Search in sources :

Example 21 with AuthenticationSessionManager

use of org.keycloak.services.managers.AuthenticationSessionManager in project keycloak by keycloak.

the class TokenManager method attachAuthenticationSession.

public static ClientSessionContext attachAuthenticationSession(KeycloakSession session, UserSessionModel userSession, AuthenticationSessionModel authSession) {
    ClientModel client = authSession.getClient();
    AuthenticatedClientSessionModel clientSession = userSession.getAuthenticatedClientSessionByClient(client.getId());
    if (clientSession == null) {
        clientSession = session.sessions().createClientSession(userSession.getRealm(), client, userSession);
    }
    clientSession.setRedirectUri(authSession.getRedirectUri());
    clientSession.setProtocol(authSession.getProtocol());
    Set<String> clientScopeIds;
    if (Profile.isFeatureEnabled(Profile.Feature.DYNAMIC_SCOPES)) {
        clientScopeIds = AuthorizationContextUtil.getClientScopesStreamFromAuthorizationRequestContextWithClient(session, authSession.getClientNote(OAuth2Constants.SCOPE)).map(ClientScopeModel::getId).collect(Collectors.toSet());
    } else {
        clientScopeIds = authSession.getClientScopes();
    }
    Map<String, String> transferredNotes = authSession.getClientNotes();
    for (Map.Entry<String, String> entry : transferredNotes.entrySet()) {
        clientSession.setNote(entry.getKey(), entry.getValue());
    }
    Map<String, String> transferredUserSessionNotes = authSession.getUserSessionNotes();
    for (Map.Entry<String, String> entry : transferredUserSessionNotes.entrySet()) {
        userSession.setNote(entry.getKey(), entry.getValue());
    }
    clientSession.setNote(Constants.LEVEL_OF_AUTHENTICATION, String.valueOf(AuthenticatorUtil.getCurrentLevelOfAuthentication(authSession)));
    clientSession.setTimestamp(Time.currentTime());
    // Remove authentication session now
    new AuthenticationSessionManager(session).removeAuthenticationSession(userSession.getRealm(), authSession, true);
    ClientSessionContext clientSessionCtx = DefaultClientSessionContext.fromClientSessionAndClientScopeIds(clientSession, clientScopeIds, session);
    return clientSessionCtx;
}
Also used : AuthenticationSessionManager(org.keycloak.services.managers.AuthenticationSessionManager) ClientModel(org.keycloak.models.ClientModel) DefaultClientSessionContext(org.keycloak.services.util.DefaultClientSessionContext) ClientSessionContext(org.keycloak.models.ClientSessionContext) AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel) ClientScopeModel(org.keycloak.models.ClientScopeModel) Map(java.util.Map) HashMap(java.util.HashMap)

Example 22 with AuthenticationSessionManager

use of org.keycloak.services.managers.AuthenticationSessionManager in project keycloak by keycloak.

the class DefaultTokenExchangeProvider method exchangeClientToOIDCClient.

protected Response exchangeClientToOIDCClient(UserModel targetUser, UserSessionModel targetUserSession, String requestedTokenType, ClientModel targetClient, String audience, String scope) {
    RootAuthenticationSessionModel rootAuthSession = new AuthenticationSessionManager(session).createAuthenticationSession(realm, false);
    AuthenticationSessionModel authSession = rootAuthSession.createAuthenticationSession(targetClient);
    authSession.setAuthenticatedUser(targetUser);
    authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(session.getContext().getUri().getBaseUri(), realm.getName()));
    authSession.setClientNote(OIDCLoginProtocol.SCOPE_PARAM, scope);
    event.session(targetUserSession);
    AuthenticationManager.setClientScopesInSession(authSession);
    ClientSessionContext clientSessionCtx = TokenManager.attachAuthenticationSession(this.session, targetUserSession, authSession);
    updateUserSessionFromClientAuth(targetUserSession);
    TokenManager.AccessTokenResponseBuilder responseBuilder = tokenManager.responseBuilder(realm, targetClient, event, this.session, targetUserSession, clientSessionCtx).generateAccessToken();
    responseBuilder.getAccessToken().issuedFor(client.getClientId());
    if (audience != null) {
        responseBuilder.getAccessToken().addAudience(audience);
    }
    if (requestedTokenType.equals(OAuth2Constants.REFRESH_TOKEN_TYPE) && OIDCAdvancedConfigWrapper.fromClientModel(client).isUseRefreshToken()) {
        responseBuilder.generateRefreshToken();
        responseBuilder.getRefreshToken().issuedFor(client.getClientId());
    }
    String scopeParam = clientSessionCtx.getClientSession().getNote(OAuth2Constants.SCOPE);
    if (TokenUtil.isOIDCRequest(scopeParam)) {
        responseBuilder.generateIDToken().generateAccessTokenHash();
    }
    AccessTokenResponse res = responseBuilder.build();
    event.detail(Details.AUDIENCE, targetClient.getClientId());
    event.success();
    return cors.builder(Response.ok(res, MediaType.APPLICATION_JSON_TYPE)).build();
}
Also used : AuthenticationSessionManager(org.keycloak.services.managers.AuthenticationSessionManager) AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel) ClientSessionContext(org.keycloak.models.ClientSessionContext) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel) AccessTokenResponse(org.keycloak.representations.AccessTokenResponse)

Aggregations

AuthenticationSessionManager (org.keycloak.services.managers.AuthenticationSessionManager)22 AuthenticationSessionModel (org.keycloak.sessions.AuthenticationSessionModel)18 RootAuthenticationSessionModel (org.keycloak.sessions.RootAuthenticationSessionModel)15 UserSessionModel (org.keycloak.models.UserSessionModel)11 ClientModel (org.keycloak.models.ClientModel)10 UserModel (org.keycloak.models.UserModel)8 ClientSessionContext (org.keycloak.models.ClientSessionContext)7 GET (javax.ws.rs.GET)4 Response (javax.ws.rs.core.Response)4 UriBuilder (javax.ws.rs.core.UriBuilder)4 LoginFormsProvider (org.keycloak.forms.login.LoginFormsProvider)4 DefaultClientSessionContext (org.keycloak.services.util.DefaultClientSessionContext)4 URI (java.net.URI)3 HashMap (java.util.HashMap)3 Path (javax.ws.rs.Path)3 AuthenticatedClientSessionModel (org.keycloak.models.AuthenticatedClientSessionModel)3 TokenManager (org.keycloak.protocol.oidc.TokenManager)3 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)3 IOException (java.io.IOException)2 Map (java.util.Map)2