Search in sources :

Example 1 with UserSessionProvider

use of org.keycloak.models.UserSessionProvider in project keycloak by keycloak.

the class InfinispanUserSessionProviderFactory method registerClusterListeners.

protected void registerClusterListeners(KeycloakSession session) {
    KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
    ClusterProvider cluster = session.getProvider(ClusterProvider.class);
    cluster.registerListener(REALM_REMOVED_SESSION_EVENT, new AbstractUserSessionClusterListener<RealmRemovedSessionEvent, UserSessionProvider>(sessionFactory, UserSessionProvider.class) {

        @Override
        protected void eventReceived(KeycloakSession session, UserSessionProvider provider, RealmRemovedSessionEvent sessionEvent) {
            if (provider instanceof InfinispanUserSessionProvider) {
                ((InfinispanUserSessionProvider) provider).onRealmRemovedEvent(sessionEvent.getRealmId());
            }
        }
    });
    cluster.registerListener(CLIENT_REMOVED_SESSION_EVENT, new AbstractUserSessionClusterListener<ClientRemovedSessionEvent, UserSessionProvider>(sessionFactory, UserSessionProvider.class) {

        @Override
        protected void eventReceived(KeycloakSession session, UserSessionProvider provider, ClientRemovedSessionEvent sessionEvent) {
            if (provider instanceof InfinispanUserSessionProvider) {
                ((InfinispanUserSessionProvider) provider).onClientRemovedEvent(sessionEvent.getRealmId(), sessionEvent.getClientUuid());
            }
        }
    });
    cluster.registerListener(REMOVE_USER_SESSIONS_EVENT, new AbstractUserSessionClusterListener<RemoveUserSessionsEvent, UserSessionProvider>(sessionFactory, UserSessionProvider.class) {

        @Override
        protected void eventReceived(KeycloakSession session, UserSessionProvider provider, RemoveUserSessionsEvent sessionEvent) {
            if (provider instanceof InfinispanUserSessionProvider) {
                ((InfinispanUserSessionProvider) provider).onRemoveUserSessionsEvent(sessionEvent.getRealmId());
            }
        }
    });
    log.debug("Registered cluster listeners");
}
Also used : UserSessionProvider(org.keycloak.models.UserSessionProvider) ClusterProvider(org.keycloak.cluster.ClusterProvider) KeycloakSession(org.keycloak.models.KeycloakSession) RemoveUserSessionsEvent(org.keycloak.models.sessions.infinispan.events.RemoveUserSessionsEvent) ClientRemovedSessionEvent(org.keycloak.models.sessions.infinispan.events.ClientRemovedSessionEvent) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) RealmRemovedSessionEvent(org.keycloak.models.sessions.infinispan.events.RealmRemovedSessionEvent)

Example 2 with UserSessionProvider

use of org.keycloak.models.UserSessionProvider in project keycloak by keycloak.

the class KeycloakIdentity method getUserFromToken.

private UserModel getUserFromToken() {
    if (accessToken.getSessionState() == null) {
        return TokenManager.lookupUserFromStatelessToken(keycloakSession, realm, accessToken);
    }
    UserSessionProvider sessions = keycloakSession.sessions();
    UserSessionModel userSession = sessions.getUserSession(realm, accessToken.getSessionState());
    if (userSession == null) {
        userSession = sessions.getOfflineUserSession(realm, accessToken.getSessionState());
    }
    return userSession.getUser();
}
Also used : UserSessionProvider(org.keycloak.models.UserSessionProvider) UserSessionModel(org.keycloak.models.UserSessionModel)

Example 3 with UserSessionProvider

use of org.keycloak.models.UserSessionProvider in project keycloak by keycloak.

the class ClientManager method removeClient.

public boolean removeClient(RealmModel realm, ClientModel client) {
    if (!isInternalClient(realm.getName(), client.getClientId()) && realm.removeClient(client.getId())) {
        UserSessionProvider sessions = realmManager.getSession().sessions();
        if (sessions != null) {
            sessions.onClientRemoved(realm, client);
        }
        AuthenticationSessionProvider authSessions = realmManager.getSession().authenticationSessions();
        if (authSessions != null) {
            authSessions.onClientRemoved(realm, client);
        }
        UserModel serviceAccountUser = realmManager.getSession().users().getServiceAccount(client);
        if (serviceAccountUser != null) {
            new UserManager(realmManager.getSession()).removeUser(realm, serviceAccountUser);
        }
        return true;
    } else {
        return false;
    }
}
Also used : UserModel(org.keycloak.models.UserModel) UserSessionProvider(org.keycloak.models.UserSessionProvider) UserManager(org.keycloak.models.UserManager) AuthenticationSessionProvider(org.keycloak.sessions.AuthenticationSessionProvider)

Example 4 with UserSessionProvider

use of org.keycloak.models.UserSessionProvider in project keycloak by keycloak.

the class RealmManager method removeRealm.

public boolean removeRealm(RealmModel realm) {
    ClientModel masterAdminClient = realm.getMasterAdminClient();
    boolean removed = model.removeRealm(realm.getId());
    if (removed) {
        if (masterAdminClient != null) {
            session.clients().removeClient(getKeycloakAdminstrationRealm(), masterAdminClient.getId());
        }
        UserSessionProvider sessions = session.sessions();
        if (sessions != null) {
            sessions.onRealmRemoved(realm);
        }
        AuthenticationSessionProvider authSessions = session.authenticationSessions();
        if (authSessions != null) {
            authSessions.onRealmRemoved(realm);
        }
        // Refresh periodic sync tasks for configured storageProviders
        UserStorageSyncManager storageSync = new UserStorageSyncManager();
        realm.getUserStorageProvidersStream().forEachOrdered(provider -> storageSync.notifyToRefreshPeriodicSync(session, realm, provider, true));
    }
    return removed;
}
Also used : ClientModel(org.keycloak.models.ClientModel) UserSessionProvider(org.keycloak.models.UserSessionProvider) AuthenticationSessionProvider(org.keycloak.sessions.AuthenticationSessionProvider)

Example 5 with UserSessionProvider

use of org.keycloak.models.UserSessionProvider in project keycloak by keycloak.

the class AuthorizationTokenService method createAuthorizationResponse.

private AuthorizationResponse createAuthorizationResponse(KeycloakIdentity identity, Collection<Permission> entitlements, KeycloakAuthorizationRequest request, ClientModel targetClient) {
    KeycloakSession keycloakSession = request.getKeycloakSession();
    AccessToken accessToken = identity.getAccessToken();
    RealmModel realm = request.getRealm();
    UserSessionProvider sessions = keycloakSession.sessions();
    UserSessionModel userSessionModel;
    if (accessToken.getSessionState() == null) {
        // Create temporary (request-scoped) transient session
        UserModel user = TokenManager.lookupUserFromStatelessToken(keycloakSession, realm, accessToken);
        userSessionModel = sessions.createUserSession(KeycloakModelUtils.generateId(), realm, user, user.getUsername(), request.getClientConnection().getRemoteAddr(), ServiceAccountConstants.CLIENT_AUTH, false, null, null, UserSessionModel.SessionPersistenceState.TRANSIENT);
    } else {
        userSessionModel = sessions.getUserSession(realm, accessToken.getSessionState());
        if (userSessionModel == null) {
            userSessionModel = sessions.getOfflineUserSession(realm, accessToken.getSessionState());
        }
    }
    ClientModel client = realm.getClientByClientId(accessToken.getIssuedFor());
    AuthenticatedClientSessionModel clientSession = userSessionModel.getAuthenticatedClientSessionByClient(targetClient.getId());
    ClientSessionContext clientSessionCtx;
    if (clientSession == null) {
        RootAuthenticationSessionModel rootAuthSession = keycloakSession.authenticationSessions().getRootAuthenticationSession(realm, userSessionModel.getId());
        if (rootAuthSession == null) {
            if (userSessionModel.getUser().getServiceAccountClientLink() == null) {
                rootAuthSession = keycloakSession.authenticationSessions().createRootAuthenticationSession(realm, userSessionModel.getId());
            } else {
                // if the user session is associated with a service account
                rootAuthSession = new AuthenticationSessionManager(keycloakSession).createAuthenticationSession(realm, false);
            }
        }
        AuthenticationSessionModel authSession = rootAuthSession.createAuthenticationSession(targetClient);
        authSession.setAuthenticatedUser(userSessionModel.getUser());
        authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
        authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(keycloakSession.getContext().getUri().getBaseUri(), realm.getName()));
        AuthenticationManager.setClientScopesInSession(authSession);
        clientSessionCtx = TokenManager.attachAuthenticationSession(keycloakSession, userSessionModel, authSession);
    } else {
        clientSessionCtx = DefaultClientSessionContext.fromClientSessionScopeParameter(clientSession, keycloakSession);
    }
    TokenManager tokenManager = request.getTokenManager();
    EventBuilder event = request.getEvent();
    AccessTokenResponseBuilder responseBuilder = tokenManager.responseBuilder(realm, client, event, keycloakSession, userSessionModel, clientSessionCtx).generateAccessToken();
    AccessToken rpt = responseBuilder.getAccessToken();
    Authorization authorization = new Authorization();
    authorization.setPermissions(entitlements);
    rpt.setAuthorization(authorization);
    if (accessToken.getSessionState() == null) {
        // Skip generating refresh token for accessToken without sessionState claim. This is "stateless" accessToken not pointing to any real persistent userSession
        rpt.setSessionState(null);
    } else {
        if (OIDCAdvancedConfigWrapper.fromClientModel(client).isUseRefreshToken()) {
            responseBuilder.generateRefreshToken();
            RefreshToken refreshToken = responseBuilder.getRefreshToken();
            refreshToken.issuedFor(client.getClientId());
            refreshToken.setAuthorization(authorization);
        }
    }
    if (!rpt.hasAudience(targetClient.getClientId())) {
        rpt.audience(targetClient.getClientId());
    }
    return new AuthorizationResponse(responseBuilder.build(), isUpgraded(request, authorization));
}
Also used : UserSessionModel(org.keycloak.models.UserSessionModel) AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel) AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel) AuthorizationResponse(org.keycloak.representations.idm.authorization.AuthorizationResponse) RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) AuthenticationSessionManager(org.keycloak.services.managers.AuthenticationSessionManager) Authorization(org.keycloak.representations.AccessToken.Authorization) UserSessionProvider(org.keycloak.models.UserSessionProvider) ClientModel(org.keycloak.models.ClientModel) EventBuilder(org.keycloak.events.EventBuilder) RefreshToken(org.keycloak.representations.RefreshToken) DefaultClientSessionContext(org.keycloak.services.util.DefaultClientSessionContext) ClientSessionContext(org.keycloak.models.ClientSessionContext) AccessToken(org.keycloak.representations.AccessToken) KeycloakSession(org.keycloak.models.KeycloakSession) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel) AccessTokenResponseBuilder(org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder) TokenManager(org.keycloak.protocol.oidc.TokenManager)

Aggregations

UserSessionProvider (org.keycloak.models.UserSessionProvider)6 ClientModel (org.keycloak.models.ClientModel)2 KeycloakSession (org.keycloak.models.KeycloakSession)2 UserModel (org.keycloak.models.UserModel)2 UserSessionModel (org.keycloak.models.UserSessionModel)2 AuthenticationSessionProvider (org.keycloak.sessions.AuthenticationSessionProvider)2 Test (org.junit.Test)1 ClusterProvider (org.keycloak.cluster.ClusterProvider)1 EventBuilder (org.keycloak.events.EventBuilder)1 AuthenticatedClientSessionModel (org.keycloak.models.AuthenticatedClientSessionModel)1 ClientSessionContext (org.keycloak.models.ClientSessionContext)1 KeycloakSessionFactory (org.keycloak.models.KeycloakSessionFactory)1 RealmModel (org.keycloak.models.RealmModel)1 UserManager (org.keycloak.models.UserManager)1 InfinispanUserSessionProvider (org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider)1 ClientRemovedSessionEvent (org.keycloak.models.sessions.infinispan.events.ClientRemovedSessionEvent)1 RealmRemovedSessionEvent (org.keycloak.models.sessions.infinispan.events.RealmRemovedSessionEvent)1 RemoveUserSessionsEvent (org.keycloak.models.sessions.infinispan.events.RemoveUserSessionsEvent)1 TokenManager (org.keycloak.protocol.oidc.TokenManager)1 AccessTokenResponseBuilder (org.keycloak.protocol.oidc.TokenManager.AccessTokenResponseBuilder)1