Examples with AuthenticationFlowException - org.keycloak.authentication.AuthenticationFlowException

Example 6 with AuthenticationFlowException

use of org.keycloak.authentication.AuthenticationFlowException in project keycloak by keycloak.

the class LoginActionsService method processRequireAction.

private Response processRequireAction(final String authSessionId, final String code, String action, String clientId, String tabId) {
    event.event(EventType.CUSTOM_REQUIRED_ACTION);
    SessionCodeChecks checks = checksForCode(authSessionId, code, action, clientId, tabId, REQUIRED_ACTION);
    if (!checks.verifyRequiredAction(action)) {
        return checks.getResponse();
    }
    AuthenticationSessionModel authSession = checks.getAuthenticationSession();
    processLocaleParam(authSession);
    if (!checks.isActionRequest()) {
        initLoginEvent(authSession);
        event.event(EventType.CUSTOM_REQUIRED_ACTION);
        return AuthenticationManager.nextActionAfterAuthentication(session, authSession, clientConnection, request, session.getContext().getUri(), event);
    }
    initLoginEvent(authSession);
    event.event(EventType.CUSTOM_REQUIRED_ACTION);
    event.detail(Details.CUSTOM_REQUIRED_ACTION, action);
    RequiredActionFactory factory = (RequiredActionFactory) session.getKeycloakSessionFactory().getProviderFactory(RequiredActionProvider.class, action);
    if (factory == null) {
        ServicesLogger.LOGGER.actionProviderNull();
        event.error(Errors.INVALID_CODE);
        throw new WebApplicationException(ErrorPage.error(session, authSession, Response.Status.BAD_REQUEST, Messages.INVALID_CODE));
    }
    RequiredActionContextResult context = new RequiredActionContextResult(authSession, realm, event, session, request, authSession.getAuthenticatedUser(), factory) {

        @Override
        public void ignore() {
            throw new RuntimeException("Cannot call ignore within processAction()");
        }
    };
    RequiredActionProvider provider = null;
    try {
        provider = AuthenticationManager.createRequiredAction(context);
    } catch (AuthenticationFlowException e) {
        if (e.getResponse() != null) {
            return e.getResponse();
        }
        throw new WebApplicationException(ErrorPage.error(session, authSession, Response.Status.BAD_REQUEST, Messages.DISPLAY_UNSUPPORTED));
    }
    Response response;
    if (isCancelAppInitiatedAction(factory.getId(), authSession, context)) {
        provider.initiatedActionCanceled(session, authSession);
        AuthenticationManager.setKcActionStatus(factory.getId(), RequiredActionContext.KcActionStatus.CANCELLED, authSession);
        context.success();
    } else {
        provider.processAction(context);
    }
    if (action != null) {
        authSession.setAuthNote(AuthenticationProcessor.LAST_PROCESSED_EXECUTION, action);
    }
    if (context.getStatus() == RequiredActionContext.Status.SUCCESS) {
        event.clone().success();
        initLoginEvent(authSession);
        event.event(EventType.LOGIN);
        authSession.removeRequiredAction(factory.getId());
        authSession.getAuthenticatedUser().removeRequiredAction(factory.getId());
        authSession.removeAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION);
        AuthenticationManager.setKcActionStatus(factory.getId(), RequiredActionContext.KcActionStatus.SUCCESS, authSession);
        response = AuthenticationManager.nextActionAfterAuthentication(session, authSession, clientConnection, request, session.getContext().getUri(), event);
    } else if (context.getStatus() == RequiredActionContext.Status.CHALLENGE) {
        response = context.getChallenge();
    } else if (context.getStatus() == RequiredActionContext.Status.FAILURE) {
        response = interruptionResponse(context, authSession, action, Error.CONSENT_DENIED);
    } else {
        throw new RuntimeException("Unreachable");
    }
    return BrowserHistoryHelper.getInstance().saveResponseAndRedirect(session, authSession, response, true, request);
}

Also used : Response(javax.ws.rs.core.Response) AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel) RequiredActionFactory(org.keycloak.authentication.RequiredActionFactory) WebApplicationException(javax.ws.rs.WebApplicationException) RequiredActionProvider(org.keycloak.authentication.RequiredActionProvider) AuthenticationFlowException(org.keycloak.authentication.AuthenticationFlowException) RequiredActionContextResult(org.keycloak.authentication.RequiredActionContextResult)

Example 7 with AuthenticationFlowException

use of org.keycloak.authentication.AuthenticationFlowException in project keycloak by keycloak.

the class AbstractIdpAuthenticator method authenticate.

@Override
public void authenticate(AuthenticationFlowContext context) {
    AuthenticationSessionModel authSession = context.getAuthenticationSession();
    SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authSession, BROKERED_CONTEXT_NOTE);
    if (serializedCtx == null) {
        throw new AuthenticationFlowException("Not found serialized context in clientSession", AuthenticationFlowError.IDENTITY_PROVIDER_ERROR);
    }
    BrokeredIdentityContext brokerContext = serializedCtx.deserialize(context.getSession(), authSession);
    if (!brokerContext.getIdpConfig().isEnabled()) {
        sendFailureChallenge(context, Response.Status.BAD_REQUEST, Errors.IDENTITY_PROVIDER_ERROR, Messages.IDENTITY_PROVIDER_UNEXPECTED_ERROR, AuthenticationFlowError.IDENTITY_PROVIDER_ERROR);
    }
    authenticateImpl(context, serializedCtx, brokerContext);
}

Also used : AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel) AuthenticationFlowException(org.keycloak.authentication.AuthenticationFlowException) SerializedBrokeredIdentityContext(org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext) BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext) SerializedBrokeredIdentityContext(org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext)

Example 8 with AuthenticationFlowException

use of org.keycloak.authentication.AuthenticationFlowException in project keycloak by keycloak.

the class IdpUsernamePasswordForm method setupForm.

protected LoginFormsProvider setupForm(AuthenticationFlowContext context, MultivaluedMap<String, String> formData, Optional<UserModel> existingUser) {
    SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromAuthenticationSession(context.getAuthenticationSession(), AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE);
    if (serializedCtx == null) {
        throw new AuthenticationFlowException("Not found serialized context in clientSession", AuthenticationFlowError.IDENTITY_PROVIDER_ERROR);
    }
    existingUser.ifPresent(u -> formData.putSingle(AuthenticationManager.FORM_USERNAME, u.getUsername()));
    LoginFormsProvider form = context.form().setFormData(formData).setAttribute(LoginFormsProvider.REGISTRATION_DISABLED, true).setInfo(Messages.FEDERATED_IDENTITY_CONFIRM_REAUTHENTICATE_MESSAGE, serializedCtx.getIdentityProviderId());
    SerializedBrokeredIdentityContext serializedCtx0 = SerializedBrokeredIdentityContext.readFromAuthenticationSession(context.getAuthenticationSession(), AbstractIdpAuthenticator.NESTED_FIRST_BROKER_CONTEXT);
    if (serializedCtx0 != null) {
        BrokeredIdentityContext ctx0 = serializedCtx0.deserialize(context.getSession(), context.getAuthenticationSession());
        form.setError(Messages.NESTED_FIRST_BROKER_FLOW_MESSAGE, ctx0.getIdpConfig().getAlias(), ctx0.getUsername());
        context.getAuthenticationSession().setAuthNote(AbstractIdpAuthenticator.NESTED_FIRST_BROKER_CONTEXT, null);
    }
    return form;
}

Also used : LoginFormsProvider(org.keycloak.forms.login.LoginFormsProvider) AuthenticationFlowException(org.keycloak.authentication.AuthenticationFlowException) SerializedBrokeredIdentityContext(org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext) BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext) SerializedBrokeredIdentityContext(org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext)

Aggregations

AuthenticationFlowException (org.keycloak.authentication.AuthenticationFlowException)8 AuthenticationSessionModel (org.keycloak.sessions.AuthenticationSessionModel)4 SerializedBrokeredIdentityContext (org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext)3 BrokeredIdentityContext (org.keycloak.broker.provider.BrokeredIdentityContext)3 Response (javax.ws.rs.core.Response)2 RequiredActionContextResult (org.keycloak.authentication.RequiredActionContextResult)2 RequiredActionFactory (org.keycloak.authentication.RequiredActionFactory)2 RequiredActionProvider (org.keycloak.authentication.RequiredActionProvider)2 UserModel (org.keycloak.models.UserModel)2 WebApplicationException (javax.ws.rs.WebApplicationException)1 DisplayTypeRequiredActionFactory (org.keycloak.authentication.DisplayTypeRequiredActionFactory)1 ExistingUserInfo (org.keycloak.authentication.authenticators.broker.util.ExistingUserInfo)1 LoginFormsProvider (org.keycloak.forms.login.LoginFormsProvider)1 LoginProtocol (org.keycloak.protocol.LoginProtocol)1 BackchannelLogoutResponse (org.keycloak.protocol.oidc.BackchannelLogoutResponse)1 OIDCLoginProtocol (org.keycloak.protocol.oidc.OIDCLoginProtocol)1 RootAuthenticationSessionModel (org.keycloak.sessions.RootAuthenticationSessionModel)1