keycloak-aplcache
Changes
model/tests/src/test/resources/ldap/users.ldif 21(+10 -11)
spi/authentication-picketlink/src/main/java/org/keycloak/spi/authentication/picketlink/PicketlinkAuthenticationProvider.java 3(+1 -2)
Details
diff --git a/model/tests/src/main/java/org/keycloak/model/test/LdapTestUtils.java b/model/tests/src/main/java/org/keycloak/model/test/LdapTestUtils.java
new file mode 100644
index 0000000..616c600
--- /dev/null
+++ b/model/tests/src/main/java/org/keycloak/model/test/LdapTestUtils.java
@@ -0,0 +1,33 @@
+package org.keycloak.model.test;
+
+import org.jboss.resteasy.spi.ResteasyProviderFactory;
+import org.keycloak.models.RealmModel;
+import org.keycloak.spi.authentication.picketlink.PicketlinkAuthenticationProvider;
+import org.keycloak.util.KeycloakRegistry;
+import org.picketlink.idm.IdentityManager;
+import org.picketlink.idm.credential.Password;
+import org.picketlink.idm.model.basic.BasicModel;
+import org.picketlink.idm.model.basic.User;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class LdapTestUtils {
+
+ public static void setLdapPassword(RealmModel realm, String username, String password) {
+ // TODO: Workaround... should be improved once we have KeycloakSession with available application-scoped components
+ KeycloakRegistry registry = ResteasyProviderFactory.getContextData(KeycloakRegistry.class);
+ if (registry == null) {
+ ResteasyProviderFactory.pushContext(KeycloakRegistry.class, new KeycloakRegistry());
+ }
+
+ // Update password directly in ldap. It's workaround, but LDIF import doesn't seem to work on windows for ApacheDS
+ try {
+ IdentityManager identityManager = new PicketlinkAuthenticationProvider().getIdentityManager(realm);
+ User user = BasicModel.getUser(identityManager, username);
+ identityManager.updateCredential(user, new Password(password.toCharArray()));
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+}
diff --git a/model/tests/src/test/java/org/keycloak/model/test/AuthProvidersLDAPTest.java b/model/tests/src/test/java/org/keycloak/model/test/AuthProvidersLDAPTest.java
index 06a498c..96157fe 100644
--- a/model/tests/src/test/java/org/keycloak/model/test/AuthProvidersLDAPTest.java
+++ b/model/tests/src/test/java/org/keycloak/model/test/AuthProvidersLDAPTest.java
@@ -71,17 +71,20 @@ public class AuthProvidersLDAPTest extends AbstractModelTest {
public void testLdapAuthentication() {
MultivaluedMap<String, String> formData = AuthProvidersExternalModelTest.createFormData("john", "password");
- // Verify that user doesn't exists in realm2 and can't authenticate here
- Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, am.authenticateForm(realm, formData));
- Assert.assertNull(realm.getUser("john"));
-
- // Add ldap authenticationProvider
- setupAuthenticationProviders();
-
try {
// this is needed for Picketlink model provider
ResteasyProviderFactory.pushContext(KeycloakRegistry.class, new KeycloakRegistry());
+ // Set password of user in LDAP
+ LdapTestUtils.setLdapPassword(realm, "john", "password");
+
+ // Verify that user doesn't exists in realm2 and can't authenticate here
+ Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, am.authenticateForm(realm, formData));
+ Assert.assertNull(realm.getUser("john"));
+
+ // Add ldap authenticationProvider
+ setupAuthenticationProviders();
+
// Authenticate john and verify that now he exists in realm
Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, am.authenticateForm(realm, formData));
UserModel john = realm.getUser("john");
model/tests/src/test/resources/ldap/users.ldif 21(+10 -11)
diff --git a/model/tests/src/test/resources/ldap/users.ldif b/model/tests/src/test/resources/ldap/users.ldif
index 9f72f65..8ba3a98 100644
--- a/model/tests/src/test/resources/ldap/users.ldif
+++ b/model/tests/src/test/resources/ldap/users.ldif
@@ -9,16 +9,6 @@ objectclass: top
objectclass: organizationalUnit
ou: People
-dn: ou=Roles,dc=keycloak,dc=org
-objectclass: top
-objectclass: organizationalUnit
-ou: Roles
-
-dn: ou=Groups,dc=keycloak,dc=org
-objectclass: top
-objectclass: organizationalUnit
-ou: Groups
-
dn: uid=john,ou=People,dc=keycloak,dc=org
objectclass: top
objectclass: uidObject
@@ -28,4 +18,13 @@ uid: john
cn: John
sn: Doe
mail: john@email.org
-userPassword: password
\ No newline at end of file
+
+dn: ou=Roles,dc=keycloak,dc=org
+objectclass: top
+objectclass: organizationalUnit
+ou: Roles
+
+dn: ou=Groups,dc=keycloak,dc=org
+objectclass: top
+objectclass: organizationalUnit
+ou: Groups
\ No newline at end of file
diff --git a/spi/authentication-picketlink/src/main/java/org/keycloak/spi/authentication/picketlink/PicketlinkAuthenticationProvider.java b/spi/authentication-picketlink/src/main/java/org/keycloak/spi/authentication/picketlink/PicketlinkAuthenticationProvider.java
index 2e9375d..9d87e76 100644
--- a/spi/authentication-picketlink/src/main/java/org/keycloak/spi/authentication/picketlink/PicketlinkAuthenticationProvider.java
+++ b/spi/authentication-picketlink/src/main/java/org/keycloak/spi/authentication/picketlink/PicketlinkAuthenticationProvider.java
@@ -48,7 +48,6 @@ public class PicketlinkAuthenticationProvider implements AuthenticationProvider
credential.setUsername(username);
credential.setPassword(new Password(password.toCharArray()));
identityManager.validateCredentials(credential);
-
if (credential.getStatus() == Credentials.Status.VALID) {
AuthResult result = new AuthResult(AuthProviderStatus.SUCCESS);
@@ -76,7 +75,7 @@ public class PicketlinkAuthenticationProvider implements AuthenticationProvider
return true;
}
- protected IdentityManager getIdentityManager(RealmModel realm) throws AuthenticationProviderException {
+ public IdentityManager getIdentityManager(RealmModel realm) throws AuthenticationProviderException {
IdentityManager identityManager = ResteasyProviderFactory.getContextData(IdentityManager.class);
if (identityManager == null) {
Iterable<PartitionManagerProvider> providers = ProviderLoader.load(PartitionManagerProvider.class);
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AuthProvidersIntegrationTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AuthProvidersIntegrationTest.java
index 254e6d0..f952046 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AuthProvidersIntegrationTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/AuthProvidersIntegrationTest.java
@@ -14,6 +14,7 @@ import org.junit.rules.RuleChain;
import org.junit.rules.TestRule;
import org.junit.runners.MethodSorters;
import org.keycloak.OAuth2Constants;
+import org.keycloak.model.test.LdapTestUtils;
import org.keycloak.models.AuthenticationProviderModel;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
@@ -51,15 +52,16 @@ public class AuthProvidersIntegrationTest {
AuthenticationProviderModel modelProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_MODEL, false, Collections.EMPTY_MAP);
AuthenticationProviderModel picketlinkProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_PICKETLINK, true, Collections.EMPTY_MAP);
- // Configure LDAP
- ldapRule.getEmbeddedServer().setupLdapInRealm(appRealm);
-
// Delegate authentication to admin realm
Map<String,String> config = new HashMap<String,String>();
config.put(AuthProviderConstants.EXTERNAL_REALM_ID, adminstrationRealm.getId());
AuthenticationProviderModel externalModelProvider = new AuthenticationProviderModel(AuthProviderConstants.PROVIDER_NAME_EXTERNAL_MODEL, true, config);
appRealm.setAuthenticationProviders(Arrays.asList(modelProvider, picketlinkProvider, externalModelProvider));
+
+ // Configure LDAP
+ ldapRule.getEmbeddedServer().setupLdapInRealm(appRealm);
+ LdapTestUtils.setLdapPassword(appRealm, "john", "password");
}
});
diff --git a/testsuite/integration/src/test/resources/ldap/users.ldif b/testsuite/integration/src/test/resources/ldap/users.ldif
index 9f72f65..76295d3 100644
--- a/testsuite/integration/src/test/resources/ldap/users.ldif
+++ b/testsuite/integration/src/test/resources/ldap/users.ldif
@@ -28,4 +28,3 @@ uid: john
cn: John
sn: Doe
mail: john@email.org
-userPassword: password
\ No newline at end of file