Merge pull request #1044 from mposolda/master
Fix kerberos test failing in some environments
This commit is contained in:
Marek Posolda
commit
29030a6d39
4 changed files with 30 additions and 12 deletions
|
|
@ -1,5 +1,8 @@
|
|||
package org.keycloak.testutils.ldap;
|
||||
|
||||
import java.net.InetAddress;
|
||||
import java.net.UnknownHostException;
|
||||
|
||||
/**
|
||||
* Factory for ApacheDS based LDAP and Kerberos servers
|
||||
*
|
||||
|
|
@ -21,6 +24,7 @@ public class EmbeddedServersFactory {
|
|||
private String baseDN;
|
||||
private String bindHost;
|
||||
private int bindPort;
|
||||
private String ldapSaslPrincipal;
|
||||
private String ldifFile;
|
||||
private String kerberosRealm;
|
||||
private int kdcPort;
|
||||
|
|
@ -39,6 +43,7 @@ public class EmbeddedServersFactory {
|
|||
this.bindHost = System.getProperty("ldap.host");
|
||||
String bindPort = System.getProperty("ldap.port");
|
||||
this.ldifFile = System.getProperty("ldap.ldif");
|
||||
this.ldapSaslPrincipal = System.getProperty("ldap.saslPrincipal");
|
||||
|
||||
this.kerberosRealm = System.getProperty("kerberos.realm");
|
||||
String kdcPort = System.getProperty("kerberos.port");
|
||||
|
|
@ -62,6 +67,16 @@ public class EmbeddedServersFactory {
|
|||
if (kdcEncryptionTypes == null || kdcEncryptionTypes.isEmpty()) {
|
||||
kdcEncryptionTypes = DEFAULT_KDC_ENCRYPTION_TYPES;
|
||||
}
|
||||
|
||||
if (ldapSaslPrincipal == null || ldapSaslPrincipal.isEmpty()) {
|
||||
try {
|
||||
// Same algorithm like sun.security.krb5.PrincipalName constructor
|
||||
String canonicalHost = (InetAddress.getByName(bindHost)).getCanonicalHostName();
|
||||
this.ldapSaslPrincipal = "ldap/" + canonicalHost + "@" + kerberosRealm;
|
||||
} catch (UnknownHostException uhe) {
|
||||
throw new RuntimeException(uhe);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -72,7 +87,7 @@ public class EmbeddedServersFactory {
|
|||
ldifFile = DEFAULT_LDIF_FILE;
|
||||
}
|
||||
|
||||
return new LDAPEmbeddedServer(baseDN, bindHost, bindPort, ldifFile);
|
||||
return new LDAPEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, ldapSaslPrincipal);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -83,6 +98,6 @@ public class EmbeddedServersFactory {
|
|||
ldifFile = DEFAULT_KERBEROS_LDIF_FILE;
|
||||
}
|
||||
|
||||
return new KerberosEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, kerberosRealm, kdcPort, kdcEncryptionTypes);
|
||||
return new KerberosEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, ldapSaslPrincipal, kerberosRealm, kdcPort, kdcEncryptionTypes);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package org.keycloak.testutils.ldap;
|
|||
|
||||
import java.io.IOException;
|
||||
import java.lang.reflect.Field;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
|
|
@ -48,8 +49,8 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
|
|||
}
|
||||
|
||||
|
||||
protected KerberosEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile, String kerberosRealm, int kdcPort, String kdcEncryptionTypes) {
|
||||
super(baseDN, bindHost, bindPort, ldifFile);
|
||||
protected KerberosEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile, String ldapSaslPrincipal, String kerberosRealm, int kdcPort, String kdcEncryptionTypes) {
|
||||
super(baseDN, bindHost, bindPort, ldifFile, ldapSaslPrincipal);
|
||||
this.kdcEncryptionTypes = kdcEncryptionTypes;
|
||||
