libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Merge pull request #2721 from mposolda/master

Browse source 
KEYCLOAK-2878 UserFederation admin tests
This commit is contained in:
Marek Posolda 2016-04-22 15:00:44 +02:00
commit 236fcd66d4
10 changed files with 684 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
integration/admin-client/src/main/java/org/keycloak/admin/client/resource/UserFederationProviderResource.java
View file

@ -64,6 +64,7 @@ public interface UserFederationProviderResource {
@GET
@Path("mapper-types")
@Produces(MediaType.APPLICATION_JSON)
Map<String, UserFederationMapperTypeRepresentation> getMapperTypes();

1
services/src/main/java/org/keycloak/services/resources/admin/UserFederationProviderResource.java
View file

@ -185,6 +185,7 @@ public class UserFederationProviderResource {
*/
@GET
@Path("mapper-types")
@Produces(MediaType.APPLICATION_JSON)
@NoCache
public Map<String, UserFederationMapperTypeRepresentation> getMapperTypes() {
auth.requireView();

140
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/federation/DummyUserFederationMapper.java Normal file
View file

@ -0,0 +1,140 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.federation;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.keycloak.Config;
import org.keycloak.mappers.FederationConfigValidationException;
import org.keycloak.mappers.UserFederationMapper;
import org.keycloak.mappers.UserFederationMapperFactory;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserFederationMapperModel;
import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserFederationSyncResult;
import org.keycloak.models.UserModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.idm.UserFederationMapperSyncConfigRepresentation;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class DummyUserFederationMapper implements UserFederationMapperFactory, UserFederationMapper {
public static final String PROVIDER_NAME = "dummy-mapper";
@Override
public String getFederationProviderType() {
return DummyUserFederationProviderFactory.PROVIDER_NAME;
}
@Override
public String getDisplayCategory() {
return "Dummy";
}
@Override
public String getDisplayType() {
return "Dummy";
}
@Override
public UserFederationMapperSyncConfigRepresentation getSyncConfig() {
return new UserFederationMapperSyncConfigRepresentation(true, "dummyFedToKeycloak", true, "dummyKeycloakToFed");
}
@Override
public void validateConfig(RealmModel realm, UserFederationProviderModel fedProviderModel, UserFederationMapperModel mapperModel) throws FederationConfigValidationException {
}
@Override
public Map<String, String> getDefaultConfig(UserFederationProviderModel providerModel) {
return Collections.emptyMap();
}
@Override
public String getHelpText() {
return "Dummy";
}
@Override
public List<ProviderConfigProperty> getConfigProperties() {
return Collections.emptyList();
}
@Override
public UserFederationMapper create(KeycloakSession session) {
return this;
}
@Override
public void init(Config.Scope config) {
}
@Override
public void postInit(KeycloakSessionFactory factory) {
}
@Override
public void close() {
}
@Override
public String getId() {
return PROVIDER_NAME;
}
@Override
public UserFederationSyncResult syncDataFromFederationProviderToKeycloak(final UserFederationMapperModel mapperModel, UserFederationProvider federationProvider, KeycloakSession session, RealmModel realm) {
return new UserFederationSyncResult() {
@Override
public String getStatus() {
return "dummyFedToKeycloakSuccess mapper=" + mapperModel.getName();
}
};
}
@Override
public UserFederationSyncResult syncDataFromKeycloakToFederationProvider(final UserFederationMapperModel mapperModel, UserFederationProvider federationProvider, KeycloakSession session, RealmModel realm) {
return new UserFederationSyncResult() {
@Override
public String getStatus() {
return "dummyKeycloakToFedSuccess mapper=" + mapperModel.getName();
}
};
}
@Override
public List<UserModel> getGroupMembers(UserFederationMapperModel mapperModel, UserFederationProvider federationProvider, RealmModel realm, GroupModel group, int firstResult, int maxResults) {
return Collections.emptyList();
}
}

52
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/META-INF/services/org.keycloak.mappers.UserFederationMapperFactory Normal file
View file

