Example 6 with IdentityBrokerException
use of org.keycloak.broker.provider.IdentityBrokerException in project keycloak by keycloak.
the class LinkedInIdentityProvider method doGetFederatedIdentity.
@Override
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
log.debug("doGetFederatedIdentity()");
try {
BrokeredIdentityContext identity = extractIdentityFromProfile(null, doHttpGet(PROFILE_URL, accessToken));
identity.setEmail(fetchEmailAddress(accessToken, identity));
if (identity.getUsername() == null) {
identity.setUsername(identity.getEmail());
}
return identity;
} catch (Exception e) {
throw new IdentityBrokerException("Could not obtain user profile from linkedIn.", e);
}
}
Also used :
IdentityBrokerException(org.keycloak.broker.provider.IdentityBrokerException)
BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
IdentityBrokerException(org.keycloak.broker.provider.IdentityBrokerException)
Example 7 with IdentityBrokerException
use of org.keycloak.broker.provider.IdentityBrokerException in project keycloak by keycloak.
the class OpenshiftV3IdentityProvider method doGetFederatedIdentity.
@Override
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
try {
final JsonNode profile = fetchProfile(accessToken);
final BrokeredIdentityContext user = extractUserContext(profile);
AbstractJsonUserAttributeMapper.storeUserProfileForMapper(user, profile, getConfig().getAlias());
return user;
} catch (Exception e) {
throw new IdentityBrokerException("Could not obtain user profile from Openshift.", e);
}
}
Also used :
IdentityBrokerException(org.keycloak.broker.provider.IdentityBrokerException)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext)
IOException(java.io.IOException)
IdentityBrokerException(org.keycloak.broker.provider.IdentityBrokerException)
OAuthErrorException(org.keycloak.OAuthErrorException)
ErrorResponseException(org.keycloak.services.ErrorResponseException)
Example 8 with IdentityBrokerException
use of org.keycloak.broker.provider.IdentityBrokerException in project keycloak by keycloak.
the class AbstractOAuth2IdentityProvider method getFederatedIdentity.
public BrokeredIdentityContext getFederatedIdentity(String response) {
String accessToken = extractTokenFromResponse(response, getAccessTokenResponseParameter());
if (accessToken == null) {
throw new IdentityBrokerException("No access token available in OAuth server response: " + response);
}
BrokeredIdentityContext context = doGetFederatedIdentity(accessToken);
context.getContextData().put(FEDERATED_ACCESS_TOKEN, accessToken);
return context;
}
Also used :
IdentityBrokerException(org.keycloak.broker.provider.IdentityBrokerException)
BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext)
Example 9 with IdentityBrokerException
use of org.keycloak.broker.provider.IdentityBrokerException in project keycloak by keycloak.
the class OIDCIdentityProvider method validateJwt.
protected final BrokeredIdentityContext validateJwt(EventBuilder event, String subjectToken, String subjectTokenType) {
if (!getConfig().isValidateSignature()) {
return validateExternalTokenThroughUserInfo(event, subjectToken, subjectTokenType);
}
event.detail("validation_method", "signature");
if (getConfig().isUseJwksUrl()) {
if (getConfig().getJwksUrl() == null) {
event.detail(Details.REASON, "jwks url unset");
event.error(Errors.INVALID_CONFIG);
throw new ErrorResponseException(Errors.INVALID_CONFIG, "Invalid server config", Response.Status.BAD_REQUEST);
}
} else if (getConfig().getPublicKeySignatureVerifier() == null) {
event.detail(Details.REASON, "public key unset");
event.error(Errors.INVALID_CONFIG);
throw new ErrorResponseException(Errors.INVALID_CONFIG, "Invalid server config", Response.Status.BAD_REQUEST);
}
JsonWebToken parsedToken = null;
try {
parsedToken = validateToken(subjectToken, true);
} catch (IdentityBrokerException e) {
logger.debug("Unable to validate token for exchange", e);
event.detail(Details.REASON, "token validation failure");
event.error(Errors.INVALID_TOKEN);
throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
}
try {
boolean idTokenType = OAuth2Constants.ID_TOKEN_TYPE.equals(subjectTokenType);
BrokeredIdentityContext context = extractIdentity(null, idTokenType ? null : subjectToken, parsedToken);
if (context == null) {
event.detail(Details.REASON, "Failed to extract identity from token");
event.error(Errors.INVALID_TOKEN);
throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
}
if (idTokenType) {
context.getContextData().put(VALIDATED_ID_TOKEN, subjectToken);
} else {
context.getContextData().put(KeycloakOIDCIdentityProvider.VALIDATED_ACCESS_TOKEN, parsedToken);
}
context.getContextData().put(EXCHANGE_PROVIDER, getConfig().getAlias());
context.setIdp(this);
context.setIdpConfig(getConfig());
return context;
} catch (IOException e) {
logger.debug("Unable to extract identity from identity token", e);
throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
}
}
Also used :
IdentityBrokerException(org.keycloak.broker.provider.IdentityBrokerException)
ErrorResponseException(org.keycloak.services.ErrorResponseException)
IOException(java.io.IOException)
JsonWebToken(org.keycloak.representations.JsonWebToken)
BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext)
Example 10 with IdentityBrokerException
use of org.keycloak.broker.provider.IdentityBrokerException in project keycloak by keycloak.
the class OIDCIdentityProvider method preprocessFederatedIdentity.
@Override
public void preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, BrokeredIdentityContext context) {
AuthenticationSessionModel authenticationSession = session.getContext().getAuthenticationSession();
if (authenticationSession == null) {
// no interacting with the brokered OP, likely doing token exchanges
return;
}
String nonce = (String) context.getContextData().get(BROKER_NONCE_PARAM);
if (nonce == null) {
throw new IdentityBrokerException("OpenID Provider [" + getConfig().getProviderId() + "] did not return a nonce");
}
String expectedNonce = authenticationSession.getClientNote(BROKER_NONCE_PARAM);
if (!nonce.equals(expectedNonce)) {
throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid nonce", Response.Status.BAD_REQUEST);
}
}
Also used :
AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel)
IdentityBrokerException(org.keycloak.broker.provider.IdentityBrokerException)
ErrorResponseException(org.keycloak.services.ErrorResponseException)
Aggregations
IdentityBrokerException (org.keycloak.broker.provider.IdentityBrokerException)27
IOException (java.io.IOException)13
BrokeredIdentityContext (org.keycloak.broker.provider.BrokeredIdentityContext)11
JsonNode (com.fasterxml.jackson.databind.JsonNode)8
OAuthErrorException (org.keycloak.OAuthErrorException)7
NotFoundException (javax.ws.rs.NotFoundException)5
WebApplicationException (javax.ws.rs.WebApplicationException)5
ErrorResponseException (org.keycloak.services.ErrorResponseException)5
AuthenticationSessionModel (org.keycloak.sessions.AuthenticationSessionModel)5
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
Path (javax.ws.rs.Path)4
IdentityProvider (org.keycloak.broker.provider.IdentityProvider)4
SocialIdentityProvider (org.keycloak.broker.social.SocialIdentityProvider)4
IdentityProviderModel (org.keycloak.models.IdentityProviderModel)4
RoleModel (org.keycloak.models.RoleModel)4
JsonWebToken (org.keycloak.representations.JsonWebToken)4
ErrorPageException (org.keycloak.services.ErrorPageException)4
GET (javax.ws.rs.GET)3
NoCache (org.jboss.resteasy.annotations.cache.NoCache)3
ClientModel (org.keycloak.models.ClientModel)3
