Search in sources :

Example 1 with IdentityProviderModel

use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.

the class IdpReviewProfileAuthenticator method authenticateImpl.

@Override
protected void authenticateImpl(AuthenticationFlowContext context, SerializedBrokeredIdentityContext userCtx, BrokeredIdentityContext brokerContext) {
    IdentityProviderModel idpConfig = brokerContext.getIdpConfig();
    if (requiresUpdateProfilePage(context, userCtx, brokerContext)) {
        logger.debugf("Identity provider '%s' requires update profile action for broker user '%s'.", idpConfig.getAlias(), userCtx.getUsername());
        // No formData for first render. The profile is rendered from userCtx
        Response challengeResponse = context.form().setAttribute(LoginFormsProvider.UPDATE_PROFILE_CONTEXT_ATTR, userCtx).setFormData(null).createUpdateProfilePage();
        context.challenge(challengeResponse);
    } else {
        // Not required to update profile. Marked success
        context.success();
    }
}
Also used : Response(javax.ws.rs.core.Response) IdentityProviderModel(org.keycloak.models.IdentityProviderModel)

Example 2 with IdentityProviderModel

use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.

the class BrokerLinkAndTokenExchangeTest method turnOnTokenStore.

public static void turnOnTokenStore(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(CHILD_IDP);
    IdentityProviderModel idp = realm.getIdentityProviderByAlias(PARENT_IDP);
    idp.setStoreToken(true);
    realm.updateIdentityProvider(idp);
}
Also used : RealmModel(org.keycloak.models.RealmModel) IdentityProviderModel(org.keycloak.models.IdentityProviderModel)

Example 3 with IdentityProviderModel

use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.

the class LoginFormsUtil method filterIdentityProviders.

public static List<IdentityProviderModel> filterIdentityProviders(Stream<IdentityProviderModel> providers, KeycloakSession session, AuthenticationFlowContext context) {
    if (context != null) {
        AuthenticationSessionModel authSession = context.getAuthenticationSession();
        SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authSession, AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE);
        final IdentityProviderModel existingIdp = (serializedCtx == null) ? null : serializedCtx.deserialize(session, authSession).getIdpConfig();
        final Set<String> federatedIdentities;
        if (context.getUser() != null) {
            federatedIdentities = session.users().getFederatedIdentitiesStream(session.getContext().getRealm(), context.getUser()).map(federatedIdentityModel -> federatedIdentityModel.getIdentityProvider()).collect(Collectors.toSet());
        } else {
            federatedIdentities = null;
        }
        return providers.filter(p -> {
            // Filter current IDP during first-broker-login flow. Re-authentication with the "linked" broker should not be possible
            if (existingIdp == null)
                return true;
            return !Objects.equals(p.getAlias(), existingIdp.getAlias());
        }).filter(idp -> {
            // In case that we already have user established in authentication session, we show just providers already linked to this user
            if (federatedIdentities == null)
                return true;
            return federatedIdentities.contains(idp.getAlias());
        }).collect(Collectors.toList());
    }
    return providers.collect(Collectors.toList());
}
Also used : AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel) RealmModel(org.keycloak.models.RealmModel) AbstractIdpAuthenticator(org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator) KeycloakSession(org.keycloak.models.KeycloakSession) Set(java.util.Set) IdentityProviderModel(org.keycloak.models.IdentityProviderModel) Collectors(java.util.stream.Collectors) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) Objects(java.util.Objects) List(java.util.List) UserModel(org.keycloak.models.UserModel) Stream(java.util.stream.Stream) SerializedBrokeredIdentityContext(org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext) Map(java.util.Map) LoginFormsProvider(org.keycloak.forms.login.LoginFormsProvider) AuthenticationFlowContext(org.keycloak.authentication.AuthenticationFlowContext) LinkedList(java.util.LinkedList) AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel) SerializedBrokeredIdentityContext(org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext) IdentityProviderModel(org.keycloak.models.IdentityProviderModel)

Example 4 with IdentityProviderModel

use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.

the class OpenshiftV4IdentityProviderTest method testExtractingConfigProperties.

@Test
public void testExtractingConfigProperties() {
    // given
    OpenshiftV4IdentityProviderConfig config = new OpenshiftV4IdentityProviderConfig(new IdentityProviderModel());
    // when
    new OpenshiftV4IdentityProvider(null, config) {

        @Override
        InputStream getOauthMetadataInputStream(KeycloakSession session, String baseUrl) {
            return new ByteArrayInputStream(authMetadata.getBytes());
        }
    };
    // then
    Assert.assertEquals(OpenshiftV4IdentityProvider.BASE_URL + OpenshiftV4IdentityProvider.PROFILE_RESOURCE, config.getUserInfoUrl());
    Assert.assertEquals(oauthMetadataMap.get("token_endpoint"), config.getTokenUrl());
    Assert.assertEquals(oauthMetadataMap.get("authorization_endpoint"), config.getAuthorizationUrl());
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) KeycloakSession(org.keycloak.models.KeycloakSession) IdentityProviderModel(org.keycloak.models.IdentityProviderModel) Test(org.junit.Test)

Example 5 with IdentityProviderModel

use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.

the class OpenshiftV4IdentityProviderTest method testHttpClientErrors.

@Test
public void testHttpClientErrors() {
    // given
    OpenshiftV4IdentityProviderConfig config = new OpenshiftV4IdentityProviderConfig(new IdentityProviderModel());
    // when
    try {
        new OpenshiftV4IdentityProvider(null, config) {

            @Override
            InputStream getOauthMetadataInputStream(KeycloakSession session, String baseUrl) {
                throw new RuntimeException("Failed : HTTP error code : 500");
            }
        };
        Assert.fail();
    } catch (IdentityBrokerException e) {
    // then
    // OK
    }
}
Also used : KeycloakSession(org.keycloak.models.KeycloakSession) IdentityBrokerException(org.keycloak.broker.provider.IdentityBrokerException) IdentityProviderModel(org.keycloak.models.IdentityProviderModel) Test(org.junit.Test)

Aggregations

IdentityProviderModel (org.keycloak.models.IdentityProviderModel)32 RealmModel (org.keycloak.models.RealmModel)10 Response (javax.ws.rs.core.Response)8 IdentityProvider (org.keycloak.broker.provider.IdentityProvider)8 KeycloakSession (org.keycloak.models.KeycloakSession)6 UserModel (org.keycloak.models.UserModel)6 NotFoundException (javax.ws.rs.NotFoundException)5 Path (javax.ws.rs.Path)5 Test (org.junit.Test)5 AuthenticationSessionModel (org.keycloak.sessions.AuthenticationSessionModel)5 IOException (java.io.IOException)4 Map (java.util.Map)4 OAuthErrorException (org.keycloak.OAuthErrorException)4 IdentityBrokerException (org.keycloak.broker.provider.IdentityBrokerException)4 IdentityProviderFactory (org.keycloak.broker.provider.IdentityProviderFactory)4 SocialIdentityProvider (org.keycloak.broker.social.SocialIdentityProvider)4 ClientModel (org.keycloak.models.ClientModel)4 FederatedIdentityModel (org.keycloak.models.FederatedIdentityModel)4 ErrorResponse (org.keycloak.services.ErrorResponse)4 URI (java.net.URI)3