libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Remove ldapsOnly (console and docs)

Browse source 
Closes: #9313
This commit is contained in:
Hynek Mlnarik 2023-06-16 16:39:45 +02:00 committed by Hynek Mlnařík
parent c092c76ae8
commit b8149d66ca
8 changed files with 13 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
docs/documentation/server_admin/topics/admin-cli.adoc
View file

@ -1607,7 +1607,7 @@ $ kcadm.sh create components -r demorealm -s parentId=demorealmId -s id=demokerb
+
[options="nowrap"]
----
$ kcadm.sh create components -r demorealm -s name=kerberos-ldap-provider -s providerId=ldap -s providerType=org.keycloak.storage.UserStorageProvider -s parentId=3d9c572b-8f33-483f-98a6-8bb421667867 -s 'config.priority=["1"]' -s 'config.fullSyncPeriod=["-1"]' -s 'config.changedSyncPeriod=["-1"]' -s 'config.cachePolicy=["DEFAULT"]' -s config.evictionDay=[] -s config.evictionHour=[] -s config.evictionMinute=[] -s config.maxLifespan=[] -s 'config.batchSizeForSync=["1000"]' -s 'config.editMode=["WRITABLE"]' -s 'config.syncRegistrations=["false"]' -s 'config.vendor=["other"]' -s 'config.usernameLDAPAttribute=["uid"]' -s 'config.rdnLDAPAttribute=["uid"]' -s 'config.uuidLDAPAttribute=["entryUUID"]' -s 'config.userObjectClasses=["inetOrgPerson, organizationalPerson"]' -s 'config.connectionUrl=["ldap://localhost:10389"]' -s 'config.usersDn=["ou=People,dc=keycloak,dc=org"]' -s 'config.authType=["simple"]' -s 'config.bindDn=["uid=admin,ou=system"]' -s 'config.bindCredential=["secret"]' -s 'config.searchScope=["1"]' -s 'config.useTruststoreSpi=["ldapsOnly"]' -s 'config.connectionPooling=["true"]' -s 'config.pagination=["true"]' -s 'config.allowKerberosAuthentication=["true"]' -s 'config.serverPrincipal=["HTTP/localhost@KEYCLOAK.ORG"]' -s 'config.keyTab=["http.keytab"]' -s 'config.kerberosRealm=["KEYCLOAK.ORG"]' -s 'config.debug=["true"]' -s 'config.useKerberosForPasswordAuthentication=["true"]'
$ kcadm.sh create components -r demorealm -s name=kerberos-ldap-provider -s providerId=ldap -s providerType=org.keycloak.storage.UserStorageProvider -s parentId=3d9c572b-8f33-483f-98a6-8bb421667867 -s 'config.priority=["1"]' -s 'config.fullSyncPeriod=["-1"]' -s 'config.changedSyncPeriod=["-1"]' -s 'config.cachePolicy=["DEFAULT"]' -s config.evictionDay=[] -s config.evictionHour=[] -s config.evictionMinute=[] -s config.maxLifespan=[] -s 'config.batchSizeForSync=["1000"]' -s 'config.editMode=["WRITABLE"]' -s 'config.syncRegistrations=["false"]' -s 'config.vendor=["other"]' -s 'config.usernameLDAPAttribute=["uid"]' -s 'config.rdnLDAPAttribute=["uid"]' -s 'config.uuidLDAPAttribute=["entryUUID"]' -s 'config.userObjectClasses=["inetOrgPerson, organizationalPerson"]' -s 'config.connectionUrl=["ldap://localhost:10389"]' -s 'config.usersDn=["ou=People,dc=keycloak,dc=org"]' -s 'config.authType=["simple"]' -s 'config.bindDn=["uid=admin,ou=system"]' -s 'config.bindCredential=["secret"]' -s 'config.searchScope=["1"]' -s 'config.useTruststoreSpi=["always"]' -s 'config.connectionPooling=["true"]' -s 'config.pagination=["true"]' -s 'config.allowKerberosAuthentication=["true"]' -s 'config.serverPrincipal=["HTTP/localhost@KEYCLOAK.ORG"]' -s 'config.keyTab=["http.keytab"]' -s 'config.kerberosRealm=["KEYCLOAK.ORG"]' -s 'config.debug=["true"]' -s 'config.useKerberosForPasswordAuthentication=["true"]'
----
[discrete]
@ -1662,7 +1662,7 @@ For example:
+
[options="nowrap"]
----
$ kcadm.sh create testLDAPConnection -s action=testConnection -s bindCredential=secret -s bindDn=uid=admin,ou=system -s connectionUrl=ldap://localhost:10389 -s useTruststoreSpi=ldapsOnly
$ kcadm.sh create testLDAPConnection -s action=testConnection -s bindCredential=secret -s bindDn=uid=admin,ou=system -s connectionUrl=ldap://localhost:10389 -s useTruststoreSpi=always
----
[discrete]
@ -1676,7 +1676,7 @@ For example:
+
[options="nowrap"]
----
$ kcadm.sh create testLDAPConnection -s action=testAuthentication -s bindCredential=secret -s bindDn=uid=admin,ou=system -s connectionUrl=ldap://localhost:10389 -s useTruststoreSpi=ldapsOnly
$ kcadm.sh create testLDAPConnection -s action=testAuthentication -s bindCredential=secret -s bindDn=uid=admin,ou=system -s connectionUrl=ldap://localhost:10389 -s useTruststoreSpi=always
----

4
js/apps/admin-ui/cypress/e2e/user_fed_ldap_hardcoded_mapper_test.spec.ts
View file

@ -29,7 +29,7 @@ const ldapVendor = "Active Directory";
// connection and authentication settings
const connectionUrlValid = "ldap://localhost:3004";
const bindTypeSimple = "simple";
const truststoreSpiOnlyLdaps = "Only for ldaps";
const truststoreSpiAlways = "Always";
const connectionTimeoutTwoSecs = "2000";
const bindDnCnDc = "cn=user,dc=test";
const bindCredsValid = "user";
@ -93,7 +93,7 @@ describe("User Fed LDAP mapper tests", () => {
providersPage.fillLdapConnectionData(
connectionUrlValid,
bindTypeSimple,
truststoreSpiOnlyLdaps,
truststoreSpiAlways,
connectionTimeoutTwoSecs,
bindDnCnDc,
bindCredsValid

4
js/apps/admin-ui/cypress/e2e/user_fed_ldap_mapper_test.spec.ts
View file

@ -23,7 +23,7 @@ const ldapVendor = "Active Directory";
// connection and authentication settings
const connectionUrlValid = "ldap://localhost:3004";
const bindTypeSimple = "simple";
const truststoreSpiOnlyLdaps = "Only for ldaps";
const truststoreSpiAlways = "Always";
const connectionTimeoutTwoSecs = "2000";
const bindDnCnDc = "cn=user,dc=test";
const bindCredsValid = "user";
@ -96,7 +96,7 @@ describe("User Fed LDAP mapper tests", () => {
providersPage.fillLdapConnectionData(
connectionUrlValid,
bindTypeSimple,
truststoreSpiOnlyLdaps,
truststoreSpiAlways,
connectionTimeoutTwoSecs,
bindDnCnDc,
bindCredsValid

4
js/apps/admin-ui/cypress/e2e/user_fed_ldap_test.spec.ts
View file

@ -23,7 +23,7 @@ const updatedLdapName = `${firstLdapName}-updated`;
// connection and authentication settings
const connectionUrlValid = "ldap://localhost:3004";
const bindTypeSimple = "simple";
const truststoreSpiOnlyLdaps = "Only for ldaps";
const truststoreSpiAlways = "Always";
const connectionTimeoutTwoSecs = "2000";
const bindDnCnDc = "cn=user,dc=test";
const bindCredsValid = "user";
@ -269,7 +269,7 @@ describe("User Federation LDAP tests", () => {
providersPage.fillLdapConnectionData(
connectionUrlValid,
bindTypeSimple,
truststoreSpiOnlyLdaps,
truststoreSpiAlways,
connectionTimeoutTwoSecs,
bindDnCnDc,
bindCredsValid

2
js/apps/admin-ui/public/locales/en/user-federation-help.json
View file

@ -7,7 +7,7 @@
"ldapConnectionAndAuthorizationSettingsDescription": "This section contains options related to the configuration of the connection to the LDAP server. It also contains options related to authentication of the LDAP connection to the LDAP server.",
"consoleDisplayConnectionUrlHelp": "Connection URL to your LDAP server",
"enableStartTlsHelp": "Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling",
"useTruststoreSpiHelp": "Specifies whether LDAP connection will use the Truststore SPI with the truststore configured in standalone.xml/domain.sml. 'Always' means that it will always use it. 'Never' means that it will not use it. 'Only for ldaps' means that it will use it if your connection URL use ldaps. Note that even if standalone.xml/domain.xml is not configured, the default java cacerts or certificate specified by 'javax.net.ssl.trustStore' property will be used.",
"useTruststoreSpiHelp": "Specifies whether LDAP connection will use the Truststore SPI with the truststore configured in command-line options. 'Always' means that it will always use it. 'Never' means that it will not use it. Note that even if Keycloak truststore is not configured, the default java cacerts or certificate specified by 'javax.net.ssl.trustStore' property will be used.",
"connectionPoolingHelp": "Determines if Keycloak should use connection pooling for accessing LDAP server.",
"connectionTimeoutHelp": "LDAP connection timeout in milliseconds",
"bindTypeHelp": "Type of the authentication method used during LDAP bind operation. It is used in most of the requests sent to the LDAP server. Currently only 'none' (anonymous LDAP authentication) or 'simple' (bind credential + bind password authentication) mechanisms are available.",

1
js/apps/admin-ui/public/locales/en/user-federation.json
View file

@ -71,7 +71,6 @@
"updateFirstLogin": "Update first login",
"always": "Always",
"never": "Never",
"onlyLdaps": "Only for ldaps",
"oneLevel": "One Level",
"subtree": "Subtree",
"saveSuccess": "User federation provider successfully saved",

3
js/apps/admin-ui/src/user-federation/ldap/LdapSettingsConnection.tsx
View file

@ -183,7 +183,7 @@ export const LdapSettingsConnection = ({
<Controller
name="config.useTruststoreSpi[0]"
control={form.control}
defaultValue="ldapsOnly"
defaultValue="always"
render={({ field }) => (
<Select
toggleId="kc-use-truststore-spi"
@ -198,7 +198,6 @@ export const LdapSettingsConnection = ({
selections={field.value}
>
<SelectOption value="always">{t("always")}</SelectOption>
<SelectOption value="ldapsOnly">{t("onlyLdaps")}</SelectOption>
<SelectOption value="never">{t("never")}</SelectOption>
</Select>
)}

4
js/libs/keycloak-admin-client/test/realms.spec.ts
View file

@ -413,7 +413,7 @@ describe("Realms", () => {
connectionTimeout: "",
connectionUrl: "1",
startTls: "",
useTruststoreSpi: "ldapsOnly",
useTruststoreSpi: "always",
}
);
fail("exception should have been thrown");
@ -455,7 +455,7 @@ describe("Realms", () => {
connectionTimeout: "",
connectionUrl: "1",
startTls: "",
useTruststoreSpi: "ldapsOnly",
useTruststoreSpi: "always",
}
);
fail("exception should have been thrown");