Search in sources :

Example 1 with AuthenticationFlowRepresentation

use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.

the class RepresentationToModel method importAuthenticationFlows.

public static Map<String, String> importAuthenticationFlows(RealmModel newRealm, RealmRepresentation rep) {
    Map<String, String> mappedFlows = new HashMap<>();
    if (rep.getAuthenticationFlows() == null) {
        // assume this is an old version being imported
        DefaultAuthenticationFlows.migrateFlows(newRealm);
    } else {
        for (AuthenticatorConfigRepresentation configRep : rep.getAuthenticatorConfig()) {
            if (configRep.getAlias() == null) {
                // this can happen only during import json files from keycloak 3.4.0 and older
                throw new IllegalStateException("Provided realm contains authenticator config with null alias. " + "It should be resolved by adding alias to the authenticator config before exporting the realm.");
            }
            AuthenticatorConfigModel model = toModel(configRep);
            newRealm.addAuthenticatorConfig(model);
        }
        for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
            AuthenticationFlowModel model = toModel(flowRep);
            // make sure new id is generated for new AuthenticationFlowModel instance
            String previousId = model.getId();
            model.setId(null);
            model = newRealm.addAuthenticationFlow(model);
            // store the mapped ids so that clients can reference the correct flow when importing the authenticationFlowBindingOverrides
            mappedFlows.put(previousId, model.getId());
        }
        for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
            AuthenticationFlowModel model = newRealm.getFlowByAlias(flowRep.getAlias());
            for (AuthenticationExecutionExportRepresentation exeRep : flowRep.getAuthenticationExecutions()) {
                AuthenticationExecutionModel execution = toModel(newRealm, model, exeRep);
                newRealm.addAuthenticatorExecution(execution);
            }
        }
    }
    if (rep.getBrowserFlow() == null) {
        newRealm.setBrowserFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW));
    } else {
        newRealm.setBrowserFlow(newRealm.getFlowByAlias(rep.getBrowserFlow()));
    }
    if (rep.getRegistrationFlow() == null) {
        newRealm.setRegistrationFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.REGISTRATION_FLOW));
    } else {
        newRealm.setRegistrationFlow(newRealm.getFlowByAlias(rep.getRegistrationFlow()));
    }
    if (rep.getDirectGrantFlow() == null) {
        newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.DIRECT_GRANT_FLOW));
    } else {
        newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(rep.getDirectGrantFlow()));
    }
    // reset credentials + client flow needs to be more defensive as they were added later (in 1.5 )
    if (rep.getResetCredentialsFlow() == null) {
        AuthenticationFlowModel resetFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW);
        if (resetFlow == null) {
            DefaultAuthenticationFlows.resetCredentialsFlow(newRealm);
        } else {
            newRealm.setResetCredentialsFlow(resetFlow);
        }
    } else {
        newRealm.setResetCredentialsFlow(newRealm.getFlowByAlias(rep.getResetCredentialsFlow()));
    }
    if (rep.getClientAuthenticationFlow() == null) {
        AuthenticationFlowModel clientFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW);
        if (clientFlow == null) {
            DefaultAuthenticationFlows.clientAuthFlow(newRealm);
        } else {
            newRealm.setClientAuthenticationFlow(clientFlow);
        }
    } else {
        newRealm.setClientAuthenticationFlow(newRealm.getFlowByAlias(rep.getClientAuthenticationFlow()));
    }
    // Added in 1.7
    if (newRealm.getFlowByAlias(DefaultAuthenticationFlows.FIRST_BROKER_LOGIN_FLOW) == null) {
        DefaultAuthenticationFlows.firstBrokerLoginFlow(newRealm, true);
    }
    // Added in 2.2
    String defaultProvider = null;
    if (rep.getIdentityProviders() != null) {
        for (IdentityProviderRepresentation i : rep.getIdentityProviders()) {
            if (i.isEnabled() && i.isAuthenticateByDefault()) {
                defaultProvider = i.getProviderId();
                break;
            }
        }
    }
    // Added in 3.2
    if (rep.getDockerAuthenticationFlow() == null) {
        AuthenticationFlowModel dockerAuthenticationFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.DOCKER_AUTH);
        if (dockerAuthenticationFlow == null) {
            DefaultAuthenticationFlows.dockerAuthenticationFlow(newRealm);
        } else {
            newRealm.setDockerAuthenticationFlow(dockerAuthenticationFlow);
        }
    } else {
        newRealm.setDockerAuthenticationFlow(newRealm.getFlowByAlias(rep.getDockerAuthenticationFlow()));
    }
    DefaultAuthenticationFlows.addIdentityProviderAuthenticator(newRealm, defaultProvider);
    return mappedFlows;
}
Also used : MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) HashMap(java.util.HashMap) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel) ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString) AuthenticationExecutionExportRepresentation(org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation)

Example 2 with AuthenticationFlowRepresentation

use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.

the class AuthenticationManagementResource method updateFlow.

/**
 * Update an authentication flow
 *
 * @param flow Authentication flow representation
 * @return
 */
@Path("/flows/{id}")
@PUT
@NoCache
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response updateFlow(@PathParam("id") String id, AuthenticationFlowRepresentation flow) {
    auth.realm().requireManageRealm();
    AuthenticationFlowRepresentation existingFlow = getFlow(id);
    if (flow.getAlias() == null || flow.getAlias().isEmpty()) {
        return ErrorResponse.exists("Failed to update flow with empty alias name");
    }
    // check if updating a correct flow
    AuthenticationFlowModel checkFlow = realm.getAuthenticationFlowById(id);
    if (checkFlow == null) {
        session.getTransactionManager().setRollbackOnly();
        throw new NotFoundException("Illegal execution");
    }
    // if a different flow with the same name does already exist, throw an exception
    if (realm.getFlowByAlias(flow.getAlias()) != null && !checkFlow.getAlias().equals(flow.getAlias())) {
        return ErrorResponse.exists("Flow alias name already exists");
    }
    // if the name changed
    if (checkFlow.getAlias() != null && !checkFlow.getAlias().equals(flow.getAlias())) {
        checkFlow.setAlias(flow.getAlias());
    } else if (checkFlow.getAlias() == null && flow.getAlias() != null) {
        checkFlow.setAlias(flow.getAlias());
    }
    // check if the description changed
    if (checkFlow.getDescription() != null && !checkFlow.getDescription().equals(flow.getDescription())) {
        checkFlow.setDescription(flow.getDescription());
    } else if (checkFlow.getDescription() == null && flow.getDescription() != null) {
        checkFlow.setDescription(flow.getDescription());
    }
    // update the flow
    flow.setId(existingFlow.getId());
    realm.updateAuthenticationFlow(RepresentationToModel.toModel(flow));
    adminEvent.operation(OperationType.UPDATE).resourcePath(session.getContext().getUri()).representation(flow).success();
    return Response.accepted(flow).build();
}
Also used : AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) NotFoundException(javax.ws.rs.NotFoundException) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) NoCache(org.jboss.resteasy.annotations.cache.NoCache) PUT(javax.ws.rs.PUT)

Example 3 with AuthenticationFlowRepresentation

use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.

the class KcOidcFirstBrokerLoginDetectExistingUserTest method beforeBrokerTest.

@Override
@Before
public void beforeBrokerTest() {
    super.beforeBrokerTest();
    log.debug("creating detect existing user flow for realm " + bc.providerRealmName());
    final RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
    AuthenticationManagementResource authMgmtResource = consumerRealm.flows();
    // Creates detectExistingUserFlow
    String detectExistingFlowAlias = "detectExistingUserFlow";
    final AuthenticationFlowRepresentation authenticationFlowRepresentation = newFlow(detectExistingFlowAlias, detectExistingFlowAlias, "basic-flow", true, false);
    authMgmtResource.createFlow(authenticationFlowRepresentation);
    AuthenticationFlowRepresentation authenticationFlowRepresentation1 = getFlow(authMgmtResource, detectExistingFlowAlias);
    assertNotNull("The authentication flow must exist", authenticationFlowRepresentation1);
    // retrieves the id of the newly created flow
    String flowId = authenticationFlowRepresentation1.getId();
    // Adds executions to the flow
    addExecution(authMgmtResource, flowId, IdpDetectExistingBrokerUserAuthenticatorFactory.PROVIDER_ID, 10);
    addExecution(authMgmtResource, flowId, IdpAutoLinkAuthenticatorFactory.PROVIDER_ID, 20);
    // Updates the FirstBrokerLoginFlowAlias for the identity provider
    IdentityProviderResource identityConsumerResource = consumerRealm.identityProviders().get(bc.getIDPAlias());
    IdentityProviderRepresentation identityProviderRepresentation = consumerRealm.identityProviders().findAll().get(0);
    identityProviderRepresentation.setFirstBrokerLoginFlowAlias(detectExistingFlowAlias);
    identityProviderRepresentation.getConfig().put(IdentityProviderModel.SYNC_MODE, IdentityProviderSyncMode.FORCE.toString());
    identityConsumerResource.update(identityProviderRepresentation);
    assertEquals("Two executions must have been created", 2, getFlow(authMgmtResource, detectExistingFlowAlias).getAuthenticationExecutions().size());
}
Also used : IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource) AuthenticationManagementResource(org.keycloak.admin.client.resource.AuthenticationManagementResource) RealmResource(org.keycloak.admin.client.resource.RealmResource) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) Before(org.junit.Before)

Example 4 with AuthenticationFlowRepresentation

use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.

the class KerberosLdapTest method testClientOverrideFlowUsingBrowserHttpChallenge.

@Test
public void testClientOverrideFlowUsingBrowserHttpChallenge() throws Exception {
    List<AuthenticationExecutionInfoRepresentation> executions = testRealmResource().flows().getExecutions("http challenge");
    for (AuthenticationExecutionInfoRepresentation execution : executions) {
        if ("basic-auth".equals(execution.getProviderId())) {
            execution.setRequirement("ALTERNATIVE");
            testRealmResource().flows().updateExecutions("http challenge", execution);
        }
        if ("auth-spnego".equals(execution.getProviderId())) {
            execution.setRequirement("ALTERNATIVE");
            testRealmResource().flows().updateExecutions("http challenge", execution);
        }
    }
    Map<String, String> flows = new HashMap<>();
    AuthenticationFlowRepresentation flow = testRealmResource().flows().getFlows().stream().filter(flowRep -> flowRep.getAlias().equalsIgnoreCase("http challenge")).findAny().get();
    flows.put(AuthenticationFlowBindings.BROWSER_BINDING, flow.getId());
    ClientRepresentation client = testRealmResource().clients().findByClientId("kerberos-app-challenge").get(0);
    client.setAuthenticationFlowBindingOverrides(flows);
    testRealmResource().clients().get(client.getId()).update(client);
    assertSuccessfulSpnegoLogin(client.getClientId(), "hnelson", "hnelson", "secret");
}
Also used : HashMap(java.util.HashMap) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 5 with AuthenticationFlowRepresentation

use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.

the class AbstractAuthenticationTest method newFlow.

AuthenticationFlowRepresentation newFlow(String alias, String description, String providerId, boolean topLevel, boolean builtIn) {
    AuthenticationFlowRepresentation flow = new AuthenticationFlowRepresentation();
    flow.setAlias(alias);
    flow.setDescription(description);
    flow.setProviderId(providerId);
    flow.setTopLevel(topLevel);
    flow.setBuiltIn(builtIn);
    return flow;
}
Also used : AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation)

Aggregations

AuthenticationFlowRepresentation (org.keycloak.representations.idm.AuthenticationFlowRepresentation)42 Test (org.junit.Test)17 HashMap (java.util.HashMap)15 Response (javax.ws.rs.core.Response)14 AuthenticationExecutionInfoRepresentation (org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)10 AuthenticationExecutionRepresentation (org.keycloak.representations.idm.AuthenticationExecutionRepresentation)8 Before (org.junit.Before)7 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)7 BadRequestException (javax.ws.rs.BadRequestException)5 NotFoundException (javax.ws.rs.NotFoundException)5 RealmResource (org.keycloak.admin.client.resource.RealmResource)5 ClientErrorException (javax.ws.rs.ClientErrorException)4 Matchers.containsString (org.hamcrest.Matchers.containsString)4 AuthenticationExecutionExportRepresentation (org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation)4 AuthenticatorConfigRepresentation (org.keycloak.representations.idm.AuthenticatorConfigRepresentation)4 IdentityProviderRepresentation (org.keycloak.representations.idm.IdentityProviderRepresentation)4 LinkedList (java.util.LinkedList)3 InternalServerErrorException (javax.ws.rs.InternalServerErrorException)3 AuthenticationManagementResource (org.keycloak.admin.client.resource.AuthenticationManagementResource)3 IdentityProviderResource (org.keycloak.admin.client.resource.IdentityProviderResource)2