Examples with IdentityProviderModel org.keycloak.models.IdentityProviderModel used on opensource projects

Example 1 with IdentityProviderModel

use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.

the class IdpReviewProfileAuthenticator method authenticateImpl.

@Override
protected void authenticateImpl(AuthenticationFlowContext context, SerializedBrokeredIdentityContext userCtx, BrokeredIdentityContext brokerContext) {
    IdentityProviderModel idpConfig = brokerContext.getIdpConfig();
    if (requiresUpdateProfilePage(context, userCtx, brokerContext)) {
        logger.debugf("Identity provider '%s' requires update profile action for broker user '%s'.", idpConfig.getAlias(), userCtx.getUsername());
        // No formData for first render. The profile is rendered from userCtx
        Response challengeResponse = context.form().setAttribute(LoginFormsProvider.UPDATE_PROFILE_CONTEXT_ATTR, userCtx).setFormData(null).createUpdateProfilePage();
        context.challenge(challengeResponse);
    } else {
        // Not required to update profile. Marked success
        context.success();
    }
}

Example 2 with IdentityProviderModel

use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.

the class BrokerLinkAndTokenExchangeTest method turnOnTokenStore.

public static void turnOnTokenStore(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName(CHILD_IDP);
    IdentityProviderModel idp = realm.getIdentityProviderByAlias(PARENT_IDP);
    idp.setStoreToken(true);
    realm.updateIdentityProvider(idp);
}

Example 3 with IdentityProviderModel

use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.

the class LoginFormsUtil method filterIdentityProviders.

public static List<IdentityProviderModel> filterIdentityProviders(Stream<IdentityProviderModel> providers, KeycloakSession session, AuthenticationFlowContext context) {
    if (context != null) {
        AuthenticationSessionModel authSession = context.getAuthenticationSession();
        SerializedBrokeredIdentityContext serializedCtx = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authSession, AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE);
        final IdentityProviderModel existingIdp = (serializedCtx == null) ? null : serializedCtx.deserialize(session, authSession).getIdpConfig();
        final Set<String> federatedIdentities;
        if (context.getUser() != null) {
            federatedIdentities = session.users().getFederatedIdentitiesStream(session.getContext().getRealm(), context.getUser()).map(federatedIdentityModel -> federatedIdentityModel.getIdentityProvider()).collect(Collectors.toSet());
        } else {
            federatedIdentities = null;
        }
        return providers.filter(p -> {
            // Filter current IDP during first-broker-login flow. Re-authentication with the "linked" broker should not be possible
            if (existingIdp == null)
                return true;
            return !Objects.equals(p.getAlias(), existingIdp.getAlias());
        }).filter(idp -> {
            // In case that we already have user established in authentication session, we show just providers already linked to this user
            if (federatedIdentities == null)
                return true;
            return federatedIdentities.contains(idp.getAlias());
        }).collect(Collectors.toList());
    }
    return providers.collect(Collectors.toList());
}

Example 4 with IdentityProviderModel

use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.

the class OpenshiftV4IdentityProviderTest method testExtractingConfigProperties.

@Test
public void testExtractingConfigProperties() {
    // given
    OpenshiftV4IdentityProviderConfig config = new OpenshiftV4IdentityProviderConfig(new IdentityProviderModel());
    // when
    new OpenshiftV4IdentityProvider(null, config) {

        @Override
        InputStream getOauthMetadataInputStream(KeycloakSession session, String baseUrl) {
            return new ByteArrayInputStream(authMetadata.getBytes());
        }
    };
    // then
    Assert.assertEquals(OpenshiftV4IdentityProvider.BASE_URL + OpenshiftV4IdentityProvider.PROFILE_RESOURCE, config.getUserInfoUrl());
    Assert.assertEquals(oauthMetadataMap.get("token_endpoint"), config.getTokenUrl());
    Assert.assertEquals(oauthMetadataMap.get("authorization_endpoint"), config.getAuthorizationUrl());
}

Example 5 with IdentityProviderModel

use of org.keycloak.models.IdentityProviderModel in project keycloak by keycloak.

the class OpenshiftV4IdentityProviderTest method testHttpClientErrors.

@Test
public void testHttpClientErrors() {
    // given
    OpenshiftV4IdentityProviderConfig config = new OpenshiftV4IdentityProviderConfig(new IdentityProviderModel());
    // when
    try {
        new OpenshiftV4IdentityProvider(null, config) {

            @Override
            InputStream getOauthMetadataInputStream(KeycloakSession session, String baseUrl) {
                throw new RuntimeException("Failed : HTTP error code : 500");
            }
        };
        Assert.fail();
    } catch (IdentityBrokerException e) {
    // then
    // OK
    }
}