use of org.keycloak.representations.idm.AuthenticationExecutionRepresentation in project keycloak by keycloak.
the class KcOidcFirstBrokerLoginDetectExistingUserTest method addExecution.
private void addExecution(AuthenticationManagementResource authMgmtResource, String flowId, String providerId, int priority) {
AuthenticationExecutionRepresentation exec = ExecutionBuilder.create().parentFlow(flowId).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString()).authenticator(providerId).priority(priority).authenticatorFlow(false).build();
authMgmtResource.addExecution(exec);
}
use of org.keycloak.representations.idm.AuthenticationExecutionRepresentation in project keycloak by keycloak.
the class AbstractX509AuthenticationTest method addAssertExecution.
private AuthenticationExecutionInfoRepresentation addAssertExecution(AuthenticationFlowRepresentation flow, String providerId, String requirement) {
AuthenticationExecutionRepresentation rep = new AuthenticationExecutionRepresentation();
rep.setPriority(10);
rep.setAuthenticator(providerId);
rep.setRequirement(requirement);
rep.setParentFlow(flow.getId());
Response response = authMgmtResource.addExecution(rep);
// assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authMgmtBasePath() + "/executions"), rep);
try {
Assert.assertEquals("added execution", 201, response.getStatus());
} finally {
response.close();
}
List<AuthenticationExecutionInfoRepresentation> executionReps = authMgmtResource.getExecutions(flow.getAlias());
return findExecution(providerId, executionReps);
}
use of org.keycloak.representations.idm.AuthenticationExecutionRepresentation in project keycloak by keycloak.
the class DeployedScriptAuthenticatorTest method configureFlows.
public void configureFlows() throws Exception {
deployer.deploy(SCRIPT_DEPLOYMENT_NAME);
reconnectAdminClient();
if (testContext.isInitialized()) {
return;
}
String scriptFlow = "scriptBrowser";
AuthenticationFlowRepresentation scriptBrowserFlow = FlowBuilder.create().alias(scriptFlow).description("dummy pass through registration").providerId("basic-flow").topLevel(true).builtIn(false).build();
Response createFlowResponse = adminClient.realm(TEST_REALM_NAME).flows().createFlow(scriptBrowserFlow);
Assert.assertEquals(201, createFlowResponse.getStatus());
RealmRepresentation realm = adminClient.realm(TEST_REALM_NAME).toRepresentation();
realm.setBrowserFlow(scriptFlow);
realm.setDirectGrantFlow(scriptFlow);
testRealm().update(realm);
this.flow = findFlowByAlias(scriptFlow);
AuthenticationExecutionRepresentation usernamePasswordFormExecution = ExecutionBuilder.create().id("username password form").parentFlow(this.flow.getId()).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.name()).authenticator(UsernamePasswordFormFactory.PROVIDER_ID).build();
AuthenticationExecutionRepresentation authScriptExecution = ExecutionBuilder.create().id(EXECUTION_ID).parentFlow(this.flow.getId()).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.name()).authenticator("script-authenticator-a.js").build();
Response addExecutionResponse = testRealm().flows().addExecution(usernamePasswordFormExecution);
Assert.assertEquals(201, addExecutionResponse.getStatus());
addExecutionResponse.close();
addExecutionResponse = testRealm().flows().addExecution(authScriptExecution);
Assert.assertEquals(201, addExecutionResponse.getStatus());
addExecutionResponse.close();
testContext.setInitialized(true);
}
use of org.keycloak.representations.idm.AuthenticationExecutionRepresentation in project keycloak by keycloak.
the class ExecutionTest method testAddRemoveExecution.
@Test
public void testAddRemoveExecution() {
// try add execution to built-in flow
HashMap<String, String> params = new HashMap<>();
params.put("provider", "idp-review-profile");
try {
authMgmtResource.addExecution("browser", params);
Assert.fail("add execution to built-in flow should fail");
} catch (BadRequestException expected) {
// Expected
}
// try add execution to not-existent flow
try {
authMgmtResource.addExecution("not-existent", params);
Assert.fail("add execution to not-existent flow should fail");
} catch (BadRequestException expected) {
// Expected
}
// copy built-in flow so we get a new editable flow
params.put("newName", "Copy-of-browser");
Response response = authMgmtResource.copy("browser", params);
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params, ResourceType.AUTH_FLOW);
try {
Assert.assertEquals("Copy flow", 201, response.getStatus());
} finally {
response.close();
}
// add execution using inexistent provider
params.put("provider", "test-execution");
try {
authMgmtResource.addExecution("CopyOfBrowser", params);
Assert.fail("add execution with inexistent provider should fail");
} catch (BadRequestException expected) {
// Expected
}
// add execution - should succeed
params.put("provider", "idp-review-profile");
authMgmtResource.addExecution("Copy-of-browser", params);
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("Copy-of-browser"), params, ResourceType.AUTH_EXECUTION);
// check execution was added
List<AuthenticationExecutionInfoRepresentation> executionReps = authMgmtResource.getExecutions("Copy-of-browser");
AuthenticationExecutionInfoRepresentation exec = findExecutionByProvider("idp-review-profile", executionReps);
Assert.assertNotNull("idp-review-profile added", exec);
// we'll need auth-cookie later
AuthenticationExecutionInfoRepresentation authCookieExec = findExecutionByProvider("auth-cookie", executionReps);
compareExecution(newExecInfo("Review Profile", "idp-review-profile", true, 0, 4, DISABLED, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED }), exec);
// remove execution
authMgmtResource.removeExecution(exec.getId());
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(exec.getId()), ResourceType.AUTH_EXECUTION);
// check execution was removed
executionReps = authMgmtResource.getExecutions("Copy-of-browser");
exec = findExecutionByProvider("idp-review-profile", executionReps);
Assert.assertNull("idp-review-profile removed", exec);
// now add the execution again using a different method and representation
// delete auth-cookie
authMgmtResource.removeExecution(authCookieExec.getId());
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(authCookieExec.getId()), ResourceType.AUTH_EXECUTION);
AuthenticationExecutionRepresentation rep = new AuthenticationExecutionRepresentation();
rep.setPriority(10);
rep.setAuthenticator("auth-cookie");
rep.setRequirement(CONDITIONAL);
// Should fail - missing parent flow
response = authMgmtResource.addExecution(rep);
try {
Assert.assertEquals("added execution missing parent flow", 400, response.getStatus());
} finally {
response.close();
}
// Should fail - not existent parent flow
rep.setParentFlow("not-existent-id");
response = authMgmtResource.addExecution(rep);
try {
Assert.assertEquals("added execution missing parent flow", 400, response.getStatus());
} finally {
response.close();
}
// Should fail - add execution to builtin flow
AuthenticationFlowRepresentation browserFlow = findFlowByAlias("browser", authMgmtResource.getFlows());
rep.setParentFlow(browserFlow.getId());
response = authMgmtResource.addExecution(rep);
try {
Assert.assertEquals("added execution to builtin flow", 400, response.getStatus());
} finally {
response.close();
}
// get Copy-of-browser flow id, and set it on execution
List<AuthenticationFlowRepresentation> flows = authMgmtResource.getFlows();
AuthenticationFlowRepresentation flow = findFlowByAlias("Copy-of-browser", flows);
rep.setParentFlow(flow.getId());
// add execution - should succeed
response = authMgmtResource.addExecution(rep);
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authMgmtBasePath() + "/executions"), rep, ResourceType.AUTH_EXECUTION);
try {
Assert.assertEquals("added execution", 201, response.getStatus());
} finally {
response.close();
}
// check execution was added
List<AuthenticationExecutionInfoRepresentation> executions = authMgmtResource.getExecutions("Copy-of-browser");
exec = findExecutionByProvider("auth-cookie", executions);
Assert.assertNotNull("auth-cookie added", exec);
// Note: there is no checking in addExecution if requirement is one of requirementChoices
// Thus we can have OPTIONAL which is neither ALTERNATIVE, nor DISABLED
compareExecution(newExecInfo("Cookie", "auth-cookie", false, 0, 3, CONDITIONAL, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED }), exec);
}
use of org.keycloak.representations.idm.AuthenticationExecutionRepresentation in project keycloak by keycloak.
the class CustomFlowTest method testRequiredAfterAlternative.
/**
* KEYCLOAK-3506
*/
@Test
public void testRequiredAfterAlternative() {
AuthenticationManagementResource authMgmtResource = testRealm().flows();
Map<String, String> params = new HashMap();
String flowAlias = "Browser Flow With Extra";
params.put("newName", flowAlias);
Response response = authMgmtResource.copy("browser", params);
String flowId = null;
try {
Assert.assertThat("Copy flow", response, statusCodeIs(Response.Status.CREATED));
AuthenticationFlowRepresentation newFlow = findFlowByAlias(flowAlias);
flowId = newFlow.getId();
} finally {
response.close();
}
AuthenticationExecutionRepresentation execution = ExecutionBuilder.create().parentFlow(flowId).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString()).authenticator(ClickThroughAuthenticator.PROVIDER_ID).priority(10).authenticatorFlow(false).build();
RealmRepresentation rep = testRealm().toRepresentation();
try (Response r = testRealm().flows().addExecution(execution)) {
rep.setBrowserFlow(flowAlias);
testRealm().update(rep);
rep = testRealm().toRepresentation();
Assert.assertEquals(flowAlias, rep.getBrowserFlow());
}
loginPage.open();
/* In the new flows, any required execution will render any optional flows unused.
// test to make sure we aren't skipping anything
loginPage.login("test-user@localhost", "bad-password");
Assert.assertTrue(loginPage.isCurrent());
loginPage.login("test-user@localhost", "password");*/
Assert.assertTrue(termsPage.isCurrent());
// Revert dummy flow
rep.setBrowserFlow("dummy");
testRealm().update(rep);
}
Aggregations