better logging
This commit is contained in:
Bill Burke
parent
ee79f5e69d
commit
0527d441e3
2 changed files with 28 additions and 13 deletions
|
|
@ -658,6 +658,7 @@ public class AuthenticationProcessor {
|
||||||
}
|
}
|
||||||
|
|
||||||
public Response authenticateClient() throws AuthenticationFlowException {
|
public Response authenticateClient() throws AuthenticationFlowException {
|
||||||
|
logger.debug("AUTHENTICATE CLIENT");
|
||||||
AuthenticationFlow authenticationFlow = createFlowExecution(this.flowId, null);
|
AuthenticationFlow authenticationFlow = createFlowExecution(this.flowId, null);
|
||||||
try {
|
try {
|
||||||
Response challenge = authenticationFlow.processFlow();
|
Response challenge = authenticationFlow.processFlow();
|
||||||
|
|
@ -693,6 +694,7 @@ public class AuthenticationProcessor {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void resetFlow(ClientSessionModel clientSession) {
|
public static void resetFlow(ClientSessionModel clientSession) {
|
||||||
|
logger.debug("RESET FLOW");
|
||||||
clientSession.setTimestamp(Time.currentTime());
|
clientSession.setTimestamp(Time.currentTime());
|
||||||
clientSession.setAuthenticatedUser(null);
|
clientSession.setAuthenticatedUser(null);
|
||||||
clientSession.clearExecutionStatus();
|
clientSession.clearExecutionStatus();
|
||||||
|
|
@ -715,6 +717,7 @@ public class AuthenticationProcessor {
|
||||||
|
|
||||||
|
|
||||||
public Response authenticationAction(String execution) {
|
public Response authenticationAction(String execution) {
|
||||||
|
logger.debug("authenticationAction");
|
||||||
checkClientSession();
|
checkClientSession();
|
||||||
String current = clientSession.getNote(CURRENT_AUTHENTICATION_EXECUTION);
|
String current = clientSession.getNote(CURRENT_AUTHENTICATION_EXECUTION);
|
||||||
if (!execution.equals(current)) {
|
if (!execution.equals(current)) {
|
||||||
|
|
@ -762,6 +765,7 @@ public class AuthenticationProcessor {
|
||||||
}
|
}
|
||||||
|
|
||||||
public Response authenticateOnly() throws AuthenticationFlowException {
|
public Response authenticateOnly() throws AuthenticationFlowException {
|
||||||
|
logger.debug("AUTHENTICATE ONLY");
|
||||||
checkClientSession();
|
checkClientSession();
|
||||||
event.client(clientSession.getClient().getClientId())
|
event.client(clientSession.getClient().getClientId())
|
||||||
.detail(Details.REDIRECT_URI, clientSession.getRedirectUri())
|
.detail(Details.REDIRECT_URI, clientSession.getRedirectUri())
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
package org.keycloak.authentication;
|
package org.keycloak.authentication;
|
||||||
|
|
||||||
|
import org.jboss.logging.Logger;
|
||||||
import org.keycloak.models.AuthenticationExecutionModel;
|
import org.keycloak.models.AuthenticationExecutionModel;
|
||||||
import org.keycloak.models.AuthenticationFlowModel;
|
import org.keycloak.models.AuthenticationFlowModel;
|
||||||
import org.keycloak.models.ClientSessionModel;
|
import org.keycloak.models.ClientSessionModel;
|
||||||
|
|
@ -17,6 +18,7 @@ import java.util.List;
|
||||||
* @version $Revision: 1 $
|
* @version $Revision: 1 $
|
||||||
*/
|
*/
|
||||||
public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
||||||
|
protected static Logger logger = Logger.getLogger(DefaultAuthenticationFlow.class);
|
||||||
Response alternativeChallenge = null;
|
Response alternativeChallenge = null;
|
||||||
AuthenticationExecutionModel challengedAlternativeExecution = null;
|
AuthenticationExecutionModel challengedAlternativeExecution = null;
|
||||||
boolean alternativeSuccessful = false;
|
boolean alternativeSuccessful = false;
|
||||||
|
|
@ -44,10 +46,12 @@ public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Response processAction(String actionExecution) {
|
public Response processAction(String actionExecution) {
|
||||||
|
logger.debugv("processAction: {0}", actionExecution);
|
||||||
while (executionIterator.hasNext()) {
|
while (executionIterator.hasNext()) {
|
||||||
AuthenticationExecutionModel model = executionIterator.next();
|
AuthenticationExecutionModel model = executionIterator.next();
|
||||||
|
logger.debugv("check: {0} requirement: {1}", model.getAuthenticator(), model.getRequirement().toString());
|
||||||
if (isProcessed(model)) {
|
if (isProcessed(model)) {
|
||||||
AuthenticationProcessor.logger.debug("execution is processed");
|
logger.debug("execution is processed");
|
||||||
if (!alternativeSuccessful && model.isAlternative() && processor.isSuccessful(model))
|
if (!alternativeSuccessful && model.isAlternative() && processor.isSuccessful(model))
|
||||||
alternativeSuccessful = true;
|
alternativeSuccessful = true;
|
||||||
continue;
|
continue;
|
||||||
|
|
@ -62,6 +66,7 @@ public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
||||||
}
|
}
|
||||||
Authenticator authenticator = factory.create(processor.getSession());
|
Authenticator authenticator = factory.create(processor.getSession());
|
||||||
AuthenticationProcessor.Result result = processor.createAuthenticatorContext(model, authenticator, executions);
|
AuthenticationProcessor.Result result = processor.createAuthenticatorContext(model, authenticator, executions);
|
||||||
|
logger.debugv("action: {0}", model.getAuthenticator());
|
||||||
authenticator.action(result);
|
authenticator.action(result);
|
||||||
Response response = processResult(result);
|
Response response = processResult(result);
|
||||||
if (response == null) {
|
if (response == null) {
|
||||||
|
|
@ -80,19 +85,24 @@ public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Response processFlow() {
|
public Response processFlow() {
|
||||||
|
logger.debug("processFlow");
|
||||||
while (executionIterator.hasNext()) {
|
while (executionIterator.hasNext()) {
|
||||||
AuthenticationExecutionModel model = executionIterator.next();
|
AuthenticationExecutionModel model = executionIterator.next();
|
||||||
|
logger.debugv("check execution: {0} requirement: {1}", model.getAuthenticator(), model.getRequirement().toString());
|
||||||
|
|
||||||
if (isProcessed(model)) {
|
if (isProcessed(model)) {
|
||||||
AuthenticationProcessor.logger.debug("execution is processed");
|
logger.debug("execution is processed");
|
||||||
if (!alternativeSuccessful && model.isAlternative() && processor.isSuccessful(model))
|
if (!alternativeSuccessful && model.isAlternative() && processor.isSuccessful(model))
|
||||||
alternativeSuccessful = true;
|
alternativeSuccessful = true;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (model.isAlternative() && alternativeSuccessful) {
|
if (model.isAlternative() && alternativeSuccessful) {
|
||||||
|
logger.debug("Skip alternative execution");
|
||||||
processor.getClientSession().setExecutionStatus(model.getId(), ClientSessionModel.ExecutionStatus.SKIPPED);
|
processor.getClientSession().setExecutionStatus(model.getId(), ClientSessionModel.ExecutionStatus.SKIPPED);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (model.isAuthenticatorFlow()) {
|
if (model.isAuthenticatorFlow()) {
|
||||||
|
logger.debug("execution is flow");
|
||||||
AuthenticationFlow authenticationFlow = processor.createFlowExecution(model.getFlowId(), model);
|
AuthenticationFlow authenticationFlow = processor.createFlowExecution(model.getFlowId(), model);
|
||||||
Response flowChallenge = authenticationFlow.processFlow();
|
Response flowChallenge = authenticationFlow.processFlow();
|
||||||
if (flowChallenge == null) {
|
if (flowChallenge == null) {
|
||||||
|
|
@ -122,7 +132,7 @@ public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
||||||
throw new RuntimeException("Unable to find factory for AuthenticatorFactory: " + model.getAuthenticator() + " did you forget to declare it in a META-INF/services file?");
|
throw new RuntimeException("Unable to find factory for AuthenticatorFactory: " + model.getAuthenticator() + " did you forget to declare it in a META-INF/services file?");
|
||||||
}
|
}
|
||||||
Authenticator authenticator = factory.create(processor.getSession());
|
Authenticator authenticator = factory.create(processor.getSession());
|
||||||
AuthenticationProcessor.logger.debugv("authenticator: {0}", factory.getId());
|
logger.debugv("authenticator: {0}", factory.getId());
|
||||||
UserModel authUser = processor.getClientSession().getAuthenticatedUser();
|
UserModel authUser = processor.getClientSession().getAuthenticatedUser();
|
||||||
|
|
||||||
if (authenticator.requiresUser() && authUser == null) {
|
if (authenticator.requiresUser() && authUser == null) {
|
||||||
|
|
@ -138,7 +148,7 @@ public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
||||||
if (!configuredFor) {
|
if (!configuredFor) {
|
||||||
if (model.isRequired()) {
|
if (model.isRequired()) {
|
||||||
if (factory.isUserSetupAllowed()) {
|
if (factory.isUserSetupAllowed()) {
|
||||||
AuthenticationProcessor.logger.debugv("authenticator SETUP_REQUIRED: {0}", factory.getId());
|
logger.debugv("authenticator SETUP_REQUIRED: {0}", factory.getId());
|
||||||
processor.getClientSession().setExecutionStatus(model.getId(), ClientSessionModel.ExecutionStatus.SETUP_REQUIRED);
|
processor.getClientSession().setExecutionStatus(model.getId(), ClientSessionModel.ExecutionStatus.SETUP_REQUIRED);
|
||||||
authenticator.setRequiredActions(processor.getSession(), processor.getRealm(), processor.getClientSession().getAuthenticatedUser());
|
authenticator.setRequiredActions(processor.getSession(), processor.getRealm(), processor.getClientSession().getAuthenticatedUser());
|
||||||
continue;
|
continue;
|
||||||
|
|
@ -152,6 +162,7 @@ public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
AuthenticationProcessor.Result context = processor.createAuthenticatorContext(model, authenticator, executions);
|
AuthenticationProcessor.Result context = processor.createAuthenticatorContext(model, authenticator, executions);
|
||||||
|
logger.debug("invoke authenticator.authenticate");
|
||||||
authenticator.authenticate(context);
|
authenticator.authenticate(context);
|
||||||
Response response = processResult(context);
|
Response response = processResult(context);
|
||||||
if (response != null) return response;
|
if (response != null) return response;
|
||||||
|
|
@ -165,12 +176,12 @@ public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
||||||
FlowStatus status = result.getStatus();
|
FlowStatus status = result.getStatus();
|
||||||
switch (status) {
|
switch (status) {
|
||||||
case SUCCESS:
|
case SUCCESS:
|
||||||
AuthenticationProcessor.logger.debugv("authenticator SUCCESS: {0}", execution.getAuthenticator());
|
logger.debugv("authenticator SUCCESS: {0}", execution.getAuthenticator());
|
||||||
processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.SUCCESS);
|
processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.SUCCESS);
|
||||||
if (execution.isAlternative()) alternativeSuccessful = true;
|
if (execution.isAlternative()) alternativeSuccessful = true;
|
||||||
return null;
|
return null;
|
||||||
case FAILED:
|
case FAILED:
|
||||||
AuthenticationProcessor.logger.debugv("authenticator FAILED: {0}", execution.getAuthenticator());
|
logger.debugv("authenticator FAILED: {0}", execution.getAuthenticator());
|
||||||
processor.logFailure();
|
processor.logFailure();
|
||||||
processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.FAILED);
|
processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.FAILED);
|
||||||
if (result.getChallenge() != null) {
|
if (result.getChallenge() != null) {
|
||||||
|
|
@ -178,14 +189,14 @@ public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
||||||
}
|
}
|
||||||
throw new AuthenticationFlowException(result.getError());
|
throw new AuthenticationFlowException(result.getError());
|
||||||
case FORK:
|
case FORK:
|
||||||
AuthenticationProcessor.logger.debugv("reset browser login from authenticator: {0}", execution.getAuthenticator());
|
logger.debugv("reset browser login from authenticator: {0}", execution.getAuthenticator());
|
||||||
processor.getClientSession().setNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, execution.getId());
|
processor.getClientSession().setNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, execution.getId());
|
||||||
throw new ForkFlowException(result.getSuccessMessage(), result.getErrorMessage());
|
throw new ForkFlowException(result.getSuccessMessage(), result.getErrorMessage());
|
||||||
case FORCE_CHALLENGE:
|
case FORCE_CHALLENGE:
|
||||||
processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED);
|
processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED);
|
||||||
return sendChallenge(result, execution);
|
return sendChallenge(result, execution);
|
||||||
case CHALLENGE:
|
case CHALLENGE:
|
||||||
AuthenticationProcessor.logger.debugv("authenticator CHALLENGE: {0}", execution.getAuthenticator());
|
logger.debugv("authenticator CHALLENGE: {0}", execution.getAuthenticator());
|
||||||
if (execution.isRequired()) {
|
if (execution.isRequired()) {
|
||||||
processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED);
|
processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED);
|
||||||
return sendChallenge(result, execution);
|
return sendChallenge(result, execution);
|
||||||
|
|
@ -203,12 +214,12 @@ public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
case FAILURE_CHALLENGE:
|
case FAILURE_CHALLENGE:
|
||||||
AuthenticationProcessor.logger.debugv("authenticator FAILURE_CHALLENGE: {0}", execution.getAuthenticator());
|
logger.debugv("authenticator FAILURE_CHALLENGE: {0}", execution.getAuthenticator());
|
||||||
processor.logFailure();
|
processor.logFailure();
|
||||||
processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED);
|
processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED);
|
||||||
return sendChallenge(result, execution);
|
return sendChallenge(result, execution);
|
||||||
case ATTEMPTED:
|
case ATTEMPTED:
|
||||||
AuthenticationProcessor.logger.debugv("authenticator ATTEMPTED: {0}", execution.getAuthenticator());
|
logger.debugv("authenticator ATTEMPTED: {0}", execution.getAuthenticator());
|
||||||
if (execution.getRequirement() == AuthenticationExecutionModel.Requirement.REQUIRED) {
|
if (execution.getRequirement() == AuthenticationExecutionModel.Requirement.REQUIRED) {
|
||||||
throw new AuthenticationFlowException(AuthenticationFlowError.INVALID_CREDENTIALS);
|
throw new AuthenticationFlowException(AuthenticationFlowError.INVALID_CREDENTIALS);
|
||||||
}
|
}
|
||||||
|
|
@ -218,8 +229,8 @@ public class DefaultAuthenticationFlow implements AuthenticationFlow {
|
||||||
AuthenticationProcessor.resetFlow(processor.getClientSession());
|
AuthenticationProcessor.resetFlow(processor.getClientSession());
|
||||||
return processor.authenticate();
|
return processor.authenticate();
|
||||||
default:
|
default:
|
||||||
AuthenticationProcessor.logger.debugv("authenticator INTERNAL_ERROR: {0}", execution.getAuthenticator());
|
logger.debugv("authenticator INTERNAL_ERROR: {0}", execution.getAuthenticator());
|
||||||
AuthenticationProcessor.logger.error("Unknown result status");
|
logger.error("Unknown result status");
|
||||||
throw new AuthenticationFlowException(AuthenticationFlowError.INTERNAL_ERROR);
|
throw new AuthenticationFlowException(AuthenticationFlowError.INTERNAL_ERROR);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue