Examples with AuthenticationExecutionModel org.keycloak.models.AuthenticationExecutionModel used on opensource projects

Example 36 with AuthenticationExecutionModel

use of org.keycloak.models.AuthenticationExecutionModel in project keycloak by keycloak.

the class ClientAuthenticationFlow method findExecutionsToRun.

protected List<AuthenticationExecutionModel> findExecutionsToRun() {
    List<AuthenticationExecutionModel> executionsToRun = new LinkedList<>();
    List<AuthenticationExecutionModel> finalExecutionsToRun = executionsToRun;
    Optional<AuthenticationExecutionModel> first = processor.getRealm().getAuthenticationExecutionsStream(flow.getId()).filter(e -> {
        if (e.isRequired()) {
            return true;
        } else if (e.isAlternative()) {
            finalExecutionsToRun.add(e);
            return false;
        }
        return false;
    }).findFirst();
    if (first.isPresent())
        executionsToRun = Arrays.asList(first.get());
    else
        executionsToRun.addAll(finalExecutionsToRun);
    if (logger.isTraceEnabled()) {
        List<String> exIds = new ArrayList<>();
        for (AuthenticationExecutionModel execution : executionsToRun) {
            exIds.add(execution.getId());
        }
        logger.tracef("Using executions for client authentication: %s", exIds.toString());
    }
    return executionsToRun;
}

Example 37 with AuthenticationExecutionModel

use of org.keycloak.models.AuthenticationExecutionModel in project keycloak by keycloak.

the class ClientAuthenticationFlow method processFlow.

@Override
public Response processFlow() {
    List<AuthenticationExecutionModel> executions = findExecutionsToRun();
    for (AuthenticationExecutionModel model : executions) {
        ClientAuthenticatorFactory factory = (ClientAuthenticatorFactory) processor.getSession().getKeycloakSessionFactory().getProviderFactory(ClientAuthenticator.class, model.getAuthenticator());
        if (factory == null) {
            throw new AuthenticationFlowException("Could not find ClientAuthenticatorFactory for: " + model.getAuthenticator(), AuthenticationFlowError.INTERNAL_ERROR);
        }
        ClientAuthenticator authenticator = factory.create();
        logger.debugv("client authenticator: {0}", factory.getId());
        AuthenticationProcessor.Result context = processor.createClientAuthenticatorContext(model, authenticator, executions);
        authenticator.authenticateClient(context);
        ClientModel client = processor.getClient();
        if (client != null) {
            String expectedClientAuthType = client.getClientAuthenticatorType();
            // default, which set the client just based on "client_id" parameter
            if (expectedClientAuthType == null || client.isPublicClient()) {
                if (expectedClientAuthType == null) {
                    ServicesLogger.LOGGER.authMethodFallback(client.getClientId(), expectedClientAuthType);
                }
                expectedClientAuthType = KeycloakModelUtils.getDefaultClientAuthenticatorType();
            }
            // Check if client authentication matches
            if (factory.getId().equals(expectedClientAuthType)) {
                Response response = processResult(context);
                if (response != null)
                    return response;
                if (!context.getStatus().equals(FlowStatus.SUCCESS)) {
                    throw new AuthenticationFlowException("Expected success, but for an unknown reason the status was " + context.getStatus(), AuthenticationFlowError.INTERNAL_ERROR);
                } else {
                    success = true;
                }
                logger.debugv("Client {0} authenticated by {1}", client.getClientId(), factory.getId());
                processor.getEvent().detail(Details.CLIENT_AUTH_METHOD, factory.getId());
                return null;
            }
        }
    }
    // Check if any alternative challenge was identified
    if (alternativeChallenge != null) {
        processor.getEvent().error(Errors.INVALID_CLIENT);
        return alternativeChallenge;
    }
    throw new AuthenticationFlowException("Invalid client credentials", AuthenticationFlowError.INVALID_CREDENTIALS);
}

Example 38 with AuthenticationExecutionModel

use of org.keycloak.models.AuthenticationExecutionModel in project keycloak by keycloak.

the class UserSessionLimitsTest method setupFlows.

@Before
public void setupFlows() {
    // Do this just once per class
    if (testContext.isInitialized()) {
        return;
    }
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName("test");
        if (realm.getBrowserFlow().getAlias().equals("parent-flow")) {
            return;
        }
        // Parent flow
        AuthenticationFlowModel browser = new AuthenticationFlowModel();
        browser.setAlias("parent-flow");
        browser.setDescription("browser based authentication");
        browser.setProviderId("basic-flow");
        browser.setTopLevel(true);
        browser.setBuiltIn(true);
        browser = realm.addAuthenticationFlow(browser);
        realm.setBrowserFlow(browser);
        // username password
        AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
        execution.setParentFlow(browser.getId());
        execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        execution.setAuthenticator(UsernamePasswordFormFactory.PROVIDER_ID);
        execution.setPriority(20);
        execution.setAuthenticatorFlow(false);
        realm.addAuthenticatorExecution(execution);
        // user session limits authenticator
        execution = new AuthenticationExecutionModel();
        execution.setParentFlow(browser.getId());
        execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        execution.setAuthenticator(UserSessionLimitsAuthenticatorFactory.USER_SESSION_LIMITS);
        execution.setPriority(30);
        execution.setAuthenticatorFlow(false);
        AuthenticatorConfigModel configModel = new AuthenticatorConfigModel();
        Map<String, String> sessionAuthenticatorConfig = new HashMap<>();
        sessionAuthenticatorConfig.put(UserSessionLimitsAuthenticatorFactory.BEHAVIOR, UserSessionLimitsAuthenticatorFactory.DENY_NEW_SESSION);
        sessionAuthenticatorConfig.put(UserSessionLimitsAuthenticatorFactory.USER_REALM_LIMIT, "1");
        sessionAuthenticatorConfig.put(UserSessionLimitsAuthenticatorFactory.USER_CLIENT_LIMIT, "1");
        sessionAuthenticatorConfig.put(UserSessionLimitsAuthenticatorFactory.ERROR_MESSAGE, ERROR_TO_DISPLAY);
        configModel.setConfig(sessionAuthenticatorConfig);
        configModel.setAlias("user-session-limits");
        configModel = realm.addAuthenticatorConfig(configModel);
        execution.setAuthenticatorConfig(configModel.getId());
        realm.addAuthenticatorExecution(execution);
    });
    testContext.setInitialized(true);
}

Example 39 with AuthenticationExecutionModel

use of org.keycloak.models.AuthenticationExecutionModel in project keycloak by keycloak.

the class FlowUtil method addSubFlowExecution.

public FlowUtil addSubFlowExecution(AuthenticationFlowModel flowModel, Requirement requirement, int priority, Consumer<FlowUtil> flowInitializer) {
    maxPriority = Math.max(maxPriority, priority);
    flowModel = realm.addAuthenticationFlow(flowModel);
    AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
    execution.setRequirement(requirement);
    // KEYCLOAK-14161
    if (flowModel.getProviderId() == "form-flow") {
        execution.setAuthenticator("registration-page-form");
    }
    execution.setAuthenticatorFlow(true);
    execution.setPriority(priority);
    execution.setFlowId(flowModel.getId());
    execution.setParentFlow(currentFlow.getId());
    realm.addAuthenticatorExecution(execution);
    if (flowInitializer != null) {
        FlowUtil subflow = newFlowUtil(flowModel);
        flowInitializer.accept(subflow);
    }
    return this;
}

Example 40 with AuthenticationExecutionModel

use of org.keycloak.models.AuthenticationExecutionModel in project keycloak by keycloak.

the class DefaultAuthenticationFlows method registrationFlow.

public static void registrationFlow(RealmModel realm) {
    AuthenticationFlowModel registrationFlow = new AuthenticationFlowModel();
    registrationFlow.setAlias(REGISTRATION_FLOW);
    registrationFlow.setDescription("registration flow");
    registrationFlow.setProviderId("basic-flow");
    registrationFlow.setTopLevel(true);
    registrationFlow.setBuiltIn(true);
    registrationFlow = realm.addAuthenticationFlow(registrationFlow);
    realm.setRegistrationFlow(registrationFlow);
    AuthenticationFlowModel registrationFormFlow = new AuthenticationFlowModel();
    registrationFormFlow.setAlias(REGISTRATION_FORM_FLOW);
    registrationFormFlow.setDescription("registration form");
    registrationFormFlow.setProviderId("form-flow");
    registrationFormFlow.setTopLevel(false);
    registrationFormFlow.setBuiltIn(true);
    registrationFormFlow = realm.addAuthenticationFlow(registrationFormFlow);
    AuthenticationExecutionModel execution;
    execution = new AuthenticationExecutionModel();
    execution.setParentFlow(registrationFlow.getId());
    execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
    execution.setAuthenticator("registration-page-form");
    execution.setPriority(10);
    execution.setAuthenticatorFlow(true);
    execution.setFlowId(registrationFormFlow.getId());
    realm.addAuthenticatorExecution(execution);
    execution = new AuthenticationExecutionModel();
    execution.setParentFlow(registrationFormFlow.getId());
    execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
    execution.setAuthenticator("registration-user-creation");
    execution.setPriority(20);
    execution.setAuthenticatorFlow(false);
    realm.addAuthenticatorExecution(execution);
    execution = new AuthenticationExecutionModel();
    execution.setParentFlow(registrationFormFlow.getId());
    execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
    execution.setAuthenticator("registration-profile-action");
    execution.setPriority(40);
    execution.setAuthenticatorFlow(false);
    realm.addAuthenticatorExecution(execution);
    execution = new AuthenticationExecutionModel();
    execution.setParentFlow(registrationFormFlow.getId());
    execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
    execution.setAuthenticator("registration-password-action");
    execution.setPriority(50);
    execution.setAuthenticatorFlow(false);
    realm.addAuthenticatorExecution(execution);
    // AuthenticatorConfigModel captchaConfig = new AuthenticatorConfigModel();
    // captchaConfig.setAlias("Recaptcha Config");
    // Map<String, String> config = new HashMap<>();
    // config.put("site.key", "6LcFEAkTAAAAAOaY-5RJk3zIYw4AalNtqfac27Bn");
    // config.put("secret", "6LcFEAkTAAAAAM0SErEs9NlfhYpOTRj_vOVJSAMI");
    // captchaConfig.setConfig(config);
    // captchaConfig = realm.addAuthenticatorConfig(captchaConfig);
    execution = new AuthenticationExecutionModel();
    execution.setParentFlow(registrationFormFlow.getId());
    execution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
    execution.setAuthenticator("registration-recaptcha-action");
    execution.setPriority(60);
    execution.setAuthenticatorFlow(false);
    // execution.setAuthenticatorConfig(captchaConfig.getId());
    realm.addAuthenticatorExecution(execution);
}