make authenticator config optional
This commit is contained in:
Bill Burke
parent
a26ade3988
commit
adff0d5da0
30 changed files with 158 additions and 264 deletions
|
|
@ -12,6 +12,9 @@
|
|||
<constraints nullable="true"/>
|
||||
</column>
|
||||
</addColumn>
|
||||
<dropColumn tableName="AUTHENTICATOR" columnName="PROVIDER_ID"/>
|
||||
<renameTable oldTableName="AUTHENTICATOR_CONFIG" newTableName="AUTHENTICATOR_CONFIG_ENTRY"/>
|
||||
<renameTable oldTableName="AUTHENTICATOR" newTableName="AUTHENTICATOR_CONFIG"/>
|
||||
<!-- OAUTH_GRANT,
|
||||
CODE_TO_TOKEN,
|
||||
VERIFY_EMAIL,
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@
|
|||
<class>org.keycloak.models.jpa.entities.UserConsentProtocolMapperEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.AuthenticationFlowEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.AuthenticationExecutionEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.AuthenticatorEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.AuthenticatorConfigEntity</class>
|
||||
<class>org.keycloak.models.jpa.entities.RequiredActionProviderEntity</class>
|
||||
|
||||
<!-- JpaUserSessionProvider -->
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ public class AuthenticationExecutionModel implements Serializable {
|
|||
}
|
||||
|
||||
private String id;
|
||||
private String authenticatorConfig;
|
||||
private String authenticator;
|
||||
private boolean autheticatorFlow;
|
||||
private Requirement requirement;
|
||||
|
|
@ -35,6 +36,14 @@ public class AuthenticationExecutionModel implements Serializable {
|
|||
this.id = id;
|
||||
}
|
||||
|
||||
public String getAuthenticatorConfig() {
|
||||
return authenticatorConfig;
|
||||
}
|
||||
|
||||
public void setAuthenticatorConfig(String authenticatorConfig) {
|
||||
this.authenticatorConfig = authenticatorConfig;
|
||||
}
|
||||
|
||||
public String getAuthenticator() {
|
||||
return authenticator;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,12 +8,11 @@ import java.util.Map;
|
|||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class AuthenticatorModel implements Serializable {
|
||||
public class AuthenticatorConfigModel implements Serializable {
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
private String id;
|
||||
private String alias;
|
||||
private String providerId;
|
||||
private Map<String, String> config = new HashMap<String, String>();
|
||||
|
||||
|
||||
|
|
@ -33,14 +32,6 @@ public class AuthenticatorModel implements Serializable {
|
|||
this.alias = alias;
|
||||
}
|
||||
|
||||
public String getProviderId() {
|
||||
return providerId;
|
||||
}
|
||||
|
||||
public void setProviderId(String providerId) {
|
||||
this.providerId = providerId;
|
||||
}
|
||||
|
||||
public Map<String, String> getConfig() {
|
||||
return config;
|
||||
}
|
||||
|
|
@ -193,11 +193,11 @@ public interface RealmModel extends RoleContainerModel {
|
|||
void removeAuthenticatorExecution(AuthenticationExecutionModel model);
|
||||
|
||||
|
||||
List<AuthenticatorModel> getAuthenticators();
|
||||
AuthenticatorModel addAuthenticator(AuthenticatorModel model);
|
||||
void updateAuthenticator(AuthenticatorModel model);
|
||||
void removeAuthenticator(AuthenticatorModel model);
|
||||
AuthenticatorModel getAuthenticatorById(String id);
|
||||
List<AuthenticatorConfigModel> getAuthenticatorConfigs();
|
||||
AuthenticatorConfigModel addAuthenticatorConfig(AuthenticatorConfigModel model);
|
||||
void updateAuthenticatorConfig(AuthenticatorConfigModel model);
|
||||
void removeAuthenticatorConfig(AuthenticatorConfigModel model);
|
||||
AuthenticatorConfigModel getAuthenticatorConfigById(String id);
|
||||
|
||||
List<RequiredActionProviderModel> getRequiredActionProviders();
|
||||
RequiredActionProviderModel addRequiredActionProvider(RequiredActionProviderModel model);
|
||||
|
|
|
|||
|
|
@ -6,10 +6,9 @@ import java.util.Map;
|
|||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class AuthenticatorEntity {
|
||||
public class AuthenticatorConfigEntity {
|
||||
protected String id;
|
||||
protected String alias;
|
||||
protected String providerId;
|
||||
private Map<String, String> config;
|
||||
|
||||
public String getId() {
|
||||
|
|
@ -28,14 +27,6 @@ public class AuthenticatorEntity {
|
|||
this.alias = alias;
|
||||
}
|
||||
|
||||
public String getProviderId() {
|
||||
return providerId;
|
||||
}
|
||||
|
||||
public void setProviderId(String providerId) {
|
||||
this.providerId = providerId;
|
||||
}
|
||||
|
||||
public Map<String, String> getConfig() {
|
||||
return config;
|
||||
}
|
||||
|
|
@ -2,10 +2,8 @@ package org.keycloak.models.entities;
|
|||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
|
|
@ -77,7 +75,7 @@ public class RealmEntity extends AbstractIdentifiableEntity {
|
|||
private String defaultLocale;
|
||||
private List<IdentityProviderMapperEntity> identityProviderMappers = new ArrayList<IdentityProviderMapperEntity>();
|
||||
private List<AuthenticationFlowEntity> authenticationFlows = new ArrayList<>();
|
||||
private List<AuthenticatorEntity> authenticators = new ArrayList<>();
|
||||
private List<AuthenticatorConfigEntity> authenticatorConfigs = new ArrayList<>();
|
||||
private List<RequiredActionProviderEntity> requiredActionProviders = new ArrayList<>();
|
||||
|
||||
|
||||
|
|
@ -496,12 +494,12 @@ public class RealmEntity extends AbstractIdentifiableEntity {
|
|||
this.authenticationFlows = authenticationFlows;
|
||||
}
|
||||
|
||||
public List<AuthenticatorEntity> getAuthenticators() {
|
||||
return authenticators;
|
||||
public List<AuthenticatorConfigEntity> getAuthenticatorConfigs() {
|
||||
return authenticatorConfigs;
|
||||
}
|
||||
|
||||
public void setAuthenticators(List<AuthenticatorEntity> authenticators) {
|
||||
this.authenticators = authenticators;
|
||||
public void setAuthenticatorConfigs(List<AuthenticatorConfigEntity> authenticators) {
|
||||
this.authenticatorConfigs = authenticators;
|
||||
}
|
||||
|
||||
public List<RequiredActionProviderEntity> getRequiredActionProviders() {
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ package org.keycloak.models.utils;
|
|||
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticationFlowModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
||||
/**
|
||||
|
|
@ -15,26 +15,6 @@ public class DefaultAuthenticationFlows {
|
|||
public static final String FORMS_FLOW = "forms";
|
||||
|
||||
public static void addFlows(RealmModel realm) {
|
||||
AuthenticatorModel model = new AuthenticatorModel();
