Examples with AuthenticatorConfigModel org.keycloak.models.AuthenticatorConfigModel used on opensource projects

Search in sources :

Example 1 with AuthenticatorConfigModel

use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.

the class DeployedScriptAuthenticatorFactory method createModel.

private AuthenticatorConfigModel createModel(ScriptProviderMetadata metadata) {
    AuthenticatorConfigModel model = new AuthenticatorConfigModel();
    model.setId(metadata.getId());
    model.setAlias(metadata.getName());
    model.setConfig(new HashMap<>());
    model.getConfig().put("scriptName", metadata.getName());
    model.getConfig().put("scriptCode", metadata.getCode());
    model.getConfig().put("scriptDescription", metadata.getDescription());
    return model;
}
Also used : AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)

Example 2 with AuthenticatorConfigModel

use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.

the class UserSessionLimitsAuthenticator method handleLimitExceeded.

private void handleLimitExceeded(AuthenticationFlowContext context, List<UserSessionModel> userSessions, String eventDetails) {
    switch(behavior) {
        case UserSessionLimitsAuthenticatorFactory.DENY_NEW_SESSION:
            logger.info("Denying new session");
            String errorMessage = Optional.ofNullable(context.getAuthenticatorConfig()).map(AuthenticatorConfigModel::getConfig).map(f -> f.get(UserSessionLimitsAuthenticatorFactory.ERROR_MESSAGE)).orElse(SESSION_LIMIT_EXCEEDED);
            context.getEvent().error(Errors.GENERIC_AUTHENTICATION_ERROR);
            Response challenge = context.form().setError(errorMessage).createErrorPage(Response.Status.FORBIDDEN);
            context.failure(AuthenticationFlowError.GENERIC_AUTHENTICATION_ERROR, challenge, eventDetails, errorMessage);
            break;
        case UserSessionLimitsAuthenticatorFactory.TERMINATE_OLDEST_SESSION:
            logger.info("Terminating oldest session");
            logoutOldestSession(userSessions);
            context.success();
            break;
    }
}
Also used : ClientModel(org.keycloak.models.ClientModel) AuthenticationFlowError(org.keycloak.authentication.AuthenticationFlowError) Errors(org.keycloak.events.Errors) RealmModel(org.keycloak.models.RealmModel) Authenticator(org.keycloak.authentication.Authenticator) StringUtil(org.keycloak.utils.StringUtil) Logger(org.jboss.logging.Logger) KeycloakSession(org.keycloak.models.KeycloakSession) UserSessionModel(org.keycloak.models.UserSessionModel) Collectors(java.util.stream.Collectors) List(java.util.List) UserModel(org.keycloak.models.UserModel) AuthenticationManager(org.keycloak.services.managers.AuthenticationManager) Response(javax.ws.rs.core.Response) Map(java.util.Map) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel) Optional(java.util.Optional) AuthenticationFlowContext(org.keycloak.authentication.AuthenticationFlowContext) Comparator(java.util.Comparator) Collections(java.util.Collections) Response(javax.ws.rs.core.Response) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)

Example 3 with AuthenticatorConfigModel

use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.

the class UserSessionLimitsAuthenticator method authenticate.

@Override
public void authenticate(AuthenticationFlowContext context) {
    AuthenticatorConfigModel authenticatorConfig = context.getAuthenticatorConfig();
    Map<String, String> config = authenticatorConfig.getConfig();
    // Get the configuration for this authenticator
    behavior = config.get(UserSessionLimitsAuthenticatorFactory.BEHAVIOR);
    int userRealmLimit = getIntConfigProperty(UserSessionLimitsAuthenticatorFactory.USER_REALM_LIMIT, config);
    int userClientLimit = getIntConfigProperty(UserSessionLimitsAuthenticatorFactory.USER_CLIENT_LIMIT, config);
    if (context.getRealm() != null && context.getUser() != null) {
        // Get the session count in this realm for this specific user
        List<UserSessionModel> userSessionsForRealm = session.sessions().getUserSessionsStream(context.getRealm(), context.getUser()).collect(Collectors.toList());
        int userSessionCountForRealm = userSessionsForRealm.size();
        // Get the session count related to the current client for this user
        ClientModel currentClient = context.getAuthenticationSession().getClient();
        logger.debugf("session-limiter's current keycloak clientId: %s", currentClient.getClientId());
        List<UserSessionModel> userSessionsForClient = getUserSessionsForClientIfEnabled(userSessionsForRealm, currentClient, userClientLimit);
        int userSessionCountForClient = userSessionsForClient.size();
        logger.debugf("session-limiter's configured realm session limit: %s", userRealmLimit);
        logger.debugf("session-limiter's configured client session limit: %s", userClientLimit);
        logger.debugf("session-limiter's count of total user sessions for the entire realm (could be apps other than web apps): %s", userSessionCountForRealm);
        logger.debugf("session-limiter's count of total user sessions for this keycloak client: %s", userSessionCountForClient);
        // First check if the user has too many sessions in this realm
        if (exceedsLimit(userSessionCountForRealm, userRealmLimit)) {
            logger.infof("Too many session in this realm for the current user. Session count: %s", userSessionCountForRealm);
            String eventDetails = String.format(realmEventDetailsTemplate, context.getRealm().getName(), userRealmLimit, userSessionCountForRealm, context.getUser().getId());
            handleLimitExceeded(context, userSessionsForRealm, eventDetails);
        } else // otherwise if the user is still allowed to create a new session in the realm, check if this applies for this specific client as well.
        if (exceedsLimit(userSessionCountForClient, userClientLimit)) {
            logger.infof("Too many sessions related to the current client for this user. Session count: %s", userSessionCountForRealm);
            String eventDetails = String.format(clientEventDetailsTemplate, context.getRealm().getName(), userClientLimit, userSessionCountForClient, context.getUser().getId());
            handleLimitExceeded(context, userSessionsForClient, eventDetails);
        } else {
            context.success();
        }
    } else {
        context.success();
    }
}
Also used : ClientModel(org.keycloak.models.ClientModel) UserSessionModel(org.keycloak.models.UserSessionModel) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)

Example 4 with AuthenticatorConfigModel

use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.

the class ConditionalRoleAuthenticator method matchCondition.

@Override
public boolean matchCondition(AuthenticationFlowContext context) {
    UserModel user = context.getUser();
    RealmModel realm = context.getRealm();
    AuthenticatorConfigModel authConfig = context.getAuthenticatorConfig();
    if (user != null && authConfig != null && authConfig.getConfig() != null) {
        String requiredRole = authConfig.getConfig().get(ConditionalRoleAuthenticatorFactory.CONDITIONAL_USER_ROLE);
        boolean negateOutput = Boolean.parseBoolean(authConfig.getConfig().get(ConditionalRoleAuthenticatorFactory.CONF_NEGATE));
        RoleModel role = KeycloakModelUtils.getRoleFromString(realm, requiredRole);
        if (role == null) {
            logger.errorv("Invalid role name submitted: {0}", requiredRole);
            return false;
        }
        return negateOutput != user.hasRole(role);
    }
    return false;
}
Also used : UserModel(org.keycloak.models.UserModel) RealmModel(org.keycloak.models.RealmModel) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel) RoleModel(org.keycloak.models.RoleModel)

Example 5 with AuthenticatorConfigModel

use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.

the class RepresentationToModel method toModel.

public static AuthenticatorConfigModel toModel(AuthenticatorConfigRepresentation rep) {
    AuthenticatorConfigModel model = new AuthenticatorConfigModel();
    model.setAlias(rep.getAlias());
    model.setConfig(removeEmptyString(rep.getConfig()));
    return model;
}
Also used : AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)

Aggregations

AuthenticatorConfigModel (org.keycloak.models.AuthenticatorConfigModel)28 AuthenticationExecutionModel (org.keycloak.models.AuthenticationExecutionModel)13 AuthenticationFlowModel (org.keycloak.models.AuthenticationFlowModel)9 RealmModel (org.keycloak.models.RealmModel)9 HashMap (java.util.HashMap)6 NotFoundException (javax.ws.rs.NotFoundException)5 Path (javax.ws.rs.Path)5 NoCache (org.jboss.resteasy.annotations.cache.NoCache)5 List (java.util.List)4 Consumes (javax.ws.rs.Consumes)4 Response (javax.ws.rs.core.Response)4 KeycloakSession (org.keycloak.models.KeycloakSession)4 UserModel (org.keycloak.models.UserModel)4 Map (java.util.Map)3 Optional (java.util.Optional)3 POST (javax.ws.rs.POST)3 Before (org.junit.Before)3 Authenticator (org.keycloak.authentication.Authenticator)3 Collections (java.util.Collections)2 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial