Examples with AuthenticationFlowModel org.keycloak.models.AuthenticationFlowModel used on opensource projects

Example 26 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class AuthenticationManagementResource method removeExecution.

/**
 * Delete execution
 *
 * @param execution Execution id
 */
@Path("/executions/{executionId}")
@DELETE
@NoCache
public void removeExecution(@PathParam("executionId") String execution) {
    auth.realm().requireManageRealm();
    AuthenticationExecutionModel model = realm.getAuthenticationExecutionById(execution);
    if (model == null) {
        session.getTransactionManager().setRollbackOnly();
        throw new NotFoundException("Illegal execution");
    }
    AuthenticationFlowModel parentFlow = getParentFlow(model);
    if (parentFlow.isBuiltIn()) {
        throw new BadRequestException("It is illegal to remove execution from a built in flow");
    }
    if (model.getFlowId() != null) {
        AuthenticationFlowModel nonTopLevelFlow = realm.getAuthenticationFlowById(model.getFlowId());
        realm.removeAuthenticationFlow(nonTopLevelFlow);
    }
    realm.removeAuthenticatorExecution(model);
    adminEvent.operation(OperationType.DELETE).resource(ResourceType.AUTH_EXECUTION).resourcePath(session.getContext().getUri()).success();
}

Example 27 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class UserSessionLimitsTest method setupFlows.

@Before
public void setupFlows() {
    // Do this just once per class
    if (testContext.isInitialized()) {
        return;
    }
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName("test");
        if (realm.getBrowserFlow().getAlias().equals("parent-flow")) {
            return;
        }
        // Parent flow
        AuthenticationFlowModel browser = new AuthenticationFlowModel();
        browser.setAlias("parent-flow");
        browser.setDescription("browser based authentication");
        browser.setProviderId("basic-flow");
        browser.setTopLevel(true);
        browser.setBuiltIn(true);
        browser = realm.addAuthenticationFlow(browser);
        realm.setBrowserFlow(browser);
        // username password
        AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
        execution.setParentFlow(browser.getId());
        execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        execution.setAuthenticator(UsernamePasswordFormFactory.PROVIDER_ID);
        execution.setPriority(20);
        execution.setAuthenticatorFlow(false);
        realm.addAuthenticatorExecution(execution);
        // user session limits authenticator
        execution = new AuthenticationExecutionModel();
        execution.setParentFlow(browser.getId());
        execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        execution.setAuthenticator(UserSessionLimitsAuthenticatorFactory.USER_SESSION_LIMITS);
        execution.setPriority(30);
        execution.setAuthenticatorFlow(false);
        AuthenticatorConfigModel configModel = new AuthenticatorConfigModel();
        Map<String, String> sessionAuthenticatorConfig = new HashMap<>();
        sessionAuthenticatorConfig.put(UserSessionLimitsAuthenticatorFactory.BEHAVIOR, UserSessionLimitsAuthenticatorFactory.DENY_NEW_SESSION);
        sessionAuthenticatorConfig.put(UserSessionLimitsAuthenticatorFactory.USER_REALM_LIMIT, "1");
        sessionAuthenticatorConfig.put(UserSessionLimitsAuthenticatorFactory.USER_CLIENT_LIMIT, "1");
        sessionAuthenticatorConfig.put(UserSessionLimitsAuthenticatorFactory.ERROR_MESSAGE, ERROR_TO_DISPLAY);
        configModel.setConfig(sessionAuthenticatorConfig);
        configModel.setAlias("user-session-limits");
        configModel = realm.addAuthenticatorConfig(configModel);
        execution.setAuthenticatorConfig(configModel.getId());
        realm.addAuthenticatorExecution(execution);
    });
    testContext.setInitialized(true);
}

Example 28 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class FlowUtil method inFlow.

public FlowUtil inFlow(String alias, Consumer<FlowUtil> subFlowInitializer) {
    if (subFlowInitializer != null) {
        AuthenticationFlowModel flow = realm.getFlowByAlias(alias);
        if (flow == null) {
            throw new FlowUtilException("Can't find flow by alias: " + alias);
        }
        FlowUtil subFlow = newFlowUtil(flow);
        subFlowInitializer.accept(subFlow);
    }
    return this;
}

Example 29 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class AuthenticationSelectionResolver method getFlowIdOfTheHighestUsefulFlow.

/**
 * Return the flowId of the "highest" subflow, which we need to take into account when creating list of authentication mechanisms
 * shown to the user.
 *
 * For example during configuration of the authentication flow like this:
 * - WebAuthn:                 ALTERNATIVE
 * - Password-and-OTP subflow:  ALTERNATIVE
 *   - Password REQUIRED
 *   - OTP      REQUIRED
 *
 * and assuming that "execution" parameter is PasswordForm, we also need to take the higher subflow into account as user
 * should be able to choose among WebAuthn and Password
 *
 * @param processor
 * @param execution
 * @return
 */
private static String getFlowIdOfTheHighestUsefulFlow(AuthenticationProcessor processor, AuthenticationExecutionModel execution) {
    String flowId = null;
    RealmModel realm = processor.getRealm();
    while (true) {
        if (execution.isAlternative()) {
            // Consider parent flow as we need to get all alternative executions to be able to list their credentials
            flowId = execution.getParentFlow();
        } else if (execution.isRequired() || execution.isConditional()) {
            if (execution.isAuthenticatorFlow()) {
                flowId = execution.getFlowId();
            }
            // Find the corresponding execution. If it is 1st REQUIRED execution in the particular subflow, we need to consider parent flow as well
            List<AuthenticationExecutionModel> executions = realm.getAuthenticationExecutionsStream(execution.getParentFlow()).collect(Collectors.toList());
            int executionIndex = executions.indexOf(execution);
            if (executionIndex != 0) {
                return flowId;
            } else {
                flowId = execution.getParentFlow();
            }
        }
        AuthenticationFlowModel flow = realm.getAuthenticationFlowById(flowId);
        if (flow.isTopLevel()) {
            return flowId;
        }
        execution = realm.getAuthenticationExecutionByFlowId(flowId);
    }
}

Example 30 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class AuthorizeClientUtil method getAuthenticationProcessor.

public static AuthenticationProcessor getAuthenticationProcessor(KeycloakSession session, EventBuilder event) {
    RealmModel realm = session.getContext().getRealm();
    AuthenticationFlowModel clientAuthFlow = realm.getClientAuthenticationFlow();
    String flowId = clientAuthFlow.getId();
    AuthenticationProcessor processor = new AuthenticationProcessor();
    processor.setFlowId(flowId).setConnection(session.getContext().getConnection()).setEventBuilder(event).setRealm(realm).setSession(session).setUriInfo(session.getContext().getUri()).setRequest(session.getContext().getContextObject(HttpRequest.class));
    return processor;
}