
protected boolean processAuthErrorCode(String errorCode, UserModel user) {
|
||||||
logger.debugf("MSAD Error code is '%s' after failed LDAP login of user '%s'", errorCode, user.getUsername());
|
logger.debugf("MSAD Error code is '%s' after failed LDAP login of user '%s'", errorCode, user.getUsername());
|
||||||
|
|
||||||
if (ldapProvider.getEditMode() == LDAPStorageProviderFactory.EditMode.WRITABLE) {
|
if (ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE) {
|
||||||
if (errorCode.equals("532") || errorCode.equals("773")) {
|
if (errorCode.equals("532") || errorCode.equals("773")) {
|
||||||
// User needs to change his MSAD password. Allow him to login, but add UPDATE_PASSWORD required action
|
// User needs to change his MSAD password. Allow him to login, but add UPDATE_PASSWORD required action
|
||||||
user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
|
user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
|
||||||
|
@ -200,7 +200,7 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp
|
||||||
// Always update DB
|
// Always update DB
|
||||||
super.setEnabled(enabled);
|
super.setEnabled(enabled);
|
||||||
|
|
||||||
if (ldapProvider.getEditMode() == LDAPStorageProviderFactory.EditMode.WRITABLE && getPwdLastSet() > 0) {
|
if (ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE && getPwdLastSet() > 0) {
|
||||||
logger.debugf("Going to propagate enabled=%s for ldapUser '%s' to MSAD", enabled, ldapUser.getDn().toString());
|
logger.debugf("Going to propagate enabled=%s for ldapUser '%s' to MSAD", enabled, ldapUser.getDn().toString());
|
||||||
|
|
||||||
UserAccountControl control = getUserAccountControl(ldapUser);
|
UserAccountControl control = getUserAccountControl(ldapUser);
|
||||||
|
@ -225,7 +225,7 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp
|
||||||
// Always update DB
|
// Always update DB
|
||||||
super.addRequiredAction(action);
|
super.addRequiredAction(action);
|
||||||
|
|
||||||
if (ldapProvider.getEditMode() == LDAPStorageProviderFactory.EditMode.WRITABLE && RequiredAction.UPDATE_PASSWORD.toString().equals(action)) {
|
if (ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE && RequiredAction.UPDATE_PASSWORD.toString().equals(action)) {
|
||||||
logger.debugf("Going to propagate required action UPDATE_PASSWORD to MSAD for ldap user '%s' ", ldapUser.getDn().toString());
|
logger.debugf("Going to propagate required action UPDATE_PASSWORD to MSAD for ldap user '%s' ", ldapUser.getDn().toString());
|
||||||
|
|
||||||
// Normally it's read-only
|
// Normally it's read-only
|
||||||
|
@ -247,7 +247,7 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp
|
||||||
// Always update DB
|
// Always update DB
|
||||||
super.removeRequiredAction(action);
|
super.removeRequiredAction(action);
|
||||||
|
|
||||||
if (ldapProvider.getEditMode() == LDAPStorageProviderFactory.EditMode.WRITABLE && RequiredAction.UPDATE_PASSWORD.toString().equals(action)) {
|
if (ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE && RequiredAction.UPDATE_PASSWORD.toString().equals(action)) {
|
||||||
|
|
||||||
// Don't set pwdLastSet in MSAD when it is new user
|
// Don't set pwdLastSet in MSAD when it is new user
|
||||||
UserAccountControl accountControl = getUserAccountControl(ldapUser);
|
UserAccountControl accountControl = getUserAccountControl(ldapUser);
|
||||||
|
@ -267,7 +267,7 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp
|
||||||
public Set<String> getRequiredActions() {
|
public Set<String> getRequiredActions() {
|
||||||
Set<String> requiredActions = super.getRequiredActions();
|
Set<String> requiredActions = super.getRequiredActions();
|
||||||
|
|
||||||
if (ldapProvider.getEditMode() == LDAPStorageProviderFactory.EditMode.WRITABLE) {
|
if (ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE) {
|
||||||
if (getPwdLastSet() == 0 || getUserAccountControl(ldapUser).has(UserAccountControl.PASSWORD_EXPIRED)) {
|
if (getPwdLastSet() == 0 || getUserAccountControl(ldapUser).has(UserAccountControl.PASSWORD_EXPIRED)) {
|
||||||
requiredActions = new HashSet<>(requiredActions);
|
requiredActions = new HashSet<>(requiredActions);
|
||||||
requiredActions.add(RequiredAction.UPDATE_PASSWORD.toString());
|
requiredActions.add(RequiredAction.UPDATE_PASSWORD.toString());
|
||||||
|
|
|
@ -1 +1,18 @@
|
||||||
|
#
|
||||||
|
# Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||||
|
# and other contributors as indicated by the @author tags.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
#
|
||||||
|
|
||||||
org.keycloak.storage.ldap.LDAPStorageProviderFactory
|
org.keycloak.storage.ldap.LDAPStorageProviderFactory
|
|
@ -1,3 +1,20 @@
|
||||||
|
#
|
||||||
|
# Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||||
|
# and other contributors as indicated by the @author tags.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
#
|
||||||
|
|
||||||
org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapperFactory
|
org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapperFactory
|
||||||
org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapperFactory
|
org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapperFactory
|
||||||
org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory
|
org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory
|
||||||
|
|
|
@ -31,12 +31,13 @@ import java.sql.ResultSet;
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||||
*/
|
*/
|
||||||
public class PortLdapUserFedToComponentModel extends AbstractUserFedToComponent {
|
public class MigrateUserFedToComponent extends AbstractUserFedToComponent {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void generateStatementsImpl() throws CustomChangeException {
|
protected void generateStatementsImpl() throws CustomChangeException {
|
||||||
String providerId = LDAPConstants.LDAP_PROVIDER;
|
String providerId = LDAPConstants.LDAP_PROVIDER;
|
||||||
convertFedProviderToComponent(LDAPConstants.LDAP_PROVIDER, "org.keycloak.storage.ldap.mappers.LDAPStorageMapper");
|
convertFedProviderToComponent(LDAPConstants.LDAP_PROVIDER, "org.keycloak.storage.ldap.mappers.LDAPStorageMapper");
|
||||||
|
convertFedProviderToComponent("kerberos", null);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
|
@ -19,7 +19,7 @@
|
||||||
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
|
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
|
||||||
|
|
||||||
<changeSet author="bburke@redhat.com" id="2.4.0">
|
<changeSet author="bburke@redhat.com" id="2.4.0">
|
||||||
<customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.PortLdapUserFedToComponentModel"/>
|
<customChange class="org.keycloak.connections.jpa.updater.liquibase.custom.MigrateUserFedToComponent"/>
|
||||||
</changeSet>
|
</changeSet>
|
||||||
|
|
||||||
</databaseChangeLog>
|
</databaseChangeLog>
|
|
@ -49,6 +49,7 @@ public class Update2_4_0 extends Update {
|
||||||
public void update(KeycloakSession session) {
|
public void update(KeycloakSession session) {
|
||||||
portUserFedMappersToComponent(LDAPConstants.LDAP_PROVIDER, "org.keycloak.storage.ldap.mappers.LDAPStorageMapper");
|
portUserFedMappersToComponent(LDAPConstants.LDAP_PROVIDER, "org.keycloak.storage.ldap.mappers.LDAPStorageMapper");
|
||||||
portUserFedToComponent(LDAPConstants.LDAP_PROVIDER);
|
portUserFedToComponent(LDAPConstants.LDAP_PROVIDER);
|
||||||
|
portUserFedToComponent("kerberos");
|
||||||
}
|
}
|
||||||
|
|
||||||
public void portUserFedToComponent(String providerId) {
|
public void portUserFedToComponent(String providerId) {
|
||||||
|
|
|
@ -362,6 +362,7 @@ public class RepresentationToModel {
|
||||||
// providers to convert to component model
|
// providers to convert to component model
|
||||||
Set<String> convertSet = new HashSet<>();
|
Set<String> convertSet = new HashSet<>();
|
||||||
convertSet.add(LDAPConstants.LDAP_PROVIDER);
|
convertSet.add(LDAPConstants.LDAP_PROVIDER);
|
||||||
|
convertSet.add("kerberos");
|
||||||
Map<String, String> mapperConvertSet = new HashMap<>();
|
Map<String, String> mapperConvertSet = new HashMap<>();
|
||||||
mapperConvertSet.put(LDAPConstants.LDAP_PROVIDER, "org.keycloak.storage.ldap.mappers.LDAPStorageMapper");
|
mapperConvertSet.put(LDAPConstants.LDAP_PROVIDER, "org.keycloak.storage.ldap.mappers.LDAPStorageMapper");
|
||||||
|
|
||||||
|
|
|
@ -26,8 +26,31 @@ import org.keycloak.provider.Provider;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public interface UserStorageProvider extends Provider {
|
public interface UserStorageProvider extends Provider {
|
||||||
|
|
||||||
|
|
||||||
void preRemove(RealmModel realm);
|
void preRemove(RealmModel realm);
|
||||||
void preRemove(RealmModel realm, GroupModel group);
|
void preRemove(RealmModel realm, GroupModel group);
|
||||||
void preRemove(RealmModel realm, RoleModel role);
|
void preRemove(RealmModel realm, RoleModel role);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Optional type that can be by implementations to describe edit mode of federation storage
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
enum EditMode {
|
||||||
|
/**
|
||||||
|
* federation storage is read-only
|
||||||
|
*/
|
||||||
|
READ_ONLY,
|
||||||
|
/**
|
||||||
|
* federation storage is writable
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
WRITABLE,
|
||||||
|
/**
|
||||||
|
* updates to user are stored locally and not synced with federation storage.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
UNSYNCED
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -45,6 +45,7 @@ import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.representations.idm.UserFederationProviderRepresentation;
|
import org.keycloak.representations.idm.UserFederationProviderRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
|
import org.keycloak.storage.UserStorageProviderModel;
|
||||||
import org.keycloak.testsuite.AssertEvents;
|
import org.keycloak.testsuite.AssertEvents;
|
||||||
import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
|
import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
|
||||||
import org.keycloak.testsuite.adapter.page.KerberosPortal;
|
import org.keycloak.testsuite.adapter.page.KerberosPortal;
|
||||||
|
@ -89,7 +90,7 @@ public abstract class AbstractKerberosAdapterTest extends AbstractServletsAdapte
|
||||||
|
|
||||||
protected abstract String getConnectionPropertiesLocation();
|
protected abstract String getConnectionPropertiesLocation();
|
||||||
|
|
||||||
protected abstract CommonKerberosConfig getKerberosConfig(UserFederationProviderModel model);
|
protected abstract CommonKerberosConfig getKerberosConfig(UserStorageProviderModel model);
|
||||||
|
|
||||||
@Deployment(name = KerberosPortal.DEPLOYMENT_NAME)
|
@Deployment(name = KerberosPortal.DEPLOYMENT_NAME)
|
||||||
protected static WebArchive kerberosPortal() {
|
protected static WebArchive kerberosPortal() {
|
||||||
|
@ -116,8 +117,8 @@ public abstract class AbstractKerberosAdapterTest extends AbstractServletsAdapte
|
||||||
ldapEmbeddedServer.init();
|
ldapEmbeddedServer.init();
|
||||||
ldapEmbeddedServer.start();
|
ldapEmbeddedServer.start();
|
||||||
}
|
}
|
||||||
UserFederationProviderModel model = new UserFederationProviderModel();
|
UserStorageProviderModel model = new UserStorageProviderModel();
|
||||||
model.setConfig(ldapTestConfiguration.getLDAPConfig());
|
model.setConfig(AbstractKerberosStandaloneAdapterTest.toComponentConfig(ldapTestConfiguration.getLDAPConfig()));
|
||||||
spnegoSchemeFactory = new KeycloakSPNegoSchemeFactory(getKerberosConfig(model));
|
spnegoSchemeFactory = new KeycloakSPNegoSchemeFactory(getKerberosConfig(model));
|
||||||
initHttpClient(true);
|
initHttpClient(true);
|
||||||
removeAllUsers();
|
removeAllUsers();
|
||||||
|
|
|
@ -21,12 +21,16 @@ import org.junit.Assert;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.common.constants.KerberosConstants;
|
import org.keycloak.common.constants.KerberosConstants;
|
||||||
|
import org.keycloak.common.util.MultivaluedHashMap;
|
||||||
import org.keycloak.federation.kerberos.CommonKerberosConfig;
|
import org.keycloak.federation.kerberos.CommonKerberosConfig;
|
||||||
import org.keycloak.federation.kerberos.KerberosConfig;
|
import org.keycloak.federation.kerberos.KerberosConfig;
|
||||||
import org.keycloak.federation.kerberos.KerberosFederationProviderFactory;
|
