Merge pull request #308 from mposolda/ldap
Fix LDAP tests and teststuite on windows. Set initial password directly ...
This commit is contained in:
commit
60ba41e82f
6 changed files with 59 additions and 24 deletions
|
@ -0,0 +1,33 @@
|
|||
package org.keycloak.model.test;
|
||||
|
||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.spi.authentication.picketlink.PicketlinkAuthenticationProvider;
|
||||
import org.keycloak.util.KeycloakRegistry;
|
||||
import org.picketlink.idm.IdentityManager;
|
||||
import org.picketlink.idm.credential.Password;
|
||||
import org.picketlink.idm.model.basic.BasicModel;
|
||||
import org.picketlink.idm.model.basic.User;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
*/
|
||||
public class LdapTestUtils {
|
||||
|
||||
public static void setLdapPassword(RealmModel realm, String username, String password) {
|
||||
// TODO: Workaround... should be improved once we have KeycloakSession with available application-scoped components
|
||||
KeycloakRegistry registry = ResteasyProviderFactory.getContextData(KeycloakRegistry.class);
|
||||
if (registry == null) {
|
||||
ResteasyProviderFactory.pushContext(KeycloakRegistry.class, new KeycloakRegistry());
|
||||
}
|
||||
|
||||
// Update password directly in ldap. It's workaround, but LDIF import doesn't seem to work on windows for ApacheDS
|
||||
try {
|
||||
IdentityManager identityManager = new PicketlinkAuthenticationProvider().getIdentityManager(realm);
|
||||
User user = BasicModel.getUser(identityManager, username);
|
||||
identityManager.updateCredential(user, new Password(password.toCharArray()));
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -71,17 +71,20 @@ public class AuthProvidersLDAPTest extends AbstractModelTest {
|
|||
public void testLdapAuthentication() {
|
||||
MultivaluedMap<String, String> formData = AuthProvidersExternalModelTest.createFormData("john", "password");
|
||||
|
||||
// Verify that user doesn't exists in realm2 and can't authenticate here
|
||||
Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, am.authenticateForm(realm, formData));
|
||||
Assert.assertNull(realm.getUser("john"));
|
||||
|
||||
// Add ldap authenticationProvider
|
||||
setupAuthenticationProviders();
|
||||
|
||||
try {
|
||||
// this is needed for Picketlink model provider
|
||||
ResteasyProviderFactory.pushContext(KeycloakRegistry.class, new KeycloakRegistry());
|
||||
|
||||
// Set password of user in LDAP
|
||||
LdapTestUtils.setLdapPassword(realm, "john", "password");
|
||||
|
||||
// Verify that user doesn't exists in realm2 and can't authenticate here
|
||||
Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, am.authenticateForm(realm, formData));
|
||||
Assert.assertNull(realm.getUser("john"));
|
||||
|
||||
// Add ldap authenticationProvider
|
||||
setupAuthenticationProviders();
|
||||
|
||||
// Authenticate john and verify that now he exists in realm
|
||||
Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, am.authenticateForm(realm, formData));
|
||||
UserModel john = realm.getUser("john");
|
||||
|
|
|
@ -9,16 +9,6 @@ objectclass: top
|
|||
objectclass: organizationalUnit
|
||||
ou: People
|
||||
|
||||
dn: ou=Roles,dc=keycloak,dc=org
|
||||
objectclass: top
|
||||
objectclass: organizationalUnit
|
||||
ou: Roles
|
||||
|
||||
dn: ou=Groups,dc=keycloak,dc=org
|
||||
objectclass: top
|
||||
objectclass: organizationalUnit
|
||||
ou: Groups
|
||||
|
||||
dn: uid=john,ou=People,dc=keycloak,dc=org
|
||||
objectclass: top
|
||||
objectclass: uidObject
|
||||
|
@ -28,4 +18,13 @@ uid: john
|
|||
cn: John
|
||||
sn: Doe
|
||||
mail: john@email.org
|
||||
userPassword: password
|
||||
|
||||
dn: ou=Roles,dc=keycloak,dc=org
|
||||
objectclass: top
|
||||
objectclass: organizationalUnit
|
||||
ou: Roles
|
||||
|
||||
dn: ou=Groups,dc=keycloak,dc=org
|
||||
objectclass: top
|
||||
objectclass: organizationalUnit
|
||||
ou: Groups
|
|
@ -48,7 +48,6 @@ public class PicketlinkAuthenticationProvider implements AuthenticationProvider
|
|||
credential.setUsername(username);
|
||||
credential.setPassword(new Password(password.toCharArray()));
|
||||
identityManager.validateCredentials(credential);
|
||||
|
||||
if (credential.getStatus() == Credentials.Status.VALID) {
|
||||
AuthResult result = new AuthResult(AuthProviderStatus.SUCCESS);
|
||||
|
||||
|
@ -76,7 +75,7 @@ public class PicketlinkAuthenticationProvider implements AuthenticationProvider
|
|||
return true;
|
||||
}
|
||||
|
||||
protected IdentityManager getIdentityManager(RealmModel realm) throws AuthenticationProviderException {
|
||||
public IdentityManager getIdentityManager(RealmModel realm) throws AuthenticationProviderException {
|
||||
IdentityManager identityManager = ResteasyProviderFactory.getContextData(IdentityManager.class);
|
||||
if (identityManager == null) {
|
||||
Iterable<PartitionManagerProvider> providers = ProviderLoader.load(PartitionManagerProvider.class);
|
||||
|
|
|
@ -14,6 +14,7 @@ import org.junit.rules.RuleChain;
|
|||
import org.junit.rules.TestRule;
|
||||
import org.junit.runners.MethodSorters;
|
||||
import org.keycloak.OAuth2Constants;
|
||||
import org.keycloak.model.test.LdapTestUtils;
|
||||
import org.keycloak.models.AuthenticationProviderModel;
|
||||
import org.keycloak.models.PasswordPolicy;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
@ -51,15 +52,16 @@ public class AuthProvidersIntegrationTest {
|
|||
AuthenticationProviderModel modelProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_MODEL, false, Collections.EMPTY_MAP);
|
||||
AuthenticationProviderModel picketlinkProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_PICKETLINK, true, Collections.EMPTY_MAP);
|
||||
|
||||
// Configure LDAP
|
||||
ldapRule.getEmbeddedServer().setupLdapInRealm(appRealm);
|
||||
|
||||
// Delegate authentication to admin realm
|
||||
Map<String,String> config = new HashMap<String,String>();
|
||||
config.put(AuthProviderConstants.EXTERNAL_REALM_ID, adminstrationRealm.getId());
|
||||
AuthenticationProviderModel externalModelProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL, true, config);
|
||||
|
||||
appRealm.setAuthenticationProviders(Arrays.asList(modelProvider, picketlinkProvider, externalModelProvider));
|
||||
|
||||
// Configure LDAP
|
||||
ldapRule.getEmbeddedServer().setupLdapInRealm(appRealm);
|
||||
LdapTestUtils.setLdapPassword(appRealm, "john", "password");
|
||||
}
|
||||
});
|
||||
|
||||
|
|
|
@ -28,4 +28,3 @@ uid: john
|
|||
cn: John
|
||||
sn: Doe
|
||||
mail: john@email.org
|
||||
userPassword: password
|
Loading…
Reference in a new issue