0 Replies Latest reply on Nov 26, 2013 11:15 AM by ed_mann

    Picketlink IDM Group List


      I was able to get LDAP authentication to work via the code below.


      import static org.picketlink.common.constants.LDAPConstants.CN;
      import static org.picketlink.common.constants.LDAPConstants.CREATE_TIMESTAMP;
      import static org.picketlink.common.constants.LDAPConstants.EMAIL;
      import static org.picketlink.common.constants.LDAPConstants.GROUP_OF_NAMES;
      import static org.picketlink.common.constants.LDAPConstants.SN;
      import static org.picketlink.common.constants.LDAPConstants.UID;
      import javax.enterprise.context.ApplicationScoped;
      import javax.enterprise.inject.Produces;
      import org.picketlink.idm.config.IdentityConfiguration;
      import org.picketlink.idm.config.IdentityConfigurationBuilder;
      import org.picketlink.idm.model.basic.Agent;
      import org.picketlink.idm.model.basic.Grant;
      import org.picketlink.idm.model.basic.Group;
      import org.picketlink.idm.model.basic.GroupMembership;
      import org.picketlink.idm.model.basic.Role;
      import org.picketlink.idm.model.basic.User;
      * @author Edward Mann
      public class IDMConfiguration {
          private static final String BASE_DN = "dc=example,dc=com";
          private static final String LDAP_URL = "ldap://";
          private static final String GROUP_DN_SUFFIX = "ou=Groups,dc=example,dc=com";
          private static final String USER_DN_SUFFIX = "ou=People,dc=example,dc=com";
          private static final String AGENT_DN_SUFFIX = "ou=People,dc=example,dc=com";
           * <p>
           * We use this method to produce a {@link IdentityConfiguration} configured
           * with a LDAP store.
           * </p>
           * @return
          public IdentityConfiguration configure() {
          return initLDAP();
          private IdentityConfiguration initLDAP(){
          IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder();
                  .bindDN("uid=manager,ou=special users, dc=example, dc=com")
                  .attribute("loginName", UID, true)
                  .readOnlyAttribute("createdDate", CREATE_TIMESTAMP)
                  .attribute("loginName", UID, true).attribute("firstName", "givenname")
                  .attribute("lastName", SN).attribute("email", EMAIL)
                  .readOnlyAttribute("createdDate", CREATE_TIMESTAMP)
                  .objectClasses("groupofuniquenames", "posixgroup").attribute("name", CN, true)
                  .readOnlyAttribute("createdDate", CREATE_TIMESTAMP).parentMembershipAttributeName("uniquemember")
                              .attribute("member", "uniquemember");
              return builder.build();

      I am using initLDAP because i have another method to initAD because it requires some other options, i did not include that method here as i am only trying to get my 389 Directory server group lists. After i figure that out i feel confident that i can get AD to work.


      Here is my login controller.

      import java.util.List;
      import javax.enterprise.context.RequestScoped;
      import javax.faces.application.FacesMessage;
      import javax.faces.context.FacesContext;
      import javax.inject.Inject;
      import javax.inject.Named;
      import org.picketlink.Identity;
      import org.picketlink.Identity.AuthenticationResult;
      import org.picketlink.idm.IdentityManager;
      import org.picketlink.idm.model.basic.Group;
      import org.picketlink.idm.query.IdentityQuery;
      * @author Edward Mann
      public class LoginController {
          private Identity identity;
          private FacesContext facesContext;
          private IdentityManager identityManager;
          public String login() {
              // let's authenticate the user. the credentials were provided by populating the <code>loginCredentials</code>
              // named bean directly.
              AuthenticationResult result = identity.login();
              String ref = null;
              if (AuthenticationResult.FAILED.equals(result)) {
                  ref = "/home.xhtml";
              } else {
                  this.facesContext.addMessage(null, new FacesMessage(
                          "Authentication was unsuccessful. Please check your username and password " + "before trying again."));
              return ref;
          public String logout() {
              return "/login.xhtml";
      * Trying to find groups configured in ldap server
          public List<Group> getGroups(){
          IdentityQuery<Group> query = identityManager.createIdentityQuery(Group.class);
              List<Group> groups = query.getResultList();
              return groups;


      When i call the getGroups method it returns empty. Can someone give me some clues as to how i can get picketlink to return all (as many as ldap server will return) groups in the system? I will also like to be able to filter those. I know with the query i can set parameters. But first  i just want to see if i can get a list of groups returned.


      I am using picketlink-2.5.3.Beta1