Examples with AuthenticationExecutionInfoRepresentation org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation used on opensource projects

Search in sources :

Example 21 with AuthenticationExecutionInfoRepresentation

use of org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation in project keycloak by keycloak.

the class InitialFlowsTest method testInitialFlows.

@Test
public void testInitialFlows() {
    List<FlowExecutions> result = new LinkedList<>();
    // get all flows
    List<AuthenticationFlowRepresentation> flows = authMgmtResource.getFlows();
    for (AuthenticationFlowRepresentation flow : flows) {
        // get all executions for flow
        List<AuthenticationExecutionInfoRepresentation> executionReps = authMgmtResource.getExecutions(flow.getAlias());
        for (AuthenticationExecutionInfoRepresentation exec : executionReps) {
            // separately load referenced configurations
            String configId = exec.getAuthenticationConfig();
            if (configId != null && !configs.containsKey(configId)) {
                configs.put(configId, authMgmtResource.getAuthenticatorConfig(configId));
            }
        }
        result.add(new FlowExecutions(flow, executionReps));
    }
    // make sure received flows and their details are as expected
    compare(expectedFlows(), orderAlphabetically(result));
}
Also used : AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) LinkedList(java.util.LinkedList) Test(org.junit.Test)

Example 22 with AuthenticationExecutionInfoRepresentation

use of org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation in project keycloak by keycloak.

the class InitialFlowsTest method expectedFlows.

private LinkedList<FlowExecutions> expectedFlows() {
    LinkedList<FlowExecutions> expected = new LinkedList<>();
    AuthenticationFlowRepresentation flow = newFlow("browser", "browser based authentication", "basic-flow", true, true);
    addExecExport(flow, null, false, "auth-cookie", false, null, ALTERNATIVE, 10);
    addExecExport(flow, null, false, "auth-spnego", false, null, DISABLED, 20);
    addExecExport(flow, null, false, "identity-provider-redirector", false, null, ALTERNATIVE, 25);
    addExecExport(flow, "forms", false, null, true, null, ALTERNATIVE, 30);
    List<AuthenticationExecutionInfoRepresentation> execs = new LinkedList<>();
    addExecInfo(execs, "Cookie", "auth-cookie", false, 0, 0, ALTERNATIVE, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    addExecInfo(execs, "Kerberos", "auth-spnego", false, 0, 1, DISABLED, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    addExecInfo(execs, "Identity Provider Redirector", "identity-provider-redirector", true, 0, 2, ALTERNATIVE, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    addExecInfo(execs, "forms", null, false, 0, 3, ALTERNATIVE, true, new String[] { REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL });
    addExecInfo(execs, "Username Password Form", "auth-username-password-form", false, 1, 0, REQUIRED, null, new String[] { REQUIRED });
    addExecInfo(execs, "Browser - Conditional OTP", null, false, 1, 1, CONDITIONAL, true, new String[] { REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL });
    addExecInfo(execs, "Condition - user configured", "conditional-user-configured", false, 2, 0, REQUIRED, null, new String[] { REQUIRED, DISABLED });
    addExecInfo(execs, "OTP Form", "auth-otp-form", false, 2, 1, REQUIRED, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    expected.add(new FlowExecutions(flow, execs));
    flow = newFlow("clients", "Base authentication for clients", "client-flow", true, true);
    addExecExport(flow, null, false, "client-secret", false, null, ALTERNATIVE, 10);
    addExecExport(flow, null, false, "client-jwt", false, null, ALTERNATIVE, 20);
    addExecExport(flow, null, false, "client-secret-jwt", false, null, ALTERNATIVE, 30);
    addExecExport(flow, null, false, "client-x509", false, null, ALTERNATIVE, 40);
    execs = new LinkedList<>();
    addExecInfo(execs, "Client Id and Secret", "client-secret", false, 0, 0, ALTERNATIVE, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    addExecInfo(execs, "Signed Jwt", "client-jwt", false, 0, 1, ALTERNATIVE, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    addExecInfo(execs, "Signed Jwt with Client Secret", "client-secret-jwt", false, 0, 2, ALTERNATIVE, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    addExecInfo(execs, "X509 Certificate", "client-x509", false, 0, 3, ALTERNATIVE, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    expected.add(new FlowExecutions(flow, execs));
    flow = newFlow("direct grant", "OpenID Connect Resource Owner Grant", "basic-flow", true, true);
    addExecExport(flow, null, false, "direct-grant-validate-username", false, null, REQUIRED, 10);
    addExecExport(flow, null, false, "direct-grant-validate-password", false, null, REQUIRED, 20);
    addExecExport(flow, "Direct Grant - Conditional OTP", false, null, true, null, CONDITIONAL, 30);
    execs = new LinkedList<>();
    addExecInfo(execs, "Username Validation", "direct-grant-validate-username", false, 0, 0, REQUIRED, null, new String[] { REQUIRED });
    addExecInfo(execs, "Password", "direct-grant-validate-password", false, 0, 1, REQUIRED, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    addExecInfo(execs, "Direct Grant - Conditional OTP", null, false, 0, 2, CONDITIONAL, true, new String[] { REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL });
    addExecInfo(execs, "Condition - user configured", "conditional-user-configured", false, 1, 0, REQUIRED, null, new String[] { REQUIRED, DISABLED });
    addExecInfo(execs, "OTP", "direct-grant-validate-otp", false, 1, 1, REQUIRED, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    expected.add(new FlowExecutions(flow, execs));
    flow = newFlow("docker auth", "Used by Docker clients to authenticate against the IDP", "basic-flow", true, true);
    addExecExport(flow, null, false, "docker-http-basic-authenticator", false, null, REQUIRED, 10);
    execs = new LinkedList<>();
    addExecInfo(execs, "Docker Authenticator", "docker-http-basic-authenticator", false, 0, 0, REQUIRED, null, new String[] { REQUIRED });
    expected.add(new FlowExecutions(flow, execs));
    flow = newFlow("first broker login", "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "basic-flow", true, true);
    addExecExport(flow, null, false, "idp-review-profile", false, "review profile config", REQUIRED, 10);
    addExecExport(flow, "User creation or linking", false, null, true, null, REQUIRED, 20);
    execs = new LinkedList<>();
    addExecInfo(execs, "Review Profile", "idp-review-profile", true, 0, 0, REQUIRED, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    addExecInfo(execs, "User creation or linking", null, false, 0, 1, REQUIRED, true, new String[] { REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL });
    addExecInfo(execs, "Create User If Unique", "idp-create-user-if-unique", true, 1, 0, ALTERNATIVE, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    addExecInfo(execs, "Handle Existing Account", null, false, 1, 1, ALTERNATIVE, true, new String[] { REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL });
    addExecInfo(execs, "Confirm link existing account", "idp-confirm-link", false, 2, 0, REQUIRED, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    addExecInfo(execs, "Account verification options", null, false, 2, 1, REQUIRED, true, new String[] { REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL });
    addExecInfo(execs, "Verify existing account by Email", "idp-email-verification", false, 3, 0, ALTERNATIVE, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    addExecInfo(execs, "Verify Existing Account by Re-authentication", null, false, 3, 1, ALTERNATIVE, true, new String[] { REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL });
    addExecInfo(execs, "Username Password Form for identity provider reauthentication", "idp-username-password-form", false, 4, 0, REQUIRED, null, new String[] { REQUIRED });
    addExecInfo(execs, "First broker login - Conditional OTP", null, false, 4, 1, CONDITIONAL, true, new String[] { REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL });
    addExecInfo(execs, "Condition - user configured", "conditional-user-configured", false, 5, 0, REQUIRED, null, new String[] { REQUIRED, DISABLED });
    addExecInfo(execs, "OTP Form", "auth-otp-form", false, 5, 1, REQUIRED, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    expected.add(new FlowExecutions(flow, execs));
    flow = newFlow("http challenge", "An authentication flow based on challenge-response HTTP Authentication Schemes", "basic-flow", true, true);
    addExecExport(flow, null, false, "no-cookie-redirect", false, null, REQUIRED, 10);
    addExecExport(flow, "Authentication Options", false, null, true, null, REQUIRED, 20);
    execs = new LinkedList<>();
    addExecInfo(execs, "Browser Redirect for Cookie free authentication", "no-cookie-redirect", false, 0, 0, REQUIRED, null, new String[] { REQUIRED });
    addExecInfo(execs, "Authentication Options", null, false, 0, 1, REQUIRED, true, new String[] { REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL });
    addExecInfo(execs, "Basic Auth Challenge", "basic-auth", false, 1, 0, REQUIRED, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    addExecInfo(execs, "Basic Auth Password+OTP", "basic-auth-otp", false, 1, 1, DISABLED, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    addExecInfo(execs, "Kerberos", "auth-spnego", false, 1, 2, DISABLED, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    expected.add(new FlowExecutions(flow, execs));
    flow = newFlow("registration", "registration flow", "basic-flow", true, true);
    addExecExport(flow, "registration form", false, "registration-page-form", true, null, REQUIRED, 10);
    execs = new LinkedList<>();
    addExecInfo(execs, "registration form", "registration-page-form", false, 0, 0, REQUIRED, true, new String[] { REQUIRED, DISABLED });
    addExecInfo(execs, "Registration User Creation", "registration-user-creation", false, 1, 0, REQUIRED, null, new String[] { REQUIRED, DISABLED });
    addExecInfo(execs, "Profile Validation", "registration-profile-action", false, 1, 1, REQUIRED, null, new String[] { REQUIRED, DISABLED });
    addExecInfo(execs, "Password Validation", "registration-password-action", false, 1, 2, REQUIRED, null, new String[] { REQUIRED, DISABLED });
    addExecInfo(execs, "Recaptcha", "registration-recaptcha-action", true, 1, 3, DISABLED, null, new String[] { REQUIRED, DISABLED });
    expected.add(new FlowExecutions(flow, execs));
    flow = newFlow("reset credentials", "Reset credentials for a user if they forgot their password or something", "basic-flow", true, true);
    addExecExport(flow, null, false, "reset-credentials-choose-user", false, null, REQUIRED, 10);
    addExecExport(flow, null, false, "reset-credential-email", false, null, REQUIRED, 20);
    addExecExport(flow, null, false, "reset-password", false, null, REQUIRED, 30);
    addExecExport(flow, "Reset - Conditional OTP", false, null, true, null, CONDITIONAL, 40);
    execs = new LinkedList<>();
    addExecInfo(execs, "Choose User", "reset-credentials-choose-user", false, 0, 0, REQUIRED, null, new String[] { REQUIRED });
    addExecInfo(execs, "Send Reset Email", "reset-credential-email", false, 0, 1, REQUIRED, null, new String[] { REQUIRED });
    addExecInfo(execs, "Reset Password", "reset-password", false, 0, 2, REQUIRED, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    addExecInfo(execs, "Reset - Conditional OTP", null, false, 0, 3, CONDITIONAL, true, new String[] { REQUIRED, ALTERNATIVE, DISABLED, CONDITIONAL });
    addExecInfo(execs, "Condition - user configured", "conditional-user-configured", false, 1, 0, REQUIRED, null, new String[] { REQUIRED, DISABLED });
    addExecInfo(execs, "Reset OTP", "reset-otp", false, 1, 1, REQUIRED, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED });
    expected.add(new FlowExecutions(flow, execs));
    return expected;
}
Also used : AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) LinkedList(java.util.LinkedList)

Example 23 with AuthenticationExecutionInfoRepresentation

use of org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation in project keycloak by keycloak.

the class ShiftExecutionTest method testBuiltinShiftNotAllowed.

@Test
public void testBuiltinShiftNotAllowed() {
    List<AuthenticationExecutionInfoRepresentation> executions = authMgmtResource.getExecutions("browser");
    AuthenticationExecutionInfoRepresentation last = executions.get(executions.size() - 1);
    AuthenticationExecutionInfoRepresentation oneButLast = executions.get(executions.size() - 2);
    // Not possible to raise - It's builtin flow
    try {
        authMgmtResource.raisePriority(last.getId());
        Assert.fail("Not expected to raise priority of builtin flow");
    } catch (BadRequestException nfe) {
    // Expected
    }
    // Not possible to lower - It's builtin flow
    try {
        authMgmtResource.lowerPriority(oneButLast.getId());
        Assert.fail("Not expected to lower priority of builtin flow");
    } catch (BadRequestException nfe) {
    // Expected
    }
}
Also used : AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) BadRequestException(javax.ws.rs.BadRequestException) Test(org.junit.Test)

Example 24 with AuthenticationExecutionInfoRepresentation

use of org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation in project keycloak by keycloak.

the class UserStorageRestTest method testKerberosAuthenticatorDisabledWhenProviderRemoved.

// KEYCLOAK-4438
@Test
public void testKerberosAuthenticatorDisabledWhenProviderRemoved() {
    // Assert kerberos authenticator DISABLED
    AuthenticationExecutionInfoRepresentation kerberosExecution = findKerberosExecution();
    Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.DISABLED.toString());
    // create LDAP provider with kerberos
    ComponentRepresentation ldapRep = createBasicLDAPProviderRep();
    ldapRep.getConfig().putSingle(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION, "true");
    String id = createComponent(ldapRep);
    // Assert kerberos authenticator ALTERNATIVE
    kerberosExecution = findKerberosExecution();
    Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.ALTERNATIVE.toString());
    // Remove LDAP provider
    realm.components().component(id).remove();
    // Assert kerberos authenticator DISABLED
    kerberosExecution = findKerberosExecution();
    Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.DISABLED.toString());
    // Add kerberos provider
    ComponentRepresentation kerberosRep = new ComponentRepresentation();
    kerberosRep.setName("kerberos");
    kerberosRep.setProviderId("kerberos");
    kerberosRep.setProviderType(UserStorageProvider.class.getName());
    kerberosRep.setConfig(new MultivaluedHashMap<>());
    kerberosRep.getConfig().putSingle("priority", Integer.toString(2));
    id = createComponent(kerberosRep);
    // Assert kerberos authenticator ALTERNATIVE
    kerberosExecution = findKerberosExecution();
    Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.ALTERNATIVE.toString());
    // Switch kerberos authenticator to REQUIRED
    kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString());
    realm.flows().updateExecutions("browser", kerberosExecution);
    // Remove Kerberos provider
    realm.components().component(id).remove();
    // Assert kerberos authenticator DISABLED
    kerberosExecution = findKerberosExecution();
    Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.DISABLED.toString());
}
Also used : ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation) UserStorageProvider(org.keycloak.storage.UserStorageProvider) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) Test(org.junit.Test) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)

Example 25 with AuthenticationExecutionInfoRepresentation

use of org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation in project keycloak by keycloak.

the class UserStorageRestTest method testKerberosAuthenticatorChangedOnlyIfDisabled.

@Test
public void testKerberosAuthenticatorChangedOnlyIfDisabled() {
    // Change kerberos to REQUIRED
    AuthenticationExecutionInfoRepresentation kerberosExecution = findKerberosExecution();
    kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString());
    realm.flows().updateExecutions("browser", kerberosExecution);
    assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION);
    // create LDAP provider with kerberos
    ComponentRepresentation ldapRep = createBasicLDAPProviderRep();
    ldapRep.getConfig().putSingle(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION, "true");
    String id = createComponent(ldapRep);
    // Assert kerberos authenticator still REQUIRED
    kerberosExecution = findKerberosExecution();
    Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.REQUIRED.toString());
    // update LDAP provider with kerberos
    ldapRep = realm.components().component(id).toRepresentation();
    realm.components().component(id).update(ldapRep);
    assertAdminEvents.clear();
    // Assert kerberos authenticator still REQUIRED
    kerberosExecution = findKerberosExecution();
    Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.REQUIRED.toString());
    // Cleanup
    kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
    realm.flows().updateExecutions("browser", kerberosExecution);
    assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION);
    removeComponent(id);
}
Also used : ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) Test(org.junit.Test) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)

Aggregations

AuthenticationExecutionInfoRepresentation (org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)33 Test (org.junit.Test)16 AuthenticationFlowRepresentation (org.keycloak.representations.idm.AuthenticationFlowRepresentation)10 HashMap (java.util.HashMap)9 Response (javax.ws.rs.core.Response)8 NotFoundException (javax.ws.rs.NotFoundException)5 Before (org.junit.Before)4 AuthenticatorConfigRepresentation (org.keycloak.representations.idm.AuthenticatorConfigRepresentation)4 LinkedList (java.util.LinkedList)3 BadRequestException (javax.ws.rs.BadRequestException)3 ComponentRepresentation (org.keycloak.representations.idm.ComponentRepresentation)3 AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)3 URI (java.net.URI)2 List (java.util.List)2 RealmResource (org.keycloak.admin.client.resource.RealmResource)2 AuthenticationExecutionModel (org.keycloak.models.AuthenticationExecutionModel)2 AuthenticationFlowModel (org.keycloak.models.AuthenticationFlowModel)2 AuthenticationExecutionRepresentation (org.keycloak.representations.idm.AuthenticationExecutionRepresentation)2 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)2 IOException (java.io.IOException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial