Search in sources :

Example 6 with RootAuthenticationSessionModel

use of org.keycloak.sessions.RootAuthenticationSessionModel in project keycloak by keycloak.

the class AuthorizationEndpointBase method createNewAuthenticationSession.

private AuthenticationSessionModel createNewAuthenticationSession(AuthenticationSessionManager manager, ClientModel client) {
    RootAuthenticationSessionModel rootAuthSession = manager.createAuthenticationSession(realm, true);
    AuthenticationSessionModel authSession = rootAuthSession.createAuthenticationSession(client);
    logger.debugf("Sent request to authz endpoint. Created new root authentication session with ID '%s' . Client: %s . New authentication session tab ID: %s", rootAuthSession.getId(), client.getClientId(), authSession.getTabId());
    return authSession;
}
Also used : AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel)

Example 7 with RootAuthenticationSessionModel

use of org.keycloak.sessions.RootAuthenticationSessionModel in project keycloak by keycloak.

the class AuthenticationSessionProviderTest method testOnClientRemoved.

@Test
@ModelTest
public void testOnClientRemoved(KeycloakSession session) {
    AtomicReference<String> tab1ID = new AtomicReference<>();
    AtomicReference<String> tab2ID = new AtomicReference<>();
    AtomicReference<String> authSessionID = new AtomicReference<>();
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesRealmRemoved1) -> {
        KeycloakSession currentSession = sesRealmRemoved1;
        RealmModel realm = currentSession.realms().getRealm("test");
        authSessionID.set(currentSession.authenticationSessions().createRootAuthenticationSession(realm).getId());
        AuthenticationSessionModel authSession1 = currentSession.authenticationSessions().getRootAuthenticationSession(realm, authSessionID.get()).createAuthenticationSession(realm.getClientByClientId("test-app"));
        AuthenticationSessionModel authSession2 = currentSession.authenticationSessions().getRootAuthenticationSession(realm, authSessionID.get()).createAuthenticationSession(realm.getClientByClientId("third-party"));
        tab1ID.set(authSession1.getTabId());
        tab2ID.set(authSession2.getTabId());
        authSession1.setAuthNote("foo", "bar");
        authSession2.setAuthNote("foo", "baz");
    });
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesRealmRemoved1) -> {
        KeycloakSession currentSession = sesRealmRemoved1;
        RealmModel realm = currentSession.realms().getRealm("test");
        RootAuthenticationSessionModel rootAuthSession = currentSession.authenticationSessions().getRootAuthenticationSession(realm, authSessionID.get());
        assertThat(rootAuthSession.getAuthenticationSessions().size(), is(2));
        assertThat(rootAuthSession.getAuthenticationSession(realm.getClientByClientId("test-app"), tab1ID.get()).getAuthNote("foo"), is("bar"));
        assertThat(rootAuthSession.getAuthenticationSession(realm.getClientByClientId("third-party"), tab2ID.get()).getAuthNote("foo"), is("baz"));
        new ClientManager(new RealmManager(currentSession)).removeClient(realm, realm.getClientByClientId("third-party"));
    });
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesRealmRemoved1) -> {
        KeycloakSession currentSession = sesRealmRemoved1;
        RealmModel realm = currentSession.realms().getRealm("test");
        RootAuthenticationSessionModel rootAuthSession = currentSession.authenticationSessions().getRootAuthenticationSession(realm, authSessionID.get());
        assertThat(rootAuthSession.getAuthenticationSession(realm.getClientByClientId("test-app"), tab1ID.get()).getAuthNote("foo"), is("bar"));
        assertThat(rootAuthSession.getAuthenticationSession(realm.getClientByClientId("third-party"), tab2ID.get()), nullValue());
        // Revert client
        realm.addClient("third-party");
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel) KeycloakSession(org.keycloak.models.KeycloakSession) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel) ClientManager(org.keycloak.services.managers.ClientManager) AtomicReference(java.util.concurrent.atomic.AtomicReference) RealmManager(org.keycloak.services.managers.RealmManager) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 8 with RootAuthenticationSessionModel

use of org.keycloak.sessions.RootAuthenticationSessionModel in project keycloak by keycloak.

the class AuthenticationSessionProviderTest method testAuthenticationSessionRestart.

@Test
@ModelTest
public void testAuthenticationSessionRestart(KeycloakSession session) {
    AtomicReference<String> parentAuthSessionID = new AtomicReference<>();
    AtomicReference<String> tabID = new AtomicReference<>();
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRestart1) -> {
        KeycloakSession currentSession = sessionRestart1;
        RealmModel realm = currentSession.realms().getRealm("test");
        ClientModel client1 = realm.getClientByClientId("test-app");
        UserModel user1 = currentSession.users().getUserByUsername(realm, "user1");
        AuthenticationSessionModel authSession = currentSession.authenticationSessions().createRootAuthenticationSession(realm).createAuthenticationSession(client1);
        parentAuthSessionID.set(authSession.getParentSession().getId());
        tabID.set(authSession.getTabId());
        authSession.setAction("foo");
        authSession.getParentSession().setTimestamp(100);
        authSession.setAuthenticatedUser(user1);
        authSession.setAuthNote("foo", "bar");
        authSession.setClientNote("foo2", "bar2");
        authSession.setExecutionStatus("123", CommonClientSessionModel.ExecutionStatus.SUCCESS);
    });
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRestart2) -> {
        KeycloakSession currentSession = sessionRestart2;
        RealmModel realm = currentSession.realms().getRealm("test");
        // Test restart root authentication session
        ClientModel client1 = realm.getClientByClientId("test-app");
        AuthenticationSessionModel authSession = currentSession.authenticationSessions().getRootAuthenticationSession(realm, parentAuthSessionID.get()).getAuthenticationSession(client1, tabID.get());
        authSession.getParentSession().restartSession(realm);
    });
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRestart3) -> {
        KeycloakSession currentSession = sessionRestart3;
        RealmModel realm = currentSession.realms().getRealm("test");
        ClientModel client1 = realm.getClientByClientId("test-app");
        RootAuthenticationSessionModel rootAuthSession = currentSession.authenticationSessions().getRootAuthenticationSession(realm, parentAuthSessionID.get());
        assertThat(rootAuthSession.getAuthenticationSession(client1, tabID.get()), nullValue());
        assertThat(rootAuthSession.getTimestamp() > 0, is(true));
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel) KeycloakSession(org.keycloak.models.KeycloakSession) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel) AtomicReference(java.util.concurrent.atomic.AtomicReference) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 9 with RootAuthenticationSessionModel

use of org.keycloak.sessions.RootAuthenticationSessionModel in project keycloak by keycloak.

the class AuthenticationSessionProviderTest method testLoginSessionsCRUD.

@Test
@ModelTest
public void testLoginSessionsCRUD(KeycloakSession session) {
    AtomicReference<String> rootAuthSessionID = new AtomicReference<>();
    AtomicReference<String> tabID = new AtomicReference<>();
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCRUD1) -> {
        KeycloakSession currentSession = sessionCRUD1;
        RealmModel realm = currentSession.realms().getRealm("test");
        ClientModel client1 = realm.getClientByClientId("test-app");
        RootAuthenticationSessionModel rootAuthSession = currentSession.authenticationSessions().createRootAuthenticationSession(realm);
        rootAuthSessionID.set(rootAuthSession.getId());
        AuthenticationSessionModel authSession = rootAuthSession.createAuthenticationSession(client1);
        tabID.set(authSession.getTabId());
        authSession.setAction("foo");
        rootAuthSession.setTimestamp(100);
    });
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCRUD2) -> {
        KeycloakSession currentSession = sessionCRUD2;
        RealmModel realm = currentSession.realms().getRealm("test");
        ClientModel client1 = realm.getClientByClientId("test-app");
        // Ensure currentSession is here
        RootAuthenticationSessionModel rootAuthSession = currentSession.authenticationSessions().getRootAuthenticationSession(realm, rootAuthSessionID.get());
        AuthenticationSessionModel authSession = rootAuthSession.getAuthenticationSession(client1, tabID.get());
        testAuthenticationSession(authSession, client1.getId(), null, "foo");
        assertThat(rootAuthSession.getTimestamp(), is(100));
        // Update and commit
        authSession.setAction("foo-updated");
        rootAuthSession.setTimestamp(200);
        authSession.setAuthenticatedUser(currentSession.users().getUserByUsername(realm, "user1"));
    });
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCRUD3) -> {
        KeycloakSession currentSession = sessionCRUD3;
        RealmModel realm = currentSession.realms().getRealm("test");
        UserModel user1 = currentSession.users().getUserByUsername(realm, "user1");
        // Ensure currentSession was updated
        RootAuthenticationSessionModel rootAuthSession = currentSession.authenticationSessions().getRootAuthenticationSession(realm, rootAuthSessionID.get());
        ClientModel client1 = realm.getClientByClientId("test-app");
        AuthenticationSessionModel authSession = rootAuthSession.getAuthenticationSession(client1, tabID.get());
        testAuthenticationSession(authSession, client1.getId(), user1.getId(), "foo-updated");
        assertThat(rootAuthSession.getTimestamp(), is(200));
        // Remove and commit
        currentSession.authenticationSessions().removeRootAuthenticationSession(realm, rootAuthSession);
    });
    KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCRUD4) -> {
        KeycloakSession currentSession = sessionCRUD4;
        RealmModel realm = currentSession.realms().getRealm("test");
        // Ensure currentSession was removed
        assertThat(currentSession.authenticationSessions().getRootAuthenticationSession(realm, rootAuthSessionID.get()), nullValue());
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel) KeycloakSession(org.keycloak.models.KeycloakSession) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel) AtomicReference(java.util.concurrent.atomic.AtomicReference) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 10 with RootAuthenticationSessionModel

use of org.keycloak.sessions.RootAuthenticationSessionModel in project keycloak by keycloak.

the class ClientScopeEvaluateResource method sessionAware.

private <R> R sessionAware(UserModel user, String scopeParam, BiFunction<UserSessionModel, ClientSessionContext, R> function) {
    AuthenticationSessionModel authSession = null;
    AuthenticationSessionManager authSessionManager = new AuthenticationSessionManager(session);
    try {
        RootAuthenticationSessionModel rootAuthSession = authSessionManager.createAuthenticationSession(realm, false);
        authSession = rootAuthSession.createAuthenticationSession(client);
        authSession.setAuthenticatedUser(user);
        authSession.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
        authSession.setClientNote(OIDCLoginProtocol.ISSUER, Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
        authSession.setClientNote(OIDCLoginProtocol.SCOPE_PARAM, scopeParam);
        UserSessionModel userSession = session.sessions().createUserSession(authSession.getParentSession().getId(), realm, user, user.getUsername(), clientConnection.getRemoteAddr(), "example-auth", false, null, null, UserSessionModel.SessionPersistenceState.TRANSIENT);
        AuthenticationManager.setClientScopesInSession(authSession);
        ClientSessionContext clientSessionCtx = TokenManager.attachAuthenticationSession(session, userSession, authSession);
        return function.apply(userSession, clientSessionCtx);
    } finally {
        if (authSession != null) {
            authSessionManager.removeAuthenticationSession(realm, authSession, false);
        }
    }
}
Also used : AuthenticationSessionManager(org.keycloak.services.managers.AuthenticationSessionManager) AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel) UserSessionModel(org.keycloak.models.UserSessionModel) ClientSessionContext(org.keycloak.models.ClientSessionContext) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel)

Aggregations

RootAuthenticationSessionModel (org.keycloak.sessions.RootAuthenticationSessionModel)24 AuthenticationSessionModel (org.keycloak.sessions.AuthenticationSessionModel)21 AuthenticationSessionManager (org.keycloak.services.managers.AuthenticationSessionManager)11 UserSessionModel (org.keycloak.models.UserSessionModel)10 ClientModel (org.keycloak.models.ClientModel)9 UserModel (org.keycloak.models.UserModel)9 ClientSessionContext (org.keycloak.models.ClientSessionContext)7 Test (org.junit.Test)6 RealmModel (org.keycloak.models.RealmModel)6 KeycloakSession (org.keycloak.models.KeycloakSession)5 DefaultClientSessionContext (org.keycloak.services.util.DefaultClientSessionContext)5 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)5 AtomicReference (java.util.concurrent.atomic.AtomicReference)4 TokenManager (org.keycloak.protocol.oidc.TokenManager)3 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)3 ModelTest (org.keycloak.testsuite.arquillian.annotation.ModelTest)3 Response (javax.ws.rs.core.Response)2 AuthenticatedClientSessionModel (org.keycloak.models.AuthenticatedClientSessionModel)2 CorsErrorResponseException (org.keycloak.services.CorsErrorResponseException)2 ClientManager (org.keycloak.services.managers.ClientManager)2