Java Code Examples for org.keycloak.models.RealmModel#getAuthenticationExecutions()
The following examples show how to use
org.keycloak.models.RealmModel#getAuthenticationExecutions() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: CredentialHelper.java From keycloak with Apache License 2.0 | 6 votes |
|
public static void setOrReplaceAuthenticationRequirement(KeycloakSession session, RealmModel realm, String type, AuthenticationExecutionModel.Requirement requirement, AuthenticationExecutionModel.Requirement currentRequirement) {
for (AuthenticationFlowModel flow : realm.getAuthenticationFlows()) {
for (AuthenticationExecutionModel execution : realm.getAuthenticationExecutions(flow.getId())) {
String providerId = execution.getAuthenticator();
ConfigurableAuthenticatorFactory factory = getConfigurableAuthenticatorFactory(session, providerId);
if (factory == null) continue;
if (type.equals(factory.getReferenceCategory())) {
if (currentRequirement == null || currentRequirement.equals(execution.getRequirement())) {
execution.setRequirement(requirement);
realm.updateAuthenticatorExecution(execution);
logger.debugf("Authenticator execution '%s' switched to '%s'", execution.getAuthenticator(), requirement.toString());
} else {
logger.debugf("Skip switch authenticator execution '%s' to '%s' as it's in state %s", execution.getAuthenticator(), requirement.toString(), execution.getRequirement());
}
}
}
}
}
Example 2
| Source File: MigrateTo8_0_0.java From keycloak with Apache License 2.0 | 5 votes |
|
protected void migrateRealmMFA(KeycloakSession session, RealmModel realm, boolean jsn) {
for (AuthenticationFlowModel authFlow : realm.getAuthenticationFlows()) {
for (AuthenticationExecutionModel authExecution : realm.getAuthenticationExecutions(authFlow.getId())) {
// Those were OPTIONAL executions in previous version
if (authExecution.getRequirement() == AuthenticationExecutionModel.Requirement.CONDITIONAL) {
migrateOptionalAuthenticationExecution(realm, authFlow, authExecution, true);
}
}
}
}
Example 3
| Source File: KeycloakModelUtils.java From keycloak with Apache License 2.0 | 5 votes |
|
/**
* Recursively find all AuthenticationExecutionModel from specified flow or all it's subflows
*
* @param realm
* @param flow
* @param result input should be empty list. At the end will be all executions added to this list
*/
public static void deepFindAuthenticationExecutions(RealmModel realm, AuthenticationFlowModel flow, List<AuthenticationExecutionModel> result) {
List<AuthenticationExecutionModel> executions = realm.getAuthenticationExecutions(flow.getId());
for (AuthenticationExecutionModel execution : executions) {
if (execution.isAuthenticatorFlow()) {
AuthenticationFlowModel subFlow = realm.getAuthenticationFlowById(execution.getFlowId());
deepFindAuthenticationExecutions(realm, subFlow, result);
} else {
result.add(execution);
}
}
}
Example 4
| Source File: AuthenticationSelectionResolver.java From keycloak with Apache License 2.0 | 5 votes |
|
/**
* Return the flowId of the "highest" subflow, which we need to take into account when creating list of authentication mechanisms
* shown to the user.
*
* For example during configuration of the authentication flow like this:
* - WebAuthn: ALTERNATIVE
* - Password-and-OTP subflow: ALTERNATIVE
* - Password REQUIRED
* - OTP REQUIRED
*
* and assuming that "execution" parameter is PasswordForm, we also need to take the higher subflow into account as user
* should be able to choose among WebAuthn and Password
*
* @param processor
* @param execution
* @return
*/
private static String getFlowIdOfTheHighestUsefulFlow(AuthenticationProcessor processor, AuthenticationExecutionModel execution) {
String flowId = null;
RealmModel realm = processor.getRealm();
while (true) {
if (execution.isAlternative()) {
//Consider parent flow as we need to get all alternative executions to be able to list their credentials
flowId = execution.getParentFlow();
} else if (execution.isRequired() || execution.isConditional()) {
if (execution.isAuthenticatorFlow()) {
flowId = execution.getFlowId();
}
// Find the corresponding execution. If it is 1st REQUIRED execution in the particular subflow, we need to consider parent flow as well
List<AuthenticationExecutionModel> executions = realm.getAuthenticationExecutions(execution.getParentFlow());
int executionIndex = executions.indexOf(execution);
if (executionIndex != 0) {
return flowId;
} else {
flowId = execution.getParentFlow();
}
}
AuthenticationFlowModel flow = realm.getAuthenticationFlowById(flowId);
if (flow.isTopLevel()) {
return flowId;
}
execution = realm.getAuthenticationExecutionByFlowId(flowId);
}
}
Example 5
| Source File: AuthenticatorUtil.java From keycloak with Apache License 2.0 | 5 votes |
|
public static void recurseExecutions(RealmModel realm, String flowId, List<AuthenticationExecutionModel> executions) {
List<AuthenticationExecutionModel> authenticationExecutions = realm.getAuthenticationExecutions(flowId);
if (authenticationExecutions == null) return;
for (AuthenticationExecutionModel model : authenticationExecutions) {
executions.add(model);
if (model.isAuthenticatorFlow() && model.isEnabled()) {
recurseExecutions(realm, model.getFlowId(), executions);
}
}
}
Example 6
| Source File: AuthenticatorUtil.java From keycloak with Apache License 2.0 | 5 votes |
|
public static AuthenticationExecutionModel findExecutionByAuthenticator(RealmModel realm, String flowId, String authProviderId) {
for (AuthenticationExecutionModel model : realm.getAuthenticationExecutions(flowId)) {
if (model.isAuthenticatorFlow()) {
AuthenticationExecutionModel recurse = findExecutionByAuthenticator(realm, model.getFlowId(), authProviderId);
if (recurse != null) return recurse;
}
if (model.getAuthenticator().equals(authProviderId)) {
return model;
}
}
return null;
}
