keycloak-aplcache
Changes
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/AdminConsoleRealm.java 2(+1 -1)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/CreateKerberosUserProvider.java 28(+28 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/CreateLdapUserProvider.java 7(+7 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/KerberosUserProviderForm.java 81(+81 -0)
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/LdapUserProviderForm.java 184(+154 -30)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/console/federation/KerberosUserFederationTest.java 75(+75 -0)
Details
diff --git a/testsuite/integration-arquillian/tests/base/pom.xml b/testsuite/integration-arquillian/tests/base/pom.xml
index 6317df8..5c409ab 100644
--- a/testsuite/integration-arquillian/tests/base/pom.xml
+++ b/testsuite/integration-arquillian/tests/base/pom.xml
@@ -15,7 +15,18 @@
<exclude.console>-</exclude.console>
<exclude.account>-</exclude.account>
</properties>
-
+ <dependencies>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-util-embedded-ldap</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcprov-jdk15</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ </dependencies>
<build>
<plugins>
<plugin>
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/AdminConsoleRealm.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/AdminConsoleRealm.java
index 4fd57ba..852133b 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/AdminConsoleRealm.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/AdminConsoleRealm.java
@@ -57,7 +57,7 @@ public class AdminConsoleRealm extends AdminConsoleRealmsRoot {
private WebElement rolesLink;
@FindBy(partialLinkText = "Identity Providers")
private WebElement identityProvidersLink;
- @FindBy(partialLinkText = "User Feferation")
+ @FindBy(partialLinkText = "User Federation")
private WebElement userFederationLink;
@FindBy(partialLinkText = "Authentication")
private WebElement authenticationLink;
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/CreateKerberosUserProvider.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/CreateKerberosUserProvider.java
new file mode 100644
index 0000000..6347392
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/CreateKerberosUserProvider.java
@@ -0,0 +1,28 @@
+package org.keycloak.testsuite.console.page.federation;
+
+import org.jboss.arquillian.graphene.page.Page;
+import org.keycloak.testsuite.console.page.AdminConsoleCreate;
+
+/**
+ *
+ * @author pdrozd
+ */
+public class CreateKerberosUserProvider extends AdminConsoleCreate {
+
+ @Page
+ private KerberosUserProviderForm form;
+
+ public CreateKerberosUserProvider() {
+ setEntity("user-federation");
+ }
+
+ @Override
+ public String getUriFragment() {
+ return super.getUriFragment() + "/providers/kerberos";
+ }
+
+ public KerberosUserProviderForm form() {
+ return form;
+ }
+
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/CreateLdapUserProvider.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/CreateLdapUserProvider.java
index 4dc47f9..13ba716 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/CreateLdapUserProvider.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/CreateLdapUserProvider.java
@@ -1,5 +1,6 @@
package org.keycloak.testsuite.console.page.federation;
+import org.jboss.arquillian.graphene.page.Page;
import org.keycloak.testsuite.console.page.AdminConsoleCreate;
/**
@@ -8,6 +9,9 @@ import org.keycloak.testsuite.console.page.AdminConsoleCreate;
*/
public class CreateLdapUserProvider extends AdminConsoleCreate {
+ @Page
+ private LdapUserProviderForm form;
+
public CreateLdapUserProvider() {
setEntity("user-federation");
}
@@ -17,4 +21,7 @@ public class CreateLdapUserProvider extends AdminConsoleCreate {
return super.getUriFragment() + "/providers/ldap";
}
+ public LdapUserProviderForm form() {
+ return form;
+ }
}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/KerberosUserProviderForm.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/KerberosUserProviderForm.java
new file mode 100644
index 0000000..1fb068f
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/KerberosUserProviderForm.java
@@ -0,0 +1,81 @@
+package org.keycloak.testsuite.console.page.federation;
+
+import static org.keycloak.testsuite.util.WaitUtils.waitGuiForElement;
+
+import org.keycloak.testsuite.console.page.fragment.OnOffSwitch;
+import org.keycloak.testsuite.page.Form;
+import org.openqa.selenium.By;
+import org.openqa.selenium.WebElement;
+import org.openqa.selenium.support.FindBy;
+import org.openqa.selenium.support.ui.Select;
+
+/**
+ * @author pdrozd
+ */
+public class KerberosUserProviderForm extends Form {
+
+ @FindBy(id = "consoleDisplayName")
+ private WebElement consoleDisplayNameInput;
+
+ @FindBy(id = "priority")
+ private WebElement priorityInput;
+
+ @FindBy(id = "kerberosRealm")
+ private WebElement kerberosRealmInput;
+
+ @FindBy(id = "serverPrincipal")
+ private WebElement serverPrincipalInput;
+
+ @FindBy(id = "keyTab")
+ private WebElement keyTabInput;
+
+ @FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='debug']]")
+ private OnOffSwitch debug;
+
+ @FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='allowPasswordAuthentication']]")
+ private OnOffSwitch allowPwdAuth;
+
+ @FindBy(id = "editMode")
+ private Select editModeSelect;
+
+ @FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='updateProfileFirstLogin']]")
+ private OnOffSwitch updateProfileFirstLogin;
+
+ public void setConsoleDisplayNameInput(String name) {
+ setInputValue(consoleDisplayNameInput, name);
+ }
+
+ public void setPriorityInput(Integer priority) {
+ setInputValue(priorityInput, String.valueOf(priority));
+ }
+
+ public void setKerberosRealmInput(String kerberosRealm) {
+ waitGuiForElement(By.id("kerberosRealm"));
+ setInputValue(kerberosRealmInput, kerberosRealm);
+ }
+
+ public void setServerPrincipalInput(String serverPrincipal) {
+ setInputValue(serverPrincipalInput, serverPrincipal);
+ }
+
+ public void setKeyTabInput(String keyTab) {
+ setInputValue(keyTabInput, keyTab);
+ }
+
+ public void setDebugEnabled(boolean debugEnabled) {
+ this.debug.setOn(debugEnabled);
+ }
+
+ public void setAllowPasswordAuthentication(boolean enabled) {
+ allowPwdAuth.setOn(enabled);
+ }
+
+ public void selectEditMode(String mode) {
+ waitGuiForElement(By.id("editMode"));
+ editModeSelect.selectByVisibleText(mode);
+ }
+
+ public void setUpdateProfileFirstLogin(boolean enabled) {
+ updateProfileFirstLogin.setOn(enabled);
+ }
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/LdapUserProviderForm.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/LdapUserProviderForm.java
index a9b8882..3acc5ec 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/LdapUserProviderForm.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/console/page/federation/LdapUserProviderForm.java
@@ -1,5 +1,8 @@
package org.keycloak.testsuite.console.page.federation;
+import static org.keycloak.testsuite.util.WaitUtils.waitAjaxForElement;
+import static org.keycloak.testsuite.util.WaitUtils.waitGuiForElement;
+
import org.jboss.arquillian.graphene.findby.FindByJQuery;
import org.keycloak.testsuite.console.page.fragment.OnOffSwitch;
import org.keycloak.testsuite.page.Form;
@@ -8,10 +11,8 @@ import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
import org.openqa.selenium.support.ui.Select;
-import static org.keycloak.testsuite.util.WaitUtils.waitGuiForElement;
-
/**
- * Created by fkiss.
+ * @author fkiss, pdrozd
*/
public class LdapUserProviderForm extends Form {
@@ -24,24 +25,33 @@ public class LdapUserProviderForm extends Form {
@FindBy(id = "usernameLDAPAttribute")
private WebElement usernameLDAPAttributeInput;
+ @FindBy(id = "rdnLDAPAttribute")
+ private WebElement rdnLDAPAttributeInput;
+
+ @FindBy(id = "uuidLDAPAttribute")
+ private WebElement uuidLDAPAttributeInput;
+
@FindBy(id = "userObjectClasses")
private WebElement userObjectClassesInput;
@FindBy(id = "ldapConnectionUrl")
private WebElement ldapConnectionUrlInput;
- @FindBy(id = "ldapBaseDn")
- private WebElement ldapBaseDnInput;
-
@FindBy(id = "ldapUsersDn")
private WebElement ldapUserDnInput;
+ @FindBy(id = "authType")
+ private Select authTypeSelect;
+
@FindBy(id = "ldapBindDn")
private WebElement ldapBindDnInput;
@FindBy(id = "ldapBindCredential")
private WebElement ldapBindCredentialInput;
+ @FindBy(id = "searchScope")
+ private Select searchScopeSelect;
+
@FindBy(id = "kerberosRealm")
private WebElement kerberosRealmInput;
@@ -72,59 +82,173 @@ public class LdapUserProviderForm extends Form {
@FindByJQuery("a:contains('Test authentication')")
private WebElement testAuthenticationButton;
- @FindByJQuery("div[class='onoffswitch']:eq(0)")
+ @FindByJQuery("a:contains('Synchronize changed users')")
+ private WebElement synchronizeChangedUsersButton;
+
+ @FindByJQuery("button:contains('Synchronize all users')")
+ private WebElement synchronizeAllUsersButton;
+
+ @FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='syncRegistrations']]")
private OnOffSwitch syncRegistrations;
- @FindByJQuery("div[class='onoffswitch']:eq(1)")
+ @FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='connectionPooling']]")
private OnOffSwitch connectionPooling;
- @FindByJQuery("div[class='onoffswitch']:eq(2)")
+ @FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='pagination']]")
private OnOffSwitch pagination;
- @FindByJQuery("div[class='onoffswitch']:eq(3)")
+ @FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='userAccountControlsAfterPasswordUpdate']]")
+ private OnOffSwitch enableAccountAfterPasswordUpdate;
+
+ @FindBy(xpath = "//div[contains(@class,'onoffswitch') and ./input[@id='allowKerberosAuthentication']]")
private OnOffSwitch allowKerberosAuth;
- @FindByJQuery("div[class='onoffswitch']:eq(4)")
+ @FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='debug']]")
private OnOffSwitch debug;
- @FindByJQuery("div[class='onoffswitch']:eq(5)")
+ @FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='useKerberosForPasswordAuthentication']]")
private OnOffSwitch useKerberosForPwdAuth;
- @FindByJQuery("div[class='onoffswitch']:eq(6)")
+ @FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='compositeSwitch']]")
private OnOffSwitch periodicFullSync;
- @FindByJQuery("div[class='onoffswitch']:eq(7)")
+ @FindBy(xpath = ".//div[contains(@class,'onoffswitch') and ./input[@id='changedSyncEnabled']]")
private OnOffSwitch periodicChangedUsersSync;
- @FindByJQuery("button:contains('Save')")
- private WebElement saveButton;
+ public void setConsoleDisplayNameInput(String name) {
+ setInputValue(consoleDisplayNameInput, name);
+ }
+
+ public void setPriorityInput(Integer priority) {
+ setInputValue(priorityInput, String.valueOf(priority));
+ }
+
+ public void setUsernameLDAPAttributeInput(String usernameLDAPAttribute) {
+ setInputValue(usernameLDAPAttributeInput, usernameLDAPAttribute);
+ }
+
+ public void setRdnLDAPAttributeInput(String rdnLDAPAttribute) {
+ setInputValue(rdnLDAPAttributeInput, rdnLDAPAttribute);
+ }
+
+ public void setUuidLDAPAttributeInput(String uuidLDAPAttribute) {
+ setInputValue(uuidLDAPAttributeInput, uuidLDAPAttribute);
+ }
+
+ public void setUserObjectClassesInput(String userObjectClasses) {
+ setInputValue(userObjectClassesInput, userObjectClasses);
+ }
+
+ public void setLdapConnectionUrlInput(String ldapConnectionUrl) {
+ setInputValue(ldapConnectionUrlInput, ldapConnectionUrl);
+ }
+
+ public void setLdapUserDnInput(String ldapUserDn) {
+ setInputValue(ldapUserDnInput, ldapUserDn);
+ }
+
+ public void setLdapBindDnInput(String ldapBindDn) {
+ setInputValue(ldapBindDnInput, ldapBindDn);
+ }
+
+ public void setLdapBindCredentialInput(String ldapBindCredential) {
+ setInputValue(ldapBindCredentialInput, ldapBindCredential);
+ }
+
+ public void setKerberosRealmInput(String kerberosRealm) {
+ waitAjaxForElement(kerberosRealmInput);
+ setInputValue(kerberosRealmInput, kerberosRealm);
+ }
+
+ public void setServerPrincipalInput(String serverPrincipal) {
+ waitAjaxForElement(serverPrincipalInput);
+ setInputValue(serverPrincipalInput, serverPrincipal);
+ }
+
+ public void setKeyTabInput(String keyTab) {
+ waitAjaxForElement(keyTabInput);
+ setInputValue(keyTabInput, keyTab);
+ }
+
+ public void setBatchSizeForSyncInput(String batchSizeForSync) {
+ setInputValue(batchSizeForSyncInput, batchSizeForSync);
+ }
- public void selectEditMode(String mode){
+ public void selectEditMode(String mode) {
waitGuiForElement(By.id("editMode"));
editModeSelect.selectByVisibleText(mode);
}
- public void selectVendor(String vendor){
- waitGuiForElement(By.id("editMode"));
+ public void selectVendor(String vendor) {
+ waitGuiForElement(By.id("vendor"));
vendorSelect.selectByVisibleText(vendor);
}
- public void configureLdap(String displayName, String editMode, String vendor, String connectionUrl, String userDN, String ldapBindDn, String ldapBindCredential){
- consoleDisplayNameInput.sendKeys(displayName);
- editModeSelect.selectByVisibleText(editMode);
- selectVendor(vendor);
- ldapConnectionUrlInput.sendKeys(connectionUrl);
- ldapUserDnInput.sendKeys(userDN);
- ldapBindDnInput.sendKeys(ldapBindDn);
- ldapBindCredentialInput.sendKeys(ldapBindCredential);
- saveButton.click();
+ public void selectAuthenticationType(String authenticationType) {
+ waitGuiForElement(By.id("authType"));
+ authTypeSelect.selectByVisibleText(authenticationType);
+ }
+
+ public void selectSearchScope(String searchScope) {
+ waitGuiForElement(By.id("searchScope"));
+ searchScopeSelect.selectByVisibleText(searchScope);
+ }
+
+ public void setSyncRegistrationsEnabled(boolean syncRegistrationsEnabled) {
+ this.syncRegistrations.setOn(syncRegistrationsEnabled);
+ }
+
+ public void setConnectionPoolingEnabled(boolean connectionPoolingEnabled) {
+ this.connectionPooling.setOn(connectionPoolingEnabled);
}
- public void testConnection(){
+ public void setPaginationEnabled(boolean paginationEnabled) {
+ this.pagination.setOn(paginationEnabled);
+ }
+
+ public void setAccountAfterPasswordUpdateEnabled(boolean enabled) {
+ if ((!enableAccountAfterPasswordUpdate.isOn() && enabled)
+ || !enabled && enableAccountAfterPasswordUpdate.isOn()) {
+ driver.findElement(By
+ .xpath("//div[contains(@class,'onoffswitch') and ./input[@id='userAccountControlsAfterPasswordUpdate']]"))
+ .findElements(By.tagName("span")).get(0).click();
+ }
+ }
+
+ public void setAllowKerberosAuthEnabled(boolean enabled) {
+ if ((!allowKerberosAuth.isOn() && enabled) || !enabled && allowKerberosAuth.isOn()) {
+ driver.findElement(
+ By.xpath("//div[contains(@class,'onoffswitch') and ./input[@id='allowKerberosAuthentication']]"))
+ .findElements(By.tagName("span")).get(0).click();
+ }
+ }
+
+ public void setDebugEnabled(boolean debugEnabled) {
+ this.debug.setOn(debugEnabled);
+ }
+
+ public void setUseKerberosForPwdAuthEnabled(boolean useKerberosForPwdAuthEnabled) {
+ this.useKerberosForPwdAuth.setOn(useKerberosForPwdAuthEnabled);
+ }
+
+ public void setPeriodicFullSyncEnabled(boolean periodicFullSyncEnabled) {
+ this.periodicFullSync.setOn(periodicFullSyncEnabled);
+ }
+
+ public void setPeriodicChangedUsersSyncEnabled(boolean periodicChangedUsersSyncEnabled) {
+ this.periodicChangedUsersSync.setOn(periodicChangedUsersSyncEnabled);
+ }
+
+ public void testConnection() {
testConnectionButton.click();
}
- public void testAuthentication(){
+ public void testAuthentication() {
testAuthenticationButton.click();
}
+
+ public void synchronizeAllUsers() {
+ waitAjaxForElement(synchronizeAllUsersButton);
+ synchronizeAllUsersButton.click();
+ }
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/console/federation/KerberosUserFederationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/console/federation/KerberosUserFederationTest.java
new file mode 100644
index 0000000..47521e5
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/console/federation/KerberosUserFederationTest.java
@@ -0,0 +1,75 @@
+package org.keycloak.testsuite.console.federation;
+
+import static org.junit.Assert.assertEquals;
+
+import org.jboss.arquillian.graphene.page.Page;
+import org.junit.Test;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.UserFederationProviderRepresentation;
+import org.keycloak.testsuite.console.AbstractConsoleTest;
+import org.keycloak.testsuite.console.page.federation.CreateKerberosUserProvider;
+
+/**
+ * @author pdrozd
+ */
+public class KerberosUserFederationTest extends AbstractConsoleTest {
+
+ private static final String UNSYNCED = "UNSYNCED";
+
+ private static final String READ_ONLY = "READ_ONLY";
+
+ @Page
+ private CreateKerberosUserProvider createKerberosUserProvider;
+
+ @Test
+ public void configureKerberosProvider() {
+ createKerberosUserProvider.navigateTo();
+ createKerberosUserProvider.form().setConsoleDisplayNameInput("kerberos");
+ createKerberosUserProvider.form().setKerberosRealmInput("KEYCLOAK.ORG");
+ createKerberosUserProvider.form().setServerPrincipalInput("HTTP/localhost@KEYCLOAK.ORG");
+ createKerberosUserProvider.form().setKeyTabInput("http.keytab");
+ createKerberosUserProvider.form().setDebugEnabled(true);
+ createKerberosUserProvider.form().setAllowPasswordAuthentication(true);
+ createKerberosUserProvider.form().selectEditMode(READ_ONLY);
+ createKerberosUserProvider.form().setUpdateProfileFirstLogin(true);
+ createKerberosUserProvider.form().save();
+ assertFlashMessageSuccess();
+ RealmRepresentation realm = testRealmResource().toRepresentation();
+ UserFederationProviderRepresentation ufpr = realm.getUserFederationProviders().get(0);
+ assertKerberosSetings(ufpr, "KEYCLOAK.ORG", "HTTP/localhost@KEYCLOAK.ORG", "http.keytab", "true", "true", "true");
+ }
+
+ @Test
+ public void invalidSettingsTest() {
+ createKerberosUserProvider.navigateTo();
+ createKerberosUserProvider.form().setConsoleDisplayNameInput("kerberos");
+ createKerberosUserProvider.form().setServerPrincipalInput("HTTP/localhost@KEYCLOAK.ORG");
+ createKerberosUserProvider.form().setKeyTabInput("http.keytab");
+ createKerberosUserProvider.form().setDebugEnabled(true);
+ createKerberosUserProvider.form().setAllowPasswordAuthentication(true);
+ createKerberosUserProvider.form().selectEditMode(UNSYNCED);
+ createKerberosUserProvider.form().setUpdateProfileFirstLogin(true);
+ createKerberosUserProvider.form().save();
+ assertFlashMessageDanger();
+ createKerberosUserProvider.form().setServerPrincipalInput("");
+ createKerberosUserProvider.form().setKerberosRealmInput("KEYCLOAK.ORG");;
+ createKerberosUserProvider.form().save();
+ assertFlashMessageDanger();
+ createKerberosUserProvider.form().setServerPrincipalInput("HTTP/localhost@KEYCLOAK.ORG");;
+ createKerberosUserProvider.form().setKeyTabInput("");
+ createKerberosUserProvider.form().save();
+ assertFlashMessageDanger();
+ createKerberosUserProvider.form().setKeyTabInput("http.keytab");;
+ createKerberosUserProvider.form().save();
+ assertFlashMessageSuccess();
+ }
+
+ private void assertKerberosSetings(UserFederationProviderRepresentation ufpr, String kerberosRealm, String serverPrincipal, String keyTab, String debug, String useKerberosForPasswordAuthentication, String updateProfileFirstLogin) {
+ assertEquals(kerberosRealm, ufpr.getConfig().get("kerberosRealm"));
+ assertEquals(serverPrincipal, ufpr.getConfig().get("serverPrincipal"));
+ assertEquals(keyTab, ufpr.getConfig().get("keyTab"));
+ assertEquals(debug, ufpr.getConfig().get("debug"));
+ assertEquals(useKerberosForPasswordAuthentication, ufpr.getConfig().get("allowKerberosAuthentication"));
+ assertEquals(updateProfileFirstLogin, ufpr.getConfig().get("updateProfileFirstLogin"));
+ }
+}
\ No newline at end of file
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/console/federation/LdapUserFederationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/console/federation/LdapUserFederationTest.java
index e70da46..e040362 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/console/federation/LdapUserFederationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/console/federation/LdapUserFederationTest.java
@@ -1,71 +1,192 @@
package org.keycloak.testsuite.console.federation;
-import org.jboss.arquillian.graphene.page.Page;
-import org.junit.*;
-import org.keycloak.models.LDAPConstants;
-
-import org.keycloak.representations.idm.UserRepresentation;
-import org.keycloak.testsuite.console.AbstractConsoleTest;
-import org.keycloak.testsuite.console.page.federation.LdapUserProviderForm;
-import org.keycloak.testsuite.console.page.federation.UserFederation;
-import org.keycloak.testsuite.console.page.users.Users;
-import org.keycloak.testsuite.util.LDAPTestConfiguration;
+import static org.junit.Assert.assertEquals;
-import java.util.Map;
+import java.util.Properties;
-import static org.junit.Assert.assertTrue;
-import static org.keycloak.representations.idm.CredentialRepresentation.PASSWORD;
-import static org.keycloak.testsuite.admin.Users.setPasswordFor;
+import org.jboss.arquillian.graphene.page.Page;
+import org.junit.Test;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.UserFederationProviderRepresentation;
+import org.keycloak.testsuite.console.AbstractConsoleTest;
+import org.keycloak.testsuite.console.page.federation.CreateLdapUserProvider;
+import org.keycloak.util.ldap.LDAPEmbeddedServer;
/**
- * Created by fkiss.
+ * @author fkiss, pdrozd
*/
public class LdapUserFederationTest extends AbstractConsoleTest {
- @Page
- private LdapUserProviderForm ldapUserProviderForm;
+ private static final String UNSYNCED = "UNSYNCED";
- @Page
- private UserFederation userFederationPage;
+ private static final String READ_ONLY = "READ_ONLY";
+
+ private static final String RED_HAT_DIRECTORY_SERVER = "Red Hat Directory Server";
+
+ private static final String WRITABLE = "WRITABLE";
+
+ private static final String ACTIVE_DIRECTORY = "Active Directory";
@Page
- private Users usersPage;
+ private CreateLdapUserProvider createLdapUserProvider;
- @Before
- public void beforeTestLdapUserFederation() {
- //configure().userFederation();
+ @Test
+ public void configureAdProvider() {
+ createLdapUserProvider.navigateTo();
+ createLdapUserProvider.form().selectVendor(ACTIVE_DIRECTORY);
+ createLdapUserProvider.form().setConsoleDisplayNameInput("ldap");
+ createLdapUserProvider.form().selectEditMode(WRITABLE);
+ createLdapUserProvider.form().setLdapConnectionUrlInput("ldap://localhost:389");
+ createLdapUserProvider.form().setLdapBindDnInput("KEYCLOAK/Administrator");
+ createLdapUserProvider.form().setLdapUserDnInput("ou=People,dc=keycloak,dc=org");
+ createLdapUserProvider.form().setLdapBindCredentialInput("secret");
+ createLdapUserProvider.form().setAccountAfterPasswordUpdateEnabled(false);
+ // enable kerberos
+ createLdapUserProvider.form().setAllowKerberosAuthEnabled(true);
+ createLdapUserProvider.form().setKerberosRealmInput("KEYCLOAK.ORG");
+ createLdapUserProvider.form().setServerPrincipalInput("HTTP/localhost@KEYCLOAK.ORG");
+ createLdapUserProvider.form().setKeyTabInput("http.keytab");
+ createLdapUserProvider.form().setDebugEnabled(true);
+ createLdapUserProvider.form().save();
+ assertFlashMessageSuccess();
+
+ RealmRepresentation realm = testRealmResource().toRepresentation();
+ UserFederationProviderRepresentation ufpr = realm.getUserFederationProviders().get(0);
+ assertLdapProviderSetting(ufpr, "ldap", 0, WRITABLE, "false", "ad", "1", "true", "true", "false");
+ assertLdapBasicMapping(ufpr, "cn", "cn", "objectGUID", "person, organizationalPerson, user",
+ "ou=People,dc=keycloak,dc=org");
+ assertLdapSyncSetings(ufpr, "1000", 0, 0);
+ assertLdapKerberosSetings(ufpr, "KEYCLOAK.ORG", "HTTP/localhost@KEYCLOAK.ORG", "http.keytab", "true", "false");
}
- @Ignore
@Test
- public void addAndConfigureProvider() {
- adminConsolePage.navigateTo();
- testRealmLoginPage.form().login(testUser);
+ public void configureRhdsProvider() {
+ createLdapUserProvider.navigateTo();
+ createLdapUserProvider.form().selectVendor(RED_HAT_DIRECTORY_SERVER);
+ createLdapUserProvider.form().setConsoleDisplayNameInput("ldap");
+ createLdapUserProvider.form().selectEditMode(READ_ONLY);
+ createLdapUserProvider.form().setLdapConnectionUrlInput("ldap://localhost:389");
+ createLdapUserProvider.form().setLdapBindDnInput("uid=admin,ou=system");
+ createLdapUserProvider.form().setLdapUserDnInput("ou=People,dc=keycloak,dc=org");
+ createLdapUserProvider.form().setLdapBindCredentialInput("secret");
+ createLdapUserProvider.form().save();
+ assertFlashMessageSuccess();
+
+ RealmRepresentation realm = testRealmResource().toRepresentation();
+ UserFederationProviderRepresentation ufpr = realm.getUserFederationProviders().get(0);
+ assertLdapProviderSetting(ufpr, "ldap", 0, READ_ONLY, "false", "rhds", "1", "true", "true", "true");
+ assertLdapBasicMapping(ufpr, "uid", "uid", "nsuniqueid", "inetOrgPerson, organizationalPerson",
+ "ou=People,dc=keycloak,dc=org");
+ assertLdapSyncSetings(ufpr, "1000", 0, 0);
+ }
- String name = "ldapname";
+ @Test
+ public void invalidSettingsTest() {
+ createLdapUserProvider.navigateTo();
+ createLdapUserProvider.form().selectVendor(ACTIVE_DIRECTORY);
+ createLdapUserProvider.form().setConsoleDisplayNameInput("ldap");
+ createLdapUserProvider.form().selectEditMode(UNSYNCED);
+ createLdapUserProvider.form().setLdapBindDnInput("uid=admin,ou=system");
+ createLdapUserProvider.form().setLdapUserDnInput("ou=People,dc=keycloak,dc=org");
+ createLdapUserProvider.form().setLdapBindCredentialInput("secret");
+ createLdapUserProvider.form().save();
+ assertFlashMessageDanger();
+ createLdapUserProvider.form().setLdapUserDnInput("");
+ createLdapUserProvider.form().setLdapConnectionUrlInput("ldap://localhost:389");
+ createLdapUserProvider.form().save();
+ assertFlashMessageDanger();
+ createLdapUserProvider.form().setLdapUserDnInput("ou=People,dc=keycloak,dc=org");
+ createLdapUserProvider.form().setLdapBindDnInput("");
+ createLdapUserProvider.form().save();
+ assertFlashMessageDanger();
+ createLdapUserProvider.form().setLdapBindDnInput("uid=admin,ou=system");
+ createLdapUserProvider.form().setLdapBindCredentialInput("");
+ createLdapUserProvider.form().save();
+ assertFlashMessageDanger();
+ createLdapUserProvider.form().setLdapBindCredentialInput("secret");
+ createLdapUserProvider.form().save();
+ assertFlashMessageSuccess();
+ }
+
+ @Test
+ public void testConnection() throws Exception {
+ createLdapUserProvider.navigateTo();
+ createLdapUserProvider.form().selectVendor("Other");
+ createLdapUserProvider.form().setConsoleDisplayNameInput("ldap");
+ createLdapUserProvider.form().selectEditMode(WRITABLE);
+ createLdapUserProvider.form().setLdapConnectionUrlInput("ldap://localhost:10389");
+ createLdapUserProvider.form().setLdapBindDnInput("uid=admin,ou=system");
+ createLdapUserProvider.form().setLdapUserDnInput("ou=People,dc=keycloak,dc=org");
+ createLdapUserProvider.form().setLdapBindCredentialInput("secret");
+ createLdapUserProvider.form().setAccountAfterPasswordUpdateEnabled(true);
+ createLdapUserProvider.form().save();
+ assertFlashMessageSuccess();
+ LDAPEmbeddedServer ldapServer = null;
+ try {
+ ldapServer = startEmbeddedLdapServer();
+ createLdapUserProvider.form().testConnection();
+ assertFlashMessageSuccess();
+ createLdapUserProvider.form().testAuthentication();
+ assertFlashMessageSuccess();
+ createLdapUserProvider.form().synchronizeAllUsers();
+ assertFlashMessageSuccess();
+ createLdapUserProvider.form().setLdapBindCredentialInput("secret1");
+ createLdapUserProvider.form().testAuthentication();
+ assertFlashMessageDanger();
+ } finally {
+ if (ldapServer != null) {
+ ldapServer.stop();
+ }
+ }
+ }
- String LDAP_CONNECTION_PROPERTIES_LOCATION = "ldap/ldap-connection.properties";
- LDAPTestConfiguration ldapTestConfiguration = LDAPTestConfiguration.readConfiguration(LDAP_CONNECTION_PROPERTIES_LOCATION);
+ private void assertLdapProviderSetting(UserFederationProviderRepresentation ufpr, String name, int priority,
+ String editMode, String syncRegistrations, String vendor, String searchScope, String connectionPooling,
+ String pagination, String enableAccountAfterPasswordUpdate) {
+ assertEquals(name, ufpr.getDisplayName());
+ assertEquals(priority, ufpr.getPriority());
+ assertEquals(editMode, ufpr.getConfig().get("editMode"));
+ assertEquals(syncRegistrations, ufpr.getConfig().get("syncRegistrations"));
+ assertEquals(vendor, ufpr.getConfig().get("vendor"));
+ assertEquals(searchScope, ufpr.getConfig().get("searchScope"));
+ assertEquals(connectionPooling, ufpr.getConfig().get("connectionPooling"));
+ assertEquals(pagination, ufpr.getConfig().get("pagination"));
+ assertEquals(enableAccountAfterPasswordUpdate, ufpr.getConfig().get("userAccountControlsAfterPasswordUpdate"));
+ }
- UserRepresentation newUser = new UserRepresentation();
- String testUsername = "defaultrole tester";
- newUser.setUsername(testUsername);
- setPasswordFor(newUser, PASSWORD);
+ private void assertLdapBasicMapping(UserFederationProviderRepresentation ufpr, String usernameLdapAttribute,
+ String rdnLdapAttr, String uuidLdapAttr, String userObjectClasses, String userDN) {
+ assertEquals(usernameLdapAttribute, ufpr.getConfig().get("usernameLDAPAttribute"));
+ assertEquals(rdnLdapAttr, ufpr.getConfig().get("rdnLDAPAttribute"));
+ assertEquals(uuidLdapAttr, ufpr.getConfig().get("uuidLDAPAttribute"));
+ assertEquals(userObjectClasses, ufpr.getConfig().get("userObjectClasses"));
+ assertEquals(userDN, ufpr.getConfig().get("usersDn"));
+ }
- Map<String,String> ldapConfig = ldapTestConfiguration.getLDAPConfig();
+ private void assertLdapKerberosSetings(UserFederationProviderRepresentation ufpr, String kerberosRealm,
+ String serverPrincipal, String keyTab, String debug, String useKerberosForPasswordAuthentication) {
+ assertEquals(kerberosRealm, ufpr.getConfig().get("kerberosRealm"));
+ assertEquals(serverPrincipal, ufpr.getConfig().get("serverPrincipal"));
+ assertEquals(keyTab, ufpr.getConfig().get("keyTab"));
+ assertEquals(debug, ufpr.getConfig().get("debug"));
+ assertEquals(useKerberosForPasswordAuthentication,
+ ufpr.getConfig().get("useKerberosForPasswordAuthentication"));
+ }
- //addLdapProviderTest
- configure().userFederation();
- userFederationPage.addProvider("ldap");
- ldapUserProviderForm.configureLdap(ldapConfig.get(LDAPConstants.LDAP_PROVIDER), ldapConfig.get(LDAPConstants.EDIT_MODE), ldapConfig.get(LDAPConstants.VENDOR), ldapConfig.get(LDAPConstants.CONNECTION_URL), ldapConfig.get(LDAPConstants.USERS_DN), ldapConfig.get(LDAPConstants.BIND_DN), ldapConfig.get(LDAPConstants.BIND_CREDENTIAL));
+ private void assertLdapSyncSetings(UserFederationProviderRepresentation ufpr, String batchSize,
+ int periodicFullSync, int periodicChangedUsersSync) {
+ assertEquals(batchSize, ufpr.getConfig().get("batchSizeForSync"));
+ assertEquals(periodicFullSync, ufpr.getFullSyncPeriod());
+ assertEquals(periodicChangedUsersSync, ufpr.getChangedSyncPeriod());
}
- @Ignore
- @Test
- public void caseSensitiveSearch() {
- // This should fail for now due to case-sensitivity
- adminConsolePage.navigateTo();
- testRealmLoginPage.form().login("johnKeycloak", "Password1");
- assertTrue(flashMessage.getText(), flashMessage.isDanger());
+ private LDAPEmbeddedServer startEmbeddedLdapServer() throws Exception {
+ Properties defaultProperties = new Properties();
+ defaultProperties.setProperty(LDAPEmbeddedServer.PROPERTY_DSF, LDAPEmbeddedServer.DSF_INMEMORY);
+ defaultProperties.setProperty(LDAPEmbeddedServer.PROPERTY_LDIF_FILE, "classpath:ldap/users.ldif");
+ LDAPEmbeddedServer ldapEmbeddedServer = new LDAPEmbeddedServer(defaultProperties);
+ ldapEmbeddedServer.init();
+ ldapEmbeddedServer.start();
+ return ldapEmbeddedServer;
}
-}
\ No newline at end of file
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/ldap/users.ldif b/testsuite/integration-arquillian/tests/base/src/test/resources/ldap/users.ldif
new file mode 100644
index 0000000..176e19b
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/ldap/users.ldif
@@ -0,0 +1,20 @@
+dn: dc=keycloak,dc=org
+objectclass: dcObject
+objectclass: organization
+o: Keycloak
+dc: Keycloak
+
+dn: ou=People,dc=keycloak,dc=org
+objectclass: top
+objectclass: organizationalUnit
+ou: People
+
+dn: ou=RealmRoles,dc=keycloak,dc=org
+objectclass: top
+objectclass: organizationalUnit
+ou: RealmRoles
+
+dn: ou=FinanceRoles,dc=keycloak,dc=org
+objectclass: top
+objectclass: organizationalUnit
+ou: FinanceRoles