Search in sources :

Example 1 with AuthenticatorConfigModel

use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.

the class DeployedScriptAuthenticatorFactory method createModel.

private AuthenticatorConfigModel createModel(ScriptProviderMetadata metadata) {
    AuthenticatorConfigModel model = new AuthenticatorConfigModel();
    model.setId(metadata.getId());
    model.setAlias(metadata.getName());
    model.setConfig(new HashMap<>());
    model.getConfig().put("scriptName", metadata.getName());
    model.getConfig().put("scriptCode", metadata.getCode());
    model.getConfig().put("scriptDescription", metadata.getDescription());
    return model;
}
Also used : AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)

Example 2 with AuthenticatorConfigModel

use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.

the class UserSessionLimitsAuthenticator method handleLimitExceeded.

private void handleLimitExceeded(AuthenticationFlowContext context, List<UserSessionModel> userSessions, String eventDetails) {
    switch(behavior) {
        case UserSessionLimitsAuthenticatorFactory.DENY_NEW_SESSION:
            logger.info("Denying new session");
            String errorMessage = Optional.ofNullable(context.getAuthenticatorConfig()).map(AuthenticatorConfigModel::getConfig).map(f -> f.get(UserSessionLimitsAuthenticatorFactory.ERROR_MESSAGE)).orElse(SESSION_LIMIT_EXCEEDED);
            context.getEvent().error(Errors.GENERIC_AUTHENTICATION_ERROR);
            Response challenge = context.form().setError(errorMessage).createErrorPage(Response.Status.FORBIDDEN);
            context.failure(AuthenticationFlowError.GENERIC_AUTHENTICATION_ERROR, challenge, eventDetails, errorMessage);
            break;
        case UserSessionLimitsAuthenticatorFactory.TERMINATE_OLDEST_SESSION:
            logger.info("Terminating oldest session");
            logoutOldestSession(userSessions);
            context.success();
            break;
    }
}
Also used : ClientModel(org.keycloak.models.ClientModel) AuthenticationFlowError(org.keycloak.authentication.AuthenticationFlowError) Errors(org.keycloak.events.Errors) RealmModel(org.keycloak.models.RealmModel) Authenticator(org.keycloak.authentication.Authenticator) StringUtil(org.keycloak.utils.StringUtil) Logger(org.jboss.logging.Logger) KeycloakSession(org.keycloak.models.KeycloakSession) UserSessionModel(org.keycloak.models.UserSessionModel) Collectors(java.util.stream.Collectors) List(java.util.List) UserModel(org.keycloak.models.UserModel) AuthenticationManager(org.keycloak.services.managers.AuthenticationManager) Response(javax.ws.rs.core.Response) Map(java.util.Map) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel) Optional(java.util.Optional) AuthenticationFlowContext(org.keycloak.authentication.AuthenticationFlowContext) Comparator(java.util.Comparator) Collections(java.util.Collections) Response(javax.ws.rs.core.Response) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)

Example 3 with AuthenticatorConfigModel

use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.

the class UserSessionLimitsAuthenticator method authenticate.

@Override
public void authenticate(AuthenticationFlowContext context) {
    AuthenticatorConfigModel authenticatorConfig = context.getAuthenticatorConfig();
    Map<String, String> config = authenticatorConfig.getConfig();
    // Get the configuration for this authenticator
    behavior = config.get(UserSessionLimitsAuthenticatorFactory.BEHAVIOR);
    int userRealmLimit = getIntConfigProperty(UserSessionLimitsAuthenticatorFactory.USER_REALM_LIMIT, config);
    int userClientLimit = getIntConfigProperty(UserSessionLimitsAuthenticatorFactory.USER_CLIENT_LIMIT, config);
    if (context.getRealm() != null && context.getUser() != null) {
        // Get the session count in this realm for this specific user
        List<UserSessionModel> userSessionsForRealm = session.sessions().getUserSessionsStream(context.getRealm(), context.getUser()).collect(Collectors.toList());
        int userSessionCountForRealm = userSessionsForRealm.size();
        // Get the session count related to the current client for this user
        ClientModel currentClient = context.getAuthenticationSession().getClient();
        logger.debugf("session-limiter's current keycloak clientId: %s", currentClient.getClientId());
        List<UserSessionModel> userSessionsForClient = getUserSessionsForClientIfEnabled(userSessionsForRealm, currentClient, userClientLimit);
        int userSessionCountForClient = userSessionsForClient.size();
        logger.debugf("session-limiter's configured realm session limit: %s", userRealmLimit);
        logger.debugf("session-limiter's configured client session limit: %s", userClientLimit);
        logger.debugf("session-limiter's count of total user sessions for the entire realm (could be apps other than web apps): %s", userSessionCountForRealm);
        logger.debugf("session-limiter's count of total user sessions for this keycloak client: %s", userSessionCountForClient);
        // First check if the user has too many sessions in this realm
        if (exceedsLimit(userSessionCountForRealm, userRealmLimit)) {
            logger.infof("Too many session in this realm for the current user. Session count: %s", userSessionCountForRealm);
            String eventDetails = String.format(realmEventDetailsTemplate, context.getRealm().getName(), userRealmLimit, userSessionCountForRealm, context.getUser().getId());
            handleLimitExceeded(context, userSessionsForRealm, eventDetails);
        } else // otherwise if the user is still allowed to create a new session in the realm, check if this applies for this specific client as well.
        if (exceedsLimit(userSessionCountForClient, userClientLimit)) {
            logger.infof("Too many sessions related to the current client for this user. Session count: %s", userSessionCountForRealm);
            String eventDetails = String.format(clientEventDetailsTemplate, context.getRealm().getName(), userClientLimit, userSessionCountForClient, context.getUser().getId());
            handleLimitExceeded(context, userSessionsForClient, eventDetails);
        } else {
            context.success();
        }
    } else {
        context.success();
    }
}
Also used : ClientModel(org.keycloak.models.ClientModel) UserSessionModel(org.keycloak.models.UserSessionModel) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)

Example 4 with AuthenticatorConfigModel

use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.

the class ConditionalRoleAuthenticator method matchCondition.

@Override
public boolean matchCondition(AuthenticationFlowContext context) {
    UserModel user = context.getUser();
    RealmModel realm = context.getRealm();
    AuthenticatorConfigModel authConfig = context.getAuthenticatorConfig();
    if (user != null && authConfig != null && authConfig.getConfig() != null) {
        String requiredRole = authConfig.getConfig().get(ConditionalRoleAuthenticatorFactory.CONDITIONAL_USER_ROLE);
        boolean negateOutput = Boolean.parseBoolean(authConfig.getConfig().get(ConditionalRoleAuthenticatorFactory.CONF_NEGATE));
        RoleModel role = KeycloakModelUtils.getRoleFromString(realm, requiredRole);
        if (role == null) {
            logger.errorv("Invalid role name submitted: {0}", requiredRole);
            return false;
        }
        return negateOutput != user.hasRole(role);
    }
    return false;
}
Also used : UserModel(org.keycloak.models.UserModel) RealmModel(org.keycloak.models.RealmModel) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel) RoleModel(org.keycloak.models.RoleModel)

Example 5 with AuthenticatorConfigModel

use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.

the class RepresentationToModel method toModel.

public static AuthenticatorConfigModel toModel(AuthenticatorConfigRepresentation rep) {
    AuthenticatorConfigModel model = new AuthenticatorConfigModel();
    model.setAlias(rep.getAlias());
    model.setConfig(removeEmptyString(rep.getConfig()));
    return model;
}
Also used : AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)

Aggregations

AuthenticatorConfigModel (org.keycloak.models.AuthenticatorConfigModel)28 AuthenticationExecutionModel (org.keycloak.models.AuthenticationExecutionModel)13 AuthenticationFlowModel (org.keycloak.models.AuthenticationFlowModel)9 RealmModel (org.keycloak.models.RealmModel)9 HashMap (java.util.HashMap)6 NotFoundException (javax.ws.rs.NotFoundException)5 Path (javax.ws.rs.Path)5 NoCache (org.jboss.resteasy.annotations.cache.NoCache)5 List (java.util.List)4 Consumes (javax.ws.rs.Consumes)4 Response (javax.ws.rs.core.Response)4 KeycloakSession (org.keycloak.models.KeycloakSession)4 UserModel (org.keycloak.models.UserModel)4 Map (java.util.Map)3 Optional (java.util.Optional)3 POST (javax.ws.rs.POST)3 Before (org.junit.Before)3 Authenticator (org.keycloak.authentication.Authenticator)3 Collections (java.util.Collections)2 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)2