Java Code Examples for org.keycloak.models.RealmModel#getAuthenticationExecutions()

The following examples show how to use org.keycloak.models.RealmModel#getAuthenticationExecutions() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: CredentialHelper.java    From keycloak with Apache License 2.0 6 votes vote down vote up
public static void setOrReplaceAuthenticationRequirement(KeycloakSession session, RealmModel realm, String type, AuthenticationExecutionModel.Requirement requirement, AuthenticationExecutionModel.Requirement currentRequirement) {
    for (AuthenticationFlowModel flow : realm.getAuthenticationFlows()) {
        for (AuthenticationExecutionModel execution : realm.getAuthenticationExecutions(flow.getId())) {
            String providerId = execution.getAuthenticator();
            ConfigurableAuthenticatorFactory factory = getConfigurableAuthenticatorFactory(session, providerId);
            if (factory == null) continue;
            if (type.equals(factory.getReferenceCategory())) {
                if (currentRequirement == null || currentRequirement.equals(execution.getRequirement())) {
                    execution.setRequirement(requirement);
                    realm.updateAuthenticatorExecution(execution);
                    logger.debugf("Authenticator execution '%s' switched to '%s'", execution.getAuthenticator(), requirement.toString());
                } else {
                    logger.debugf("Skip switch authenticator execution '%s' to '%s' as it's in state %s", execution.getAuthenticator(), requirement.toString(), execution.getRequirement());
                }
            }
        }
    }
}
 
Example 2
Source File: MigrateTo8_0_0.java    From keycloak with Apache License 2.0 5 votes vote down vote up
protected void migrateRealmMFA(KeycloakSession session, RealmModel realm, boolean jsn) {
    for (AuthenticationFlowModel authFlow : realm.getAuthenticationFlows()) {
        for (AuthenticationExecutionModel authExecution : realm.getAuthenticationExecutions(authFlow.getId())) {
            // Those were OPTIONAL executions in previous version
            if (authExecution.getRequirement() == AuthenticationExecutionModel.Requirement.CONDITIONAL) {
                migrateOptionalAuthenticationExecution(realm, authFlow, authExecution, true);
            }
        }
    }
}
 
Example 3
Source File: KeycloakModelUtils.java    From keycloak with Apache License 2.0 5 votes vote down vote up
/**
 * Recursively find all AuthenticationExecutionModel from specified flow or all it's subflows
 *
 * @param realm
 * @param flow
 * @param result input should be empty list. At the end will be all executions added to this list
 */
public static void deepFindAuthenticationExecutions(RealmModel realm, AuthenticationFlowModel flow, List<AuthenticationExecutionModel> result) {
    List<AuthenticationExecutionModel> executions = realm.getAuthenticationExecutions(flow.getId());
    for (AuthenticationExecutionModel execution : executions) {
        if (execution.isAuthenticatorFlow()) {
            AuthenticationFlowModel subFlow = realm.getAuthenticationFlowById(execution.getFlowId());
            deepFindAuthenticationExecutions(realm, subFlow, result);
        } else {
            result.add(execution);
        }
    }
}
 
Example 4
Source File: AuthenticationSelectionResolver.java    From keycloak with Apache License 2.0 5 votes vote down vote up
/**
 * Return the flowId of the "highest" subflow, which we need to take into account when creating list of authentication mechanisms
 * shown to the user.
 *
 * For example during configuration of the authentication flow like this:
 * - WebAuthn:                 ALTERNATIVE
 * - Password-and-OTP subflow:  ALTERNATIVE
 *   - Password REQUIRED
 *   - OTP      REQUIRED
 *
 * and assuming that "execution" parameter is PasswordForm, we also need to take the higher subflow into account as user
 * should be able to choose among WebAuthn and Password
 *
 * @param processor
 * @param execution
 * @return
 */
private static String getFlowIdOfTheHighestUsefulFlow(AuthenticationProcessor processor, AuthenticationExecutionModel execution) {
    String flowId = null;
    RealmModel realm = processor.getRealm();

    while (true) {
        if (execution.isAlternative()) {
            //Consider parent flow as we need to get all alternative executions to be able to list their credentials
            flowId = execution.getParentFlow();
        } else if (execution.isRequired()  || execution.isConditional()) {
            if (execution.isAuthenticatorFlow()) {
                flowId = execution.getFlowId();
            }

            // Find the corresponding execution. If it is 1st REQUIRED execution in the particular subflow, we need to consider parent flow as well
            List<AuthenticationExecutionModel> executions = realm.getAuthenticationExecutions(execution.getParentFlow());
            int executionIndex = executions.indexOf(execution);
            if (executionIndex != 0) {
                return flowId;
            } else {
                flowId = execution.getParentFlow();
            }
        }

        AuthenticationFlowModel flow = realm.getAuthenticationFlowById(flowId);
        if (flow.isTopLevel()) {
            return flowId;
        }
        execution = realm.getAuthenticationExecutionByFlowId(flowId);
    }
}
 
Example 5
Source File: AuthenticatorUtil.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static void recurseExecutions(RealmModel realm, String flowId, List<AuthenticationExecutionModel> executions) {
    List<AuthenticationExecutionModel> authenticationExecutions = realm.getAuthenticationExecutions(flowId);
    if (authenticationExecutions == null) return;
    for (AuthenticationExecutionModel model : authenticationExecutions) {
        executions.add(model);
        if (model.isAuthenticatorFlow() && model.isEnabled()) {
            recurseExecutions(realm, model.getFlowId(), executions);
        }
    }
}
 
Example 6
Source File: AuthenticatorUtil.java    From keycloak with Apache License 2.0 5 votes vote down vote up
public static AuthenticationExecutionModel findExecutionByAuthenticator(RealmModel realm, String flowId, String authProviderId) {
    for (AuthenticationExecutionModel model : realm.getAuthenticationExecutions(flowId)) {
        if (model.isAuthenticatorFlow()) {
            AuthenticationExecutionModel recurse = findExecutionByAuthenticator(realm, model.getFlowId(), authProviderId);
            if (recurse != null) return recurse;

        }
        if (model.getAuthenticator().equals(authProviderId)) {
            return model;
        }
    }
    return null;
}