@ -0,0 +1,52 @@
#
# Copyright 2016 Red Hat, Inc. and/or its affiliates
# and other contributors as indicated by the @author tags.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# Copyright 2016 Red Hat, Inc. and/or its affiliates
# and other contributors as indicated by the @author tags.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# Copyright 2016 Red Hat, Inc. and/or its affiliates
# and other contributors as indicated by the @author tags.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
org.keycloak.testsuite.federation.DummyUserFederationMapper

80
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/LDAPRule.java Normal file
View file

@ -0,0 +1,80 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.util;
import java.util.Map;
import java.util.Properties;
import org.junit.rules.ExternalResource;
import org.keycloak.util.ldap.LDAPEmbeddedServer;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class LDAPRule extends ExternalResource {
public static final String LDAP_CONNECTION_PROPERTIES_LOCATION = "classpath:ldap/ldap-connection.properties";
protected LDAPTestConfiguration ldapTestConfiguration;
protected LDAPEmbeddedServer ldapEmbeddedServer;
@Override
protected void before() throws Throwable {
String connectionPropsLocation = getConnectionPropertiesLocation();
ldapTestConfiguration = LDAPTestConfiguration.readConfiguration(connectionPropsLocation);
if (ldapTestConfiguration.isStartEmbeddedLdapServer()) {
ldapEmbeddedServer = createServer();
ldapEmbeddedServer.init();
ldapEmbeddedServer.start();
}
}
@Override
protected void after() {
try {
if (ldapEmbeddedServer != null) {
ldapEmbeddedServer.stop();
ldapEmbeddedServer = null;
ldapTestConfiguration = null;
}
} catch (Exception e) {
throw new RuntimeException("Error tearDown Embedded LDAP server.", e);
}
}
protected String getConnectionPropertiesLocation() {
return LDAP_CONNECTION_PROPERTIES_LOCATION;
}
protected LDAPEmbeddedServer createServer() {
Properties defaultProperties = new Properties();
defaultProperties.setProperty(LDAPEmbeddedServer.PROPERTY_DSF, LDAPEmbeddedServer.DSF_INMEMORY);
defaultProperties.setProperty(LDAPEmbeddedServer.PROPERTY_LDIF_FILE, "classpath:ldap/users.ldif");
return new LDAPEmbeddedServer(defaultProperties);
}
public Map<String, String> getConfig() {
return ldapTestConfiguration.getLDAPConfig();
}
public int getSleepTime() {
return ldapTestConfiguration.getSleepTime();
}
}

35
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/LDAPTestConfiguration.java
View file

@ -20,13 +20,19 @@ package org.keycloak.testsuite.util;
import static org.keycloak.testsuite.util.IOUtil.PROJECT_BUILD_DIRECTORY;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.configuration.PropertiesConfiguration;
import org.jboss.logging.Logger;
import org.keycloak.common.constants.GenericConstants;
import org.keycloak.common.constants.KerberosConstants;
import org.keycloak.common.util.FindFile;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.UserFederationProvider;
@ -37,7 +43,6 @@ public class LDAPTestConfiguration {
private static final Logger log = Logger.getLogger(LDAPTestConfiguration.class);
private String connectionPropertiesLocation;
private int sleepTime;
private boolean startEmbeddedLdapServer = true;
private Map<String, String> config;
@ -95,8 +100,7 @@ public class LDAPTestConfiguration {
public static LDAPTestConfiguration readConfiguration(String connectionPropertiesLocation) {
LDAPTestConfiguration ldapTestConfiguration = new LDAPTestConfiguration();
ldapTestConfiguration.setConnectionPropertiesLocation(getResource(connectionPropertiesLocation));
ldapTestConfiguration.loadConnectionProperties();
ldapTestConfiguration.loadConnectionProperties(connectionPropertiesLocation);
return ldapTestConfiguration;
}
@ -104,13 +108,28 @@ public class LDAPTestConfiguration {
return new File(PROJECT_BUILD_DIRECTORY, "dependency/kerberos/" + resourceName).getAbsolutePath();
}
protected void loadConnectionProperties() {
protected void loadConnectionProperties(String connectionPropertiesLocation) {
// TODO: Improve and possibly use FindFile
InputStream is;
try {
if (connectionPropertiesLocation.startsWith(GenericConstants.PROTOCOL_CLASSPATH)) {
String classPathLocation = connectionPropertiesLocation.replace(GenericConstants.PROTOCOL_CLASSPATH, "");
log.info("Reading LDAP configuration from classpath from: " + classPathLocation);
is = LDAPTestConfiguration.class.getClassLoader().getResourceAsStream(classPathLocation);
} else {
String file = getResource(connectionPropertiesLocation);
log.info("Reading LDAP configuration from: " + connectionPropertiesLocation);
is = new FileInputStream(file);
}
} catch (IOException ioe) {
throw new RuntimeException(ioe);
}
PropertiesConfiguration p;
try {
log.info("Reading LDAP configuration from: " + connectionPropertiesLocation);
p = new PropertiesConfiguration();
p.setDelimiterParsingDisabled(true);
p.load(connectionPropertiesLocation);
p.load(is);
}
catch (Exception e) {
throw new RuntimeException(e);
@ -139,10 +158,6 @@ public class LDAPTestConfiguration {
return config;
}
public void setConnectionPropertiesLocation(String connectionPropertiesLocation) {
this.connectionPropertiesLocation = connectionPropertiesLocation;
}
public boolean isStartEmbeddedLdapServer() {
return startEmbeddedLdapServer;
}