import org.keycloak.federation.kerberos.KerberosFederationProviderFactory;
|
||||||
import org.keycloak.models.UserFederationProviderModel;
|
import org.keycloak.models.UserFederationProviderModel;
|
||||||
|
import org.keycloak.representations.idm.ComponentRepresentation;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.representations.idm.UserFederationProviderRepresentation;
|
import org.keycloak.representations.idm.UserFederationProviderRepresentation;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
|
import org.keycloak.storage.UserStorageProviderModel;
|
||||||
|
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
@ -39,28 +43,36 @@ import java.util.Map;
|
||||||
*/
|
*/
|
||||||
public abstract class AbstractKerberosStandaloneAdapterTest extends AbstractKerberosAdapterTest {
|
public abstract class AbstractKerberosStandaloneAdapterTest extends AbstractKerberosAdapterTest {
|
||||||
|
|
||||||
|
public static MultivaluedHashMap<String, String> toComponentConfig(Map<String, String> ldapConfig) {
|
||||||
|
MultivaluedHashMap<String, String> config = new MultivaluedHashMap<>();
|
||||||
|
for (Map.Entry<String, String> entry : ldapConfig.entrySet()) {
|
||||||
|
config.add(entry.getKey(), entry.getValue());
|
||||||
|
|
||||||
|
}
|
||||||
|
return config;
|
||||||
|
}
|
||||||
|
|
||||||
protected static final String PROVIDER_CONFIG_LOCATION = "kerberos-standalone-connection.properties";
|
protected static final String PROVIDER_CONFIG_LOCATION = "kerberos-standalone-connection.properties";
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void init() throws Exception{
|
public void init() throws Exception{
|
||||||
Map<String,String> ldapConfig = getConfig();
|
|
||||||
UserFederationProviderRepresentation userFederationProviderRepresentation = new UserFederationProviderRepresentation();
|
|
||||||
userFederationProviderRepresentation.setProviderName(KerberosFederationProviderFactory.PROVIDER_NAME);
|
|
||||||
userFederationProviderRepresentation.setConfig(ldapConfig);
|
|
||||||
userFederationProviderRepresentation.setPriority(0);
|
|
||||||
userFederationProviderRepresentation.setDisplayName("kerberos-standalone");
|
|
||||||
userFederationProviderRepresentation.setFullSyncPeriod(-1);
|
|
||||||
userFederationProviderRepresentation.setChangedSyncPeriod(-1);
|
|
||||||
userFederationProviderRepresentation.setLastSync(0);
|
|
||||||
|
|
||||||
RealmRepresentation realmRepresentation = testRealmResource().toRepresentation();
|
RealmRepresentation realmRepresentation = testRealmResource().toRepresentation();
|
||||||
realmRepresentation.setUserFederationProviders(Arrays.asList(userFederationProviderRepresentation));
|
Map<String,String> ldapConfig = getConfig();
|
||||||
|
ComponentRepresentation component = new ComponentRepresentation();
|
||||||
|
component.setName("kerberos-standalone");
|
||||||
|
component.setParentId(realmRepresentation.getId());
|
||||||
|
component.setProviderId(KerberosFederationProviderFactory.PROVIDER_NAME);
|
||||||
|
component.setProviderType(UserStorageProvider.class.getName());
|
||||||
|
component.setConfig(toComponentConfig(ldapConfig));
|
||||||
|
component.getConfig().putSingle("priority", "0");
|
||||||
|
|
||||||
|
testRealmResource().components().add(component);
|
||||||
realmRepresentation.setEventsEnabled(true);
|
realmRepresentation.setEventsEnabled(true);
|
||||||
testRealmResource().update(realmRepresentation);
|
testRealmResource().update(realmRepresentation);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected CommonKerberosConfig getKerberosConfig(UserFederationProviderModel model) {
|
protected CommonKerberosConfig getKerberosConfig(UserStorageProviderModel model) {
|
||||||
return new KerberosConfig(model);
|
return new KerberosConfig(model);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -31,6 +31,7 @@ import org.junit.Test;
|
||||||
import org.keycloak.adapters.HttpClientBuilder;
|
import org.keycloak.adapters.HttpClientBuilder;
|
||||||
import org.keycloak.authentication.authenticators.browser.SpnegoAuthenticator;
|
import org.keycloak.authentication.authenticators.browser.SpnegoAuthenticator;
|
||||||
import org.keycloak.common.constants.KerberosConstants;
|
import org.keycloak.common.constants.KerberosConstants;
|
||||||
|
import org.keycloak.component.ComponentModel;
|
||||||
import org.keycloak.events.Details;
|
import org.keycloak.events.Details;
|
||||||
import org.keycloak.federation.kerberos.CommonKerberosConfig;
|
import org.keycloak.federation.kerberos.CommonKerberosConfig;
|
||||||
import org.keycloak.models.ClientModel;
|
import org.keycloak.models.ClientModel;
|
||||||
|
@ -44,6 +45,7 @@ import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
|
||||||
import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
|
import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
import org.keycloak.testsuite.AssertEvents;
|
import org.keycloak.testsuite.AssertEvents;
|
||||||
import org.keycloak.testsuite.OAuthClient;
|
import org.keycloak.testsuite.OAuthClient;
|
||||||
import org.keycloak.testsuite.pages.AccountPasswordPage;
|
import org.keycloak.testsuite.pages.AccountPasswordPage;
|
||||||
|
@ -179,7 +181,7 @@ public abstract class AbstractKerberosTest {
|
||||||
AssertEvents events = getAssertEvents();
|
AssertEvents events = getAssertEvents();
|
||||||
|
|
||||||
// Change editMode to READ_ONLY
|
// Change editMode to READ_ONLY
|
||||||
updateProviderEditMode(UserFederationProvider.EditMode.READ_ONLY);
|
updateProviderEditMode(UserStorageProvider.EditMode.READ_ONLY);
|
||||||
|
|
||||||
// Login with username/password from kerberos
|
// Login with username/password from kerberos
|
||||||
changePasswordPage.open();
|
changePasswordPage.open();
|
||||||
|
@ -200,7 +202,7 @@ public abstract class AbstractKerberosTest {
|
||||||
Assert.assertTrue(driver.getPageSource().contains("You can't update your password as your account is read only"));
|
Assert.assertTrue(driver.getPageSource().contains("You can't update your password as your account is read only"));
|
||||||
|
|
||||||
// Change editMode to UNSYNCED
|
// Change editMode to UNSYNCED
|
||||||
updateProviderEditMode(UserFederationProvider.EditMode.UNSYNCED);
|
updateProviderEditMode(UserStorageProvider.EditMode.UNSYNCED);
|
||||||
|
|
||||||
// Successfully change password now
|
// Successfully change password now
|
||||||
changePasswordPage.changePassword("theduke", "newPass", "newPass");
|
changePasswordPage.changePassword("theduke", "newPass", "newPass");
|
||||||
|
@ -382,15 +384,15 @@ public abstract class AbstractKerberosTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
protected void updateProviderEditMode(UserFederationProvider.EditMode editMode) {
|
protected void updateProviderEditMode(UserStorageProvider.EditMode editMode) {
|
||||||
KeycloakRule keycloakRule = getKeycloakRule();
|
KeycloakRule keycloakRule = getKeycloakRule();
|
||||||
|
|
||||||
KeycloakSession session = keycloakRule.startSession();
|
KeycloakSession session = keycloakRule.startSession();
|
||||||
try {
|
try {
|
||||||
RealmModel realm = session.realms().getRealm("test");
|
RealmModel realm = session.realms().getRealm("test");
|
||||||
UserFederationProviderModel kerberosProviderModel = realm.getUserFederationProviders().get(0);
|
ComponentModel kerberosProviderModel = realm.getComponents(realm.getId(), UserStorageProvider.class.getName()).get(0);
|
||||||
kerberosProviderModel.getConfig().put(LDAPConstants.EDIT_MODE, editMode.toString());
|
kerberosProviderModel.getConfig().putSingle(LDAPConstants.EDIT_MODE, editMode.toString());
|
||||||
realm.updateUserFederationProvider(kerberosProviderModel);
|
realm.updateComponent(kerberosProviderModel);
|
||||||
} finally {
|
} finally {
|
||||||
keycloakRule.stopSession(session, true);
|
keycloakRule.stopSession(session, true);
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,11 +19,14 @@ package org.keycloak.testsuite.federation;
|
||||||
|
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.ClassRule;
|
import org.junit.ClassRule;
|
||||||
|
import org.junit.FixMethodOrder;
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.junit.rules.RuleChain;
|
import org.junit.rules.RuleChain;
|
||||||
import org.junit.rules.TestRule;
|
import org.junit.rules.TestRule;
|
||||||
|
import org.junit.runners.MethodSorters;
|
||||||
import org.keycloak.common.constants.KerberosConstants;
|
import org.keycloak.common.constants.KerberosConstants;
|
||||||
|
import org.keycloak.common.util.MultivaluedHashMap;
|
||||||
import org.keycloak.federation.kerberos.CommonKerberosConfig;
|
import org.keycloak.federation.kerberos.CommonKerberosConfig;
|
||||||
import org.keycloak.federation.kerberos.KerberosConfig;
|
import org.keycloak.federation.kerberos.KerberosConfig;
|
||||||
import org.keycloak.federation.kerberos.KerberosFederationProviderFactory;
|
import org.keycloak.federation.kerberos.KerberosFederationProviderFactory;
|
||||||
|
@ -32,7 +35,10 @@ import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserFederationProviderModel;
|
import org.keycloak.models.UserFederationProviderModel;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
import org.keycloak.storage.UserStorageProviderModel;
|
||||||
|
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
||||||
import org.keycloak.testsuite.AssertEvents;
|
import org.keycloak.testsuite.AssertEvents;
|
||||||
|
import org.keycloak.testsuite.federation.storage.ldap.LDAPTestUtils;
|
||||||
import org.keycloak.testsuite.rule.KerberosRule;
|
import org.keycloak.testsuite.rule.KerberosRule;
|
||||||
import org.keycloak.testsuite.rule.KeycloakRule;
|
import org.keycloak.testsuite.rule.KeycloakRule;
|
||||||
import org.keycloak.testsuite.rule.WebRule;
|
import org.keycloak.testsuite.rule.WebRule;
|
||||||
|
@ -47,11 +53,12 @@ import java.util.Map;
|
||||||
*
|
*
|
||||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||||
*/
|
*/
|
||||||
|
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
|
||||||
public class KerberosStandaloneTest extends AbstractKerberosTest {
|
public class KerberosStandaloneTest extends AbstractKerberosTest {
|
||||||
|
|
||||||
private static final String PROVIDER_CONFIG_LOCATION = "kerberos/kerberos-standalone-connection.properties";
|
private static final String PROVIDER_CONFIG_LOCATION = "kerberos/kerberos-standalone-connection.properties";
|
||||||
|
|
||||||
private static UserFederationProviderModel kerberosModel;
|
private static UserStorageProviderModel kerberosModel;
|
||||||
|
|
||||||
private static KerberosRule kerberosRule = new KerberosRule(PROVIDER_CONFIG_LOCATION);
|
private static KerberosRule kerberosRule = new KerberosRule(PROVIDER_CONFIG_LOCATION);
|
||||||
|
|
||||||
|
@ -69,7 +76,18 @@ public class KerberosStandaloneTest extends AbstractKerberosTest {
|
||||||
|
|
||||||
|
|
||||||
Map<String,String> kerberosConfig = kerberosRule.getConfig();
|
Map<String,String> kerberosConfig = kerberosRule.getConfig();
|
||||||
kerberosModel = appRealm.addUserFederationProvider(KerberosFederationProviderFactory.PROVIDER_NAME, kerberosConfig, 0, "kerberos-standalone", -1, -1, 0);
|
MultivaluedHashMap<String, String> config = LDAPTestUtils.toComponentConfig(kerberosConfig);
|
||||||
|
|
||||||
|
UserStorageProviderModel model = new UserStorageProviderModel();
|
||||||
|
model.setLastSync(0);
|
||||||
|
model.setChangedSyncPeriod(-1);
|
||||||
|
model.setFullSyncPeriod(-1);
|
||||||
|
model.setName("kerberos-standalone");
|
||||||
|
model.setPriority(0);
|
||||||
|
model.setProviderId(KerberosFederationProviderFactory.PROVIDER_NAME);
|
||||||
|
model.setConfig(config);
|
||||||
|
|
||||||
|
kerberosModel = new UserStorageProviderModel(appRealm.addComponentModel(model));
|
||||||
}
|
}
|
||||||
|
|
||||||
}) {
|
}) {
|
||||||
|
@ -119,6 +137,18 @@ public class KerberosStandaloneTest extends AbstractKerberosTest {
|
||||||
assertUser("hnelson", "hnelson@keycloak.org", null, null, false);
|
assertUser("hnelson", "hnelson@keycloak.org", null, null, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
@Override
|
||||||
|
public void spnegoCaseInsensitiveTest() throws Exception {
|
||||||
|
super.spnegoCaseInsensitiveTest();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
@Override
|
||||||
|
public void credentialDelegationTest() throws Exception {
|
||||||
|
super.credentialDelegationTest();
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@Override
|
@Override
|
||||||
public void usernamePasswordLoginTest() throws Exception {
|
public void usernamePasswordLoginTest() throws Exception {
|
||||||
|
@ -131,9 +161,9 @@ public class KerberosStandaloneTest extends AbstractKerberosTest {
|
||||||
KeycloakSession session = keycloakRule.startSession();
|
KeycloakSession session = keycloakRule.startSession();
|
||||||
try {
|
try {
|
||||||
RealmModel realm = session.realms().getRealm("test");
|
RealmModel realm = session.realms().getRealm("test");
|
||||||
UserFederationProviderModel kerberosProviderModel = realm.getUserFederationProviders().get(0);
|
UserStorageProviderModel kerberosProviderModel = realm.getUserStorageProviders().get(0);
|
||||||
kerberosProviderModel.getConfig().put(KerberosConstants.UPDATE_PROFILE_FIRST_LOGIN, "true");
|
kerberosProviderModel.getConfig().putSingle(KerberosConstants.UPDATE_PROFILE_FIRST_LOGIN, "true");
|
||||||
realm.updateUserFederationProvider(kerberosProviderModel);
|
realm.updateComponent(kerberosProviderModel);
|
||||||
} finally {
|
} finally {
|
||||||
keycloakRule.stopSession(session, true);
|
keycloakRule.stopSession(session, true);
|
||||||
}
|
}
|
||||||
|
@ -153,9 +183,9 @@ public class KerberosStandaloneTest extends AbstractKerberosTest {
|
||||||
session = keycloakRule.startSession();
|
session = keycloakRule.startSession();
|
||||||
try {
|
try {
|
||||||
RealmModel realm = session.realms().getRealm("test");
|
RealmModel realm = session.realms().getRealm("test");
|
||||||
UserFederationProviderModel kerberosProviderModel = realm.getUserFederationProviders().get(0);
|
UserStorageProviderModel kerberosProviderModel = realm.getUserStorageProviders().get(0);
|
||||||
kerberosProviderModel.getConfig().put(KerberosConstants.UPDATE_PROFILE_FIRST_LOGIN, "false");
|
kerberosProviderModel.getConfig().putSingle(KerberosConstants.UPDATE_PROFILE_FIRST_LOGIN, "false");
|
||||||
realm.updateUserFederationProvider(kerberosProviderModel);
|
realm.updateComponent(kerberosProviderModel);
|
||||||
} finally {
|
} finally {
|
||||||
keycloakRule.stopSession(session, true);
|
keycloakRule.stopSession(session, true);
|
||||||
}
|
}
|
||||||
|
|
|
@ -47,7 +47,6 @@ import org.keycloak.utils.CredentialHelper;
|
||||||
|
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test of LDAPFederationProvider (Kerberos backed by LDAP)
|
* Test of LDAPFederationProvider (Kerberos backed by LDAP)
|
||||||
|
@ -73,7 +72,7 @@ public class KerberosLdapTest extends AbstractKerberosTest {
|
||||||
.servletClass(KerberosCredDelegServlet.class).adapterConfigPath(url.getPath())
|
.servletClass(KerberosCredDelegServlet.class).adapterConfigPath(url.getPath())
|
||||||
.role("user").deployApplication();
|
.role("user").deployApplication();
|
||||||
|
|
||||||
MultivaluedHashMap<String, String> ldapConfig = LDAPTestUtils.toLdapConfig(kerberosRule.getConfig());
|
MultivaluedHashMap<String, String> ldapConfig = LDAPTestUtils.toComponentConfig(kerberosRule.getConfig());
|
||||||
UserStorageProviderModel model = new UserStorageProviderModel();
|
UserStorageProviderModel model = new UserStorageProviderModel();
|
||||||
model.setLastSync(0);
|
model.setLastSync(0);
|
||||||
model.setChangedSyncPeriod(-1);
|
model.setChangedSyncPeriod(-1);
|
||||||
|
@ -135,42 +134,13 @@ public class KerberosLdapTest extends AbstractKerberosTest {
|
||||||
super.usernamePasswordLoginTest();
|
super.usernamePasswordLoginTest();
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void updateProviderEditMode(LDAPStorageProviderFactory.EditMode editMode) {
|
|
||||||
KeycloakRule keycloakRule = getKeycloakRule();
|
|
||||||
|
|
||||||
KeycloakSession session = keycloakRule.startSession();
|
|
||||||
try {
|
|
||||||
RealmModel realm = session.realms().getRealm("test");
|
|
||||||
ComponentModel kerberosProviderModel = realm.getComponents(realm.getId(), UserStorageProvider.class.getName()).get(0);
|
|
||||||
kerberosProviderModel.getConfig().putSingle(LDAPConstants.EDIT_MODE, editMode.toString());
|
|
||||||
realm.updateComponent(kerberosProviderModel);
|
|
||||||
} finally {
|
|
||||||
keycloakRule.stopSession(session, true);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void updateProviderEditMode(UserFederationProvider.EditMode editMode) {
|
|
||||||
switch (editMode) {
|
|
||||||
case WRITABLE:
|
|
||||||
updateProviderEditMode(LDAPStorageProviderFactory.EditMode.WRITABLE);
|
|
||||||
break;
|
|
||||||
case READ_ONLY:
|
|
||||||
updateProviderEditMode(LDAPStorageProviderFactory.EditMode.READ_ONLY);
|
|
||||||
break;
|
|
||||||
case UNSYNCED:
|
|
||||||
updateProviderEditMode(LDAPStorageProviderFactory.EditMode.UNSYNCED);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void writableEditModeTest() throws Exception {
|
public void writableEditModeTest() throws Exception {
|
||||||
KeycloakRule keycloakRule = getKeycloakRule();
|
KeycloakRule keycloakRule = getKeycloakRule();
|
||||||
AssertEvents events = getAssertEvents();
|
AssertEvents events = getAssertEvents();
|
||||||
|
|
||||||
// Change editMode to WRITABLE
|
// Change editMode to WRITABLE
|
||||||
updateProviderEditMode(LDAPStorageProviderFactory.EditMode.WRITABLE);
|
updateProviderEditMode(UserStorageProvider.EditMode.WRITABLE);
|
||||||
|
|
||||||
// Login with username/password from kerberos
|
// Login with username/password from kerberos
|
||||||
changePasswordPage.open();
|
changePasswordPage.open();
|
||||||
|
|
|
@ -25,6 +25,7 @@ import org.junit.Test;
|
||||||
import org.junit.runners.MethodSorters;
|
import org.junit.runners.MethodSorters;
|
||||||
import org.keycloak.common.util.MultivaluedHashMap;
|
import org.keycloak.common.util.MultivaluedHashMap;
|
||||||
import org.keycloak.component.ComponentModel;
|
import org.keycloak.component.ComponentModel;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
import org.keycloak.storage.UserStorageProviderModel;
|
import org.keycloak.storage.UserStorageProviderModel;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
||||||
|
@ -41,8 +42,6 @@ import org.keycloak.storage.user.SynchronizationResult;
|
||||||
import org.keycloak.testsuite.rule.KeycloakRule;
|
import org.keycloak.testsuite.rule.KeycloakRule;
|
||||||
import org.keycloak.testsuite.rule.LDAPRule;
|
import org.keycloak.testsuite.rule.LDAPRule;
|
||||||
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||||
*/
|
*/
|
||||||
|
@ -62,7 +61,7 @@ public class LDAPGroupMapper2WaySyncTest {
|
||||||
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
|
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
|
||||||
MultivaluedHashMap<String,String> ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule);
|
MultivaluedHashMap<String,String> ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule);
|
||||||
ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true");
|
ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true");
|
||||||
ldapConfig.putSingle(LDAPConstants.EDIT_MODE, LDAPStorageProviderFactory.EditMode.WRITABLE.toString());
|
ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString());
|
||||||
ldapConfig.putSingle(LDAPConstants.BATCH_SIZE_FOR_SYNC, "4"); // Issues with pagination on ApacheDS
|
ldapConfig.putSingle(LDAPConstants.BATCH_SIZE_FOR_SYNC, "4"); // Issues with pagination on ApacheDS
|
||||||
UserStorageProviderModel model = new UserStorageProviderModel();
|
UserStorageProviderModel model = new UserStorageProviderModel();
|
||||||
model.setLastSync(0);
|
model.setLastSync(0);
|
||||||
|
|
|
@ -27,6 +27,7 @@ import org.junit.rules.TestRule;
|
||||||
import org.junit.runners.MethodSorters;
|
import org.junit.runners.MethodSorters;
|
||||||
import org.keycloak.common.util.MultivaluedHashMap;
|
import org.keycloak.common.util.MultivaluedHashMap;
|
||||||
import org.keycloak.component.ComponentModel;
|
import org.keycloak.component.ComponentModel;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
import org.keycloak.storage.UserStorageProviderModel;
|
import org.keycloak.storage.UserStorageProviderModel;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
||||||
|
@ -50,7 +51,6 @@ import org.keycloak.testsuite.rule.KeycloakRule;
|
||||||
import org.keycloak.testsuite.rule.LDAPRule;
|
import org.keycloak.testsuite.rule.LDAPRule;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -70,7 +70,7 @@ public class LDAPGroupMapperSyncTest {
|
||||||
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
|
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
|
||||||
MultivaluedHashMap<String,String> ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule);
|
MultivaluedHashMap<String,String> ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule);
|
||||||
ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true");
|
ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true");
|
||||||
ldapConfig.putSingle(LDAPConstants.EDIT_MODE, LDAPStorageProviderFactory.EditMode.WRITABLE.toString());
|
ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString());
|
||||||
UserStorageProviderModel model = new UserStorageProviderModel();
|
UserStorageProviderModel model = new UserStorageProviderModel();
|
||||||
model.setLastSync(0);
|
model.setLastSync(0);
|
||||||
model.setChangedSyncPeriod(-1);
|
model.setChangedSyncPeriod(-1);
|
||||||
|
|
|
@ -26,6 +26,7 @@ import org.junit.rules.TestRule;
|
||||||
import org.junit.runners.MethodSorters;
|
import org.junit.runners.MethodSorters;
|
||||||
import org.keycloak.common.util.MultivaluedHashMap;
|
import org.keycloak.common.util.MultivaluedHashMap;
|
||||||
import org.keycloak.component.ComponentModel;
|
import org.keycloak.component.ComponentModel;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
import org.keycloak.storage.UserStorageProviderModel;
|
import org.keycloak.storage.UserStorageProviderModel;
|
||||||
import org.keycloak.storage.ldap.LDAPConfig;
|
import org.keycloak.storage.ldap.LDAPConfig;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
||||||
|
@ -50,7 +51,6 @@ import org.keycloak.testsuite.rule.KeycloakRule;
|
||||||
import org.keycloak.testsuite.rule.LDAPRule;
|
import org.keycloak.testsuite.rule.LDAPRule;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -73,7 +73,7 @@ public class LDAPGroupMapperTest {
|
||||||
|
|
||||||
MultivaluedHashMap<String,String> ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule);
|
MultivaluedHashMap<String,String> ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule);
|
||||||
ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true");
|
ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true");
|
||||||
ldapConfig.putSingle(LDAPConstants.EDIT_MODE, LDAPStorageProviderFactory.EditMode.WRITABLE.toString());
|
ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString());
|
||||||
UserStorageProviderModel model = new UserStorageProviderModel();
|
UserStorageProviderModel model = new UserStorageProviderModel();
|
||||||
model.setLastSync(0);
|
model.setLastSync(0);
|
||||||
model.setChangedSyncPeriod(-1);
|
model.setChangedSyncPeriod(-1);
|
||||||
|
|
|
@ -32,13 +32,12 @@ import org.keycloak.models.ClientModel;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.LDAPConstants;
|
import org.keycloak.models.LDAPConstants;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.models.UserFederationProvider;
|
|
||||||
import org.keycloak.models.UserFederationProviderModel;
|
|
||||||
import org.keycloak.models.UserModel;
|
import org.keycloak.models.UserModel;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
|
||||||
import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
|
import org.keycloak.protocol.oidc.mappers.UserAttributeMapper;
|
||||||
import org.keycloak.services.managers.RealmManager;
|
import org.keycloak.services.managers.RealmManager;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
import org.keycloak.storage.UserStorageProviderModel;
|
import org.keycloak.storage.UserStorageProviderModel;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
||||||
|
@ -57,7 +56,6 @@ import java.util.Arrays;
|
||||||
import java.util.LinkedHashSet;
|
import java.util.LinkedHashSet;
|
||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||||
|
@ -77,7 +75,7 @@ public class LDAPMultipleAttributesTest {
|
||||||
@Override
|
@Override
|
||||||
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
|
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
|
||||||
MultivaluedHashMap<String,String> ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule);
|
MultivaluedHashMap<String,String> ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule);
|
||||||
ldapConfig.putSingle(LDAPConstants.EDIT_MODE, LDAPStorageProviderFactory.EditMode.WRITABLE.toString());
|
ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString());
|
||||||
|
|
||||||
UserStorageProviderModel model = new UserStorageProviderModel();
|
UserStorageProviderModel model = new UserStorageProviderModel();
|
||||||
model.setLastSync(0);
|
model.setLastSync(0);
|
||||||
|
|
|
@ -65,7 +65,6 @@ import org.keycloak.testsuite.rule.WebRule;
|
||||||
import org.openqa.selenium.WebDriver;
|
import org.openqa.selenium.WebDriver;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
|
|
||||||
|
@ -88,7 +87,7 @@ public class LDAPProvidersIntegrationTest {
|
||||||
|
|
||||||
MultivaluedHashMap<String,String> ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule);
|
MultivaluedHashMap<String,String> ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule);
|
||||||
ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true");
|
ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true");
|
||||||
ldapConfig.putSingle(LDAPConstants.EDIT_MODE, LDAPStorageProviderFactory.EditMode.WRITABLE.toString());
|
ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString());
|
||||||
UserStorageProviderModel model = new UserStorageProviderModel();
|
UserStorageProviderModel model = new UserStorageProviderModel();
|
||||||
model.setLastSync(0);
|
model.setLastSync(0);
|
||||||
model.setChangedSyncPeriod(-1);
|
model.setChangedSyncPeriod(-1);
|
||||||
|
@ -670,7 +669,7 @@ public class LDAPProvidersIntegrationTest {
|
||||||
RealmModel appRealm = session.realms().getRealmByName("test");
|
RealmModel appRealm = session.realms().getRealmByName("test");
|
||||||
|
|
||||||
UserStorageProviderModel model = new UserStorageProviderModel(ldapModel);
|
UserStorageProviderModel model = new UserStorageProviderModel(ldapModel);
|
||||||
model.getConfig().putSingle(LDAPConstants.EDIT_MODE, LDAPStorageProviderFactory.EditMode.READ_ONLY.toString());
|
model.getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.READ_ONLY.toString());
|
||||||
appRealm.updateComponent(model);
|
appRealm.updateComponent(model);
|
||||||
UserModel user = session.users().getUserByUsername("johnkeycloak", appRealm);
|
UserModel user = session.users().getUserByUsername("johnkeycloak", appRealm);
|
||||||
Assert.assertNotNull(user);
|
Assert.assertNotNull(user);
|
||||||
|
@ -710,7 +709,7 @@ public class LDAPProvidersIntegrationTest {
|
||||||
session = keycloakRule.startSession();
|
session = keycloakRule.startSession();
|
||||||
try {
|
try {
|
||||||
RealmModel appRealm = session.realms().getRealmByName("test");
|
RealmModel appRealm = session.realms().getRealmByName("test");
|
||||||
Assert.assertEquals(LDAPStorageProviderFactory.EditMode.WRITABLE.toString(), appRealm.getComponent(ldapModel.getId()).getConfig().getFirst(LDAPConstants.EDIT_MODE));
|
Assert.assertEquals(UserStorageProvider.EditMode.WRITABLE.toString(), appRealm.getComponent(ldapModel.getId()).getConfig().getFirst(LDAPConstants.EDIT_MODE));
|
||||||
} finally {
|
} finally {
|
||||||
keycloakRule.stopSession(session, false);
|
keycloakRule.stopSession(session, false);
|
||||||
}
|
}
|
||||||
|
@ -829,7 +828,7 @@ public class LDAPProvidersIntegrationTest {
|
||||||
RealmModel appRealm = session.realms().getRealmByName("test");
|
RealmModel appRealm = session.realms().getRealmByName("test");
|
||||||
|
|
||||||
UserStorageProviderModel model = new UserStorageProviderModel(ldapModel);
|
UserStorageProviderModel model = new UserStorageProviderModel(ldapModel);
|
||||||
model.getConfig().putSingle(LDAPConstants.EDIT_MODE, LDAPStorageProviderFactory.EditMode.UNSYNCED.toString());
|
model.getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.UNSYNCED.toString());
|
||||||
appRealm.updateComponent(model);
|
appRealm.updateComponent(model);
|
||||||
UserModel user = session.users().getUserByUsername("johnkeycloak", appRealm);
|
UserModel user = session.users().getUserByUsername("johnkeycloak", appRealm);
|
||||||
Assert.assertNotNull(user);
|
Assert.assertNotNull(user);
|
||||||
|
@ -860,7 +859,7 @@ public class LDAPProvidersIntegrationTest {
|
||||||
session = keycloakRule.startSession();
|
session = keycloakRule.startSession();
|
||||||
try {
|
try {
|
||||||
RealmModel appRealm = session.realms().getRealmByName("test");
|
RealmModel appRealm = session.realms().getRealmByName("test");
|
||||||
Assert.assertEquals(LDAPStorageProviderFactory.EditMode.WRITABLE.toString(), appRealm.getComponent(ldapModel.getId()).getConfig().getFirst(LDAPConstants.EDIT_MODE));
|
Assert.assertEquals(UserStorageProvider.EditMode.WRITABLE.toString(), appRealm.getComponent(ldapModel.getId()).getConfig().getFirst(LDAPConstants.EDIT_MODE));
|
||||||
} finally {
|
} finally {
|
||||||
keycloakRule.stopSession(session, false);
|
keycloakRule.stopSession(session, false);
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,6 +27,7 @@ import org.junit.rules.TestRule;
|
||||||
import org.junit.runners.MethodSorters;
|
import org.junit.runners.MethodSorters;
|
||||||
import org.keycloak.common.util.MultivaluedHashMap;
|
import org.keycloak.common.util.MultivaluedHashMap;
|
||||||
import org.keycloak.component.ComponentModel;
|
import org.keycloak.component.ComponentModel;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
import org.keycloak.storage.UserStorageProviderModel;
|
import org.keycloak.storage.UserStorageProviderModel;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
||||||
|
@ -52,7 +53,6 @@ import org.keycloak.testsuite.rule.WebResource;
|
||||||
import org.keycloak.testsuite.rule.WebRule;
|
import org.keycloak.testsuite.rule.WebRule;
|
||||||
import org.openqa.selenium.WebDriver;
|
import org.openqa.selenium.WebDriver;
|
||||||
|
|
||||||
import java.util.Map;
|
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -73,7 +73,7 @@ public class LDAPRoleMappingsTest {
|
||||||
|
|
||||||
