Fix testsuite to pass with MSAD

testsuite/integration/pom.xml

@@ -511,5 +511,27 @@
                 </plugins>
             </build>
         </profile>
+
+        <!-- Ldap profiles -->
+        <profile>
+            <id>msad</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-surefire-plugin</artifactId>
+                        <configuration>
+                            <includes>
+                                <include>org/keycloak/testsuite/federation/ldap/base/**</include>
+                            </includes>
+                            <excludes>
+                                <exclude>**/LDAPMultipleAttributesTest.java</exclude>
+                            </excludes>
+                        </configuration>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+
     </profiles>
 </project>

testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/FederationTestUtils.java

@@ -93,6 +93,16 @@ public List<String> getAttribute(String name) {
         return LDAPUtils.addUserToLDAP(ldapProvider, realm, helperUser);
     }
 
+    public static void updateLDAPPassword(LDAPFederationProvider ldapProvider, LDAPObject ldapUser, String password) {
+        ldapProvider.getLdapIdentityStore().updatePassword(ldapUser, password);
+
+        // Enable MSAD user through userAccountControls
+        if (ldapProvider.getLdapIdentityStore().getConfig().isActiveDirectory()) {
+            ldapUser.setSingleAttribute(LDAPConstants.USER_ACCOUNT_CONTROL, "512");
+            ldapProvider.getLdapIdentityStore().update(ldapUser);
+        }
+    }
+
     public static LDAPFederationProvider getLdapProvider(KeycloakSession keycloakSession, UserFederationProviderModel ldapFedModel) {
         LDAPFederationProviderFactory ldapProviderFactory = (LDAPFederationProviderFactory) keycloakSession.getKeycloakSessionFactory().getProviderFactory(UserFederationProvider.class, ldapFedModel.getProviderName());
         return ldapProviderFactory.getInstance(keycloakSession, ldapFedModel);

testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/base/FederationProvidersIntegrationTest.java

@@ -79,7 +79,7 @@ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmMod
             FederationTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm);
 
             LDAPObject john = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234");
-            ldapFedProvider.getLdapIdentityStore().updatePassword(john, "Password1");
+            FederationTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1");
 
             LDAPObject existing = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "existing", "Existing", "Foo", "existing@email.org", null, "5678");
 
@@ -132,9 +132,9 @@ public void caseInSensitiveImport() {
             RealmModel appRealm = manager.getRealm("test");
             LDAPFederationProvider ldapFedProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
             LDAPObject jbrown2 = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "JBrown2", "John", "Brown2", "jbrown2@email.org", null, "1234");
-            ldapFedProvider.getLdapIdentityStore().updatePassword(jbrown2, "Password1");
+            FederationTestUtils.updateLDAPPassword(ldapFedProvider, jbrown2, "Password1");
             LDAPObject jbrown3 = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "jbrown3", "John", "Brown3", "JBrown3@email.org", null, "1234");
-            ldapFedProvider.getLdapIdentityStore().updatePassword(jbrown3, "Password1");
+            FederationTestUtils.updateLDAPPassword(ldapFedProvider, jbrown3, "Password1");
         } finally {
             keycloakRule.stopSession(session, true);
         }
@@ -165,10 +165,10 @@ public void caseInsensitiveSearch() {
             RealmManager manager = new RealmManager(session);
             RealmModel appRealm = manager.getRealm("test");
             LDAPFederationProvider ldapFedProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
-            LDAPObject jbrown2 = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "JBrown4", "John", "Brown4", "jbrown4@email.org", null, "1234");
-            ldapFedProvider.getLdapIdentityStore().updatePassword(jbrown2, "Password1");
-            LDAPObject jbrown3 = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "jbrown5", "John", "Brown5", "JBrown5@Email.org", null, "1234");
-            ldapFedProvider.getLdapIdentityStore().updatePassword(jbrown3, "Password1");
+            LDAPObject jbrown4 = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "JBrown4", "John", "Brown4", "jbrown4@email.org", null, "1234");
+            FederationTestUtils.updateLDAPPassword(ldapFedProvider, jbrown4, "Password1");
+            LDAPObject jbrown5 = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "jbrown5", "John", "Brown5", "JBrown5@Email.org", null, "1234");
+            FederationTestUtils.updateLDAPPassword(ldapFedProvider, jbrown5, "Password1");
         } finally {
             keycloakRule.stopSession(session, true);
         }
@@ -371,31 +371,31 @@ public void testCaseSensitiveAttributeName() {
     }
 
     @Test
-    public void testDotInUsername() {
+    public void testCommaInUsername() {
         KeycloakSession session = keycloakRule.startSession();
         boolean skip = false;
 
         try {
             RealmModel appRealm = new RealmManager(session).getRealmByName("test");
             LDAPFederationProvider ldapFedProvider = FederationTestUtils.getLdapProvider(session, ldapModel);
 
-            // Workaround as dot is not allowed in sAMAccountName on active directory. So we will skip the test for this configuration
+            // Workaround as comma is not allowed in sAMAccountName on active directory. So we will skip the test for this configuration
             LDAPConfig config = ldapFedProvider.getLdapIdentityStore().getConfig();
             if (config.isActiveDirectory() && config.getUsernameLdapAttribute().equals(LDAPConstants.SAM_ACCOUNT_NAME)) {
                 skip = true;
             }
 
             if (!skip) {
-                LDAPObject johnDot = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "john,dot", "John", "Dot", "johndot@email.org", null, "12387");
-                ldapFedProvider.getLdapIdentityStore().updatePassword(johnDot, "Password1");
+                LDAPObject johnComma = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "john,comma", "John", "Comma", "johncomma@email.org", null, "12387");
+                FederationTestUtils.updateLDAPPassword(ldapFedProvider, johnComma, "Password1");
             }
         } finally {
             keycloakRule.stopSession(session, false);
         }
 
         if (!skip) {
-            // Try to import the user with dot in username into Keycloak
-            loginSuccessAndLogout("john,dot", "Password1");
+            // Try to import the user with comma in username into Keycloak
+            loginSuccessAndLogout("john,comma", "Password1");
         }
     }
 
@@ -583,7 +583,7 @@ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmMod
                 FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "marykeycloak", "Mary1", "Kelly1", "mary1@email.org", null, "123");
                 FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "mary-duplicatemail", "Mary2", "Kelly2", "mary@test.com", null, "123");
                 LDAPObject marynoemail = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "marynoemail", "Mary1", "Kelly1", null, null, "123");
-                ldapFedProvider.getLdapIdentityStore().updatePassword(marynoemail, "Password1");
+                FederationTestUtils.updateLDAPPassword(ldapFedProvider, marynoemail, "Password1");
             }
 
         });

testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/base/LDAPGroupMapperTest.java

@@ -84,13 +84,13 @@ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmMod
 
             // Add some LDAP users for testing
             LDAPObject john = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234");
-            ldapFedProvider.getLdapIdentityStore().updatePassword(john, "Password1");
+            FederationTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1");
 
             LDAPObject mary = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "marykeycloak", "Mary", "Kelly", "mary@email.org", null, "5678");
-            ldapFedProvider.getLdapIdentityStore().updatePassword(mary, "Password1");
+            FederationTestUtils.updateLDAPPassword(ldapFedProvider, mary, "Password1");
 
             LDAPObject rob = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "robkeycloak", "Rob", "Brown", "rob@email.org", null, "8910");
-            ldapFedProvider.getLdapIdentityStore().updatePassword(rob, "Password1");
+            FederationTestUtils.updateLDAPPassword(ldapFedProvider, rob, "Password1");
 
         }
     });

testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/base/LDAPMultipleAttributesTest.java

@@ -70,13 +70,13 @@ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmMod
             FederationTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm);
 
             LDAPObject james = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "jbrown", "James", "Brown", "jbrown@keycloak.org", null, "88441");
-            ldapFedProvider.getLdapIdentityStore().updatePassword(james, "password");
+            FederationTestUtils.updateLDAPPassword(ldapFedProvider, james, "Password1");
 
             // User for testing duplicating surname and postalCode
             LDAPObject bruce = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "bwilson", "Bruce", "Wilson", "bwilson@keycloak.org", "Elm 5", "88441", "77332");
             bruce.setAttribute("sn", new LinkedHashSet<>(Arrays.asList("Wilson", "Schneider")));
             ldapFedProvider.getLdapIdentityStore().update(bruce);
-            ldapFedProvider.getLdapIdentityStore().updatePassword(bruce, "password");
+            FederationTestUtils.updateLDAPPassword(ldapFedProvider, bruce, "Password1");
 
             // Create ldap-portal client
             ClientModel ldapClient = KeycloakModelUtils.createClient(appRealm, "ldap-portal");
@@ -174,7 +174,7 @@ public void ldapPortalEndToEndTest() {
         // Login as bwilson
         driver.navigate().to(APP_SERVER_BASE_URL + "/ldap-portal");
         Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-        loginPage.login("bwilson", "password");
+        loginPage.login("bwilson", "Password1");
         Assert.assertTrue(driver.getCurrentUrl().startsWith(APP_SERVER_BASE_URL + "/ldap-portal"));
         String pageSource = driver.getPageSource();
         System.out.println(pageSource);
@@ -190,7 +190,7 @@ public void ldapPortalEndToEndTest() {
         // Login as jbrown
         driver.navigate().to(APP_SERVER_BASE_URL + "/ldap-portal");
         Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
-        loginPage.login("jbrown", "password");
+        loginPage.login("jbrown", "Password1");
         Assert.assertTrue(driver.getCurrentUrl().startsWith(APP_SERVER_BASE_URL + "/ldap-portal"));
         pageSource = driver.getPageSource();
         System.out.println(pageSource);

testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/base/LDAPRoleMappingsTest.java

@@ -75,13 +75,13 @@ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmMod
 
             // Add some users for testing
             LDAPObject john = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234");
-            ldapFedProvider.getLdapIdentityStore().updatePassword(john, "Password1");
+            FederationTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1");
 
             LDAPObject mary = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "marykeycloak", "Mary", "Kelly", "mary@email.org", null, "5678");
-            ldapFedProvider.getLdapIdentityStore().updatePassword(mary, "Password1");
+            FederationTestUtils.updateLDAPPassword(ldapFedProvider, mary, "Password1");
 
             LDAPObject rob = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "robkeycloak", "Rob", "Brown", "rob@email.org", null, "8910");
-            ldapFedProvider.getLdapIdentityStore().updatePassword(rob, "Password1");
+            FederationTestUtils.updateLDAPPassword(ldapFedProvider, rob, "Password1");
 
             // Add some roles for testing
             FederationTestUtils.createLDAPRole(manager.getSession(), appRealm, ldapModel, "realmRolesMapper", "realmRole1");

testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/base/SyncProvidersTest.java

@@ -65,7 +65,7 @@ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmMod
 
             for (int i=1 ; i<=5 ; i++) {
                 LDAPObject ldapUser = FederationTestUtils.addLDAPUser(ldapFedProvider, appRealm, "user" + i, "User" + i + "FN", "User" + i + "LN", "user" + i + "@email.org", null, "12" + i);
-                ldapFedProvider.getLdapIdentityStore().updatePassword(ldapUser, "Password1");
+                FederationTestUtils.updateLDAPPassword(ldapFedProvider, ldapUser, "Password1");
             }
 
             // Add dummy provider