use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.
the class RepresentationToModel method importAuthenticationFlows.
public static Map<String, String> importAuthenticationFlows(RealmModel newRealm, RealmRepresentation rep) {
Map<String, String> mappedFlows = new HashMap<>();
if (rep.getAuthenticationFlows() == null) {
// assume this is an old version being imported
DefaultAuthenticationFlows.migrateFlows(newRealm);
} else {
for (AuthenticatorConfigRepresentation configRep : rep.getAuthenticatorConfig()) {
if (configRep.getAlias() == null) {
// this can happen only during import json files from keycloak 3.4.0 and older
throw new IllegalStateException("Provided realm contains authenticator config with null alias. " + "It should be resolved by adding alias to the authenticator config before exporting the realm.");
}
AuthenticatorConfigModel model = toModel(configRep);
newRealm.addAuthenticatorConfig(model);
}
for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
AuthenticationFlowModel model = toModel(flowRep);
// make sure new id is generated for new AuthenticationFlowModel instance
String previousId = model.getId();
model.setId(null);
model = newRealm.addAuthenticationFlow(model);
// store the mapped ids so that clients can reference the correct flow when importing the authenticationFlowBindingOverrides
mappedFlows.put(previousId, model.getId());
}
for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
AuthenticationFlowModel model = newRealm.getFlowByAlias(flowRep.getAlias());
for (AuthenticationExecutionExportRepresentation exeRep : flowRep.getAuthenticationExecutions()) {
AuthenticationExecutionModel execution = toModel(newRealm, model, exeRep);
newRealm.addAuthenticatorExecution(execution);
}
}
}
if (rep.getBrowserFlow() == null) {
newRealm.setBrowserFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW));
} else {
newRealm.setBrowserFlow(newRealm.getFlowByAlias(rep.getBrowserFlow()));
}
if (rep.getRegistrationFlow() == null) {
newRealm.setRegistrationFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.REGISTRATION_FLOW));
} else {
newRealm.setRegistrationFlow(newRealm.getFlowByAlias(rep.getRegistrationFlow()));
}
if (rep.getDirectGrantFlow() == null) {
newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.DIRECT_GRANT_FLOW));
} else {
newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(rep.getDirectGrantFlow()));
}
// reset credentials + client flow needs to be more defensive as they were added later (in 1.5 )
if (rep.getResetCredentialsFlow() == null) {
AuthenticationFlowModel resetFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW);
if (resetFlow == null) {
DefaultAuthenticationFlows.resetCredentialsFlow(newRealm);
} else {
newRealm.setResetCredentialsFlow(resetFlow);
}
} else {
newRealm.setResetCredentialsFlow(newRealm.getFlowByAlias(rep.getResetCredentialsFlow()));
}
if (rep.getClientAuthenticationFlow() == null) {
AuthenticationFlowModel clientFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW);
if (clientFlow == null) {
DefaultAuthenticationFlows.clientAuthFlow(newRealm);
} else {
newRealm.setClientAuthenticationFlow(clientFlow);
}
} else {
newRealm.setClientAuthenticationFlow(newRealm.getFlowByAlias(rep.getClientAuthenticationFlow()));
}
// Added in 1.7
if (newRealm.getFlowByAlias(DefaultAuthenticationFlows.FIRST_BROKER_LOGIN_FLOW) == null) {
DefaultAuthenticationFlows.firstBrokerLoginFlow(newRealm, true);
}
// Added in 2.2
String defaultProvider = null;
if (rep.getIdentityProviders() != null) {
for (IdentityProviderRepresentation i : rep.getIdentityProviders()) {
if (i.isEnabled() && i.isAuthenticateByDefault()) {
defaultProvider = i.getProviderId();
break;
}
}
}
// Added in 3.2
if (rep.getDockerAuthenticationFlow() == null) {
AuthenticationFlowModel dockerAuthenticationFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.DOCKER_AUTH);
if (dockerAuthenticationFlow == null) {
DefaultAuthenticationFlows.dockerAuthenticationFlow(newRealm);
} else {
newRealm.setDockerAuthenticationFlow(dockerAuthenticationFlow);
}
} else {
newRealm.setDockerAuthenticationFlow(newRealm.getFlowByAlias(rep.getDockerAuthenticationFlow()));
}
DefaultAuthenticationFlows.addIdentityProviderAuthenticator(newRealm, defaultProvider);
return mappedFlows;
}
use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.
the class AuthenticationManagementResource method updateFlow.
/**
* Update an authentication flow
*
* @param flow Authentication flow representation
* @return
*/
@Path("/flows/{id}")
@PUT
@NoCache
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response updateFlow(@PathParam("id") String id, AuthenticationFlowRepresentation flow) {
auth.realm().requireManageRealm();
AuthenticationFlowRepresentation existingFlow = getFlow(id);
if (flow.getAlias() == null || flow.getAlias().isEmpty()) {
return ErrorResponse.exists("Failed to update flow with empty alias name");
}
// check if updating a correct flow
AuthenticationFlowModel checkFlow = realm.getAuthenticationFlowById(id);
if (checkFlow == null) {
session.getTransactionManager().setRollbackOnly();
throw new NotFoundException("Illegal execution");
}
// if a different flow with the same name does already exist, throw an exception
if (realm.getFlowByAlias(flow.getAlias()) != null && !checkFlow.getAlias().equals(flow.getAlias())) {
return ErrorResponse.exists("Flow alias name already exists");
}
// if the name changed
if (checkFlow.getAlias() != null && !checkFlow.getAlias().equals(flow.getAlias())) {
checkFlow.setAlias(flow.getAlias());
} else if (checkFlow.getAlias() == null && flow.getAlias() != null) {
checkFlow.setAlias(flow.getAlias());
}
// check if the description changed
if (checkFlow.getDescription() != null && !checkFlow.getDescription().equals(flow.getDescription())) {
checkFlow.setDescription(flow.getDescription());
} else if (checkFlow.getDescription() == null && flow.getDescription() != null) {
checkFlow.setDescription(flow.getDescription());
}
// update the flow
flow.setId(existingFlow.getId());
realm.updateAuthenticationFlow(RepresentationToModel.toModel(flow));
adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(flow).success();
return Response.accepted(flow).build();
}
use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.
the class KcOidcFirstBrokerLoginDetectExistingUserTest method beforeBrokerTest.
@Override
@Before
public void beforeBrokerTest() {
super.beforeBrokerTest();
log.debug("creating detect existing user flow for realm " + bc.providerRealmName());
final RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
AuthenticationManagementResource authMgmtResource = consumerRealm.flows();
// Creates detectExistingUserFlow
String detectExistingFlowAlias = "detectExistingUserFlow";
final AuthenticationFlowRepresentation authenticationFlowRepresentation = newFlow(detectExistingFlowAlias, detectExistingFlowAlias, "basic-flow", true, false);
authMgmtResource.createFlow(authenticationFlowRepresentation);
AuthenticationFlowRepresentation authenticationFlowRepresentation1 = getFlow(authMgmtResource, detectExistingFlowAlias);
assertNotNull("The authentication flow must exist", authenticationFlowRepresentation1);
// retrieves the id of the newly created flow
String flowId = authenticationFlowRepresentation1.getId();
// Adds executions to the flow
addExecution(authMgmtResource, flowId, IdpDetectExistingBrokerUserAuthenticatorFactory.PROVIDER_ID, 10);
addExecution(authMgmtResource, flowId, IdpAutoLinkAuthenticatorFactory.PROVIDER_ID, 20);
// Updates the FirstBrokerLoginFlowAlias for the identity provider
IdentityProviderResource identityConsumerResource = consumerRealm.identityProviders().get(bc.getIDPAlias());
IdentityProviderRepresentation identityProviderRepresentation = consumerRealm.identityProviders().findAll().get(0);
identityProviderRepresentation.setFirstBrokerLoginFlowAlias(detectExistingFlowAlias);
identityProviderRepresentation.getConfig().put(IdentityProviderModel.SYNC_MODE, IdentityProviderSyncMode.FORCE.toString());
identityConsumerResource.update(identityProviderRepresentation);
assertEquals("Two executions must have been created", 2, getFlow(authMgmtResource, detectExistingFlowAlias).getAuthenticationExecutions().size());
}
use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.
the class KerberosLdapTest method testClientOverrideFlowUsingBrowserHttpChallenge.
@Test
public void testClientOverrideFlowUsingBrowserHttpChallenge() throws Exception {
List<AuthenticationExecutionInfoRepresentation> executions = testRealmResource().flows().getExecutions("http challenge");
for (AuthenticationExecutionInfoRepresentation execution : executions) {
if ("basic-auth".equals(execution.getProviderId())) {
execution.setRequirement("ALTERNATIVE");
testRealmResource().flows().updateExecutions("http challenge", execution);
}
if ("auth-spnego".equals(execution.getProviderId())) {
execution.setRequirement("ALTERNATIVE");
testRealmResource().flows().updateExecutions("http challenge", execution);
}
}
Map<String, String> flows = new HashMap<>();
AuthenticationFlowRepresentation flow = testRealmResource().flows().getFlows().stream().filter(flowRep -> flowRep.getAlias().equalsIgnoreCase("http challenge")).findAny().get();
flows.put(AuthenticationFlowBindings.BROWSER_BINDING, flow.getId());
ClientRepresentation client = testRealmResource().clients().findByClientId("kerberos-app-challenge").get(0);
client.setAuthenticationFlowBindingOverrides(flows);
testRealmResource().clients().get(client.getId()).update(client);
assertSuccessfulSpnegoLogin(client.getClientId(), "hnelson", "hnelson", "secret");
}
use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.
the class AbstractAuthenticationTest method newFlow.
AuthenticationFlowRepresentation newFlow(String alias, String description, String providerId, boolean topLevel, boolean builtIn) {
AuthenticationFlowRepresentation flow = new AuthenticationFlowRepresentation();
flow.setAlias(alias);
flow.setDescription(description);
flow.setProviderId(providerId);
flow.setTopLevel(topLevel);
flow.setBuiltIn(builtIn);
return flow;
}
Aggregations