Examples with AuthenticationFlowRepresentation org.keycloak.representations.idm.AuthenticationFlowRepresentation used on opensource projects

Example 16 with AuthenticationFlowRepresentation

use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.

the class DeployedScriptAuthenticatorTest method configureFlows.

public void configureFlows() throws Exception {
    deployer.deploy(SCRIPT_DEPLOYMENT_NAME);
    reconnectAdminClient();
    if (testContext.isInitialized()) {
        return;
    }
    String scriptFlow = "scriptBrowser";
    AuthenticationFlowRepresentation scriptBrowserFlow = FlowBuilder.create().alias(scriptFlow).description("dummy pass through registration").providerId("basic-flow").topLevel(true).builtIn(false).build();
    Response createFlowResponse = adminClient.realm(TEST_REALM_NAME).flows().createFlow(scriptBrowserFlow);
    Assert.assertEquals(201, createFlowResponse.getStatus());
    RealmRepresentation realm = adminClient.realm(TEST_REALM_NAME).toRepresentation();
    realm.setBrowserFlow(scriptFlow);
    realm.setDirectGrantFlow(scriptFlow);
    testRealm().update(realm);
    this.flow = findFlowByAlias(scriptFlow);
    AuthenticationExecutionRepresentation usernamePasswordFormExecution = ExecutionBuilder.create().id("username password form").parentFlow(this.flow.getId()).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.name()).authenticator(UsernamePasswordFormFactory.PROVIDER_ID).build();
    AuthenticationExecutionRepresentation authScriptExecution = ExecutionBuilder.create().id(EXECUTION_ID).parentFlow(this.flow.getId()).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.name()).authenticator("script-authenticator-a.js").build();
    Response addExecutionResponse = testRealm().flows().addExecution(usernamePasswordFormExecution);
    Assert.assertEquals(201, addExecutionResponse.getStatus());
    addExecutionResponse.close();
    addExecutionResponse = testRealm().flows().addExecution(authScriptExecution);
    Assert.assertEquals(201, addExecutionResponse.getStatus());
    addExecutionResponse.close();
    testContext.setInitialized(true);
}

Example 17 with AuthenticationFlowRepresentation

use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.

the class ExecutionTest method testAddRemoveExecution.

@Test
public void testAddRemoveExecution() {
    // try add execution to built-in flow
    HashMap<String, String> params = new HashMap<>();
    params.put("provider", "idp-review-profile");
    try {
        authMgmtResource.addExecution("browser", params);
        Assert.fail("add execution to built-in flow should fail");
    } catch (BadRequestException expected) {
    // Expected
    }
    // try add execution to not-existent flow
    try {
        authMgmtResource.addExecution("not-existent", params);
        Assert.fail("add execution to not-existent flow should fail");
    } catch (BadRequestException expected) {
    // Expected
    }
    // copy built-in flow so we get a new editable flow
    params.put("newName", "Copy-of-browser");
    Response response = authMgmtResource.copy("browser", params);
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params, ResourceType.AUTH_FLOW);
    try {
        Assert.assertEquals("Copy flow", 201, response.getStatus());
    } finally {
        response.close();
    }
    // add execution using inexistent provider
    params.put("provider", "test-execution");
    try {
        authMgmtResource.addExecution("CopyOfBrowser", params);
        Assert.fail("add execution with inexistent provider should fail");
    } catch (BadRequestException expected) {
    // Expected
    }
    // add execution - should succeed
    params.put("provider", "idp-review-profile");
    authMgmtResource.addExecution("Copy-of-browser", params);
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("Copy-of-browser"), params, ResourceType.AUTH_EXECUTION);
    // check execution was added
    List<AuthenticationExecutionInfoRepresentation> executionReps = authMgmtResource.getExecutions("Copy-of-browser");
    AuthenticationExecutionInfoRepresentation exec = findExecutionByProvider("idp-review-profile", executionReps);
    Assert.assertNotNull("idp-review-profile added", exec);
    // we'll need auth-cookie later
    AuthenticationExecutionInfoRepresentation authCookieExec = findExecutionByProvider("auth-cookie", executionReps);
    compareExecution(newExecInfo("Review Profile", "idp-review-profile", true, 0, 4, DISABLED, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED }), exec);
    // remove execution
    authMgmtResource.removeExecution(exec.getId());
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(exec.getId()), ResourceType.AUTH_EXECUTION);
    // check execution was removed
    executionReps = authMgmtResource.getExecutions("Copy-of-browser");
    exec = findExecutionByProvider("idp-review-profile", executionReps);
    Assert.assertNull("idp-review-profile removed", exec);
    // now add the execution again using a different method and representation
    // delete auth-cookie
    authMgmtResource.removeExecution(authCookieExec.getId());
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(authCookieExec.getId()), ResourceType.AUTH_EXECUTION);
    AuthenticationExecutionRepresentation rep = new AuthenticationExecutionRepresentation();
    rep.setPriority(10);
    rep.setAuthenticator("auth-cookie");
    rep.setRequirement(CONDITIONAL);
    // Should fail - missing parent flow
    response = authMgmtResource.addExecution(rep);
    try {
        Assert.assertEquals("added execution missing parent flow", 400, response.getStatus());
    } finally {
        response.close();
    }
    // Should fail - not existent parent flow
    rep.setParentFlow("not-existent-id");
    response = authMgmtResource.addExecution(rep);
    try {
        Assert.assertEquals("added execution missing parent flow", 400, response.getStatus());
    } finally {
        response.close();
    }
    // Should fail - add execution to builtin flow
    AuthenticationFlowRepresentation browserFlow = findFlowByAlias("browser", authMgmtResource.getFlows());
    rep.setParentFlow(browserFlow.getId());
    response = authMgmtResource.addExecution(rep);
    try {
        Assert.assertEquals("added execution to builtin flow", 400, response.getStatus());
    } finally {
        response.close();
    }
    // get Copy-of-browser flow id, and set it on execution
    List<AuthenticationFlowRepresentation> flows = authMgmtResource.getFlows();
    AuthenticationFlowRepresentation flow = findFlowByAlias("Copy-of-browser", flows);
    rep.setParentFlow(flow.getId());
    // add execution - should succeed
    response = authMgmtResource.addExecution(rep);
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AssertAdminEvents.isExpectedPrefixFollowedByUuid(AdminEventPaths.authMgmtBasePath() + "/executions"), rep, ResourceType.AUTH_EXECUTION);
    try {
        Assert.assertEquals("added execution", 201, response.getStatus());
    } finally {
        response.close();
    }
    // check execution was added
    List<AuthenticationExecutionInfoRepresentation> executions = authMgmtResource.getExecutions("Copy-of-browser");
    exec = findExecutionByProvider("auth-cookie", executions);
    Assert.assertNotNull("auth-cookie added", exec);
    // Note: there is no checking in addExecution if requirement is one of requirementChoices
    // Thus we can have OPTIONAL which is neither ALTERNATIVE, nor DISABLED
    compareExecution(newExecInfo("Cookie", "auth-cookie", false, 0, 3, CONDITIONAL, null, new String[] { REQUIRED, ALTERNATIVE, DISABLED }), exec);
}

Example 18 with AuthenticationFlowRepresentation

use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.

the class ExecutionTest method testRequirementsInExecution.

@Test
@EnableFeature(value = Profile.Feature.WEB_AUTHN, skipRestart = true, onlyForProduct = true)
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testRequirementsInExecution() {
    HashMap<String, String> params = new HashMap<>();
    String newBrowserFlow = "new-exec-flow";
    params.put("newName", newBrowserFlow);
    try (Response response = authMgmtResource.copy("browser", params)) {
        assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params, ResourceType.AUTH_FLOW);
        Assert.assertEquals("Copy flow", 201, response.getStatus());
    }
    addExecutionCheckReq(newBrowserFlow, UsernameFormFactory.PROVIDER_ID, params, REQUIRED);
    addExecutionCheckReq(newBrowserFlow, WebAuthnAuthenticatorFactory.PROVIDER_ID, params, DISABLED);
    addExecutionCheckReq(newBrowserFlow, NoCookieFlowRedirectAuthenticatorFactory.PROVIDER_ID, params, REQUIRED);
    AuthenticationFlowRepresentation rep = findFlowByAlias(newBrowserFlow, authMgmtResource.getFlows());
    Assert.assertNotNull(rep);
    authMgmtResource.deleteFlow(rep.getId());
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authFlowPath(rep.getId()), ResourceType.AUTH_FLOW);
}

Example 19 with AuthenticationFlowRepresentation

use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.

the class ExecutionTest method testClientFlowExecutions.

@Test
public void testClientFlowExecutions() {
    // Create client flow
    AuthenticationFlowRepresentation clientFlow = newFlow("new-client-flow", "desc", AuthenticationFlow.CLIENT_FLOW, true, false);
    createFlow(clientFlow);
    // Add execution to it
    Map<String, String> executionData = new HashMap<>();
    executionData.put("provider", ClientIdAndSecretAuthenticator.PROVIDER_ID);
    authMgmtResource.addExecution("new-client-flow", executionData);
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("new-client-flow"), executionData, ResourceType.AUTH_EXECUTION);
    // Check executions of not-existent flow - SHOULD FAIL
    try {
        authMgmtResource.getExecutions("not-existent");
        Assert.fail("Not expected to find executions");
    } catch (NotFoundException nfe) {
    // Expected
    }
    // Check existent executions
    List<AuthenticationExecutionInfoRepresentation> executions = authMgmtResource.getExecutions("new-client-flow");
    AuthenticationExecutionInfoRepresentation executionRep = findExecutionByProvider(ClientIdAndSecretAuthenticator.PROVIDER_ID, executions);
    Assert.assertNotNull(executionRep);
    // Update execution with not-existent flow - SHOULD FAIL
    try {
        authMgmtResource.updateExecutions("not-existent", executionRep);
        Assert.fail("Not expected to update execution with not-existent flow");
    } catch (NotFoundException nfe) {
    // Expected
    }
    // Update execution with not-existent ID - SHOULD FAIL
    AuthenticationExecutionInfoRepresentation executionRep2 = new AuthenticationExecutionInfoRepresentation();
    executionRep2.setId("not-existent");
    try {
        authMgmtResource.updateExecutions("new-client-flow", executionRep2);
        Assert.fail("Not expected to update not-existent execution");
    } catch (NotFoundException nfe) {
    // Expected
    }
    // Update success
    executionRep.setRequirement(ALTERNATIVE);
    authMgmtResource.updateExecutions("new-client-flow", executionRep);
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("new-client-flow"), executionRep, ResourceType.AUTH_EXECUTION);
    // Check updated
    executionRep = findExecutionByProvider(ClientIdAndSecretAuthenticator.PROVIDER_ID, authMgmtResource.getExecutions("new-client-flow"));
    Assert.assertEquals(ALTERNATIVE, executionRep.getRequirement());
    // Remove execution with not-existent ID
    try {
        authMgmtResource.removeExecution("not-existent");
        Assert.fail("Didn't expect to find execution");
    } catch (NotFoundException nfe) {
    // Expected
    }
    // Successfuly remove execution and flow
    authMgmtResource.removeExecution(executionRep.getId());
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionPath(executionRep.getId()), ResourceType.AUTH_EXECUTION);
    AuthenticationFlowRepresentation rep = findFlowByAlias("new-client-flow", authMgmtResource.getFlows());
    authMgmtResource.deleteFlow(rep.getId());
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authFlowPath(rep.getId()), ResourceType.AUTH_FLOW);
}

Example 20 with AuthenticationFlowRepresentation

use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.

the class InitialFlowsTest method testInitialFlows.

@Test
public void testInitialFlows() {
    List<FlowExecutions> result = new LinkedList<>();
    // get all flows
    List<AuthenticationFlowRepresentation> flows = authMgmtResource.getFlows();
    for (AuthenticationFlowRepresentation flow : flows) {
        // get all executions for flow
        List<AuthenticationExecutionInfoRepresentation> executionReps = authMgmtResource.getExecutions(flow.getAlias());
        for (AuthenticationExecutionInfoRepresentation exec : executionReps) {
            // separately load referenced configurations
            String configId = exec.getAuthenticationConfig();
            if (configId != null && !configs.containsKey(configId)) {
                configs.put(configId, authMgmtResource.getAuthenticatorConfig(configId));
            }
        }
        result.add(new FlowExecutions(flow, executionReps));
    }
    // make sure received flows and their details are as expected
    compare(expectedFlows(), orderAlphabetically(result));
}