|
||||
model.setProviderId("auth-cookie");
|
||||
model.setAlias("Cookie");
|
||||
AuthenticatorModel cookieAuth = realm.addAuthenticator(model);
|
||||
|
||||
model = new AuthenticatorModel();
|
||||
model.setProviderId("auth-username-password-form");
|
||||
model.setAlias("Username Password Form");
|
||||
AuthenticatorModel usernamePasswordForm = realm.addAuthenticator(model);
|
||||
|
||||
model = new AuthenticatorModel();
|
||||
model.setProviderId("auth-otp-form");
|
||||
model.setAlias("Single OTP Form");
|
||||
AuthenticatorModel otpForm = realm.addAuthenticator(model);
|
||||
|
||||
model = new AuthenticatorModel();
|
||||
model.setProviderId("auth-spnego");
|
||||
model.setAlias("Kerberos");
|
||||
AuthenticatorModel kerberos = realm.addAuthenticator(model);
|
||||
|
||||
AuthenticationFlowModel browser = new AuthenticationFlowModel();
|
||||
browser.setAlias(BROWSER_FLOW);
|
||||
browser.setDescription("browser based authentication");
|
||||
|
|
@ -42,7 +22,7 @@ public class DefaultAuthenticationFlows {
|
|||
AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
|
||||
execution.setParentFlow(browser.getId());
|
||||
execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
|
||||
execution.setAuthenticator(cookieAuth.getId());
|
||||
execution.setAuthenticator("auth-cookie");
|
||||
execution.setPriority(10);
|
||||
execution.setUserSetupAllowed(false);
|
||||
execution.setAutheticatorFlow(false);
|
||||
|
|
@ -50,7 +30,7 @@ public class DefaultAuthenticationFlows {
|
|||
execution = new AuthenticationExecutionModel();
|
||||
execution.setParentFlow(browser.getId());
|
||||
execution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED);
|
||||
execution.setAuthenticator(kerberos.getId());
|
||||
execution.setAuthenticator("auth-spnego");
|
||||
execution.setPriority(20);
|
||||
execution.setUserSetupAllowed(false);
|
||||
execution.setAutheticatorFlow(false);
|
||||
|
|
@ -75,7 +55,7 @@ public class DefaultAuthenticationFlows {
|
|||
execution = new AuthenticationExecutionModel();
|
||||
execution.setParentFlow(forms.getId());
|
||||
execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
|
||||
execution.setAuthenticator(usernamePasswordForm.getId());
|
||||
execution.setAuthenticator("auth-username-password-form");
|
||||
execution.setPriority(10);
|
||||
execution.setUserSetupAllowed(false);
|
||||
execution.setAutheticatorFlow(false);
|
||||
|
|
@ -85,7 +65,7 @@ public class DefaultAuthenticationFlows {
|
|||
execution = new AuthenticationExecutionModel();
|
||||
execution.setParentFlow(forms.getId());
|
||||
execution.setRequirement(AuthenticationExecutionModel.Requirement.OPTIONAL);
|
||||
execution.setAuthenticator(otpForm.getId());
|
||||
execution.setAuthenticator("auth-otp-form");
|
||||
execution.setPriority(20);
|
||||
execution.setUserSetupAllowed(true);
|
||||
execution.setAutheticatorFlow(false);
|
||||
|
|
|
|||
|
|
@ -1,8 +1,5 @@
|
|||
package org.keycloak.models.utils;
|
||||
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticationFlowModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RequiredActionProviderModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ import org.keycloak.connections.file.InMemoryModel;
|
|||
import org.keycloak.enums.SslRequired;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticationFlowModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.IdentityProviderMapperModel;
|
||||
import org.keycloak.models.IdentityProviderModel;
|
||||
|
|
@ -38,7 +38,7 @@ import org.keycloak.models.UserFederationProviderModel;
|
|||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.entities.AuthenticationExecutionEntity;
|
||||
import org.keycloak.models.entities.AuthenticationFlowEntity;
|
||||
import org.keycloak.models.entities.AuthenticatorEntity;
|
||||
import org.keycloak.models.entities.AuthenticatorConfigEntity;
|
||||
import org.keycloak.models.entities.ClientEntity;
|
||||
import org.keycloak.models.entities.IdentityProviderMapperEntity;
|
||||
import org.keycloak.models.entities.RealmEntity;
|
||||
|
|
@ -1373,44 +1373,43 @@ public class RealmAdapter implements RealmModel {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<AuthenticatorModel> getAuthenticators() {
|
||||
List<AuthenticatorModel> authenticators = new LinkedList<>();
|
||||
for (AuthenticatorEntity entity : realm.getAuthenticators()) {
|
||||
public List<AuthenticatorConfigModel> getAuthenticatorConfigs() {
|
||||
List<AuthenticatorConfigModel> authenticators = new LinkedList<>();
|
||||
for (AuthenticatorConfigEntity entity : realm.getAuthenticatorConfigs()) {
|
||||
authenticators.add(entityToModel(entity));
|
||||
}
|
||||
return authenticators;
|
||||
}
|
||||
|
||||
@Override
|
||||
public AuthenticatorModel addAuthenticator(AuthenticatorModel model) {
|
||||
AuthenticatorEntity auth = new AuthenticatorEntity();
|
||||
public AuthenticatorConfigModel addAuthenticatorConfig(AuthenticatorConfigModel model) {
|
||||
AuthenticatorConfigEntity auth = new AuthenticatorConfigEntity();
|
||||
auth.setId(KeycloakModelUtils.generateId());
|
||||
auth.setAlias(model.getAlias());
|
||||
auth.setProviderId(model.getProviderId());
|
||||
auth.setConfig(model.getConfig());
|
||||
realm.getAuthenticators().add(auth);
|
||||
realm.getAuthenticatorConfigs().add(auth);
|
||||
model.setId(auth.getId());
|
||||
return model;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeAuthenticator(AuthenticatorModel model) {
|
||||
AuthenticatorEntity entity = getAuthenticatorEntity(model.getId());
|
||||
public void removeAuthenticatorConfig(AuthenticatorConfigModel model) {
|
||||
AuthenticatorConfigEntity entity = getAuthenticatorEntity(model.getId());
|
||||
if (entity == null) return;
|
||||
realm.getAuthenticators().remove(entity);
|
||||
realm.getAuthenticatorConfigs().remove(entity);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public AuthenticatorModel getAuthenticatorById(String id) {
|
||||
AuthenticatorEntity entity = getAuthenticatorEntity(id);
|
||||
public AuthenticatorConfigModel getAuthenticatorConfigById(String id) {
|
||||
AuthenticatorConfigEntity entity = getAuthenticatorEntity(id);
|
||||
if (entity == null) return null;
|
||||
return entityToModel(entity);
|
||||
}
|
||||
|
||||
public AuthenticatorEntity getAuthenticatorEntity(String id) {
|
||||
AuthenticatorEntity entity = null;
|
||||
for (AuthenticatorEntity auth : realm.getAuthenticators()) {
|
||||
public AuthenticatorConfigEntity getAuthenticatorEntity(String id) {
|
||||
AuthenticatorConfigEntity entity = null;
|
||||
for (AuthenticatorConfigEntity auth : realm.getAuthenticatorConfigs()) {
|
||||
if (auth.getId().equals(id)) {
|
||||
entity = auth;
|
||||
break;
|
||||
|
|
@ -1419,10 +1418,9 @@ public class RealmAdapter implements RealmModel {
|
|||
return entity;
|
||||
}
|
||||
|
||||
public AuthenticatorModel entityToModel(AuthenticatorEntity entity) {
|
||||
AuthenticatorModel model = new AuthenticatorModel();
|
||||
public AuthenticatorConfigModel entityToModel(AuthenticatorConfigEntity entity) {
|
||||
AuthenticatorConfigModel model = new AuthenticatorConfigModel();
|
||||
model.setId(entity.getId());
|
||||
model.setProviderId(entity.getProviderId());
|
||||
model.setAlias(entity.getAlias());
|
||||
Map<String, String> config = new HashMap<>();
|
||||
if (entity.getConfig() != null) config.putAll(entity.getConfig());
|
||||
|
|
@ -1431,11 +1429,10 @@ public class RealmAdapter implements RealmModel {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void updateAuthenticator(AuthenticatorModel model) {
|
||||
AuthenticatorEntity entity = getAuthenticatorEntity(model.getId());
|
||||
public void updateAuthenticatorConfig(AuthenticatorConfigModel model) {
|
||||
AuthenticatorConfigEntity entity = getAuthenticatorEntity(model.getId());
|
||||
if (entity == null) return;
|
||||
entity.setAlias(model.getAlias());
|
||||
entity.setProviderId(model.getProviderId());
|
||||
if (entity.getConfig() == null) {
|
||||
entity.setConfig(model.getConfig());
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ import org.keycloak.Config;
|
|||
import org.keycloak.enums.SslRequired;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticationFlowModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.IdentityProviderMapperModel;
|
||||
import org.keycloak.models.IdentityProviderModel;
|
||||
|
|
@ -1095,37 +1095,37 @@ public class RealmAdapter implements RealmModel {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<AuthenticatorModel> getAuthenticators() {
|
||||
if (updated != null) return updated.getAuthenticators();
|
||||
List<AuthenticatorModel> models = new ArrayList<>();
|
||||
models.addAll(cached.getAuthenticators().values());
|
||||
public List<AuthenticatorConfigModel> getAuthenticatorConfigs() {
|
||||
if (updated != null) return updated.getAuthenticatorConfigs();
|
||||
List<AuthenticatorConfigModel> models = new ArrayList<>();
|
||||
models.addAll(cached.getAuthenticatorConfigs().values());
|
||||
return models;
|
||||
}
|
||||
|
||||
@Override
|
||||
public AuthenticatorModel addAuthenticator(AuthenticatorModel model) {
|
||||
public AuthenticatorConfigModel addAuthenticatorConfig(AuthenticatorConfigModel model) {
|
||||
getDelegateForUpdate();
|
||||
return updated.addAuthenticator(model);
|
||||
return updated.addAuthenticatorConfig(model);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void updateAuthenticator(AuthenticatorModel model) {
|
||||
public void updateAuthenticatorConfig(AuthenticatorConfigModel model) {
|
||||
getDelegateForUpdate();
|
||||
updated.updateAuthenticator(model);
|
||||
updated.updateAuthenticatorConfig(model);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeAuthenticator(AuthenticatorModel model) {
|
||||
public void removeAuthenticatorConfig(AuthenticatorConfigModel model) {
|
||||
getDelegateForUpdate();
|
||||
updated.removeAuthenticator(model);
|
||||
updated.removeAuthenticatorConfig(model);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public AuthenticatorModel getAuthenticatorById(String id) {
|
||||
if (updated != null) return updated.getAuthenticatorById(id);
|
||||
return cached.getAuthenticators().get(id);
|
||||
public AuthenticatorConfigModel getAuthenticatorConfigById(String id) {
|
||||
if (updated != null) return updated.getAuthenticatorConfigById(id);
|
||||
return cached.getAuthenticatorConfigs().get(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ package org.keycloak.models.cache.entities;
|
|||
import org.keycloak.enums.SslRequired;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticationFlowModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.IdentityProviderMapperModel;
|
||||
import org.keycloak.models.IdentityProviderModel;
|
||||
|
|
@ -83,7 +83,7 @@ public class CachedRealm implements Serializable {
|
|||
private Map<String, String> browserSecurityHeaders = new HashMap<String, String>();
|
||||
private Map<String, String> smtpConfig = new HashMap<String, String>();
|
||||
private Map<String, AuthenticationFlowModel> authenticationFlows = new HashMap<>();
|
||||
private Map<String, AuthenticatorModel> authenticators = new HashMap<>();
|
||||
private Map<String, AuthenticatorConfigModel> authenticatorConfigs = new HashMap<>();
|
||||
private Map<String, RequiredActionProviderModel> requiredActionProviders = new HashMap<>();
|
||||
private Map<String, RequiredActionProviderModel> requiredActionProvidersByAlias = new HashMap<>();
|
||||
private MultivaluedHashMap<String, AuthenticationExecutionModel> authenticationExecutions = new MultivaluedHashMap<>();
|
||||
|
|
@ -202,8 +202,8 @@ public class CachedRealm implements Serializable {
|
|||
executionsById.put(execution.getId(), execution);
|
||||
}
|
||||
}
|
||||
for (AuthenticatorModel authenticator : model.getAuthenticators()) {
|
||||
authenticators.put(authenticator.getId(), authenticator);
|
||||
for (AuthenticatorConfigModel authenticator : model.getAuthenticatorConfigs()) {
|
||||
authenticatorConfigs.put(authenticator.getId(), authenticator);
|
||||
}
|
||||
for (RequiredActionProviderModel action : model.getRequiredActionProviders()) {
|
||||
requiredActionProviders.put(action.getId(), action);
|
||||
|
|
@ -436,8 +436,8 @@ public class CachedRealm implements Serializable {
|
|||
return authenticationFlows;
|
||||
}
|
||||
|
||||
public Map<String, AuthenticatorModel> getAuthenticators() {
|
||||
return authenticators;
|
||||
public Map<String, AuthenticatorConfigModel> getAuthenticatorConfigs() {
|
||||
return authenticatorConfigs;
|
||||
}
|
||||
|
||||
public MultivaluedHashMap<String, AuthenticationExecutionModel> getAuthenticationExecutions() {
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ package org.keycloak.models.jpa;
|
|||
import org.keycloak.enums.SslRequired;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticationFlowModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.IdentityProviderMapperModel;
|
||||
import org.keycloak.models.IdentityProviderModel;
|
||||
|
|
@ -20,7 +20,7 @@ import org.keycloak.models.UserFederationProviderCreationEventImpl;
|
|||
import org.keycloak.models.UserFederationProviderModel;
|
||||
import org.keycloak.models.jpa.entities.AuthenticationExecutionEntity;
|
||||
import org.keycloak.models.jpa.entities.AuthenticationFlowEntity;
|
||||
import org.keycloak.models.jpa.entities.AuthenticatorEntity;
|
||||
import org.keycloak.models.jpa.entities.AuthenticatorConfigEntity;
|
||||
import org.keycloak.models.jpa.entities.ClientEntity;
|
||||
import org.keycloak.models.jpa.entities.IdentityProviderEntity;
|
||||
import org.keycloak.models.jpa.entities.IdentityProviderMapperEntity;
|
||||
|
|
@ -1661,14 +1661,13 @@ public class RealmAdapter implements RealmModel {
|
|||
}
|
||||
|
||||
@Override
|
||||
public AuthenticatorModel addAuthenticator(AuthenticatorModel model) {
|
||||
AuthenticatorEntity auth = new AuthenticatorEntity();
|
||||
public AuthenticatorConfigModel addAuthenticatorConfig(AuthenticatorConfigModel model) {
|
||||
AuthenticatorConfigEntity auth = new AuthenticatorConfigEntity();
|
||||
auth.setId(KeycloakModelUtils.generateId());
|
||||
auth.setAlias(model.getAlias());
|
||||
auth.setRealm(realm);
|
||||
auth.setProviderId(model.getProviderId());
|
||||
auth.setConfig(model.getConfig());
|
||||
realm.getAuthenticators().add(auth);
|
||||
realm.getAuthenticatorConfigs().add(auth);
|
||||
em.persist(auth);
|
||||
em.flush();
|
||||
model.setId(auth.getId());
|
||||
|
|
@ -1676,8 +1675,8 @@ public class RealmAdapter implements RealmModel {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void removeAuthenticator(AuthenticatorModel model) {
|
||||
AuthenticatorEntity entity = em.find(AuthenticatorEntity.class, model.getId());
|
||||
public void removeAuthenticatorConfig(AuthenticatorConfigModel model) {
|
||||
AuthenticatorConfigEntity entity = em.find(AuthenticatorConfigEntity.class, model.getId());
|
||||
if (entity == null) return;
|
||||
em.remove(entity);
|
||||
em.flush();
|
||||
|
|
@ -1685,16 +1684,15 @@ public class RealmAdapter implements RealmModel {
|
|||
}
|
||||
|
||||
@Override
|
||||
public AuthenticatorModel getAuthenticatorById(String id) {
|
||||
AuthenticatorEntity entity = em.find(AuthenticatorEntity.class, id);
|
||||
public AuthenticatorConfigModel getAuthenticatorConfigById(String id) {
|
||||
AuthenticatorConfigEntity entity = em.find(AuthenticatorConfigEntity.class, id);
|
||||
if (entity == null) return null;
|
||||
return entityToModel(entity);
|
||||
}
|
||||
|
||||
public AuthenticatorModel entityToModel(AuthenticatorEntity entity) {
|
||||
AuthenticatorModel model = new AuthenticatorModel();
|
||||
public AuthenticatorConfigModel entityToModel(AuthenticatorConfigEntity entity) {
|
||||
AuthenticatorConfigModel model = new AuthenticatorConfigModel();
|
||||
model.setId(entity.getId());
|
||||
model.setProviderId(entity.getProviderId());
|
||||
model.setAlias(entity.getAlias());
|
||||
Map<String, String> config = new HashMap<>();
|
||||
if (entity.getConfig() != null) config.putAll(entity.getConfig());
|
||||
|
|
@ -1703,11 +1701,10 @@ public class RealmAdapter implements RealmModel {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void updateAuthenticator(AuthenticatorModel model) {
|
||||
AuthenticatorEntity entity = em.find(AuthenticatorEntity.class, model.getId());
|
||||
public void updateAuthenticatorConfig(AuthenticatorConfigModel model) {
|
||||
AuthenticatorConfigEntity entity = em.find(AuthenticatorConfigEntity.class, model.getId());
|
||||
if (entity == null) return;
|
||||
entity.setAlias(model.getAlias());
|
||||
entity.setProviderId(model.getProviderId());
|
||||
if (entity.getConfig() == null) {
|
||||
entity.setConfig(model.getConfig());
|
||||
} else {
|
||||
|
|
@ -1719,9 +1716,9 @@ public class RealmAdapter implements RealmModel {
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<AuthenticatorModel> getAuthenticators() {
|
||||
List<AuthenticatorModel> authenticators = new LinkedList<>();
|
||||
for (AuthenticatorEntity entity : realm.getAuthenticators()) {
|
||||
public List<AuthenticatorConfigModel> getAuthenticatorConfigs() {
|
||||
List<AuthenticatorConfigModel> authenticators = new LinkedList<>();
|
||||
for (AuthenticatorConfigEntity entity : realm.getAuthenticatorConfigs()) {
|
||||
authenticators.add(entityToModel(entity));
|
||||
}
|
||||
return authenticators;
|
||||
|
|
|
|||
|
|
@ -1,24 +1,18 @@
|
|||
package org.keycloak.models.jpa.entities;
|
||||
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
|
||||
import javax.persistence.CascadeType;
|
||||
import javax.persistence.CollectionTable;
|
||||
import javax.persistence.Column;
|
||||
import javax.persistence.ElementCollection;
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.FetchType;
|
||||
import javax.persistence.Id;
|
||||
import javax.persistence.JoinColumn;
|
||||
import javax.persistence.ManyToOne;
|
||||
import javax.persistence.MapKeyColumn;
|
||||
import javax.persistence.NamedQueries;
|
||||
import javax.persistence.NamedQuery;
|
||||
import javax.persistence.OneToMany;
|
||||
import javax.persistence.Table;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
|
|
|
|||
|
|
@ -1,32 +1,26 @@
|
|||
package org.keycloak.models.jpa.entities;
|
||||
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
|
||||
import javax.persistence.CollectionTable;
|
||||
import javax.persistence.Column;
|
||||
import javax.persistence.ElementCollection;
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.FetchType;
|
||||
import javax.persistence.Id;
|
||||
import javax.persistence.IdClass;
|
||||
import javax.persistence.JoinColumn;
|
||||
import javax.persistence.ManyToOne;
|
||||
import javax.persistence.MapKeyColumn;
|
||||
import javax.persistence.NamedQueries;
|
||||
import javax.persistence.NamedQuery;
|
||||
import javax.persistence.Table;
|
||||
import java.io.Serializable;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
@Table(name="AUTHENTICATOR")
|
||||
@Table(name="AUTHENTICATOR_CONFIG")
|
||||
@Entity
|
||||
@NamedQueries({
|
||||
@NamedQuery(name="deleteAuthenticatorsByRealm", query="delete from AuthenticatorEntity authenticator where authenticator.realm = :realm"),})
|
||||
public class AuthenticatorEntity {
|
||||
public class AuthenticatorConfigEntity {
|
||||
@Id
|
||||
@Column(name="ID", length = 36)
|
||||
protected String id;
|
||||
|
|
@ -38,13 +32,10 @@ public class AuthenticatorEntity {
|
|||
@JoinColumn(name = "REALM_ID")