this.kerberosRealm = kerberosRealm;
|
||||
this.kdcPort = kdcPort;
|
||||
|
|
@ -79,7 +80,8 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
|
|||
LdapServer ldapServer = super.createLdapServer();
|
||||
|
||||
ldapServer.setSaslHost( this.bindHost );
|
||||
ldapServer.setSaslPrincipal( "ldap/" + this.bindHost + "@" + this.kerberosRealm);
|
||||
ldapServer.setSaslPrincipal( this.ldapSaslPrincipal);
|
||||
ldapServer.setSaslRealms(new ArrayList<String>());
|
||||
|
||||
ldapServer.addSaslMechanismHandler(SupportedSaslMechanisms.PLAIN, new PlainMechanismHandler());
|
||||
ldapServer.addSaslMechanismHandler(SupportedSaslMechanisms.CRAM_MD5, new CramMd5MechanismHandler());
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@ package org.keycloak.testutils.ldap;
|
|||
|
||||
import java.io.File;
|
||||
import java.io.InputStream;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
|
|
@ -35,6 +34,7 @@ public class LDAPEmbeddedServer {
|
|||
protected final String bindHost;
|
||||
protected final int bindPort;
|
||||
protected final String ldifFile;
|
||||
protected final String ldapSaslPrincipal;
|
||||
|
||||
protected DirectoryService directoryService;
|
||||
protected LdapServer ldapServer;
|
||||
|
|
@ -47,16 +47,19 @@ public class LDAPEmbeddedServer {
|
|||
ldapEmbeddedServer.start();
|
||||
}
|
||||
|
||||
public LDAPEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile) {
|
||||
public LDAPEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile, String ldapSaslPrincipal) {
|
||||
this.baseDN = baseDN;
|
||||
this.bindHost = bindHost;
|
||||
this.bindPort = bindPort;
|
||||
this.ldifFile = ldifFile;
|
||||
this.ldapSaslPrincipal = ldapSaslPrincipal;
|
||||
}
|
||||
|
||||
|
||||
public void init() throws Exception {
|
||||
log.info("Creating LDAP Directory Service. Config: baseDN=" + baseDN + ", bindHost=" + bindHost + ", bindPort=" + bindPort);
|
||||
log.info("Creating LDAP Directory Service. Config: baseDN=" + baseDN + ", bindHost=" + bindHost + ", bindPort=" + bindPort +
|
||||
", ldapSaslPrincipal=" + ldapSaslPrincipal);
|
||||
|
||||
this.directoryService = createDirectoryService();
|
||||
|
||||
log.info("Importing LDIF: " + ldifFile);
|
||||
|
|
@ -133,9 +136,6 @@ public class LDAPEmbeddedServer {
|
|||
// Propagate the anonymous flag to the DS
|
||||
directoryService.setAllowAnonymousAccess(false);
|
||||
|
||||
ldapServer.setSaslHost( this.bindHost );
|
||||
ldapServer.setSaslPrincipal( "ldap/" + this.bindHost + "@KEYCLOAK.ORG");
|
||||
ldapServer.setSaslRealms(new ArrayList<String>());
|
||||
return ldapServer;
|
||||
}
|
||||
|
||||
|
|
@ -143,6 +143,7 @@ public class LDAPEmbeddedServer {
|
|||
private void importLdif() throws Exception {
|
||||
Map<String, String> map = new HashMap<String, String>();
|
||||
map.put("hostname", this.bindHost);
|
||||
map.put("ldapSaslPrincipal", this.ldapSaslPrincipal);
|
||||
|
||||
// For now, assume that LDIF file is on classpath
|
||||
InputStream is = getClass().getClassLoader().getResourceAsStream(ldifFile);
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ cn: LDAP
|
|||
sn: Service
|
||||
uid: ldap
|
||||
userPassword: randall
|
||||
krb5PrincipalName: ldap/${hostname}@KEYCLOAK.ORG
|
||||
krb5PrincipalName: ${ldapSaslPrincipal}
|
||||
krb5KeyVersionNumber: 0
|
||||
|
||||
dn: uid=HTTP,ou=People,dc=keycloak,dc=org
|
||||
|
|
|
|||
Loading…
Reference in a new issue