Example 6 with LoginFormsProvider
use of org.keycloak.forms.login.LoginFormsProvider in project keycloak by keycloak.
the class DeviceEndpoint method status.
/**
* Showing the result of verification process for OAuth 2.0 Device Authorization Grant. This outputs login success or
* failure messages.
*
* @param error
* @return
*/
@Path("status")
@GET
public Response status(@QueryParam("error") String error) {
if (!StringUtil.isNullOrEmpty(error)) {
String message;
switch(error) {
case OAuthErrorException.ACCESS_DENIED:
// cased by CANCELLED_BY_USER or CONSENT_DENIED:
message = Messages.OAUTH2_DEVICE_CONSENT_DENIED;
break;
case OAuthErrorException.EXPIRED_TOKEN:
message = Messages.OAUTH2_DEVICE_EXPIRED_USER_CODE;
break;
default:
message = Messages.OAUTH2_DEVICE_VERIFICATION_FAILED;
}
LoginFormsProvider forms = session.getProvider(LoginFormsProvider.class);
String restartUri = DeviceGrantType.oauth2DeviceVerificationUrl(session.getContext().getUri()).build(realm.getName()).toString();
return forms.setAttribute("messageHeader", forms.getMessage(Messages.OAUTH2_DEVICE_VERIFICATION_FAILED_HEADER)).setAttribute(Constants.TEMPLATE_ATTR_ACTION_URI, restartUri).setError(message).createInfoPage();
} else {
LoginFormsProvider forms = session.getProvider(LoginFormsProvider.class);
return forms.setAttribute("messageHeader", forms.getMessage(Messages.OAUTH2_DEVICE_VERIFICATION_COMPLETE_HEADER)).setAttribute(Constants.SKIP_LINK, true).setSuccess(Messages.OAUTH2_DEVICE_VERIFICATION_COMPLETE).createInfoPage();
}
}
Also used :
LoginFormsProvider(org.keycloak.forms.login.LoginFormsProvider)
Path(javax.ws.rs.Path)
GET(javax.ws.rs.GET)
Example 7 with LoginFormsProvider
use of org.keycloak.forms.login.LoginFormsProvider in project keycloak by keycloak.
the class AuthenticationManager method finishedRequiredActions.
public static Response finishedRequiredActions(KeycloakSession session, AuthenticationSessionModel authSession, UserSessionModel userSession, ClientConnection clientConnection, HttpRequest request, UriInfo uriInfo, EventBuilder event) {
String actionTokenKeyToInvalidate = authSession.getAuthNote(INVALIDATE_ACTION_TOKEN);
if (actionTokenKeyToInvalidate != null) {
ActionTokenKeyModel actionTokenKey = DefaultActionTokenKey.from(actionTokenKeyToInvalidate);
if (actionTokenKey != null) {
ActionTokenStoreProvider actionTokenStore = session.getProvider(ActionTokenStoreProvider.class);
// Token is invalidated
actionTokenStore.put(actionTokenKey, null);
}
}
if (authSession.getAuthNote(END_AFTER_REQUIRED_ACTIONS) != null) {
LoginFormsProvider infoPage = session.getProvider(LoginFormsProvider.class).setAuthenticationSession(authSession).setSuccess(Messages.ACCOUNT_UPDATED);
if (authSession.getAuthNote(SET_REDIRECT_URI_AFTER_REQUIRED_ACTIONS) != null) {
if (authSession.getRedirectUri() != null) {
infoPage.setAttribute("pageRedirectUri", authSession.getRedirectUri());
}
} else {
infoPage.setAttribute(Constants.SKIP_LINK, true);
}
Response response = infoPage.createInfoPage();
new AuthenticationSessionManager(session).removeAuthenticationSession(authSession.getRealm(), authSession, true);
return response;
}
RealmModel realm = authSession.getRealm();
ClientSessionContext clientSessionCtx = AuthenticationProcessor.attachSession(authSession, userSession, session, realm, clientConnection, event);
userSession = clientSessionCtx.getClientSession().getUserSession();
event.event(EventType.LOGIN);
event.session(userSession);
event.success();
return redirectAfterSuccessfulFlow(session, realm, userSession, clientSessionCtx, request, uriInfo, clientConnection, event, authSession);
}
Also used :
BackchannelLogoutResponse(org.keycloak.protocol.oidc.BackchannelLogoutResponse)
Response(javax.ws.rs.core.Response)
RealmModel(org.keycloak.models.RealmModel)
ActionTokenKeyModel(org.keycloak.models.ActionTokenKeyModel)
LoginFormsProvider(org.keycloak.forms.login.LoginFormsProvider)
ActionTokenStoreProvider(org.keycloak.models.ActionTokenStoreProvider)
DefaultClientSessionContext(org.keycloak.services.util.DefaultClientSessionContext)
ClientSessionContext(org.keycloak.models.ClientSessionContext)
Example 8 with LoginFormsProvider
use of org.keycloak.forms.login.LoginFormsProvider in project keycloak by keycloak.
the class X509ClientCertificateAuthenticator method createResponse.
private Response createResponse(AuthenticationFlowContext context, String subjectDN, boolean isUserEnabled, String errorMessage, Object[] errorParameters) {
LoginFormsProvider form = context.form();
if (errorMessage != null && errorMessage.trim().length() > 0) {
List<FormMessage> errors = new LinkedList<>();
errors.add(new FormMessage(errorMessage));
if (errorParameters != null) {
for (Object errorParameter : errorParameters) {
if (errorParameter == null)
continue;
for (String part : errorParameter.toString().split("\n")) {
errors.add(new FormMessage(part));
}
}
}
form.setErrors(errors);
}
MultivaluedMap<String, String> formData = new MultivaluedHashMap<>();
formData.add("username", context.getUser() != null ? context.getUser().getUsername() : "unknown user");
formData.add("subjectDN", subjectDN);
formData.add("isUserEnabled", String.valueOf(isUserEnabled));
form.setFormData(formData);
return form.createX509ConfirmPage();
}
Also used :
MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap)
LoginFormsProvider(org.keycloak.forms.login.LoginFormsProvider)
FormMessage(org.keycloak.models.utils.FormMessage)
LinkedList(java.util.LinkedList)
Example 9 with LoginFormsProvider
use of org.keycloak.forms.login.LoginFormsProvider in project keycloak by keycloak.
the class WebAuthnAuthenticator method authenticate.
public void authenticate(AuthenticationFlowContext context) {
LoginFormsProvider form = context.form();
Challenge challenge = new DefaultChallenge();
String challengeValue = Base64Url.encode(challenge.getValue());
context.getAuthenticationSession().setAuthNote(WebAuthnConstants.AUTH_CHALLENGE_NOTE, challengeValue);
form.setAttribute(WebAuthnConstants.CHALLENGE, challengeValue);
WebAuthnPolicy policy = getWebAuthnPolicy(context);
String rpId = getRpID(context);
form.setAttribute(WebAuthnConstants.RP_ID, rpId);
form.setAttribute(WebAuthnConstants.CREATE_TIMEOUT, policy.getCreateTimeout());
UserModel user = context.getUser();
boolean isUserIdentified = false;
if (user != null) {
// in 2 Factor Scenario where the user has already been identified
WebAuthnAuthenticatorsBean authenticators = new WebAuthnAuthenticatorsBean(context.getSession(), context.getRealm(), user, getCredentialType());
if (authenticators.getAuthenticators().isEmpty()) {
// require the user to register webauthn authenticator
return;
}
isUserIdentified = true;
form.setAttribute(WebAuthnConstants.ALLOWED_AUTHENTICATORS, authenticators);
} else {
// in ID-less & Password-less Scenario
// NOP
}
form.setAttribute(WebAuthnConstants.IS_USER_IDENTIFIED, Boolean.toString(isUserIdentified));
// read options from policy
String userVerificationRequirement = policy.getUserVerificationRequirement();
form.setAttribute(WebAuthnConstants.USER_VERIFICATION, userVerificationRequirement);
form.setAttribute(WebAuthnConstants.SHOULD_DISPLAY_AUTHENTICATORS, shouldDisplayAuthenticators(context));
context.challenge(form.createLoginWebAuthn());
}
Also used :
UserModel(org.keycloak.models.UserModel)
DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge)
LoginFormsProvider(org.keycloak.forms.login.LoginFormsProvider)
WebAuthnPolicy(org.keycloak.models.WebAuthnPolicy)
WebAuthnAuthenticatorsBean(org.keycloak.forms.login.freemarker.model.WebAuthnAuthenticatorsBean)
Challenge(com.webauthn4j.data.client.challenge.Challenge)
DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge)
Example 10 with LoginFormsProvider
use of org.keycloak.forms.login.LoginFormsProvider in project keycloak by keycloak.
the class WebAuthnAuthenticator method createErrorResponse.
private Response createErrorResponse(AuthenticationFlowContext context, final String errorCase) {
LoginFormsProvider provider = context.form().setError(errorCase, "");
UserModel user = context.getUser();
if (user != null) {
WebAuthnAuthenticatorsBean authenticators = new WebAuthnAuthenticatorsBean(context.getSession(), context.getRealm(), user, getCredentialType());
if (authenticators.getAuthenticators() != null) {
provider.setAttribute(WebAuthnConstants.ALLOWED_AUTHENTICATORS, authenticators);
}
}
return provider.createWebAuthnErrorPage();
}
Also used :
UserModel(org.keycloak.models.UserModel)
LoginFormsProvider(org.keycloak.forms.login.LoginFormsProvider)
WebAuthnAuthenticatorsBean(org.keycloak.forms.login.freemarker.model.WebAuthnAuthenticatorsBean)
Aggregations
LoginFormsProvider (org.keycloak.forms.login.LoginFormsProvider)16
Response (javax.ws.rs.core.Response)4
UserModel (org.keycloak.models.UserModel)3
URI (java.net.URI)2
WebAuthnAuthenticatorsBean (org.keycloak.forms.login.freemarker.model.WebAuthnAuthenticatorsBean)2
UserSessionModel (org.keycloak.models.UserSessionModel)2
FormMessage (org.keycloak.models.utils.FormMessage)2
AuthenticationSessionModel (org.keycloak.sessions.AuthenticationSessionModel)2
Challenge (com.webauthn4j.data.client.challenge.Challenge)1
DefaultChallenge (com.webauthn4j.data.client.challenge.DefaultChallenge)1
LinkedList (java.util.LinkedList)1
GET (javax.ws.rs.GET)1
Path (javax.ws.rs.Path)1
MultivaluedHashMap (javax.ws.rs.core.MultivaluedHashMap)1
MultivaluedMapImpl (org.jboss.resteasy.specimpl.MultivaluedMapImpl)1
AuthenticationFlowException (org.keycloak.authentication.AuthenticationFlowException)1
SerializedBrokeredIdentityContext (org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext)1
BrokeredIdentityContext (org.keycloak.broker.provider.BrokeredIdentityContext)1
EventBuilder (org.keycloak.events.EventBuilder)1
ActionTokenKeyModel (org.keycloak.models.ActionTokenKeyModel)1
