Search in sources :

Example 1 with WebAuthnAuthenticatorsBean

use of org.keycloak.forms.login.freemarker.model.WebAuthnAuthenticatorsBean in project keycloak by keycloak.

the class WebAuthnAuthenticator method authenticate.

public void authenticate(AuthenticationFlowContext context) {
    LoginFormsProvider form = context.form();
    Challenge challenge = new DefaultChallenge();
    String challengeValue = Base64Url.encode(challenge.getValue());
    context.getAuthenticationSession().setAuthNote(WebAuthnConstants.AUTH_CHALLENGE_NOTE, challengeValue);
    form.setAttribute(WebAuthnConstants.CHALLENGE, challengeValue);
    WebAuthnPolicy policy = getWebAuthnPolicy(context);
    String rpId = getRpID(context);
    form.setAttribute(WebAuthnConstants.RP_ID, rpId);
    form.setAttribute(WebAuthnConstants.CREATE_TIMEOUT, policy.getCreateTimeout());
    UserModel user = context.getUser();
    boolean isUserIdentified = false;
    if (user != null) {
        // in 2 Factor Scenario where the user has already been identified
        WebAuthnAuthenticatorsBean authenticators = new WebAuthnAuthenticatorsBean(context.getSession(), context.getRealm(), user, getCredentialType());
        if (authenticators.getAuthenticators().isEmpty()) {
            // require the user to register webauthn authenticator
            return;
        }
        isUserIdentified = true;
        form.setAttribute(WebAuthnConstants.ALLOWED_AUTHENTICATORS, authenticators);
    } else {
    // in ID-less & Password-less Scenario
    // NOP
    }
    form.setAttribute(WebAuthnConstants.IS_USER_IDENTIFIED, Boolean.toString(isUserIdentified));
    // read options from policy
    String userVerificationRequirement = policy.getUserVerificationRequirement();
    form.setAttribute(WebAuthnConstants.USER_VERIFICATION, userVerificationRequirement);
    form.setAttribute(WebAuthnConstants.SHOULD_DISPLAY_AUTHENTICATORS, shouldDisplayAuthenticators(context));
    context.challenge(form.createLoginWebAuthn());
}
Also used : UserModel(org.keycloak.models.UserModel) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) LoginFormsProvider(org.keycloak.forms.login.LoginFormsProvider) WebAuthnPolicy(org.keycloak.models.WebAuthnPolicy) WebAuthnAuthenticatorsBean(org.keycloak.forms.login.freemarker.model.WebAuthnAuthenticatorsBean) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge)

Example 2 with WebAuthnAuthenticatorsBean

use of org.keycloak.forms.login.freemarker.model.WebAuthnAuthenticatorsBean in project keycloak by keycloak.

the class WebAuthnAuthenticator method createErrorResponse.

private Response createErrorResponse(AuthenticationFlowContext context, final String errorCase) {
    LoginFormsProvider provider = context.form().setError(errorCase, "");
    UserModel user = context.getUser();
    if (user != null) {
        WebAuthnAuthenticatorsBean authenticators = new WebAuthnAuthenticatorsBean(context.getSession(), context.getRealm(), user, getCredentialType());
        if (authenticators.getAuthenticators() != null) {
            provider.setAttribute(WebAuthnConstants.ALLOWED_AUTHENTICATORS, authenticators);
        }
    }
    return provider.createWebAuthnErrorPage();
}
Also used : UserModel(org.keycloak.models.UserModel) LoginFormsProvider(org.keycloak.forms.login.LoginFormsProvider) WebAuthnAuthenticatorsBean(org.keycloak.forms.login.freemarker.model.WebAuthnAuthenticatorsBean)

Aggregations

LoginFormsProvider (org.keycloak.forms.login.LoginFormsProvider)2 WebAuthnAuthenticatorsBean (org.keycloak.forms.login.freemarker.model.WebAuthnAuthenticatorsBean)2 UserModel (org.keycloak.models.UserModel)2 Challenge (com.webauthn4j.data.client.challenge.Challenge)1 DefaultChallenge (com.webauthn4j.data.client.challenge.DefaultChallenge)1 WebAuthnPolicy (org.keycloak.models.WebAuthnPolicy)1