/** * Tests if the given {@link ExternalIdentityRef} refers to the same IDP * as associated with this context instance. * * @param ref The {@link ExternalIdentityRef} to be tested. * @return {@code true} if {@link ExternalIdentityRef#getProviderName()} refers * to the IDP associated with this context instance. */ protected boolean isSameIDP(@NotNull ExternalIdentityRef ref) { return idp.getName().equals(ref.getProviderName()); } }
externalUser = idp.getUser(preAuthLogin.getUserId()); } else { externalUser = idp.authenticate(credentials); log.debug("IDP {} returned valid user {}", idp.getName(), externalUser); debug("IDP {} returned null for {}", idp.getName(), logId.toString()); log.error("Error while authenticating '{}' with {}", logId, idp.getName(), e); return false; } catch (LoginException e) { log.debug("IDP {} throws login exception for '{}': {}", idp.getName(), logId, e.getMessage()); throw e; } catch (Exception e) {
for (String externalId : externalIds) { ExternalIdentityRef ref = ExternalIdentityRef.fromString(externalId); if (!idp.getName().equals(ref.getProviderName())) { results.add(new DefaultSyncResultImpl(new DefaultSyncedIdentity(ref.getId(), ref, false, -1), SyncResult.Status.FOREIGN)); } else { try { ExternalIdentity id = idp.getIdentity(ref); if (id != null) { results = syncUser(id, results, list);
@Test public void testGetPrincipalUnderscoreSign() throws Exception { ExternalUser externalUser = idp.getUser(USER_ID); for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) { String pName = idp.getIdentity(ref).getPrincipalName(); for (String n : new String[]{"_", "_" + pName.substring(1), pName.substring(0, pName.length() - 1) + "_"}) { assertNull(principalProvider.getPrincipal(n)); } } }
private void sync(@NotNull String id, boolean isGroup) throws Exception { ctx = sh.createContext(idp, userManager, valueFactory); ExternalIdentity exIdentity = (isGroup) ? idp.getGroup(id) : idp.getUser(id); assertNotNull(exIdentity); SyncResult res = ctx.sync(exIdentity); assertEquals(idp.getName(), res.getIdentity().getExternalIdRef().getProviderName()); assertSame(SyncResult.Status.ADD, res.getStatus()); r.commit(); }
private void assertExternalPrincipalNames(@NotNull UserManager userMgr, @NotNull String id) throws Exception { Authorizable a = userMgr.getAuthorizable(id); assertNotNull(a); Set<String> expected = new HashSet<>(); calcExpectedPrincipalNames(idp.getUser(id), syncConfig.user().getMembershipNestingDepth(), expected); Set<String> extPrincNames = new HashSet<>(); for (Value v : a.getProperty(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES)) { extPrincNames.add(v.getString()); } assertEquals(expected, extPrincNames); }
private Map<String, String> getExpectedUserResult(String expectedOp, boolean includeGroups) throws ExternalIdentityException { Map<String, String> expected = new HashMap<>(); Iterator<ExternalUser> it = idp.listUsers(); while (it.hasNext()) { ExternalUser eu = it.next(); expected.put(eu.getId(), expectedOp); if (includeGroups) { for (ExternalIdentityRef ref : eu.getDeclaredGroups()) { expected.put(ref.getId(), expectedOp); } } } return expected; }
@Test public void testSyncMembershipGroupIsSyncedAsUser() throws Exception { ExternalUser fromIDP = idp.listUsers().next(); ExternalIdentityRef groupRef = fromIDP.getDeclaredGroups().iterator().next(); // sync the the ext-user from the idp (but make it just declare a single group) ExternalUser extuser = new ExternalUserWithDeclaredGroup(groupRef, fromIDP); Authorizable a = syncCtx.createUser(extuser); // create an external-user based on info that the IDP knows as group and sync it ExternalUser externalIdentity = new ExternalUserFromGroup(idp.getIdentity(groupRef)); Authorizable a2 = syncCtx.createUser(externalIdentity); assertFalse(a2.isGroup()); root.commit(); // now sync-ing the membership should not have any effect as the external // group referenced from 'extuser' has already been created in the system // as user. syncCtx.syncMembership(extuser, a, 1); assertFalse(root.hasPendingChanges()); }
@Nullable @Override public String apply(@Nullable SyncedIdentity syncedIdentity) { if (syncedIdentity != null && isMyIDP(syncedIdentity)) { ExternalIdentityRef ref = syncedIdentity.getExternalIdRef(); try { ExternalIdentity extId = (ref == null) ? null : idp.getIdentity(ref); if (extId == null) { return syncedIdentity.getId(); } } catch (ExternalIdentityException e) { log.error("Error while fetching external identity {}", syncedIdentity, e); } } return null; } }), Predicates.notNull());
@Before public void before() throws Exception { externalUser = idp.getUser(TestIdentityProvider.ID_TEST_USER); assertNotNull(externalUser); si = new DefaultSyncedIdentity(externalUser.getId(), externalUser.getExternalId(), false, 234); externalGroup = idp.listGroups().next(); siGroup = new DefaultSyncedIdentity(externalGroup.getId(), externalGroup.getExternalId(), true, 234); }
@Test public void testFindPrincipalsFiltersDuplicates() throws Exception { ExternalGroup gr = idp.getGroup("a"); ExternalUser otherUser = new TestUser("anotherUser", ImmutableSet.of(gr.getExternalId())); sync(otherUser); Set<Principal> expected = new HashSet<>(); expected.add(new PrincipalImpl(gr.getPrincipalName())); long depth = syncConfig.user().getMembershipNestingDepth(); if (depth > 1) { collectExpectedPrincipals(expected, gr.getDeclaredGroups(), --depth); } Iterator<? extends Principal> res = principalProvider.findPrincipals("a", PrincipalManager.SEARCH_TYPE_ALL); assertTrue(res.hasNext()); assertEquals(expected, ImmutableSet.copyOf(res)); }
@Test(expected = SyncException.class) public void testGetAuthorizableGroupWrongType() throws Exception { ExternalIdentity extGroup = idp.listGroups().next(); sync(extGroup); syncCtx.getAuthorizable(extGroup, User.class); }
@Test public void testSyncAllGroups() throws Exception { // first sync external users into the repo Map<String, String> expected = new HashMap<>(); Iterator<ExternalGroup> grIt = idp.listGroups(); while (grIt.hasNext()) { ExternalGroup eg = grIt.next(); sync(idp, eg.getId(), true); expected.put(eg.getId(), "upd"); } // verify effect of syncAllUsers (which in this case are groups) String[] result = syncMBean.syncAllUsers(false); assertResultMessages(result, expected); UserManager userManager = getUserManager(); for (String id : expected.keySet()) { ExternalIdentity ei = idp.getGroup(id); assertSync(ei, userManager); } }
@Test public void testIsSameIDPExternalIdentityRef() throws Exception { assertFalse(syncCtx.isSameIDP(new TestIdentityProvider.ForeignExternalUser().getExternalId())); assertFalse(syncCtx.isSameIDP(new TestIdentityProvider.ForeignExternalGroup().getExternalId())); assertTrue(syncCtx.isSameIDP(new TestIdentityProvider.TestIdentity().getExternalId())); assertTrue(syncCtx.isSameIDP(idp.listGroups().next().getExternalId())); assertTrue(syncCtx.isSameIDP(idp.listUsers().next().getExternalId())); }
@Test public void testSimpleExternal() throws Exception { // verify that authentication against the IDP succeeds with the given creds. Credentials creds = new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0]); ExternalUser externalUser = idp.authenticate(creds); assertNotNull(externalUser); assertEquals(TestIdentityProvider.ID_TEST_USER, externalUser.getId()); // => repo login must also succeed and the user must be synced. ContentSession cs = null; try { cs = login(creds); assertEquals(TestIdentityProvider.ID_TEST_USER, cs.getAuthInfo().getUserID()); root.refresh(); User u = getUserManager(root).getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class); assertNotNull(u); } finally { if (cs != null) { cs.close(); } } } }
@Test public void testGetPrincipalInheritedGroups() throws Exception { ImmutableSet<ExternalIdentityRef> declared = ImmutableSet.<ExternalIdentityRef>copyOf(idp.getUser(USER_ID).getDeclaredGroups()); for (ExternalIdentityRef ref : declared) { for (ExternalIdentityRef inheritedGroupRef : idp.getIdentity(ref).getDeclaredGroups()) { if (declared.contains(inheritedGroupRef)) { continue; } String inheritedPrincName = idp.getIdentity(inheritedGroupRef).getPrincipalName(); assertNull(principalProvider.getPrincipal(inheritedPrincName)); } } }
@Test public void syncExternalUser() throws Exception { SyncResult res = syncCtx.sync(idp.getUser(USER_ID)); assertRepExternalId(res); }
@Test(expected = SyncException.class) public void testGetAuthorizableUserWrongType() throws Exception { ExternalIdentity extUser = idp.listUsers().next(); sync(extUser); syncCtx.getAuthorizable(extUser, Group.class); }
ExternalIdentity extId = idp.getIdentity(ref); if (extId instanceof ExternalGroup) { extGroup = (ExternalGroup) extId; grp = (Group) a; } else { log.warn("Existing authorizable '{}' is not a group from this IDP '{}'.", extGroup.getId(), idp.getName()); continue;