diff --git a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java index 55ee368a86..ea27cf5ac9 100755 --- a/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java +++ b/services/src/main/java/org/keycloak/services/resources/LoginActionsService.java @@ -236,6 +236,10 @@ public class LoginActionsService { return checks.getResponse(); } + event.user(authSession.getAuthenticatedUser()); + event.detail(Details.USERNAME, authSession.getAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME)); + event.detail(Details.AUTH_METHOD, authSession.getProtocol()); + String flowPath = authSession.getClientNote(AuthorizationEndpointBase.APP_INITIATED_FLOW); if (flowPath == null) { flowPath = AUTHENTICATE_PATH; @@ -256,6 +260,7 @@ public class LoginActionsService { URI redirectUri = getLastExecutionUrl(flowPath, null, authSession.getClient().getClientId(), authSession.getTabId(), AuthenticationProcessor.getClientData(session, authSession)); logger.debugf("Flow restart requested. Redirecting to %s", redirectUri); + event.success(); return Response.status(Response.Status.FOUND).location(redirectUri).build(); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/MultiFactorAuthenticationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/MultiFactorAuthenticationTest.java index 2381f7d334..eabe708dfa 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/MultiFactorAuthenticationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/MultiFactorAuthenticationTest.java @@ -33,9 +33,12 @@ import org.keycloak.authentication.authenticators.browser.PasswordFormFactory; import org.keycloak.authentication.authenticators.browser.UsernameFormFactory; import org.keycloak.authentication.authenticators.browser.WebAuthnAuthenticatorFactory; import org.keycloak.events.Details; +import org.keycloak.events.EventType; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.models.utils.TimeBasedOTP; +import org.keycloak.protocol.oidc.OIDCLoginProtocol; import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.client.KeycloakTestingClient; @@ -285,6 +288,7 @@ public class MultiFactorAuthenticationTest extends AbstractTestRealmKeycloakTest @Test public void testUsernameLabelAndResetLogin() { try { + UserRepresentation user = testRealm().users().search("user-with-one-configured-otp").get(0); configureBrowserFlowWithAlternativeCredentials(); // The "attempted username" with username not yet available on the login screen @@ -306,6 +310,12 @@ public class MultiFactorAuthenticationTest extends AbstractTestRealmKeycloakTest // Reset login selectAuthenticatorPage.clickResetLogin(); + events.expect(EventType.RESTART_AUTHENTICATION) + .client(oauth.getClientId()) + .user(user.getId()) + .detail(Details.USERNAME, "user-with-one-configured-otp") + .detail(Details.AUTH_METHOD, OIDCLoginProtocol.LOGIN_PROTOCOL) + .assertEvent(); // Should be back on the login page loginUsernameOnlyPage.assertCurrent(); @@ -321,7 +331,7 @@ public class MultiFactorAuthenticationTest extends AbstractTestRealmKeycloakTest // Login passwordPage.login("password"); - events.expectLogin().user(testRealm().users().search("user-with-one-configured-otp").get(0).getId()) + events.expectLogin().user(user.getId()) .detail(Details.USERNAME, "otp1@redhat.com").assertEvent(); } finally { BrowserFlowTest.revertFlows(testRealm(), "browser - alternative");