Examples with AuthenticationFlowModel org.keycloak.models.AuthenticationFlowModel used on opensource projects

Example 31 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class RepresentationToModel method toModel.

public static AuthenticationFlowModel toModel(AuthenticationFlowRepresentation rep) {
    AuthenticationFlowModel model = new AuthenticationFlowModel();
    model.setId(rep.getId());
    model.setBuiltIn(rep.isBuiltIn());
    model.setTopLevel(rep.isTopLevel());
    model.setProviderId(rep.getProviderId());
    model.setAlias(rep.getAlias());
    model.setDescription(rep.getDescription());
    return model;
}

Example 32 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class AuthorizationEndpointBase method handleBrowserAuthenticationRequest.

/**
 * Common method to handle browser authentication request in protocols unified way.
 *
 * @param authSession for current request
 * @param protocol handler for protocol used to initiate login
 * @param isPassive set to true if login should be passive (without login screen shown)
 * @param redirectToAuthentication if true redirect to flow url.  If initial call to protocol is a POST, you probably want to do this.  This is so we can disable the back button on browser
 * @return response to be returned to the browser
 */
protected Response handleBrowserAuthenticationRequest(AuthenticationSessionModel authSession, LoginProtocol protocol, boolean isPassive, boolean redirectToAuthentication) {
    AuthenticationFlowModel flow = getAuthenticationFlow(authSession);
    String flowId = flow.getId();
    AuthenticationProcessor processor = createProcessor(authSession, flowId, LoginActionsService.AUTHENTICATE_PATH);
    event.detail(Details.CODE_ID, authSession.getParentSession().getId());
    if (isPassive) {
        // We cancel login if any authentication action or required action is required
        try {
            Response challenge = processor.authenticateOnly();
            if (challenge == null) {
            // nothing to do - user is already authenticated;
            } else {
                // KEYCLOAK-8043: forward the request with prompt=none to the default provider.
                if ("true".equals(authSession.getAuthNote(AuthenticationProcessor.FORWARDED_PASSIVE_LOGIN))) {
                    RestartLoginCookie.setRestartCookie(session, realm, clientConnection, session.getContext().getUri(), authSession);
                    if (redirectToAuthentication) {
                        return processor.redirectToFlow();
                    }
                    // no need to trigger authenticate, just return the challenge we got from authenticateOnly.
                    return challenge;
                } else {
                    Response response = protocol.sendError(authSession, Error.PASSIVE_LOGIN_REQUIRED);
                    return response;
                }
            }
            AuthenticationManager.setClientScopesInSession(authSession);
            if (processor.nextRequiredAction() != null) {
                Response response = protocol.sendError(authSession, Error.PASSIVE_INTERACTION_REQUIRED);
                return response;
            }
        } catch (Exception e) {
            return processor.handleBrowserException(e);
        }
        return processor.finishAuthentication(protocol);
    } else {
        try {
            RestartLoginCookie.setRestartCookie(session, realm, clientConnection, session.getContext().getUri(), authSession);
            if (redirectToAuthentication) {
                return processor.redirectToFlow();
            }
            return processor.authenticate();
        } catch (Exception e) {
            return processor.handleBrowserException(e);
        }
    }
}

Example 33 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class AuthenticationManagementResource method addExecutionToFlow.

/**
 * Add new authentication execution to a flow
 *
 * @param flowAlias Alias of parent flow
 * @param data New execution JSON data containing 'provider' attribute
 */
@Path("/flows/{flowAlias}/executions/execution")
@POST
@NoCache
@Consumes(MediaType.APPLICATION_JSON)
public Response addExecutionToFlow(@PathParam("flowAlias") String flowAlias, Map<String, String> data) {
    auth.realm().requireManageRealm();
    AuthenticationFlowModel parentFlow = realm.getFlowByAlias(flowAlias);
    if (parentFlow == null) {
        throw new BadRequestException("Parent flow doesn't exist");
    }
    if (parentFlow.isBuiltIn()) {
        throw new BadRequestException("It is illegal to add execution to a built in flow");
    }
    String provider = data.get("provider");
    // make sure provider is one of the registered providers
    ProviderFactory f;
    if (parentFlow.getProviderId().equals(AuthenticationFlow.CLIENT_FLOW)) {
        f = session.getKeycloakSessionFactory().getProviderFactory(ClientAuthenticator.class, provider);
    } else if (parentFlow.getProviderId().equals(AuthenticationFlow.FORM_FLOW)) {
        f = session.getKeycloakSessionFactory().getProviderFactory(FormAction.class, provider);
    } else {
        f = session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, provider);
    }
    if (f == null) {
        throw new BadRequestException("No authentication provider found for id: " + provider);
    }
    AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
    execution.setParentFlow(parentFlow.getId());
    ConfigurableAuthenticatorFactory conf = (ConfigurableAuthenticatorFactory) f;
    if (conf.getRequirementChoices().length == 1)
        execution.setRequirement(conf.getRequirementChoices()[0]);
    else
        execution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
    execution.setAuthenticatorFlow(false);
    execution.setAuthenticator(provider);
    execution.setPriority(getNextPriority(parentFlow));
    execution = realm.addAuthenticatorExecution(execution);
    data.put("id", execution.getId());
    adminEvent.operation(OperationType.CREATE).resource(ResourceType.AUTH_EXECUTION).resourcePath(session.getContext().getUri()).representation(data).success();
    String addExecutionPathSegment = UriBuilder.fromMethod(AuthenticationManagementResource.class, "addExecutionToFlow").build(parentFlow.getAlias()).getPath();
    return Response.created(session.getContext().getUri().getBaseUriBuilder().path(session.getContext().getUri().getPath().replace(addExecutionPathSegment, "")).path("executions").path(execution.getId()).build()).build();
}