64
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationLdapConnectionTest.java Normal file
View file

@ -0,0 +1,64 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.admin;
import javax.ws.rs.core.Response;
import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.services.managers.LDAPConnectionTestManager;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.util.LDAPRule;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class UserFederationLdapConnectionTest extends AbstractAdminTest {
@ClassRule
public static LDAPRule ldapRule = new LDAPRule();
@Test
public void testLdapConnections1() {
// Unknown action
Response response = realm.testLDAPConnection("unknown", "ldap://localhost:10389", "foo", "bar", "false");
assertStatus(response, 400);
// Bad host
response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_CONNECTION, "ldap://localhostt:10389", "foo", "bar", "false");
assertStatus(response, 400);
// Connection success
response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_CONNECTION, "ldap://localhost:10389", "foo", "bar", "false");
assertStatus(response, 204);
// Bad authentication
response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldap://localhost:10389", "foo", "bar", "false");
assertStatus(response, 400);
// Authentication success
response = realm.testLDAPConnection(LDAPConnectionTestManager.TEST_AUTHENTICATION, "ldap://localhost:10389", "uid=admin,ou=system", "secret", "false");
assertStatus(response, 204);
}
private void assertStatus(Response response, int status) {
Assert.assertEquals(status, response.getStatus());
response.close();
}
}

292
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationMapperTest.java Normal file
View file

@ -0,0 +1,292 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.admin;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.UserFederationProviderResource;
import org.keycloak.federation.ldap.mappers.UserAttributeLDAPFederationMapper;
import org.keycloak.federation.ldap.mappers.UserAttributeLDAPFederationMapperFactory;
import org.keycloak.federation.ldap.mappers.membership.role.RoleLDAPFederationMapperFactory;
import org.keycloak.federation.ldap.mappers.membership.role.RoleMapperConfig;
import org.keycloak.representations.idm.ConfigPropertyRepresentation;
import org.keycloak.representations.idm.UserFederationMapperRepresentation;
import org.keycloak.representations.idm.UserFederationMapperTypeRepresentation;
import org.keycloak.representations.idm.UserFederationProviderRepresentation;
import org.keycloak.representations.idm.UserFederationSyncResultRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.federation.DummyUserFederationMapper;
import org.keycloak.testsuite.util.UserFederationProviderBuilder;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class UserFederationMapperTest extends AbstractAdminTest {
private String ldapProviderId;
private String dummyProviderId;
@Before
public void initFederationProviders() {
UserFederationProviderRepresentation ldapRep = UserFederationProviderBuilder.create()
.displayName("ldap-1")
.providerName("ldap")
.priority(1)
.build();
Response resp = realm.userFederation().create(ldapRep);
this.ldapProviderId = ApiUtil.getCreatedId(resp);
resp.close();
UserFederationProviderRepresentation dummyRep = UserFederationProviderBuilder.create()
.displayName("dummy-1")
.providerName("dummy")
.priority(2)
.build();
resp = realm.userFederation().create(dummyRep);
this.dummyProviderId = ApiUtil.getCreatedId(resp);
resp.close();
}
@After
public void cleanFederationProviders() {
realm.userFederation().get(ldapProviderId).remove();
realm.userFederation().get(dummyProviderId).remove();
}
@Test
public void testProviderFactories() {
// Test dummy mapper
Map<String, UserFederationMapperTypeRepresentation> mapperTypes = realm.userFederation().get(dummyProviderId).getMapperTypes();
Assert.assertEquals(1, mapperTypes.size());
Assert.assertEquals("Dummy", mapperTypes.get("dummy-mapper").getName());
// Test LDAP mappers
mapperTypes = ldapProviderResource().getMapperTypes();
Assert.assertTrue(mapperTypes.keySet().containsAll(Arrays.asList("user-attribute-ldap-mapper", "full-name-ldap-mapper", "role-ldap-mapper")));
UserFederationMapperTypeRepresentation attrMapper = mapperTypes.get("user-attribute-ldap-mapper");
Assert.assertEquals("User Attribute", attrMapper.getName());
Assert.assertFalse(attrMapper.getSyncConfig().isFedToKeycloakSyncSupported());
Assert.assertFalse(attrMapper.getSyncConfig().isKeycloakToFedSyncSupported());
Set<String> propNames = getConfigPropertyNames(attrMapper);
Assert.assertTrue(propNames.containsAll(Arrays.asList("user.model.attribute", "ldap.attribute", "read.only")));
Assert.assertEquals("false", attrMapper.getDefaultConfig().get("always.read.value.from.ldap"));
UserFederationMapperTypeRepresentation roleMapper = mapperTypes.get("role-ldap-mapper");
Assert.assertEquals("Role mappings", roleMapper.getName());
Assert.assertTrue(roleMapper.getSyncConfig().isFedToKeycloakSyncSupported());
Assert.assertTrue(roleMapper.getSyncConfig().isKeycloakToFedSyncSupported());
Assert.assertEquals("sync-ldap-roles-to-keycloak", roleMapper.getSyncConfig().getFedToKeycloakSyncMessage());
Assert.assertEquals("sync-keycloak-roles-to-ldap", roleMapper.getSyncConfig().getKeycloakToFedSyncMessage());
propNames = getConfigPropertyNames(roleMapper);
Assert.assertTrue(propNames.containsAll(Arrays.asList("roles.dn", "role.name.ldap.attribute", "role.object.classes")));
Assert.assertEquals("cn", roleMapper.getDefaultConfig().get("role.name.ldap.attribute"));
}
private Set<String> getConfigPropertyNames(UserFederationMapperTypeRepresentation mapper) {
List<ConfigPropertyRepresentation> cfg = mapper.getProperties();
Set<String> result = new HashSet<>();
for (ConfigPropertyRepresentation rep : cfg) {
result.add(rep.getName());
}
return result;
}
@Test
public void testUserAttributeMapperCRUD() {
// Test create fails with invalid config
UserFederationMapperRepresentation attrMapper = createMapperRep("email-mapper", UserAttributeLDAPFederationMapperFactory.PROVIDER_ID);
Response response = ldapProviderResource().addMapper(attrMapper);
Assert.assertEquals(400, response.getStatus());
response.close();
attrMapper.getConfig().put(UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "email");
response = ldapProviderResource().addMapper(attrMapper);
Assert.assertEquals(400, response.getStatus());
response.close();
// Test create success when all mandatory attributes available
attrMapper.getConfig().put(UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, "mail");
String mapperId = createMapper(attrMapper);
// Test get
UserFederationMapperRepresentation mapperRep = ldapProviderResource().getMapperById(mapperId);
assertMapper(mapperRep, mapperId, "email-mapper", UserAttributeLDAPFederationMapperFactory.PROVIDER_ID, UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "email", UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, "mail");
// Test update fails with invalid config
mapperRep.getConfig().put(UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, "mail-updated");
mapperRep.getConfig().remove(UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE);
try {
ldapProviderResource().updateMapper(mapperId, mapperRep);
Assert.fail("Not expected update to success");
} catch (BadRequestException bre) {
// Expected
}
// Test not updated
mapperRep = ldapProviderResource().getMapperById(mapperId);
assertMapper(mapperRep, mapperId, "email-mapper", UserAttributeLDAPFederationMapperFactory.PROVIDER_ID, UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "email", UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, "mail");
// Test update success
mapperRep.getConfig().put(UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "email-updated");
mapperRep.getConfig().put(UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, "mail-updated");
ldapProviderResource().updateMapper(mapperId, mapperRep);
mapperRep = ldapProviderResource().getMapperById(mapperId);
assertMapper(mapperRep, mapperId, "email-mapper", UserAttributeLDAPFederationMapperFactory.PROVIDER_ID, UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "email-updated", UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, "mail-updated");
// Test removed successfully
ldapProviderResource().removeMapper(mapperId);
try {
ldapProviderResource().getMapperById(mapperId);
Assert.fail("Not expected find to success as mapper was removed");
} catch (NotFoundException nfe) {
// Expected
}
}
private String createMapper(UserFederationMapperRepresentation mapper) {
Response response = ldapProviderResource().addMapper(mapper);
Assert.assertEquals(201, response.getStatus());
response.close();
return ApiUtil.getCreatedId(response);
}
@Test
public void testRoleMapper() {
// Create role mapper will fail
UserFederationMapperRepresentation roleMapper = createMapperRep("role-mapper", RoleLDAPFederationMapperFactory.PROVIDER_ID,
RoleMapperConfig.ROLES_DN, "ou=roles,dc=keycloak,dc=org",
RoleMapperConfig.MODE, "READ_ONLY");
Response response = ldapProviderResource().addMapper(roleMapper);
Assert.assertEquals(400, response.getStatus());
response.close();
// Fix config and create successfully
roleMapper.getConfig().put(RoleMapperConfig.USE_REALM_ROLES_MAPPING, "true");
String roleMapperId = createMapper(roleMapper);
// Assert builtin mappers
List<UserFederationMapperRepresentation> mappers = ldapProviderResource().getMappers();
Assert.assertNotNull(findMapperByName(mappers, "email"));
Assert.assertNotNull(findMapperByName(mappers, "first name"));
Assert.assertNull(findMapperByName(mappers, "non-existent"));
roleMapper = findMapperByName(mappers, "role-mapper");
assertMapper(roleMapper, roleMapperId, "role-mapper", RoleLDAPFederationMapperFactory.PROVIDER_ID,
RoleMapperConfig.ROLES_DN, "ou=roles,dc=keycloak,dc=org",
RoleMapperConfig.MODE, "READ_ONLY",
RoleMapperConfig.USE_REALM_ROLES_MAPPING, "true");
// Remove role mapper and assert not found anymore
ldapProviderResource().removeMapper(roleMapperId);
mappers = ldapProviderResource().getMappers();
Assert.assertNull(findMapperByName(mappers, "role-mapper"));
}
@Test
public void testSyncMapper() {
// Create dummy mapper
UserFederationMapperRepresentation dummyMapperRep = new UserFederationMapperRepresentation();
dummyMapperRep.setName("some-dummy");
dummyMapperRep.setFederationMapperType(DummyUserFederationMapper.PROVIDER_NAME);
dummyMapperRep.setFederationProviderDisplayName("dummy-1");
String mapperId = createMapper(dummyMapperRep);
// Try to sync with unknown action - fail
try {
realm.userFederation().get(dummyProviderId).syncMapperData(mapperId, "unknown");
Assert.fail("Not expected to pass");
} catch (NotFoundException nfe) {
// Expected
}
// Try fed To Keycloak sync
UserFederationSyncResultRepresentation result = realm.userFederation().get(dummyProviderId).syncMapperData(mapperId, "fedToKeycloak");
Assert.assertEquals("dummyFedToKeycloakSuccess mapper=some-dummy", result.getStatus());
// Try keycloak to fed
result = realm.userFederation().get(dummyProviderId).syncMapperData(mapperId, "keycloakToFed");
Assert.assertEquals("dummyKeycloakToFedSuccess mapper=some-dummy", result.getStatus());
}
private UserFederationProviderResource ldapProviderResource() {
return realm.userFederation().get(ldapProviderId);
}
private UserFederationMapperRepresentation createMapperRep(String name, String type, String... config) {
UserFederationMapperRepresentation rep = new UserFederationMapperRepresentation();
rep.setName(name);
rep.setFederationMapperType(type);
rep.setFederationProviderDisplayName("ldap-1");
Map<String, String> cfg = new HashMap<>();
for (int i=0 ; i<config.length ; i+=2) {
cfg.put(config[i], config[i+1]);
}
rep.setConfig(cfg);
return rep;
}
private void assertMapper(UserFederationMapperRepresentation rep, String id, String name, String federationMapperType, String... config) {
Assert.assertEquals(id, rep.getId());
Assert.assertEquals(name, rep.getName());
Assert.assertEquals("ldap-1", rep.getFederationProviderDisplayName());
Assert.assertEquals(federationMapperType, rep.getFederationMapperType());
if (config == null) {
config = new String[] {};
}
Assert.assertEquals(rep.getConfig().size() * 2, config.length);
for (int i=0 ; i<config.length ; i+=2) {
String key = config[i];
String value = config[i+1];
Assert.assertEquals(value, rep.getConfig().get(key));
}
}
private UserFederationMapperRepresentation findMapperByName(List<UserFederationMapperRepresentation> mappers, String name) {
for (UserFederationMapperRepresentation rep : mappers) {
if (rep.getName().equals(name)) {
return rep;
}
}
return null;
}
}

7
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationTest.java
View file

@ -22,7 +22,6 @@ import java.util.List;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.GenericType;
import javax.ws.rs.core.Response;
import org.junit.Test;
@ -73,7 +72,7 @@ public class UserFederationTest extends AbstractAdminTest {
userFederation().getProviderFactory("not-existent");
Assert.fail("Not expected to find not-existent provider");
} catch (NotFoundException nfe) {
nfe.getResponse().close();
// Expected
}
}
@ -205,7 +204,7 @@ public class UserFederationTest extends AbstractAdminTest {
userFederation().get(id).update(ldapRep);
Assert.fail("Not expected to successfull update");
} catch (BadRequestException bre) {
bre.getResponse().close();
// Expected
}
// Assert nothing was updated
@ -291,7 +290,7 @@ public class UserFederationTest extends AbstractAdminTest {
userFederation().get(id1).syncUsers("unknown");
Assert.fail("Not expected to sync with unknown action");
} catch (NotFoundException nfe) {
nfe.getResponse().close();
// Expected
}
// Assert sync didn't happen

26
testsuite/integration-arquillian/tests/base/src/test/resources/ldap/ldap-connection.properties Normal file
View file

@ -0,0 +1,26 @@
#
# Copyright 2016 Red Hat, Inc. and/or its affiliates
# and other contributors as indicated by the @author tags.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
idm.test.ldap.connection.url=ldap\://localhost\:10389
idm.test.ldap.base.dn=dc\=keycloak,dc\=org
idm.test.ldap.user.dn.suffix=ou\=People,dc\=keycloak,dc\=org
idm.test.ldap.start.embedded.ldap.server=true
idm.test.ldap.bind.dn=uid\=admin,ou\=system
idm.test.ldap.bind.credential=secret
idm.test.ldap.connection.pooling=true
idm.test.ldap.pagination=true
idm.test.ldap.batch.size.for.sync=3