MultivaluedHashMap<String,String> ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule);
|
MultivaluedHashMap<String,String> ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule);
|
||||||
ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true");
|
ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true");
|
||||||
ldapConfig.putSingle(LDAPConstants.EDIT_MODE, LDAPStorageProviderFactory.EditMode.WRITABLE.toString());
|
ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString());
|
||||||
UserStorageProviderModel model = new UserStorageProviderModel();
|
UserStorageProviderModel model = new UserStorageProviderModel();
|
||||||
model.setLastSync(0);
|
model.setLastSync(0);
|
||||||
model.setChangedSyncPeriod(-1);
|
model.setChangedSyncPeriod(-1);
|
||||||
|
|
|
@ -28,6 +28,7 @@ import org.keycloak.common.util.MultivaluedHashMap;
|
||||||
import org.keycloak.common.util.Time;
|
import org.keycloak.common.util.Time;
|
||||||
import org.keycloak.component.ComponentModel;
|
import org.keycloak.component.ComponentModel;
|
||||||
import org.keycloak.services.managers.UserStorageSyncManager;
|
import org.keycloak.services.managers.UserStorageSyncManager;
|
||||||
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
import org.keycloak.storage.ldap.idm.model.LDAPObject;
|
import org.keycloak.storage.ldap.idm.model.LDAPObject;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
import org.keycloak.models.KeycloakSessionFactory;
|
import org.keycloak.models.KeycloakSessionFactory;
|
||||||
|
@ -44,8 +45,6 @@ import org.keycloak.storage.user.SynchronizationResult;
|
||||||
import org.keycloak.testsuite.rule.KeycloakRule;
|
import org.keycloak.testsuite.rule.KeycloakRule;
|
||||||
import org.keycloak.testsuite.rule.LDAPRule;
|
import org.keycloak.testsuite.rule.LDAPRule;
|
||||||
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||||
*/
|
*/
|
||||||
|
@ -65,7 +64,7 @@ public class LDAPSyncTest {
|
||||||
|
|
||||||
MultivaluedHashMap<String,String> ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule);
|
MultivaluedHashMap<String,String> ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule);
|
||||||
ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "false");
|
ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "false");
|
||||||
ldapConfig.putSingle(LDAPConstants.EDIT_MODE, LDAPStorageProviderFactory.EditMode.WRITABLE.toString());
|
ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString());
|
||||||
UserStorageProviderModel model = new UserStorageProviderModel();
|
UserStorageProviderModel model = new UserStorageProviderModel();
|
||||||
model.setLastSync(0);
|
model.setLastSync(0);
|
||||||
model.setChangedSyncPeriod(-1);
|
model.setChangedSyncPeriod(-1);
|
||||||
|
|
|
@ -20,7 +20,7 @@ package org.keycloak.testsuite.federation.storage.ldap;
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.keycloak.common.constants.KerberosConstants;
|
import org.keycloak.common.constants.KerberosConstants;
|
||||||
import org.keycloak.models.LDAPConstants;
|
import org.keycloak.models.LDAPConstants;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
|
@ -79,7 +79,7 @@ public class LDAPTestConfiguration {
|
||||||
DEFAULT_VALUES.put(LDAPConstants.BATCH_SIZE_FOR_SYNC, String.valueOf(LDAPConstants.DEFAULT_BATCH_SIZE_FOR_SYNC));
|
DEFAULT_VALUES.put(LDAPConstants.BATCH_SIZE_FOR_SYNC, String.valueOf(LDAPConstants.DEFAULT_BATCH_SIZE_FOR_SYNC));
|
||||||
DEFAULT_VALUES.put(LDAPConstants.USERNAME_LDAP_ATTRIBUTE, null);
|
DEFAULT_VALUES.put(LDAPConstants.USERNAME_LDAP_ATTRIBUTE, null);
|
||||||
DEFAULT_VALUES.put(LDAPConstants.USER_OBJECT_CLASSES, null);
|
DEFAULT_VALUES.put(LDAPConstants.USER_OBJECT_CLASSES, null);
|
||||||
DEFAULT_VALUES.put(LDAPConstants.EDIT_MODE, LDAPStorageProviderFactory.EditMode.READ_ONLY.toString());
|
DEFAULT_VALUES.put(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.READ_ONLY.toString());
|
||||||
|
|
||||||
DEFAULT_VALUES.put(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION, "false");
|
DEFAULT_VALUES.put(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION, "false");
|
||||||
DEFAULT_VALUES.put(KerberosConstants.KERBEROS_REALM, "KEYCLOAK.ORG");
|
DEFAULT_VALUES.put(KerberosConstants.KERBEROS_REALM, "KEYCLOAK.ORG");
|
||||||
|
|
|
@ -31,7 +31,6 @@ import org.keycloak.models.utils.UserModelDelegate;
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||||
import org.keycloak.storage.UserStorageProvider;
|
import org.keycloak.storage.UserStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
import org.keycloak.storage.ldap.LDAPStorageProvider;
|
||||||
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
|
||||||
import org.keycloak.storage.ldap.LDAPUtils;
|
import org.keycloak.storage.ldap.LDAPUtils;
|
||||||
import org.keycloak.storage.ldap.idm.model.LDAPObject;
|
import org.keycloak.storage.ldap.idm.model.LDAPObject;
|
||||||
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
|
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
|
||||||
|
@ -62,11 +61,11 @@ import java.util.Set;
|
||||||
public class LDAPTestUtils {
|
public class LDAPTestUtils {
|
||||||
public static MultivaluedHashMap<String, String> getLdapRuleConfig(LDAPRule ldapRule) {
|
public static MultivaluedHashMap<String, String> getLdapRuleConfig(LDAPRule ldapRule) {
|
||||||
Map<String,String> ldapConfig = ldapRule.getConfig();
|
Map<String,String> ldapConfig = ldapRule.getConfig();
|
||||||
return toLdapConfig(ldapConfig);
|
return toComponentConfig(ldapConfig);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static MultivaluedHashMap<String, String> toLdapConfig(Map<String, String> ldapConfig) {
|
public static MultivaluedHashMap<String, String> toComponentConfig(Map<String, String> ldapConfig) {
|
||||||
MultivaluedHashMap<String, String> config = new MultivaluedHashMap<>();
|
MultivaluedHashMap<String, String> config = new MultivaluedHashMap<>();
|
||||||
for (Map.Entry<String, String> entry : ldapConfig.entrySet()) {
|
for (Map.Entry<String, String> entry : ldapConfig.entrySet()) {
|
||||||
config.add(entry.getKey(), entry.getValue());
|
config.add(entry.getKey(), entry.getValue());
|
||||||
|
|
Loading…
Reference in a new issue