Example 11 with AuthenticatorConfigModel
use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.
the class FlowUtil method addAuthenticatorExecution.
public FlowUtil addAuthenticatorExecution(Requirement requirement, String providerId, int priority, Consumer<AuthenticatorConfigModel> configInitializer) {
maxPriority = Math.max(maxPriority, priority);
AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
execution.setRequirement(requirement);
execution.setAuthenticatorFlow(false);
execution.setAuthenticator(providerId);
execution.setPriority(priority);
execution.setParentFlow(currentFlow.getId());
if (configInitializer != null) {
AuthenticatorConfigModel authConfig = new AuthenticatorConfigModel();
authConfig.setId(UUID.randomUUID().toString());
// Caller is free to update this alias
authConfig.setAlias("cfg" + authConfig.getId().hashCode());
authConfig.setConfig(new HashMap<>());
configInitializer.accept(authConfig);
realm.addAuthenticatorConfig(authConfig);
execution.setAuthenticatorConfig(authConfig.getId());
}
realm.addAuthenticatorExecution(execution);
return this;
}
Also used :
AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)
AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)
Example 12 with AuthenticatorConfigModel
use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.
the class SecretQuestionAuthenticator method setCookie.
protected void setCookie(AuthenticationFlowContext context) {
AuthenticatorConfigModel config = context.getAuthenticatorConfig();
// 30 days
int maxCookieAge = 60 * 60 * 24 * 30;
if (config != null) {
maxCookieAge = Integer.valueOf(config.getConfig().get("cookie.max.age"));
}
URI uri = context.getUriInfo().getBaseUriBuilder().path("realms").path(context.getRealm().getName()).build();
addCookie(context, "SECRET_QUESTION_ANSWERED", "true", uri.getRawPath(), null, null, maxCookieAge, false, true);
}
Also used :
AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)
URI(java.net.URI)
Example 13 with AuthenticatorConfigModel
use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.
the class AuthenticatorSubflowsTest2 method setupFlows.
@Before
public void setupFlows() {
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("test");
if (realm.getBrowserFlow().getAlias().equals("parent-flow")) {
return;
}
// Parent flow
AuthenticationFlowModel browser = new AuthenticationFlowModel();
browser.setAlias("parent-flow");
browser.setDescription("browser based authentication");
browser.setProviderId("basic-flow");
browser.setTopLevel(true);
browser.setBuiltIn(true);
browser = realm.addAuthenticationFlow(browser);
realm.setBrowserFlow(browser);
// Subflow1
AuthenticationFlowModel subflow1 = new AuthenticationFlowModel();
subflow1.setTopLevel(false);
subflow1.setBuiltIn(true);
subflow1.setAlias("subflow-1");
subflow1.setDescription("Parameter 'foo=bar1' AND username+password");
subflow1.setProviderId("basic-flow");
subflow1 = realm.addAuthenticationFlow(subflow1);
AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
execution.setParentFlow(browser.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
execution.setFlowId(subflow1.getId());
execution.setPriority(10);
execution.setAuthenticatorFlow(true);
realm.addAuthenticatorExecution(execution);
// Subflow1 - username password
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow1.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(UsernamePasswordFormFactory.PROVIDER_ID);
execution.setPriority(10);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
// Subflow1 - foo=bar1
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow1.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(ExpectedParamAuthenticatorFactory.PROVIDER_ID);
execution.setPriority(20);
execution.setAuthenticatorFlow(false);
AuthenticatorConfigModel configModel = new AuthenticatorConfigModel();
configModel.setAlias("bar1");
Map<String, String> config = new HashMap<>();
config.put(ExpectedParamAuthenticator.EXPECTED_VALUE, "bar1");
configModel.setConfig(config);
configModel = realm.addAuthenticatorConfig(configModel);
execution.setAuthenticatorConfig(configModel.getId());
realm.addAuthenticatorExecution(execution);
// Subflow2
AuthenticationFlowModel subflow2 = new AuthenticationFlowModel();
subflow2.setTopLevel(false);
subflow2.setBuiltIn(true);
subflow2.setAlias("subflow-2");
subflow2.setDescription("username+password AND pushButton");
subflow2.setProviderId("basic-flow");
subflow2 = realm.addAuthenticationFlow(subflow2);
execution = new AuthenticationExecutionModel();
execution.setParentFlow(browser.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
execution.setFlowId(subflow2.getId());
execution.setPriority(20);
execution.setAuthenticatorFlow(true);
realm.addAuthenticatorExecution(execution);
// Subflow2 - push the button
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow2.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(PushButtonAuthenticatorFactory.PROVIDER_ID);
execution.setPriority(10);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
HashMap(java.util.HashMap)
AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)
AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)
AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)
Before(org.junit.Before)
Example 14 with AuthenticatorConfigModel
use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.
the class AuthenticatorSubflowsTest method setupFlows.
@Before
public void setupFlows() {
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("test");
if (realm.getBrowserFlow().getAlias().equals("parent-flow")) {
return;
}
// Parent flow
AuthenticationFlowModel browser = new AuthenticationFlowModel();
browser.setAlias("parent-flow");
browser.setDescription("browser based authentication");
browser.setProviderId("basic-flow");
browser.setTopLevel(true);
browser.setBuiltIn(true);
browser = realm.addAuthenticationFlow(browser);
realm.setBrowserFlow(browser);
// Subflow1
AuthenticationFlowModel subflow1 = new AuthenticationFlowModel();
subflow1.setTopLevel(false);
subflow1.setBuiltIn(true);
subflow1.setAlias("subflow-1");
subflow1.setDescription("Parameter 'foo=bar1' AND username+password");
subflow1.setProviderId("basic-flow");
subflow1 = realm.addAuthenticationFlow(subflow1);
AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
execution.setParentFlow(browser.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
execution.setFlowId(subflow1.getId());
execution.setPriority(10);
execution.setAuthenticatorFlow(true);
realm.addAuthenticatorExecution(execution);
// Subflow1 - foo=bar1
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow1.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(ExpectedParamAuthenticatorFactory.PROVIDER_ID);
execution.setPriority(10);
execution.setAuthenticatorFlow(false);
AuthenticatorConfigModel configModel = new AuthenticatorConfigModel();
configModel.setAlias("bar1");
Map<String, String> config = new HashMap<>();
config.put(ExpectedParamAuthenticator.EXPECTED_VALUE, "bar1");
configModel.setConfig(config);
configModel = realm.addAuthenticatorConfig(configModel);
execution.setAuthenticatorConfig(configModel.getId());
realm.addAuthenticatorExecution(execution);
// Subflow1 - username password
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow1.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(UsernamePasswordFormFactory.PROVIDER_ID);
execution.setPriority(20);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
// Subflow2
AuthenticationFlowModel subflow2 = new AuthenticationFlowModel();
subflow2.setTopLevel(false);
subflow2.setBuiltIn(true);
subflow2.setAlias("subflow-2");
subflow2.setDescription("username+password AND pushButton");
subflow2.setProviderId("basic-flow");
subflow2 = realm.addAuthenticationFlow(subflow2);
execution = new AuthenticationExecutionModel();
execution.setParentFlow(browser.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
execution.setFlowId(subflow2.getId());
execution.setPriority(20);
execution.setAuthenticatorFlow(true);
realm.addAuthenticatorExecution(execution);
// Subflow2 - push the button
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow2.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(PushButtonAuthenticatorFactory.PROVIDER_ID);
execution.setPriority(10);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
// Subflow2 - username-password
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow2.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(UsernamePasswordFormFactory.PROVIDER_ID);
execution.setPriority(20);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
// Subflow3
AuthenticationFlowModel subflow3 = new AuthenticationFlowModel();
subflow3.setTopLevel(false);
subflow3.setBuiltIn(true);
subflow3.setAlias("subflow-3");
subflow3.setDescription("alternative subflow with child subflows");
subflow3.setProviderId("basic-flow");
subflow3 = realm.addAuthenticationFlow(subflow3);
execution = new AuthenticationExecutionModel();
execution.setParentFlow(browser.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
execution.setFlowId(subflow3.getId());
execution.setPriority(30);
execution.setAuthenticatorFlow(true);
realm.addAuthenticatorExecution(execution);
// Subflow3-1
AuthenticationFlowModel subflow31 = new AuthenticationFlowModel();
subflow31.setTopLevel(false);
subflow31.setBuiltIn(true);
subflow31.setAlias("subflow-31");
subflow31.setDescription("subflow-31");
subflow31.setProviderId("basic-flow");
subflow31 = realm.addAuthenticationFlow(subflow31);
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow3.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
execution.setFlowId(subflow31.getId());
execution.setPriority(10);
execution.setAuthenticatorFlow(true);
realm.addAuthenticatorExecution(execution);
// Subflow3-1 - foo=bar2
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow31.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(ExpectedParamAuthenticatorFactory.PROVIDER_ID);
execution.setPriority(10);
execution.setAuthenticatorFlow(false);
configModel = new AuthenticatorConfigModel();
configModel.setAlias("bar2");
config = new HashMap<>();
config.put(ExpectedParamAuthenticator.EXPECTED_VALUE, "bar2");
config.put(ExpectedParamAuthenticator.LOGGED_USER, "john-doh@localhost");
configModel.setConfig(config);
configModel = realm.addAuthenticatorConfig(configModel);
execution.setAuthenticatorConfig(configModel.getId());
realm.addAuthenticatorExecution(execution);
// Subflow3-1 - push the button
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow31.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
execution.setAuthenticator(PushButtonAuthenticatorFactory.PROVIDER_ID);
execution.setPriority(20);
execution.setAuthenticatorFlow(false);
realm.addAuthenticatorExecution(execution);
// Subflow3 - foo=bar3
execution = new AuthenticationExecutionModel();
execution.setParentFlow(subflow3.getId());
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
execution.setAuthenticator(ExpectedParamAuthenticatorFactory.PROVIDER_ID);
execution.setPriority(20);
execution.setAuthenticatorFlow(false);
configModel = new AuthenticatorConfigModel();
configModel.setAlias("bar3");
config = new HashMap<>();
config.put(ExpectedParamAuthenticator.EXPECTED_VALUE, "bar3");
config.put(ExpectedParamAuthenticator.LOGGED_USER, "keycloak-user@localhost");
configModel.setConfig(config);
configModel = realm.addAuthenticatorConfig(configModel);
execution.setAuthenticatorConfig(configModel.getId());
realm.addAuthenticatorExecution(execution);
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
HashMap(java.util.HashMap)
AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)
AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)
AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)
Before(org.junit.Before)
Example 15 with AuthenticatorConfigModel
use of org.keycloak.models.AuthenticatorConfigModel in project keycloak by keycloak.
the class AuthenticationManagementResource method recurseExecutions.
public void recurseExecutions(AuthenticationFlowModel flow, List<AuthenticationExecutionInfoRepresentation> result, int level) {
AtomicInteger index = new AtomicInteger(0);
realm.getAuthenticationExecutionsStream(flow.getId()).forEachOrdered(execution -> {
AuthenticationExecutionInfoRepresentation rep = new AuthenticationExecutionInfoRepresentation();
rep.setLevel(level);
rep.setIndex(index.getAndIncrement());
rep.setRequirementChoices(new LinkedList<>());
if (execution.isAuthenticatorFlow()) {
AuthenticationFlowModel flowRef = realm.getAuthenticationFlowById(execution.getFlowId());
if (AuthenticationFlow.BASIC_FLOW.equals(flowRef.getProviderId())) {
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.REQUIRED.name());
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.ALTERNATIVE.name());
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.DISABLED.name());
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.CONDITIONAL.name());
} else if (AuthenticationFlow.FORM_FLOW.equals(flowRef.getProviderId())) {
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.REQUIRED.name());
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.DISABLED.name());
rep.setProviderId(execution.getAuthenticator());
rep.setAuthenticationConfig(execution.getAuthenticatorConfig());
} else if (AuthenticationFlow.CLIENT_FLOW.equals(flowRef.getProviderId())) {
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.ALTERNATIVE.name());
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.REQUIRED.name());
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.DISABLED.name());
}
rep.setDisplayName(flowRef.getAlias());
rep.setDescription(flowRef.getDescription());
rep.setConfigurable(false);
rep.setId(execution.getId());
rep.setAuthenticationFlow(execution.isAuthenticatorFlow());
rep.setRequirement(execution.getRequirement().name());
rep.setFlowId(execution.getFlowId());
result.add(rep);
AuthenticationFlowModel subFlow = realm.getAuthenticationFlowById(execution.getFlowId());
recurseExecutions(subFlow, result, level + 1);
} else {
String providerId = execution.getAuthenticator();
ConfigurableAuthenticatorFactory factory = CredentialHelper.getConfigurableAuthenticatorFactory(session, providerId);
if (factory == null) {
logger.warnf("Cannot find authentication provider implementation with provider ID '%s'", providerId);
throw new NotFoundException("Could not find authenticator provider");
}
rep.setDisplayName(factory.getDisplayType());
rep.setConfigurable(factory.isConfigurable());
for (AuthenticationExecutionModel.Requirement choice : factory.getRequirementChoices()) {
rep.getRequirementChoices().add(choice.name());
}
rep.setId(execution.getId());
if (factory.isConfigurable()) {
String authenticatorConfigId = execution.getAuthenticatorConfig();
if (authenticatorConfigId != null) {
AuthenticatorConfigModel authenticatorConfig = realm.getAuthenticatorConfigById(authenticatorConfigId);
if (authenticatorConfig != null) {
rep.setAlias(authenticatorConfig.getAlias());
}
}
}
rep.setRequirement(execution.getRequirement().name());
rep.setProviderId(execution.getAuthenticator());
rep.setAuthenticationConfig(execution.getAuthenticatorConfig());
result.add(rep);
}
});
}
Also used :
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)
AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)
ConfigurableAuthenticatorFactory(org.keycloak.authentication.ConfigurableAuthenticatorFactory)
AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)
NotFoundException(javax.ws.rs.NotFoundException)
AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)
Aggregations
AuthenticatorConfigModel (org.keycloak.models.AuthenticatorConfigModel)28
AuthenticationExecutionModel (org.keycloak.models.AuthenticationExecutionModel)13
AuthenticationFlowModel (org.keycloak.models.AuthenticationFlowModel)9
RealmModel (org.keycloak.models.RealmModel)9
HashMap (java.util.HashMap)6
NotFoundException (javax.ws.rs.NotFoundException)5
Path (javax.ws.rs.Path)5
NoCache (org.jboss.resteasy.annotations.cache.NoCache)5
List (java.util.List)4
Consumes (javax.ws.rs.Consumes)4
Response (javax.ws.rs.core.Response)4
KeycloakSession (org.keycloak.models.KeycloakSession)4
UserModel (org.keycloak.models.UserModel)4
Map (java.util.Map)3
Optional (java.util.Optional)3
POST (javax.ws.rs.POST)3
Before (org.junit.Before)3
Authenticator (org.keycloak.authentication.Authenticator)3
Collections (java.util.Collections)2
AtomicInteger (java.util.concurrent.atomic.AtomicInteger)2
