Auth execution 'Condition - User Attribute' missing

Closes #9895

services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalAuthenticator.java

@@ -1,3 +1,20 @@
+/*
+ * Copyright 2022 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.keycloak.authentication.authenticators.conditional;
 
 import org.keycloak.authentication.Authenticator;

services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalAuthenticatorFactory.java

@@ -1,3 +1,20 @@
+/*
+ * Copyright 2022 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.keycloak.authentication.authenticators.conditional;
 
 import org.keycloak.OAuth2Constants;
@@ -8,6 +25,8 @@ import org.keycloak.models.KeycloakSession;
 
 public interface ConditionalAuthenticatorFactory extends AuthenticatorFactory, DisplayTypeAuthenticatorFactory {
 
+    String REFERENCE_CATEGORY = "condition";
+
     @Override
     default Authenticator create(KeycloakSession session) {
         return getSingleton();
@@ -20,6 +39,11 @@ public interface ConditionalAuthenticatorFactory extends AuthenticatorFactory, D
         return create(session);
     }
 
+    @Override
+    default String getReferenceCategory() {
+        return REFERENCE_CATEGORY;
+    }
+
     ConditionalAuthenticator getSingleton();
 
 }

services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalLoaAuthenticatorFactory.java

@@ -75,11 +75,6 @@ public class ConditionalLoaAuthenticatorFactory implements ConditionalAuthentica
         return "Condition - Level of Authentication";
     }
 
-    @Override
-    public String getReferenceCategory() {
-        return "condition";
-    }
-
     @Override
     public boolean isConfigurable() {
         return true;

services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalRoleAuthenticatorFactory.java

@@ -40,11 +40,6 @@ public class ConditionalRoleAuthenticatorFactory implements ConditionalAuthentic
         return "Condition - user role";
     }
 
-    @Override
-    public String getReferenceCategory() {
-        return "condition";
-    }
-
     @Override
     public boolean isConfigurable() {
         return true;

services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalUserAttributeValue.java

@@ -1,9 +1,25 @@
-package org.keycloak.testsuite.authentication;
+/*
+ * Copyright 2022 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.authentication.authenticators.conditional;
 
 import org.keycloak.authentication.AuthenticationFlowContext;
 import org.keycloak.authentication.AuthenticationFlowError;
 import org.keycloak.authentication.AuthenticationFlowException;
-import org.keycloak.authentication.authenticators.conditional.ConditionalAuthenticator;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
@@ -11,7 +27,6 @@ import org.keycloak.models.UserModel;
 import java.util.Map;
 import java.util.Objects;
 
-
 public class ConditionalUserAttributeValue implements ConditionalAuthenticator {
 
     static final ConditionalUserAttributeValue SINGLETON = new ConditionalUserAttributeValue();
@@ -26,7 +41,7 @@ public class ConditionalUserAttributeValue implements ConditionalAuthenticator {
 
         UserModel user = context.getUser();
         if (user == null) {
-            throw new AuthenticationFlowException("authenticator: " + ConditionalUserAttributeValueFactory.PROVIDER_ID, AuthenticationFlowError.UNKNOWN_USER);
+            throw new AuthenticationFlowException("Cannot find user for obtaining particular user attributes. Authenticator: " + ConditionalUserAttributeValueFactory.PROVIDER_ID, AuthenticationFlowError.UNKNOWN_USER);
         }
 
         boolean result = user.getAttributeStream(attributeName).anyMatch(attr -> Objects.equals(attr, attributeValue));

services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalUserAttributeValueFactory.java

@@ -1,8 +1,23 @@
-package org.keycloak.testsuite.authentication;
+/*
+ * Copyright 2022 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.authentication.authenticators.conditional;
 
 import org.keycloak.Config;
-import org.keycloak.authentication.authenticators.conditional.ConditionalAuthenticator;
-import org.keycloak.authentication.authenticators.conditional.ConditionalAuthenticatorFactory;
 import org.keycloak.models.AuthenticationExecutionModel;
 import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.provider.ProviderConfigProperty;
@@ -47,11 +62,6 @@ public class ConditionalUserAttributeValueFactory implements ConditionalAuthenti
         return "Condition - user attribute";
     }
 
-    @Override
-    public String getReferenceCategory() {
-        return "condition";
-    }
-
     @Override
     public boolean isConfigurable() {
         return true;

services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalUserConfiguredAuthenticatorFactory.java

@@ -37,11 +37,6 @@ public class ConditionalUserConfiguredAuthenticatorFactory implements Conditiona
         return "Condition - user configured";
     }
 
-    @Override
-    public String getReferenceCategory() {
-        return "condition";
-    }
-
     @Override
     public boolean isConfigurable() {
         return false;

services/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory

@@ -26,6 +26,7 @@ org.keycloak.authentication.authenticators.browser.IdentityProviderAuthenticator
 org.keycloak.authentication.authenticators.conditional.ConditionalRoleAuthenticatorFactory
 org.keycloak.authentication.authenticators.conditional.ConditionalUserConfiguredAuthenticatorFactory
 org.keycloak.authentication.authenticators.conditional.ConditionalLoaAuthenticatorFactory
+org.keycloak.authentication.authenticators.conditional.ConditionalUserAttributeValueFactory
 org.keycloak.authentication.authenticators.directgrant.ValidateOTP
 org.keycloak.authentication.authenticators.directgrant.ValidatePassword
 org.keycloak.authentication.authenticators.directgrant.ValidateUsername

testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory

@@ -22,6 +22,5 @@ org.keycloak.testsuite.forms.ClickThroughAuthenticator
 org.keycloak.testsuite.authentication.ExpectedParamAuthenticatorFactory
 org.keycloak.testsuite.authentication.PushButtonAuthenticatorFactory
 org.keycloak.testsuite.forms.UsernameOnlyAuthenticator
-org.keycloak.testsuite.authentication.ConditionalUserAttributeValueFactory
 org.keycloak.testsuite.authentication.SetUserAttributeAuthenticatorFactory
 org.keycloak.testsuite.authentication.CustomAuthenticationFlowCallbackFactory

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/AllowDenyAuthenticatorTest.java

@@ -15,7 +15,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
-import org.keycloak.testsuite.authentication.ConditionalUserAttributeValueFactory;
+import org.keycloak.authentication.authenticators.conditional.ConditionalUserAttributeValueFactory;
 import org.keycloak.testsuite.pages.ErrorPage;
 import org.keycloak.testsuite.pages.LoginUsernameOnlyPage;
 import org.keycloak.testsuite.pages.PasswordPage;

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BrowserFlowTest.java

@@ -16,6 +16,7 @@ import org.keycloak.authentication.authenticators.browser.UsernamePasswordFormFa
 import org.keycloak.authentication.authenticators.browser.WebAuthnAuthenticatorFactory;
 import org.keycloak.authentication.authenticators.conditional.ConditionalRoleAuthenticatorFactory;
 import org.keycloak.authentication.authenticators.conditional.ConditionalUserConfiguredAuthenticatorFactory;
+import org.keycloak.authentication.authenticators.conditional.ConditionalUserAttributeValueFactory;
 import org.keycloak.authentication.requiredactions.WebAuthnRegisterFactory;
 import org.keycloak.common.Profile;
 import org.keycloak.events.Details;
@@ -50,7 +51,6 @@ import org.keycloak.testsuite.util.FlowUtil;
 import org.keycloak.testsuite.util.OAuthClient;
 import org.keycloak.testsuite.util.RoleBuilder;
 import org.keycloak.testsuite.util.URLUtils;
-import org.keycloak.testsuite.authentication.ConditionalUserAttributeValueFactory;
 import org.keycloak.testsuite.authentication.SetUserAttributeAuthenticatorFactory;
 import org.openqa.selenium.By;
 import org.openqa.selenium.WebDriver;