Search in sources :

Example 6 with AuthenticatorConfigModel

use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.

the class RepresentationToModel method importAuthenticationFlows.

public static Map<String, String> importAuthenticationFlows(RealmModel newRealm, RealmRepresentation rep) {
    Map<String, String> mappedFlows = new HashMap<>();
    if (rep.getAuthenticationFlows() == null) {
        // assume this is an old version being imported
        DefaultAuthenticationFlows.migrateFlows(newRealm);
    } else {
        for (AuthenticatorConfigRepresentation configRep : rep.getAuthenticatorConfig()) {
            if (configRep.getAlias() == null) {
                // this can happen only during import json files from keycloak 3.4.0 and older
                throw new IllegalStateException("Provided realm contains authenticator config with null alias. " + "It should be resolved by adding alias to the authenticator config before exporting the realm.");
            }
            AuthenticatorConfigModel model = toModel(configRep);
            newRealm.addAuthenticatorConfig(model);
        }
        for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
            AuthenticationFlowModel model = toModel(flowRep);
            // make sure new id is generated for new AuthenticationFlowModel instance
            String previousId = model.getId();
            model.setId(null);
            model = newRealm.addAuthenticationFlow(model);
            // store the mapped ids so that clients can reference the correct flow when importing the authenticationFlowBindingOverrides
            mappedFlows.put(previousId, model.getId());
        }
        for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
            AuthenticationFlowModel model = newRealm.getFlowByAlias(flowRep.getAlias());
            for (AuthenticationExecutionExportRepresentation exeRep : flowRep.getAuthenticationExecutions()) {
                AuthenticationExecutionModel execution = toModel(newRealm, model, exeRep);
                newRealm.addAuthenticatorExecution(execution);
            }
        }
    }
    if (rep.getBrowserFlow() == null) {
        newRealm.setBrowserFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW));
    } else {
        newRealm.setBrowserFlow(newRealm.getFlowByAlias(rep.getBrowserFlow()));
    }
    if (rep.getRegistrationFlow() == null) {
        newRealm.setRegistrationFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.REGISTRATION_FLOW));
    } else {
        newRealm.setRegistrationFlow(newRealm.getFlowByAlias(rep.getRegistrationFlow()));
    }
    if (rep.getDirectGrantFlow() == null) {
        newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.DIRECT_GRANT_FLOW));
    } else {
        newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(rep.getDirectGrantFlow()));
    }
    // reset credentials + client flow needs to be more defensive as they were added later (in 1.5 )
    if (rep.getResetCredentialsFlow() == null) {
        AuthenticationFlowModel resetFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW);
        if (resetFlow == null) {
            DefaultAuthenticationFlows.resetCredentialsFlow(newRealm);
        } else {
            newRealm.setResetCredentialsFlow(resetFlow);
        }
    } else {
        newRealm.setResetCredentialsFlow(newRealm.getFlowByAlias(rep.getResetCredentialsFlow()));
    }
    if (rep.getClientAuthenticationFlow() == null) {
        AuthenticationFlowModel clientFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW);
        if (clientFlow == null) {
            DefaultAuthenticationFlows.clientAuthFlow(newRealm);
        } else {
            newRealm.setClientAuthenticationFlow(clientFlow);
        }
    } else {
        newRealm.setClientAuthenticationFlow(newRealm.getFlowByAlias(rep.getClientAuthenticationFlow()));
    }
    // Added in 1.7
    if (newRealm.getFlowByAlias(DefaultAuthenticationFlows.FIRST_BROKER_LOGIN_FLOW) == null) {
        DefaultAuthenticationFlows.firstBrokerLoginFlow(newRealm, true);
    }
    // Added in 2.2
    String defaultProvider = null;
    if (rep.getIdentityProviders() != null) {
        for (IdentityProviderRepresentation i : rep.getIdentityProviders()) {
            if (i.isEnabled() && i.isAuthenticateByDefault()) {
                defaultProvider = i.getProviderId();
                break;
            }
        }
    }
    // Added in 3.2
    if (rep.getDockerAuthenticationFlow() == null) {
        AuthenticationFlowModel dockerAuthenticationFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.DOCKER_AUTH);
        if (dockerAuthenticationFlow == null) {
            DefaultAuthenticationFlows.dockerAuthenticationFlow(newRealm);
        } else {
            newRealm.setDockerAuthenticationFlow(dockerAuthenticationFlow);
        }
    } else {
        newRealm.setDockerAuthenticationFlow(newRealm.getFlowByAlias(rep.getDockerAuthenticationFlow()));
    }
    DefaultAuthenticationFlows.addIdentityProviderAuthenticator(newRealm, defaultProvider);
    return mappedFlows;
}
Also used : MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) HashMap(java.util.HashMap) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel) ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString) AuthenticationExecutionExportRepresentation(org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation)

Example 7 with AuthenticatorConfigModel

use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.

the class DefaultAuthenticationFlows method addIdentityProviderAuthenticator.

public static void addIdentityProviderAuthenticator(RealmModel realm, String defaultProvider) {
    String browserFlowId = realm.getAuthenticationFlowsStream().filter(f -> Objects.equals(f.getAlias(), DefaultAuthenticationFlows.BROWSER_FLOW)).map(AuthenticationFlowModel::getId).findFirst().orElse(null);
    if (browserFlowId != null) {
        if (realm.getAuthenticationExecutionsStream(browserFlowId).anyMatch(e -> Objects.equals(e.getAuthenticator(), "identity-provider-redirector")))
            return;
        AuthenticationExecutionModel execution;
        execution = new AuthenticationExecutionModel();
        execution.setParentFlow(browserFlowId);
        execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        execution.setAuthenticator("identity-provider-redirector");
        execution.setPriority(25);
        execution.setAuthenticatorFlow(false);
        if (defaultProvider != null) {
            AuthenticatorConfigModel configModel = new AuthenticatorConfigModel();
            Map<String, String> config = new HashMap<>();
            config.put("defaultProvider", defaultProvider);
            configModel.setConfig(config);
            configModel.setAlias(defaultProvider);
            configModel = realm.addAuthenticatorConfig(configModel);
            execution.setAuthenticatorConfig(configModel.getId());
        }
        realm.addAuthenticatorExecution(execution);
    }
}
Also used : IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) RequiredCredentialModel(org.keycloak.models.RequiredCredentialModel) java.util(java.util) RealmModel(org.keycloak.models.RealmModel) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)

Example 8 with AuthenticatorConfigModel

use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.

the class MapAuthenticatorConfigEntity method toModel.

static AuthenticatorConfigModel toModel(MapAuthenticatorConfigEntity entity) {
    if (entity == null)
        return null;
    AuthenticatorConfigModel model = new AuthenticatorConfigModel();
    model.setId(entity.getId());
    model.setAlias(entity.getAlias());
    model.setConfig(entity.getConfig());
    return model;
}
Also used : AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)

Example 9 with AuthenticatorConfigModel

use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.

the class AuthenticationManagementResource method getAuthenticatorConfig.

/**
 * Get authenticator configuration
 * @param id Configuration id
 */
@Path("config/{id}")
@GET
@Produces(MediaType.APPLICATION_JSON)
@NoCache
public AuthenticatorConfigRepresentation getAuthenticatorConfig(@PathParam("id") String id) {
    auth.realm().requireViewRealm();
    AuthenticatorConfigModel config = realm.getAuthenticatorConfigById(id);
    if (config == null) {
        throw new NotFoundException("Could not find authenticator config");
    }
    return ModelToRepresentation.toRepresentation(config);
}
Also used : NotFoundException(javax.ws.rs.NotFoundException) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) NoCache(org.jboss.resteasy.annotations.cache.NoCache)

Example 10 with AuthenticatorConfigModel

use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.

the class AuthenticationManagementResource method updateAuthenticatorConfig.

/**
 * Update authenticator configuration
 * @param id Configuration id
 * @param rep JSON describing new state of authenticator configuration
 */
@Path("config/{id}")
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@NoCache
public void updateAuthenticatorConfig(@PathParam("id") String id, AuthenticatorConfigRepresentation rep) {
    auth.realm().requireManageRealm();
    ReservedCharValidator.validate(rep.getAlias());
    AuthenticatorConfigModel exists = realm.getAuthenticatorConfigById(id);
    if (exists == null) {
        throw new NotFoundException("Could not find authenticator config");
    }
    exists.setAlias(rep.getAlias());
    exists.setConfig(RepresentationToModel.removeEmptyString(rep.getConfig()));
    realm.updateAuthenticatorConfig(exists);
    adminEvent.operation(OperationType.UPDATE).resource(ResourceType.AUTHENTICATOR_CONFIG).resourcePath(session.getContext().getUri()).representation(rep).success();
}
Also used : NotFoundException(javax.ws.rs.NotFoundException) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) NoCache(org.jboss.resteasy.annotations.cache.NoCache) PUT(javax.ws.rs.PUT)

Aggregations

AuthenticatorConfigModel (org.keycloak.models.AuthenticatorConfigModel)28 AuthenticationExecutionModel (org.keycloak.models.AuthenticationExecutionModel)13 AuthenticationFlowModel (org.keycloak.models.AuthenticationFlowModel)9 RealmModel (org.keycloak.models.RealmModel)9 HashMap (java.util.HashMap)6 NotFoundException (javax.ws.rs.NotFoundException)5 Path (javax.ws.rs.Path)5 NoCache (org.jboss.resteasy.annotations.cache.NoCache)5 List (java.util.List)4 Consumes (javax.ws.rs.Consumes)4 Response (javax.ws.rs.core.Response)4 KeycloakSession (org.keycloak.models.KeycloakSession)4 UserModel (org.keycloak.models.UserModel)4 Map (java.util.Map)3 Optional (java.util.Optional)3 POST (javax.ws.rs.POST)3 Before (org.junit.Before)3 Authenticator (org.keycloak.authentication.Authenticator)3 Collections (java.util.Collections)2 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)2