Example 26 with AuthenticationExecutionInfoRepresentation
use of org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation in project keycloak by keycloak.
the class UserStorageRestTest method testKerberosAuthenticatorEnabledAutomatically.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testKerberosAuthenticatorEnabledAutomatically() {
// Assert kerberos authenticator DISABLED
AuthenticationExecutionInfoRepresentation kerberosExecution = findKerberosExecution();
Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.DISABLED.toString());
// create LDAP provider with kerberos
ComponentRepresentation ldapRep = createBasicLDAPProviderRep();
ldapRep.getConfig().putSingle(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION, "true");
String id = createComponent(ldapRep);
// Assert kerberos authenticator ALTERNATIVE
kerberosExecution = findKerberosExecution();
Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.ALTERNATIVE.toString());
// Switch kerberos authenticator to DISABLED
kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
realm.flows().updateExecutions("browser", kerberosExecution);
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION);
// update LDAP provider with kerberos (without changing kerberos switch)
ldapRep = realm.components().component(id).toRepresentation();
realm.components().component(id).update(ldapRep);
assertAdminEvents.clear();
// Assert kerberos authenticator is still DISABLED
kerberosExecution = findKerberosExecution();
Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.DISABLED.toString());
// update LDAP provider with kerberos (with changing kerberos switch to disabled)
ldapRep = realm.components().component(id).toRepresentation();
ldapRep.getConfig().putSingle(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION, "false");
realm.components().component(id).update(ldapRep);
assertAdminEvents.clear();
// Assert kerberos authenticator is still DISABLED
kerberosExecution = findKerberosExecution();
Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.DISABLED.toString());
// update LDAP provider with kerberos (with changing kerberos switch to enabled)
ldapRep = realm.components().component(id).toRepresentation();
ldapRep.getConfig().putSingle(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION, "true");
realm.components().component(id).update(ldapRep);
assertAdminEvents.clear();
// Assert kerberos authenticator is still ALTERNATIVE
kerberosExecution = findKerberosExecution();
Assert.assertEquals(kerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.ALTERNATIVE.toString());
// Cleanup
kerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
realm.flows().updateExecutions("browser", kerberosExecution);
assertAdminEvents.assertEvent(realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), kerberosExecution, ResourceType.AUTH_EXECUTION);
removeComponent(id);
}
Also used :
ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation)
AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
Test(org.junit.Test)
AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)
Example 27 with AuthenticationExecutionInfoRepresentation
use of org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation in project keycloak by keycloak.
the class AbstractCustomAccountManagementTest method updateRequirement.
protected void updateRequirement(String flowAlias, String provider, AuthenticationExecutionModel.Requirement requirement) {
AuthenticationExecutionInfoRepresentation exec = getExecution(flowAlias, provider);
exec.setRequirement(requirement.name());
authMgmtResource.updateExecutions(flowAlias, exec);
}
Also used :
AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)
Example 28 with AuthenticationExecutionInfoRepresentation
use of org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation in project keycloak by keycloak.
the class AbstractCustomAccountManagementTest method updateRequirement.
protected void updateRequirement(String flowAlias, AuthenticationExecutionModel.Requirement requirement, Function<AuthenticationExecutionInfoRepresentation, Boolean> filterFunc) {
List<AuthenticationExecutionInfoRepresentation> executionReps = authMgmtResource.getExecutions(flowAlias);
AuthenticationExecutionInfoRepresentation exec = executionReps.stream().filter(filterFunc::apply).findFirst().orElse(null);
if (exec != null) {
exec.setRequirement(requirement.name());
authMgmtResource.updateExecutions(flowAlias, exec);
}
}
Also used :
AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)
Example 29 with AuthenticationExecutionInfoRepresentation
use of org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation in project keycloak by keycloak.
the class BrokerTest method testLogoutPropagatesToSamlIdentityProvider.
@Test
public void testLogoutPropagatesToSamlIdentityProvider() throws IOException {
final RealmResource realm = adminClient.realm(REALM_NAME);
final ClientsResource clients = realm.clients();
AuthenticationExecutionInfoRepresentation reviewProfileAuthenticator = null;
String firstBrokerLoginFlowAlias = null;
try (IdentityProviderCreator idp = new IdentityProviderCreator(realm, addIdentityProvider("https://saml.idp/saml"))) {
IdentityProviderRepresentation idpRepresentation = idp.identityProvider().toRepresentation();
firstBrokerLoginFlowAlias = idpRepresentation.getFirstBrokerLoginFlowAlias();
List<AuthenticationExecutionInfoRepresentation> executions = realm.flows().getExecutions(firstBrokerLoginFlowAlias);
reviewProfileAuthenticator = executions.stream().filter(ex -> Objects.equals(ex.getProviderId(), IdpReviewProfileAuthenticatorFactory.PROVIDER_ID)).findFirst().orElseGet(() -> {
Assert.fail("Could not find update profile in first broker login flow");
return null;
});
reviewProfileAuthenticator.setRequirement(Requirement.DISABLED.name());
realm.flows().updateExecutions(firstBrokerLoginFlowAlias, reviewProfileAuthenticator);
SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).transformObject(ar -> {
NameIDPolicyType nameIDPolicy = new NameIDPolicyType();
nameIDPolicy.setAllowCreate(Boolean.TRUE);
nameIDPolicy.setFormat(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.getUri());
ar.setNameIDPolicy(nameIDPolicy);
return ar;
}).build().login().idp(SAML_BROKER_ALIAS).build().processSamlResponse(REDIRECT).transformObject(this::createAuthnResponse).targetAttributeSamlResponse().targetUri(getSamlBrokerUrl(REALM_NAME)).build().followOneRedirect().followOneRedirect().getSamlResponse(POST);
assertThat(samlResponse.getSamlObject(), isSamlStatusResponse(JBossSAMLURIConstants.STATUS_RESPONDER, JBossSAMLURIConstants.STATUS_INVALID_NAMEIDPOLICY));
} finally {
reviewProfileAuthenticator.setRequirement(Requirement.REQUIRED.name());
realm.flows().updateExecutions(firstBrokerLoginFlowAlias, reviewProfileAuthenticator);
}
}
Also used :
XMLTimeUtil(org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil)
KeyPair(java.security.KeyPair)
ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType)
POST(org.keycloak.testsuite.util.SamlClient.Binding.POST)
Header(org.apache.http.Header)
AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType)
SAML2Object(org.keycloak.dom.saml.v2.SAML2Object)
SAMLIdentityProviderConfig(org.keycloak.broker.saml.SAMLIdentityProviderConfig)
SAMLIdentityProviderFactory(org.keycloak.broker.saml.SAMLIdentityProviderFactory)
ClientsResource(org.keycloak.admin.client.resource.ClientsResource)
ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType)
Document(org.w3c.dom.Document)
Requirement(org.keycloak.models.AuthenticationExecutionModel.Requirement)
NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType)
HasQName(org.keycloak.saml.processing.core.parsers.util.HasQName)
URI(java.net.URI)
HttpHeaders(org.apache.http.HttpHeaders)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
IdentityProviderBuilder(org.keycloak.testsuite.util.IdentityProviderBuilder)
UUID(java.util.UUID)
Objects(java.util.Objects)
List(java.util.List)
Matchers.isSamlStatusResponse(org.keycloak.testsuite.util.Matchers.isSamlStatusResponse)
Matchers.is(org.hamcrest.Matchers.is)
SAML_CLIENT_ID_SALES_POST(org.keycloak.testsuite.saml.AbstractSamlTest.SAML_CLIENT_ID_SALES_POST)
QName(javax.xml.namespace.QName)
SamlPrincipalType(org.keycloak.protocol.saml.SamlPrincipalType)
XmlDSigQNames(org.keycloak.saml.processing.core.parsers.saml.xmldsig.XmlDSigQNames)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation)
UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType)
AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)
RSA_SHA1(org.keycloak.saml.SignatureAlgorithm.RSA_SHA1)
REDIRECT(org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT)
SAML2LoginResponseBuilder(org.keycloak.saml.SAML2LoginResponseBuilder)
ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)
DOMException(org.w3c.dom.DOMException)
Matchers.hasSize(org.hamcrest.Matchers.hasSize)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
UserResource(org.keycloak.admin.client.resource.UserResource)
Status(javax.ws.rs.core.Response.Status)
ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
NodeList(org.w3c.dom.NodeList)
AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType)
JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants)
REALM_NAME(org.keycloak.testsuite.saml.AbstractSamlTest.REALM_NAME)
Matchers(org.hamcrest.Matchers)
IOException(java.io.IOException)
Test(org.junit.Test)
AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)
XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar)
SAML_ASSERTION_CONSUMER_URL_SALES_POST(org.keycloak.testsuite.saml.AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType)
IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator)
IdpReviewProfileAuthenticatorFactory(org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticatorFactory)
BaseSAML2BindingBuilder(org.keycloak.saml.BaseSAML2BindingBuilder)
Element(org.w3c.dom.Element)
Assert(org.junit.Assert)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
ClientsResource(org.keycloak.admin.client.resource.ClientsResource)
IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator)
AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)
IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation)
NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType)
Test(org.junit.Test)
Example 30 with AuthenticationExecutionInfoRepresentation
use of org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation in project keycloak by keycloak.
the class AuthenticationManagementResource method recurseExecutions.
public void recurseExecutions(AuthenticationFlowModel flow, List<AuthenticationExecutionInfoRepresentation> result, int level) {
AtomicInteger index = new AtomicInteger(0);
realm.getAuthenticationExecutionsStream(flow.getId()).forEachOrdered(execution -> {
AuthenticationExecutionInfoRepresentation rep = new AuthenticationExecutionInfoRepresentation();
rep.setLevel(level);
rep.setIndex(index.getAndIncrement());
rep.setRequirementChoices(new LinkedList<>());
if (execution.isAuthenticatorFlow()) {
AuthenticationFlowModel flowRef = realm.getAuthenticationFlowById(execution.getFlowId());
if (AuthenticationFlow.BASIC_FLOW.equals(flowRef.getProviderId())) {
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.REQUIRED.name());
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.ALTERNATIVE.name());
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.DISABLED.name());
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.CONDITIONAL.name());
} else if (AuthenticationFlow.FORM_FLOW.equals(flowRef.getProviderId())) {
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.REQUIRED.name());
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.DISABLED.name());
rep.setProviderId(execution.getAuthenticator());
rep.setAuthenticationConfig(execution.getAuthenticatorConfig());
} else if (AuthenticationFlow.CLIENT_FLOW.equals(flowRef.getProviderId())) {
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.ALTERNATIVE.name());
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.REQUIRED.name());
rep.getRequirementChoices().add(AuthenticationExecutionModel.Requirement.DISABLED.name());
}
rep.setDisplayName(flowRef.getAlias());
rep.setDescription(flowRef.getDescription());
rep.setConfigurable(false);
rep.setId(execution.getId());
rep.setAuthenticationFlow(execution.isAuthenticatorFlow());
rep.setRequirement(execution.getRequirement().name());
rep.setFlowId(execution.getFlowId());
result.add(rep);
AuthenticationFlowModel subFlow = realm.getAuthenticationFlowById(execution.getFlowId());
recurseExecutions(subFlow, result, level + 1);
} else {
String providerId = execution.getAuthenticator();
ConfigurableAuthenticatorFactory factory = CredentialHelper.getConfigurableAuthenticatorFactory(session, providerId);
if (factory == null) {
logger.warnf("Cannot find authentication provider implementation with provider ID '%s'", providerId);
throw new NotFoundException("Could not find authenticator provider");
}
rep.setDisplayName(factory.getDisplayType());
rep.setConfigurable(factory.isConfigurable());
for (AuthenticationExecutionModel.Requirement choice : factory.getRequirementChoices()) {
rep.getRequirementChoices().add(choice.name());
}
rep.setId(execution.getId());
if (factory.isConfigurable()) {
String authenticatorConfigId = execution.getAuthenticatorConfig();
if (authenticatorConfigId != null) {
AuthenticatorConfigModel authenticatorConfig = realm.getAuthenticatorConfigById(authenticatorConfigId);
if (authenticatorConfig != null) {
rep.setAlias(authenticatorConfig.getAlias());
}
}
}
rep.setRequirement(execution.getRequirement().name());
rep.setProviderId(execution.getAuthenticator());
rep.setAuthenticationConfig(execution.getAuthenticatorConfig());
result.add(rep);
}
});
}
Also used :
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)
AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)
ConfigurableAuthenticatorFactory(org.keycloak.authentication.ConfigurableAuthenticatorFactory)
AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel)
NotFoundException(javax.ws.rs.NotFoundException)
AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel)
Aggregations
AuthenticationExecutionInfoRepresentation (org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)33
Test (org.junit.Test)16
AuthenticationFlowRepresentation (org.keycloak.representations.idm.AuthenticationFlowRepresentation)10
HashMap (java.util.HashMap)9
Response (javax.ws.rs.core.Response)8
NotFoundException (javax.ws.rs.NotFoundException)5
Before (org.junit.Before)4
AuthenticatorConfigRepresentation (org.keycloak.representations.idm.AuthenticatorConfigRepresentation)4
LinkedList (java.util.LinkedList)3
BadRequestException (javax.ws.rs.BadRequestException)3
ComponentRepresentation (org.keycloak.representations.idm.ComponentRepresentation)3
AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)3
URI (java.net.URI)2
List (java.util.List)2
RealmResource (org.keycloak.admin.client.resource.RealmResource)2
AuthenticationExecutionModel (org.keycloak.models.AuthenticationExecutionModel)2
AuthenticationFlowModel (org.keycloak.models.AuthenticationFlowModel)2
AuthenticationExecutionRepresentation (org.keycloak.representations.idm.AuthenticationExecutionRepresentation)2
RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)2
IOException (java.io.IOException)1
