Example 41 with AuthenticationFlowModel
use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.
the class AuthenticatorSubflowsTest method setupFlows.
@Before
public void setupFlows() {
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("test");
if (realm.getBrowserFlow().getAlias().equals("parent-flow")) {
return;
}
// Parent flow
AuthenticationFlowModel browser = new AuthenticationFlowModel();
browser.setAlias("parent-flow");
browser.setDescription("browser based authentication");
browser.setProviderId("basic-flow");
browser.setTopLevel(true);
browser.setBuiltIn(true);
browser = realm.addAuthenticationFlow(browser);
realm.setBrowserFlow(browser);
// Subflow1
AuthenticationFlowModel subflow1 = new AuthenticationFlowModel();
subflow1.setTopLevel(false);
subflow1.setBuiltIn(true);
subflow1.setAlias("subflow-1");
subflow1.setDescription("Parameter 'foo=bar1' AND username+password");
subflow1.setProviderId("basic-flow");
subflow1 = realm.addAuthenticationFlow(subflow1);
AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
execution.setParentFlow(browser.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
execution.setFlowId(subflow1.getId());
execution.setPriority(10);
execution.setAuthenticatorFlow(true);
realm.addAuthenticatorExecution(execution);
// Subflow1 - foo=bar1
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow1.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(ExpectedParamAuthenticatorFactory.PROVIDER_ID);
execution.setPriority(10);
execution.setAuthenticatorFlow(false);
AuthenticatorConfigModel configModel = new AuthenticatorConfigModel();
configModel.setAlias("bar1");
Map<String, String> config = new HashMap<>();
config.put(ExpectedParamAuthenticator.EXPECTED_VALUE, "bar1");
configModel.setConfig(config);
configModel = realm.addAuthenticatorConfig(configModel);
execution.setAuthenticatorConfig(configModel.getId());
realm.addAuthenticatorExecution(execution);
// Subflow1 - username password
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow1.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(UsernamePasswordFormFactory.PROVIDER_ID);
execution.setPriority(20);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
// Subflow2
AuthenticationFlowModel subflow2 = new AuthenticationFlowModel();
subflow2.setTopLevel(false);
subflow2.setBuiltIn(true);
subflow2.setAlias("subflow-2");
subflow2.setDescription("username+password AND pushButton");
subflow2.setProviderId("basic-flow");
subflow2 = realm.addAuthenticationFlow(subflow2);
execution = new AuthenticationExecutionModel();
execution.setParentFlow(browser.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
execution.setFlowId(subflow2.getId());
execution.setPriority(20);
execution.setAuthenticatorFlow(true);
realm.addAuthenticatorExecution(execution);
// Subflow2 - push the button
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow2.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(PushButtonAuthenticatorFactory.PROVIDER_ID);
execution.setPriority(10);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
// Subflow2 - username-password
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow2.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(UsernamePasswordFormFactory.PROVIDER_ID);
execution.setPriority(20);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
// Subflow3
AuthenticationFlowModel subflow3 = new AuthenticationFlowModel();
subflow3.setTopLevel(false);
subflow3.setBuiltIn(true);
subflow3.setAlias("subflow-3");
subflow3.setDescription("alternative subflow with child subflows");
subflow3.setProviderId("basic-flow");
subflow3 = realm.addAuthenticationFlow(subflow3);
execution = new AuthenticationExecutionModel();
execution.setParentFlow(browser.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
execution.setFlowId(subflow3.getId());
execution.setPriority(30);
execution.setAuthenticatorFlow(true);
realm.addAuthenticatorExecution(execution);
// Subflow3-1
AuthenticationFlowModel subflow31 = new AuthenticationFlowModel();
subflow31.setTopLevel(false);
subflow31.setBuiltIn(true);
subflow31.setAlias("subflow-31");
subflow31.setDescription("subflow-31");
subflow31.setProviderId("basic-flow");
subflow31 = realm.addAuthenticationFlow(subflow31);
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow3.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
execution.setFlowId(subflow31.getId());
execution.setPriority(10);
execution.setAuthenticatorFlow(true);
realm.addAuthenticatorExecution(execution);
// Subflow3-1 - foo=bar2
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow31.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(ExpectedParamAuthenticatorFactory.PROVIDER_ID);
execution.setPriority(10);
execution.setAuthenticatorFlow(false);
configModel = new AuthenticatorConfigModel();
configModel.setAlias("bar2");
config = new HashMap<>();
config.put(ExpectedParamAuthenticator.EXPECTED_VALUE, "bar2");
config.put(ExpectedParamAuthenticator.LOGGED_USER, "john-doh@localhost");
configModel.setConfig(config);
configModel = realm.addAuthenticatorConfig(configModel);
execution.setAuthenticatorConfig(configModel.getId());
realm.addAuthenticatorExecution(execution);
// Subflow3-1 - push the button
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow31.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(PushButtonAuthenticatorFactory.PROVIDER_ID);
execution.setPriority(20);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
// Subflow3 - foo=bar3
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow3.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
execution.setAuthenticator(ExpectedParamAuthenticatorFactory.PROVIDER_ID);
execution.setPriority(20);
execution.setAuthenticatorFlow(false);
configModel = new AuthenticatorConfigModel();
configModel.setAlias("bar3");
config = new HashMap<>();
config.put(ExpectedParamAuthenticator.EXPECTED_VALUE, "bar3");
config.put(ExpectedParamAuthenticator.LOGGED_USER, "keycloak-user@localhost");
configModel.setConfig(config);
configModel = realm.addAuthenticatorConfig(configModel);
execution.setAuthenticatorConfig(configModel.getId());
realm.addAuthenticatorExecution(execution);
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
HashMap(java.util.HashMap)
AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)
AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)
AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)
Before(org.junit.Before)
Example 42 with AuthenticationFlowModel
use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.
the class AuthenticatorSubflowsTest2 method setupFlows.
@Before
public void setupFlows() {
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("test");
if (realm.getBrowserFlow().getAlias().equals("parent-flow")) {
return;
}
// Parent flow
AuthenticationFlowModel browser = new AuthenticationFlowModel();
browser.setAlias("parent-flow");
browser.setDescription("browser based authentication");
browser.setProviderId("basic-flow");
browser.setTopLevel(true);
browser.setBuiltIn(true);
browser = realm.addAuthenticationFlow(browser);
realm.setBrowserFlow(browser);
// Subflow1
AuthenticationFlowModel subflow1 = new AuthenticationFlowModel();
subflow1.setTopLevel(false);
subflow1.setBuiltIn(true);
subflow1.setAlias("subflow-1");
subflow1.setDescription("Parameter 'foo=bar1' AND username+password");
subflow1.setProviderId("basic-flow");
subflow1 = realm.addAuthenticationFlow(subflow1);
AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
execution.setParentFlow(browser.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
execution.setFlowId(subflow1.getId());
execution.setPriority(10);
execution.setAuthenticatorFlow(true);
realm.addAuthenticatorExecution(execution);
// Subflow1 - username password
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow1.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(UsernamePasswordFormFactory.PROVIDER_ID);
execution.setPriority(10);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
// Subflow1 - foo=bar1
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow1.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(ExpectedParamAuthenticatorFactory.PROVIDER_ID);
execution.setPriority(20);
execution.setAuthenticatorFlow(false);
AuthenticatorConfigModel configModel = new AuthenticatorConfigModel();
configModel.setAlias("bar1");
Map<String, String> config = new HashMap<>();
config.put(ExpectedParamAuthenticator.EXPECTED_VALUE, "bar1");
configModel.setConfig(config);
configModel = realm.addAuthenticatorConfig(configModel);
execution.setAuthenticatorConfig(configModel.getId());
realm.addAuthenticatorExecution(execution);
// Subflow2
AuthenticationFlowModel subflow2 = new AuthenticationFlowModel();
subflow2.setTopLevel(false);
subflow2.setBuiltIn(true);
subflow2.setAlias("subflow-2");
subflow2.setDescription("username+password AND pushButton");
subflow2.setProviderId("basic-flow");
subflow2 = realm.addAuthenticationFlow(subflow2);
execution = new AuthenticationExecutionModel();
execution.setParentFlow(browser.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
execution.setFlowId(subflow2.getId());
execution.setPriority(20);
execution.setAuthenticatorFlow(true);
realm.addAuthenticatorExecution(execution);
// Subflow2 - push the button
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow2.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(PushButtonAuthenticatorFactory.PROVIDER_ID);
execution.setPriority(10);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
HashMap(java.util.HashMap)
AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)
AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)
AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)
Before(org.junit.Before)
Example 43 with AuthenticationFlowModel
use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.
the class RepresentationToModel method toModel.
private static AuthenticationExecutionModel toModel(RealmModel realm, AuthenticationFlowModel parentFlow, AuthenticationExecutionExportRepresentation rep) {
AuthenticationExecutionModel model = new AuthenticationExecutionModel();
if (rep.getAuthenticatorConfig() != null) {
AuthenticatorConfigModel config = realm.getAuthenticatorConfigByAlias(rep.getAuthenticatorConfig());
model.setAuthenticatorConfig(config.getId());
}
model.setAuthenticator(rep.getAuthenticator());
model.setAuthenticatorFlow(rep.isAuthenticatorFlow());
if (rep.getFlowAlias() != null) {
AuthenticationFlowModel flow = realm.getFlowByAlias(rep.getFlowAlias());
model.setFlowId(flow.getId());
}
model.setPriority(rep.getPriority());
try {
model.setRequirement(AuthenticationExecutionModel.Requirement.valueOf(rep.getRequirement()));
model.setParentFlow(parentFlow.getId());
} catch (IllegalArgumentException iae) {
// retro-compatible for previous OPTIONAL being changed to CONDITIONAL
if ("OPTIONAL".equals(rep.getRequirement())) {
MigrateTo8_0_0.migrateOptionalAuthenticationExecution(realm, parentFlow, model, false);
}
}
return model;
}
Also used :
AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)
AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)
AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)
Example 44 with AuthenticationFlowModel
use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.
the class DefaultAuthenticationFlows method registrationFlow.
public static void registrationFlow(RealmModel realm) {
AuthenticationFlowModel registrationFlow = new AuthenticationFlowModel();
registrationFlow.setAlias(REGISTRATION_FLOW);
registrationFlow.setDescription("registration flow");
registrationFlow.setProviderId("basic-flow");
registrationFlow.setTopLevel(true);
registrationFlow.setBuiltIn(true);
registrationFlow = realm.addAuthenticationFlow(registrationFlow);
realm.setRegistrationFlow(registrationFlow);
AuthenticationFlowModel registrationFormFlow = new AuthenticationFlowModel();
registrationFormFlow.setAlias(REGISTRATION_FORM_FLOW);
registrationFormFlow.setDescription("registration form");
registrationFormFlow.setProviderId("form-flow");
registrationFormFlow.setTopLevel(false);
registrationFormFlow.setBuiltIn(true);
registrationFormFlow = realm.addAuthenticationFlow(registrationFormFlow);
AuthenticationExecutionModel execution;
execution = new AuthenticationExecutionModel();
execution.setParentFlow(registrationFlow.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator("registration-page-form");
execution.setPriority(10);
execution.setAuthenticatorFlow(true);
execution.setFlowId(registrationFormFlow.getId());
realm.addAuthenticatorExecution(execution);
execution = new AuthenticationExecutionModel();
execution.setParentFlow(registrationFormFlow.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator("registration-user-creation");
execution.setPriority(20);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
execution = new AuthenticationExecutionModel();
execution.setParentFlow(registrationFormFlow.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator("registration-profile-action");
execution.setPriority(40);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
execution = new AuthenticationExecutionModel();
execution.setParentFlow(registrationFormFlow.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator("registration-password-action");
execution.setPriority(50);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
// AuthenticatorConfigModel captchaConfig = new AuthenticatorConfigModel();
// captchaConfig.setAlias("Recaptcha Config");
// Map<String, String> config = new HashMap<>();
// config.put("site.key", "6LcFEAkTAAAAAOaY-5RJk3zIYw4AalNtqfac27Bn");
// config.put("secret", "6LcFEAkTAAAAAM0SErEs9NlfhYpOTRj_vOVJSAMI");
// captchaConfig.setConfig(config);
// captchaConfig = realm.addAuthenticatorConfig(captchaConfig);
execution = new AuthenticationExecutionModel();
execution.setParentFlow(registrationFormFlow.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
execution.setAuthenticator("registration-recaptcha-action");
execution.setPriority(60);
execution.setAuthenticatorFlow(false);
// execution.setAuthenticatorConfig(captchaConfig.getId());
realm.addAuthenticatorExecution(execution);
}
Also used :
AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)
AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)
Example 45 with AuthenticationFlowModel
use of org.keycloak.models.AuthenticationFlowModel in project keycloak by keycloak.
the class DefaultAuthenticationFlows method browserFlow.
public static void browserFlow(RealmModel realm, boolean migrate) {
AuthenticationFlowModel browser = new AuthenticationFlowModel();
browser.setAlias(BROWSER_FLOW);
browser.setDescription("browser based authentication");
browser.setProviderId("basic-flow");
browser.setTopLevel(true);
browser.setBuiltIn(true);
browser = realm.addAuthenticationFlow(browser);
realm.setBrowserFlow(browser);
AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
execution.setParentFlow(browser.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
execution.setAuthenticator("auth-cookie");
execution.setPriority(10);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
execution = new AuthenticationExecutionModel();
execution.setParentFlow(browser.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
if (migrate && hasCredentialType(realm, RequiredCredentialModel.KERBEROS.getType())) {
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
}
execution.setAuthenticator("auth-spnego");
execution.setPriority(20);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
addIdentityProviderAuthenticator(realm, null);
AuthenticationFlowModel forms = new AuthenticationFlowModel();
forms.setTopLevel(false);
forms.setBuiltIn(true);
forms.setAlias(LOGIN_FORMS_FLOW);
forms.setDescription("Username, password, otp and other auth forms.");
forms.setProviderId("basic-flow");
forms = realm.addAuthenticationFlow(forms);
execution = new AuthenticationExecutionModel();
execution.setParentFlow(browser.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
execution.setFlowId(forms.getId());
execution.setPriority(30);
execution.setAuthenticatorFlow(true);
realm.addAuthenticatorExecution(execution);
// forms
// Username Password processing
execution = new AuthenticationExecutionModel();
execution.setParentFlow(forms.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator("auth-username-password-form");
execution.setPriority(10);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
AuthenticationFlowModel conditionalOTP = new AuthenticationFlowModel();
conditionalOTP.setTopLevel(false);
conditionalOTP.setBuiltIn(true);
conditionalOTP.setAlias("Browser - Conditional OTP");
conditionalOTP.setDescription("Flow to determine if the OTP is required for the authentication");
conditionalOTP.setProviderId("basic-flow");
conditionalOTP = realm.addAuthenticationFlow(conditionalOTP);
execution = new AuthenticationExecutionModel();
execution.setParentFlow(forms.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.CONDITIONAL);
if (migrate && hasCredentialType(realm, RequiredCredentialModel.TOTP.getType())) {
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
}
execution.setFlowId(conditionalOTP.getId());
execution.setPriority(20);
execution.setAuthenticatorFlow(true);
realm.addAuthenticatorExecution(execution);
execution = new AuthenticationExecutionModel();
execution.setParentFlow(conditionalOTP.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator("conditional-user-configured");
execution.setPriority(10);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
// otp processing
execution = new AuthenticationExecutionModel();
execution.setParentFlow(conditionalOTP.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator("auth-otp-form");
execution.setPriority(20);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
}
Also used :
AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)
AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)
Aggregations
AuthenticationFlowModel (org.keycloak.models.AuthenticationFlowModel)60
AuthenticationExecutionModel (org.keycloak.models.AuthenticationExecutionModel)32
Path (javax.ws.rs.Path)14
RealmModel (org.keycloak.models.RealmModel)13
NoCache (org.jboss.resteasy.annotations.cache.NoCache)12
NotFoundException (javax.ws.rs.NotFoundException)9
AuthenticatorConfigModel (org.keycloak.models.AuthenticatorConfigModel)8
Consumes (javax.ws.rs.Consumes)7
POST (javax.ws.rs.POST)7
AuthenticationProcessor (org.keycloak.authentication.AuthenticationProcessor)7
BadRequestException (javax.ws.rs.BadRequestException)6
Produces (javax.ws.rs.Produces)6
Before (org.junit.Before)5
ClientModel (org.keycloak.models.ClientModel)5
HashMap (java.util.HashMap)4
GET (javax.ws.rs.GET)4
Response (javax.ws.rs.core.Response)3
IdentityProviderModel (org.keycloak.models.IdentityProviderModel)3
ModelException (org.keycloak.models.ModelException)3
ArrayList (java.util.ArrayList)2
