Merge pull request #308 from mposolda/ldap

Fix LDAP tests and teststuite on windows. Set initial password directly ...

model/tests/src/main/java/org/keycloak/model/test/LdapTestUtils.java

@@ -0,0 +1,33 @@
+package org.keycloak.model.test;
+
+import org.jboss.resteasy.spi.ResteasyProviderFactory;
+import org.keycloak.models.RealmModel;
+import org.keycloak.spi.authentication.picketlink.PicketlinkAuthenticationProvider;
+import org.keycloak.util.KeycloakRegistry;
+import org.picketlink.idm.IdentityManager;
+import org.picketlink.idm.credential.Password;
+import org.picketlink.idm.model.basic.BasicModel;
+import org.picketlink.idm.model.basic.User;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class LdapTestUtils {
+
+    public static void setLdapPassword(RealmModel realm, String username, String password) {
+        // TODO: Workaround... should be improved once we have KeycloakSession with available application-scoped components
+        KeycloakRegistry registry = ResteasyProviderFactory.getContextData(KeycloakRegistry.class);
+        if (registry == null) {
+            ResteasyProviderFactory.pushContext(KeycloakRegistry.class, new KeycloakRegistry());
+        }
+
+        // Update password directly in ldap. It's workaround, but LDIF import doesn't seem to work on windows for ApacheDS
+        try {
+            IdentityManager identityManager = new PicketlinkAuthenticationProvider().getIdentityManager(realm);
+            User user = BasicModel.getUser(identityManager, username);
+            identityManager.updateCredential(user, new Password(password.toCharArray()));
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+}

model/tests/src/test/java/org/keycloak/model/test/AuthProvidersLDAPTest.java

@@ -71,17 +71,20 @@ public class AuthProvidersLDAPTest extends AbstractModelTest {
     public void testLdapAuthentication() {
         MultivaluedMap<String, String> formData = AuthProvidersExternalModelTest.createFormData("john", "password");
 
-        // Verify that user doesn't exists in realm2 and can't authenticate here
-        Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, am.authenticateForm(realm, formData));
-        Assert.assertNull(realm.getUser("john"));
-
-        // Add ldap authenticationProvider
-        setupAuthenticationProviders();
-
         try {
             // this is needed for Picketlink model provider
             ResteasyProviderFactory.pushContext(KeycloakRegistry.class, new KeycloakRegistry());
 
+            // Set password of user in LDAP
+            LdapTestUtils.setLdapPassword(realm, "john", "password");
+
+            // Verify that user doesn't exists in realm2 and can't authenticate here
+            Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, am.authenticateForm(realm, formData));
+            Assert.assertNull(realm.getUser("john"));
+
+            // Add ldap authenticationProvider
+            setupAuthenticationProviders();
+
             // Authenticate john and verify that now he exists in realm
             Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, am.authenticateForm(realm, formData));
             UserModel john = realm.getUser("john");

model/tests/src/test/resources/ldap/users.ldif

@@ -9,16 +9,6 @@ objectclass: top
 objectclass: organizationalUnit
 ou: People
 
-dn: ou=Roles,dc=keycloak,dc=org
-objectclass: top
-objectclass: organizationalUnit
-ou: Roles
-
-dn: ou=Groups,dc=keycloak,dc=org
-objectclass: top
-objectclass: organizationalUnit
-ou: Groups
-
 dn: uid=john,ou=People,dc=keycloak,dc=org
 objectclass: top
 objectclass: uidObject
@@ -28,4 +18,13 @@ uid: john
 cn: John
 sn: Doe
 mail: john@email.org
-userPassword: password
+
+dn: ou=Roles,dc=keycloak,dc=org
+objectclass: top
+objectclass: organizationalUnit
+ou: Roles
+
+dn: ou=Groups,dc=keycloak,dc=org
+objectclass: top
+objectclass: organizationalUnit
+ou: Groups

spi/authentication-picketlink/src/main/java/org/keycloak/spi/authentication/picketlink/PicketlinkAuthenticationProvider.java

@@ -48,7 +48,6 @@ public class PicketlinkAuthenticationProvider implements AuthenticationProvider
         credential.setUsername(username);
         credential.setPassword(new Password(password.toCharArray()));
         identityManager.validateCredentials(credential);
-
         if (credential.getStatus() == Credentials.Status.VALID) {
             AuthResult result = new AuthResult(AuthProviderStatus.SUCCESS);
 
@@ -76,7 +75,7 @@ public class PicketlinkAuthenticationProvider implements AuthenticationProvider
         return true;
     }
 
-    protected IdentityManager getIdentityManager(RealmModel realm) throws AuthenticationProviderException {
+    public IdentityManager getIdentityManager(RealmModel realm) throws AuthenticationProviderException {
         IdentityManager identityManager = ResteasyProviderFactory.getContextData(IdentityManager.class);
         if (identityManager == null) {
             Iterable<PartitionManagerProvider> providers = ProviderLoader.load(PartitionManagerProvider.class);

testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AuthProvidersIntegrationTest.java

@@ -14,6 +14,7 @@ import org.junit.rules.RuleChain;
 import org.junit.rules.TestRule;
 import org.junit.runners.MethodSorters;
 import org.keycloak.OAuth2Constants;
+import org.keycloak.model.test.LdapTestUtils;
 import org.keycloak.models.AuthenticationProviderModel;
 import org.keycloak.models.PasswordPolicy;
 import org.keycloak.models.RealmModel;
@@ -51,15 +52,16 @@ public class AuthProvidersIntegrationTest {
             AuthenticationProviderModel modelProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_MODEL, false, Collections.EMPTY_MAP);
             AuthenticationProviderModel picketlinkProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_PICKETLINK, true, Collections.EMPTY_MAP);
 
-            // Configure LDAP
-            ldapRule.getEmbeddedServer().setupLdapInRealm(appRealm);
-
             // Delegate authentication to admin realm
             Map<String,String> config = new HashMap<String,String>();
             config.put(AuthProviderConstants.EXTERNAL_REALM_ID, adminstrationRealm.getId());
             AuthenticationProviderModel externalModelProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL, true, config);
 
             appRealm.setAuthenticationProviders(Arrays.asList(modelProvider, picketlinkProvider, externalModelProvider));
+
+            // Configure LDAP
+            ldapRule.getEmbeddedServer().setupLdapInRealm(appRealm);
+            LdapTestUtils.setLdapPassword(appRealm, "john", "password");
         }
     });
 

testsuite/integration/src/test/resources/ldap/users.ldif

@@ -28,4 +28,3 @@ uid: john
 cn: John
 sn: Doe
 mail: john@email.org
-userPassword: password