libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Testing ldap connection should not process or bind the credentials (#31081)

Browse source 
Closes #30821

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Pedro Igor 2024-07-08 08:58:02 -03:00 committed by GitHub
parent cbf7f208fb
commit ead1b4a851
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
federation/ldap/src/main/java/org/keycloak/services/managers/LDAPServerCapabilitiesManager.java
View file

@ -67,7 +67,7 @@ public class LDAPServerCapabilitiesManager {
public static LDAPConfig buildLDAPConfig(TestLdapConnectionRepresentation config, RealmModel realm) {
String bindCredential = config.getBindCredential();
if (config.getComponentId() != null && !LDAPConstants.AUTH_TYPE.equals(LDAPConstants.AUTH_TYPE_NONE)
if (config.getComponentId() != null && !LDAPConstants.AUTH_TYPE_NONE.equals(config.getAuthType())
&& ComponentRepresentation.SECRET_VALUE.equals(bindCredential)) {
// check the connection URL and the bind DN are the same to allow using the same configured password
ComponentModel component = realm.getComponent(config.getComponentId());

10
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationLdapConnectionTest.java
View file

@ -48,7 +48,7 @@ public class UserFederationLdapConnectionTest extends AbstractAdminTest {
public static LDAPRule ldapRule = new LDAPRule();
@Test
public void testLdapConnections1() {
public void testLdapConnections() {
// Unknown action
Response response = realm.testLDAPConnection(new TestLdapConnectionRepresentation("unknown", "ldap://localhost:10389", "foo", "bar", "false", null));
assertStatus(response, 400);
@ -61,6 +61,14 @@ public class UserFederationLdapConnectionTest extends AbstractAdminTest {
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_CONNECTION, "ldap://localhost:10389", null, null, "false", null, "false", LDAPConstants.AUTH_TYPE_NONE));
assertStatus(response, 204);
// Connection success with invalid credentials
String ldapModelId = testingClient.testing().ldap(REALM_NAME).createLDAPProvider(ldapRule.getConfig(), false);
getCleanup().addCleanup(() -> {
adminClient.realm(REALM_NAME).components().removeComponent(ldapModelId);;
});
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_CONNECTION, "ldap://localhost:10389", "invalid-db", ComponentRepresentation.SECRET_VALUE, "false", null, "false", LDAPConstants.AUTH_TYPE_SIMPLE, ldapModelId));
assertStatus(response, 204);
// Bad authentication
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_AUTHENTICATION, "ldap://localhost:10389", "foo", "bar", "false", "10000"));
assertStatus(response, 400);