diff --git a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/SessionsBean.java b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/SessionsBean.java index 173414e1eb..194b983a8a 100755 --- a/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/SessionsBean.java +++ b/forms/account-freemarker/src/main/java/org/keycloak/account/freemarker/model/SessionsBean.java @@ -1,9 +1,13 @@ package org.keycloak.account.freemarker.model; +import org.keycloak.models.ApplicationModel; +import org.keycloak.models.ClientModel; +import org.keycloak.models.OAuthClientModel; import org.keycloak.models.RealmModel; import org.keycloak.models.UserSessionModel; import org.keycloak.util.Time; +import java.util.ArrayList; import java.util.Date; import java.util.LinkedList; import java.util.List; @@ -50,6 +54,21 @@ public class SessionsBean { return Time.toDate(max); } + public List getApplications() { + List apps = new ArrayList(); + for (ClientModel client : session.getClientAssociations()) { + if (client instanceof ApplicationModel) apps.add(client.getClientId()); + } + return apps; + } + public List getClients() { + List apps = new ArrayList(); + for (ClientModel client : session.getClientAssociations()) { + if (client instanceof OAuthClientModel) apps.add(client.getClientId()); + } + return apps; + } + } } diff --git a/forms/common-themes/src/main/resources/theme/account/base/sessions.ftl b/forms/common-themes/src/main/resources/theme/account/base/sessions.ftl old mode 100644 new mode 100755 index e424e51c12..5c9879b1a3 --- a/forms/common-themes/src/main/resources/theme/account/base/sessions.ftl +++ b/forms/common-themes/src/main/resources/theme/account/base/sessions.ftl @@ -13,6 +13,8 @@ IP Started Expires + Applications + Clients @@ -22,6 +24,20 @@ ${session.ipAddress} ${session.started?datetime} ${session.expires?datetime} + +
    + <#list session.applications as app> +
  • ${app}
    • + +
+ + +
    + <#list session.clients as client> +
  • ${client}
    • + +
+ diff --git a/services/src/main/java/org/keycloak/services/managers/AppAuthManager.java b/services/src/main/java/org/keycloak/services/managers/AppAuthManager.java index f67357ee6e..2b2aa0874b 100755 --- a/services/src/main/java/org/keycloak/services/managers/AppAuthManager.java +++ b/services/src/main/java/org/keycloak/services/managers/AppAuthManager.java @@ -21,7 +21,7 @@ public class AppAuthManager extends AuthenticationManager { super(providerSession); } - public UserModel authenticateRequest(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) { + public AuthResult authenticateRequest(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) { AuthResult authResult = authenticateIdentityCookie(realm, uriInfo, headers); if (authResult != null) { Cookie remember = headers.getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME); @@ -29,7 +29,7 @@ public class AppAuthManager extends AuthenticationManager { // refresh the cookies! createLoginCookie(realm, authResult.getUser(), authResult.getSession(), uriInfo, rememberMe); if (rememberMe) createRememberMeCookie(realm, uriInfo); - return authResult.getUser(); + return authResult; } else { return authenticateBearerToken(realm, uriInfo, headers); } @@ -47,11 +47,11 @@ public class AppAuthManager extends AuthenticationManager { return tokenString; } - public UserModel authenticateBearerToken(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) { + public AuthResult authenticateBearerToken(RealmModel realm, UriInfo uriInfo, HttpHeaders headers) { String tokenString = extractAuthorizationHeaderToken(headers); if (tokenString == null) return null; AuthResult authResult = verifyIdentityToken(realm, uriInfo, true, tokenString); - return authResult != null ? authResult.getUser() : null; + return authResult; } } diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java index 19c441fbfc..6ea351aa5e 100755 --- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java +++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java @@ -279,6 +279,8 @@ public class RealmManager { if (application == null) { application = new ApplicationManager(this).createApplication(realm, Constants.ACCOUNT_MANAGEMENT_APP); application.setEnabled(true); + String redirectUri = contextPath + "/realms/" + realm.getName() + "/account/*"; + application.addRedirectUri(redirectUri); for (String role : AccountRoles.ALL) { application.addDefaultRole(role); diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java index 980ce585a5..85a1461626 100755 --- a/services/src/main/java/org/keycloak/services/resources/AccountService.java +++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java @@ -49,6 +49,7 @@ import org.keycloak.provider.ProviderSession; import org.keycloak.services.ForbiddenException; import org.keycloak.services.managers.AppAuthManager; import org.keycloak.services.managers.Auth; +import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.ModelToRepresentation; import org.keycloak.services.managers.SocialRequestManager; import org.keycloak.services.managers.TokenManager; @@ -148,9 +149,12 @@ public class AccountService { account = AccountLoader.load().createAccount(uriInfo).setRealm(realm); boolean passwordUpdateSupported = false; - UserModel user = authManager.authenticateRequest(realm, uriInfo, headers); - if (user != null) { - auth = new Auth(realm, user, application); + AuthenticationManager.AuthResult authResult = authManager.authenticateRequest(realm, uriInfo, headers); + if (authResult != null) { + auth = new Auth(realm, authResult.getUser(), application); + if (authResult.getSession() != null) { + authResult.getSession().associateClient(application); + } account.setUser(auth.getUser()); AuthenticationLinkModel authLinkModel = realm.getAuthenticationLink(auth.getUser()); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java index ad5cd03b14..eaf766640f 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminConsole.java @@ -18,6 +18,7 @@ import org.keycloak.models.UserModel; import org.keycloak.provider.ProviderSession; import org.keycloak.services.managers.AppAuthManager; import org.keycloak.services.managers.ApplicationManager; +import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.resources.KeycloakApplication; import org.keycloak.services.resources.TokenService; @@ -164,10 +165,11 @@ public class AdminConsole { @NoCache public Response whoAmI(final @Context HttpHeaders headers) { RealmManager realmManager = new RealmManager(session); - UserModel user = authManager.authenticateBearerToken(realm, uriInfo, headers); - if (user == null) { + AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(realm, uriInfo, headers); + if (authResult == null) { return Response.status(401).build(); } + UserModel user= authResult.getUser(); String displayName; if ((user.getFirstName() != null && !user.getFirstName().trim().equals("")) || (user.getLastName() != null && !user.getLastName().trim().equals(""))) { displayName = user.getFirstName(); diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java index 88b4be3789..8b623a63fc 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminRoot.java @@ -14,6 +14,7 @@ import org.keycloak.provider.ProviderSession; import org.keycloak.representations.AccessToken; import org.keycloak.services.managers.AppAuthManager; import org.keycloak.services.managers.Auth; +import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.TokenManager; @@ -116,8 +117,8 @@ public class AdminRoot { if (realm == null) { throw new UnauthorizedException("Unknown realm in token"); } - UserModel user = authManager.authenticateBearerToken(realm, uriInfo, headers); - if (user == null) { + AuthenticationManager.AuthResult authResult = authManager.authenticateBearerToken(realm, uriInfo, headers); + if (authResult == null) { logger.debug("Token not valid"); throw new UnauthorizedException("Bearer"); } @@ -126,7 +127,7 @@ public class AdminRoot { if (consoleApp == null) { throw new NotFoundException("Could not find admin console application"); } - Auth auth = new Auth(realm, user, consoleApp); + Auth auth = new Auth(realm, authResult.getUser(), consoleApp); return auth; diff --git a/testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java b/testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java index da3dc68683..8fb61dc41c 100755 --- a/testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java +++ b/testsuite/integration/src/main/java/org/keycloak/testutils/KeycloakServer.java @@ -201,7 +201,7 @@ public class KeycloakServer { info("Not importing realm " + rep.getRealm() + " realm already exists"); return; } - + manager.setContextPath("/auth"); RealmModel realm = manager.createRealm(rep.getId(), rep.getRealm()); manager.importRealm(rep, realm);