Example 66 with AuthenticationSessionModel
use of org.keycloak.sessions.AuthenticationSessionModel in project keycloak by keycloak.
the class IdentityBrokerService method createAuthenticationRequest.
private AuthenticationRequest createAuthenticationRequest(String providerId, ClientSessionCode<AuthenticationSessionModel> clientSessionCode) {
AuthenticationSessionModel authSession = null;
IdentityBrokerState encodedState = null;
if (clientSessionCode != null) {
authSession = clientSessionCode.getClientSession();
String relayState = clientSessionCode.getOrGenerateCode();
encodedState = IdentityBrokerState.decoded(relayState, authSession.getClient().getClientId(), authSession.getTabId());
}
return new AuthenticationRequest(this.session, this.realmModel, authSession, this.request, this.session.getContext().getUri(), encodedState, getRedirectUri(providerId));
}
Also used :
AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel)
RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel)
IdentityBrokerState(org.keycloak.broker.provider.util.IdentityBrokerState)
AuthenticationRequest(org.keycloak.broker.provider.AuthenticationRequest)
Example 67 with AuthenticationSessionModel
use of org.keycloak.sessions.AuthenticationSessionModel in project keycloak by keycloak.
the class IdentityBrokerService method clientInitiatedAccountLinking.
@GET
@NoCache
@Path("/{provider_id}/link")
public Response clientInitiatedAccountLinking(@PathParam("provider_id") String providerId, @QueryParam("redirect_uri") String redirectUri, @QueryParam("client_id") String clientId, @QueryParam("nonce") String nonce, @QueryParam("hash") String hash) {
this.event.event(EventType.CLIENT_INITIATED_ACCOUNT_LINKING);
checkRealm();
ClientModel client = checkClient(clientId);
redirectUri = RedirectUtils.verifyRedirectUri(session, redirectUri, client);
if (redirectUri == null) {
event.error(Errors.INVALID_REDIRECT_URI);
throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.INVALID_REQUEST);
}
event.detail(Details.REDIRECT_URI, redirectUri);
if (nonce == null || hash == null) {
event.error(Errors.INVALID_REDIRECT_URI);
throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.INVALID_REQUEST);
}
AuthenticationManager.AuthResult cookieResult = AuthenticationManager.authenticateIdentityCookie(session, realmModel, true);
String errorParam = "link_error";
if (cookieResult == null) {
event.error(Errors.NOT_LOGGED_IN);
UriBuilder builder = UriBuilder.fromUri(redirectUri).queryParam(errorParam, Errors.NOT_LOGGED_IN).queryParam("nonce", nonce);
return Response.status(302).location(builder.build()).build();
}
cookieResult.getSession();
event.session(cookieResult.getSession());
event.user(cookieResult.getUser());
event.detail(Details.USERNAME, cookieResult.getUser().getUsername());
AuthenticatedClientSessionModel clientSession = null;
for (AuthenticatedClientSessionModel cs : cookieResult.getSession().getAuthenticatedClientSessions().values()) {
if (cs.getClient().getClientId().equals(clientId)) {
byte[] decoded = Base64Url.decode(hash);
MessageDigest md = null;
try {
md = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException e) {
throw new ErrorPageException(session, Response.Status.INTERNAL_SERVER_ERROR, Messages.UNEXPECTED_ERROR_HANDLING_REQUEST);
}
String input = nonce + cookieResult.getSession().getId() + clientId + providerId;
byte[] check = md.digest(input.getBytes(StandardCharsets.UTF_8));
if (MessageDigest.isEqual(decoded, check)) {
clientSession = cs;
break;
}
}
}
if (clientSession == null) {
event.error(Errors.INVALID_TOKEN);
throw new ErrorPageException(session, Response.Status.BAD_REQUEST, Messages.INVALID_REQUEST);
}
event.detail(Details.IDENTITY_PROVIDER, providerId);
ClientModel accountService = this.realmModel.getClientByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID);
if (!accountService.getId().equals(client.getId())) {
RoleModel manageAccountRole = accountService.getRole(AccountRoles.MANAGE_ACCOUNT);
// Ensure user has role and client has "role scope" for this role
ClientSessionContext ctx = DefaultClientSessionContext.fromClientSessionScopeParameter(clientSession, session);
Set<RoleModel> userAccountRoles = ctx.getRolesStream().collect(Collectors.toSet());
if (!userAccountRoles.contains(manageAccountRole)) {
RoleModel linkRole = accountService.getRole(AccountRoles.MANAGE_ACCOUNT_LINKS);
if (!userAccountRoles.contains(linkRole)) {
event.error(Errors.NOT_ALLOWED);
UriBuilder builder = UriBuilder.fromUri(redirectUri).queryParam(errorParam, Errors.NOT_ALLOWED).queryParam("nonce", nonce);
return Response.status(302).location(builder.build()).build();
}
}
}
IdentityProviderModel identityProviderModel = realmModel.getIdentityProviderByAlias(providerId);
if (identityProviderModel == null) {
event.error(Errors.UNKNOWN_IDENTITY_PROVIDER);
UriBuilder builder = UriBuilder.fromUri(redirectUri).queryParam(errorParam, Errors.UNKNOWN_IDENTITY_PROVIDER).queryParam("nonce", nonce);
return Response.status(302).location(builder.build()).build();
}
// Create AuthenticationSessionModel with same ID like userSession and refresh cookie
UserSessionModel userSession = cookieResult.getSession();
// Auth session with ID corresponding to our userSession may already exists in some rare cases (EG. if some client tried to login in another browser tab with "prompt=login")
RootAuthenticationSessionModel rootAuthSession = session.authenticationSessions().getRootAuthenticationSession(realmModel, userSession.getId());
if (rootAuthSession == null) {
rootAuthSession = session.authenticationSessions().createRootAuthenticationSession(realmModel, userSession.getId());
}
AuthenticationSessionModel authSession = rootAuthSession.createAuthenticationSession(client);
// Refresh the cookie
new AuthenticationSessionManager(session).setAuthSessionCookie(userSession.getId(), realmModel);
ClientSessionCode<AuthenticationSessionModel> clientSessionCode = new ClientSessionCode<>(session, realmModel, authSession);
clientSessionCode.setAction(AuthenticationSessionModel.Action.AUTHENTICATE.name());
clientSessionCode.getOrGenerateCode();
authSession.setProtocol(client.getProtocol());
authSession.setRedirectUri(redirectUri);
authSession.setClientNote(OIDCLoginProtocol.STATE_PARAM, UUID.randomUUID().toString());
authSession.setAuthNote(LINKING_IDENTITY_PROVIDER, cookieResult.getSession().getId() + clientId + providerId);
event.detail(Details.CODE_ID, userSession.getId());
event.success();
try {
IdentityProvider identityProvider = getIdentityProvider(session, realmModel, providerId);
Response response = identityProvider.performLogin(createAuthenticationRequest(providerId, clientSessionCode));
if (response != null) {
if (isDebugEnabled()) {
logger.debugf("Identity provider [%s] is going to send a request [%s].", identityProvider, response);
}
return response;
}
} catch (IdentityBrokerException e) {
return redirectToErrorPage(authSession, Response.Status.INTERNAL_SERVER_ERROR, Messages.COULD_NOT_SEND_AUTHENTICATION_REQUEST, e, providerId);
} catch (Exception e) {
return redirectToErrorPage(authSession, Response.Status.INTERNAL_SERVER_ERROR, Messages.UNEXPECTED_ERROR_HANDLING_REQUEST, e, providerId);
}
return redirectToErrorPage(authSession, Response.Status.INTERNAL_SERVER_ERROR, Messages.COULD_NOT_PROCEED_WITH_AUTHENTICATION_REQUEST);
}
Also used :
UserSessionModel(org.keycloak.models.UserSessionModel)
AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel)
RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel)
AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel)
RoleModel(org.keycloak.models.RoleModel)
SocialIdentityProvider(org.keycloak.broker.social.SocialIdentityProvider)
IdentityProvider(org.keycloak.broker.provider.IdentityProvider)
ErrorPageException(org.keycloak.services.ErrorPageException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IdentityProviderModel(org.keycloak.models.IdentityProviderModel)
ClientSessionCode(org.keycloak.services.managers.ClientSessionCode)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
WebApplicationException(javax.ws.rs.WebApplicationException)
IOException(java.io.IOException)
IdentityBrokerException(org.keycloak.broker.provider.IdentityBrokerException)
OAuthErrorException(org.keycloak.OAuthErrorException)
NotFoundException(javax.ws.rs.NotFoundException)
ErrorPageException(org.keycloak.services.ErrorPageException)
AuthenticationManager(org.keycloak.services.managers.AuthenticationManager)
AuthenticationSessionManager(org.keycloak.services.managers.AuthenticationSessionManager)
Response(javax.ws.rs.core.Response)
ErrorResponse(org.keycloak.services.ErrorResponse)
ClientModel(org.keycloak.models.ClientModel)
DefaultClientSessionContext(org.keycloak.services.util.DefaultClientSessionContext)
ClientSessionContext(org.keycloak.models.ClientSessionContext)
RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel)
IdentityBrokerException(org.keycloak.broker.provider.IdentityBrokerException)
UriBuilder(javax.ws.rs.core.UriBuilder)
MessageDigest(java.security.MessageDigest)
Path(javax.ws.rs.Path)
GET(javax.ws.rs.GET)
NoCache(org.jboss.resteasy.annotations.cache.NoCache)
Example 68 with AuthenticationSessionModel
use of org.keycloak.sessions.AuthenticationSessionModel in project keycloak by keycloak.
the class AuthenticationManager method finishBrowserLogout.
public static Response finishBrowserLogout(KeycloakSession session, RealmModel realm, UserSessionModel userSession, UriInfo uriInfo, ClientConnection connection, HttpHeaders headers) {
final AuthenticationSessionManager asm = new AuthenticationSessionManager(session);
AuthenticationSessionModel logoutAuthSession = createOrJoinLogoutSession(session, realm, asm, userSession, true);
checkUserSessionOnlyHasLoggedOutClients(realm, userSession, logoutAuthSession);
// For resolving artifact we don't need any cookie, all details are stored in session storage so we can remove
expireIdentityCookie(realm, uriInfo, connection);
expireRememberMeCookie(realm, uriInfo, connection);
String method = userSession.getNote(KEYCLOAK_LOGOUT_PROTOCOL);
EventBuilder event = new EventBuilder(realm, session, connection);
LoginProtocol protocol = session.getProvider(LoginProtocol.class, method);
protocol.setRealm(realm).setHttpHeaders(headers).setUriInfo(uriInfo).setEventBuilder(event);
Response response = protocol.finishLogout(userSession);
// It may be possible that there are some client sessions that are still in LOGGING_OUT state
long numberOfUnconfirmedSessions = userSession.getAuthenticatedClientSessions().values().stream().filter(clientSessionModel -> CommonClientSessionModel.Action.LOGGING_OUT.name().equals(clientSessionModel.getAction())).count();
// If logout flow end up correctly there should be at maximum 1 client session in LOGGING_OUT action, if there are more, something went wrong
if (numberOfUnconfirmedSessions > 1) {
logger.warnf("There are more than one clientSession in logging_out state. Perhaps some client did not finish logout flow correctly.");
}
// LOGGED_OUT action can remove UserSession
if (numberOfUnconfirmedSessions >= 1) {
userSession.setState(UserSessionModel.State.LOGGED_OUT_UNCONFIRMED);
} else {
userSession.setState(UserSessionModel.State.LOGGED_OUT);
}
// Do not remove user session, it will be removed when last clientSession will be logged out
if (numberOfUnconfirmedSessions < 1) {
session.sessions().removeUserSession(realm, userSession);
}
session.authenticationSessions().removeRootAuthenticationSession(realm, logoutAuthSession.getParentSession());
return response;
}
Also used :
BackchannelLogoutResponse(org.keycloak.protocol.oidc.BackchannelLogoutResponse)
Response(javax.ws.rs.core.Response)
DefaultClientSessionContext(org.keycloak.services.util.DefaultClientSessionContext)
ActionTokenStoreProvider(org.keycloak.models.ActionTokenStoreProvider)
Error(org.keycloak.protocol.LoginProtocol.Error)
ErrorResponseException(org.keycloak.services.ErrorResponseException)
Map(java.util.Map)
ClientConnection(org.keycloak.common.ClientConnection)
UriBuilder(javax.ws.rs.core.UriBuilder)
Time(org.keycloak.common.util.Time)
AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel)
AuthenticationProcessor(org.keycloak.authentication.AuthenticationProcessor)
Set(java.util.Set)
AbstractUsernameFormAuthenticator(org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator)
SecretGenerator(org.keycloak.common.util.SecretGenerator)
Stream(java.util.stream.Stream)
AuthenticationFlowException(org.keycloak.authentication.AuthenticationFlowException)
SessionTimeoutHelper(org.keycloak.models.utils.SessionTimeoutHelper)
LoginActionsService(org.keycloak.services.resources.LoginActionsService)
UriInfo(javax.ws.rs.core.UriInfo)
OAuth2Constants(org.keycloak.OAuth2Constants)
LoginProtocol(org.keycloak.protocol.LoginProtocol)
Constants(org.keycloak.models.Constants)
TokenManager(org.keycloak.protocol.oidc.TokenManager)
TokenUtil(org.keycloak.util.TokenUtil)
UserModel(org.keycloak.models.UserModel)
ClientSessionContext(org.keycloak.models.ClientSessionContext)
Predicate(org.keycloak.TokenVerifier.Predicate)
TokenVerifier(org.keycloak.TokenVerifier)
CommonClientSessionModel(org.keycloak.sessions.CommonClientSessionModel)
Base64Url(org.keycloak.common.util.Base64Url)
BackchannelLogoutResponse(org.keycloak.protocol.oidc.BackchannelLogoutResponse)
AuthenticationFlowError(org.keycloak.authentication.AuthenticationFlowError)
ConsoleDisplayMode(org.keycloak.authentication.ConsoleDisplayMode)
IdentityBrokerService(org.keycloak.services.resources.IdentityBrokerService)
KeycloakSession(org.keycloak.models.KeycloakSession)
AuthorizationDetails(org.keycloak.rar.AuthorizationDetails)
HttpRequest(org.jboss.resteasy.spi.HttpRequest)
EventType(org.keycloak.events.EventType)
P3PHelper(org.keycloak.services.util.P3PHelper)
RequiredActionProvider(org.keycloak.authentication.RequiredActionProvider)
ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)
LoginFormsProvider(org.keycloak.forms.login.LoginFormsProvider)
URLDecoder(java.net.URLDecoder)
ActionTokenKeyModel(org.keycloak.models.ActionTokenKeyModel)
RequiredActionContextResult(org.keycloak.authentication.RequiredActionContextResult)
RequiredActionFactory(org.keycloak.authentication.RequiredActionFactory)
NewCookie(javax.ws.rs.core.NewCookie)
Messages(org.keycloak.services.messages.Messages)
DefaultActionTokenKey(org.keycloak.authentication.actiontoken.DefaultActionTokenKey)
SignatureVerifierContext(org.keycloak.crypto.SignatureVerifierContext)
AccessToken(org.keycloak.representations.AccessToken)
AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel)
URI(java.net.URI)
SystemClientUtil(org.keycloak.models.utils.SystemClientUtil)
VerificationException(org.keycloak.common.VerificationException)
DeviceGrantType.isOAuth2DeviceVerificationFlow(org.keycloak.protocol.oidc.grants.device.DeviceGrantType.isOAuth2DeviceVerificationFlow)
ClientScopeModel(org.keycloak.models.ClientScopeModel)
RealmModel(org.keycloak.models.RealmModel)
InitiatedActionSupport(org.keycloak.authentication.InitiatedActionSupport)
AuthenticatorUtil(org.keycloak.authentication.AuthenticatorUtil)
Collectors(java.util.stream.Collectors)
Cookie(javax.ws.rs.core.Cookie)
Objects(java.util.Objects)
List(java.util.List)
HttpHeaders(javax.ws.rs.core.HttpHeaders)
Response(javax.ws.rs.core.Response)
Details(org.keycloak.events.Details)
RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel)
OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol)
Optional(java.util.Optional)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
RequiredActionProviderModel(org.keycloak.models.RequiredActionProviderModel)
ClientModel(org.keycloak.models.ClientModel)
RealmsResource(org.keycloak.services.resources.RealmsResource)
Profile(org.keycloak.common.Profile)
SameSiteAttributeValue(org.keycloak.common.util.ServerCookie.SameSiteAttributeValue)
KeycloakModelUtils(org.keycloak.models.utils.KeycloakModelUtils)
Logger(org.jboss.logging.Logger)
ServicesLogger(org.keycloak.services.ServicesLogger)
TokenTypeCheck(org.keycloak.TokenVerifier.TokenTypeCheck)
RequiredActionContext(org.keycloak.authentication.RequiredActionContext)
SignatureProvider(org.keycloak.crypto.SignatureProvider)
EventBuilder(org.keycloak.events.EventBuilder)
CookieHelper(org.keycloak.services.util.CookieHelper)
UserConsentModel(org.keycloak.models.UserConsentModel)
OIDCAdvancedConfigWrapper(org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper)
LinkedList(java.util.LinkedList)
DisplayTypeRequiredActionFactory(org.keycloak.authentication.DisplayTypeRequiredActionFactory)
IdentityProvider(org.keycloak.broker.provider.IdentityProvider)
Errors(org.keycloak.events.Errors)
CORRESPONDING_SESSION_ID(org.keycloak.models.UserSessionModel.CORRESPONDING_SESSION_ID)
UserSessionModel(org.keycloak.models.UserSessionModel)
AuthorizationContextUtil(org.keycloak.services.util.AuthorizationContextUtil)
URLEncoder(java.net.URLEncoder)
LogoutRequestContext(org.keycloak.services.clientpolicy.context.LogoutRequestContext)
CookieHelper.getCookie(org.keycloak.services.util.CookieHelper.getCookie)
Urls(org.keycloak.services.Urls)
Collections(java.util.Collections)
AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel)
RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel)
EventBuilder(org.keycloak.events.EventBuilder)
LoginProtocol(org.keycloak.protocol.LoginProtocol)
OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol)
Example 69 with AuthenticationSessionModel
use of org.keycloak.sessions.AuthenticationSessionModel in project keycloak by keycloak.
the class AuthenticationManager method createOrJoinLogoutSession.
private static AuthenticationSessionModel createOrJoinLogoutSession(KeycloakSession session, RealmModel realm, final AuthenticationSessionManager asm, UserSessionModel userSession, boolean browserCookie) {
// Account management client is used as a placeholder
ClientModel client = SystemClientUtil.getSystemClient(realm);
String authSessionId;
RootAuthenticationSessionModel rootLogoutSession = null;
boolean browserCookiePresent = false;
// Try to lookup current authSessionId from browser cookie. If doesn't exist, use the same as current userSession
if (browserCookie) {
rootLogoutSession = asm.getCurrentRootAuthenticationSession(realm);
}
if (rootLogoutSession != null) {
authSessionId = rootLogoutSession.getId();
browserCookiePresent = true;
} else {
authSessionId = userSession.getId();
rootLogoutSession = session.authenticationSessions().getRootAuthenticationSession(realm, authSessionId);
}
if (rootLogoutSession == null) {
rootLogoutSession = session.authenticationSessions().createRootAuthenticationSession(realm, authSessionId);
}
if (browserCookie && !browserCookiePresent) {
// Update cookie if needed
asm.setAuthSessionCookie(authSessionId, realm);
}
// See if we have logoutAuthSession inside current rootSession. Create new if not
Optional<AuthenticationSessionModel> found = rootLogoutSession.getAuthenticationSessions().values().stream().filter((AuthenticationSessionModel authSession) -> {
return client.equals(authSession.getClient()) && Objects.equals(AuthenticationSessionModel.Action.LOGGING_OUT.name(), authSession.getAction());
}).findFirst();
AuthenticationSessionModel logoutAuthSession = found.isPresent() ? found.get() : rootLogoutSession.createAuthenticationSession(client);
session.getContext().setAuthenticationSession(logoutAuthSession);
logoutAuthSession.setAction(AuthenticationSessionModel.Action.LOGGING_OUT.name());
return logoutAuthSession;
}
Also used :
ClientModel(org.keycloak.models.ClientModel)
AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel)
RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel)
RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel)
Example 70 with AuthenticationSessionModel
use of org.keycloak.sessions.AuthenticationSessionModel in project keycloak by keycloak.
the class AuthenticationManager method actionRequired.
public static Response actionRequired(final KeycloakSession session, final AuthenticationSessionModel authSession, final HttpRequest request, final EventBuilder event) {
final RealmModel realm = authSession.getRealm();
final UserModel user = authSession.getAuthenticatedUser();
final ClientModel client = authSession.getClient();
evaluateRequiredActionTriggers(session, authSession, request, event, realm, user);
logger.debugv("processAccessCode: go to oauth page?: {0}", client.isConsentRequired());
event.detail(Details.CODE_ID, authSession.getParentSession().getId());
Stream<String> requiredActions = user.getRequiredActionsStream();
Response action = executionActions(session, authSession, request, event, realm, user, requiredActions);
if (action != null)
return action;
// executionActions() method should remove any duplicate actions that might be in the clientSession
action = executionActions(session, authSession, request, event, realm, user, authSession.getRequiredActions().stream());
if (action != null)
return action;
// so the consent is required when running a verification flow of OAuth 2.0 Device Authorization Grant.
if (client.isConsentRequired() || isOAuth2DeviceVerificationFlow(authSession)) {
UserConsentModel grantedConsent = getEffectiveGrantedConsent(session, authSession);
List<AuthorizationDetails> clientScopesToApprove = getClientScopesToApproveOnConsentScreen(grantedConsent, session);
// Skip grant screen if everything was already approved by this user
if (clientScopesToApprove.size() > 0) {
String execution = AuthenticatedClientSessionModel.Action.OAUTH_GRANT.name();
ClientSessionCode<AuthenticationSessionModel> accessCode = new ClientSessionCode<>(session, realm, authSession);
accessCode.setAction(AuthenticatedClientSessionModel.Action.REQUIRED_ACTIONS.name());
authSession.setAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, execution);
return session.getProvider(LoginFormsProvider.class).setAuthenticationSession(authSession).setExecution(execution).setClientSessionCode(accessCode.getOrGenerateCode()).setAccessRequest(clientScopesToApprove).createOAuthGrant();
} else {
String consentDetail = (grantedConsent != null) ? Details.CONSENT_VALUE_PERSISTED_CONSENT : Details.CONSENT_VALUE_NO_CONSENT_REQUIRED;
event.detail(Details.CONSENT, consentDetail);
}
} else {
event.detail(Details.CONSENT, Details.CONSENT_VALUE_NO_CONSENT_REQUIRED);
}
return null;
}
Also used :
AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel)
RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel)
UserConsentModel(org.keycloak.models.UserConsentModel)
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
BackchannelLogoutResponse(org.keycloak.protocol.oidc.BackchannelLogoutResponse)
Response(javax.ws.rs.core.Response)
ClientModel(org.keycloak.models.ClientModel)
LoginFormsProvider(org.keycloak.forms.login.LoginFormsProvider)
AuthorizationDetails(org.keycloak.rar.AuthorizationDetails)
Aggregations
AuthenticationSessionModel (org.keycloak.sessions.AuthenticationSessionModel)89
RootAuthenticationSessionModel (org.keycloak.sessions.RootAuthenticationSessionModel)48
ClientModel (org.keycloak.models.ClientModel)27
UserModel (org.keycloak.models.UserModel)24
Response (javax.ws.rs.core.Response)23
RealmModel (org.keycloak.models.RealmModel)20
UserSessionModel (org.keycloak.models.UserSessionModel)20
AuthenticationSessionManager (org.keycloak.services.managers.AuthenticationSessionManager)18
KeycloakSession (org.keycloak.models.KeycloakSession)16
ClientSessionContext (org.keycloak.models.ClientSessionContext)13
LoginFormsProvider (org.keycloak.forms.login.LoginFormsProvider)10
URI (java.net.URI)9
UriBuilder (javax.ws.rs.core.UriBuilder)9
EventBuilder (org.keycloak.events.EventBuilder)9
LoginProtocol (org.keycloak.protocol.LoginProtocol)9
GET (javax.ws.rs.GET)8
Path (javax.ws.rs.Path)8
AuthenticationFlowException (org.keycloak.authentication.AuthenticationFlowException)8
OIDCLoginProtocol (org.keycloak.protocol.oidc.OIDCLoginProtocol)8
Map (java.util.Map)7
