Examples with AuthenticationFlowModel org.keycloak.models.AuthenticationFlowModel used on opensource projects

Search in sources :

Example 11 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class BrokerRunOnServerUtil method configureAutoLinkFlow.

static RunOnServer configureAutoLinkFlow(String idpAlias) {
    return (session -> {
        RealmModel appRealm = session.getContext().getRealm();
        AuthenticationFlowModel newFlow = new AuthenticationFlowModel();
        newFlow.setAlias("AutoLink");
        newFlow.setDescription("AutoLink");
        newFlow.setProviderId("basic-flow");
        newFlow.setBuiltIn(false);
        newFlow.setTopLevel(true);
        newFlow = appRealm.addAuthenticationFlow(newFlow);
        AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
        execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        execution.setAuthenticatorFlow(false);
        execution.setAuthenticator("idp-create-user-if-unique");
        execution.setPriority(1);
        execution.setParentFlow(newFlow.getId());
        execution = appRealm.addAuthenticatorExecution(execution);
        AuthenticationExecutionModel execution2 = new AuthenticationExecutionModel();
        execution2.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        execution2.setAuthenticatorFlow(false);
        execution2.setAuthenticator("idp-auto-link");
        execution2.setPriority(2);
        execution2.setParentFlow(newFlow.getId());
        execution2 = appRealm.addAuthenticatorExecution(execution2);
        IdentityProviderModel idp = appRealm.getIdentityProviderByAlias(idpAlias);
        idp.setFirstBrokerLoginFlowId(newFlow.getId());
        appRealm.updateIdentityProvider(idp);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) IdentityProviderModel(org.keycloak.models.IdentityProviderModel)

Example 12 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class BrokerRunOnServerUtil method configureBrokerFlowToReAuthenticationWithPasswordOrTotp.

// Configure the variant of firstBrokerLogin flow, which will allow to reauthenticate user with password OR totp
// TOTP will be available just if configured for the user
static void configureBrokerFlowToReAuthenticationWithPasswordOrTotp(KeycloakTestingClient testingClient, String consumerRealmName, String idpAlias, String newFlowAlias) {
    testingClient.server(consumerRealmName).run(session -> FlowUtil.inCurrentRealm(session).copyFirstBrokerLoginFlow(newFlowAlias));
    testingClient.server(consumerRealmName).run(session -> {
        AuthenticationFlowModel flowModel = FlowUtil.createFlowModel("password or otp", "basic-flow", "Flow to authenticate user with password or otp", false, true);
        FlowUtil.inCurrentRealm(session).selectFlow(newFlowAlias).inVerifyExistingAccountByReAuthentication(flowUtil -> flowUtil.clear().addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.REQUIRED, IdpAutoLinkAuthenticatorFactory.PROVIDER_ID).addSubFlowExecution(flowModel, AuthenticationExecutionModel.Requirement.REQUIRED, subFlow -> subFlow.addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.ALTERNATIVE, PasswordFormFactory.PROVIDER_ID).addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.ALTERNATIVE, OTPFormAuthenticatorFactory.PROVIDER_ID))).usesInIdentityProvider(idpAlias);
    });
}
Also used : ClientModel(org.keycloak.models.ClientModel) RealmModel(org.keycloak.models.RealmModel) Constants(org.keycloak.models.Constants) RoleModel(org.keycloak.models.RoleModel) IdentityProviderModel(org.keycloak.models.IdentityProviderModel) UserSessionModel(org.keycloak.models.UserSessionModel) KeycloakTestingClient(org.keycloak.testsuite.client.KeycloakTestingClient) PasswordFormFactory(org.keycloak.authentication.authenticators.browser.PasswordFormFactory) OTPFormAuthenticatorFactory(org.keycloak.authentication.authenticators.browser.OTPFormAuthenticatorFactory) List(java.util.List) UserModel(org.keycloak.models.UserModel) IdpAutoLinkAuthenticatorFactory(org.keycloak.authentication.authenticators.broker.IdpAutoLinkAuthenticatorFactory) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) FlowUtil(org.keycloak.testsuite.util.FlowUtil) RunOnServer(org.keycloak.testsuite.runonserver.RunOnServer) Assert.assertEquals(org.junit.Assert.assertEquals) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)

Example 13 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class TestingResourceProvider method getResetCredFlow.

@GET
@Path("/get-reset-cred-flow")
@Produces(MediaType.APPLICATION_JSON)
public AuthenticationFlowRepresentation getResetCredFlow(@QueryParam("realmName") String realmName) {
    RealmModel realm = getRealmByName(realmName);
    AuthenticationFlowModel flow = realm.getResetCredentialsFlow();
    if (flow == null)
        return null;
    return ModelToRepresentation.toRepresentation(realm, flow);
}
Also used : RealmModel(org.keycloak.models.RealmModel) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Example 14 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class ChallengeFlowTest method setupFlows.

