0 Replies Latest reply on Nov 26, 2013 11:15 AM by ed_mann

    Picketlink IDM Group List

    ed_mann
    ed_mann Nov 26, 2013 11:15 AM

      I was able to get LDAP authentication to work via the code below.

       

      import static org.picketlink.common.constants.LDAPConstants.CN;
import static org.picketlink.common.constants.LDAPConstants.CREATE_TIMESTAMP;
import static org.picketlink.common.constants.LDAPConstants.EMAIL;
import static org.picketlink.common.constants.LDAPConstants.GROUP_OF_NAMES;
import static org.picketlink.common.constants.LDAPConstants.SN;
import static org.picketlink.common.constants.LDAPConstants.UID;

import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Produces;

import org.picketlink.idm.config.IdentityConfiguration;
import org.picketlink.idm.config.IdentityConfigurationBuilder;
import org.picketlink.idm.model.basic.Agent;
import org.picketlink.idm.model.basic.Grant;
import org.picketlink.idm.model.basic.Group;
import org.picketlink.idm.model.basic.GroupMembership;
import org.picketlink.idm.model.basic.Role;
import org.picketlink.idm.model.basic.User;

/**
* @author Edward Mann
*
*/
@ApplicationScoped
public class IDMConfiguration {

    private static final String BASE_DN = "dc=example,dc=com";
    private static final String LDAP_URL = "ldap://127.0.0.1:389";
    private static final String GROUP_DN_SUFFIX = "ou=Groups,dc=example,dc=com";
    private static final String USER_DN_SUFFIX = "ou=People,dc=example,dc=com";
    private static final String AGENT_DN_SUFFIX = "ou=People,dc=example,dc=com";

    /**
     * <p>
     * We use this method to produce a {@link IdentityConfiguration} configured
     * with a LDAP store.
     * </p>
     *
     * @return
     */
    @Produces
    public IdentityConfiguration configure() {
    return initLDAP();
    }
   
    private IdentityConfiguration initLDAP(){
    IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder();
        builder.named("ldap.config")
            .stores()
            .ldap().supportAllFeatures()
            .baseDN(BASE_DN)
            .bindDN("uid=manager,ou=special users, dc=example, dc=com")
            .bindCredential("somepassword").url(LDAP_URL)
            .supportCredentials(true)
            .mapping(Agent.class).baseDN(AGENT_DN_SUFFIX)
            .objectClasses("inetOrgPerson")
            .attribute("loginName", UID, true)
            .readOnlyAttribute("createdDate", CREATE_TIMESTAMP)
            .mapping(User.class).baseDN(USER_DN_SUFFIX)
            .objectClasses("inetOrgPerson")
            .attribute("loginName", UID, true).attribute("firstName", "givenname")
            .attribute("lastName", SN).attribute("email", EMAIL)
            .readOnlyAttribute("createdDate", CREATE_TIMESTAMP)
            .mapping(Group.class).baseDN(GROUP_DN_SUFFIX)
            .objectClasses("groupofuniquenames", "posixgroup").attribute("name", CN, true)
            .readOnlyAttribute("createdDate", CREATE_TIMESTAMP).parentMembershipAttributeName("uniquemember")
                    .mapping(GroupMembership.class)
                        .forMapping(Group.class)
                        .attribute("member", "uniquemember");

        return builder.build();
    }
}

      I am using initLDAP because i have another method to initAD because it requires some other options, i did not include that method here as i am only trying to get my 389 Directory server group lists. After i figure that out i feel confident that i can get AD to work.

       

      Here is my login controller.

      import java.util.List;

import javax.enterprise.context.RequestScoped;
import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.inject.Inject;
import javax.inject.Named;

import org.picketlink.Identity;
import org.picketlink.Identity.AuthenticationResult;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.model.basic.Group;
import org.picketlink.idm.query.IdentityQuery;



/**
* @author Edward Mann
*
*/
@Named
@RequestScoped
public class LoginController {

    @Inject
    private Identity identity;

    @Inject
    private FacesContext facesContext;
   
    @Inject
    private IdentityManager identityManager;

    public String login() {
        // let's authenticate the user. the credentials were provided by populating the <code>loginCredentials</code>
        // named bean directly.
        AuthenticationResult result = identity.login();
   
        String ref = null;
       
       
        if (AuthenticationResult.FAILED.equals(result)) {
            ref = "/home.xhtml";
        } else {
            this.facesContext.addMessage(null, new FacesMessage(
                    "Authentication was unsuccessful. Please check your username and password " + "before trying again."));
        }

        return ref;
    }

    public String logout() {
        this.identity.logout();
        return "/login.xhtml";
    }
   
/**
* Trying to find groups configured in ldap server
*/
    public List<Group> getGroups(){
    IdentityQuery<Group> query = identityManager.createIdentityQuery(Group.class);
        List<Group> groups = query.getResultList();
        return groups;
     
     
    }
}

       

      When i call the getGroups method it returns empty. Can someone give me some clues as to how i can get picketlink to return all (as many as ldap server will return) groups in the system? I will also like to be able to filter those. I know with the query i can set parameters. But first  i just want to see if i can get a list of groups returned.

       

      I am using picketlink-2.5.3.Beta1

       

      Thanks