Java Code Examples for org.keycloak.authentication.AuthenticationFlowContext#form()

The following examples show how to use org.keycloak.authentication.AuthenticationFlowContext#form() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SelectUserAuthenticatorForm.java    From keycloak-extension-playground with Apache License 2.0 6 votes vote down vote up
private LoginFormsProvider createSelectUserForm(AuthenticationFlowContext context, String error) {

        MultivaluedMap<String, String> formData = createLoginFormData(context);

        LoginFormsProvider form = context.form();
        if (formData.size() > 0) {
            form.setFormData(formData);
        }
        form.setAttribute("login", new LoginBean(formData));

        if (error != null) {
            form.setError(error);
        }

        return form;
    }
 
Example 2
Source File: WebAuthn4jAuthenticator.java    From keycloak-webauthn-authenticator with Apache License 2.0 6 votes vote down vote up
public void authenticate(AuthenticationFlowContext context) {
    LoginFormsProvider form = context.form();
    Map<String, String> params = generateParameters(context.getRealm(), context.getUriInfo().getBaseUri());
    context.getAuthenticationSession().setAuthNote(WebAuthnConstants.AUTH_CHALLENGE_NOTE, params.get(WebAuthnConstants.CHALLENGE));
    UserModel user = context.getUser();
    boolean isUserIdentified = false;
    if (user != null) {
        // in 2 Factor Scenario where the user has already identified
        isUserIdentified = true;
        form.setAttribute("authenticators", new WebAuthnAuthenticatorsBean(user));
    } else {
        // in ID-less & Password-less Scenario
        // NOP
    }
    params.put("isUserIdentified", Boolean.toString(isUserIdentified));
    params.forEach(form::setAttribute);
    context.challenge(form.createForm("webauthn.ftl"));
}
 
Example 3
Source File: RecaptchaUsernamePasswordForm.java    From keycloak-login-recaptcha with Apache License 2.0 6 votes vote down vote up
@Override
public void authenticate(AuthenticationFlowContext context) {
	context.getEvent().detail(Details.AUTH_METHOD, "auth_method");
	if (logger.isInfoEnabled()) {
		logger.info(
				"validateRecaptcha(AuthenticationFlowContext, boolean, String, String) - Before the validation");
	}

	AuthenticatorConfigModel captchaConfig = context.getAuthenticatorConfig();
	LoginFormsProvider form = context.form();
	String userLanguageTag = context.getSession().getContext().resolveLocale(context.getUser()).toLanguageTag();

	if (captchaConfig == null || captchaConfig.getConfig() == null
			|| captchaConfig.getConfig().get(SITE_KEY) == null
			|| captchaConfig.getConfig().get(SITE_SECRET) == null) {
		form.addError(new FormMessage(null, Messages.RECAPTCHA_NOT_CONFIGURED));
		return;
	}
	siteKey = captchaConfig.getConfig().get(SITE_KEY);
	form.setAttribute("recaptchaRequired", true);
	form.setAttribute("recaptchaSiteKey", siteKey);
	form.addScript("https://www.google.com/recaptcha/api.js?hl=" + userLanguageTag);

	super.authenticate(context);
}
 
Example 4
Source File: WebAuthnAuthenticator.java    From keycloak with Apache License 2.0 6 votes vote down vote up
public void authenticate(AuthenticationFlowContext context) {
    LoginFormsProvider form = context.form();
 
    Challenge challenge = new DefaultChallenge();
    String challengeValue = Base64Url.encode(challenge.getValue());
    context.getAuthenticationSession().setAuthNote(WebAuthnConstants.AUTH_CHALLENGE_NOTE, challengeValue);
    form.setAttribute(WebAuthnConstants.CHALLENGE, challengeValue);

    WebAuthnPolicy policy = getWebAuthnPolicy(context);
    String rpId = getRpID(context);
    form.setAttribute(WebAuthnConstants.RP_ID, rpId);

    UserModel user = context.getUser();
    boolean isUserIdentified = false;
    if (user != null) {
        // in 2 Factor Scenario where the user has already been identified
        WebAuthnAuthenticatorsBean authenticators = new WebAuthnAuthenticatorsBean(context.getSession(), context.getRealm(), user, getCredentialType());
        if (authenticators.getAuthenticators().isEmpty()) {
            // require the user to register webauthn authenticator
            return;
        }
        isUserIdentified = true;
        form.setAttribute(WebAuthnConstants.ALLOWED_AUTHENTICATORS, authenticators);
    } else {
        // in ID-less & Password-less Scenario
        // NOP
    }
    form.setAttribute(WebAuthnConstants.IS_USER_IDENTIFIED, Boolean.toString(isUserIdentified));

    // read options from policy
    String userVerificationRequirement = policy.getUserVerificationRequirement();
    form.setAttribute(WebAuthnConstants.USER_VERIFICATION, userVerificationRequirement);

    context.challenge(form.createLoginWebAuthn());
}
 
Example 5
Source File: PasswordAuthenticatorForm.java    From keycloak-extension-playground with Apache License 2.0 5 votes vote down vote up
@Override
protected Response challenge(AuthenticationFlowContext context, String error) {

    LoginFormsProvider form = context.form();

    if (error != null) {
        form.setError(error);
    }

    String attemptedUsername = context.getAuthenticationSession().getAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME);
    form.setAttribute(AuthenticationManager.FORM_USERNAME, attemptedUsername);

    Response response = form.createForm("validate-password-form.ftl");
    return response;
}
 
Example 6
Source File: X509ClientCertificateAuthenticator.java    From keycloak with Apache License 2.0 5 votes vote down vote up
private Response createResponse(AuthenticationFlowContext context,
                                     String subjectDN,
                                     boolean isUserEnabled,
                                     String errorMessage,
                                     Object[] errorParameters) {

    LoginFormsProvider form = context.form();
    if (errorMessage != null && errorMessage.trim().length() > 0) {
        List<FormMessage> errors = new LinkedList<>();

        errors.add(new FormMessage(errorMessage));
        if (errorParameters != null) {

            for (Object errorParameter : errorParameters) {
                if (errorParameter == null) continue;
                for (String part : errorParameter.toString().split("\n")) {
                    errors.add(new FormMessage(part));
                }
            }
        }
        form.setErrors(errors);
    }

    MultivaluedMap<String,String> formData = new MultivaluedHashMap<>();
    formData.add("username", context.getUser() != null ? context.getUser().getUsername() : "unknown user");
    formData.add("subjectDN", subjectDN);
    formData.add("isUserEnabled", String.valueOf(isUserEnabled));

    form.setFormData(formData);

    return form.createX509ConfirmPage();
}
 
Example 7
Source File: UsernameForm.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
protected Response challenge(AuthenticationFlowContext context, MultivaluedMap<String, String> formData) {
    LoginFormsProvider forms = context.form();

    if (!formData.isEmpty()) forms.setFormData(formData);

    return forms.createLoginUsername();
}
 
Example 8
Source File: AbstractX509ClientCertificateAuthenticator.java    From keycloak with Apache License 2.0 4 votes vote down vote up
protected Response createInfoResponse(AuthenticationFlowContext context, String infoMessage, Object ... parameters) {
    LoginFormsProvider form = context.form();
    return form.setInfo(infoMessage, parameters).createInfoPage();
}
 
Example 9
Source File: UsernamePasswordForm.java    From keycloak with Apache License 2.0 3 votes vote down vote up
protected Response challenge(AuthenticationFlowContext context, MultivaluedMap<String, String> formData) {
    LoginFormsProvider forms = context.form();

    if (formData.size() > 0) forms.setFormData(formData);

    return forms.createLoginUsernamePassword();
}