@Before
public void setupFlows() {
    SerializableApplicationData serializedApplicationData = new SerializableApplicationData(oauth.APP_AUTH_ROOT, oauth.APP_ROOT + "/admin", oauth.APP_AUTH_ROOT + "/*");
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName("test");
        ClientModel client = session.clients().getClientByClientId(realm, "test-app-flow");
        if (client != null) {
            return;
        }
        // Parent flow
        AuthenticationFlowModel browser = new AuthenticationFlowModel();
        browser.setAlias("cli-challenge");
        browser.setDescription("challenge based authentication");
        browser.setProviderId("basic-flow");
        browser.setTopLevel(true);
        browser.setBuiltIn(true);
        browser = realm.addAuthenticationFlow(browser);
        // Subflow2 - push the button
        AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
        execution.setParentFlow(browser.getId());
        execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        execution.setAuthenticator(ConsoleUsernamePasswordAuthenticatorFactory.PROVIDER_ID);
        execution.setPriority(10);
        execution.setAuthenticatorFlow(false);
        realm.addAuthenticatorExecution(execution);
        client = realm.addClient(TEST_APP_FLOW);
        client.setSecret("password");
        client.setBaseUrl(serializedApplicationData.applicationBaseUrl);
        client.setManagementUrl(serializedApplicationData.applicationManagementUrl);
        client.setEnabled(true);
        client.addRedirectUri(serializedApplicationData.applicationRedirectUrl);
        client.addRedirectUri("urn:ietf:wg:oauth:2.0:oob");
        client.setAuthenticationFlowBindingOverride(AuthenticationFlowBindings.BROWSER_BINDING, browser.getId());
        client.setPublicClient(false);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ClientModel(org.keycloak.models.ClientModel) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) Before(org.junit.Before)

Example 15 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class FlowOverrideTest method setupFlows.

@Before
public void setupFlows() {
    SerializableApplicationData serializedApplicationData = new SerializableApplicationData(oauth.APP_AUTH_ROOT, oauth.APP_ROOT + "/admin", oauth.APP_AUTH_ROOT + "/*");
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName("test");
        ClientModel client = session.clients().getClientByClientId(realm, "test-app-flow");
        if (client != null) {
            return;
        }
        client = session.clients().getClientByClientId(realm, "test-app");
        client.setDirectAccessGrantsEnabled(true);
        // Parent flow
        AuthenticationFlowModel browser = new AuthenticationFlowModel();
        browser.setAlias("parent-flow");
        browser.setDescription("browser based authentication");
        browser.setProviderId("basic-flow");
        browser.setTopLevel(true);
        browser.setBuiltIn(true);
        browser = realm.addAuthenticationFlow(browser);
        // Subflow2
        AuthenticationFlowModel subflow2 = new AuthenticationFlowModel();
        subflow2.setTopLevel(false);
        subflow2.setBuiltIn(true);
        subflow2.setAlias("subflow-2");
        subflow2.setDescription("username+password AND pushButton");
        subflow2.setProviderId("basic-flow");
        subflow2 = realm.addAuthenticationFlow(subflow2);
        AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
        execution.setParentFlow(browser.getId());
        execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        execution.setFlowId(subflow2.getId());
        execution.setPriority(20);
        execution.setAuthenticatorFlow(true);
        realm.addAuthenticatorExecution(execution);
        // Subflow2 - push the button
        execution = new AuthenticationExecutionModel();
        execution.setParentFlow(subflow2.getId());
        execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        execution.setAuthenticator(PushButtonAuthenticatorFactory.PROVIDER_ID);
        execution.setPriority(10);
        execution.setAuthenticatorFlow(false);
        realm.addAuthenticatorExecution(execution);
        // Subflow2 - username-password
        execution = new AuthenticationExecutionModel();
        execution.setParentFlow(subflow2.getId());
        execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        execution.setAuthenticator(UsernamePasswordFormFactory.PROVIDER_ID);
        execution.setPriority(20);
        execution.setAuthenticatorFlow(false);
        realm.addAuthenticatorExecution(execution);
        client = realm.addClient(TEST_APP_FLOW);
        client.setSecret("password");
        client.setBaseUrl(serializedApplicationData.applicationBaseUrl);
        client.setManagementUrl(serializedApplicationData.applicationManagementUrl);
        client.setEnabled(true);
        client.addRedirectUri(serializedApplicationData.applicationRedirectUrl);
        client.setAuthenticationFlowBindingOverride(AuthenticationFlowBindings.BROWSER_BINDING, browser.getId());
        client.setPublicClient(false);
        // Parent flow
        AuthenticationFlowModel directGrant = new AuthenticationFlowModel();
        directGrant.setAlias("direct-override-flow");
        directGrant.setDescription("direct grant based authentication");
        directGrant.setProviderId("basic-flow");
        directGrant.setTopLevel(true);
        directGrant.setBuiltIn(true);
        directGrant = realm.addAuthenticationFlow(directGrant);
        execution = new AuthenticationExecutionModel();
        execution.setParentFlow(directGrant.getId());
        execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        execution.setAuthenticator(UsernameOnlyAuthenticator.PROVIDER_ID);
        execution.setPriority(10);
        execution.setAuthenticatorFlow(false);
        realm.addAuthenticatorExecution(execution);
        AuthenticationFlowModel challengeOTP = new AuthenticationFlowModel();
        challengeOTP.setAlias("challenge-override-flow");
        challengeOTP.setDescription("challenge grant based authentication");
        challengeOTP.setProviderId("basic-flow");
        challengeOTP.setTopLevel(true);
        challengeOTP.setBuiltIn(true);
        challengeOTP = realm.addAuthenticationFlow(challengeOTP);
        execution = new AuthenticationExecutionModel();
        execution.setParentFlow(challengeOTP.getId());
        execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        execution.setAuthenticator(BasicAuthOTPAuthenticatorFactory.PROVIDER_ID);
        execution.setPriority(10);
        realm.addAuthenticatorExecution(execution);
        client = realm.addClient(TEST_APP_DIRECT_OVERRIDE);
        client.setSecret("password");
        client.setBaseUrl(serializedApplicationData.applicationBaseUrl);
        client.setManagementUrl(serializedApplicationData.applicationManagementUrl);
        client.setEnabled(true);
        client.addRedirectUri(serializedApplicationData.applicationRedirectUrl);
        client.setPublicClient(false);
        client.setDirectAccessGrantsEnabled(true);
        client.setAuthenticationFlowBindingOverride(AuthenticationFlowBindings.BROWSER_BINDING, browser.getId());
        client.setAuthenticationFlowBindingOverride(AuthenticationFlowBindings.DIRECT_GRANT_BINDING, directGrant.getId());
        client = realm.addClient(TEST_APP_HTTP_CHALLENGE);
        client.setSecret("password");
        client.setBaseUrl(serializedApplicationData.applicationBaseUrl);
        client.setManagementUrl(serializedApplicationData.applicationManagementUrl);
        client.setEnabled(true);
        client.addRedirectUri(serializedApplicationData.applicationRedirectUrl);
        client.setPublicClient(true);
        client.setDirectAccessGrantsEnabled(true);
        client.setAuthenticationFlowBindingOverride(AuthenticationFlowBindings.DIRECT_GRANT_BINDING, realm.getFlowByAlias("http challenge").getId());
        client.setAuthenticationFlowBindingOverride(AuthenticationFlowBindings.BROWSER_BINDING, realm.getFlowByAlias("http challenge").getId());
        client = realm.addClient(TEST_APP_HTTP_CHALLENGE_OTP);
        client.setSecret("password");
        client.setBaseUrl("http://localhost:8180/auth/realms/master/app/auth");
        client.setManagementUrl("http://localhost:8180/auth/realms/master/app/admin");
        client.setEnabled(true);
        client.addRedirectUri("http://localhost:8180/auth/realms/master/app/auth/*");
        client.setPublicClient(true);
        client.setDirectAccessGrantsEnabled(true);
        client.setAuthenticationFlowBindingOverride(AuthenticationFlowBindings.DIRECT_GRANT_BINDING, realm.getFlowByAlias("challenge-override-flow").getId());
        client.setAuthenticationFlowBindingOverride(AuthenticationFlowBindings.BROWSER_BINDING, realm.getFlowByAlias("challenge-override-flow").getId());
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ClientModel(org.keycloak.models.ClientModel) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) Before(org.junit.Before)

Aggregations

AuthenticationFlowModel (org.keycloak.models.AuthenticationFlowModel)60 AuthenticationExecutionModel (org.keycloak.models.AuthenticationExecutionModel)32 Path (javax.ws.rs.Path)14 RealmModel (org.keycloak.models.RealmModel)13 NoCache (org.jboss.resteasy.annotations.cache.NoCache)12 NotFoundException (javax.ws.rs.NotFoundException)9 AuthenticatorConfigModel (org.keycloak.models.AuthenticatorConfigModel)8 Consumes (javax.ws.rs.Consumes)7 POST (javax.ws.rs.POST)7 AuthenticationProcessor (org.keycloak.authentication.AuthenticationProcessor)7 BadRequestException (javax.ws.rs.BadRequestException)6 Produces (javax.ws.rs.Produces)6 Before (org.junit.Before)5 ClientModel (org.keycloak.models.ClientModel)5 HashMap (java.util.HashMap)4 GET (javax.ws.rs.GET)4 Response (javax.ws.rs.core.Response)3 IdentityProviderModel (org.keycloak.models.IdentityProviderModel)3 ModelException (org.keycloak.models.ModelException)3 ArrayList (java.util.ArrayList)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial