Search in sources :

Example 1 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class AbstractAuthenticationTest method newConfig.

AuthenticatorConfigRepresentation newConfig(String alias, String[] keyvalues) {
    AuthenticatorConfigRepresentation config = new AuthenticatorConfigRepresentation();
    config.setAlias(alias);
    if (keyvalues == null) {
        throw new IllegalArgumentException("keyvalues == null");
    }
    if (keyvalues.length % 2 != 0) {
        throw new IllegalArgumentException("keyvalues should have even number of elements");
    }
    LinkedHashMap<String, String> params = new LinkedHashMap<>();
    for (int i = 0; i < keyvalues.length; i += 2) {
        params.put(keyvalues[i], keyvalues[i + 1]);
    }
    config.setConfig(params);
    return config;
}
Also used : AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) LinkedHashMap(java.util.LinkedHashMap)

Example 2 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class ExecutionTest method testUpdateAuthenticatorConfig.

// KEYCLOAK-7975
@Test
public void testUpdateAuthenticatorConfig() {
    // copy built-in flow so we get a new editable flow
    HashMap<String, String> params = new HashMap<>();
    params.put("newName", "new-browser-flow");
    Response response = authMgmtResource.copy("browser", params);
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params, ResourceType.AUTH_FLOW);
    try {
        Assert.assertEquals("Copy flow", 201, response.getStatus());
    } finally {
        response.close();
    }
    // create Conditional OTP Form execution
    params.put("provider", "auth-conditional-otp-form");
    authMgmtResource.addExecution("new-browser-flow", params);
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("new-browser-flow"), params, ResourceType.AUTH_EXECUTION);
    List<AuthenticationExecutionInfoRepresentation> executionReps = authMgmtResource.getExecutions("new-browser-flow");
    AuthenticationExecutionInfoRepresentation exec = findExecutionByProvider("auth-conditional-otp-form", executionReps);
    // create authenticator config for the execution
    Map<String, String> config = new HashMap<>();
    config.put("defaultOtpOutcome", "skip");
    config.put("otpControlAttribute", "test");
    config.put("forceOtpForHeaderPattern", "");
    config.put("forceOtpRole", "");
    config.put("noOtpRequiredForHeaderPattern", "");
    config.put("skipOtpRole", "");
    AuthenticatorConfigRepresentation authConfigRep = new AuthenticatorConfigRepresentation();
    authConfigRep.setAlias("conditional-otp-form-config-alias");
    authConfigRep.setConfig(config);
    response = authMgmtResource.newExecutionConfig(exec.getId(), authConfigRep);
    try {
        authConfigRep.setId(ApiUtil.getCreatedId(response));
    } finally {
        response.close();
    }
    // try to update the config adn check
    config.put("otpControlAttribute", "test-updated");
    authConfigRep.setConfig(config);
    authMgmtResource.updateAuthenticatorConfig(authConfigRep.getId(), authConfigRep);
    AuthenticatorConfigRepresentation updated = authMgmtResource.getAuthenticatorConfig(authConfigRep.getId());
    Assert.assertThat(updated.getConfig().values(), hasItems("test-updated", "skip"));
}
Also used : Response(javax.ws.rs.core.Response) HashMap(java.util.HashMap) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 3 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class AuthenticatorConfigTest method testRemoveConfig.

@Test
public void testRemoveConfig() {
    AuthenticatorConfigRepresentation cfg = newConfig("foo", IdpCreateUserIfUniqueAuthenticatorFactory.REQUIRE_PASSWORD_UPDATE_AFTER_REGISTRATION, "true");
    String cfgId = createConfig(executionId, cfg);
    AuthenticatorConfigRepresentation cfgRep = authMgmtResource.getAuthenticatorConfig(cfgId);
    // Assert execution has our config
    AuthenticationExecutionInfoRepresentation execution = findExecutionByProvider(IdpCreateUserIfUniqueAuthenticatorFactory.PROVIDER_ID, authMgmtResource.getExecutions("firstBrokerLogin2"));
    Assert.assertEquals(cfgRep.getId(), execution.getAuthenticationConfig());
    // Test remove not-existent
    try {
        authMgmtResource.removeAuthenticatorConfig("not-existent");
        Assert.fail("Config didn't found");
    } catch (NotFoundException nfe) {
    // Expected
    }
    // Test remove our config
    authMgmtResource.removeAuthenticatorConfig(cfgId);
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionConfigPath(cfgId), ResourceType.AUTHENTICATOR_CONFIG);
    // Assert config not found
    try {
        authMgmtResource.getAuthenticatorConfig(cfgRep.getId());
        Assert.fail("Not expected to find config");
    } catch (NotFoundException nfe) {
    // Expected
    }
    // Assert execution doesn't have our config
    execution = findExecutionByProvider(IdpCreateUserIfUniqueAuthenticatorFactory.PROVIDER_ID, authMgmtResource.getExecutions("firstBrokerLogin2"));
    Assert.assertNull(execution.getAuthenticationConfig());
}
Also used : AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) NotFoundException(javax.ws.rs.NotFoundException) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 4 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class AuthenticatorConfigTest method testUpdateConfigWithBadChar.

@Test(expected = BadRequestException.class)
public void testUpdateConfigWithBadChar() {
    AuthenticatorConfigRepresentation cfg = newConfig("foo", IdpCreateUserIfUniqueAuthenticatorFactory.REQUIRE_PASSWORD_UPDATE_AFTER_REGISTRATION, "true");
    String cfgId = createConfig(executionId, cfg);
    AuthenticatorConfigRepresentation cfgRep = authMgmtResource.getAuthenticatorConfig(cfgId);
    cfgRep.setAlias("Bad@Char");
    authMgmtResource.updateAuthenticatorConfig(cfgRep.getId(), cfgRep);
}
Also used : AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation) Test(org.junit.Test)

Example 5 with AuthenticatorConfigRepresentation

use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.

the class RepresentationToModel method importAuthenticationFlows.

public static Map<String, String> importAuthenticationFlows(RealmModel newRealm, RealmRepresentation rep) {
    Map<String, String> mappedFlows = new HashMap<>();
    if (rep.getAuthenticationFlows() == null) {
        // assume this is an old version being imported
        DefaultAuthenticationFlows.migrateFlows(newRealm);
    } else {
        for (AuthenticatorConfigRepresentation configRep : rep.getAuthenticatorConfig()) {
            if (configRep.getAlias() == null) {
                // this can happen only during import json files from keycloak 3.4.0 and older
                throw new IllegalStateException("Provided realm contains authenticator config with null alias. " + "It should be resolved by adding alias to the authenticator config before exporting the realm.");
            }
            AuthenticatorConfigModel model = toModel(configRep);
            newRealm.addAuthenticatorConfig(model);
        }
        for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
            AuthenticationFlowModel model = toModel(flowRep);
            // make sure new id is generated for new AuthenticationFlowModel instance
            String previousId = model.getId();
            model.setId(null);
            model = newRealm.addAuthenticationFlow(model);
            // store the mapped ids so that clients can reference the correct flow when importing the authenticationFlowBindingOverrides
            mappedFlows.put(previousId, model.getId());
        }
        for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
            AuthenticationFlowModel model = newRealm.getFlowByAlias(flowRep.getAlias());
            for (AuthenticationExecutionExportRepresentation exeRep : flowRep.getAuthenticationExecutions()) {
                AuthenticationExecutionModel execution = toModel(newRealm, model, exeRep);
                newRealm.addAuthenticatorExecution(execution);
            }
        }
    }
    if (rep.getBrowserFlow() == null) {
        newRealm.setBrowserFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW));
    } else {
        newRealm.setBrowserFlow(newRealm.getFlowByAlias(rep.getBrowserFlow()));
    }
    if (rep.getRegistrationFlow() == null) {
        newRealm.setRegistrationFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.REGISTRATION_FLOW));
    } else {
        newRealm.setRegistrationFlow(newRealm.getFlowByAlias(rep.getRegistrationFlow()));
    }
    if (rep.getDirectGrantFlow() == null) {
        newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.DIRECT_GRANT_FLOW));
    } else {
        newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(rep.getDirectGrantFlow()));
    }
    // reset credentials + client flow needs to be more defensive as they were added later (in 1.5 )
    if (rep.getResetCredentialsFlow() == null) {
        AuthenticationFlowModel resetFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW);
        if (resetFlow == null) {
            DefaultAuthenticationFlows.resetCredentialsFlow(newRealm);
        } else {
            newRealm.setResetCredentialsFlow(resetFlow);
        }
    } else {
        newRealm.setResetCredentialsFlow(newRealm.getFlowByAlias(rep.getResetCredentialsFlow()));
    }
    if (rep.getClientAuthenticationFlow() == null) {
        AuthenticationFlowModel clientFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW);
        if (clientFlow == null) {
            DefaultAuthenticationFlows.clientAuthFlow(newRealm);
        } else {
            newRealm.setClientAuthenticationFlow(clientFlow);
        }
    } else {
        newRealm.setClientAuthenticationFlow(newRealm.getFlowByAlias(rep.getClientAuthenticationFlow()));
    }
    // Added in 1.7
    if (newRealm.getFlowByAlias(DefaultAuthenticationFlows.FIRST_BROKER_LOGIN_FLOW) == null) {
        DefaultAuthenticationFlows.firstBrokerLoginFlow(newRealm, true);
    }
    // Added in 2.2
    String defaultProvider = null;
    if (rep.getIdentityProviders() != null) {
        for (IdentityProviderRepresentation i : rep.getIdentityProviders()) {
            if (i.isEnabled() && i.isAuthenticateByDefault()) {
                defaultProvider = i.getProviderId();
                break;
            }
        }
    }
    // Added in 3.2
    if (rep.getDockerAuthenticationFlow() == null) {
        AuthenticationFlowModel dockerAuthenticationFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.DOCKER_AUTH);
        if (dockerAuthenticationFlow == null) {
            DefaultAuthenticationFlows.dockerAuthenticationFlow(newRealm);
        } else {
            newRealm.setDockerAuthenticationFlow(dockerAuthenticationFlow);
        }
    } else {
        newRealm.setDockerAuthenticationFlow(newRealm.getFlowByAlias(rep.getDockerAuthenticationFlow()));
    }
    DefaultAuthenticationFlows.addIdentityProviderAuthenticator(newRealm, defaultProvider);
    return mappedFlows;
}
Also used : MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) HashMap(java.util.HashMap) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) AuthenticationFlowModel(org.keycloak.models.AuthenticationFlowModel) AuthenticatorConfigModel(org.keycloak.models.AuthenticatorConfigModel) ArtifactBindingUtils.computeArtifactBindingIdentifierString(org.keycloak.protocol.saml.util.ArtifactBindingUtils.computeArtifactBindingIdentifierString) AuthenticationExecutionExportRepresentation(org.keycloak.representations.idm.AuthenticationExecutionExportRepresentation) AuthenticatorConfigRepresentation(org.keycloak.representations.idm.AuthenticatorConfigRepresentation)

Aggregations

AuthenticatorConfigRepresentation (org.keycloak.representations.idm.AuthenticatorConfigRepresentation)53 Test (org.junit.Test)43 Matchers.containsString (org.hamcrest.Matchers.containsString)36 X509AuthenticatorConfigModel (org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigModel)24 OAuthClient (org.keycloak.testsuite.util.OAuthClient)18 Response (javax.ws.rs.core.Response)7 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)6 HashMap (java.util.HashMap)5 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)4 AuthenticationExecutionInfoRepresentation (org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)4 AuthenticationFlowRepresentation (org.keycloak.representations.idm.AuthenticationFlowRepresentation)4 AssertEvents (org.keycloak.testsuite.AssertEvents)4 NotFoundException (javax.ws.rs.NotFoundException)2 LinkedHashMap (java.util.LinkedHashMap)1 Ignore (org.junit.Ignore)1 AuthenticationManagementResource (org.keycloak.admin.client.resource.AuthenticationManagementResource)1 RealmResource (org.keycloak.admin.client.resource.RealmResource)1 MultivaluedHashMap (org.keycloak.common.util.MultivaluedHashMap)1 AuthenticationExecutionModel (org.keycloak.models.AuthenticationExecutionModel)1 AuthenticationFlowModel (org.keycloak.models.AuthenticationFlowModel)1