Custom implemention of OIDC Login Protocol doesn't get executed
closes #19335
This commit is contained in:
parent
c6a1820a47
commit
17c1b853e0
3 changed files with 15 additions and 73 deletions
|
@ -18,6 +18,7 @@
|
|||
package org.keycloak.authentication.authenticators.browser;
|
||||
|
||||
import org.keycloak.Config;
|
||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||
import org.keycloak.authentication.Authenticator;
|
||||
import org.keycloak.authentication.AuthenticatorFactory;
|
||||
import org.keycloak.common.Profile;
|
||||
|
@ -25,7 +26,6 @@ import org.keycloak.models.AuthenticationExecutionModel;
|
|||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.models.UserCredentialModel;
|
||||
import org.keycloak.provider.EnvironmentDependentProviderFactory;
|
||||
import org.keycloak.provider.ProviderConfigProperty;
|
||||
|
||||
import java.util.List;
|
||||
|
@ -34,14 +34,21 @@ import java.util.List;
|
|||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class SpnegoAuthenticatorFactory implements AuthenticatorFactory, EnvironmentDependentProviderFactory {
|
||||
public class SpnegoAuthenticatorFactory implements AuthenticatorFactory {
|
||||
|
||||
public static final String PROVIDER_ID = "auth-spnego";
|
||||
public static final SpnegoAuthenticator SINGLETON = new SpnegoAuthenticator();
|
||||
public static final SpnegoAuthenticator SINGLETON_DISABLED = new SpnegoAuthenticator() {
|
||||
|
||||
@Override
|
||||
public void authenticate(AuthenticationFlowContext context) {
|
||||
throw new IllegalStateException("Not possible to authenticate as Kerberos feature is disabled");
|
||||
}
|
||||
};
|
||||
|
||||
@Override
|
||||
public Authenticator create(KeycloakSession session) {
|
||||
return SINGLETON;
|
||||
return isKerberosFeatureEnabled() ? SINGLETON : SINGLETON_DISABLED;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -71,7 +78,7 @@ public class SpnegoAuthenticatorFactory implements AuthenticatorFactory, Environ
|
|||
|
||||
@Override
|
||||
public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
|
||||
return REQUIREMENT_CHOICES;
|
||||
return isKerberosFeatureEnabled() ? REQUIREMENT_CHOICES : new AuthenticationExecutionModel.Requirement[]{ AuthenticationExecutionModel.Requirement.DISABLED };
|
||||
}
|
||||
|
||||
|
||||
|
@ -87,7 +94,9 @@ public class SpnegoAuthenticatorFactory implements AuthenticatorFactory, Environ
|
|||
|
||||
@Override
|
||||
public String getHelpText() {
|
||||
return "Initiates the SPNEGO protocol. Most often used with Kerberos.";
|
||||
return isKerberosFeatureEnabled()
|
||||
? "Initiates the SPNEGO protocol. Most often used with Kerberos."
|
||||
: "DISABLED. Please enable Kerberos feature and make sure Kerberos available in your platform. Initiates the SPNEGO protocol. Most often used with Kerberos.";
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -100,8 +109,7 @@ public class SpnegoAuthenticatorFactory implements AuthenticatorFactory, Environ
|
|||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isSupported() {
|
||||
private boolean isKerberosFeatureEnabled() {
|
||||
return Profile.isFeatureEnabled(Profile.Feature.KERBEROS);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,65 +0,0 @@
|
|||
/*
|
||||
* Copyright 2023 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
*
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
*/
|
||||
|
||||
package org.keycloak.authentication.authenticators.browser;
|
||||
|
||||
|
||||
import org.keycloak.authentication.AuthenticationFlowContext;
|
||||
import org.keycloak.authentication.Authenticator;
|
||||
import org.keycloak.authentication.AuthenticatorFactory;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
|
||||
/**
|
||||
* Factory used only when KERBEROS feature is disabled. This exists due the KERBEROS authenticator is added by default to realm browser flow (even if DISABLED by default)
|
||||
*
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
*/
|
||||
public class SpnegoDisabledAuthenticatorFactory extends SpnegoAuthenticatorFactory implements AuthenticatorFactory {
|
||||
|
||||
@Override
|
||||
public Authenticator create(KeycloakSession session) {
|
||||
return new SpnegoDisabledAuthenticator();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getHelpText() {
|
||||
return "DISABLED. Please enable Kerberos feature and make sure Kerberos available in your platform. Initiates the SPNEGO protocol. Most often used with Kerberos.";
|
||||
}
|
||||
|
||||
@Override
|
||||
public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
|
||||
return new AuthenticationExecutionModel.Requirement[]{ AuthenticationExecutionModel.Requirement.DISABLED };
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isSupported() {
|
||||
return !Profile.isFeatureEnabled(Profile.Feature.KERBEROS);
|
||||
}
|
||||
|
||||
public static class SpnegoDisabledAuthenticator extends SpnegoAuthenticator {
|
||||
|
||||
@Override
|
||||
public void authenticate(AuthenticationFlowContext context) {
|
||||
throw new IllegalStateException("Not possible to authenticate as Kerberos feature is disabled");
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -21,7 +21,6 @@ org.keycloak.authentication.authenticators.browser.UsernameFormFactory
|
|||
org.keycloak.authentication.authenticators.browser.PasswordFormFactory
|
||||
org.keycloak.authentication.authenticators.browser.OTPFormAuthenticatorFactory
|
||||
org.keycloak.authentication.authenticators.browser.SpnegoAuthenticatorFactory
|
||||
org.keycloak.authentication.authenticators.browser.SpnegoDisabledAuthenticatorFactory
|
||||
org.keycloak.authentication.authenticators.browser.IdentityProviderAuthenticatorFactory
|
||||
org.keycloak.authentication.authenticators.conditional.ConditionalRoleAuthenticatorFactory
|
||||
org.keycloak.authentication.authenticators.conditional.ConditionalUserConfiguredAuthenticatorFactory
|
||||
|
|
Loading…
Reference in a new issue