use of org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation in project keycloak by keycloak.
the class AbstractMigrationTest method testIdentityProviderAuthenticator.
protected void testIdentityProviderAuthenticator(RealmResource... realms) {
log.info("testing identity provider authenticator");
for (RealmResource realm : realms) {
boolean success = false;
for (AuthenticationFlowRepresentation flow : realm.flows().getFlows()) {
if (flow.getAlias().equals(DefaultAuthenticationFlows.BROWSER_FLOW)) {
for (AuthenticationExecutionExportRepresentation execution : flow.getAuthenticationExecutions()) {
if ("identity-provider-redirector".equals(execution.getAuthenticator())) {
assertEquals("Requirement should be ALTERNATIVE.", AuthenticationExecutionModel.Requirement.ALTERNATIVE.name(), execution.getRequirement());
assertTrue("Priority should be 25.", execution.getPriority() == 25);
success = true;
}
}
}
}
if (!success) {
fail("BROWSER_FLOW should contain execution: 'identity-provider-redirector' authenticator.");
}
}
}
use of org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation in project keycloak by keycloak.
the class RepresentationToModel method importAuthenticationFlows.
public static Map<String, String> importAuthenticationFlows(RealmModel newRealm, RealmRepresentation rep) {
Map<String, String> mappedFlows = new HashMap<>();
if (rep.getAuthenticationFlows() == null) {
// assume this is an old version being imported
DefaultAuthenticationFlows.migrateFlows(newRealm);
} else {
for (AuthenticatorConfigRepresentation configRep : rep.getAuthenticatorConfig()) {
if (configRep.getAlias() == null) {
// this can happen only during import json files from keycloak 3.4.0 and older
throw new IllegalStateException("Provided realm contains authenticator config with null alias. " + "It should be resolved by adding alias to the authenticator config before exporting the realm.");
}
AuthenticatorConfigModel model = toModel(configRep);
newRealm.addAuthenticatorConfig(model);
}
for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
AuthenticationFlowModel model = toModel(flowRep);
// make sure new id is generated for new AuthenticationFlowModel instance
String previousId = model.getId();
model.setId(null);
model = newRealm.addAuthenticationFlow(model);
// store the mapped ids so that clients can reference the correct flow when importing the authenticationFlowBindingOverrides
mappedFlows.put(previousId, model.getId());
}
for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
AuthenticationFlowModel model = newRealm.getFlowByAlias(flowRep.getAlias());
for (AuthenticationExecutionExportRepresentation exeRep : flowRep.getAuthenticationExecutions()) {
AuthenticationExecutionModel execution = toModel(newRealm, model, exeRep);
newRealm.addAuthenticatorExecution(execution);
}
}
}
if (rep.getBrowserFlow() == null) {
newRealm.setBrowserFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW));
} else {
newRealm.setBrowserFlow(newRealm.getFlowByAlias(rep.getBrowserFlow()));
}
if (rep.getRegistrationFlow() == null) {
newRealm.setRegistrationFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.REGISTRATION_FLOW));
} else {
newRealm.setRegistrationFlow(newRealm.getFlowByAlias(rep.getRegistrationFlow()));
}
if (rep.getDirectGrantFlow() == null) {
newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.DIRECT_GRANT_FLOW));
} else {
newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(rep.getDirectGrantFlow()));
}
// reset credentials + client flow needs to be more defensive as they were added later (in 1.5 )
if (rep.getResetCredentialsFlow() == null) {
AuthenticationFlowModel resetFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW);
if (resetFlow == null) {
DefaultAuthenticationFlows.resetCredentialsFlow(newRealm);
} else {
newRealm.setResetCredentialsFlow(resetFlow);
}
} else {
newRealm.setResetCredentialsFlow(newRealm.getFlowByAlias(rep.getResetCredentialsFlow()));
}
if (rep.getClientAuthenticationFlow() == null) {
AuthenticationFlowModel clientFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW);
if (clientFlow == null) {
DefaultAuthenticationFlows.clientAuthFlow(newRealm);
} else {
newRealm.setClientAuthenticationFlow(clientFlow);
}
} else {
newRealm.setClientAuthenticationFlow(newRealm.getFlowByAlias(rep.getClientAuthenticationFlow()));
}
// Added in 1.7
if (newRealm.getFlowByAlias(DefaultAuthenticationFlows.FIRST_BROKER_LOGIN_FLOW) == null) {
DefaultAuthenticationFlows.firstBrokerLoginFlow(newRealm, true);
}
// Added in 2.2
String defaultProvider = null;
if (rep.getIdentityProviders() != null) {
for (IdentityProviderRepresentation i : rep.getIdentityProviders()) {
if (i.isEnabled() && i.isAuthenticateByDefault()) {
defaultProvider = i.getProviderId();
break;
}
}
}
// Added in 3.2
if (rep.getDockerAuthenticationFlow() == null) {
AuthenticationFlowModel dockerAuthenticationFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.DOCKER_AUTH);
if (dockerAuthenticationFlow == null) {
DefaultAuthenticationFlows.dockerAuthenticationFlow(newRealm);
} else {
newRealm.setDockerAuthenticationFlow(dockerAuthenticationFlow);
}
} else {
newRealm.setDockerAuthenticationFlow(newRealm.getFlowByAlias(rep.getDockerAuthenticationFlow()));
}
DefaultAuthenticationFlows.addIdentityProviderAuthenticator(newRealm, defaultProvider);
return mappedFlows;
}
use of org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation in project keycloak by keycloak.
the class InitialFlowsTest method addExecExport.
private void addExecExport(AuthenticationFlowRepresentation flow, String flowAlias, boolean userSetupAllowed, String authenticator, boolean authenticatorFlow, String authenticatorConfig, String requirement, int priority) {
AuthenticationExecutionExportRepresentation rep = newExecutionExportRepresentation(flowAlias, userSetupAllowed, authenticator, authenticatorFlow, authenticatorConfig, requirement, priority);
List<AuthenticationExecutionExportRepresentation> execs = flow.getAuthenticationExecutions();
if (execs == null) {
execs = new ArrayList<>();
flow.setAuthenticationExecutions(execs);
}
execs.add(rep);
}
use of org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation in project keycloak by keycloak.
the class InitialFlowsTest method newExecutionExportRepresentation.
private AuthenticationExecutionExportRepresentation newExecutionExportRepresentation(String flowAlias, boolean userSetupAllowed, String authenticator, boolean authenticatorFlow, String authenticatorConfig, String requirement, int priority) {
AuthenticationExecutionExportRepresentation rep = new AuthenticationExecutionExportRepresentation();
rep.setFlowAlias(flowAlias);
rep.setUserSetupAllowed(userSetupAllowed);
rep.setAuthenticator(authenticator);
rep.setAuthenticatorFlow(authenticatorFlow);
rep.setAuthenticatorConfig(authenticatorConfig);
rep.setRequirement(requirement);
rep.setPriority(priority);
return rep;
}
use of org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation in project keycloak by keycloak.
the class AbstractWebAuthnVirtualTest method switchExecutionInBrowserFormToPasswordless.
// Switch WebAuthn authenticator with Passwordless authenticator in browser flow
protected void switchExecutionInBrowserFormToPasswordless(RealmRepresentation realm) {
List<AuthenticationFlowRepresentation> flows = realm.getAuthenticationFlows();
assertThat(flows, notNullValue());
AuthenticationFlowRepresentation browserForm = flows.stream().filter(f -> f.getAlias().equals("browser-webauthn-forms")).findFirst().orElse(null);
assertThat("Cannot find 'browser-webauthn-forms' flow", browserForm, notNullValue());
flows.removeIf(f -> f.getAlias().equals(browserForm.getAlias()));
List<AuthenticationExecutionExportRepresentation> browserFormExecutions = browserForm.getAuthenticationExecutions();
assertThat("Flow 'browser-webauthn-forms' doesn't have any executions", browserForm, notNullValue());
AuthenticationExecutionExportRepresentation webAuthn = browserFormExecutions.stream().filter(f -> WebAuthnAuthenticatorFactory.PROVIDER_ID.equals(f.getAuthenticator())).findFirst().orElse(null);
assertThat("Cannot find WebAuthn execution in Browser flow", webAuthn, notNullValue());
browserFormExecutions.removeIf(f -> webAuthn.getAuthenticator().equals(f.getAuthenticator()));
webAuthn.setAuthenticator(WebAuthnPasswordlessAuthenticatorFactory.PROVIDER_ID);
browserFormExecutions.add(webAuthn);
browserForm.setAuthenticationExecutions(browserFormExecutions);
flows.add(browserForm);
realm.setAuthenticationFlows(flows);
}
Aggregations