Examples with BrokeredIdentityContext org.keycloak.broker.provider.BrokeredIdentityContext used on opensource projects

Search in sources :

Example 1 with BrokeredIdentityContext

use of org.keycloak.broker.provider.BrokeredIdentityContext in project keycloak by keycloak.

the class AbstractIdpAuthenticator method action.

@Override
public void action(AuthenticationFlowContext context) {
    AuthenticationSessionModel clientSession = context.getAuthenticationSession();
    SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromAuthenticationSession(clientSession, BROKERED_CONTEXT_NOTE);
    if (serializedCtx == null) {
        throw new AuthenticationFlowException("Not found serialized context in clientSession", AuthenticationFlowError.IDENTITY_PROVIDER_ERROR);
    }
    BrokeredIdentityContext brokerContext = serializedCtx.deserialize(context.getSession(), clientSession);
    if (!brokerContext.getIdpConfig().isEnabled()) {
        sendFailureChallenge(context, Response.Status.BAD_REQUEST, Errors.IDENTITY_PROVIDER_ERROR, Messages.IDENTITY_PROVIDER_UNEXPECTED_ERROR, AuthenticationFlowError.IDENTITY_PROVIDER_ERROR);
    }
    actionImpl(context, serializedCtx, brokerContext);
}
Also used : AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel) AuthenticationFlowException(org.keycloak.authentication.AuthenticationFlowException) SerializedBrokeredIdentityContext(org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext) BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext) SerializedBrokeredIdentityContext(org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext)

Example 2 with BrokeredIdentityContext

use of org.keycloak.broker.provider.BrokeredIdentityContext in project keycloak by keycloak.

the class FreeMarkerLoginFormsProvider method createIdpLinkEmailPage.

@Override
public Response createIdpLinkEmailPage() {
    BrokeredIdentityContext brokerContext = (BrokeredIdentityContext) this.attributes.get(IDENTITY_PROVIDER_BROKER_CONTEXT);
    String idpAlias = brokerContext.getIdpConfig().getAlias();
    idpAlias = ObjectUtil.capitalize(idpAlias);
    String displayName = idpAlias;
    if (!ObjectUtil.isBlank(brokerContext.getIdpConfig().getDisplayName())) {
        displayName = brokerContext.getIdpConfig().getDisplayName();
    }
    setMessage(MessageType.WARNING, Messages.LINK_IDP, displayName);
    return createResponse(LoginFormsPages.LOGIN_IDP_LINK_EMAIL);
}
Also used : BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext)

Example 3 with BrokeredIdentityContext

use of org.keycloak.broker.provider.BrokeredIdentityContext in project keycloak by keycloak.

the class AbstractOAuth2IdentityProviderTest method getFederatedIdentity_responseJSON.

@Test
public void getFederatedIdentity_responseJSON() {
    TestProvider tested = getTested();
    BrokeredIdentityContext fi = tested.getFederatedIdentity("{\"" + AbstractOAuth2IdentityProvider.OAUTH2_PARAMETER_ACCESS_TOKEN + "\" : \"458rt\"}");
    Assert.assertNotNull(fi);
    Assert.assertEquals("458rt", fi.getId());
}
Also used : BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext) Test(org.junit.Test)

Example 4 with BrokeredIdentityContext

use of org.keycloak.broker.provider.BrokeredIdentityContext in project keycloak by keycloak.

the class DefaultTokenExchangeProvider method exchangeExternalToken.

protected Response exchangeExternalToken(String issuer, String subjectToken) {
    AtomicReference<ExchangeExternalToken> externalIdp = new AtomicReference<>(null);
    AtomicReference<IdentityProviderModel> externalIdpModel = new AtomicReference<>(null);
    realm.getIdentityProvidersStream().filter(idpModel -> {
        IdentityProviderFactory factory = IdentityBrokerService.getIdentityProviderFactory(session, idpModel);
        IdentityProvider idp = factory.create(session, idpModel);
        if (idp instanceof ExchangeExternalToken) {
            ExchangeExternalToken external = (ExchangeExternalToken) idp;
            if (idpModel.getAlias().equals(issuer) || external.isIssuer(issuer, formParams)) {
                externalIdp.set(external);
                externalIdpModel.set(idpModel);
                return true;
            }
        }
        return false;
    }).findFirst();
    if (externalIdp.get() == null) {
        event.error(Errors.INVALID_ISSUER);
        throw new CorsErrorResponseException(cors, Errors.INVALID_ISSUER, "Invalid " + OAuth2Constants.SUBJECT_ISSUER + " parameter", Response.Status.BAD_REQUEST);
    }
    if (!AdminPermissions.management(session, realm).idps().canExchangeTo(client, externalIdpModel.get())) {
        event.detail(Details.REASON, "client not allowed to exchange subject_issuer");
        event.error(Errors.NOT_ALLOWED);
        throw new CorsErrorResponseException(cors, OAuthErrorException.ACCESS_DENIED, "Client not allowed to exchange", Response.Status.FORBIDDEN);
    }
    BrokeredIdentityContext context = externalIdp.get().exchangeExternal(event, formParams);
    if (context == null) {
        event.error(Errors.INVALID_ISSUER);
        throw new CorsErrorResponseException(cors, Errors.INVALID_ISSUER, "Invalid " + OAuth2Constants.SUBJECT_ISSUER + " parameter", Response.Status.BAD_REQUEST);
    }
    UserModel user = importUserFromExternalIdentity(context);
    UserSessionModel userSession = session.sessions().createUserSession(realm, user, user.getUsername(), clientConnection.getRemoteAddr(), "external-exchange", false, null, null);
    externalIdp.get().exchangeExternalComplete(userSession, context, formParams);
    // this must exist so that we can obtain access token from user session if idp's store tokens is off
    userSession.setNote(IdentityProvider.EXTERNAL_IDENTITY_PROVIDER, externalIdpModel.get().getAlias());
    userSession.setNote(IdentityProvider.FEDERATED_ACCESS_TOKEN, subjectToken);
    return exchangeClientToClient(user, userSession);
}
Also used : BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext) AuthenticationSessionManager(org.keycloak.services.managers.AuthenticationSessionManager) AccessTokenResponse(org.keycloak.representations.AccessTokenResponse) OAuthErrorException(org.keycloak.OAuthErrorException) MediaType(javax.ws.rs.core.MediaType) AuthenticationManager(org.keycloak.services.managers.AuthenticationManager) AccessToken(org.keycloak.representations.AccessToken) ExchangeExternalToken(org.keycloak.broker.provider.ExchangeExternalToken) Validation(org.keycloak.services.validation.Validation) Map(java.util.Map) SamlService(org.keycloak.protocol.saml.SamlService) ClientConnection(org.keycloak.common.ClientConnection) AdminPermissions(org.keycloak.services.resources.admin.permissions.AdminPermissions) AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel) RealmModel(org.keycloak.models.RealmModel) IdentityProviderMapperSyncModeDelegate(org.keycloak.broker.provider.IdentityProviderMapperSyncModeDelegate) Set(java.util.Set) SamlProtocol(org.keycloak.protocol.saml.SamlProtocol) IdentityProviderModel(org.keycloak.models.IdentityProviderModel) CorsErrorResponseException(org.keycloak.services.CorsErrorResponseException) Collectors(java.util.stream.Collectors) IMPERSONATOR_ID(org.keycloak.models.ImpersonationSessionNote.IMPERSONATOR_ID) TokenExchangeSamlProtocol(org.keycloak.protocol.oidc.endpoints.TokenEndpoint.TokenExchangeSamlProtocol) AdminAuth(org.keycloak.services.resources.admin.AdminAuth) HttpHeaders(javax.ws.rs.core.HttpHeaders) Response(javax.ws.rs.core.Response) Details(org.keycloak.events.Details) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) SamlClient(org.keycloak.protocol.saml.SamlClient) BruteForceProtector(org.keycloak.services.managers.BruteForceProtector) OAuth2Constants(org.keycloak.OAuth2Constants) LoginProtocol(org.keycloak.protocol.LoginProtocol) ClientModel(org.keycloak.models.ClientModel) IdentityProviderFactory(org.keycloak.broker.provider.IdentityProviderFactory) IdentityProviderMapperModel(org.keycloak.models.IdentityProviderMapperModel) ExchangeTokenToIdentityProviderToken(org.keycloak.broker.provider.ExchangeTokenToIdentityProviderToken) Logger(org.jboss.logging.Logger) GeneralConstants(org.keycloak.saml.common.constants.GeneralConstants) AtomicReference(java.util.concurrent.atomic.AtomicReference) LoginProtocolFactory(org.keycloak.protocol.LoginProtocolFactory) ResteasyProviderFactory(org.jboss.resteasy.spi.ResteasyProviderFactory) JWSInputException(org.keycloak.jose.jws.JWSInputException) TokenUtil(org.keycloak.util.TokenUtil) UserModel(org.keycloak.models.UserModel) ClientSessionContext(org.keycloak.models.ClientSessionContext) EventBuilder(org.keycloak.events.EventBuilder) Cors(org.keycloak.services.resources.Cors) Base64Url(org.keycloak.common.util.Base64Url) IdentityProvider(org.keycloak.broker.provider.IdentityProvider) IdentityProviderMapper(org.keycloak.broker.provider.IdentityProviderMapper) FederatedIdentityModel(org.keycloak.models.FederatedIdentityModel) JWSInput(org.keycloak.jose.jws.JWSInput) Errors(org.keycloak.events.Errors) IdentityBrokerService(org.keycloak.services.resources.IdentityBrokerService) KeycloakSession(org.keycloak.models.KeycloakSession) UserSessionModel(org.keycloak.models.UserSessionModel) JsonWebToken(org.keycloak.representations.JsonWebToken) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) IMPERSONATOR_USERNAME(org.keycloak.models.ImpersonationSessionNote.IMPERSONATOR_USERNAME) AuthenticatorUtils.getDisabledByBruteForceEventError(org.keycloak.authentication.authenticators.util.AuthenticatorUtils.getDisabledByBruteForceEventError) Urls(org.keycloak.services.Urls) UserModel(org.keycloak.models.UserModel) UserSessionModel(org.keycloak.models.UserSessionModel) ExchangeExternalToken(org.keycloak.broker.provider.ExchangeExternalToken) AtomicReference(java.util.concurrent.atomic.AtomicReference) IdentityProvider(org.keycloak.broker.provider.IdentityProvider) IdentityProviderModel(org.keycloak.models.IdentityProviderModel) CorsErrorResponseException(org.keycloak.services.CorsErrorResponseException) IdentityProviderFactory(org.keycloak.broker.provider.IdentityProviderFactory) BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext)

