Example 31 with AuthenticationFlowRepresentation
use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.
the class AbstractWebAuthnVirtualTest method switchExecutionInBrowserFormToPasswordless.
// Switch WebAuthn authenticator with Passwordless authenticator in browser flow
protected void switchExecutionInBrowserFormToPasswordless(RealmRepresentation realm) {
List<AuthenticationFlowRepresentation> flows = realm.getAuthenticationFlows();
assertThat(flows, notNullValue());
AuthenticationFlowRepresentation browserForm = flows.stream().filter(f -> f.getAlias().equals("browser-webauthn-forms")).findFirst().orElse(null);
assertThat("Cannot find 'browser-webauthn-forms' flow", browserForm, notNullValue());
flows.removeIf(f -> f.getAlias().equals(browserForm.getAlias()));
List<AuthenticationExecutionExportRepresentation> browserFormExecutions = browserForm.getAuthenticationExecutions();
assertThat("Flow 'browser-webauthn-forms' doesn't have any executions", browserForm, notNullValue());
AuthenticationExecutionExportRepresentation webAuthn = browserFormExecutions.stream().filter(f -> WebAuthnAuthenticatorFactory.PROVIDER_ID.equals(f.getAuthenticator())).findFirst().orElse(null);
assertThat("Cannot find WebAuthn execution in Browser flow", webAuthn, notNullValue());
browserFormExecutions.removeIf(f -> webAuthn.getAuthenticator().equals(f.getAuthenticator()));
webAuthn.setAuthenticator(WebAuthnPasswordlessAuthenticatorFactory.PROVIDER_ID);
browserFormExecutions.add(webAuthn);
browserForm.setAuthenticationExecutions(browserFormExecutions);
flows.add(browserForm);
realm.setAuthenticationFlows(flows);
}
Also used :
AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation)
AuthenticationExecutionExportRepresentation(org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation)
Example 32 with AuthenticationFlowRepresentation
use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.
the class CustomAuthFlowOTPTest method setConditionalOTPForm.
private void setConditionalOTPForm(Map<String, String> config) {
List<AuthenticationFlowRepresentation> authFlows = getAuthMgmtResource().getFlows();
for (AuthenticationFlowRepresentation flow : authFlows) {
if ("ConditionalOTPFlow".equals(flow.getAlias())) {
// update realm browser flow
RealmRepresentation realm = testRealmResource().toRepresentation();
realm.setBrowserFlow(DefaultAuthenticationFlows.BROWSER_FLOW);
testRealmResource().update(realm);
getAuthMgmtResource().deleteFlow(flow.getId());
break;
}
}
String flowAlias = "ConditionalOTPFlow";
String provider = "auth-conditional-otp-form";
// create flow
AuthenticationFlowRepresentation flow = new AuthenticationFlowRepresentation();
flow.setAlias(flowAlias);
flow.setDescription("");
flow.setProviderId("basic-flow");
flow.setTopLevel(true);
flow.setBuiltIn(false);
Response response = getAuthMgmtResource().createFlow(flow);
assertEquals(flowAlias + " create success", 201, response.getStatus());
response.close();
// add execution - username-password form
Map<String, String> data = new HashMap<>();
data.put("provider", "auth-username-password-form");
getAuthMgmtResource().addExecution(flowAlias, data);
// set username-password requirement to required
updateRequirement(flowAlias, "auth-username-password-form", Requirement.REQUIRED);
// add execution - conditional OTP
data.clear();
data.put("provider", provider);
getAuthMgmtResource().addExecution(flowAlias, data);
// set Conditional OTP requirement to required
updateRequirement(flowAlias, provider, Requirement.REQUIRED);
// update realm browser flow
RealmRepresentation realm = testRealmResource().toRepresentation();
realm.setBrowserFlow(flowAlias);
testRealmResource().update(realm);
// get executionId
String executionId = getExecution(flowAlias, provider).getId();
// prepare auth config
AuthenticatorConfigRepresentation authConfig = new AuthenticatorConfigRepresentation();
authConfig.setAlias("Config alias");
authConfig.setConfig(config);
// add auth config to the execution
response = getAuthMgmtResource().newExecutionConfig(executionId, authConfig);
assertEquals("new execution success", 201, response.getStatus());
getCleanup().addAuthenticationConfigId(ApiUtil.getCreatedId(response));
response.close();
}
Also used :
Response(javax.ws.rs.core.Response)
HashMap(java.util.HashMap)
RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation)
AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation)
AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation)
Example 33 with AuthenticationFlowRepresentation
use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.
the class PermissionsTest method flows.
@Test
public void flows() throws Exception {
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().getFormProviders();
}
}, Resource.REALM, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().getAuthenticatorProviders();
}
}, Resource.REALM, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().getClientAuthenticatorProviders();
}
}, Resource.REALM, false, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().getFormActionProviders();
}
}, Resource.REALM, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().getFlows();
}
}, Resource.REALM, false, true);
invoke(new InvocationWithResponse() {
public void invoke(RealmResource realm, AtomicReference<Response> response) {
response.set(realm.flows().createFlow(new AuthenticationFlowRepresentation()));
}
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().getFlow("nosuch");
}
}, Resource.REALM, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().deleteFlow("nosuch");
}
}, Resource.REALM, true);
invoke(new InvocationWithResponse() {
public void invoke(RealmResource realm, AtomicReference<Response> response) {
response.set(realm.flows().copy("nosuch", Collections.<String, String>emptyMap()));
}
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().addExecutionFlow("nosuch", Collections.<String, String>emptyMap());
}
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().addExecution("nosuch", Collections.<String, String>emptyMap());
}
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().getExecutions("nosuch");
}
}, Resource.REALM, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().updateExecutions("nosuch", new AuthenticationExecutionInfoRepresentation());
}
}, Resource.REALM, true);
invoke(new InvocationWithResponse() {
public void invoke(RealmResource realm, AtomicReference<Response> response) {
AuthenticationExecutionRepresentation rep = new AuthenticationExecutionRepresentation();
rep.setAuthenticator("auth-cookie");
rep.setRequirement("CONDITIONAL");
response.set(realm.flows().addExecution(rep));
}
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().raisePriority("nosuch");
}
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().lowerPriority("nosuch");
}
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().removeExecution("nosuch");
}
}, Resource.REALM, true);
invoke(new InvocationWithResponse() {
public void invoke(RealmResource realm, AtomicReference<Response> response) {
response.set(realm.flows().newExecutionConfig("nosuch", new AuthenticatorConfigRepresentation()));
}
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().getAuthenticatorConfig("nosuch");
}
}, Resource.REALM, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().getUnregisteredRequiredActions();
}
}, Resource.REALM, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().registerRequiredAction(new RequiredActionProviderSimpleRepresentation());
}
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().getRequiredActions();
}
}, Resource.REALM, false, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().getRequiredAction("nosuch");
}
}, Resource.REALM, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().removeRequiredAction("nosuch");
}
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().updateRequiredAction("nosuch", new RequiredActionProviderRepresentation());
}
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().getAuthenticatorConfigDescription("nosuch");
}
}, Resource.REALM, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().getPerClientConfigDescription();
}
}, Resource.REALM, false, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().getAuthenticatorConfig("nosuch");
}
}, Resource.REALM, false);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().removeAuthenticatorConfig("nosuch");
}
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
realm.flows().updateAuthenticatorConfig("nosuch", new AuthenticatorConfigRepresentation());
}
}, Resource.REALM, true);
invoke(new Invocation() {
public void invoke(RealmResource realm) {
clients.get(AdminRoles.VIEW_REALM).realm(REALM_NAME).flows().getPerClientConfigDescription();
clients.get(AdminRoles.VIEW_REALM).realm(REALM_NAME).flows().getClientAuthenticatorProviders();
clients.get(AdminRoles.VIEW_REALM).realm(REALM_NAME).flows().getRequiredActions();
}
}, adminClient, true);
// Re-create realm
adminClient.realm(REALM_NAME).remove();
recreatePermissionRealm();
}
Also used :
Response(javax.ws.rs.core.Response)
RequiredActionProviderRepresentation(org.keycloak.representations.idm.RequiredActionProviderRepresentation)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
AuthenticationExecutionRepresentation(org.keycloak.representations.idm.AuthenticationExecutionRepresentation)
AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation)
AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)
RequiredActionProviderSimpleRepresentation(org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation)
AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Test(org.junit.Test)
Example 34 with AuthenticationFlowRepresentation
use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.
the class FlowTest method failWithLongDescription.
@Test
public void failWithLongDescription() {
ContainerAssume.assumeAuthServerQuarkus();
AuthenticationFlowRepresentation rep = authMgmtResource.getFlows().stream().filter(new Predicate<AuthenticationFlowRepresentation>() {
@Override
public boolean test(AuthenticationFlowRepresentation rep) {
return "docker auth".equals(rep.getAlias());
}
}).findAny().orElse(null);
assertNotNull(rep);
StringBuilder name = new StringBuilder();
while (name.length() < 300) {
name.append("invalid");
}
rep.setDescription(name.toString());
try {
authMgmtResource.updateFlow(rep.getId(), rep);
} catch (InternalServerErrorException isee) {
try (Response response = isee.getResponse()) {
assertEquals(500, response.getStatus());
assertEquals(0, response.getLength());
assertEquals(0, ByteArrayInputStream.class.cast(response.getEntity()).available());
}
} catch (Exception e) {
fail("Unexpected exception");
}
}
Also used :
Response(javax.ws.rs.core.Response)
ByteArrayInputStream(java.io.ByteArrayInputStream)
AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation)
InternalServerErrorException(javax.ws.rs.InternalServerErrorException)
ClientErrorException(javax.ws.rs.ClientErrorException)
BadRequestException(javax.ws.rs.BadRequestException)
InternalServerErrorException(javax.ws.rs.InternalServerErrorException)
NotFoundException(javax.ws.rs.NotFoundException)
Test(org.junit.Test)
Example 35 with AuthenticationFlowRepresentation
use of org.keycloak.representations.idm.AuthenticationFlowRepresentation in project keycloak by keycloak.
the class FlowTest method testAddRemoveFlow.
@Test
public void testAddRemoveFlow() {
// test that built-in flow cannot be deleted
List<AuthenticationFlowRepresentation> flows = authMgmtResource.getFlows();
for (AuthenticationFlowRepresentation flow : flows) {
try {
authMgmtResource.deleteFlow(flow.getId());
Assert.fail("deleteFlow should fail for built in flow");
} catch (BadRequestException e) {
break;
}
}
// try create new flow using alias of already existing flow
Response response = authMgmtResource.createFlow(newFlow("browser", "Browser flow", "basic-flow", true, false));
try {
Assert.assertEquals("createFlow using the alias of existing flow should fail", 409, response.getStatus());
} finally {
response.close();
}
// try create flow without alias
response = authMgmtResource.createFlow(newFlow(null, "Browser flow", "basic-flow", true, false));
try {
Assert.assertEquals("createFlow using the alias of existing flow should fail", 409, response.getStatus());
} finally {
response.close();
}
// create new flow that should succeed
AuthenticationFlowRepresentation newFlow = newFlow("browser-2", "Browser flow", "basic-flow", true, false);
createFlow(newFlow);
// check that new flow is returned in a children list
flows = authMgmtResource.getFlows();
AuthenticationFlowRepresentation found = findFlowByAlias("browser-2", flows);
Assert.assertNotNull("created flow visible in parent", found);
compareFlows(newFlow, found);
// check lookup flow with unexistent ID
try {
authMgmtResource.getFlow("id-123-notExistent");
Assert.fail("Not expected to find unexistent flow");
} catch (NotFoundException nfe) {
// Expected
}
// check that new flow is returned individually
AuthenticationFlowRepresentation found2 = authMgmtResource.getFlow(found.getId());
Assert.assertNotNull("created flow visible directly", found2);
compareFlows(newFlow, found2);
// add execution flow to some parent flow
Map<String, String> data = new HashMap<>();
data.put("alias", "SomeFlow");
data.put("type", "basic-flow");
data.put("description", "Test flow");
// This tests against a regression in KEYCLOAK-16656
data.put("provider", "registration-page-form");
Map<String, String> data2 = new HashMap<>();
data2.put("alias", "SomeFlow2");
data2.put("type", "form-flow");
data2.put("description", "Test flow 2");
data2.put("provider", "registration-page-form");
// inexistent parent flow - should fail
try {
authMgmtResource.addExecutionFlow("inexistent-parent-flow-alias", data);
Assert.fail("addExecutionFlow for inexistent parent should have failed");
} catch (Exception expected) {
// Expected
}
// already existent flow - should fail
try {
data.put("alias", "browser");
authMgmtResource.addExecutionFlow("browser-2", data);
Assert.fail("addExecutionFlow should have failed as browser flow already exists");
} catch (Exception expected) {
// Expected
}
// Successfully add flow
data.put("alias", "SomeFlow");
authMgmtResource.addExecutionFlow("browser-2", data);
authMgmtResource.addExecutionFlow("browser-2", data2);
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionFlowPath("browser-2"), data, ResourceType.AUTH_EXECUTION_FLOW);
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionFlowPath("browser-2"), data2, ResourceType.AUTH_EXECUTION_FLOW);
// check that new flow is returned in a children list
flows = authMgmtResource.getFlows();
found2 = findFlowByAlias("browser-2", flows);
Assert.assertNotNull("created flow visible in parent", found2);
List<AuthenticationExecutionExportRepresentation> execs = found2.getAuthenticationExecutions();
Assert.assertNotNull(execs);
Assert.assertEquals("Size two", 2, execs.size());
AuthenticationExecutionExportRepresentation expected = new AuthenticationExecutionExportRepresentation();
expected.setFlowAlias("SomeFlow");
expected.setUserSetupAllowed(false);
expected.setAuthenticatorFlow(true);
expected.setRequirement("DISABLED");
expected.setPriority(0);
compareExecution(expected, execs.get(0));
expected = new AuthenticationExecutionExportRepresentation();
expected.setFlowAlias("SomeFlow2");
expected.setUserSetupAllowed(false);
expected.setAuthenticator("registration-page-form");
expected.setAuthenticatorFlow(true);
expected.setRequirement("DISABLED");
expected.setPriority(1);
compareExecution(expected, execs.get(1));
// delete non-built-in flow
authMgmtResource.deleteFlow(found.getId());
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authFlowPath(found.getId()), ResourceType.AUTH_FLOW);
// check the deleted flow is no longer returned
flows = authMgmtResource.getFlows();
found = findFlowByAlias("browser-2", flows);
Assert.assertNull("flow deleted", found);
// Check deleting flow second time will fail
try {
authMgmtResource.deleteFlow("id-123-notExistent");
Assert.fail("Not expected to delete flow, which doesn't exist");
} catch (NotFoundException nfe) {
// Expected
}
}
Also used :
Response(javax.ws.rs.core.Response)
HashMap(java.util.HashMap)
AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation)
BadRequestException(javax.ws.rs.BadRequestException)
NotFoundException(javax.ws.rs.NotFoundException)
Matchers.containsString(org.hamcrest.Matchers.containsString)
AuthenticationExecutionExportRepresentation(org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation)
ClientErrorException(javax.ws.rs.ClientErrorException)
BadRequestException(javax.ws.rs.BadRequestException)
InternalServerErrorException(javax.ws.rs.InternalServerErrorException)
NotFoundException(javax.ws.rs.NotFoundException)
Test(org.junit.Test)
Aggregations
AuthenticationFlowRepresentation (org.keycloak.representations.idm.AuthenticationFlowRepresentation)42
Test (org.junit.Test)17
HashMap (java.util.HashMap)15
Response (javax.ws.rs.core.Response)14
AuthenticationExecutionInfoRepresentation (org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)10
AuthenticationExecutionRepresentation (org.keycloak.representations.idm.AuthenticationExecutionRepresentation)8
Before (org.junit.Before)7
RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)7
BadRequestException (javax.ws.rs.BadRequestException)5
NotFoundException (javax.ws.rs.NotFoundException)5
RealmResource (org.keycloak.admin.client.resource.RealmResource)5
ClientErrorException (javax.ws.rs.ClientErrorException)4
Matchers.containsString (org.hamcrest.Matchers.containsString)4
AuthenticationExecutionExportRepresentation (org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation)4
AuthenticatorConfigRepresentation (org.keycloak.representations.idm.AuthenticatorConfigRepresentation)4
IdentityProviderRepresentation (org.keycloak.representations.idm.IdentityProviderRepresentation)4
LinkedList (java.util.LinkedList)3
InternalServerErrorException (javax.ws.rs.InternalServerErrorException)3
AuthenticationManagementResource (org.keycloak.admin.client.resource.AuthenticationManagementResource)3
IdentityProviderResource (org.keycloak.admin.client.resource.IdentityProviderResource)2
