Merge pull request #1814 from pdrozd/federation-tests

Add Federation tests for admin console.
This commit is contained in:
Stian Thorgersen 2015-11-12 13:36:03 +01:00
commit 73197332c4
9 changed files with 552 additions and 85 deletions

View file

@ -15,7 +15,18 @@
<exclude.console>-</exclude.console>
<exclude.account>-</exclude.account>
</properties>
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-util-embedded-ldap</artifactId>
<exclusions>
<exclusion>
<groupId>bouncycastle</groupId>
<artifactId>bcprov-jdk15</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>

View file

@ -57,7 +57,7 @@ public class AdminConsoleRealm extends AdminConsoleRealmsRoot {
private WebElement rolesLink;
@FindBy(partialLinkText = "Identity Providers")
private WebElement identityProvidersLink;
@FindBy(partialLinkText = "User Feferation")
@FindBy(partialLinkText = "User Federation")
private WebElement userFederationLink;
@FindBy(partialLinkText = "Authentication")
private WebElement authenticationLink;

View file

@ -0,0 +1,28 @@
package org.keycloak.testsuite.console.page.federation;
import org.jboss.arquillian.graphene.page.Page;
import org.keycloak.testsuite.console.page.AdminConsoleCreate;
/**
*
* @author pdrozd
*/
public class CreateKerberosUserProvider extends AdminConsoleCreate {
@Page
private KerberosUserProviderForm form;
public CreateKerberosUserProvider() {
setEntity("user-federation");
}
@Override
public String getUriFragment() {
return super.getUriFragment() + "/providers/kerberos";
}
public KerberosUserProviderForm form() {
return form;
}
}

View file

@ -1,5 +1,6 @@
package org.keycloak.testsuite.console.page.federation;
import org.jboss.arquillian.graphene.page.Page;
import org.keycloak.testsuite.console.page.AdminConsoleCreate;
/**
@ -8,6 +9,9 @@ import org.keycloak.testsuite.console.page.AdminConsoleCreate;
*/
public class CreateLdapUserProvider extends AdminConsoleCreate {
@Page
private LdapUserProviderForm form;
public CreateLdapUserProvider() {
setEntity("user-federation");
}
@ -17,4 +21,7 @@ public class CreateLdapUserProvider extends AdminConsoleCreate {
return super.getUriFragment() + "/providers/ldap";
}
public LdapUserProviderForm form() {
return form;
}
}

View file

@ -0,0 +1,81 @@
package org.keycloak.testsuite.console.page.federation;
import static org.keycloak.testsuite.util.WaitUtils.waitGuiForElement;
import org.keycloak.testsuite.console.page.fragment.OnOffSwitch;
import org.keycloak.testsuite.page.Form;
import org.openqa.selenium.By;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
import org.openqa.selenium.support.ui.Select;
/**
* @author pdrozd
*/
public class KerberosUserProviderForm extends Form {
@FindBy(id = "consoleDisplayName")
private WebElement consoleDisplayNameInput;
@FindBy(id = "priority")
private WebElement priorityInput;
@FindBy(id = "kerberosRealm")
private WebElement kerberosRealmInput;
@FindBy(id = "serverPrincipal")
private WebElement serverPrincipalInput;
@FindBy(id = "keyTab")
private WebElement keyTabInput;
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='debug']]")
private OnOffSwitch debug;
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='allowPasswordAuthentication']]")
private OnOffSwitch allowPwdAuth;
@FindBy(id = "editMode")
private Select editModeSelect;
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='updateProfileFirstLogin']]")
private OnOffSwitch updateProfileFirstLogin;
public void setConsoleDisplayNameInput(String name) {
setInputValue(consoleDisplayNameInput, name);
}
public void setPriorityInput(Integer priority) {
setInputValue(priorityInput, String.valueOf(priority));
}
public void setKerberosRealmInput(String kerberosRealm) {
waitGuiForElement(By.id("kerberosRealm"));
setInputValue(kerberosRealmInput, kerberosRealm);
}
public void setServerPrincipalInput(String serverPrincipal) {
setInputValue(serverPrincipalInput, serverPrincipal);
}
public void setKeyTabInput(String keyTab) {
setInputValue(keyTabInput, keyTab);
}
public void setDebugEnabled(boolean debugEnabled) {
this.debug.setOn(debugEnabled);
}
public void setAllowPasswordAuthentication(boolean enabled) {
allowPwdAuth.setOn(enabled);
}
public void selectEditMode(String mode) {
waitGuiForElement(By.id("editMode"));
editModeSelect.selectByVisibleText(mode);
}
public void setUpdateProfileFirstLogin(boolean enabled) {
updateProfileFirstLogin.setOn(enabled);
}
}

