[KEYCLOAK-997] - Redirect directly to provider if password login is disabled and there's only one provider.
This commit is contained in:
pedroigor
parent
71b36ceb07
commit
c2ba2a70ce
5 changed files with 49 additions and 11 deletions
|
|
@ -40,7 +40,7 @@ public class UrlBean {
|
|||
}
|
||||
|
||||
public String getSocialUrl() {
|
||||
return Urls.accountSocialPage(baseQueryURI, realm).toString();
|
||||
return Urls.accountFederatedIdentityPage(baseQueryURI, realm).toString();
|
||||
}
|
||||
|
||||
public String getTotpUrl() {
|
||||
|
|
|
|||
|
|
@ -23,9 +23,8 @@ package org.keycloak.login.freemarker.model;
|
|||
|
||||
import org.keycloak.models.IdentityProviderModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.services.resources.AuthenticationBrokerResource;
|
||||
import org.keycloak.services.resources.flows.Urls;
|
||||
|
||||
import javax.ws.rs.core.UriBuilder;
|
||||
import java.net.URI;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
|
|
@ -49,11 +48,7 @@ public class IdentityProviderBean {
|
|||
|
||||
for (IdentityProviderModel identityProvider : identityProviders) {
|
||||
if (identityProvider.isEnabled()) {
|
||||
String loginUrl = UriBuilder.fromUri(baseURI)
|
||||
.path(AuthenticationBrokerResource.class)
|
||||
.path(AuthenticationBrokerResource.class, "performLogin")
|
||||
.replaceQueryParam("provider_id", identityProvider.getId())
|
||||
.build(realm.getName()).toString();
|
||||
String loginUrl = Urls.identityProviderAuthnRequest(baseURI, identityProvider, realm).toString();
|
||||
providers.add(new IdentityProvider(identityProvider.getId(), identityProvider.getName(), loginUrl));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,9 +25,11 @@ import org.keycloak.models.ApplicationModel;
|
|||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.ClientSessionModel;
|
||||
import org.keycloak.models.Constants;
|
||||
import org.keycloak.models.IdentityProviderModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.OAuthClientModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.models.RequiredCredentialModel;
|
||||
import org.keycloak.models.UserModel;
|
||||
import org.keycloak.models.UserSessionModel;
|
||||
import org.keycloak.models.UserSessionProvider;
|
||||
|
|
@ -70,6 +72,7 @@ import java.io.InputStream;
|
|||
import java.net.URI;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
|
|
@ -871,8 +874,27 @@ public class OpenIDConnectService {
|
|||
return oauth.cancelLogin(clientSession);
|
||||
}
|
||||
|
||||
String accessCode = new ClientSessionCode(realm, clientSession).getCode();
|
||||
List<RequiredCredentialModel> requiredCredentials = realm.getRequiredCredentials();
|
||||
|
||||
if (requiredCredentials.isEmpty()) {
|
||||
List<IdentityProviderModel> identityProviders = realm.getIdentityProviders();
|
||||
|
||||
if (!identityProviders.isEmpty()) {
|
||||
if (identityProviders.size() == 1) {
|
||||
return Response.temporaryRedirect(
|
||||
Urls.identityProviderAuthnRequest(this.uriInfo.getBaseUri(), identityProviders.get(0), this.realm, accessCode))
|
||||
.build();
|
||||
}
|
||||
|
||||
return Flows.forms(session, realm, null, uriInfo).setError("Realm [" + this.realm.getName() + "] supports multiple identity providers. Could not determine which identity provider should be used to authenticate with.").createErrorPage();
|
||||
}
|
||||
|
||||
return Flows.forms(session, realm, null, uriInfo).setError("Realm [" + this.realm.getName() + "] does not support any credential type.").createErrorPage();
|
||||
}
|
||||
|
||||
LoginFormsProvider forms = Flows.forms(session, realm, clientSession.getClient(), uriInfo)
|
||||
.setClientSessionCode(new ClientSessionCode(realm, clientSession).getCode());
|
||||
.setClientSessionCode(accessCode);
|
||||
|
||||
String rememberMeUsername = AuthenticationManager.getRememberMeUsername(realm, headers);
|
||||
|
||||
|
|
|
|||
|
|
@ -675,7 +675,7 @@ public class AccountService {
|
|||
|
||||
switch (accountSocialAction) {
|
||||
case ADD:
|
||||
String redirectUri = UriBuilder.fromUri(Urls.accountSocialPage(uriInfo.getBaseUri(), realm.getName())).build().toString();
|
||||
String redirectUri = UriBuilder.fromUri(Urls.accountFederatedIdentityPage(uriInfo.getBaseUri(), realm.getName())).build().toString();
|
||||
|
||||
try {
|
||||
ClientSessionModel clientSession = auth.getClientSession();
|
||||
|
|
|
|||
|
|
@ -21,9 +21,13 @@
|
|||
*/
|
||||
package org.keycloak.services.resources.flows;
|
||||
|
||||
import org.keycloak.OAuth2Constants;
|
||||
import org.keycloak.models.IdentityProviderModel;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.protocol.oidc.OpenIDConnect;
|
||||
import org.keycloak.protocol.oidc.OpenIDConnectService;
|
||||
import org.keycloak.services.resources.AccountService;
|
||||
import org.keycloak.services.resources.AuthenticationBrokerResource;
|
||||
import org.keycloak.services.resources.LoginActionsService;
|
||||
import org.keycloak.services.resources.RealmsResource;
|
||||
import org.keycloak.services.resources.ThemeResource;
|
||||
|
|
@ -56,7 +60,7 @@ public class Urls {
|
|||
return accountBase(baseUri).path(AccountService.class, "passwordPage").build(realmId);
|
||||
}
|
||||
|
||||
public static URI accountSocialPage(URI baseUri, String realmId) {
|
||||
public static URI accountFederatedIdentityPage(URI baseUri, String realmId) {
|
||||
return accountBase(baseUri).path(AccountService.class, "federatedIdentityPage").build(realmId);
|
||||
}
|
||||
|
||||
|
|
@ -64,6 +68,23 @@ public class Urls {
|
|||
return accountBase(baseUri).path(AccountService.class, "processFederatedIdentityUpdate").build(realmName);
|
||||
}
|
||||
|
||||
public static URI identityProviderAuthnRequest(URI baseURI, IdentityProviderModel identityProvider, RealmModel realm, String accessCode) {
|
||||
UriBuilder uriBuilder = UriBuilder.fromUri(baseURI)
|
||||
.path(AuthenticationBrokerResource.class)
|
||||
.path(AuthenticationBrokerResource.class, "performLogin")
|
||||
.replaceQueryParam("provider_id", identityProvider.getProviderId());
|
||||
|
||||
if (accessCode != null) {
|
||||
uriBuilder.replaceQueryParam(OAuth2Constants.CODE, accessCode);
|
||||
}
|
||||
|
||||
return uriBuilder.build(realm.getName());
|
||||
}
|
||||
|
||||
public static URI identityProviderAuthnRequest(URI baseURI, IdentityProviderModel identityProvider, RealmModel realm) {
|
||||
return identityProviderAuthnRequest(baseURI, identityProvider, realm, null);
|
||||
}
|
||||
|
||||
public static URI accountTotpPage(URI baseUri, String realmId) {
|
||||
return accountBase(baseUri).path(AccountService.class, "totpPage").build(realmId);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue