Custom implemention of OIDC Login Protocol doesn't get executed

closes #19335
2023-03-31 15:41:11 +02:00 · 2023-03-31 15:41:11 +02:00 · 17c1b853e0
commit 17c1b853e0
parent c6a1820a47
3 changed files with 15 additions and 73 deletions
--- a/services/src/main/java/org/keycloak/authentication/authenticators/browser/SpnegoAuthenticatorFactory.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/browser/SpnegoAuthenticatorFactory.java
@ -18,6 +18,7 @@
 package org.keycloak.authentication.authenticators.browser;

 import org.keycloak.Config;
+import org.keycloak.authentication.AuthenticationFlowContext;
 import org.keycloak.authentication.Authenticator;
 import org.keycloak.authentication.AuthenticatorFactory;
 import org.keycloak.common.Profile;
@ -25,7 +26,6 @@ import org.keycloak.models.AuthenticationExecutionModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.models.UserCredentialModel;
-import org.keycloak.provider.EnvironmentDependentProviderFactory;
 import org.keycloak.provider.ProviderConfigProperty;

 import java.util.List;
@ -34,14 +34,21 @@ import java.util.List;
 * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
 * @version $Revision: 1 $
 */
-public class SpnegoAuthenticatorFactory implements AuthenticatorFactory, EnvironmentDependentProviderFactory {
+public class SpnegoAuthenticatorFactory implements AuthenticatorFactory {

    public static final String PROVIDER_ID = "auth-spnego";
    public static final SpnegoAuthenticator SINGLETON = new SpnegoAuthenticator();
+    public static final SpnegoAuthenticator SINGLETON_DISABLED = new SpnegoAuthenticator() {
+
+        @Override
+        public void authenticate(AuthenticationFlowContext context) {
+            throw new IllegalStateException("Not possible to authenticate as Kerberos feature is disabled");
+        }
+    };

    @Override
    public Authenticator create(KeycloakSession session) {
-        return SINGLETON;
+        return isKerberosFeatureEnabled() ? SINGLETON : SINGLETON_DISABLED;
    }

    @Override
@ -71,7 +78,7 @@ public class SpnegoAuthenticatorFactory implements AuthenticatorFactory, Environ

    @Override
    public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
-        return REQUIREMENT_CHOICES;
+        return isKerberosFeatureEnabled() ? REQUIREMENT_CHOICES : new AuthenticationExecutionModel.Requirement[]{ AuthenticationExecutionModel.Requirement.DISABLED };
    }


@ -87,7 +94,9 @@ public class SpnegoAuthenticatorFactory implements AuthenticatorFactory, Environ

    @Override
    public String getHelpText() {
-        return "Initiates the SPNEGO protocol.  Most often used with Kerberos.";
+        return isKerberosFeatureEnabled()
+                ? "Initiates the SPNEGO protocol.  Most often used with Kerberos."
+                : "DISABLED. Please enable Kerberos feature and make sure Kerberos available in your platform. Initiates the SPNEGO protocol. Most often used with Kerberos.";
    }

    @Override
@ -100,8 +109,7 @@ public class SpnegoAuthenticatorFactory implements AuthenticatorFactory, Environ
        return false;
    }

-    @Override
-    public boolean isSupported() {
+    private boolean isKerberosFeatureEnabled() {
        return Profile.isFeatureEnabled(Profile.Feature.KERBEROS);
    }
 }
--- a/services/src/main/java/org/keycloak/authentication/authenticators/browser/SpnegoDisabledAuthenticatorFactory.java
+++ b/services/src/main/java/org/keycloak/authentication/authenticators/browser/SpnegoDisabledAuthenticatorFactory.java
@ -1,65 +0,0 @@
-/*
- * Copyright 2023 Red Hat, Inc. and/or its affiliates
- *  and other contributors as indicated by the @author tags.
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-
-package org.keycloak.authentication.authenticators.browser;
-
-
-import org.keycloak.authentication.AuthenticationFlowContext;
-import org.keycloak.authentication.Authenticator;
-import org.keycloak.authentication.AuthenticatorFactory;
-import org.keycloak.common.Profile;
-import org.keycloak.models.AuthenticationExecutionModel;
-import org.keycloak.models.KeycloakSession;
-
-/**
- * Factory used only when KERBEROS feature is disabled. This exists due the KERBEROS authenticator is added by default to realm browser flow (even if DISABLED by default)
- *
- * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
- */
-public class SpnegoDisabledAuthenticatorFactory extends SpnegoAuthenticatorFactory implements AuthenticatorFactory {
-
-    @Override
-    public Authenticator create(KeycloakSession session) {
-        return new SpnegoDisabledAuthenticator();
-    }
-
-    @Override
-    public String getHelpText() {
-        return "DISABLED. Please enable Kerberos feature and make sure Kerberos available in your platform. Initiates the SPNEGO protocol. Most often used with Kerberos.";
-    }
-
-    @Override
-    public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
-        return new AuthenticationExecutionModel.Requirement[]{ AuthenticationExecutionModel.Requirement.DISABLED };
-    }
-
-    @Override
-    public boolean isSupported() {
-        return !Profile.isFeatureEnabled(Profile.Feature.KERBEROS);
-    }
-
-    public static class SpnegoDisabledAuthenticator extends SpnegoAuthenticator {
-
-        @Override
-        public void authenticate(AuthenticationFlowContext context) {
-            throw new IllegalStateException("Not possible to authenticate as Kerberos feature is disabled");
-        }
-    }
-
-}
--- a/services/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory
+++ b/services/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory
@ -21,7 +21,6 @@ org.keycloak.authentication.authenticators.browser.UsernameFormFactory
 org.keycloak.authentication.authenticators.browser.PasswordFormFactory
 org.keycloak.authentication.authenticators.browser.OTPFormAuthenticatorFactory
 org.keycloak.authentication.authenticators.browser.SpnegoAuthenticatorFactory
-org.keycloak.authentication.authenticators.browser.SpnegoDisabledAuthenticatorFactory
 org.keycloak.authentication.authenticators.browser.IdentityProviderAuthenticatorFactory
 org.keycloak.authentication.authenticators.conditional.ConditionalRoleAuthenticatorFactory
 org.keycloak.authentication.authenticators.conditional.ConditionalUserConfiguredAuthenticatorFactory