KEYCLOAK-12265 Move KerberosEmbeddedServer to testsuite
This commit is contained in:
parent
a080111515
commit
c5d5423cd3
10 changed files with 19 additions and 13 deletions
|
@ -27,6 +27,12 @@ To build only the server run:
|
|||
|
||||
mvn -Pdistribution -pl distribution/server-dist -am -Dmaven.test.skip clean install
|
||||
|
||||
---
|
||||
**NOTE**
|
||||
|
||||
Classes from `org.keycloak.testsuite.*` packages aren't suitable to be used in production.
|
||||
|
||||
---
|
||||
|
||||
## Starting Keycloak
|
||||
|
||||
|
|
|
@ -31,11 +31,6 @@ You can also move the file to another location if you want.
|
|||
and configured LDAP federation provider with Kerberos/SPNEGO authentication support enabled and with `gss delegation credential` protocol mapper
|
||||
added to the application.
|
||||
|
||||
**WARNING:** It's recommended to use JDK8 to run Keycloak server. For JDK7 you may be faced with the bug described [here](http://darranl.blogspot.cz/2014/09/kerberos-encrypteddata-null-key-keytype.html) .
|
||||
Alternatively you can use OpenJDK7 but in this case you will need to use aes256-cts-hmac-sha1-96 for both KDC and Kerberos client configuration. For server,
|
||||
you can add system property to the command when running ApacheDS Kerberos server `-Dkerberos.encTypes=aes256-cts-hmac-sha1-96` (see below) and for
|
||||
client add encryption types to configuration file like `/etc/krb5.conf` (but they should be already available. See below).
|
||||
|
||||
Also if you are on Linux, make sure that record like:
|
||||
```
|
||||
127.0.0.1 localhost
|
||||
|
@ -51,6 +46,8 @@ See [this file](../../testsuite/integration-arquillian/tests/base/src/test/resou
|
|||
On OS X the file to edit (or create) is `/Library/Preferences/edu.mit.Kerberos` with the same syntax as `krb5.conf`.
|
||||
On Windows the file to edit (or create) is `c:\Windows\krb5.ini` with the same syntax as `krb5.conf`.
|
||||
|
||||
**WARNING**: `test-krb5.conf` is just a sample configuration which contains insecure algorithms. Therefore it shouldn't be used in production.
|
||||
|
||||
**6)** Run ApacheDS based LDAP server. You can run the command like this (assuming you're in the `kerberos` directory with this example):
|
||||
|
||||
```
|
||||
|
@ -61,6 +58,8 @@ This will also automatically import the LDIF from `kerberos-example-users.ldif`
|
|||
|
||||
A bit more details about embedded Kerberos server in [Executing Tests](https://github.com/keycloak/keycloak/blob/master/docs/tests.md#kerberos-server).
|
||||
|
||||
**WARNING**: ApacheDS kerberos server shouldn't be used in production.
|
||||
|
||||
|
||||
**7)** Configure browser (Firefox, Chrome or other) and enable SPNEGO authentication and credential delegation for `localhost` .
|
||||
Consult the documentation of your browser and OS on how to do it. For example in Firefox it can be done by adding `localhost` to
|
||||
|
|
|
@ -96,7 +96,7 @@
|
|||
<groupId>org.codehaus.mojo</groupId>
|
||||
<artifactId>exec-maven-plugin</artifactId>
|
||||
<configuration>
|
||||
<mainClass>org.keycloak.util.ldap.KerberosEmbeddedServer</mainClass>
|
||||
<mainClass>org.keycloak.testsuite.KerberosEmbeddedServer</mainClass>
|
||||
<classpathScope>test</classpathScope>
|
||||
<systemProperties>
|
||||
<systemProperty>
|
||||
|
|
|
@ -23,7 +23,7 @@ import java.util.Properties;
|
|||
|
||||
import org.jboss.logging.Logger;
|
||||
import org.keycloak.testsuite.client.resources.TestingResource;
|
||||
import org.keycloak.util.ldap.KerberosEmbeddedServer;
|
||||
import org.keycloak.testsuite.KerberosEmbeddedServer;
|
||||
import org.keycloak.util.ldap.LDAPEmbeddedServer;
|
||||
|
||||
/**
|
||||
|
|
|
@ -28,7 +28,7 @@ import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
|||
import org.keycloak.storage.ldap.kerberos.LDAPProviderKerberosConfig;
|
||||
import org.keycloak.testsuite.Assert;
|
||||
import org.keycloak.testsuite.util.KerberosRule;
|
||||
import org.keycloak.util.ldap.KerberosEmbeddedServer;
|
||||
import org.keycloak.testsuite.KerberosEmbeddedServer;
|
||||
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@ import org.keycloak.storage.UserStorageProvider;
|
|||
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
|
||||
import org.keycloak.storage.ldap.kerberos.LDAPProviderKerberosConfig;
|
||||
import org.keycloak.testsuite.util.KerberosRule;
|
||||
import org.keycloak.util.ldap.KerberosEmbeddedServer;
|
||||
import org.keycloak.testsuite.KerberosEmbeddedServer;
|
||||
|
||||
/**
|
||||
* Test for the LDAPStorageProvider with kerberos enabled (kerberos with LDAP integration)
|
||||
|
|
|
@ -26,7 +26,7 @@ import org.keycloak.federation.kerberos.KerberosConfig;
|
|||
import org.keycloak.federation.kerberos.KerberosFederationProviderFactory;
|
||||
import org.keycloak.representations.idm.ComponentRepresentation;
|
||||
import org.keycloak.testsuite.util.KerberosRule;
|
||||
import org.keycloak.util.ldap.KerberosEmbeddedServer;
|
||||
import org.keycloak.testsuite.KerberosEmbeddedServer;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
|
|
|
@ -38,7 +38,7 @@ import org.keycloak.storage.UserStorageProvider;
|
|||
import org.keycloak.testsuite.ActionURIUtils;
|
||||
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
|
||||
import org.keycloak.testsuite.util.KerberosRule;
|
||||
import org.keycloak.util.ldap.KerberosEmbeddedServer;
|
||||
import org.keycloak.testsuite.KerberosEmbeddedServer;
|
||||
|
||||
/**
|
||||
* Test for the KerberosFederationProvider (kerberos without LDAP integration)
|
||||
|
|
|
@ -324,7 +324,7 @@
|
|||
<groupId>org.codehaus.mojo</groupId>
|
||||
<artifactId>exec-maven-plugin</artifactId>
|
||||
<configuration>
|
||||
<mainClass>org.keycloak.util.ldap.KerberosEmbeddedServer</mainClass>
|
||||
<mainClass>org.keycloak.testsuite.KerberosEmbeddedServer</mainClass>
|
||||
<classpathScope>test</classpathScope>
|
||||
</configuration>
|
||||
</plugin>
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.util.ldap;
|
||||
package org.keycloak.testsuite;
|
||||
|
||||
import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;
|
||||
import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
|
||||
|
@ -35,6 +35,7 @@ import org.apache.directory.shared.kerberos.KerberosTime;
|
|||
import org.apache.directory.shared.kerberos.KerberosUtils;
|
||||
import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
|
||||
import org.jboss.logging.Logger;
|
||||
import org.keycloak.util.ldap.LDAPEmbeddedServer;
|
||||
|
||||
import javax.security.auth.kerberos.KerberosPrincipal;
|
||||
import java.io.IOException;
|
Loading…
Reference in a new issue