Search in sources :

Example 1 with ExistingUserInfo

use of org.keycloak.authentication.authenticators.broker.util.ExistingUserInfo in project keycloak by keycloak.

the class IdpDetectExistingBrokerUserAuthenticator method authenticateImpl.

@Override
protected void authenticateImpl(AuthenticationFlowContext context, SerializedBrokeredIdentityContext serializedCtx, BrokeredIdentityContext brokerContext) {
    RealmModel realm = context.getRealm();
    if (context.getAuthenticationSession().getAuthNote(EXISTING_USER_INFO) != null) {
        context.attempted();
        return;
    }
    String username = getUsername(context, serializedCtx, brokerContext);
    if (username == null) {
        ServicesLogger.LOGGER.resetFlow(realm.isRegistrationEmailAsUsername() ? "Email" : "Username");
        context.getAuthenticationSession().setAuthNote(ENFORCE_UPDATE_PROFILE, "true");
        context.resetFlow();
        return;
    }
    ExistingUserInfo duplication = checkExistingUser(context, username, serializedCtx, brokerContext);
    if (duplication == null) {
        logger.errorf("The user %s should be already registered in the realm to login %s", username, realm.getName());
        Response challengeResponse = context.form().setError(Messages.FEDERATED_IDENTITY_UNAVAILABLE, username, brokerContext.getIdpConfig().getAlias()).createErrorPage(Response.Status.UNAUTHORIZED);
        context.challenge(challengeResponse);
        context.getEvent().detail("authenticator", "DetectExistingBrokerUser").removeDetail(Details.AUTH_METHOD).removeDetail(Details.AUTH_TYPE).error(Errors.USER_NOT_FOUND);
    } else {
        logger.debugf("Duplication detected. There is already existing user with %s '%s' .", duplication.getDuplicateAttributeName(), duplication.getDuplicateAttributeValue());
        // Set duplicated user, so next authenticators can deal with it
        context.getAuthenticationSession().setAuthNote(EXISTING_USER_INFO, duplication.serialize());
        context.success();
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) Response(javax.ws.rs.core.Response) ExistingUserInfo(org.keycloak.authentication.authenticators.broker.util.ExistingUserInfo)

Example 2 with ExistingUserInfo

use of org.keycloak.authentication.authenticators.broker.util.ExistingUserInfo in project keycloak by keycloak.

the class AbstractIdpAuthenticator method getExistingUser.

public static UserModel getExistingUser(KeycloakSession session, RealmModel realm, AuthenticationSessionModel authSession) {
    String existingUserId = authSession.getAuthNote(EXISTING_USER_INFO);
    if (existingUserId == null) {
        throw new AuthenticationFlowException("Unexpected state. There is no existing duplicated user identified in ClientSession", AuthenticationFlowError.INTERNAL_ERROR);
    }
    ExistingUserInfo duplication = ExistingUserInfo.deserialize(existingUserId);
    UserModel existingUser = session.users().getUserById(realm, duplication.getExistingUserId());
    if (existingUser == null) {
        throw new AuthenticationFlowException("User with ID '" + existingUserId + "' not found.", AuthenticationFlowError.INVALID_USER);
    }
    if (!existingUser.isEnabled()) {
        throw new AuthenticationFlowException("User with ID '" + existingUserId + "', username '" + existingUser.getUsername() + "' disabled.", AuthenticationFlowError.USER_DISABLED);
    }
    return existingUser;
}
Also used : UserModel(org.keycloak.models.UserModel) ExistingUserInfo(org.keycloak.authentication.authenticators.broker.util.ExistingUserInfo) AuthenticationFlowException(org.keycloak.authentication.AuthenticationFlowException)

Example 3 with ExistingUserInfo

use of org.keycloak.authentication.authenticators.broker.util.ExistingUserInfo in project keycloak by keycloak.

the class IdpConfirmLinkAuthenticator method authenticateImpl.

@Override
protected void authenticateImpl(AuthenticationFlowContext context, SerializedBrokeredIdentityContext serializedCtx, BrokeredIdentityContext brokerContext) {
    AuthenticationSessionModel authSession = context.getAuthenticationSession();
    String existingUserInfo = authSession.getAuthNote(EXISTING_USER_INFO);
    if (existingUserInfo == null) {
        ServicesLogger.LOGGER.noDuplicationDetected();
        context.attempted();
        return;
    }
    ExistingUserInfo duplicationInfo = ExistingUserInfo.deserialize(existingUserInfo);
    Response challenge = context.form().setStatus(Response.Status.OK).setAttribute(LoginFormsProvider.IDENTITY_PROVIDER_BROKER_CONTEXT, brokerContext).setError(Messages.FEDERATED_IDENTITY_CONFIRM_LINK_MESSAGE, duplicationInfo.getDuplicateAttributeName(), duplicationInfo.getDuplicateAttributeValue()).createIdpLinkConfirmLinkPage();
    context.challenge(challenge);
}
Also used : Response(javax.ws.rs.core.Response) ExistingUserInfo(org.keycloak.authentication.authenticators.broker.util.ExistingUserInfo) AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel)

Example 4 with ExistingUserInfo

use of org.keycloak.authentication.authenticators.broker.util.ExistingUserInfo in project keycloak by keycloak.

the class IdpCreateUserIfUniqueAuthenticator method authenticateImpl.

@Override
protected void authenticateImpl(AuthenticationFlowContext context, SerializedBrokeredIdentityContext serializedCtx, BrokeredIdentityContext brokerContext) {
    KeycloakSession session = context.getSession();
    RealmModel realm = context.getRealm();
    if (context.getAuthenticationSession().getAuthNote(EXISTING_USER_INFO) != null) {
        context.attempted();
        return;
    }
    String username = getUsername(context, serializedCtx, brokerContext);
    if (username == null) {
        ServicesLogger.LOGGER.resetFlow(realm.isRegistrationEmailAsUsername() ? "Email" : "Username");
        context.getAuthenticationSession().setAuthNote(ENFORCE_UPDATE_PROFILE, "true");
        context.resetFlow();
        return;
    }
    ExistingUserInfo duplication = checkExistingUser(context, username, serializedCtx, brokerContext);
    if (duplication == null) {
        logger.debugf("No duplication detected. Creating account for user '%s' and linking with identity provider '%s' .", username, brokerContext.getIdpConfig().getAlias());
        UserModel federatedUser = session.users().addUser(realm, username);
        federatedUser.setEnabled(true);
        for (Map.Entry<String, List<String>> attr : serializedCtx.getAttributes().entrySet()) {
            if (!UserModel.USERNAME.equalsIgnoreCase(attr.getKey())) {
                federatedUser.setAttribute(attr.getKey(), attr.getValue());
            }
        }
        AuthenticatorConfigModel config = context.getAuthenticatorConfig();
        if (config != null && Boolean.parseBoolean(config.getConfig().get(IdpCreateUserIfUniqueAuthenticatorFactory.REQUIRE_PASSWORD_UPDATE_AFTER_REGISTRATION))) {
            logger.debugf("User '%s' required to update password", federatedUser.getUsername());
            federatedUser.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
        }
        userRegisteredSuccess(context, federatedUser, serializedCtx, brokerContext);
        context.setUser(federatedUser);
        context.getAuthenticationSession().setAuthNote(BROKER_REGISTERED_NEW_USER, "true");
        context.success();
    } else {
        logger.debugf("Duplication detected. There is already existing user with %s '%s' .", duplication.getDuplicateAttributeName(), duplication.getDuplicateAttributeValue());
        // Set duplicated user, so next authenticators can deal with it
        context.getAuthenticationSession().setAuthNote(EXISTING_USER_INFO, duplication.serialize());
        // Only show error message if the authenticator was required
        if (context.getExecution().isRequired()) {
            Response challengeResponse = context.form().setError(Messages.FEDERATED_IDENTITY_EXISTS, duplication.getDuplicateAttributeName(), duplication.getDuplicateAttributeValue()).createErrorPage(Response.Status.CONFLICT);
            context.challenge(challengeResponse);
            context.getEvent().user(duplication.getExistingUserId()).detail("existing_" + duplication.getDuplicateAttributeName(), duplication.getDuplicateAttributeValue()).removeDetail(Details.AUTH_METHOD).removeDetail(Details.AUTH_TYPE).error(Errors.FEDERATED_IDENTITY_EXISTS);
        } else {
            context.attempted();
        }
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) Response(javax.ws.rs.core.Response) ExistingUserInfo(org.keycloak.authentication.authenticators.broker.util.ExistingUserInfo) KeycloakSession(org.keycloak.models.KeycloakSession) List(java.util.List) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel) Map(java.util.Map)

Aggregations

ExistingUserInfo (org.keycloak.authentication.authenticators.broker.util.ExistingUserInfo)4 Response (javax.ws.rs.core.Response)3 RealmModel (org.keycloak.models.RealmModel)2 UserModel (org.keycloak.models.UserModel)2 List (java.util.List)1 Map (java.util.Map)1 AuthenticationFlowException (org.keycloak.authentication.AuthenticationFlowException)1 AuthenticatorConfigModel (org.keycloak.models.AuthenticatorConfigModel)1 KeycloakSession (org.keycloak.models.KeycloakSession)1 AuthenticationSessionModel (org.keycloak.sessions.AuthenticationSessionModel)1