View file

@ -1,5 +1,8 @@
package org.keycloak.testsuite.console.page.federation;
import static org.keycloak.testsuite.util.WaitUtils.waitAjaxForElement;
import static org.keycloak.testsuite.util.WaitUtils.waitGuiForElement;
import org.jboss.arquillian.graphene.findby.FindByJQuery;
import org.keycloak.testsuite.console.page.fragment.OnOffSwitch;
import org.keycloak.testsuite.page.Form;
@ -8,10 +11,8 @@ import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
import org.openqa.selenium.support.ui.Select;
import static org.keycloak.testsuite.util.WaitUtils.waitGuiForElement;
/**
* Created by fkiss.
* @author fkiss, pdrozd
*/
public class LdapUserProviderForm extends Form {
@ -24,24 +25,33 @@ public class LdapUserProviderForm extends Form {
@FindBy(id = "usernameLDAPAttribute")
private WebElement usernameLDAPAttributeInput;
@FindBy(id = "rdnLDAPAttribute")
private WebElement rdnLDAPAttributeInput;
@FindBy(id = "uuidLDAPAttribute")
private WebElement uuidLDAPAttributeInput;
@FindBy(id = "userObjectClasses")
private WebElement userObjectClassesInput;
@FindBy(id = "ldapConnectionUrl")
private WebElement ldapConnectionUrlInput;
@FindBy(id = "ldapBaseDn")
private WebElement ldapBaseDnInput;
@FindBy(id = "ldapUsersDn")
private WebElement ldapUserDnInput;
@FindBy(id = "authType")
private Select authTypeSelect;
@FindBy(id = "ldapBindDn")
private WebElement ldapBindDnInput;
@FindBy(id = "ldapBindCredential")
private WebElement ldapBindCredentialInput;
@FindBy(id = "searchScope")
private Select searchScopeSelect;
@FindBy(id = "kerberosRealm")
private WebElement kerberosRealmInput;
@ -72,59 +82,173 @@ public class LdapUserProviderForm extends Form {
@FindByJQuery("a:contains('Test authentication')")
private WebElement testAuthenticationButton;
@FindByJQuery("div[class='onoffswitch']:eq(0)")
@FindByJQuery("a:contains('Synchronize changed users')")
private WebElement synchronizeChangedUsersButton;
@FindByJQuery("button:contains('Synchronize all users')")
private WebElement synchronizeAllUsersButton;
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='syncRegistrations']]")
private OnOffSwitch syncRegistrations;
@FindByJQuery("div[class='onoffswitch']:eq(1)")
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='connectionPooling']]")
private OnOffSwitch connectionPooling;
@FindByJQuery("div[class='onoffswitch']:eq(2)")
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='pagination']]")
private OnOffSwitch pagination;
@FindByJQuery("div[class='onoffswitch']:eq(3)")
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='userAccountControlsAfterPasswordUpdate']]")
private OnOffSwitch enableAccountAfterPasswordUpdate;
@FindBy(xpath = "//div[contains(@class,'onoffswitch') and ./input[@id='allowKerberosAuthentication']]")
private OnOffSwitch allowKerberosAuth;
@FindByJQuery("div[class='onoffswitch']:eq(4)")
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='debug']]")
private OnOffSwitch debug;
@FindByJQuery("div[class='onoffswitch']:eq(5)")
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='useKerberosForPasswordAuthentication']]")
private OnOffSwitch useKerberosForPwdAuth;
@FindByJQuery("div[class='onoffswitch']:eq(6)")
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='compositeSwitch']]")
private OnOffSwitch periodicFullSync;
@FindByJQuery("div[class='onoffswitch']:eq(7)")
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='changedSyncEnabled']]")
private OnOffSwitch periodicChangedUsersSync;
@FindByJQuery("button:contains('Save')")
private WebElement saveButton;
public void setConsoleDisplayNameInput(String name) {
setInputValue(consoleDisplayNameInput, name);
}
public void selectEditMode(String mode){
public void setPriorityInput(Integer priority) {
setInputValue(priorityInput, String.valueOf(priority));
}
public void setUsernameLDAPAttributeInput(String usernameLDAPAttribute) {
setInputValue(usernameLDAPAttributeInput, usernameLDAPAttribute);
}
public void setRdnLDAPAttributeInput(String rdnLDAPAttribute) {
setInputValue(rdnLDAPAttributeInput, rdnLDAPAttribute);
}
public void setUuidLDAPAttributeInput(String uuidLDAPAttribute) {
setInputValue(uuidLDAPAttributeInput, uuidLDAPAttribute);
}
public void setUserObjectClassesInput(String userObjectClasses) {
setInputValue(userObjectClassesInput, userObjectClasses);
}
public void setLdapConnectionUrlInput(String ldapConnectionUrl) {
setInputValue(ldapConnectionUrlInput, ldapConnectionUrl);
}
public void setLdapUserDnInput(String ldapUserDn) {
setInputValue(ldapUserDnInput, ldapUserDn);
}
public void setLdapBindDnInput(String ldapBindDn) {
setInputValue(ldapBindDnInput, ldapBindDn);
}
public void setLdapBindCredentialInput(String ldapBindCredential) {
setInputValue(ldapBindCredentialInput, ldapBindCredential);
}
public void setKerberosRealmInput(String kerberosRealm) {
waitAjaxForElement(kerberosRealmInput);
setInputValue(kerberosRealmInput, kerberosRealm);
}
public void setServerPrincipalInput(String serverPrincipal) {
waitAjaxForElement(serverPrincipalInput);
setInputValue(serverPrincipalInput, serverPrincipal);
}
public void setKeyTabInput(String keyTab) {
waitAjaxForElement(keyTabInput);
setInputValue(keyTabInput, keyTab);
}
public void setBatchSizeForSyncInput(String batchSizeForSync) {
setInputValue(batchSizeForSyncInput, batchSizeForSync);
}
public void selectEditMode(String mode) {
waitGuiForElement(By.id("editMode"));
editModeSelect.selectByVisibleText(mode);
}
public void selectVendor(String vendor){
waitGuiForElement(By.id("editMode"));
public void selectVendor(String vendor) {
waitGuiForElement(By.id("vendor"));
vendorSelect.selectByVisibleText(vendor);
}
public void configureLdap(String displayName, String editMode, String vendor, String connectionUrl, String userDN, String ldapBindDn, String ldapBindCredential){
consoleDisplayNameInput.sendKeys(displayName);
editModeSelect.selectByVisibleText(editMode);
selectVendor(vendor);
ldapConnectionUrlInput.sendKeys(connectionUrl);
ldapUserDnInput.sendKeys(userDN);
ldapBindDnInput.sendKeys(ldapBindDn);
ldapBindCredentialInput.sendKeys(ldapBindCredential);
saveButton.click();
public void selectAuthenticationType(String authenticationType) {
waitGuiForElement(By.id("authType"));
authTypeSelect.selectByVisibleText(authenticationType);
}
public void testConnection(){
public void selectSearchScope(String searchScope) {
waitGuiForElement(By.id("searchScope"));
searchScopeSelect.selectByVisibleText(searchScope);
}
public void setSyncRegistrationsEnabled(boolean syncRegistrationsEnabled) {
this.syncRegistrations.setOn(syncRegistrationsEnabled);
}
public void setConnectionPoolingEnabled(boolean connectionPoolingEnabled) {
this.connectionPooling.setOn(connectionPoolingEnabled);
}
public void setPaginationEnabled(boolean paginationEnabled) {
this.pagination.setOn(paginationEnabled);
}
public void setAccountAfterPasswordUpdateEnabled(boolean enabled) {
if ((!enableAccountAfterPasswordUpdate.isOn() && enabled)
|| !enabled && enableAccountAfterPasswordUpdate.isOn()) {
driver.findElement(By
.xpath("//div[contains(@class,'onoffswitch') and ./input[@id='userAccountControlsAfterPasswordUpdate']]"))
.findElements(By.tagName("span")).get(0).click();
}
}
public void setAllowKerberosAuthEnabled(boolean enabled) {
if ((!allowKerberosAuth.isOn() && enabled) || !enabled && allowKerberosAuth.isOn()) {
driver.findElement(
By.xpath("//div[contains(@class,'onoffswitch') and ./input[@id='allowKerberosAuthentication']]"))
.findElements(By.tagName("span")).get(0).click();
}
}
public void setDebugEnabled(boolean debugEnabled) {
this.debug.setOn(debugEnabled);
}
public void setUseKerberosForPwdAuthEnabled(boolean useKerberosForPwdAuthEnabled) {
this.useKerberosForPwdAuth.setOn(useKerberosForPwdAuthEnabled);
}
public void setPeriodicFullSyncEnabled(boolean periodicFullSyncEnabled) {
this.periodicFullSync.setOn(periodicFullSyncEnabled);
}
public void setPeriodicChangedUsersSyncEnabled(boolean periodicChangedUsersSyncEnabled) {
this.periodicChangedUsersSync.setOn(periodicChangedUsersSyncEnabled);
}
public void testConnection() {
testConnectionButton.click();
}
public void testAuthentication(){
public void testAuthentication() {
testAuthenticationButton.click();
}
public void synchronizeAllUsers() {
waitAjaxForElement(synchronizeAllUsersButton);
synchronizeAllUsersButton.click();
}
}

View file

@ -0,0 +1,75 @@
package org.keycloak.testsuite.console.federation;
import static org.junit.Assert.assertEquals;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Test;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserFederationProviderRepresentation;
import org.keycloak.testsuite.console.AbstractConsoleTest;
import org.keycloak.testsuite.console.page.federation.CreateKerberosUserProvider;
/**
* @author pdrozd
*/
public class KerberosUserFederationTest extends AbstractConsoleTest {
private static final String UNSYNCED = "UNSYNCED";
private static final String READ_ONLY = "READ_ONLY";
@Page
private CreateKerberosUserProvider createKerberosUserProvider;
@Test
public void configureKerberosProvider() {
createKerberosUserProvider.navigateTo();
createKerberosUserProvider.form().setConsoleDisplayNameInput("kerberos");
createKerberosUserProvider.form().setKerberosRealmInput("KEYCLOAK.ORG");
createKerberosUserProvider.form().setServerPrincipalInput("HTTP/localhost@KEYCLOAK.ORG");
createKerberosUserProvider.form().setKeyTabInput("http.keytab");
createKerberosUserProvider.form().setDebugEnabled(true);
createKerberosUserProvider.form().setAllowPasswordAuthentication(true);
createKerberosUserProvider.form().selectEditMode(READ_ONLY);
createKerberosUserProvider.form().setUpdateProfileFirstLogin(true);
createKerberosUserProvider.form().save();
assertFlashMessageSuccess();
RealmRepresentation realm = testRealmResource().toRepresentation();
UserFederationProviderRepresentation ufpr = realm.getUserFederationProviders().get(0);
assertKerberosSetings(ufpr, "KEYCLOAK.ORG", "HTTP/localhost@KEYCLOAK.ORG", "http.keytab", "true", "true", "true");
}
@Test
public void invalidSettingsTest() {
createKerberosUserProvider.navigateTo();
createKerberosUserProvider.form().setConsoleDisplayNameInput("kerberos");
createKerberosUserProvider.form().setServerPrincipalInput("HTTP/localhost@KEYCLOAK.ORG");
createKerberosUserProvider.form().setKeyTabInput("http.keytab");
createKerberosUserProvider.form().setDebugEnabled(true);
createKerberosUserProvider.form().setAllowPasswordAuthentication(true);
createKerberosUserProvider.form().selectEditMode(UNSYNCED);
createKerberosUserProvider.form().setUpdateProfileFirstLogin(true);
createKerberosUserProvider.form().save();
assertFlashMessageDanger();
createKerberosUserProvider.form().setServerPrincipalInput("");
createKerberosUserProvider.form().setKerberosRealmInput("KEYCLOAK.ORG");;
createKerberosUserProvider.form().save();
assertFlashMessageDanger();
createKerberosUserProvider.form().setServerPrincipalInput("HTTP/localhost@KEYCLOAK.ORG");;
createKerberosUserProvider.form().setKeyTabInput("");
createKerberosUserProvider.form().save();
assertFlashMessageDanger();
createKerberosUserProvider.form().setKeyTabInput("http.keytab");;
createKerberosUserProvider.form().save();
assertFlashMessageSuccess();
}
private void assertKerberosSetings(UserFederationProviderRepresentation ufpr, String kerberosRealm, String serverPrincipal, String keyTab, String debug, String useKerberosForPasswordAuthentication, String updateProfileFirstLogin) {
assertEquals(kerberosRealm, ufpr.getConfig().get("kerberosRealm"));
assertEquals(serverPrincipal, ufpr.getConfig().get("serverPrincipal"));
assertEquals(keyTab, ufpr.getConfig().get("keyTab"));
assertEquals(debug, ufpr.getConfig().get("debug"));
assertEquals(useKerberosForPasswordAuthentication, ufpr.getConfig().get("allowKerberosAuthentication"));
assertEquals(updateProfileFirstLogin, ufpr.getConfig().get("updateProfileFirstLogin"));
}
}

View file

@ -1,71 +1,192 @@
package org.keycloak.testsuite.console.federation;
import static org.junit.Assert.assertEquals;
import java.util.Properties;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.*;
import org.keycloak.models.LDAPConstants;
import org.keycloak.representations.idm.UserRepresentation;
import org.junit.Test;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserFederationProviderRepresentation;
import org.keycloak.testsuite.console.AbstractConsoleTest;
import org.keycloak.testsuite.console.page.federation.LdapUserProviderForm;
import org.keycloak.testsuite.console.page.federation.UserFederation;
import org.keycloak.testsuite.console.page.users.Users;
import org.keycloak.testsuite.util.LDAPTestConfiguration;
import java.util.Map;
import static org.junit.Assert.assertTrue;
import static org.keycloak.representations.idm.CredentialRepresentation.PASSWORD;
import static org.keycloak.testsuite.admin.Users.setPasswordFor;
import org.keycloak.testsuite.console.page.federation.CreateLdapUserProvider;
import org.keycloak.util.ldap.LDAPEmbeddedServer;
/**
* Created by fkiss.
* @author fkiss, pdrozd
*/
public class LdapUserFederationTest extends AbstractConsoleTest {
@Page
private LdapUserProviderForm ldapUserProviderForm;
private static final String UNSYNCED = "UNSYNCED";
private static final String READ_ONLY = "READ_ONLY";
private static final String RED_HAT_DIRECTORY_SERVER = "Red Hat Directory Server";
private static final String WRITABLE = "WRITABLE";
private static final String ACTIVE_DIRECTORY = "Active Directory";
@Page
private UserFederation userFederationPage;
private CreateLdapUserProvider createLdapUserProvider;
@Page
private Users usersPage;
@Before
public void beforeTestLdapUserFederation() {
//configure().userFederation();
}
@Ignore
@Test
public void addAndConfigureProvider() {
adminConsolePage.navigateTo();
testRealmLoginPage.form().login(testUser);
public void configureAdProvider() {
createLdapUserProvider.navigateTo();
createLdapUserProvider.form().selectVendor(ACTIVE_DIRECTORY);
createLdapUserProvider.form().setConsoleDisplayNameInput("ldap");
createLdapUserProvider.form().selectEditMode(WRITABLE);
createLdapUserProvider.form().setLdapConnectionUrlInput("ldap://localhost:389");
createLdapUserProvider.form().setLdapBindDnInput("KEYCLOAK/Administrator");
createLdapUserProvider.form().setLdapUserDnInput("ou=People,dc=keycloak,dc=org");
createLdapUserProvider.form().setLdapBindCredentialInput("secret");
createLdapUserProvider.form().setAccountAfterPasswordUpdateEnabled(false);
// enable kerberos
createLdapUserProvider.form().setAllowKerberosAuthEnabled(true);
createLdapUserProvider.form().setKerberosRealmInput("KEYCLOAK.ORG");
createLdapUserProvider.form().setServerPrincipalInput("HTTP/localhost@KEYCLOAK.ORG");
createLdapUserProvider.form().setKeyTabInput("http.keytab");
createLdapUserProvider.form().setDebugEnabled(true);
createLdapUserProvider.form().save();
assertFlashMessageSuccess();
String name = "ldapname";
String LDAP_CONNECTION_PROPERTIES_LOCATION = "ldap/ldap-connection.properties";
LDAPTestConfiguration ldapTestConfiguration = LDAPTestConfiguration.readConfiguration(LDAP_CONNECTION_PROPERTIES_LOCATION);
UserRepresentation newUser = new UserRepresentation();
String testUsername = "defaultrole tester";
newUser.setUsername(testUsername);
setPasswordFor(newUser, PASSWORD);
Map<String,String> ldapConfig = ldapTestConfiguration.getLDAPConfig();
//addLdapProviderTest
configure().userFederation();
userFederationPage.addProvider("ldap");
ldapUserProviderForm.configureLdap(ldapConfig.get(LDAPConstants.LDAP_PROVIDER), ldapConfig.get(LDAPConstants.EDIT_MODE), ldapConfig.get(LDAPConstants.VENDOR), ldapConfig.get(LDAPConstants.CONNECTION_URL), ldapConfig.get(LDAPConstants.USERS_DN), ldapConfig.get(LDAPConstants.BIND_DN), ldapConfig.get(LDAPConstants.BIND_CREDENTIAL));
RealmRepresentation realm = testRealmResource().toRepresentation();
UserFederationProviderRepresentation ufpr = realm.getUserFederationProviders().get(0);
assertLdapProviderSetting(ufpr, "ldap", 0, WRITABLE, "false", "ad", "1", "true", "true", "false");
assertLdapBasicMapping(ufpr, "cn", "cn", "objectGUID", "person, organizationalPerson, user",
"ou=People,dc=keycloak,dc=org");
assertLdapSyncSetings(ufpr, "1000", 0, 0);
assertLdapKerberosSetings(ufpr, "KEYCLOAK.ORG", "HTTP/localhost@KEYCLOAK.ORG", "http.keytab", "true", "false");
}
@Ignore
@Test
public void caseSensitiveSearch() {
// This should fail for now due to case-sensitivity
adminConsolePage.navigateTo();
testRealmLoginPage.form().login("johnKeycloak", "Password1");
assertTrue(flashMessage.getText(), flashMessage.isDanger());
public void configureRhdsProvider() {
createLdapUserProvider.navigateTo();
createLdapUserProvider.form().selectVendor(RED_HAT_DIRECTORY_SERVER);
createLdapUserProvider.form().setConsoleDisplayNameInput("ldap");
createLdapUserProvider.form().selectEditMode(READ_ONLY);
createLdapUserProvider.form().setLdapConnectionUrlInput("ldap://localhost:389");
createLdapUserProvider.form().setLdapBindDnInput("uid=admin,ou=system");
createLdapUserProvider.form().setLdapUserDnInput("ou=People,dc=keycloak,dc=org");
createLdapUserProvider.form().setLdapBindCredentialInput("secret");
createLdapUserProvider.form().save();
assertFlashMessageSuccess();
RealmRepresentation realm = testRealmResource().toRepresentation();
UserFederationProviderRepresentation ufpr = realm.getUserFederationProviders().get(0);
assertLdapProviderSetting(ufpr, "ldap", 0, READ_ONLY, "false", "rhds", "1", "true", "true", "true");
assertLdapBasicMapping(ufpr, "uid", "uid", "nsuniqueid", "inetOrgPerson, organizationalPerson",
"ou=People,dc=keycloak,dc=org");
assertLdapSyncSetings(ufpr, "1000", 0, 0);
}
}
@Test
public void invalidSettingsTest() {
createLdapUserProvider.navigateTo();
createLdapUserProvider.form().selectVendor(ACTIVE_DIRECTORY);
createLdapUserProvider.form().setConsoleDisplayNameInput("ldap");
createLdapUserProvider.form().selectEditMode(UNSYNCED);
createLdapUserProvider.form().setLdapBindDnInput("uid=admin,ou=system");
createLdapUserProvider.form().setLdapUserDnInput("ou=People,dc=keycloak,dc=org");
createLdapUserProvider.form().setLdapBindCredentialInput("secret");
createLdapUserProvider.form().save();
assertFlashMessageDanger();
createLdapUserProvider.form().setLdapUserDnInput("");
createLdapUserProvider.form().setLdapConnectionUrlInput("ldap://localhost:389");
createLdapUserProvider.form().save();
assertFlashMessageDanger();
createLdapUserProvider.form().setLdapUserDnInput("ou=People,dc=keycloak,dc=org");
createLdapUserProvider.form().setLdapBindDnInput("");
createLdapUserProvider.form().save();
assertFlashMessageDanger();
createLdapUserProvider.form().setLdapBindDnInput("uid=admin,ou=system");
createLdapUserProvider.form().setLdapBindCredentialInput("");
createLdapUserProvider.form().save();
assertFlashMessageDanger();
createLdapUserProvider.form().setLdapBindCredentialInput("secret");
createLdapUserProvider.form().save();
assertFlashMessageSuccess();
}
@Test
public void testConnection() throws Exception {
createLdapUserProvider.navigateTo();
createLdapUserProvider.form().selectVendor("Other");
createLdapUserProvider.form().setConsoleDisplayNameInput("ldap");
createLdapUserProvider.form().selectEditMode(WRITABLE);
createLdapUserProvider.form().setLdapConnectionUrlInput("ldap://localhost:10389");
createLdapUserProvider.form().setLdapBindDnInput("uid=admin,ou=system");
createLdapUserProvider.form().setLdapUserDnInput("ou=People,dc=keycloak,dc=org");
createLdapUserProvider.form().setLdapBindCredentialInput("secret");
createLdapUserProvider.form().setAccountAfterPasswordUpdateEnabled(true);
createLdapUserProvider.form().save();
assertFlashMessageSuccess();
LDAPEmbeddedServer ldapServer = null;
try {
ldapServer = startEmbeddedLdapServer();
createLdapUserProvider.form().testConnection();
assertFlashMessageSuccess();
createLdapUserProvider.form().testAuthentication();
assertFlashMessageSuccess();
createLdapUserProvider.form().synchronizeAllUsers();
assertFlashMessageSuccess();
createLdapUserProvider.form().setLdapBindCredentialInput("secret1");
createLdapUserProvider.form().testAuthentication();
assertFlashMessageDanger();
} finally {
if (ldapServer != null) {
ldapServer.stop();
}
}
}
private void assertLdapProviderSetting(UserFederationProviderRepresentation ufpr, String name, int priority,
String editMode, String syncRegistrations, String vendor, String searchScope, String connectionPooling,
String pagination, String enableAccountAfterPasswordUpdate) {
assertEquals(name, ufpr.getDisplayName());
assertEquals(priority, ufpr.getPriority());
assertEquals(editMode, ufpr.getConfig().get("editMode"));
assertEquals(syncRegistrations, ufpr.getConfig().get("syncRegistrations"));
assertEquals(vendor, ufpr.getConfig().get("vendor"));
assertEquals(searchScope, ufpr.getConfig().get("searchScope"));
assertEquals(connectionPooling, ufpr.getConfig().get("connectionPooling"));
assertEquals(pagination, ufpr.getConfig().get("pagination"));
assertEquals(enableAccountAfterPasswordUpdate, ufpr.getConfig().get("userAccountControlsAfterPasswordUpdate"));
}
private void assertLdapBasicMapping(UserFederationProviderRepresentation ufpr, String usernameLdapAttribute,
String rdnLdapAttr, String uuidLdapAttr, String userObjectClasses, String userDN) {
assertEquals(usernameLdapAttribute, ufpr.getConfig().get("usernameLDAPAttribute"));
assertEquals(rdnLdapAttr, ufpr.getConfig().get("rdnLDAPAttribute"));
assertEquals(uuidLdapAttr, ufpr.getConfig().get("uuidLDAPAttribute"));
assertEquals(userObjectClasses, ufpr.getConfig().get("userObjectClasses"));
assertEquals(userDN, ufpr.getConfig().get("usersDn"));
}
private void assertLdapKerberosSetings(UserFederationProviderRepresentation ufpr, String kerberosRealm,
String serverPrincipal, String keyTab, String debug, String useKerberosForPasswordAuthentication) {
assertEquals(kerberosRealm, ufpr.getConfig().get("kerberosRealm"));
assertEquals(serverPrincipal, ufpr.getConfig().get("serverPrincipal"));
assertEquals(keyTab, ufpr.getConfig().get("keyTab"));
assertEquals(debug, ufpr.getConfig().get("debug"));
assertEquals(useKerberosForPasswordAuthentication,
ufpr.getConfig().get("useKerberosForPasswordAuthentication"));
}
private void assertLdapSyncSetings(UserFederationProviderRepresentation ufpr, String batchSize,
int periodicFullSync, int periodicChangedUsersSync) {
assertEquals(batchSize, ufpr.getConfig().get("batchSizeForSync"));
assertEquals(periodicFullSync, ufpr.getFullSyncPeriod());
assertEquals(periodicChangedUsersSync, ufpr.getChangedSyncPeriod());
}
private LDAPEmbeddedServer startEmbeddedLdapServer() throws Exception {
Properties defaultProperties = new Properties();
defaultProperties.setProperty(LDAPEmbeddedServer.PROPERTY_DSF, LDAPEmbeddedServer.DSF_INMEMORY);
defaultProperties.setProperty(LDAPEmbeddedServer.PROPERTY_LDIF_FILE, "classpath:ldap/users.ldif");
LDAPEmbeddedServer ldapEmbeddedServer = new LDAPEmbeddedServer(defaultProperties);
ldapEmbeddedServer.init();
ldapEmbeddedServer.start();
return ldapEmbeddedServer;
}
}

View file

@ -0,0 +1,20 @@
dn: dc=keycloak,dc=org
objectclass: dcObject
objectclass: organization
o: Keycloak
dc: Keycloak
dn: ou=People,dc=keycloak,dc=org
objectclass: top
objectclass: organizationalUnit
ou: People
dn: ou=RealmRoles,dc=keycloak,dc=org
objectclass: top
objectclass: organizationalUnit
ou: RealmRoles
dn: ou=FinanceRoles,dc=keycloak,dc=org
objectclass: top
objectclass: organizationalUnit
ou: FinanceRoles