Search in sources :

Example 1 with AuthenticationExecutionRepresentation

use of org.keycloak.representations.idm.AuthenticationExecutionRepresentation in project keycloak by keycloak.

the class KcOidcFirstBrokerLoginDetectExistingUserTest method addExecution.

private void addExecution(AuthenticationManagementResource authMgmtResource, String flowId, String providerId, int priority) {
    AuthenticationExecutionRepresentation exec = ExecutionBuilder.create().parentFlow(flowId).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString()).authenticator(providerId).priority(priority).authenticatorFlow(false).build();
    authMgmtResource.addExecution(exec);
}
Also used : AuthenticationExecutionRepresentation(org.keycloak.representations.idm.AuthenticationExecutionRepresentation)

Example 2 with AuthenticationExecutionRepresentation

use of org.keycloak.representations.idm.AuthenticationExecutionRepresentation in project keycloak by keycloak.

the class AbstractX509AuthenticationTest method addAssertExecution.

private AuthenticationExecutionInfoRepresentation addAssertExecution(AuthenticationFlowRepresentation flow, String providerId, String requirement) {
    AuthenticationExecutionRepresentation rep = new AuthenticationExecutionRepresentation();
    rep.setPriority(10);
    rep.setAuthenticator(providerId);
    rep.setRequirement(requirement);
    rep.setParentFlow(flow.getId());
    Response response = authMgmtResource.addExecution(rep);
    // assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authMgmtBasePath() + "/executions"), rep);
    try {
        Assert.assertEquals("added execution", 201, response.getStatus());
    } finally {
        response.close();
    }
    List<AuthenticationExecutionInfoRepresentation> executionReps = authMgmtResource.getExecutions(flow.getAlias());
    return findExecution(providerId, executionReps);
}
Also used : Response(javax.ws.rs.core.Response) AuthenticationExecutionRepresentation(org.keycloak.representations.idm.AuthenticationExecutionRepresentation) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)

Example 3 with AuthenticationExecutionRepresentation

use of org.keycloak.representations.idm.AuthenticationExecutionRepresentation in project keycloak by keycloak.

the class DeployedScriptAuthenticatorTest method configureFlows.

public void configureFlows() throws Exception {
    deployer.deploy(SCRIPT_DEPLOYMENT_NAME);
    reconnectAdminClient();
    if (testContext.isInitialized()) {
        return;
    }
    String scriptFlow = "scriptBrowser";
    AuthenticationFlowRepresentation scriptBrowserFlow = FlowBuilder.create().alias(scriptFlow).description("dummy pass through registration").providerId("basic-flow").topLevel(true).builtIn(false).build();
    Response createFlowResponse = adminClient.realm(TEST_REALM_NAME).flows().createFlow(scriptBrowserFlow);
    Assert.assertEquals(201, createFlowResponse.getStatus());
    RealmRepresentation realm = adminClient.realm(TEST_REALM_NAME).toRepresentation();
    realm.setBrowserFlow(scriptFlow);
    realm.setDirectGrantFlow(scriptFlow);
    testRealm().update(realm);
    this.flow = findFlowByAlias(scriptFlow);
    AuthenticationExecutionRepresentation usernamePasswordFormExecution = ExecutionBuilder.create().id("username password form").parentFlow(this.flow.getId()).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.name()).authenticator(UsernamePasswordFormFactory.PROVIDER_ID).build();
    AuthenticationExecutionRepresentation authScriptExecution = ExecutionBuilder.create().id(EXECUTION_ID).parentFlow(this.flow.getId()).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.name()).authenticator("script-authenticator-a.js").build();
    Response addExecutionResponse = testRealm().flows().addExecution(usernamePasswordFormExecution);
    Assert.assertEquals(201, addExecutionResponse.getStatus());
    addExecutionResponse.close();
    addExecutionResponse = testRealm().flows().addExecution(authScriptExecution);
    Assert.assertEquals(201, addExecutionResponse.getStatus());
    addExecutionResponse.close();
    testContext.setInitialized(true);
}
Also used : Response(javax.ws.rs.core.Response) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) AuthenticationExecutionRepresentation(org.keycloak.representations.idm.AuthenticationExecutionRepresentation) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation)

Example 4 with AuthenticationExecutionRepresentation

use of org.keycloak.representations.idm.AuthenticationExecutionRepresentation in project keycloak by keycloak.

the class ExecutionTest method testAddRemoveExecution.

@Test
public void testAddRemoveExecution() {
    // try add execution to built-in flow
    HashMap<String, String> params = new HashMap<>();
    params.put("provider", "idp-review-profile");
    try {
        authMgmtResource.addExecution("browser", params);
        Assert.fail("add execution to built-in flow should fail");
    } catch (BadRequestException expected) {
    // Expected
    }
    // try add execution to not-existent flow
    try {
        authMgmtResource.addExecution("not-existent", params);
        Assert.fail("add execution to not-existent flow should fail");
    } catch (BadRequestException expected) {
    // Expected
    }
    // copy built-in flow so we get a new editable flow
    params.put("newName", "Copy-of-browser");
    Response response = authMgmtResource.copy("browser", params);
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params, ResourceType.AUTH_FLOW);
    try {
        Assert.assertEquals("Copy flow", 201, response.getStatus());
    } finally {
        response.close();
    }
    // add execution using inexistent provider
    params.put("provider", "test-execution");
    try {
        authMgmtResource.addExecution("CopyOfBrowser", params);
        Assert.fail("add execution with inexistent provider should fail");
    } catch (BadRequestException expected) {
    // Expected
    }
    // add execution - should succeed
    params.put("provider", "idp-review-profile");
    authMgmtResource.addExecution("Copy-of-browser", params);
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("Copy-of-browser"), params, ResourceType.AUTH_EXECUTION);
    // check execution was added
    List<AuthenticationExecutionInfoRepresentation> executionReps = authMgmtResource.getExecutions("Copy-of-browser");
    AuthenticationExecutionInfoRepresentation exec = findExecutionByProvider("idp-review-profile", executionReps);
    Assert.assertNotNull("idp-review-profile added", exec);
    // we'll need auth-cookie later
    AuthenticationExecutionInfoRepresentation authCookieExec = findExecutionByProvider("auth-cookie", executionReps);
    compareExecution(newExecInfo("Review Profile", "idp-review-profile", true, 0, 4, DISABLED, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED }), exec);
    // remove execution
    authMgmtResource.removeExecution(exec.getId());
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(exec.getId()), ResourceType.AUTH_EXECUTION);
    // check execution was removed
    executionReps = authMgmtResource.getExecutions("Copy-of-browser");
    exec = findExecutionByProvider("idp-review-profile", executionReps);
    Assert.assertNull("idp-review-profile removed", exec);
    // now add the execution again using a different method and representation
    // delete auth-cookie
    authMgmtResource.removeExecution(authCookieExec.getId());
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(authCookieExec.getId()), ResourceType.AUTH_EXECUTION);
    AuthenticationExecutionRepresentation rep = new AuthenticationExecutionRepresentation();
    rep.setPriority(10);
    rep.setAuthenticator("auth-cookie");
    rep.setRequirement(CONDITIONAL);
    // Should fail - missing parent flow
    response = authMgmtResource.addExecution(rep);
    try {
        Assert.assertEquals("added execution missing parent flow", 400, response.getStatus());
    } finally {
        response.close();
    }
    // Should fail - not existent parent flow
    rep.setParentFlow("not-existent-id");
    response = authMgmtResource.addExecution(rep);
    try {
        Assert.assertEquals("added execution missing parent flow", 400, response.getStatus());
    } finally {
        response.close();
    }
    // Should fail - add execution to builtin flow
    AuthenticationFlowRepresentation browserFlow = findFlowByAlias("browser", authMgmtResource.getFlows());
    rep.setParentFlow(browserFlow.getId());
    response = authMgmtResource.addExecution(rep);
    try {
        Assert.assertEquals("added execution to builtin flow", 400, response.getStatus());
    } finally {
        response.close();
    }
    // get Copy-of-browser flow id, and set it on execution
    List<AuthenticationFlowRepresentation> flows = authMgmtResource.getFlows();
    AuthenticationFlowRepresentation flow = findFlowByAlias("Copy-of-browser", flows);
    rep.setParentFlow(flow.getId());
    // add execution - should succeed
    response = authMgmtResource.addExecution(rep);
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authMgmtBasePath() + "/executions"), rep, ResourceType.AUTH_EXECUTION);
    try {
        Assert.assertEquals("added execution", 201, response.getStatus());
    } finally {
        response.close();
    }
    // check execution was added
    List<AuthenticationExecutionInfoRepresentation> executions = authMgmtResource.getExecutions("Copy-of-browser");
    exec = findExecutionByProvider("auth-cookie", executions);
    Assert.assertNotNull("auth-cookie added", exec);
    // Note: there is no checking in addExecution if requirement is one of requirementChoices
    // Thus we can have OPTIONAL which is neither ALTERNATIVE, nor DISABLED
    compareExecution(newExecInfo("Cookie", "auth-cookie", false, 0, 3, CONDITIONAL, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED }), exec);
}
Also used : Response(javax.ws.rs.core.Response) HashMap(java.util.HashMap) AuthenticationExecutionRepresentation(org.keycloak.representations.idm.AuthenticationExecutionRepresentation) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) BadRequestException(javax.ws.rs.BadRequestException) Test(org.junit.Test)

Example 5 with AuthenticationExecutionRepresentation

use of org.keycloak.representations.idm.AuthenticationExecutionRepresentation in project keycloak by keycloak.

the class CustomFlowTest method testRequiredAfterAlternative.

/**
 * KEYCLOAK-3506
 */
@Test
public void testRequiredAfterAlternative() {
    AuthenticationManagementResource authMgmtResource = testRealm().flows();
    Map<String, String> params = new HashMap();
    String flowAlias = "Browser Flow With Extra";
    params.put("newName", flowAlias);
    Response response = authMgmtResource.copy("browser", params);
    String flowId = null;
    try {
        Assert.assertThat("Copy flow", response, statusCodeIs(Response.Status.CREATED));
        AuthenticationFlowRepresentation newFlow = findFlowByAlias(flowAlias);
        flowId = newFlow.getId();
    } finally {
        response.close();
    }
    AuthenticationExecutionRepresentation execution = ExecutionBuilder.create().parentFlow(flowId).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString()).authenticator(ClickThroughAuthenticator.PROVIDER_ID).priority(10).authenticatorFlow(false).build();
    RealmRepresentation rep = testRealm().toRepresentation();
    try (Response r = testRealm().flows().addExecution(execution)) {
        rep.setBrowserFlow(flowAlias);
        testRealm().update(rep);
        rep = testRealm().toRepresentation();
        Assert.assertEquals(flowAlias, rep.getBrowserFlow());
    }
    loginPage.open();
    /* In the new flows, any required execution will render any optional flows unused.
        // test to make sure we aren't skipping anything
        loginPage.login("test-user@localhost", "bad-password");
        Assert.assertTrue(loginPage.isCurrent());
        loginPage.login("test-user@localhost", "password");*/
    Assert.assertTrue(termsPage.isCurrent());
    // Revert dummy flow
    rep.setBrowserFlow("dummy");
    testRealm().update(rep);
}
Also used : Response(javax.ws.rs.core.Response) AuthenticationManagementResource(org.keycloak.admin.client.resource.AuthenticationManagementResource) HashMap(java.util.HashMap) AuthenticationExecutionRepresentation(org.keycloak.representations.idm.AuthenticationExecutionRepresentation) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) Test(org.junit.Test)

Aggregations

AuthenticationExecutionRepresentation (org.keycloak.representations.idm.AuthenticationExecutionRepresentation)11 AuthenticationFlowRepresentation (org.keycloak.representations.idm.AuthenticationFlowRepresentation)8 Response (javax.ws.rs.core.Response)7 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)4 HashMap (java.util.HashMap)3 Before (org.junit.Before)3 Test (org.junit.Test)3 AuthenticationExecutionInfoRepresentation (org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)3 RequiredActionProviderSimpleRepresentation (org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation)2 BadRequestException (javax.ws.rs.BadRequestException)1 AuthenticationManagementResource (org.keycloak.admin.client.resource.AuthenticationManagementResource)1 RealmResource (org.keycloak.admin.client.resource.RealmResource)1 AuthenticatorConfigRepresentation (org.keycloak.representations.idm.AuthenticatorConfigRepresentation)1 RequiredActionProviderRepresentation (org.keycloak.representations.idm.RequiredActionProviderRepresentation)1 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)1