use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class AbstractAuthenticationTest method newConfig.
AuthenticatorConfigRepresentation newConfig(String alias, String[] keyvalues) {
AuthenticatorConfigRepresentation config = new AuthenticatorConfigRepresentation();
config.setAlias(alias);
if (keyvalues == null) {
throw new IllegalArgumentException("keyvalues == null");
}
if (keyvalues.length % 2 != 0) {
throw new IllegalArgumentException("keyvalues should have even number of elements");
}
LinkedHashMap<String, String> params = new LinkedHashMap<>();
for (int i = 0; i < keyvalues.length; i += 2) {
params.put(keyvalues[i], keyvalues[i + 1]);
}
config.setConfig(params);
return config;
}
use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class ExecutionTest method testUpdateAuthenticatorConfig.
// KEYCLOAK-7975
@Test
public void testUpdateAuthenticatorConfig() {
// copy built-in flow so we get a new editable flow
HashMap<String, String> params = new HashMap<>();
params.put("newName", "new-browser-flow");
Response response = authMgmtResource.copy("browser", params);
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params, ResourceType.AUTH_FLOW);
try {
Assert.assertEquals("Copy flow", 201, response.getStatus());
} finally {
response.close();
}
// create Conditional OTP Form execution
params.put("provider", "auth-conditional-otp-form");
authMgmtResource.addExecution("new-browser-flow", params);
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authAddExecutionPath("new-browser-flow"), params, ResourceType.AUTH_EXECUTION);
List<AuthenticationExecutionInfoRepresentation> executionReps = authMgmtResource.getExecutions("new-browser-flow");
AuthenticationExecutionInfoRepresentation exec = findExecutionByProvider("auth-conditional-otp-form", executionReps);
// create authenticator config for the execution
Map<String, String> config = new HashMap<>();
config.put("defaultOtpOutcome", "skip");
config.put("otpControlAttribute", "test");
config.put("forceOtpForHeaderPattern", "");
config.put("forceOtpRole", "");
config.put("noOtpRequiredForHeaderPattern", "");
config.put("skipOtpRole", "");
AuthenticatorConfigRepresentation authConfigRep = new AuthenticatorConfigRepresentation();
authConfigRep.setAlias("conditional-otp-form-config-alias");
authConfigRep.setConfig(config);
response = authMgmtResource.newExecutionConfig(exec.getId(), authConfigRep);
try {
authConfigRep.setId(ApiUtil.getCreatedId(response));
} finally {
response.close();
}
// try to update the config adn check
config.put("otpControlAttribute", "test-updated");
authConfigRep.setConfig(config);
authMgmtResource.updateAuthenticatorConfig(authConfigRep.getId(), authConfigRep);
AuthenticatorConfigRepresentation updated = authMgmtResource.getAuthenticatorConfig(authConfigRep.getId());
Assert.assertThat(updated.getConfig().values(), hasItems("test-updated", "skip"));
}
use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class AuthenticatorConfigTest method testRemoveConfig.
@Test
public void testRemoveConfig() {
AuthenticatorConfigRepresentation cfg = newConfig("foo", IdpCreateUserIfUniqueAuthenticatorFactory.REQUIRE_PASSWORD_UPDATE_AFTER_REGISTRATION, "true");
String cfgId = createConfig(executionId, cfg);
AuthenticatorConfigRepresentation cfgRep = authMgmtResource.getAuthenticatorConfig(cfgId);
// Assert execution has our config
AuthenticationExecutionInfoRepresentation execution = findExecutionByProvider(IdpCreateUserIfUniqueAuthenticatorFactory.PROVIDER_ID, authMgmtResource.getExecutions("firstBrokerLogin2"));
Assert.assertEquals(cfgRep.getId(), execution.getAuthenticationConfig());
// Test remove not-existent
try {
authMgmtResource.removeAuthenticatorConfig("not-existent");
Assert.fail("Config didn't found");
} catch (NotFoundException nfe) {
// Expected
}
// Test remove our config
authMgmtResource.removeAuthenticatorConfig(cfgId);
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authExecutionConfigPath(cfgId), ResourceType.AUTHENTICATOR_CONFIG);
// Assert config not found
try {
authMgmtResource.getAuthenticatorConfig(cfgRep.getId());
Assert.fail("Not expected to find config");
} catch (NotFoundException nfe) {
// Expected
}
// Assert execution doesn't have our config
execution = findExecutionByProvider(IdpCreateUserIfUniqueAuthenticatorFactory.PROVIDER_ID, authMgmtResource.getExecutions("firstBrokerLogin2"));
Assert.assertNull(execution.getAuthenticationConfig());
}
use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class AuthenticatorConfigTest method testUpdateConfigWithBadChar.
@Test(expected = BadRequestException.class)
public void testUpdateConfigWithBadChar() {
AuthenticatorConfigRepresentation cfg = newConfig("foo", IdpCreateUserIfUniqueAuthenticatorFactory.REQUIRE_PASSWORD_UPDATE_AFTER_REGISTRATION, "true");
String cfgId = createConfig(executionId, cfg);
AuthenticatorConfigRepresentation cfgRep = authMgmtResource.getAuthenticatorConfig(cfgId);
cfgRep.setAlias("Bad@Char");
authMgmtResource.updateAuthenticatorConfig(cfgRep.getId(), cfgRep);
}
use of org.keycloak.representations.idm.AuthenticatorConfigRepresentation in project keycloak by keycloak.
the class RepresentationToModel method importAuthenticationFlows.
public static Map<String, String> importAuthenticationFlows(RealmModel newRealm, RealmRepresentation rep) {
Map<String, String> mappedFlows = new HashMap<>();
if (rep.getAuthenticationFlows() == null) {
// assume this is an old version being imported
DefaultAuthenticationFlows.migrateFlows(newRealm);
} else {
for (AuthenticatorConfigRepresentation configRep : rep.getAuthenticatorConfig()) {
if (configRep.getAlias() == null) {
// this can happen only during import json files from keycloak 3.4.0 and older
throw new IllegalStateException("Provided realm contains authenticator config with null alias. " + "It should be resolved by adding alias to the authenticator config before exporting the realm.");
}
AuthenticatorConfigModel model = toModel(configRep);
newRealm.addAuthenticatorConfig(model);
}
for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
AuthenticationFlowModel model = toModel(flowRep);
// make sure new id is generated for new AuthenticationFlowModel instance
String previousId = model.getId();
model.setId(null);
model = newRealm.addAuthenticationFlow(model);
// store the mapped ids so that clients can reference the correct flow when importing the authenticationFlowBindingOverrides
mappedFlows.put(previousId, model.getId());
}
for (AuthenticationFlowRepresentation flowRep : rep.getAuthenticationFlows()) {
AuthenticationFlowModel model = newRealm.getFlowByAlias(flowRep.getAlias());
for (AuthenticationExecutionExportRepresentation exeRep : flowRep.getAuthenticationExecutions()) {
AuthenticationExecutionModel execution = toModel(newRealm, model, exeRep);
newRealm.addAuthenticatorExecution(execution);
}
}
}
if (rep.getBrowserFlow() == null) {
newRealm.setBrowserFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW));
} else {
newRealm.setBrowserFlow(newRealm.getFlowByAlias(rep.getBrowserFlow()));
}
if (rep.getRegistrationFlow() == null) {
newRealm.setRegistrationFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.REGISTRATION_FLOW));
} else {
newRealm.setRegistrationFlow(newRealm.getFlowByAlias(rep.getRegistrationFlow()));
}
if (rep.getDirectGrantFlow() == null) {
newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.DIRECT_GRANT_FLOW));
} else {
newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(rep.getDirectGrantFlow()));
}
// reset credentials + client flow needs to be more defensive as they were added later (in 1.5 )
if (rep.getResetCredentialsFlow() == null) {
AuthenticationFlowModel resetFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW);
if (resetFlow == null) {
DefaultAuthenticationFlows.resetCredentialsFlow(newRealm);
} else {
newRealm.setResetCredentialsFlow(resetFlow);
}
} else {
newRealm.setResetCredentialsFlow(newRealm.getFlowByAlias(rep.getResetCredentialsFlow()));
}
if (rep.getClientAuthenticationFlow() == null) {
AuthenticationFlowModel clientFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW);
if (clientFlow == null) {
DefaultAuthenticationFlows.clientAuthFlow(newRealm);
} else {
newRealm.setClientAuthenticationFlow(clientFlow);
}
} else {
newRealm.setClientAuthenticationFlow(newRealm.getFlowByAlias(rep.getClientAuthenticationFlow()));
}
// Added in 1.7
if (newRealm.getFlowByAlias(DefaultAuthenticationFlows.FIRST_BROKER_LOGIN_FLOW) == null) {
DefaultAuthenticationFlows.firstBrokerLoginFlow(newRealm, true);
}
// Added in 2.2
String defaultProvider = null;
if (rep.getIdentityProviders() != null) {
for (IdentityProviderRepresentation i : rep.getIdentityProviders()) {
if (i.isEnabled() && i.isAuthenticateByDefault()) {
defaultProvider = i.getProviderId();
break;
}
}
}
// Added in 3.2
if (rep.getDockerAuthenticationFlow() == null) {
AuthenticationFlowModel dockerAuthenticationFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.DOCKER_AUTH);
if (dockerAuthenticationFlow == null) {
DefaultAuthenticationFlows.dockerAuthenticationFlow(newRealm);
} else {
newRealm.setDockerAuthenticationFlow(dockerAuthenticationFlow);
}
} else {
newRealm.setDockerAuthenticationFlow(newRealm.getFlowByAlias(rep.getDockerAuthenticationFlow()));
}
DefaultAuthenticationFlows.addIdentityProviderAuthenticator(newRealm, defaultProvider);
return mappedFlows;
}
Aggregations