keycloak-aplcache
Changes
federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProviderFactory.java 17(+17 -0)
Details
diff --git a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProviderFactory.java b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProviderFactory.java
index a33a0f1..92bd48e 100755
--- a/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProviderFactory.java
+++ b/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/KerberosFederationProviderFactory.java
@@ -24,14 +24,18 @@ import org.keycloak.component.ComponentModel;
import org.keycloak.federation.kerberos.impl.KerberosServerSubjectAuthenticator;
import org.keycloak.federation.kerberos.impl.KerberosUsernamePasswordAuthenticator;
import org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator;
+import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.LDAPConstants;
+import org.keycloak.models.RealmModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderConfigurationBuilder;
+import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageProviderFactory;
import org.keycloak.storage.UserStorageProviderModel;
+import org.keycloak.utils.CredentialHelper;
import java.util.List;
@@ -139,4 +143,17 @@ public class KerberosFederationProviderFactory implements UserStorageProviderFac
protected KerberosUsernamePasswordAuthenticator createKerberosUsernamePasswordAuthenticator(CommonKerberosConfig kerberosConfig) {
return new KerberosUsernamePasswordAuthenticator(kerberosConfig);
}
+
+ @Override
+ public void onCreate(KeycloakSession session, RealmModel realm, ComponentModel model) {
+ CredentialHelper.setOrReplaceAuthenticationRequirement(session, realm, CredentialRepresentation.KERBEROS,
+ AuthenticationExecutionModel.Requirement.ALTERNATIVE, AuthenticationExecutionModel.Requirement.DISABLED);
+ }
+
+ @Override
+ public void onUpdate(KeycloakSession session, RealmModel realm, ComponentModel model) {
+ CredentialHelper.setOrReplaceAuthenticationRequirement(session, realm, CredentialRepresentation.KERBEROS,
+ AuthenticationExecutionModel.Requirement.ALTERNATIVE, AuthenticationExecutionModel.Requirement.DISABLED);
+ }
+
}
diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java
index 09a4aba..051ed55 100755
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java
@@ -26,6 +26,7 @@ import org.keycloak.federation.kerberos.CommonKerberosConfig;
import org.keycloak.federation.kerberos.impl.KerberosServerSubjectAuthenticator;
import org.keycloak.federation.kerberos.impl.KerberosUsernamePasswordAuthenticator;
import org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator;
+import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.KeycloakSessionTask;
@@ -36,6 +37,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderConfigurationBuilder;
+import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageProviderFactory;
import org.keycloak.storage.UserStorageProviderModel;
@@ -52,6 +54,7 @@ import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapperFactory;
import org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapperFactory;
import org.keycloak.storage.user.ImportSynchronization;
import org.keycloak.storage.user.SynchronizationResult;
+import org.keycloak.utils.CredentialHelper;
import java.util.Date;
import java.util.List;
@@ -318,9 +321,19 @@ public class LDAPStorageProviderFactory implements UserStorageProviderFactory<LD
mapperModel = KeycloakModelUtils.createComponentModel("MSAD account controls", model.getId(), MSADUserAccountControlStorageMapperFactory.PROVIDER_ID,LDAPStorageMapper.class.getName());
realm.addComponentModel(mapperModel);
}
+ checkKerberosCredential(session, realm, model);
}
@Override
+ public void onUpdate(KeycloakSession session, RealmModel realm, ComponentModel model) {
+ checkKerberosCredential(session, realm, model);
+
+ }
+
+
+
+
+ @Override
public SynchronizationResult sync(KeycloakSessionFactory sessionFactory, String realmId, UserStorageProviderModel model) {
syncMappers(sessionFactory, realmId, model);
@@ -521,4 +534,15 @@ public class LDAPStorageProviderFactory implements UserStorageProviderFactory<LD
protected KerberosUsernamePasswordAuthenticator createKerberosUsernamePasswordAuthenticator(CommonKerberosConfig kerberosConfig) {
return new KerberosUsernamePasswordAuthenticator(kerberosConfig);
}
-}
+
+ public static boolean checkKerberosCredential(KeycloakSession session, RealmModel realm, ComponentModel model) {
+ String allowKerberosCfg = model.getConfig().getFirst(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION);
+ if (Boolean.valueOf(allowKerberosCfg)) {
+ CredentialHelper.setOrReplaceAuthenticationRequirement(session, realm, CredentialRepresentation.KERBEROS,
+ AuthenticationExecutionModel.Requirement.ALTERNATIVE, AuthenticationExecutionModel.Requirement.DISABLED);
+ return true;
+ }
+ return false;
+ }
+
+ }
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserStorageRestTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserStorageRestTest.java
index 9d5fdb6..15f0564 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserStorageRestTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserStorageRestTest.java
@@ -17,277 +17,339 @@
package org.keycloak.testsuite.admin;
-import org.junit.Ignore;
+import org.junit.Test;
+import org.keycloak.common.constants.KerberosConstants;
+import org.keycloak.common.util.MultivaluedHashMap;
+import org.keycloak.events.admin.OperationType;
+import org.keycloak.events.admin.ResourceType;
+import org.keycloak.models.AuthenticationExecutionModel;
+import org.keycloak.models.LDAPConstants;
+import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation;
+import org.keycloak.representations.idm.ComponentRepresentation;
+import org.keycloak.storage.UserStorageProvider;
+import org.keycloak.testsuite.Assert;
+import org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest;
+import org.keycloak.testsuite.util.AdminEventPaths;
+
+import javax.ws.rs.BadRequestException;
+import javax.ws.rs.core.Response;
+import java.util.List;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
-@Ignore
public class UserStorageRestTest extends AbstractAdminTest {
-/*
- @Test
- public void testProviderFactories() {
- List<UserFederationProviderFactoryRepresentation> providerFactories = userFederation().getProviderFactories();
- Assert.assertNames(providerFactories, "ldap", "kerberos", "dummy", "dummy-configurable");
+ private AuthenticationExecutionInfoRepresentation findKerberosExecution() {
+ AuthenticationExecutionInfoRepresentation kerberosExecution = null;
+ List<AuthenticationExecutionInfoRepresentation> executionReps = realm.flows().getExecutions("browser");
+ kerberosExecution = AbstractAuthenticationTest.findExecutionByProvider("auth-spnego", executionReps);
- // Builtin provider without properties
- UserFederationProviderFactoryRepresentation ldapProvider = userFederation().getProviderFactory("ldap");
- Assert.assertEquals(ldapProvider.getId(), "ldap");
- Assert.assertEquals(0, ldapProvider.getOptions().size());
+ Assert.assertNotNull(kerberosExecution);
+ return kerberosExecution;
+ }
- // Configurable through the "old-way" options
- UserFederationProviderFactoryRepresentation dummyProvider = userFederation().getProviderFactory("dummy");
- Assert.assertEquals(dummyProvider.getId(), "dummy");
- Assert.assertNames(new LinkedList<>(dummyProvider.getOptions()), "important.config");
+ private String createComponent(ComponentRepresentation rep) {
+ Response resp = realm.components().add(rep);
+ Assert.assertEquals(201, resp.getStatus());
+ resp.close();
+ String id = ApiUtil.getCreatedId(resp);
- // Configurable through the "new-way" ConfiguredProvider
- UserFederationProviderFactoryRepresentation dummyConfiguredProvider = userFederation().getProviderFactory("dummy-configurable");
- Assert.assertEquals(dummyConfiguredProvider.getId(), "dummy-configurable");
- Assert.assertTrue(dummyConfiguredProvider.getOptions() == null || dummyConfiguredProvider.getOptions().isEmpty());
- Assert.assertEquals("Dummy User Federation Provider Help Text", dummyConfiguredProvider.getHelpText());
- Assert.assertEquals(2, dummyConfiguredProvider.getProperties().size());
- Assert.assertProviderConfigProperty(dummyConfiguredProvider.getProperties().get(0), "prop1", "Prop1", "prop1Default", "Prop1 HelpText", ProviderConfigProperty.STRING_TYPE);
- Assert.assertProviderConfigProperty(dummyConfiguredProvider.getProperties().get(1), "prop2", "Prop2", "true", "Prop2 HelpText", ProviderConfigProperty.BOOLEAN_TYPE);
+ assertAdminEvents.clear();
+ return id;
+ }
- try {
- userFederation().getProviderFactory("not-existent");
- Assert.fail("Not expected to find not-existent provider");
- } catch (NotFoundException nfe) {
- // Expected
- }
+ private void removeComponent(String id) {
+ realm.components().component(id).remove();
+ assertAdminEvents.clear();
}
- private UserFederationProvidersResource userFederation() {
- return null;//realm.userFederation();
+ private void assertFederationProvider(ComponentRepresentation rep, String id, String displayName, String providerId,
+ String... config) {
+ Assert.assertEquals(id, rep.getId());
+ Assert.assertEquals(displayName, rep.getName());
+ Assert.assertEquals(providerId, rep.getProviderId());
+
+ Assert.assertMultivaluedMap(rep.getConfig(), config);
}
@Test
- public void testCreateProvider() {
- // create provider without configuration and displayName
- UserFederationProviderRepresentation dummyRep1 = UserFederationProviderBuilder.create()
- .providerName("dummy")
- .displayName("")
- .priority(2)
- .fullSyncPeriod(1000)
- .changedSyncPeriod(500)
- .lastSync(123)
- .build();
+ public void testKerberosAuthenticatorEnabledAutomatically() {
+ // Assert kerberos authenticator DISABLED
+ AuthenticationExecutionInfoRepresentation kerberosExecution = findKerberosExecution();
+ Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.DISABLED.toString());
- String id1 = createUserFederationProvider(dummyRep1);
+ // create LDAP provider with kerberos
+ ComponentRepresentation ldapRep = new ComponentRepresentation();
+ ldapRep.setName("ldap2");
+ ldapRep.setProviderId("ldap");
+ ldapRep.setProviderType(UserStorageProvider.class.getName());
+ ldapRep.setConfig(new MultivaluedHashMap<>());
+ ldapRep.getConfig().putSingle("priority", Integer.toString(2));
+ ldapRep.getConfig().putSingle(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION, "true");
- // create provider with configuration and displayName
- UserFederationProviderRepresentation dummyRep2 = UserFederationProviderBuilder.create()
- .providerName("dummy")
- .displayName("dn1")
- .priority(1)
- .configProperty("prop1", "prop1Val")
- .configProperty("prop2", "true")
- .build();
- String id2 = createUserFederationProvider(dummyRep2);
+ String id = createComponent(ldapRep);
- // Assert provider instances available
- assertFederationProvider(userFederation().get(id1).toRepresentation(), id1, id1, "dummy", 2, 1000, 500, 123);
- assertFederationProvider(userFederation().get(id2).toRepresentation(), id2, "dn1", "dummy", 1, -1, -1, -1, "prop1", "prop1Val", "prop2", "true");
+ // Assert kerberos authenticator ALTERNATIVE
+ kerberosExecution = findKerberosExecution();
+ Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.ALTERNATIVE.toString());
- // Assert sorted
- List<UserFederationProviderRepresentation> providerInstances = userFederation().getProviderInstances();
- Assert.assertEquals(providerInstances.size(), 2);
- assertFederationProvider(providerInstances.get(0), id2, "dn1", "dummy", 1, -1, -1, -1, "prop1", "prop1Val", "prop2", "true");
- assertFederationProvider(providerInstances.get(1), id1, id1, "dummy", 2, 1000, 500, 123);
+ // Switch kerberos authenticator to DISABLED
+ kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
+ realm.flows().updateExecutions("browser", kerberosExecution);
+ assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION);
- // Remove providers
- removeUserFederationProvider(id1);
- removeUserFederationProvider(id2);
+ // update LDAP provider with kerberos
+ ldapRep = realm.components().component(id).toRepresentation();
+ realm.components().component(id).update(ldapRep);
+ assertAdminEvents.clear();
+
+ // Assert kerberos authenticator ALTERNATIVE
+ kerberosExecution = findKerberosExecution();
+ Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.ALTERNATIVE.toString());
+
+ // Cleanup
+ kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
+ realm.flows().updateExecutions("browser", kerberosExecution);
+ assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION);
+ removeComponent(id);
}
+ @Test
+ public void testKerberosAuthenticatorChangedOnlyIfDisabled() {
+ // Change kerberos to REQUIRED
+ AuthenticationExecutionInfoRepresentation kerberosExecution = findKerberosExecution();
+ kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString());
+ realm.flows().updateExecutions("browser", kerberosExecution);
+ assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION);
+
+ // create LDAP provider with kerberos
+ ComponentRepresentation ldapRep = new ComponentRepresentation();
+ ldapRep.setName("ldap2");
+ ldapRep.setProviderId("ldap");
+ ldapRep.setProviderType(UserStorageProvider.class.getName());
+ ldapRep.setConfig(new MultivaluedHashMap<>());
+ ldapRep.getConfig().putSingle("priority", Integer.toString(2));
+ ldapRep.getConfig().putSingle(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION, "true");
+
+ String id = createComponent(ldapRep);
+
+
+ // Assert kerberos authenticator still REQUIRED
+ kerberosExecution = findKerberosExecution();
+ Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.REQUIRED.toString());
+
+ // update LDAP provider with kerberos
+ ldapRep = realm.components().component(id).toRepresentation();
+ realm.components().component(id).update(ldapRep);
+ assertAdminEvents.clear();
+
+ // Assert kerberos authenticator still REQUIRED
+ kerberosExecution = findKerberosExecution();
+ Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.REQUIRED.toString());
+
+ // Cleanup
+ kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
+ realm.flows().updateExecutions("browser", kerberosExecution);
+ assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION);
+ removeComponent(id);
+
+ }
@Test
public void testValidateAndCreateLdapProvider() {
// Invalid filter
- UserFederationProviderRepresentation ldapRep = UserFederationProviderBuilder.create()
- .displayName("ldap1")
- .providerName("ldap")
- .priority(1)
- .configProperty(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "dc=something")
- .build();
- Response resp = userFederation().create(ldapRep);
+
+ ComponentRepresentation ldapRep = new ComponentRepresentation();
+ ldapRep.setName("ldap2");
+ ldapRep.setProviderId("ldap");
+ ldapRep.setProviderType(UserStorageProvider.class.getName());
+ ldapRep.setConfig(new MultivaluedHashMap<>());
+ ldapRep.getConfig().putSingle("priority", Integer.toString(2));
+ ldapRep.getConfig().putSingle(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "dc=something");
+
+ Response resp = realm.components().add(ldapRep);
Assert.assertEquals(400, resp.getStatus());
resp.close();
// Invalid filter
- ldapRep.getConfig().put(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(dc=something");
- resp = userFederation().create(ldapRep);
+ ldapRep.getConfig().putSingle(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(dc=something");
+ resp = realm.components().add(ldapRep);
Assert.assertEquals(400, resp.getStatus());
resp.close();
// Invalid filter
- ldapRep.getConfig().put(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "dc=something)");
- resp = userFederation().create(ldapRep);
+ ldapRep.getConfig().putSingle(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "dc=something)");
+ resp = realm.components().add(ldapRep);
Assert.assertEquals(400, resp.getStatus());
resp.close();
// Assert nothing created so far
- Assert.assertTrue(userFederation().getProviderInstances().isEmpty());
+ Assert.assertTrue(realm.components().query(realmId, UserStorageProvider.class.getName()).isEmpty());
assertAdminEvents.assertEmpty();
// Valid filter. Creation success
- ldapRep.getConfig().put(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(dc=something)");
- String id1 = createUserFederationProvider(ldapRep);
+ ldapRep.getConfig().putSingle(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(dc=something)");
+ String id1 = createComponent(ldapRep);
// Missing filter is ok too. Creation success
- UserFederationProviderRepresentation ldapRep2 = UserFederationProviderBuilder.create()
- .displayName("ldap2")
- .providerName("ldap")
- .priority(2)
- .configProperty(LDAPConstants.BIND_DN, "cn=manager")
- .configProperty(LDAPConstants.BIND_CREDENTIAL, "password")
- .build();
- String id2 = createUserFederationProvider(ldapRep2);
+ ComponentRepresentation ldapRep2 = new ComponentRepresentation();
+ ldapRep2.setName("ldap3");
+ ldapRep2.setProviderId("ldap");
+ ldapRep2.setProviderType(UserStorageProvider.class.getName());
+ ldapRep2.setConfig(new MultivaluedHashMap<>());
+ ldapRep2.getConfig().putSingle("priority", Integer.toString(2));
+ ldapRep2.getConfig().putSingle(LDAPConstants.BIND_DN, "cn=manager");
+ ldapRep2.getConfig().putSingle(LDAPConstants.BIND_CREDENTIAL, "password");
+ String id2 = createComponent(ldapRep2);
// Assert both providers created
- List<UserFederationProviderRepresentation> providerInstances = userFederation().getProviderInstances();
+ List<ComponentRepresentation> providerInstances = realm.components().query(realmId, UserStorageProvider.class.getName());
Assert.assertEquals(providerInstances.size(), 2);
- assertFederationProvider(providerInstances.get(0), id1, "ldap1", "ldap", 1, -1, -1, -1, LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(dc=something)");
- assertFederationProvider(providerInstances.get(1), id2, "ldap2", "ldap", 2, -1, -1, -1, LDAPConstants.BIND_DN, "cn=manager", LDAPConstants.BIND_CREDENTIAL, "password");
// Cleanup
- removeUserFederationProvider(id1);
- removeUserFederationProvider(id2);
+ removeComponent(id1);
+ removeComponent(id2);
}
-
@Test
public void testUpdateProvider() {
- UserFederationProviderRepresentation ldapRep = UserFederationProviderBuilder.create()
- .providerName("ldap")
- .priority(2)
- .configProperty(LDAPConstants.BIND_DN, "cn=manager")
- .configProperty(LDAPConstants.BIND_CREDENTIAL, "password")
- .build();
- String id = createUserFederationProvider(ldapRep);
- assertFederationProvider(userFederation().get(id).toRepresentation(), id, id, "ldap", 2, -1, -1, -1, LDAPConstants.BIND_DN, "cn=manager", LDAPConstants.BIND_CREDENTIAL, "password");
+ ComponentRepresentation ldapRep = new ComponentRepresentation();
+ ldapRep.setName("ldap2");
+ ldapRep.setProviderId("ldap");
+ ldapRep.setProviderType(UserStorageProvider.class.getName());
+ ldapRep.setConfig(new MultivaluedHashMap<>());
+ ldapRep.getConfig().putSingle("priority", Integer.toString(2));
+ ldapRep.getConfig().putSingle(LDAPConstants.BIND_DN, "cn=manager");
+ ldapRep.getConfig().putSingle(LDAPConstants.BIND_CREDENTIAL, "password");
+ String id = createComponent(ldapRep);
// Assert update with invalid filter should fail
- ldapRep = userFederation().get(id).toRepresentation();
- ldapRep.setDisplayName("");
- ldapRep.getConfig().put(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(dc=something2");
- ldapRep.getConfig().put(LDAPConstants.BIND_DN, "cn=manager-updated");
+ ldapRep = realm.components().component(id).toRepresentation();
+ ldapRep.getConfig().putSingle(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(dc=something2");
+ ldapRep.getConfig().putSingle(LDAPConstants.BIND_DN, "cn=manager-updated");
try {
- userFederation().get(id).update(ldapRep);
+ realm.components().component(id).update(ldapRep);
Assert.fail("Not expected to successfull update");
} catch (BadRequestException bre) {
// Expected
}
// Assert nothing was updated
- assertFederationProvider(userFederation().get(id).toRepresentation(), id, id, "ldap", 2, -1, -1, -1, LDAPConstants.BIND_DN, "cn=manager", LDAPConstants.BIND_CREDENTIAL, "password");
+ assertFederationProvider(realm.components().component(id).toRepresentation(), id, "ldap2", "ldap", LDAPConstants.BIND_DN, "cn=manager", LDAPConstants.BIND_CREDENTIAL, "**********");
// Change filter to be valid
- ldapRep.getConfig().put(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(dc=something2)");
- userFederation().get(id).update(ldapRep);
- assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep, ResourceType.USER_FEDERATION_PROVIDER);
+ ldapRep.getConfig().putSingle(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(dc=something2)");
+ realm.components().component(id).update(ldapRep);
+ assertAdminEvents.clear();
// Assert updated successfully
- ldapRep = userFederation().get(id).toRepresentation();
- assertFederationProvider(ldapRep, id, id, "ldap", 2, -1, -1, -1, LDAPConstants.BIND_DN, "cn=manager-updated", LDAPConstants.BIND_CREDENTIAL, "password",
+ ldapRep = realm.components().component(id).toRepresentation();
+ assertFederationProvider(ldapRep, id, "ldap2", "ldap", LDAPConstants.BIND_DN, "cn=manager-updated", LDAPConstants.BIND_CREDENTIAL, "**********",
LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(dc=something2)");
// Assert update displayName
- ldapRep.setDisplayName("ldap2");
- userFederation().get(id).update(ldapRep);
- assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep, ResourceType.USER_FEDERATION_PROVIDER);
+ ldapRep.setName("ldap2");
+ realm.components().component(id).update(ldapRep);
- assertFederationProvider(userFederation().get(id).toRepresentation(), id, "ldap2", "ldap", 2, -1, -1, -1, LDAPConstants.BIND_DN, "cn=manager-updated", LDAPConstants.BIND_CREDENTIAL, "password",
+ assertFederationProvider(realm.components().component(id).toRepresentation(), id, "ldap2", "ldap",LDAPConstants.BIND_DN, "cn=manager-updated", LDAPConstants.BIND_CREDENTIAL, "**********",
LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(dc=something2)");
// Cleanup
- removeUserFederationProvider(id);
+ removeComponent(id);
}
- @Test
- public void testKerberosAuthenticatorEnabledAutomatically() {
- // Assert kerberos authenticator DISABLED
- AuthenticationExecutionInfoRepresentation kerberosExecution = findKerberosExecution();
- Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.DISABLED.toString());
- // create LDAP provider with kerberos
- UserFederationProviderRepresentation ldapRep = UserFederationProviderBuilder.create()
- .displayName("ldap2")
- .providerName("ldap")
- .priority(2)
- .configProperty(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION, "true")
- .build();
- String id = createUserFederationProvider(ldapRep);
- // Assert kerberos authenticator ALTERNATIVE
- kerberosExecution = findKerberosExecution();
- Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.ALTERNATIVE.toString());
- // Switch kerberos authenticator to DISABLED
- kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
- realm.flows().updateExecutions("browser", kerberosExecution);
- assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION);
+/*
+ @Test
+ public void testProviderFactories() {
+ List<UserFederationProviderFactoryRepresentation> providerFactories = userFederation().getProviderFactories();
+ Assert.assertNames(providerFactories, "ldap", "kerberos", "dummy", "dummy-configurable");
- // update LDAP provider with kerberos
- ldapRep = userFederation().get(id).toRepresentation();
- userFederation().get(id).update(ldapRep);
- assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep, ResourceType.USER_FEDERATION_PROVIDER);
+ // Builtin provider without properties
+ UserFederationProviderFactoryRepresentation ldapProvider = userFederation().getProviderFactory("ldap");
+ Assert.assertEquals(ldapProvider.getId(), "ldap");
+ Assert.assertEquals(0, ldapProvider.getOptions().size());
- // Assert kerberos authenticator ALTERNATIVE
- kerberosExecution = findKerberosExecution();
- Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.ALTERNATIVE.toString());
+ // Configurable through the "old-way" options
+ UserFederationProviderFactoryRepresentation dummyProvider = userFederation().getProviderFactory("dummy");
+ Assert.assertEquals(dummyProvider.getId(), "dummy");
+ Assert.assertNames(new LinkedList<>(dummyProvider.getOptions()), "important.config");
- // Cleanup
- kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
- realm.flows().updateExecutions("browser", kerberosExecution);
- assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION);
- removeUserFederationProvider(id);
+ // Configurable through the "new-way" ConfiguredProvider
+ UserFederationProviderFactoryRepresentation dummyConfiguredProvider = userFederation().getProviderFactory("dummy-configurable");
+ Assert.assertEquals(dummyConfiguredProvider.getId(), "dummy-configurable");
+ Assert.assertTrue(dummyConfiguredProvider.getOptions() == null || dummyConfiguredProvider.getOptions().isEmpty());
+ Assert.assertEquals("Dummy User Federation Provider Help Text", dummyConfiguredProvider.getHelpText());
+ Assert.assertEquals(2, dummyConfiguredProvider.getProperties().size());
+ Assert.assertProviderConfigProperty(dummyConfiguredProvider.getProperties().get(0), "prop1", "Prop1", "prop1Default", "Prop1 HelpText", ProviderConfigProperty.STRING_TYPE);
+ Assert.assertProviderConfigProperty(dummyConfiguredProvider.getProperties().get(1), "prop2", "Prop2", "true", "Prop2 HelpText", ProviderConfigProperty.BOOLEAN_TYPE);
+
+ try {
+ userFederation().getProviderFactory("not-existent");
+ Assert.fail("Not expected to find not-existent provider");
+ } catch (NotFoundException nfe) {
+ // Expected
+ }
}
- @Test
- public void testKerberosAuthenticatorChangedOnlyIfDisabled() {
- // Change kerberos to REQUIRED
- AuthenticationExecutionInfoRepresentation kerberosExecution = findKerberosExecution();
- kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString());
- realm.flows().updateExecutions("browser", kerberosExecution);
- assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION);
+ private UserFederationProvidersResource userFederation() {
+ return null;//realm.userFederation();
+ }
- // create LDAP provider with kerberos
- UserFederationProviderRepresentation ldapRep = UserFederationProviderBuilder.create()
- .displayName("ldap2")
- .providerName("ldap")
+
+ @Test
+ public void testCreateProvider() {
+ // create provider without configuration and displayName
+ UserFederationProviderRepresentation dummyRep1 = UserFederationProviderBuilder.create()
+ .providerName("dummy")
+ .displayName("")
.priority(2)
- .configProperty(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION, "true")
+ .fullSyncPeriod(1000)
+ .changedSyncPeriod(500)
+ .lastSync(123)
.build();
- String id = createUserFederationProvider(ldapRep);
- // Assert kerberos authenticator still REQUIRED
- kerberosExecution = findKerberosExecution();
- Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.REQUIRED.toString());
+ String id1 = createUserFederationProvider(dummyRep1);
- // update LDAP provider with kerberos
- ldapRep = userFederation().get(id).toRepresentation();
- userFederation().get(id).update(ldapRep);
- assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(id), ldapRep, ResourceType.USER_FEDERATION_PROVIDER);
+ // create provider with configuration and displayName
+ UserFederationProviderRepresentation dummyRep2 = UserFederationProviderBuilder.create()
+ .providerName("dummy")
+ .displayName("dn1")
+ .priority(1)
+ .configProperty("prop1", "prop1Val")
+ .configProperty("prop2", "true")
+ .build();
+ String id2 = createUserFederationProvider(dummyRep2);
- // Assert kerberos authenticator still REQUIRED
- kerberosExecution = findKerberosExecution();
- Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.REQUIRED.toString());
+ // Assert provider instances available
+ assertFederationProvider(userFederation().get(id1).toRepresentation(), id1, id1, "dummy", 2, 1000, 500, 123);
+ assertFederationProvider(userFederation().get(id2).toRepresentation(), id2, "dn1", "dummy", 1, -1, -1, -1, "prop1", "prop1Val", "prop2", "true");
- // Cleanup
- kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
- realm.flows().updateExecutions("browser", kerberosExecution);
- assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION);
- removeUserFederationProvider(id);
+ // Assert sorted
+ List<UserFederationProviderRepresentation> providerInstances = userFederation().getProviderInstances();
+ Assert.assertEquals(providerInstances.size(), 2);
+ assertFederationProvider(providerInstances.get(0), id2, "dn1", "dummy", 1, -1, -1, -1, "prop1", "prop1Val", "prop2", "true");
+ assertFederationProvider(providerInstances.get(1), id1, id1, "dummy", 2, 1000, 500, 123);
+ // Remove providers
+ removeUserFederationProvider(id1);
+ removeUserFederationProvider(id2);
}
+
+
+
+
+
+
@Test (expected = NotFoundException.class)
public void testLookupNotExistentProvider() {
userFederation().get("not-existent").toRepresentation();
@@ -342,20 +404,6 @@ public class UserStorageRestTest extends AbstractAdminTest {
}
- private String createUserFederationProvider(UserFederationProviderRepresentation rep) {
- Response resp = userFederation().create(rep);
- Assert.assertEquals(201, resp.getStatus());
- resp.close();
- String federationProviderId = ApiUtil.getCreatedId(resp);
-
- assertAdminEvents.assertEvent(realmId, OperationType.CREATE, AdminEventPaths.userFederationResourcePath(federationProviderId), rep, ResourceType.USER_FEDERATION_PROVIDER);
- return federationProviderId;
- }
-
- private void removeUserFederationProvider(String id) {
- userFederation().get(id).remove();
- assertAdminEvents.assertEvent(realmId, OperationType.DELETE, AdminEventPaths.userFederationResourcePath(id), ResourceType.USER_FEDERATION_PROVIDER);
- }
private void assertFederationProvider(UserFederationProviderRepresentation rep, String id, String displayName, String providerName,
int priority, int fullSyncPeriod, int changeSyncPeriod, int lastSync,
@@ -372,13 +420,5 @@ public class UserStorageRestTest extends AbstractAdminTest {
}
- private AuthenticationExecutionInfoRepresentation findKerberosExecution() {
- AuthenticationExecutionInfoRepresentation kerberosExecution = null;
- List<AuthenticationExecutionInfoRepresentation> executionReps = realm.flows().getExecutions("browser");
- kerberosExecution = AbstractAuthenticationTest.findExecutionByProvider("auth-spnego", executionReps);
-
- Assert.assertNotNull(kerberosExecution);
- return kerberosExecution;
- }
*/
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/Assert.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/Assert.java
index 1f37ca2..a9c93f6 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/Assert.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/Assert.java
@@ -17,6 +17,7 @@
package org.keycloak.testsuite;
+import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.ConfigPropertyRepresentation;
@@ -105,6 +106,26 @@ public class Assert extends org.junit.Assert {
}
}
+ /**
+ * Assert all the fields from map available. Array "expected" contains pairs when first value from pair is expected key
+ * and second is the expected value from the map for target key.
+ *
+ * Example config = {"key1" -> "value1" , "key2" -> "value2" }
+ * then assertMap(config, "key1", "value1", "key2", "value2" will return true
+ *
+ */
+ public static void assertMultivaluedMap(MultivaluedHashMap<String, String> config, String... expected) {
+ if (expected == null) {
+ expected = new String[] {};
+ }
+
+ for (int i=0 ; i<expected.length ; i+=2) {
+ String key = expected[i];
+ String value = expected[i+1];
+ Assert.assertEquals(value, config.getFirst(key));
+ }
+ }
+
public static void assertProviderConfigProperty(ConfigPropertyRepresentation property, String name, String label, String defaultValue, String helpText, String type) {
Assert.assertEquals(name, property.getName());
Assert.assertEquals(label, property.getLabel());