KEYCLOAK-8372 - User Federation tests - fixing for different vendors (#6909)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperTest.java

@@ -212,6 +212,7 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
             john.leaveGroup(groupTeamChild20182019);
 
             mary.leaveGroup(group1);
+            mary.leaveGroup(group11);
             mary.leaveGroup(group12);
             mary.leaveGroup(groupTeam20162017);
             mary.leaveGroup(groupTeamChild20182019);
@@ -466,16 +467,16 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
             LDAPTestContext ctx = LDAPTestContext.init(session);
             RealmModel appRealm = ctx.getRealm();
 
+            ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
+            LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString());
+            appRealm.updateComponent(mapperModel);
+
             // Ignoring this test on ActiveDirectory as it's not allowed to have LDAP group referencing nonexistent member. KEYCLOAK-2682 was related to OpenLDAP TODO: Better solution than programmatic...
             LDAPConfig config = ctx.getLdapProvider().getLdapIdentityStore().getConfig();
             if (config.isActiveDirectory()) {
                 return;
             }
 
-            ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
-            LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString());
-            appRealm.updateComponent(mapperModel);
-
             String descriptionAttrName = getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
 
             // 1 - Add some group to LDAP for testing
@@ -705,6 +706,12 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
             LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString());
             appRealm.updateComponent(mapperModel);
 
+            // Ignoring this test on ActiveDirectory and rhds as it's currently impossible to import more than 60 users without timeout
+            LDAPConfig ldapConfig = ctx.getLdapProvider().getLdapIdentityStore().getConfig();
+            if (ldapConfig.isActiveDirectory() || LDAPConstants.VENDOR_RHDS.equals(ldapConfig.getVendor())) {
+                return;
+            }
+
             // create big grups that use ranged search
             String descriptionAttrName = getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
             LDAPObject bigGroup = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "biggroup", descriptionAttrName, "biggroup - description");
@@ -751,6 +758,12 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
             RealmModel appRealm = ctx.getRealm();
             ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper");
 
+            // Ignoring this test on ActiveDirectory (same for rhds) as it's not allowed to have LDAP group referencing nonexistent member. KEYCLOAK-2682 was related to OpenLDAP TODO: Better solution than programmatic...
+            LDAPConfig ldapConfig = ctx.getLdapProvider().getLdapIdentityStore().getConfig();
+            if (ldapConfig.isActiveDirectory() || LDAPConstants.VENDOR_RHDS.equals(ldapConfig.getVendor())) {
+                return;
+            }
+
             // create a group with an existing user alone
             String descriptionAttrName = getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
             LDAPObject deleteGroup = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "deletegroup", descriptionAttrName, "deletegroup - description");

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMSADFullNameTest.java

@@ -38,6 +38,8 @@ import org.keycloak.testsuite.util.LDAPRule;
 import org.keycloak.testsuite.util.LDAPTestConfiguration;
 import org.keycloak.testsuite.util.LDAPTestUtils;
 
+import java.util.concurrent.TimeUnit;
+
 /**
  * Test for the MSAD setup with usernameAttribute=sAMAccountName, rdnAttribute=cn and fullNameMapper mapped to cn
  *
@@ -221,6 +223,8 @@ public class LDAPMSADFullNameTest extends AbstractLDAPTest {
 
     @Test
     public void test06_conflicts() {
+        // register user with the same cn requires more time to load the page with the real ldap
+        driver.manage().timeouts().pageLoadTimeout(100, TimeUnit.SECONDS);
         testingClient.server().run(session -> {
             LDAPTestContext ctx = LDAPTestContext.init(session);
             RealmModel appRealm = ctx.getRealm();

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java

@@ -361,7 +361,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
     // KEYCLOAK-12340
     @Test
     public void ldapPasswordChangeWithAdminEndpointAndRequiredAction() throws Exception {
-        String username = "adminEndpointAndRequiredActionTest";
+        String username = "adminEndpointReqAct";
         String email = username + "@email.cz";
 
         // Register new LDAP user with password, logout user

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPRoleMappingsTest.java

@@ -400,8 +400,11 @@ public class LDAPRoleMappingsTest extends AbstractLDAPTest {
             RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm);
 
             LDAPObject johnLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "johnrolemapper");
-            roleMapper.addRoleMappingInLDAP("realmRole1", johnLdap);
+            //not sure why it is here for second time, but it is failing for Active directory - mapping already exists
-            roleMapper.addRoleMappingInLDAP("realmRole2", johnLdap);
+            if (!ctx.getLdapProvider().getLdapIdentityStore().getConfig().isActiveDirectory()){
+                roleMapper.addRoleMappingInLDAP("realmRole1", johnLdap);
+                roleMapper.addRoleMappingInLDAP("realmRole2", johnLdap);
+            }
 
             UserStorageSyncManager usersSyncManager = new UserStorageSyncManager();
             SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(session.getKeycloakSessionFactory(),

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSyncTest.java

@@ -72,7 +72,11 @@ public class LDAPSyncTest extends AbstractLDAPTest {
         testingClient.server().run(session -> {
             LDAPTestContext ctx = LDAPTestContext.init(session);
             RealmModel appRealm = ctx.getRealm();
-
+            String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
+            // Add group mapper
+            LDAPTestUtils.addOrUpdateGroupMapper(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY, descriptionAttrName);
+            // Remove all LDAP groups
+            LDAPTestUtils.removeAllLDAPGroups(session, appRealm, ctx.getLdapModel(), "groupsMapper");
             ComponentModel ldapModel = LDAPTestUtils.getLdapProviderModel(session, appRealm);
             ldapModel.put(LDAPConstants.SYNC_REGISTRATIONS, "false");
             appRealm.updateComponent(ldapModel);