Search in sources :

Example 1 with AuthenticationExecutionExportRepresentation

use of org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation in project keycloak by keycloak.

the class AbstractMigrationTest method testIdentityProviderAuthenticator.

protected void testIdentityProviderAuthenticator(RealmResource... realms) {
    log.info("testing identity provider authenticator");
    for (RealmResource realm : realms) {
        boolean success = false;
        for (AuthenticationFlowRepresentation flow : realm.flows().getFlows()) {
            if (flow.getAlias().equals(DefaultAuthenticationFlows.BROWSER_FLOW)) {
                for (AuthenticationExecutionExportRepresentation execution : flow.getAuthenticationExecutions()) {
                    if ("identity-provider-redirector".equals(execution.getAuthenticator())) {
                        assertEquals("Requirement should be ALTERNATIVE.", AuthenticationExecutionModel.Requirement.ALTERNATIVE.name(), execution.getRequirement());
                        assertTrue("Priority should be 25.", execution.getPriority() == 25);
                        success = true;
                    }
                }
            }
        }
        if (!success) {
            fail("BROWSER_FLOW should contain execution: 'identity-provider-redirector' authenticator.");
        }
    }
}
Also used : RealmResource(org.keycloak.admin.client.resource.RealmResource) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) AuthenticationExecutionExportRepresentation(org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation)

Example 2 with AuthenticationExecutionExportRepresentation

use of org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation in project keycloak by keycloak.

the class RepresentationToModel method importAuthenticationFlows.

public static Map<String, String> importAuthenticationFlows(RealmModel newRealm, RealmRepresentation rep) {
    Map<String, String> mappedFlows = new HashMap<>();
    if (rep.getAuthenticationFlows() == null) {
        // assume this is an old version being imported
        DefaultAuthenticationFlows.migrateFlows(newRealm);
    } else {
        for (AuthenticatorConfigRepresentation configRep : rep.getAuthenticatorConfig()) {
            if (configRep.getAlias() == null) {
                // this can happen only during import json files from keycloak 3.4.0 and older
                throw new IllegalStateException("Provided realm contains authenticator config with null alias. " + "It should be resolved by adding alias to the authenticator config before exporting the realm.");
            }
            AuthenticatorConfigModel model = toModel(configRep);
            newRealm.addAuthenticatorConfig(model);
        }
        for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
            AuthenticationFlowModel model = toModel(flowRep);
            // make sure new id is generated for new AuthenticationFlowModel instance
            String previousId = model.getId();
            model.setId(null);
            model = newRealm.addAuthenticationFlow(model);
            // store the mapped ids so that clients can reference the correct flow when importing the authenticationFlowBindingOverrides
            mappedFlows.put(previousId, model.getId());
        }
        for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
            AuthenticationFlowModel model = newRealm.getFlowByAlias(flowRep.getAlias());
            for (AuthenticationExecutionExportRepresentation exeRep : flowRep.getAuthenticationExecutions()) {
                AuthenticationExecutionModel execution = toModel(newRealm, model, exeRep);
                newRealm.addAuthenticatorExecution(execution);
            }
        }
    }
    if (rep.getBrowserFlow() == null) {
        newRealm.setBrowserFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW));
    } else {
        newRealm.setBrowserFlow(newRealm.getFlowByAlias(rep.getBrowserFlow()));
    }
    if (rep.getRegistrationFlow() == null) {
        newRealm.setRegistrationFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.REGISTRATION_FLOW));
    } else {
        newRealm.setRegistrationFlow(newRealm.getFlowByAlias(rep.getRegistrationFlow()));
    }
    if (rep.getDirectGrantFlow() == null) {
        newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.DIRECT_GRANT_FLOW));
    } else {
        newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(rep.getDirectGrantFlow()));
    }
    // reset credentials + client flow needs to be more defensive as they were added later (in 1.5 )
    if (rep.getResetCredentialsFlow() == null) {
        AuthenticationFlowModel resetFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW);
        if (resetFlow == null) {
            DefaultAuthenticationFlows.resetCredentialsFlow(newRealm);
        } else {
            newRealm.setResetCredentialsFlow(resetFlow);
        }
    } else {
        newRealm.setResetCredentialsFlow(newRealm.getFlowByAlias(rep.getResetCredentialsFlow()));
    }
    if (rep.getClientAuthenticationFlow() == null) {
        AuthenticationFlowModel clientFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW);
        if (clientFlow == null) {
            DefaultAuthenticationFlows.clientAuthFlow(newRealm);
        } else {
            newRealm.setClientAuthenticationFlow(clientFlow);
        }
    } else {
        newRealm.setClientAuthenticationFlow(newRealm.getFlowByAlias(rep.getClientAuthenticationFlow()));
    }
    // Added in 1.7
    if (newRealm.getFlowByAlias(DefaultAuthenticationFlows.FIRST_BROKER_LOGIN_FLOW) == null) {
        DefaultAuthenticationFlows.firstBrokerLoginFlow(newRealm, true);
    }
    // Added in 2.2
    String defaultProvider = null;
    if (rep.getIdentityProviders() != null) {
        for (IdentityProviderRepresentation i : rep.getIdentityProviders()) {
            if (i.isEnabled() && i.isAuthenticateByDefault()) {
                defaultProvider = i.getProviderId();
                break;
            }
        }
    }
    // Added in 3.2
    if (rep.getDockerAuthenticationFlow() == null) {
        AuthenticationFlowModel dockerAuthenticationFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.DOCKER_AUTH);
        if (dockerAuthenticationFlow == null) {
            DefaultAuthenticationFlows.dockerAuthenticationFlow(newRealm);
        } else {
            newRealm.setDockerAuthenticationFlow(dockerAuthenticationFlow);
        }
    } else {
        newRealm.setDockerAuthenticationFlow(newRealm.getFlowByAlias(rep.getDockerAuthenticationFlow()));
    }
    DefaultAuthenticationFlows.addIdentityProviderAuthenticator(newRealm, defaultProvider);
    return mappedFlows;
}
Also used : MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) HashMap(java.util.HashMap) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel) ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString) AuthenticationExecutionExportRepresentation(org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation)

Example 3 with AuthenticationExecutionExportRepresentation

use of org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation in project keycloak by keycloak.

the class InitialFlowsTest method addExecExport.

private void addExecExport(AuthenticationFlowRepresentation flow, String flowAlias, boolean userSetupAllowed, String authenticator, boolean authenticatorFlow, String authenticatorConfig, String requirement, int priority) {
    AuthenticationExecutionExportRepresentation rep = newExecutionExportRepresentation(flowAlias, userSetupAllowed, authenticator, authenticatorFlow, authenticatorConfig, requirement, priority);
    List<AuthenticationExecutionExportRepresentation> execs = flow.getAuthenticationExecutions();
    if (execs == null) {
        execs = new ArrayList<>();
        flow.setAuthenticationExecutions(execs);
    }
    execs.add(rep);
}
Also used : AuthenticationExecutionExportRepresentation(org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation)

Example 4 with AuthenticationExecutionExportRepresentation

use of org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation in project keycloak by keycloak.

the class InitialFlowsTest method newExecutionExportRepresentation.

private AuthenticationExecutionExportRepresentation newExecutionExportRepresentation(String flowAlias, boolean userSetupAllowed, String authenticator, boolean authenticatorFlow, String authenticatorConfig, String requirement, int priority) {
    AuthenticationExecutionExportRepresentation rep = new AuthenticationExecutionExportRepresentation();
    rep.setFlowAlias(flowAlias);
    rep.setUserSetupAllowed(userSetupAllowed);
    rep.setAuthenticator(authenticator);
    rep.setAuthenticatorFlow(authenticatorFlow);
    rep.setAuthenticatorConfig(authenticatorConfig);
    rep.setRequirement(requirement);
    rep.setPriority(priority);
    return rep;
}
Also used : AuthenticationExecutionExportRepresentation(org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation)

Example 5 with AuthenticationExecutionExportRepresentation

use of org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation in project keycloak by keycloak.

the class AbstractWebAuthnVirtualTest method switchExecutionInBrowserFormToPasswordless.

// Switch WebAuthn authenticator with Passwordless authenticator in browser flow
protected void switchExecutionInBrowserFormToPasswordless(RealmRepresentation realm) {
    List<AuthenticationFlowRepresentation> flows = realm.getAuthenticationFlows();
    assertThat(flows, notNullValue());
    AuthenticationFlowRepresentation browserForm = flows.stream().filter(f -> f.getAlias().equals("browser-webauthn-forms")).findFirst().orElse(null);
    assertThat("Cannot find 'browser-webauthn-forms' flow", browserForm, notNullValue());
    flows.removeIf(f -> f.getAlias().equals(browserForm.getAlias()));
    List<AuthenticationExecutionExportRepresentation> browserFormExecutions = browserForm.getAuthenticationExecutions();
    assertThat("Flow 'browser-webauthn-forms' doesn't have any executions", browserForm, notNullValue());
    AuthenticationExecutionExportRepresentation webAuthn = browserFormExecutions.stream().filter(f -> WebAuthnAuthenticatorFactory.PROVIDER_ID.equals(f.getAuthenticator())).findFirst().orElse(null);
    assertThat("Cannot find WebAuthn execution in Browser flow", webAuthn, notNullValue());
    browserFormExecutions.removeIf(f -> webAuthn.getAuthenticator().equals(f.getAuthenticator()));
    webAuthn.setAuthenticator(WebAuthnPasswordlessAuthenticatorFactory.PROVIDER_ID);
    browserFormExecutions.add(webAuthn);
    browserForm.setAuthenticationExecutions(browserFormExecutions);
    flows.add(browserForm);
    realm.setAuthenticationFlows(flows);
}
Also used : AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) AuthenticationExecutionExportRepresentation(org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation)

Aggregations

AuthenticationExecutionExportRepresentation (org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation)6 AuthenticationFlowRepresentation (org.keycloak.representations.idm.AuthenticationFlowRepresentation)4 HashMap (java.util.HashMap)2 BadRequestException (javax.ws.rs.BadRequestException)1 ClientErrorException (javax.ws.rs.ClientErrorException)1 InternalServerErrorException (javax.ws.rs.InternalServerErrorException)1 NotFoundException (javax.ws.rs.NotFoundException)1 Response (javax.ws.rs.core.Response)1 Matchers.containsString (org.hamcrest.Matchers.containsString)1 Test (org.junit.Test)1 RealmResource (org.keycloak.admin.client.resource.RealmResource)1 MultivaluedHashMap (org.keycloak.common.util.MultivaluedHashMap)1 AuthenticationExecutionModel (org.keycloak.models.AuthenticationExecutionModel)1 AuthenticationFlowModel (org.keycloak.models.AuthenticationFlowModel)1 AuthenticatorConfigModel (org.keycloak.models.AuthenticatorConfigModel)1 ArtifactBindingUtils.computeArtifactBindingIdentifierString (org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString)1 AuthenticatorConfigRepresentation (org.keycloak.representations.idm.AuthenticatorConfigRepresentation)1 IdentityProviderRepresentation (org.keycloak.representations.idm.IdentityProviderRepresentation)1