Example 34 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class AuthenticationManagementResource method recurseExecutions.

public void recurseExecutions(AuthenticationFlowModel flow, List<AuthenticationExecutionInfoRepresentation> result, int level) {
    AtomicInteger index = new AtomicInteger(0);
    realm.getAuthenticationExecutionsStream(flow.getId()).forEachOrdered(execution -> {
        AuthenticationExecutionInfoRepresentation rep = new AuthenticationExecutionInfoRepresentation();
        rep.setLevel(level);
        rep.setIndex(index.getAndIncrement());
        rep.setRequirementChoices(new LinkedList<>());
        if (execution.isAuthenticatorFlow()) {
            AuthenticationFlowModel flowRef = realm.getAuthenticationFlowById(execution.getFlowId());
            if (AuthenticationFlow.BASIC_FLOW.equals(flowRef.getProviderId())) {
                rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.REQUIRED.name());
                rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.ALTERNATIVE.name());
                rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.DISABLED.name());
                rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.CONDITIONAL.name());
            } else if (AuthenticationFlow.FORM_FLOW.equals(flowRef.getProviderId())) {
                rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.REQUIRED.name());
                rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.DISABLED.name());
                rep.setProviderId(execution.getAuthenticator());
                rep.setAuthenticationConfig(execution.getAuthenticatorConfig());
            } else if (AuthenticationFlow.CLIENT_FLOW.equals(flowRef.getProviderId())) {
                rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.ALTERNATIVE.name());
                rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.REQUIRED.name());
                rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.DISABLED.name());
            }
            rep.setDisplayName(flowRef.getAlias());
            rep.setDescription(flowRef.getDescription());
            rep.setConfigurable(false);
            rep.setId(execution.getId());
            rep.setAuthenticationFlow(execution.isAuthenticatorFlow());
            rep.setRequirement(execution.getRequirement().name());
            rep.setFlowId(execution.getFlowId());
            result.add(rep);
            AuthenticationFlowModel subFlow = realm.getAuthenticationFlowById(execution.getFlowId());
            recurseExecutions(subFlow, result, level + 1);
        } else {
            String providerId = execution.getAuthenticator();
            ConfigurableAuthenticatorFactory factory = CredentialHelper.getConfigurableAuthenticatorFactory(session, providerId);
            if (factory == null) {
                logger.warnf("Cannot find authentication provider implementation with provider ID '%s'", providerId);
                throw new NotFoundException("Could not find authenticator provider");
            }
            rep.setDisplayName(factory.getDisplayType());
            rep.setConfigurable(factory.isConfigurable());
            for (AuthenticationExecutionModel.Requirement choice : factory.getRequirementChoices()) {
                rep.getRequirementChoices().add(choice.name());
            }
            rep.setId(execution.getId());
            if (factory.isConfigurable()) {
                String authenticatorConfigId = execution.getAuthenticatorConfig();
                if (authenticatorConfigId != null) {
                    AuthenticatorConfigModel authenticatorConfig = realm.getAuthenticatorConfigById(authenticatorConfigId);
                    if (authenticatorConfig != null) {
                        rep.setAlias(authenticatorConfig.getAlias());
                    }
                }
            }
            rep.setRequirement(execution.getRequirement().name());
            rep.setProviderId(execution.getAuthenticator());
            rep.setAuthenticationConfig(execution.getAuthenticatorConfig());
            result.add(rep);
        }
    });
}

Example 35 with AuthenticationFlowModel

use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.

the class AuthenticationManagementResource method copyFlow.

public static AuthenticationFlowModel copyFlow(RealmModel realm, AuthenticationFlowModel flow, String newName) {
    AuthenticationFlowModel copy = new AuthenticationFlowModel();
    copy.setAlias(newName);
    copy.setDescription(flow.getDescription());
    copy.setProviderId(flow.getProviderId());
    copy.setBuiltIn(false);
    copy.setTopLevel(flow.isTopLevel());
    copy = realm.addAuthenticationFlow(copy);
    copy(realm, newName, flow, copy);
    return copy;
}