|
||||
protected RealmEntity realm;
|
||||
|
||||
@Column(name="PROVIDER_ID")
|
||||
protected String providerId;
|
||||
|
||||
@ElementCollection
|
||||
@MapKeyColumn(name="NAME")
|
||||
@Column(name="VALUE")
|
||||
@CollectionTable(name="AUTHENTICATOR_CONFIG", joinColumns={ @JoinColumn(name="AUTHENTICATOR_ID") })
|
||||
@CollectionTable(name="AUTHENTICATOR_CONFIG_ENTRY", joinColumns={ @JoinColumn(name="AUTHENTICATOR_ID") })
|
||||
private Map<String, String> config;
|
||||
|
||||
public String getId() {
|
||||
|
|
@ -63,14 +54,6 @@ public class AuthenticatorEntity {
|
|||
this.alias = alias;
|
||||
}
|
||||
|
||||
public String getProviderId() {
|
||||
return providerId;
|
||||
}
|
||||
|
||||
public void setProviderId(String providerId) {
|
||||
this.providerId = providerId;
|
||||
}
|
||||
|
||||
public RealmEntity getRealm() {
|
||||
return realm;
|
||||
}
|
||||
|
|
@ -155,7 +155,7 @@ public class RealmEntity {
|
|||
Collection<IdentityProviderMapperEntity> identityProviderMappers = new ArrayList<IdentityProviderMapperEntity>();
|
||||
|
||||
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm")
|
||||
Collection<AuthenticatorEntity> authenticators = new ArrayList<>();
|
||||
Collection<AuthenticatorConfigEntity> authenticators = new ArrayList<>();
|
||||
|
||||
@OneToMany(cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "realm")
|
||||
Collection<RequiredActionProviderEntity> requiredActionProviders = new ArrayList<>();
|
||||
|
|
@ -556,11 +556,11 @@ public class RealmEntity {
|
|||
this.identityProviderMappers = identityProviderMappers;
|
||||
}
|
||||
|
||||
public Collection<AuthenticatorEntity> getAuthenticators() {
|
||||
public Collection<AuthenticatorConfigEntity> getAuthenticatorConfigs() {
|
||||
return authenticators;
|
||||
}
|
||||
|
||||
public void setAuthenticators(Collection<AuthenticatorEntity> authenticators) {
|
||||
public void setAuthenticatorConfigs(Collection<AuthenticatorConfigEntity> authenticators) {
|
||||
this.authenticators = authenticators;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
|
|||
import org.keycloak.enums.SslRequired;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticationFlowModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.IdentityProviderMapperModel;
|
||||
import org.keycloak.models.IdentityProviderModel;
|
||||
|
|
@ -25,7 +25,7 @@ import org.keycloak.models.UserFederationProviderCreationEventImpl;
|
|||
import org.keycloak.models.UserFederationProviderModel;
|
||||
import org.keycloak.models.entities.AuthenticationExecutionEntity;
|
||||
import org.keycloak.models.entities.AuthenticationFlowEntity;
|
||||
import org.keycloak.models.entities.AuthenticatorEntity;
|
||||
import org.keycloak.models.entities.AuthenticatorConfigEntity;
|
||||
import org.keycloak.models.entities.IdentityProviderEntity;
|
||||
import org.keycloak.models.entities.IdentityProviderMapperEntity;
|
||||
import org.keycloak.models.entities.RequiredActionProviderEntity;
|
||||
|
|
@ -1453,46 +1453,45 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
|||
}
|
||||
|
||||
@Override
|
||||
public List<AuthenticatorModel> getAuthenticators() {
|
||||
List<AuthenticatorModel> authenticators = new LinkedList<>();
|
||||
for (AuthenticatorEntity entity : getMongoEntity().getAuthenticators()) {
|
||||
public List<AuthenticatorConfigModel> getAuthenticatorConfigs() {
|
||||
List<AuthenticatorConfigModel> authenticators = new LinkedList<>();
|
||||
for (AuthenticatorConfigEntity entity : getMongoEntity().getAuthenticatorConfigs()) {
|
||||
authenticators.add(entityToModel(entity));
|
||||
}
|
||||
return authenticators;
|
||||
}
|
||||
|
||||
@Override
|
||||
public AuthenticatorModel addAuthenticator(AuthenticatorModel model) {
|
||||
AuthenticatorEntity auth = new AuthenticatorEntity();
|
||||
public AuthenticatorConfigModel addAuthenticatorConfig(AuthenticatorConfigModel model) {
|
||||
AuthenticatorConfigEntity auth = new AuthenticatorConfigEntity();
|
||||
auth.setId(KeycloakModelUtils.generateId());
|
||||
auth.setAlias(model.getAlias());
|
||||
auth.setProviderId(model.getProviderId());
|
||||
auth.setConfig(model.getConfig());
|
||||
realm.getAuthenticators().add(auth);
|
||||
realm.getAuthenticatorConfigs().add(auth);
|
||||
model.setId(auth.getId());
|
||||
updateMongoEntity();
|
||||
return model;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeAuthenticator(AuthenticatorModel model) {
|
||||
AuthenticatorEntity entity = getAuthenticatorEntity(model.getId());
|
||||
public void removeAuthenticatorConfig(AuthenticatorConfigModel model) {
|
||||
AuthenticatorConfigEntity entity = getAuthenticatorConfigEntity(model.getId());
|
||||
if (entity == null) return;
|
||||
getMongoEntity().getAuthenticators().remove(entity);
|
||||
getMongoEntity().getAuthenticatorConfigs().remove(entity);
|
||||
updateMongoEntity();
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public AuthenticatorModel getAuthenticatorById(String id) {
|
||||
AuthenticatorEntity entity = getAuthenticatorEntity(id);
|
||||
public AuthenticatorConfigModel getAuthenticatorConfigById(String id) {
|
||||
AuthenticatorConfigEntity entity = getAuthenticatorConfigEntity(id);
|
||||
if (entity == null) return null;
|
||||
return entityToModel(entity);
|
||||
}
|
||||
|
||||
public AuthenticatorEntity getAuthenticatorEntity(String id) {
|
||||
AuthenticatorEntity entity = null;
|
||||
for (AuthenticatorEntity auth : getMongoEntity().getAuthenticators()) {
|
||||
public AuthenticatorConfigEntity getAuthenticatorConfigEntity(String id) {
|
||||
AuthenticatorConfigEntity entity = null;
|
||||
for (AuthenticatorConfigEntity auth : getMongoEntity().getAuthenticatorConfigs()) {
|
||||
if (auth.getId().equals(id)) {
|
||||
entity = auth;
|
||||
break;
|
||||
|
|
@ -1501,10 +1500,9 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
|||
return entity;
|
||||
}
|
||||
|
||||
public AuthenticatorModel entityToModel(AuthenticatorEntity entity) {
|
||||
AuthenticatorModel model = new AuthenticatorModel();
|
||||
public AuthenticatorConfigModel entityToModel(AuthenticatorConfigEntity entity) {
|
||||
AuthenticatorConfigModel model = new AuthenticatorConfigModel();
|
||||
model.setId(entity.getId());
|
||||
model.setProviderId(entity.getProviderId());
|
||||
model.setAlias(entity.getAlias());
|
||||
Map<String, String> config = new HashMap<>();
|
||||
if (entity.getConfig() != null) config.putAll(entity.getConfig());
|
||||
|
|
@ -1513,11 +1511,10 @@ public class RealmAdapter extends AbstractMongoAdapter<MongoRealmEntity> impleme
|
|||
}
|
||||
|
||||
@Override
|
||||
public void updateAuthenticator(AuthenticatorModel model) {
|
||||
AuthenticatorEntity entity = getAuthenticatorEntity(model.getId());
|
||||
public void updateAuthenticatorConfig(AuthenticatorConfigModel model) {
|
||||
AuthenticatorConfigEntity entity = getAuthenticatorConfigEntity(model.getId());
|
||||
if (entity == null) return;
|
||||
entity.setAlias(model.getAlias());
|
||||
entity.setProviderId(model.getProviderId());
|
||||
if (entity.getConfig() == null) {
|
||||
entity.setConfig(model.getConfig());
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ import org.keycloak.events.EventBuilder;
|
|||
import org.keycloak.events.EventType;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticationFlowModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.ClientSessionModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
|
@ -26,7 +26,6 @@ import org.keycloak.util.Time;
|
|||
|
||||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.core.UriInfo;
|
||||
import java.util.HashMap;
|
||||
import java.util.Iterator;
|
||||
|
||||
/**
|
||||
|
|
@ -162,16 +161,15 @@ public class AuthenticationProcessor {
|
|||
}
|
||||
|
||||
private class Result implements AuthenticatorContext {
|
||||
AuthenticatorModel model;
|
||||
AuthenticatorConfigModel authenticatorConfig;
|
||||
AuthenticationExecutionModel execution;
|
||||
Authenticator authenticator;
|
||||
Status status;
|
||||
Response challenge;
|
||||
Error error;
|
||||
|
||||
private Result(AuthenticationExecutionModel execution, AuthenticatorModel model, Authenticator authenticator) {
|
||||
private Result(AuthenticationExecutionModel execution, Authenticator authenticator) {
|
||||
this.execution = execution;
|
||||
this.model = model;
|
||||
this.authenticator = authenticator;
|
||||
}
|
||||
|
||||
|
|
@ -186,13 +184,11 @@ public class AuthenticationProcessor {
|
|||
}
|
||||
|
||||
@Override
|
||||
public AuthenticatorModel getAuthenticatorModel() {
|
||||
return model;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setAuthenticatorModel(AuthenticatorModel model) {
|
||||
this.model = model;
|
||||
public AuthenticatorConfigModel getAuthenticatorConfig() {
|
||||
if (execution.getAuthenticatorConfig() == null) return null;
|
||||
if (authenticatorConfig != null) return authenticatorConfig;
|
||||
authenticatorConfig = realm.getAuthenticatorConfigById(execution.getAuthenticatorConfig());
|
||||
return authenticatorConfig;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -490,10 +486,9 @@ public class AuthenticationProcessor {
|
|||
if (authType != null) {
|
||||
event.detail(Details.AUTH_TYPE, authType);
|
||||
}
|
||||
AuthenticatorModel authenticatorModel = realm.getAuthenticatorById(model.getAuthenticator());
|
||||
AuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, authenticatorModel.getProviderId());
|
||||
Authenticator authenticator = factory.create(authenticatorModel);
|
||||
Result context = new Result(model, authenticatorModel, authenticator);
|
||||
AuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, model.getAuthenticator());
|
||||
Authenticator authenticator = factory.create();
|
||||
Result context = new Result(model, authenticator);
|
||||
authenticator.action(context);
|
||||
|
||||
FlowExecution flowExecution = createFlowExecution(this.flowId);
|
||||
|
|
@ -639,10 +634,9 @@ public class AuthenticationProcessor {
|
|||
|
||||
}
|
||||
|
||||
AuthenticatorModel authenticatorModel = realm.getAuthenticatorById(model.getAuthenticator());
|
||||
AuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, authenticatorModel.getProviderId());
|
||||
Authenticator authenticator = factory.create(authenticatorModel);
|
||||
logger.debugv("authenticator: {0}", authenticatorModel.getProviderId());
|
||||
AuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, model.getAuthenticator());
|
||||
Authenticator authenticator = factory.create();
|
||||
logger.debugv("authenticator: {0}", factory.getId());
|
||||
UserModel authUser = clientSession.getAuthenticatedUser();
|
||||
|
||||
if (authenticator.requiresUser() && authUser == null){
|
||||
|
|
@ -650,7 +644,7 @@ public class AuthenticationProcessor {
|
|||
clientSession.setExecutionStatus(challengedAlternativeExecution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED);
|
||||
return alternativeChallenge;
|
||||
}
|
||||
throw new AuthException("authenticator: " + authenticatorModel.getProviderId(), Error.UNKNOWN_USER);
|
||||
throw new AuthException("authenticator: " + factory.getId(), Error.UNKNOWN_USER);
|
||||
}
|
||||
boolean configuredFor = false;
|
||||
if (authenticator.requiresUser() && authUser != null) {
|
||||
|
|
@ -658,7 +652,7 @@ public class AuthenticationProcessor {
|
|||
if (!configuredFor) {
|
||||
if (model.isRequired()) {
|
||||
if (model.isUserSetupAllowed()) {
|
||||
logger.debugv("authenticator SETUP_REQUIRED: {0}", authenticatorModel.getProviderId());
|
||||
logger.debugv("authenticator SETUP_REQUIRED: {0}", factory.getId());
|
||||
clientSession.setExecutionStatus(model.getId(), ClientSessionModel.ExecutionStatus.SETUP_REQUIRED);
|
||||
authenticator.setRequiredActions(session, realm, clientSession.getAuthenticatedUser());
|
||||
continue;
|
||||
|
|
@ -671,7 +665,7 @@ public class AuthenticationProcessor {
|
|||
}
|
||||
}
|
||||
}
|
||||
Result context = new Result(model, authenticatorModel, authenticator);
|
||||
Result context = new Result(model, authenticator);
|
||||
authenticator.authenticate(context);
|
||||
Response response = processResult(context);
|
||||
if (response != null) return response;
|
||||
|
|
@ -682,15 +676,14 @@ public class AuthenticationProcessor {
|
|||
|
||||
public Response processResult(Result result) {
|
||||
AuthenticationExecutionModel execution = result.getExecution();
|
||||
AuthenticatorModel authenticatorModel = result.getAuthenticatorModel();
|
||||
Status status = result.getStatus();
|
||||
if (status == Status.SUCCESS){
|
||||
logger.debugv("authenticator SUCCESS: {0}", authenticatorModel.getProviderId());
|
||||
logger.debugv("authenticator SUCCESS: {0}", execution.getAuthenticator());
|
||||
clientSession.setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.SUCCESS);
|
||||
if (execution.isAlternative()) alternativeSuccessful = true;
|
||||
return null;
|
||||
} else if (status == Status.FAILED) {
|
||||
logger.debugv("authenticator FAILED: {0}", authenticatorModel.getProviderId());
|
||||
logger.debugv("authenticator FAILED: {0}", execution.getAuthenticator());
|
||||
logFailure();
|
||||
clientSession.setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.FAILED);
|
||||
if (result.challenge != null) {
|
||||
|
|
@ -701,7 +694,7 @@ public class AuthenticationProcessor {
|
|||
clientSession.setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED);
|
||||
return sendChallenge(result, execution);
|
||||
} else if (status == Status.CHALLENGE) {
|
||||
logger.debugv("authenticator CHALLENGE: {0}", authenticatorModel.getProviderId());
|
||||
logger.debugv("authenticator CHALLENGE: {0}", execution.getAuthenticator());
|
||||
if (execution.isRequired()) {
|
||||
clientSession.setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED);
|
||||
return sendChallenge(result, execution);
|
||||
|
|
@ -719,19 +712,19 @@ public class AuthenticationProcessor {
|
|||
}
|
||||
return null;
|
||||
} else if (status == Status.FAILURE_CHALLENGE) {
|
||||
logger.debugv("authenticator FAILURE_CHALLENGE: {0}", authenticatorModel.getProviderId());
|
||||
logger.debugv("authenticator FAILURE_CHALLENGE: {0}", execution.getAuthenticator());
|
||||
logFailure();
|
||||
clientSession.setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED);
|
||||
return sendChallenge(result, execution);
|
||||
} else if (status == Status.ATTEMPTED) {
|
||||
logger.debugv("authenticator ATTEMPTED: {0}", authenticatorModel.getProviderId());
|
||||
logger.debugv("authenticator ATTEMPTED: {0}", execution.getAuthenticator());
|
||||
if (execution.getRequirement() == AuthenticationExecutionModel.Requirement.REQUIRED) {
|
||||
throw new AuthException(Error.INVALID_CREDENTIALS);
|
||||
}
|
||||
clientSession.setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.ATTEMPTED);
|
||||
return null;
|
||||
} else {
|
||||
logger.debugv("authenticator INTERNAL_ERROR: {0}", authenticatorModel.getProviderId());
|
||||
logger.debugv("authenticator INTERNAL_ERROR: {0}", execution.getAuthenticator());
|
||||
logger.error("Unknown result status");
|
||||
throw new AuthException(Error.INTERNAL_ERROR);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,14 +4,13 @@ import org.jboss.resteasy.spi.HttpRequest;
|
|||
import org.keycloak.ClientConnection;
|
||||
import org.keycloak.events.EventBuilder;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.ClientSessionModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
import org.keycloak.services.managers.BruteForceProtector;
|
||||
import org.keycloak.services.managers.ClientSessionCode;
|
||||
|
||||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.core.UriInfo;
|
||||
|
|
@ -27,9 +26,7 @@ public interface AuthenticatorContext {
|
|||
|
||||
void setExecution(AuthenticationExecutionModel execution);
|
||||
|
||||
AuthenticatorModel getAuthenticatorModel();
|
||||
|
||||
void setAuthenticatorModel(AuthenticatorModel model);
|
||||
AuthenticatorConfigModel getAuthenticatorConfig();
|
||||
|
||||
String getAction();
|
||||
|
||||
|
|
|
|||
|
|
@ -1,18 +1,16 @@
|
|||
package org.keycloak.authentication;
|
||||
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.provider.ConfiguredProvider;
|
||||
import org.keycloak.provider.ProviderFactory;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public interface AuthenticatorFactory extends ProviderFactory<Authenticator>, ConfiguredProvider {
|
||||
Authenticator create(AuthenticatorModel model);
|
||||
Authenticator create();
|
||||
String getDisplayType();
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
package org.keycloak.authentication;
|
||||
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
|
||||
import java.util.LinkedList;
|
||||
|
|
@ -36,8 +36,7 @@ public class AuthenticatorUtil {
|
|||
if (recurse != null) return recurse;
|
||||
|
||||
}
|
||||
AuthenticatorModel authenticator = realm.getAuthenticatorById(model.getAuthenticator());
|
||||
if (authenticator.getProviderId().equals(authProviderId)) {
|
||||
if (model.getAuthenticator().equals(authProviderId)) {
|
||||
return model;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,17 +3,12 @@ package org.keycloak.authentication;
|
|||
import org.jboss.resteasy.spi.HttpRequest;
|
||||
import org.keycloak.ClientConnection;
|
||||
import org.keycloak.events.EventBuilder;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.ClientSessionModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
import org.keycloak.services.managers.BruteForceProtector;
|
||||
import org.keycloak.services.managers.ClientSessionCode;
|
||||
|
||||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.core.UriInfo;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -4,10 +4,9 @@ import org.keycloak.Config;
|
|||
import org.keycloak.authentication.Authenticator;
|
||||
import org.keycloak.authentication.AuthenticatorFactory;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.models.UserCredentialModel;
|
||||
import org.keycloak.provider.ProviderConfigProperty;
|
||||
|
||||
import java.util.List;
|
||||
|
|
@ -20,7 +19,7 @@ public class CookieAuthenticatorFactory implements AuthenticatorFactory {
|
|||
public static final String PROVIDER_ID = "auth-cookie";
|
||||
static CookieAuthenticator SINGLETON = new CookieAuthenticator();
|
||||
@Override
|
||||
public Authenticator create(AuthenticatorModel model) {
|
||||
public Authenticator create() {
|
||||
return SINGLETON;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ import org.keycloak.authentication.Authenticator;
|
|||
import org.keycloak.authentication.AuthenticatorContext;
|
||||
import org.keycloak.events.Errors;
|
||||
import org.keycloak.login.LoginFormsProvider;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserCredentialModel;
|
||||
|
|
@ -25,11 +25,6 @@ import java.util.List;
|
|||
*/
|
||||
public class OTPFormAuthenticator extends AbstractFormAuthenticator implements Authenticator {
|
||||
public static final String TOTP_FORM_ACTION = "totp";
|
||||
protected AuthenticatorModel model;
|
||||
|
||||
public OTPFormAuthenticator(AuthenticatorModel model) {
|
||||
this.model = model;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void action(AuthenticatorContext context) {
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ import org.keycloak.Config;
|
|||
import org.keycloak.authentication.Authenticator;
|
||||
import org.keycloak.authentication.AuthenticatorFactory;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.models.UserCredentialModel;
|
||||
|
|
@ -21,8 +21,8 @@ public class OTPFormAuthenticatorFactory implements AuthenticatorFactory {
|
|||
public static final String PROVIDER_ID = "auth-otp-form";
|
||||
|
||||
@Override
|
||||
public Authenticator create(AuthenticatorModel model) {
|
||||
return new OTPFormAuthenticator(model);
|
||||
public Authenticator create() {
|
||||
return new OTPFormAuthenticator();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ import org.keycloak.Config;
|
|||
import org.keycloak.authentication.Authenticator;
|
||||
import org.keycloak.authentication.AuthenticatorFactory;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.models.UserCredentialModel;
|
||||
|
|
@ -21,7 +21,7 @@ public class SpnegoAuthenticatorFactory implements AuthenticatorFactory {
|
|||
public static final String PROVIDER_ID = "auth-spnego";
|
||||
|
||||
@Override
|
||||
public Authenticator create(AuthenticatorModel model) {
|
||||
public Authenticator create() {
|
||||
return new SpnegoAuthenticator();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import org.keycloak.authentication.Authenticator;
|
|||
import org.keycloak.authentication.AuthenticatorContext;
|
||||
import org.keycloak.events.Errors;
|
||||
import org.keycloak.login.LoginFormsProvider;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
|
|
@ -22,11 +22,6 @@ import javax.ws.rs.core.Response;
|
|||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class UsernamePasswordForm extends AbstractFormAuthenticator implements Authenticator {
|
||||
protected AuthenticatorModel model;
|
||||
|
||||
public UsernamePasswordForm(AuthenticatorModel model) {
|
||||
this.model = model;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void action(AuthenticatorContext context) {
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ import org.keycloak.Config;
|
|||
import org.keycloak.authentication.Authenticator;
|
||||
import org.keycloak.authentication.AuthenticatorFactory;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.models.UserCredentialModel;
|
||||
|
|
@ -21,8 +21,8 @@ public class UsernamePasswordFormFactory implements AuthenticatorFactory {
|
|||
public static final String PROVIDER_ID = "auth-username-password-form";
|
||||
|
||||
@Override
|
||||
public Authenticator create(AuthenticatorModel model) {
|
||||
return new UsernamePasswordForm(model);
|
||||
public Authenticator create() {
|
||||
return new UsernamePasswordForm();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -6,15 +6,12 @@ import org.jboss.resteasy.spi.NotFoundException;
|
|||
import org.keycloak.authentication.Authenticator;
|
||||
import org.keycloak.authentication.AuthenticatorFactory;
|
||||
import org.keycloak.authentication.AuthenticatorUtil;
|
||||
import org.keycloak.authentication.RequiredActionFactory;
|
||||
import org.keycloak.authentication.RequiredActionProvider;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticationFlowModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RequiredActionProviderModel;
|
||||
import org.keycloak.provider.ProviderFactory;
|
||||
|
||||
import javax.ws.rs.Consumes;
|
||||
import javax.ws.rs.DELETE;
|
||||
|
|
@ -141,8 +138,7 @@ public class AuthenticationManagementResource {
|
|||
if (!flow.getId().equals(execution.getParentFlow())) {
|
||||
rep.setSubFlow(true);
|
||||
}
|
||||
AuthenticatorModel authenticator = realm.getAuthenticatorById(execution.getAuthenticator());
|
||||
AuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, authenticator.getProviderId());
|
||||
AuthenticatorFactory factory = (AuthenticatorFactory)session.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, execution.getAuthenticator());
|
||||
if (factory.getReferenceType() == null) continue;
|
||||
rep.setReferenceType(factory.getReferenceType());
|
||||
rep.setConfigurable(factory.isConfigurable());
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ import org.keycloak.authentication.authenticators.SpnegoAuthenticatorFactory;
|
|||
import org.keycloak.authentication.authenticators.UsernamePasswordFormFactory;
|
||||
import org.keycloak.models.AuthenticationExecutionModel;
|
||||
import org.keycloak.models.AuthenticationFlowModel;
|
||||
import org.keycloak.models.AuthenticatorModel;
|
||||
import org.keycloak.models.AuthenticatorConfigModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.utils.DefaultAuthenticationFlows;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
|
|
@ -43,9 +43,8 @@ public class CredentialHelper {
|
|||
}
|
||||
|
||||
public static AuthenticationExecutionModel.Requirement getRequirement(RealmModel realm, String authenticatorProviderId, String flowAlias) {
|
||||
AuthenticatorModel authenticator = findAuthenticatorByProviderId(realm, authenticatorProviderId);
|
||||
AuthenticationFlowModel flow = findAuthenticatorFlowByAlias(realm, flowAlias);
|
||||
AuthenticationExecutionModel execution = findExecutionByAuthenticator(realm, flow.getId(), authenticator.getId());
|
||||
AuthenticationExecutionModel execution = findExecutionByAuthenticator(realm, flow.getId(), authenticatorProviderId);
|
||||
return execution.getRequirement();
|
||||
|
||||
}
|
||||
|
|
@ -56,21 +55,12 @@ public class CredentialHelper {
|
|||
}
|
||||
|
||||
public static void authenticationRequirement(RealmModel realm, String authenticatorProviderId, String flowAlias, AuthenticationExecutionModel.Requirement requirement) {
|
||||
AuthenticatorModel authenticator = findAuthenticatorByProviderId(realm, authenticatorProviderId);
|
||||
AuthenticationFlowModel flow = findAuthenticatorFlowByAlias(realm, flowAlias);
|
||||
AuthenticationExecutionModel execution = findExecutionByAuthenticator(realm, flow.getId(), authenticator.getId());
|
||||
AuthenticationExecutionModel execution = findExecutionByAuthenticator(realm, flow.getId(), authenticatorProviderId);
|
||||
execution.setRequirement(requirement);
|
||||
realm.updateAuthenticatorExecution(execution);
|
||||
}
|
||||
|
||||
public static AuthenticatorModel findAuthenticatorByProviderId(RealmModel realm, String providerId) {
|
||||
for (AuthenticatorModel model : realm.getAuthenticators()) {
|
||||
if (model.getProviderId().equals(providerId)) {
|
||||
return model;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
public static AuthenticationFlowModel findAuthenticatorFlowByAlias(RealmModel realm, String alias) {
|
||||
for (AuthenticationFlowModel model : realm.getAuthenticationFlows()) {
|
||||
if (model.getAlias().equals(alias)) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue