libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Auth execution 'Condition - User Attribute' missing

Browse source 
Closes #9895
This commit is contained in:
Martin Bartoš 2022-03-07 14:22:56 +01:00 committed by Marek Posolda
parent f77ce315bb
commit 02d0fe82bc
11 changed files with 81 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalAuthenticator.java
View file

@ -1,3 +1,20 @@
/*
* Copyright 2022 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.authentication.authenticators.conditional;
import org.keycloak.authentication.Authenticator;

24
services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalAuthenticatorFactory.java
View file

@ -1,3 +1,20 @@
/*
* Copyright 2022 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.authentication.authenticators.conditional;
import org.keycloak.OAuth2Constants;
@ -8,6 +25,8 @@ import org.keycloak.models.KeycloakSession;
public interface ConditionalAuthenticatorFactory extends AuthenticatorFactory, DisplayTypeAuthenticatorFactory {
String REFERENCE_CATEGORY = "condition";
@Override
default Authenticator create(KeycloakSession session) {
return getSingleton();
@ -20,6 +39,11 @@ public interface ConditionalAuthenticatorFactory extends AuthenticatorFactory, D
return create(session);
}
@Override
default String getReferenceCategory() {
return REFERENCE_CATEGORY;
}
ConditionalAuthenticator getSingleton();
}

5
services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalLoaAuthenticatorFactory.java
View file

@ -75,11 +75,6 @@ public class ConditionalLoaAuthenticatorFactory implements ConditionalAuthentica
return "Condition - Level of Authentication";
}
@Override
public String getReferenceCategory() {
return "condition";
}
@Override
public boolean isConfigurable() {
return true;

5
services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalRoleAuthenticatorFactory.java
View file

@ -40,11 +40,6 @@ public class ConditionalRoleAuthenticatorFactory implements ConditionalAuthentic
return "Condition - user role";
}
@Override
public String getReferenceCategory() {
return "condition";
}
@Override
public boolean isConfigurable() {
return true;

23
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/authentication/ConditionalUserAttributeValue.java → services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalUserAttributeValue.java
View file

@ -1,9 +1,25 @@
package org.keycloak.testsuite.authentication;
/*
* Copyright 2022 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.authentication.authenticators.conditional;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.AuthenticationFlowException;
import org.keycloak.authentication.authenticators.conditional.ConditionalAuthenticator;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
@ -11,7 +27,6 @@ import org.keycloak.models.UserModel;
import java.util.Map;
import java.util.Objects;
public class ConditionalUserAttributeValue implements ConditionalAuthenticator {
static final ConditionalUserAttributeValue SINGLETON = new ConditionalUserAttributeValue();
@ -26,7 +41,7 @@ public class ConditionalUserAttributeValue implements ConditionalAuthenticator {
UserModel user = context.getUser();
if (user == null) {
throw new AuthenticationFlowException("authenticator: " + ConditionalUserAttributeValueFactory.PROVIDER_ID, AuthenticationFlowError.UNKNOWN_USER);
throw new AuthenticationFlowException("Cannot find user for obtaining particular user attributes. Authenticator: " + ConditionalUserAttributeValueFactory.PROVIDER_ID, AuthenticationFlowError.UNKNOWN_USER);
}
boolean result = user.getAttributeStream(attributeName).anyMatch(attr -> Objects.equals(attr, attributeValue));

26
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/authentication/ConditionalUserAttributeValueFactory.java → services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalUserAttributeValueFactory.java
View file

@ -1,8 +1,23 @@
package org.keycloak.testsuite.authentication;
/*
* Copyright 2022 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.authentication.authenticators.conditional;
import org.keycloak.Config;
import org.keycloak.authentication.authenticators.conditional.ConditionalAuthenticator;
import org.keycloak.authentication.authenticators.conditional.ConditionalAuthenticatorFactory;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.provider.ProviderConfigProperty;
@ -47,11 +62,6 @@ public class ConditionalUserAttributeValueFactory implements ConditionalAuthenti
return "Condition - user attribute";
}
@Override
public String getReferenceCategory() {
return "condition";
}
@Override
public boolean isConfigurable() {
return true;

5
services/src/main/java/org/keycloak/authentication/authenticators/conditional/ConditionalUserConfiguredAuthenticatorFactory.java
View file

@ -37,11 +37,6 @@ public class ConditionalUserConfiguredAuthenticatorFactory implements Conditiona
return "Condition - user configured";
}
@Override
public String getReferenceCategory() {
return "condition";
}
@Override
public boolean isConfigurable() {
return false;

1
services/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory
View file

@ -26,6 +26,7 @@ org.keycloak.authentication.authenticators.browser.IdentityProviderAuthenticator
org.keycloak.authentication.authenticators.conditional.ConditionalRoleAuthenticatorFactory
org.keycloak.authentication.authenticators.conditional.ConditionalUserConfiguredAuthenticatorFactory
org.keycloak.authentication.authenticators.conditional.ConditionalLoaAuthenticatorFactory
org.keycloak.authentication.authenticators.conditional.ConditionalUserAttributeValueFactory
org.keycloak.authentication.authenticators.directgrant.ValidateOTP
org.keycloak.authentication.authenticators.directgrant.ValidatePassword
org.keycloak.authentication.authenticators.directgrant.ValidateUsername

1
testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory
View file

@ -22,6 +22,5 @@ org.keycloak.testsuite.forms.ClickThroughAuthenticator
org.keycloak.testsuite.authentication.ExpectedParamAuthenticatorFactory
org.keycloak.testsuite.authentication.PushButtonAuthenticatorFactory
org.keycloak.testsuite.forms.UsernameOnlyAuthenticator
org.keycloak.testsuite.authentication.ConditionalUserAttributeValueFactory
org.keycloak.testsuite.authentication.SetUserAttributeAuthenticatorFactory
org.keycloak.testsuite.authentication.CustomAuthenticationFlowCallbackFactory

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/AllowDenyAuthenticatorTest.java
View file

@ -15,7 +15,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.authentication.ConditionalUserAttributeValueFactory;
import org.keycloak.authentication.authenticators.conditional.ConditionalUserAttributeValueFactory;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginUsernameOnlyPage;
import org.keycloak.testsuite.pages.PasswordPage;

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BrowserFlowTest.java
View file

@ -16,6 +16,7 @@ import org.keycloak.authentication.authenticators.browser.UsernamePasswordFormFa
import org.keycloak.authentication.authenticators.browser.WebAuthnAuthenticatorFactory;
import org.keycloak.authentication.authenticators.conditional.ConditionalRoleAuthenticatorFactory;
import org.keycloak.authentication.authenticators.conditional.ConditionalUserConfiguredAuthenticatorFactory;
import org.keycloak.authentication.authenticators.conditional.ConditionalUserAttributeValueFactory;
import org.keycloak.authentication.requiredactions.WebAuthnRegisterFactory;
import org.keycloak.common.Profile;
import org.keycloak.events.Details;
@ -50,7 +51,6 @@ import org.keycloak.testsuite.util.FlowUtil;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RoleBuilder;
import org.keycloak.testsuite.util.URLUtils;
import org.keycloak.testsuite.authentication.ConditionalUserAttributeValueFactory;
import org.keycloak.testsuite.authentication.SetUserAttributeAuthenticatorFactory;
import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;