Merge pull request #1814 from pdrozd/federation-tests
Add Federation tests for admin console.
This commit is contained in:
commit
73197332c4
9 changed files with 552 additions and 85 deletions
|
@ -15,7 +15,18 @@
|
|||
<exclude.console>-</exclude.console>
|
||||
<exclude.account>-</exclude.account>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-util-embedded-ldap</artifactId>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>bouncycastle</groupId>
|
||||
<artifactId>bcprov-jdk15</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
|
|
|
@ -57,7 +57,7 @@ public class AdminConsoleRealm extends AdminConsoleRealmsRoot {
|
|||
private WebElement rolesLink;
|
||||
@FindBy(partialLinkText = "Identity Providers")
|
||||
private WebElement identityProvidersLink;
|
||||
@FindBy(partialLinkText = "User Feferation")
|
||||
@FindBy(partialLinkText = "User Federation")
|
||||
private WebElement userFederationLink;
|
||||
@FindBy(partialLinkText = "Authentication")
|
||||
private WebElement authenticationLink;
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
package org.keycloak.testsuite.console.page.federation;
|
||||
|
||||
import org.jboss.arquillian.graphene.page.Page;
|
||||
import org.keycloak.testsuite.console.page.AdminConsoleCreate;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author pdrozd
|
||||
*/
|
||||
public class CreateKerberosUserProvider extends AdminConsoleCreate {
|
||||
|
||||
@Page
|
||||
private KerberosUserProviderForm form;
|
||||
|
||||
public CreateKerberosUserProvider() {
|
||||
setEntity("user-federation");
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getUriFragment() {
|
||||
return super.getUriFragment() + "/providers/kerberos";
|
||||
}
|
||||
|
||||
public KerberosUserProviderForm form() {
|
||||
return form;
|
||||
}
|
||||
|
||||
}
|
|
@ -1,5 +1,6 @@
|
|||
package org.keycloak.testsuite.console.page.federation;
|
||||
|
||||
import org.jboss.arquillian.graphene.page.Page;
|
||||
import org.keycloak.testsuite.console.page.AdminConsoleCreate;
|
||||
|
||||
/**
|
||||
|
@ -8,6 +9,9 @@ import org.keycloak.testsuite.console.page.AdminConsoleCreate;
|
|||
*/
|
||||
public class CreateLdapUserProvider extends AdminConsoleCreate {
|
||||
|
||||
@Page
|
||||
private LdapUserProviderForm form;
|
||||
|
||||
public CreateLdapUserProvider() {
|
||||
setEntity("user-federation");
|
||||
}
|
||||
|
@ -17,4 +21,7 @@ public class CreateLdapUserProvider extends AdminConsoleCreate {
|
|||
return super.getUriFragment() + "/providers/ldap";
|
||||
}
|
||||
|
||||
public LdapUserProviderForm form() {
|
||||
return form;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,81 @@
|
|||
package org.keycloak.testsuite.console.page.federation;
|
||||
|
||||
import static org.keycloak.testsuite.util.WaitUtils.waitGuiForElement;
|
||||
|
||||
import org.keycloak.testsuite.console.page.fragment.OnOffSwitch;
|
||||
import org.keycloak.testsuite.page.Form;
|
||||
import org.openqa.selenium.By;
|
||||
import org.openqa.selenium.WebElement;
|
||||
import org.openqa.selenium.support.FindBy;
|
||||
import org.openqa.selenium.support.ui.Select;
|
||||
|
||||
/**
|
||||
* @author pdrozd
|
||||
*/
|
||||
public class KerberosUserProviderForm extends Form {
|
||||
|
||||
@FindBy(id = "consoleDisplayName")
|
||||
private WebElement consoleDisplayNameInput;
|
||||
|
||||
@FindBy(id = "priority")
|
||||
private WebElement priorityInput;
|
||||
|
||||
@FindBy(id = "kerberosRealm")
|
||||
private WebElement kerberosRealmInput;
|
||||
|
||||
@FindBy(id = "serverPrincipal")
|
||||
private WebElement serverPrincipalInput;
|
||||
|
||||
@FindBy(id = "keyTab")
|
||||
private WebElement keyTabInput;
|
||||
|
||||
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='debug']]")
|
||||
private OnOffSwitch debug;
|
||||
|
||||
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='allowPasswordAuthentication']]")
|
||||
private OnOffSwitch allowPwdAuth;
|
||||
|
||||
@FindBy(id = "editMode")
|
||||
private Select editModeSelect;
|
||||
|
||||
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='updateProfileFirstLogin']]")
|
||||
private OnOffSwitch updateProfileFirstLogin;
