libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

KEYCLOAK-12910 Authentication SPI - Secret Question update

Browse source
This commit is contained in:
mabartos 2020-02-06 17:49:25 +01:00 committed by Marek Posolda
parent 4e38409529
commit c356855f42
1 changed files with 26 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
server_development/topics/auth-spi.adoc
View file

@ -605,11 +605,10 @@ return the "most preferred" credential of the correct type of the user,
protected boolean validateAnswer(AuthenticationFlowContext context) {
MultivaluedMap<String, String> formData = context.getHttpRequest().getDecodedFormParameters();
String secret = formData.getFirst("secret_answer");
String credentialId = context.getSelectedCredentialId();
String credentialId = formData.getFirst("credentialId");
if (credentialId == null || credentialId.isEmpty()) {
credentialId = getCredentialProvider(context.getSession())
.getDefaultCredential(context.getSession(), context.getRealm(), context.getUser()).getId();
context.setSelectedCredentialId(credentialId);
}
UserCredentialModel input = new UserCredentialModel(credentialId, getType(context.getSession()), secret);
@ -617,7 +616,7 @@ protected boolean validateAnswer(AuthenticationFlowContext context) {
}
----
The last thing to go over is the setCookie() method.
Next method is the setCookie().
This is an example of providing configuration for the Authenticator.
In this case we want the max age of the cookie to be configurable.
@ -644,6 +643,30 @@ If configuration exists we pull the max age config out of it.
We will see how we can define what should be configured when we talk about the AuthenticatorFactory implementation.
The config values can be defined within the admin console if you set up config definitions in your AuthenticatorFactory implementation.
[source,java]
----
@Override
public CredentialTypeMetadata getCredentialTypeMetadata() {
return CredentialTypeMetadata.builder()
.type(getType())
.category(CredentialTypeMetadata.Category.TWO_FACTOR)
.displayName(SecretQuestionCredentialProviderFactory.PROVIDER_ID)
.helpText("secret-question-text")
.createAction(SecretQuestionAuthenticatorFactory.PROVIDER_ID)
.removeable(false)
.build(session);
}
----
Last method in SecretQuestionCredentialProvider class is getCredentialTypeMetadata(), which is an abstract method of CredentialProvider
interface. Each Credential provider has to provide and implement this method. The method returns an instance of CredentialTypeMetadata,
which should at least include type and category of authenticator, displayName and removable item. In this example, the builder
takes type of authenticator from method getType(), category is Two Factor (the authenticator can be used as second factor of authentication)
and removable, which is set up to false (user can't remove some previously registered credentials).
Other items of builder are helpText (will be shown to the user on various screens), createAction (the providerID of the required action,
which can be used by the user to create new credential) or updateAction (same as createAction, but instead of creating the new credential, it will update the credential).
==== Implementing an AuthenticatorFactory
The next step in this process is to implement an AuthenticatorFactory.