Search in sources :

Example 51 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class MigrateTo8_0_2 method migrateAuthenticationFlowsWithAlternativeRequirements.

protected void migrateAuthenticationFlowsWithAlternativeRequirements(RealmModel realm) {
    for (AuthenticationFlowModel flow : realm.getAuthenticationFlowsStream().collect(Collectors.toList())) {
        List<AuthenticationExecutionModel> executions = realm.getAuthenticationExecutionsStream(flow.getId()).collect(Collectors.toList());
        Set<AuthenticationExecutionModel.Requirement> requirements = executions.stream().map(AuthenticationExecutionModel::getRequirement).collect(Collectors.toSet());
        // to try to preserve same behaviour as in previous versions
        if (requirements.contains(REQUIRED) || requirements.contains(CONDITIONAL) && requirements.contains(ALTERNATIVE)) {
            // Suffix used just to avoid name conflicts
            AtomicInteger suffix = new AtomicInteger(0);
            LinkedList<AuthenticationExecutionModel> alternativesToMigrate = new LinkedList<>();
            for (AuthenticationExecutionModel execution : executions) {
                if (AuthenticationExecutionModel.Requirement.ALTERNATIVE.equals(execution.getRequirement())) {
                    alternativesToMigrate.add(execution);
                }
                // If we have some REQUIRED then ALTERNATIVE and then REQUIRED/CONDITIONAL, we migrate the alternatives to the new subflow.
                if (REQUIRED.equals(execution.getRequirement()) || CONDITIONAL.equals(execution.getRequirement())) {
                    if (!alternativesToMigrate.isEmpty()) {
                        migrateAlternatives(realm, flow, alternativesToMigrate, suffix.get());
                        suffix.addAndGet(1);
                        alternativesToMigrate.clear();
                    }
                }
            }
            if (!alternativesToMigrate.isEmpty()) {
                migrateAlternatives(realm, flow, alternativesToMigrate, suffix.get());
            }
        }
    }
}
Also used : Requirement(org.keycloak.models.AuthenticationExecutionModel.Requirement) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) LinkedList(java.util.LinkedList)

Example 52 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class MigrateTo8_0_2 method migrateAlternatives.

private void migrateAlternatives(RealmModel realm, AuthenticationFlowModel parentFlow, LinkedList<AuthenticationExecutionModel> alternativesToMigrate, int suffix) {
    LOG.debugf("Migrating %d ALTERNATIVE executions in the flow '%s' of realm '%s' to separate subflow", alternativesToMigrate.size(), parentFlow.getAlias(), realm.getName());
    AuthenticationFlowModel newFlow = new AuthenticationFlowModel();
    newFlow.setTopLevel(false);
    newFlow.setBuiltIn(parentFlow.isBuiltIn());
    newFlow.setAlias(parentFlow.getAlias() + " - Alternatives - " + suffix);
    newFlow.setDescription("Subflow of " + parentFlow.getAlias() + " with alternative executions");
    newFlow.setProviderId("basic-flow");
    newFlow = realm.addAuthenticationFlow(newFlow);
    AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
    execution.setParentFlow(parentFlow.getId());
    execution.setRequirement(REQUIRED);
    execution.setFlowId(newFlow.getId());
    // Use same priority as the first ALTERNATIVE as new execution will defacto replace it in the parent flow
    execution.setPriority(alternativesToMigrate.getFirst().getPriority());
    execution.setAuthenticatorFlow(true);
    realm.addAuthenticatorExecution(execution);
    int priority = 0;
    for (AuthenticationExecutionModel ex : alternativesToMigrate) {
        priority += 10;
        ex.setParentFlow(newFlow.getId());
        ex.setPriority(priority);
        realm.updateAuthenticatorExecution(ex);
    }
}
Also used : AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)

Example 53 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class MigrateTo1_7_0 method migrateRealm.

protected void migrateRealm(KeycloakSession session, RealmModel realm) {
    // Set default accessToken timeout for implicit flow
    realm.setAccessTokenLifespanForImplicitFlow(Constants.DEFAULT_ACCESS_TOKEN_LIFESPAN_FOR_IMPLICIT_FLOW_TIMEOUT);
    // Add 'admin-cli' builtin client
    MigrationProvider migrationProvider = session.getProvider(MigrationProvider.class);
    migrationProvider.setupAdminCli(realm);
    // add firstBrokerLogin flow and set it to all identityProviders
    DefaultAuthenticationFlows.migrateFlows(realm);
    AuthenticationFlowModel firstBrokerLoginFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.FIRST_BROKER_LOGIN_FLOW);
    realm.getIdentityProvidersStream().filter(provider -> provider.getFirstBrokerLoginFlowId() == null).forEach(provider -> {
        provider.setFirstBrokerLoginFlowId(firstBrokerLoginFlow.getId());
        realm.updateIdentityProvider(provider);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ModelVersion(org.keycloak.migration.ModelVersion) Constants(org.keycloak.models.Constants) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) KeycloakSession(org.keycloak.models.KeycloakSession) MigrationProvider(org.keycloak.migration.MigrationProvider) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) DefaultAuthenticationFlows(org.keycloak.models.utils.DefaultAuthenticationFlows) MigrationProvider(org.keycloak.migration.MigrationProvider) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)

Example 54 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class AuthenticationFlowResolver method resolveBrowserFlow.

public static AuthenticationFlowModel resolveBrowserFlow(AuthenticationSessionModel authSession) {
    AuthenticationFlowModel flow = null;
    ClientModel client = authSession.getClient();
    String clientFlow = client.getAuthenticationFlowBindingOverride(AuthenticationFlowBindings.BROWSER_BINDING);
    if (clientFlow != null) {
        flow = authSession.getRealm().getAuthenticationFlowById(clientFlow);
        if (flow == null) {
            throw new ModelException("Client " + client.getClientId() + " has browser flow override, but this flow does not exist");
        }
        return flow;
    }
    return authSession.getRealm().getBrowserFlow();
}
Also used : ClientModel(org.keycloak.models.ClientModel) ModelException(org.keycloak.models.ModelException) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)

Example 55 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class MigrateTo8_0_0 method migrateOptionalAuthenticationExecution.

public static void migrateOptionalAuthenticationExecution(RealmModel realm, AuthenticationFlowModel parentFlow, AuthenticationExecutionModel optionalExecution, boolean updateOptionalExecution) {
    LOG.debugf("Migrating optional execution '%s' of flow '%s' of realm '%s' to subflow", optionalExecution.getAuthenticator(), parentFlow.getAlias(), realm.getName());
    AuthenticationFlowModel conditionalOTP = new AuthenticationFlowModel();
    conditionalOTP.setTopLevel(false);
    conditionalOTP.setBuiltIn(parentFlow.isBuiltIn());
    conditionalOTP.setAlias(parentFlow.getAlias() + " - " + optionalExecution.getAuthenticator() + " - Conditional");
    conditionalOTP.setDescription("Flow to determine if the " + optionalExecution.getAuthenticator() + " authenticator should be used or not.");
    conditionalOTP.setProviderId("basic-flow");
    conditionalOTP = realm.addAuthenticationFlow(conditionalOTP);
    AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
    execution.setParentFlow(parentFlow.getId());
    execution.setRequirement(AuthenticationExecutionModel.Requirement.CONDITIONAL);
    execution.setFlowId(conditionalOTP.getId());
    execution.setPriority(optionalExecution.getPriority());
    execution.setAuthenticatorFlow(true);
    realm.addAuthenticatorExecution(execution);
    execution = new AuthenticationExecutionModel();
    execution.setParentFlow(conditionalOTP.getId());
    execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
    execution.setAuthenticator("conditional-user-configured");
    execution.setPriority(10);
    execution.setAuthenticatorFlow(false);
    realm.addAuthenticatorExecution(execution);
    // Move optionalExecution as child of newly created parent flow
    optionalExecution.setParentFlow(conditionalOTP.getId());
    optionalExecution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
    optionalExecution.setPriority(20);
    // In case of JSON migration, the execution is not yet in DB and will be added later
    if (updateOptionalExecution) {
        realm.updateAuthenticatorExecution(optionalExecution);
    }
}
Also used : AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)

Aggregations

AuthenticationFlowModel (org.keycloak.models.AuthenticationFlowModel)60 AuthenticationExecutionModel (org.keycloak.models.AuthenticationExecutionModel)32 Path (javax.ws.rs.Path)14 RealmModel (org.keycloak.models.RealmModel)13 NoCache (org.jboss.resteasy.annotations.cache.NoCache)12 NotFoundException (javax.ws.rs.NotFoundException)9 AuthenticatorConfigModel (org.keycloak.models.AuthenticatorConfigModel)8 Consumes (javax.ws.rs.Consumes)7 POST (javax.ws.rs.POST)7 AuthenticationProcessor (org.keycloak.authentication.AuthenticationProcessor)7 BadRequestException (javax.ws.rs.BadRequestException)6 Produces (javax.ws.rs.Produces)6 Before (org.junit.Before)5 ClientModel (org.keycloak.models.ClientModel)5 HashMap (java.util.HashMap)4 GET (javax.ws.rs.GET)4 Response (javax.ws.rs.core.Response)3 IdentityProviderModel (org.keycloak.models.IdentityProviderModel)3 ModelException (org.keycloak.models.ModelException)3 ArrayList (java.util.ArrayList)2