|
||||
|
||||
public void setConsoleDisplayNameInput(String name) {
|
||||
setInputValue(consoleDisplayNameInput, name);
|
||||
}
|
||||
|
||||
public void setPriorityInput(Integer priority) {
|
||||
setInputValue(priorityInput, String.valueOf(priority));
|
||||
}
|
||||
|
||||
public void setKerberosRealmInput(String kerberosRealm) {
|
||||
waitGuiForElement(By.id("kerberosRealm"));
|
||||
setInputValue(kerberosRealmInput, kerberosRealm);
|
||||
}
|
||||
|
||||
public void setServerPrincipalInput(String serverPrincipal) {
|
||||
setInputValue(serverPrincipalInput, serverPrincipal);
|
||||
}
|
||||
|
||||
public void setKeyTabInput(String keyTab) {
|
||||
setInputValue(keyTabInput, keyTab);
|
||||
}
|
||||
|
||||
public void setDebugEnabled(boolean debugEnabled) {
|
||||
this.debug.setOn(debugEnabled);
|
||||
}
|
||||
|
||||
public void setAllowPasswordAuthentication(boolean enabled) {
|
||||
allowPwdAuth.setOn(enabled);
|
||||
}
|
||||
|
||||
public void selectEditMode(String mode) {
|
||||
waitGuiForElement(By.id("editMode"));
|
||||
editModeSelect.selectByVisibleText(mode);
|
||||
}
|
||||
|
||||
public void setUpdateProfileFirstLogin(boolean enabled) {
|
||||
updateProfileFirstLogin.setOn(enabled);
|
||||
}
|
||||
}
|
|
@ -1,5 +1,8 @@
|
|||
package org.keycloak.testsuite.console.page.federation;
|
||||
|
||||
import static org.keycloak.testsuite.util.WaitUtils.waitAjaxForElement;
|
||||
import static org.keycloak.testsuite.util.WaitUtils.waitGuiForElement;
|
||||
|
||||
import org.jboss.arquillian.graphene.findby.FindByJQuery;
|
||||
import org.keycloak.testsuite.console.page.fragment.OnOffSwitch;
|
||||
import org.keycloak.testsuite.page.Form;
|
||||
|
@ -8,10 +11,8 @@ import org.openqa.selenium.WebElement;
|
|||
import org.openqa.selenium.support.FindBy;
|
||||
import org.openqa.selenium.support.ui.Select;
|
||||
|
||||
import static org.keycloak.testsuite.util.WaitUtils.waitGuiForElement;
|
||||
|
||||
/**
|
||||
* Created by fkiss.
|
||||
* @author fkiss, pdrozd
|
||||
*/
|
||||
public class LdapUserProviderForm extends Form {
|
||||
|
||||
|
@ -24,24 +25,33 @@ public class LdapUserProviderForm extends Form {
|
|||
@FindBy(id = "usernameLDAPAttribute")
|
||||
private WebElement usernameLDAPAttributeInput;
|
||||
|
||||
@FindBy(id = "rdnLDAPAttribute")
|
||||
private WebElement rdnLDAPAttributeInput;
|
||||
|
||||
@FindBy(id = "uuidLDAPAttribute")
|
||||
private WebElement uuidLDAPAttributeInput;
|
||||
|
||||
@FindBy(id = "userObjectClasses")
|
||||
private WebElement userObjectClassesInput;
|
||||
|
||||
@FindBy(id = "ldapConnectionUrl")
|
||||
private WebElement ldapConnectionUrlInput;
|
||||
|
||||
@FindBy(id = "ldapBaseDn")
|
||||
private WebElement ldapBaseDnInput;
|
||||
|
||||
@FindBy(id = "ldapUsersDn")
|
||||
private WebElement ldapUserDnInput;
|
||||
|
||||
@FindBy(id = "authType")
|
||||
private Select authTypeSelect;
|
||||
|
||||
@FindBy(id = "ldapBindDn")
|
||||
private WebElement ldapBindDnInput;
|
||||
|
||||
@FindBy(id = "ldapBindCredential")
|
||||
private WebElement ldapBindCredentialInput;
|
||||
|
||||
@FindBy(id = "searchScope")
|
||||
private Select searchScopeSelect;
|
||||
|
||||
@FindBy(id = "kerberosRealm")
|
||||
private WebElement kerberosRealmInput;
|
||||
|
||||
|
@ -72,59 +82,173 @@ public class LdapUserProviderForm extends Form {
|
|||
@FindByJQuery("a:contains('Test authentication')")
|
||||
private WebElement testAuthenticationButton;
|
||||
|
||||
@FindByJQuery("div[class='onoffswitch']:eq(0)")
|
||||
@FindByJQuery("a:contains('Synchronize changed users')")
|
||||
private WebElement synchronizeChangedUsersButton;
|
||||
|
||||
@FindByJQuery("button:contains('Synchronize all users')")
|
||||
private WebElement synchronizeAllUsersButton;
|
||||
|
||||
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='syncRegistrations']]")
|
||||
private OnOffSwitch syncRegistrations;
|
||||
|
||||
@FindByJQuery("div[class='onoffswitch']:eq(1)")
|
||||
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='connectionPooling']]")
|
||||
private OnOffSwitch connectionPooling;
|
||||
|
||||
@FindByJQuery("div[class='onoffswitch']:eq(2)")
|
||||
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='pagination']]")
|
||||
private OnOffSwitch pagination;
|
||||
|
||||
@FindByJQuery("div[class='onoffswitch']:eq(3)")
|
||||
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='userAccountControlsAfterPasswordUpdate']]")
|
||||
private OnOffSwitch enableAccountAfterPasswordUpdate;
|
||||
|
||||
@FindBy(xpath = "//div[contains(@class,'onoffswitch') and ./input[@id='allowKerberosAuthentication']]")
|
||||
private OnOffSwitch allowKerberosAuth;
|
||||
|
||||
@FindByJQuery("div[class='onoffswitch']:eq(4)")
|
||||
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='debug']]")
|
||||
private OnOffSwitch debug;
|
||||
|
||||
@FindByJQuery("div[class='onoffswitch']:eq(5)")
|
||||
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='useKerberosForPasswordAuthentication']]")
|
||||
private OnOffSwitch useKerberosForPwdAuth;
|
||||
|
||||
@FindByJQuery("div[class='onoffswitch']:eq(6)")
|
||||
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='compositeSwitch']]")
|
||||
private OnOffSwitch periodicFullSync;
|
||||
|
||||
@FindByJQuery("div[class='onoffswitch']:eq(7)")
|
||||
@FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='changedSyncEnabled']]")
|
||||
private OnOffSwitch periodicChangedUsersSync;
|
||||
|
||||
@FindByJQuery("button:contains('Save')")
|
||||
private WebElement saveButton;
|
||||
public void setConsoleDisplayNameInput(String name) {
|
||||
setInputValue(consoleDisplayNameInput, name);
|
||||
}
|
||||
|
||||
public void selectEditMode(String mode){
|
||||
public void setPriorityInput(Integer priority) {
|
||||
setInputValue(priorityInput, String.valueOf(priority));
|
||||
}
|
||||
|
||||
public void setUsernameLDAPAttributeInput(String usernameLDAPAttribute) {
|
||||
setInputValue(usernameLDAPAttributeInput, usernameLDAPAttribute);
|
||||
}
|
||||
|
||||
public void setRdnLDAPAttributeInput(String rdnLDAPAttribute) {
|
||||
setInputValue(rdnLDAPAttributeInput, rdnLDAPAttribute);
|
||||
}
|
||||
|
||||
public void setUuidLDAPAttributeInput(String uuidLDAPAttribute) {
|
||||
setInputValue(uuidLDAPAttributeInput, uuidLDAPAttribute);
|
||||
}
|
||||
|
||||
public void setUserObjectClassesInput(String userObjectClasses) {
|
||||
setInputValue(userObjectClassesInput, userObjectClasses);
|
||||
}
|
||||
|
||||
public void setLdapConnectionUrlInput(String ldapConnectionUrl) {
|
||||
setInputValue(ldapConnectionUrlInput, ldapConnectionUrl);
|
||||
}
|
||||
|
||||
public void setLdapUserDnInput(String ldapUserDn) {
|
||||
setInputValue(ldapUserDnInput, ldapUserDn);
|
||||
}
|
||||
|
||||
public void setLdapBindDnInput(String ldapBindDn) {
|
||||
setInputValue(ldapBindDnInput, ldapBindDn);
|
||||
}
|
||||
|
||||
public void setLdapBindCredentialInput(String ldapBindCredential) {
|
||||
setInputValue(ldapBindCredentialInput, ldapBindCredential);
|
||||
}
|
||||
|
||||
public void setKerberosRealmInput(String kerberosRealm) {
|
||||
waitAjaxForElement(kerberosRealmInput);
|
||||
setInputValue(kerberosRealmInput, kerberosRealm);
|
||||
}
|
||||
|
||||
public void setServerPrincipalInput(String serverPrincipal) {
|
||||
waitAjaxForElement(serverPrincipalInput);
|
||||
setInputValue(serverPrincipalInput, serverPrincipal);
|
||||
}
|
||||
|
||||
public void setKeyTabInput(String keyTab) {
|
||||
waitAjaxForElement(keyTabInput);
|
||||
setInputValue(keyTabInput, keyTab);
|
||||
}
|
||||
|
||||
public void setBatchSizeForSyncInput(String batchSizeForSync) {
|
||||
setInputValue(batchSizeForSyncInput, batchSizeForSync);
|
||||
}
|
||||
|
||||
public void selectEditMode(String mode) {
|
||||
waitGuiForElement(By.id("editMode"));
|
||||
editModeSelect.selectByVisibleText(mode);
|
||||
}
|
||||
|
||||
public void selectVendor(String vendor){
|
||||
waitGuiForElement(By.id("editMode"));
|
||||
public void selectVendor(String vendor) {
|
||||
waitGuiForElement(By.id("vendor"));
|
||||
vendorSelect.selectByVisibleText(vendor);
|
||||
}
|
||||
|
||||
public void configureLdap(String displayName, String editMode, String vendor, String connectionUrl, String userDN, String ldapBindDn, String ldapBindCredential){
|
||||
consoleDisplayNameInput.sendKeys(displayName);
|
||||
editModeSelect.selectByVisibleText(editMode);
|
||||
selectVendor(vendor);
|
||||
ldapConnectionUrlInput.sendKeys(connectionUrl);
|
||||
ldapUserDnInput.sendKeys(userDN);
|
||||
ldapBindDnInput.sendKeys(ldapBindDn);
|
||||
ldapBindCredentialInput.sendKeys(ldapBindCredential);
|
||||
saveButton.click();
|
||||
public void selectAuthenticationType(String authenticationType) {
|
||||
waitGuiForElement(By.id("authType"));
|
||||
authTypeSelect.selectByVisibleText(authenticationType);
|
||||
}
|
||||
|
||||
public void testConnection(){
|
||||
public void selectSearchScope(String searchScope) {
|
||||
waitGuiForElement(By.id("searchScope"));
|
||||
searchScopeSelect.selectByVisibleText(searchScope);
|
||||
}
|
||||
|
||||
public void setSyncRegistrationsEnabled(boolean syncRegistrationsEnabled) {
|
||||
this.syncRegistrations.setOn(syncRegistrationsEnabled);
|
||||
}
|
||||
|
||||
public void setConnectionPoolingEnabled(boolean connectionPoolingEnabled) {
|
||||
this.connectionPooling.setOn(connectionPoolingEnabled);
|
||||
}
|
||||
|
||||
public void setPaginationEnabled(boolean paginationEnabled) {
|
||||
this.pagination.setOn(paginationEnabled);
|
||||
}
|
||||
|
||||
public void setAccountAfterPasswordUpdateEnabled(boolean enabled) {
|
||||
if ((!enableAccountAfterPasswordUpdate.isOn() && enabled)
|
||||
|| !enabled && enableAccountAfterPasswordUpdate.isOn()) {
|
||||
driver.findElement(By
|
||||
.xpath("//div[contains(@class,'onoffswitch') and ./input[@id='userAccountControlsAfterPasswordUpdate']]"))
|
||||
.findElements(By.tagName("span")).get(0).click();
|
||||
}
|
||||
}
|
||||
|
||||
public void setAllowKerberosAuthEnabled(boolean enabled) {
|
||||
if ((!allowKerberosAuth.isOn() && enabled) || !enabled && allowKerberosAuth.isOn()) {
|
||||
driver.findElement(
|
||||
By.xpath("//div[contains(@class,'onoffswitch') and ./input[@id='allowKerberosAuthentication']]"))
|
||||
.findElements(By.tagName("span")).get(0).click();
|
||||
}
|
||||
}
|
||||
|
||||
public void setDebugEnabled(boolean debugEnabled) {
|
||||
this.debug.setOn(debugEnabled);
|
||||
}
|
||||
|
||||
public void setUseKerberosForPwdAuthEnabled(boolean useKerberosForPwdAuthEnabled) {
|
||||
this.useKerberosForPwdAuth.setOn(useKerberosForPwdAuthEnabled);
|
||||
}
|
||||
|
||||
public void setPeriodicFullSyncEnabled(boolean periodicFullSyncEnabled) {
|
||||
this.periodicFullSync.setOn(periodicFullSyncEnabled);
|
||||
}
|
||||
|
||||
public void setPeriodicChangedUsersSyncEnabled(boolean periodicChangedUsersSyncEnabled) {
|
||||
this.periodicChangedUsersSync.setOn(periodicChangedUsersSyncEnabled);
|
||||
}
|
||||
|
||||
public void testConnection() {
|
||||
testConnectionButton.click();
|
||||
}
|
||||
|
||||
public void testAuthentication(){
|
||||
public void testAuthentication() {
|
||||
testAuthenticationButton.click();
|
||||
}
|
||||
|
||||
public void synchronizeAllUsers() {
|
||||
waitAjaxForElement(synchronizeAllUsersButton);
|
||||
synchronizeAllUsersButton.click();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,75 @@
|
|||
package org.keycloak.testsuite.console.federation;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
import org.jboss.arquillian.graphene.page.Page;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.UserFederationProviderRepresentation;
|
||||
import org.keycloak.testsuite.console.AbstractConsoleTest;
|
||||
import org.keycloak.testsuite.console.page.federation.CreateKerberosUserProvider;
|
||||
|
||||
/**
|
||||
* @author pdrozd
|
||||
*/
|
||||
public class KerberosUserFederationTest extends AbstractConsoleTest {
|
||||
|
||||
private static final String UNSYNCED = "UNSYNCED";
|
||||
|
||||
private static final String READ_ONLY = "READ_ONLY";
|
||||
|
||||
@Page
|
||||
private CreateKerberosUserProvider createKerberosUserProvider;
|
||||
|
||||
@Test
|
||||
public void configureKerberosProvider() {
|
||||
createKerberosUserProvider.navigateTo();
|
||||
createKerberosUserProvider.form().setConsoleDisplayNameInput("kerberos");
|
||||
createKerberosUserProvider.form().setKerberosRealmInput("KEYCLOAK.ORG");
|
||||
createKerberosUserProvider.form().setServerPrincipalInput("HTTP/localhost@KEYCLOAK.ORG");
|
||||
createKerberosUserProvider.form().setKeyTabInput("http.keytab");
|
||||
createKerberosUserProvider.form().setDebugEnabled(true);
|
||||
createKerberosUserProvider.form().setAllowPasswordAuthentication(true);
|
||||
createKerberosUserProvider.form().selectEditMode(READ_ONLY);
|
||||
createKerberosUserProvider.form().setUpdateProfileFirstLogin(true);
|
||||
createKerberosUserProvider.form().save();
|
||||
assertFlashMessageSuccess();
|
||||
RealmRepresentation realm = testRealmResource().toRepresentation();
|
||||
UserFederationProviderRepresentation ufpr = realm.getUserFederationProviders().get(0);
|
||||
assertKerberosSetings(ufpr, "KEYCLOAK.ORG", "HTTP/localhost@KEYCLOAK.ORG", "http.keytab", "true", "true", "true");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void invalidSettingsTest() {
|
||||
createKerberosUserProvider.navigateTo();
|
||||
createKerberosUserProvider.form().setConsoleDisplayNameInput("kerberos");
|
||||
createKerberosUserProvider.form().setServerPrincipalInput("HTTP/localhost@KEYCLOAK.ORG");
|
||||
createKerberosUserProvider.form().setKeyTabInput("http.keytab");
|
||||
createKerberosUserProvider.form().setDebugEnabled(true);
|
||||
createKerberosUserProvider.form().setAllowPasswordAuthentication(true);
|
||||
createKerberosUserProvider.form().selectEditMode(UNSYNCED);
|
||||
createKerberosUserProvider.form().setUpdateProfileFirstLogin(true);
|
||||
createKerberosUserProvider.form().save();
|
||||
assertFlashMessageDanger();
|
||||
createKerberosUserProvider.form().setServerPrincipalInput("");
|
||||
createKerberosUserProvider.form().setKerberosRealmInput("KEYCLOAK.ORG");;
|
||||
createKerberosUserProvider.form().save();
|
||||
assertFlashMessageDanger();
|
||||
createKerberosUserProvider.form().setServerPrincipalInput("HTTP/localhost@KEYCLOAK.ORG");;
|
||||
createKerberosUserProvider.form().setKeyTabInput("");
|
||||
createKerberosUserProvider.form().save();
|
||||
assertFlashMessageDanger();
|
||||
createKerberosUserProvider.form().setKeyTabInput("http.keytab");;
|
||||
createKerberosUserProvider.form().save();
|
||||
assertFlashMessageSuccess();
|
||||
}
|
||||
|
||||
private void assertKerberosSetings(UserFederationProviderRepresentation ufpr, String kerberosRealm, String serverPrincipal, String keyTab, String debug, String useKerberosForPasswordAuthentication, String updateProfileFirstLogin) {
|
||||
assertEquals(kerberosRealm, ufpr.getConfig().get("kerberosRealm"));
|
||||
assertEquals(serverPrincipal, ufpr.getConfig().get("serverPrincipal"));
|
||||
assertEquals(keyTab, ufpr.getConfig().get("keyTab"));
|
||||
assertEquals(debug, ufpr.getConfig().get("debug"));
|
||||
assertEquals(useKerberosForPasswordAuthentication, ufpr.getConfig().get("allowKerberosAuthentication"));
|
||||
assertEquals(updateProfileFirstLogin, ufpr.getConfig().get("updateProfileFirstLogin"));
|
||||
}
|
||||
}
|
|
@ -1,71 +1,192 @@
|
|||
package org.keycloak.testsuite.console.federation;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
import java.util.Properties;
|
||||
|
||||
import org.jboss.arquillian.graphene.page.Page;
|
||||
import org.junit.*;
|
||||
import org.keycloak.models.LDAPConstants;
|
||||
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.UserFederationProviderRepresentation;
|
||||
import org.keycloak.testsuite.console.AbstractConsoleTest;
|
||||
import org.keycloak.testsuite.console.page.federation.LdapUserProviderForm;
|
||||
import org.keycloak.testsuite.console.page.federation.UserFederation;
|
||||
import org.keycloak.testsuite.console.page.users.Users;
|
||||
import org.keycloak.testsuite.util.LDAPTestConfiguration;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.keycloak.representations.idm.CredentialRepresentation.PASSWORD;
|
||||
import static org.keycloak.testsuite.admin.Users.setPasswordFor;
|
||||
import org.keycloak.testsuite.console.page.federation.CreateLdapUserProvider;
|
||||
import org.keycloak.util.ldap.LDAPEmbeddedServer;
|
||||
|
||||
/**
|
||||
* Created by fkiss.
|
||||
* @author fkiss, pdrozd
|
||||
*/
|
||||
public class LdapUserFederationTest extends AbstractConsoleTest {
|
||||
|
||||
@Page
|
||||
private LdapUserProviderForm ldapUserProviderForm;
|
||||
private static final String UNSYNCED = "UNSYNCED";
|
||||
|
||||
private static final String READ_ONLY = "READ_ONLY";
|
||||
|
||||
private static final String RED_HAT_DIRECTORY_SERVER = "Red Hat Directory Server";
|
||||
|
||||
private static final String WRITABLE = "WRITABLE";
|
||||
|
||||
private static final String ACTIVE_DIRECTORY = "Active Directory";
|
||||
|
||||
@Page
|
||||
private UserFederation userFederationPage;
|
||||
private CreateLdapUserProvider createLdapUserProvider;
|
||||
|
||||
@Page
|
||||
private Users usersPage;
|
||||
|
||||
@Before
|
||||
public void beforeTestLdapUserFederation() {
|
||||
//configure().userFederation();
|
||||
}
|
||||
|
||||
@Ignore
|
||||
@Test
|
||||
public void addAndConfigureProvider() {
|
||||
adminConsolePage.navigateTo();
|
||||
testRealmLoginPage.form().login(testUser);
|
||||
public void configureAdProvider() {
|
||||
createLdapUserProvider.navigateTo();
|
||||
createLdapUserProvider.form().selectVendor(ACTIVE_DIRECTORY);
|
||||
createLdapUserProvider.form().setConsoleDisplayNameInput("ldap");
|
||||
createLdapUserProvider.form().selectEditMode(WRITABLE);
|
||||
createLdapUserProvider.form().setLdapConnectionUrlInput("ldap://localhost:389");
|
||||
createLdapUserProvider.form().setLdapBindDnInput("KEYCLOAK/Administrator");
|
||||
createLdapUserProvider.form().setLdapUserDnInput("ou=People,dc=keycloak,dc=org");
|
||||
createLdapUserProvider.form().setLdapBindCredentialInput("secret");
|
||||
createLdapUserProvider.form().setAccountAfterPasswordUpdateEnabled(false);
|
||||
// enable kerberos
|
||||
createLdapUserProvider.form().setAllowKerberosAuthEnabled(true);
|
||||
createLdapUserProvider.form().setKerberosRealmInput("KEYCLOAK.ORG");
|
||||
createLdapUserProvider.form().setServerPrincipalInput("HTTP/localhost@KEYCLOAK.ORG");
|
||||
createLdapUserProvider.form().setKeyTabInput("http.keytab");
|
||||
createLdapUserProvider.form().setDebugEnabled(true);
|
||||
createLdapUserProvider.form().save();
|
||||
assertFlashMessageSuccess();
|
||||
|
||||
String name = "ldapname";
|
||||
|
||||
String LDAP_CONNECTION_PROPERTIES_LOCATION = "ldap/ldap-connection.properties";
|
||||
LDAPTestConfiguration ldapTestConfiguration = LDAPTestConfiguration.readConfiguration(LDAP_CONNECTION_PROPERTIES_LOCATION);
|
||||
|
||||
UserRepresentation newUser = new UserRepresentation();
|
||||
String testUsername = "defaultrole tester";
|
||||
newUser.setUsername(testUsername);
|
||||
setPasswordFor(newUser, PASSWORD);
|
||||
|
||||
Map<String,String> ldapConfig = ldapTestConfiguration.getLDAPConfig();
|
||||
|
||||
//addLdapProviderTest
|
||||
configure().userFederation();
|
||||
userFederationPage.addProvider("ldap");
|
||||
ldapUserProviderForm.configureLdap(ldapConfig.get(LDAPConstants.LDAP_PROVIDER), ldapConfig.get(LDAPConstants.EDIT_MODE), ldapConfig.get(LDAPConstants.VENDOR), ldapConfig.get(LDAPConstants.CONNECTION_URL), ldapConfig.get(LDAPConstants.USERS_DN), ldapConfig.get(LDAPConstants.BIND_DN), ldapConfig.get(LDAPConstants.BIND_CREDENTIAL));
|
||||
RealmRepresentation realm = testRealmResource().toRepresentation();
|
||||
UserFederationProviderRepresentation ufpr = realm.getUserFederationProviders().get(0);
|
||||
assertLdapProviderSetting(ufpr, "ldap", 0, WRITABLE, "false", "ad", "1", "true", "true", "false");
|
||||
assertLdapBasicMapping(ufpr, "cn", "cn", "objectGUID", "person, organizationalPerson, user",
|
||||
"ou=People,dc=keycloak,dc=org");
|
||||
assertLdapSyncSetings(ufpr, "1000", 0, 0);
|
||||
assertLdapKerberosSetings(ufpr, "KEYCLOAK.ORG", "HTTP/localhost@KEYCLOAK.ORG", "http.keytab", "true", "false");
|
||||
}
|
||||
|
||||
@Ignore
|
||||
@Test
|
||||
public void caseSensitiveSearch() {
|
||||
// This should fail for now due to case-sensitivity
|
||||
adminConsolePage.navigateTo();
|
||||
testRealmLoginPage.form().login("johnKeycloak", "Password1");
|
||||
assertTrue(flashMessage.getText(), flashMessage.isDanger());
|
||||
public void configureRhdsProvider() {
|
||||
createLdapUserProvider.navigateTo();
|
||||
createLdapUserProvider.form().selectVendor(RED_HAT_DIRECTORY_SERVER);
|
||||
createLdapUserProvider.form().setConsoleDisplayNameInput("ldap");
|
||||
createLdapUserProvider.form().selectEditMode(READ_ONLY);
|
||||
createLdapUserProvider.form().setLdapConnectionUrlInput("ldap://localhost:389");
|
||||
createLdapUserProvider.form().setLdapBindDnInput("uid=admin,ou=system");
|
||||
createLdapUserProvider.form().setLdapUserDnInput("ou=People,dc=keycloak,dc=org");
|
||||
createLdapUserProvider.form().setLdapBindCredentialInput("secret");
|
||||
createLdapUserProvider.form().save();
|
||||
assertFlashMessageSuccess();
|
||||
|
||||
RealmRepresentation realm = testRealmResource().toRepresentation();
|
||||
UserFederationProviderRepresentation ufpr = realm.getUserFederationProviders().get(0);
|
||||
assertLdapProviderSetting(ufpr, "ldap", 0, READ_ONLY, "false", "rhds", "1", "true", "true", "true");
|
||||
assertLdapBasicMapping(ufpr, "uid", "uid", "nsuniqueid", "inetOrgPerson, organizationalPerson",
|
||||
"ou=People,dc=keycloak,dc=org");
|
||||
assertLdapSyncSetings(ufpr, "1000", 0, 0);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void invalidSettingsTest() {
|
||||
createLdapUserProvider.navigateTo();
|
||||
createLdapUserProvider.form().selectVendor(ACTIVE_DIRECTORY);
|
||||
createLdapUserProvider.form().setConsoleDisplayNameInput("ldap");
|
||||
createLdapUserProvider.form().selectEditMode(UNSYNCED);
|
||||
createLdapUserProvider.form().setLdapBindDnInput("uid=admin,ou=system");
|
||||
createLdapUserProvider.form().setLdapUserDnInput("ou=People,dc=keycloak,dc=org");
|
||||
createLdapUserProvider.form().setLdapBindCredentialInput("secret");
|
||||
createLdapUserProvider.form().save();
|
||||
assertFlashMessageDanger();
|
||||
createLdapUserProvider.form().setLdapUserDnInput("");
|
||||
createLdapUserProvider.form().setLdapConnectionUrlInput("ldap://localhost:389");
|
||||
createLdapUserProvider.form().save();
|
||||
assertFlashMessageDanger();
|
||||
createLdapUserProvider.form().setLdapUserDnInput("ou=People,dc=keycloak,dc=org");
|
||||
createLdapUserProvider.form().setLdapBindDnInput("");
|
||||
createLdapUserProvider.form().save();
|
||||
assertFlashMessageDanger();
|
||||
createLdapUserProvider.form().setLdapBindDnInput("uid=admin,ou=system");
|
||||
createLdapUserProvider.form().setLdapBindCredentialInput("");
|
||||
createLdapUserProvider.form().save();
|
||||
assertFlashMessageDanger();
|
||||
createLdapUserProvider.form().setLdapBindCredentialInput("secret");
|
||||
createLdapUserProvider.form().save();
|
||||
assertFlashMessageSuccess();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testConnection() throws Exception {
|
||||
createLdapUserProvider.navigateTo();
|
||||
createLdapUserProvider.form().selectVendor("Other");
|
||||
createLdapUserProvider.form().setConsoleDisplayNameInput("ldap");
|
||||
createLdapUserProvider.form().selectEditMode(WRITABLE);
|
||||
createLdapUserProvider.form().setLdapConnectionUrlInput("ldap://localhost:10389");
|
||||
createLdapUserProvider.form().setLdapBindDnInput("uid=admin,ou=system");
|
||||
createLdapUserProvider.form().setLdapUserDnInput("ou=People,dc=keycloak,dc=org");
|
||||
createLdapUserProvider.form().setLdapBindCredentialInput("secret");
|
||||
createLdapUserProvider.form().setAccountAfterPasswordUpdateEnabled(true);
|
||||
createLdapUserProvider.form().save();
|
||||
assertFlashMessageSuccess();
|
||||
LDAPEmbeddedServer ldapServer = null;
|
||||
try {
|
||||
ldapServer = startEmbeddedLdapServer();
|
||||
createLdapUserProvider.form().testConnection();
|
||||
assertFlashMessageSuccess();
|
||||
createLdapUserProvider.form().testAuthentication();
|
||||
assertFlashMessageSuccess();
|
||||
createLdapUserProvider.form().synchronizeAllUsers();
|
||||
assertFlashMessageSuccess();
|
||||
createLdapUserProvider.form().setLdapBindCredentialInput("secret1");
|
||||
createLdapUserProvider.form().testAuthentication();
|
||||
assertFlashMessageDanger();
|
||||
} finally {
|
||||
if (ldapServer != null) {
|
||||
ldapServer.stop();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private void assertLdapProviderSetting(UserFederationProviderRepresentation ufpr, String name, int priority,
|
||||
String editMode, String syncRegistrations, String vendor, String searchScope, String connectionPooling,
|
||||
String pagination, String enableAccountAfterPasswordUpdate) {
|
||||
assertEquals(name, ufpr.getDisplayName());
|
||||
assertEquals(priority, ufpr.getPriority());
|
||||
assertEquals(editMode, ufpr.getConfig().get("editMode"));
|
||||
assertEquals(syncRegistrations, ufpr.getConfig().get("syncRegistrations"));
|
||||
assertEquals(vendor, ufpr.getConfig().get("vendor"));
|
||||
assertEquals(searchScope, ufpr.getConfig().get("searchScope"));
|
||||
assertEquals(connectionPooling, ufpr.getConfig().get("connectionPooling"));
|
||||
assertEquals(pagination, ufpr.getConfig().get("pagination"));
|
||||
assertEquals(enableAccountAfterPasswordUpdate, ufpr.getConfig().get("userAccountControlsAfterPasswordUpdate"));
|
||||
}
|
||||
|
||||
private void assertLdapBasicMapping(UserFederationProviderRepresentation ufpr, String usernameLdapAttribute,
|
||||
String rdnLdapAttr, String uuidLdapAttr, String userObjectClasses, String userDN) {
|
||||
assertEquals(usernameLdapAttribute, ufpr.getConfig().get("usernameLDAPAttribute"));
|
||||
assertEquals(rdnLdapAttr, ufpr.getConfig().get("rdnLDAPAttribute"));
|
||||
assertEquals(uuidLdapAttr, ufpr.getConfig().get("uuidLDAPAttribute"));
|
||||
assertEquals(userObjectClasses, ufpr.getConfig().get("userObjectClasses"));
|
||||
assertEquals(userDN, ufpr.getConfig().get("usersDn"));
|
||||
}
|
||||
|
||||
private void assertLdapKerberosSetings(UserFederationProviderRepresentation ufpr, String kerberosRealm,
|
||||
String serverPrincipal, String keyTab, String debug, String useKerberosForPasswordAuthentication) {
|
||||
assertEquals(kerberosRealm, ufpr.getConfig().get("kerberosRealm"));
|
||||
assertEquals(serverPrincipal, ufpr.getConfig().get("serverPrincipal"));
|
||||
assertEquals(keyTab, ufpr.getConfig().get("keyTab"));
|
||||
assertEquals(debug, ufpr.getConfig().get("debug"));
|
||||
assertEquals(useKerberosForPasswordAuthentication,
|
||||
ufpr.getConfig().get("useKerberosForPasswordAuthentication"));
|
||||
}
|
||||
|
||||
private void assertLdapSyncSetings(UserFederationProviderRepresentation ufpr, String batchSize,
|
||||
int periodicFullSync, int periodicChangedUsersSync) {
|
||||
assertEquals(batchSize, ufpr.getConfig().get("batchSizeForSync"));
|
||||
assertEquals(periodicFullSync, ufpr.getFullSyncPeriod());
|
||||
assertEquals(periodicChangedUsersSync, ufpr.getChangedSyncPeriod());
|
||||
}
|
||||
|
||||
private LDAPEmbeddedServer startEmbeddedLdapServer() throws Exception {
|
||||
Properties defaultProperties = new Properties();
|
||||
defaultProperties.setProperty(LDAPEmbeddedServer.PROPERTY_DSF, LDAPEmbeddedServer.DSF_INMEMORY);
|
||||
defaultProperties.setProperty(LDAPEmbeddedServer.PROPERTY_LDIF_FILE, "classpath:ldap/users.ldif");
|
||||
LDAPEmbeddedServer ldapEmbeddedServer = new LDAPEmbeddedServer(defaultProperties);
|
||||
ldapEmbeddedServer.init();
|
||||
ldapEmbeddedServer.start();
|
||||
return ldapEmbeddedServer;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
dn: dc=keycloak,dc=org
|
||||
objectclass: dcObject
|
||||
objectclass: organization
|
||||
o: Keycloak
|
||||
dc: Keycloak
|
||||
|
||||
dn: ou=People,dc=keycloak,dc=org
|
||||
objectclass: top
|
||||
objectclass: organizationalUnit
|
||||
ou: People
|
||||
|
||||
dn: ou=RealmRoles,dc=keycloak,dc=org
|
||||
objectclass: top
|
||||
objectclass: organizationalUnit
|
||||
ou: RealmRoles
|
||||
|
||||
dn: ou=FinanceRoles,dc=keycloak,dc=org
|
||||
objectclass: top
|
||||
objectclass: organizationalUnit
|
||||
ou: FinanceRoles
|
Loading…
Reference in a new issue