Example 5 with BrokeredIdentityContext

use of org.keycloak.broker.provider.BrokeredIdentityContext in project keycloak by keycloak.

the class OpenshiftV4IdentityProvider method extractUserContext.

private BrokeredIdentityContext extractUserContext(JsonNode profile) {
    JsonNode metadata = profile.get("metadata");
    logger.debugv("extractUserContext: metadata = {0}", metadata);
    final BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(metadata, "uid") != null ? getJsonProperty(metadata, "uid") : tryGetKubeAdmin(metadata));
    user.setUsername(getJsonProperty(metadata, "name"));
    user.setName(getJsonProperty(profile, "fullName"));
    user.setIdpConfig(getConfig());
    user.setIdp(this);
    return user;
}
Also used : JsonNode(com.fasterxml.jackson.databind.JsonNode) BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext)

Aggregations

BrokeredIdentityContext (org.keycloak.broker.provider.BrokeredIdentityContext)40 IOException (java.io.IOException)12 IdentityBrokerException (org.keycloak.broker.provider.IdentityBrokerException)12 JsonNode (com.fasterxml.jackson.databind.JsonNode)11 SerializedBrokeredIdentityContext (org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext)6 ErrorResponseException (org.keycloak.services.ErrorResponseException)6 OAuthErrorException (org.keycloak.OAuthErrorException)5 AuthenticationSessionModel (org.keycloak.sessions.AuthenticationSessionModel)5 Map (java.util.Map)3 AuthenticationFlowException (org.keycloak.authentication.AuthenticationFlowException)3 SimpleHttp (org.keycloak.broker.provider.util.SimpleHttp)3 HashMap (java.util.HashMap)2 Set (java.util.Set)2 Collectors (java.util.stream.Collectors)2 WebApplicationException (javax.ws.rs.WebApplicationException)2 MediaType (javax.ws.rs.core.MediaType)2 Response (javax.ws.rs.core.Response)2 Test (org.junit.Test)2 IdentityProvider (org.keycloak.broker.provider.IdentityProvider)2 JWSInput (org.keycloak.jose.jws.JWSInput)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial