use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.
the class IdpReviewProfileAuthenticator method authenticateImpl.
@Override
protected void authenticateImpl(AuthenticationFlowContext context, SerializedBrokeredIdentityContext userCtx, BrokeredIdentityContext brokerContext) {
IdentityProviderModel idpConfig = brokerContext.getIdpConfig();
if (requiresUpdateProfilePage(context, userCtx, brokerContext)) {
logger.debugf("Identity provider '%s' requires update profile action for broker user '%s'.", idpConfig.getAlias(), userCtx.getUsername());
// No formData for first render. The profile is rendered from userCtx
Response challengeResponse = context.form().setAttribute(LoginFormsProvider.UPDATE_PROFILE_CONTEXT_ATTR, userCtx).setFormData(null).createUpdateProfilePage();
context.challenge(challengeResponse);
} else {
// Not required to update profile. Marked success
context.success();
}
}
use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.
the class BrokerLinkAndTokenExchangeTest method turnOnTokenStore.
public static void turnOnTokenStore(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName(CHILD_IDP);
IdentityProviderModel idp = realm.getIdentityProviderByAlias(PARENT_IDP);
idp.setStoreToken(true);
realm.updateIdentityProvider(idp);
}
use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.
the class LoginFormsUtil method filterIdentityProviders.
public static List<IdentityProviderModel> filterIdentityProviders(Stream<IdentityProviderModel> providers, KeycloakSession session, AuthenticationFlowContext context) {
if (context != null) {
AuthenticationSessionModel authSession = context.getAuthenticationSession();
SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authSession, AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE);
final IdentityProviderModel existingIdp = (serializedCtx == null) ? null : serializedCtx.deserialize(session, authSession).getIdpConfig();
final Set<String> federatedIdentities;
if (context.getUser() != null) {
federatedIdentities = session.users().getFederatedIdentitiesStream(session.getContext().getRealm(), context.getUser()).map(federatedIdentityModel -> federatedIdentityModel.getIdentityProvider()).collect(Collectors.toSet());
} else {
federatedIdentities = null;
}
return providers.filter(p -> {
// Filter current IDP during first-broker-login flow. Re-authentication with the "linked" broker should not be possible
if (existingIdp == null)
return true;
return !Objects.equals(p.getAlias(), existingIdp.getAlias());
}).filter(idp -> {
// In case that we already have user established in authentication session, we show just providers already linked to this user
if (federatedIdentities == null)
return true;
return federatedIdentities.contains(idp.getAlias());
}).collect(Collectors.toList());
}
return providers.collect(Collectors.toList());
}
use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.
the class OpenshiftV4IdentityProviderTest method testExtractingConfigProperties.
@Test
public void testExtractingConfigProperties() {
// given
OpenshiftV4IdentityProviderConfig config = new OpenshiftV4IdentityProviderConfig(new IdentityProviderModel());
// when
new OpenshiftV4IdentityProvider(null, config) {
@Override
InputStream getOauthMetadataInputStream(KeycloakSession session, String baseUrl) {
return new ByteArrayInputStream(authMetadata.getBytes());
}
};
// then
Assert.assertEquals(OpenshiftV4IdentityProvider.BASE_URL + OpenshiftV4IdentityProvider.PROFILE_RESOURCE, config.getUserInfoUrl());
Assert.assertEquals(oauthMetadataMap.get("token_endpoint"), config.getTokenUrl());
Assert.assertEquals(oauthMetadataMap.get("authorization_endpoint"), config.getAuthorizationUrl());
}
use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.
the class OpenshiftV4IdentityProviderTest method testHttpClientErrors.
@Test
public void testHttpClientErrors() {
// given
OpenshiftV4IdentityProviderConfig config = new OpenshiftV4IdentityProviderConfig(new IdentityProviderModel());
// when
try {
new OpenshiftV4IdentityProvider(null, config) {
@Override
InputStream getOauthMetadataInputStream(KeycloakSession session, String baseUrl) {
throw new RuntimeException("Failed : HTTP error code : 500");
}
};
Assert.fail();
} catch (IdentityBrokerException e) {
// then
// OK
}
}
Aggregations