public IdentityProviderModel(IdentityProviderModel model) { this.internalId = model.getInternalId(); this.providerId = model.getProviderId(); this.alias = model.getAlias(); this.config = new HashMap<String, String>(model.getConfig()); this.enabled = model.isEnabled(); this.trustEmail = model.isTrustEmail(); this.storeToken = model.isStoreToken(); this.authenticateByDefault = model.isAuthenticateByDefault(); this.addReadTokenRoleOnCreate = model.addReadTokenRoleOnCreate; this.firstBrokerLoginFlowId = model.getFirstBrokerLoginFlowId(); this.postBrokerLoginFlowId = model.getPostBrokerLoginFlowId(); }
private IdentityProviderModel entityToModel(IdentityProviderEntity entity) { IdentityProviderModel identityProviderModel = new IdentityProviderModel(); identityProviderModel.setProviderId(entity.getProviderId()); identityProviderModel.setAlias(entity.getAlias()); identityProviderModel.setDisplayName(entity.getDisplayName()); identityProviderModel.setInternalId(entity.getInternalId()); Map<String, String> config = entity.getConfig(); Map<String, String> copy = new HashMap<>(); copy.putAll(config); identityProviderModel.setConfig(copy); identityProviderModel.setEnabled(entity.isEnabled()); identityProviderModel.setTrustEmail(entity.isTrustEmail()); identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault()); identityProviderModel.setFirstBrokerLoginFlowId(entity.getFirstBrokerLoginFlowId()); identityProviderModel.setPostBrokerLoginFlowId(entity.getPostBrokerLoginFlowId()); identityProviderModel.setStoreToken(entity.isStoreToken()); identityProviderModel.setAddReadTokenRoleOnCreate(entity.isAddReadTokenRoleOnCreate()); return identityProviderModel; }
@Override public IdentityProviderModel getIdentityProviderByAlias(String alias) { for (IdentityProviderModel identityProviderModel : getIdentityProviders()) { if (identityProviderModel.getAlias().equals(alias)) { return identityProviderModel; } } return null; }
public AccountFederatedIdentityBean(KeycloakSession session, RealmModel realm, UserModel user, URI baseUri, String stateChecker) { this.session = session; URI accountIdentityUpdateUri = Urls.accountFederatedIdentityUpdate(baseUri, realm.getName()); List<IdentityProviderModel> identityProviders = realm.getIdentityProviders(); Set<FederatedIdentityModel> identities = session.users().getFederatedIdentities(user, realm); Set<FederatedIdentityEntry> orderedSet = new TreeSet<>(IdentityProviderComparator.INSTANCE); int availableIdentities = 0; if (identityProviders != null && !identityProviders.isEmpty()) { for (IdentityProviderModel provider : identityProviders) { String providerId = provider.getAlias(); FederatedIdentityModel identity = getIdentity(identities, providerId); if (identity != null) { availableIdentities++; } String action = identity != null ? "remove" : "add"; String actionUrl = UriBuilder.fromUri(accountIdentityUpdateUri) .queryParam("action", action) .queryParam("provider_id", providerId) .queryParam("stateChecker", stateChecker) .build().toString(); FederatedIdentityEntry entry = new FederatedIdentityEntry(identity, provider.getAlias(), provider.getAlias(), actionUrl, provider.getConfig() != null ? provider.getConfig().get("guiOrder") : null); orderedSet.add(entry); } } this.identities = new LinkedList<FederatedIdentityEntry>(orderedSet); // Removing last social provider is not possible if you don't have other possibility to authenticate this.removeLinkPossible = availableIdentities > 1 || user.getFederationLink() != null || AccountService.isPasswordSet(user); }
throw new RuntimeException("failed to load openid connect metadata", e); OIDCIdentityProviderConfig config = new OIDCIdentityProviderConfig(new IdentityProviderModel()); config.setIssuer(rep.getIssuer()); config.setLogoutUrl(rep.getLogoutEndpoint());
public void migrate(KeycloakSession session) { List<RealmModel> realms = session.realms().getRealms(); for (RealmModel realm : realms) { // Set default accessToken timeout for implicit flow realm.setAccessTokenLifespanForImplicitFlow(Constants.DEFAULT_ACCESS_TOKEN_LIFESPAN_FOR_IMPLICIT_FLOW_TIMEOUT); // Add 'admin-cli' builtin client MigrationProvider migrationProvider = session.getProvider(MigrationProvider.class); migrationProvider.setupAdminCli(realm); // add firstBrokerLogin flow and set it to all identityProviders DefaultAuthenticationFlows.migrateFlows(realm); AuthenticationFlowModel firstBrokerLoginFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.FIRST_BROKER_LOGIN_FLOW); List<IdentityProviderModel> identityProviders = realm.getIdentityProviders(); for (IdentityProviderModel identityProvider : identityProviders) { if (identityProvider.getFirstBrokerLoginFlowId() == null) { identityProvider.setFirstBrokerLoginFlowId(firstBrokerLoginFlow.getId()); realm.updateIdentityProvider(identityProvider); } } } } }
private SessionAndKeyHolder getCacheKeyToInvalidate(ProviderEvent event) { if (event instanceof RealmModel.ClientUpdatedEvent) { RealmModel.ClientUpdatedEvent eventt = (RealmModel.ClientUpdatedEvent) event; String cacheKey = PublicKeyStorageUtils.getClientModelCacheKey(eventt.getUpdatedClient().getRealm().getId(), eventt.getUpdatedClient().getId()); return new SessionAndKeyHolder(eventt.getKeycloakSession(), cacheKey); } else if (event instanceof RealmModel.ClientRemovedEvent) { RealmModel.ClientRemovedEvent eventt = (RealmModel.ClientRemovedEvent) event; String cacheKey = PublicKeyStorageUtils.getClientModelCacheKey(eventt.getClient().getRealm().getId(), eventt.getClient().getId()); return new SessionAndKeyHolder(eventt.getKeycloakSession(), cacheKey); } else if (event instanceof RealmModel.IdentityProviderUpdatedEvent) { RealmModel.IdentityProviderUpdatedEvent eventt = (RealmModel.IdentityProviderUpdatedEvent) event; String cacheKey = PublicKeyStorageUtils.getIdpModelCacheKey(eventt.getRealm().getId(), eventt.getUpdatedIdentityProvider().getInternalId()); return new SessionAndKeyHolder(eventt.getKeycloakSession(), cacheKey); } else if (event instanceof RealmModel.IdentityProviderRemovedEvent) { RealmModel.IdentityProviderRemovedEvent eventt = (RealmModel.IdentityProviderRemovedEvent) event; String cacheKey = PublicKeyStorageUtils.getIdpModelCacheKey(eventt.getRealm().getId(), eventt.getRemovedIdentityProvider().getInternalId()); return new SessionAndKeyHolder(eventt.getKeycloakSession(), cacheKey); } else { return null; } }
@Override public IdentityProviderModel getIdentityProviderByAlias(String alias) { for (IdentityProviderModel identityProviderModel : getIdentityProviders()) { if (identityProviderModel.getAlias().equals(alias)) { return identityProviderModel; } } return null; }
this.identityProviders.add(new IdentityProviderModel(identityProviderModel));
public IdentityProviderModel(IdentityProviderModel model) { if (model != null) { this.internalId = model.getInternalId(); this.providerId = model.getProviderId(); this.alias = model.getAlias(); this.displayName = model.getDisplayName(); this.config = new HashMap<String, String>(model.getConfig()); this.enabled = model.isEnabled(); this.trustEmail = model.isTrustEmail(); this.storeToken = model.isStoreToken(); this.linkOnly = model.isLinkOnly(); this.authenticateByDefault = model.isAuthenticateByDefault(); this.addReadTokenRoleOnCreate = model.addReadTokenRoleOnCreate; this.firstBrokerLoginFlowId = model.getFirstBrokerLoginFlowId(); this.postBrokerLoginFlowId = model.getPostBrokerLoginFlowId(); } }
private IdentityProviderModel entityToModel(IdentityProviderEntity entity) { IdentityProviderModel identityProviderModel = new IdentityProviderModel(); identityProviderModel.setProviderId(entity.getProviderId()); identityProviderModel.setAlias(entity.getAlias()); identityProviderModel.setDisplayName(entity.getDisplayName()); identityProviderModel.setInternalId(entity.getInternalId()); Map<String, String> config = entity.getConfig(); Map<String, String> copy = new HashMap<>(); copy.putAll(config); identityProviderModel.setConfig(copy); identityProviderModel.setEnabled(entity.isEnabled()); identityProviderModel.setLinkOnly(entity.isLinkOnly()); identityProviderModel.setTrustEmail(entity.isTrustEmail()); identityProviderModel.setAuthenticateByDefault(entity.isAuthenticateByDefault()); identityProviderModel.setFirstBrokerLoginFlowId(entity.getFirstBrokerLoginFlowId()); identityProviderModel.setPostBrokerLoginFlowId(entity.getPostBrokerLoginFlowId()); identityProviderModel.setStoreToken(entity.isStoreToken()); identityProviderModel.setAddReadTokenRoleOnCreate(entity.isAddReadTokenRoleOnCreate()); return identityProviderModel; }
@Override public IdentityProviderModel getIdentityProviderByAlias(String alias) { for (IdentityProviderModel identityProviderModel : getIdentityProviders()) { if (identityProviderModel.getAlias().equals(alias)) { return identityProviderModel; } } return null; }
this.identityProviders.add(new IdentityProviderModel(identityProviderModel));
@Override public void addIdentityProvider(IdentityProviderModel identityProvider) { IdentityProviderEntity entity = new IdentityProviderEntity(); entity.setInternalId(KeycloakModelUtils.generateId()); entity.setAlias(identityProvider.getAlias()); entity.setDisplayName(identityProvider.getDisplayName()); entity.setProviderId(identityProvider.getProviderId()); entity.setEnabled(identityProvider.isEnabled()); entity.setTrustEmail(identityProvider.isTrustEmail()); entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate()); entity.setStoreToken(identityProvider.isStoreToken()); entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault()); entity.setFirstBrokerLoginFlowId(identityProvider.getFirstBrokerLoginFlowId()); entity.setPostBrokerLoginFlowId(identityProvider.getPostBrokerLoginFlowId()); entity.setConfig(identityProvider.getConfig()); realm.getIdentityProviders().add(entity); updateRealm(); }
public static IdentityProviderModel toModel(RealmModel realm, IdentityProviderRepresentation representation) { IdentityProviderModel identityProviderModel = new IdentityProviderModel(); identityProviderModel.setInternalId(representation.getInternalId()); identityProviderModel.setAlias(representation.getAlias()); identityProviderModel.setProviderId(representation.getProviderId()); identityProviderModel.setEnabled(representation.isEnabled()); identityProviderModel.setTrustEmail(representation.isTrustEmail()); identityProviderModel.setAuthenticateByDefault(representation.isAuthenticateByDefault()); identityProviderModel.setStoreToken(representation.isStoreToken()); identityProviderModel.setAddReadTokenRoleOnCreate(representation.isAddReadTokenRoleOnCreate()); identityProviderModel.setConfig(representation.getConfig()); throw new ModelException("No available authentication flow with alias: " + flowAlias); identityProviderModel.setFirstBrokerLoginFlowId(flowModel.getId()); identityProviderModel.setPostBrokerLoginFlowId(null); } else { flowModel = realm.getFlowByAlias(flowAlias); throw new ModelException("No available authentication flow with alias: " + flowAlias); identityProviderModel.setPostBrokerLoginFlowId(flowModel.getId());
@Override public void sendConfirmIdentityBrokerLink(String link, long expirationInMinutes) throws EmailException { Map<String, Object> attributes = new HashMap<String, Object>(); attributes.put("user", new ProfileBean(user)); attributes.put("link", link); attributes.put("linkExpiration", expirationInMinutes); attributes.put("realmName", getRealmName()); BrokeredIdentityContext brokerContext = (BrokeredIdentityContext) this.attributes.get(IDENTITY_PROVIDER_BROKER_CONTEXT); String idpAlias = brokerContext.getIdpConfig().getAlias(); idpAlias = ObjectUtil.capitalize(idpAlias); attributes.put("identityProviderContext", brokerContext); attributes.put("identityProviderAlias", idpAlias); List<Object> subjectAttrs = Arrays.<Object>asList(idpAlias); send("identityProviderLinkSubject", subjectAttrs, "identity-provider-link.ftl", attributes); }
@Override public void addIdentityProvider(IdentityProviderModel identityProvider) { IdentityProviderEntity entity = new IdentityProviderEntity(); if (identityProvider.getInternalId() == null) { entity.setInternalId(KeycloakModelUtils.generateId()); } else { entity.setInternalId(identityProvider.getInternalId()); } entity.setAlias(identityProvider.getAlias()); entity.setDisplayName(identityProvider.getDisplayName()); entity.setProviderId(identityProvider.getProviderId()); entity.setEnabled(identityProvider.isEnabled()); entity.setStoreToken(identityProvider.isStoreToken()); entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate()); entity.setTrustEmail(identityProvider.isTrustEmail()); entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault()); entity.setFirstBrokerLoginFlowId(identityProvider.getFirstBrokerLoginFlowId()); entity.setPostBrokerLoginFlowId(identityProvider.getPostBrokerLoginFlowId()); entity.setConfig(identityProvider.getConfig()); entity.setLinkOnly(identityProvider.isLinkOnly()); realm.addIdentityProvider(entity); identityProvider.setInternalId(entity.getInternalId()); em.persist(entity); em.flush(); }
@Override public void preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) { String template = mapperModel.getConfig().get(TEMPLATE); Matcher m = substitution.matcher(template); StringBuffer sb = new StringBuffer(); while (m.find()) { String variable = m.group(1); if (variable.equals("ALIAS")) { m.appendReplacement(sb, context.getIdpConfig().getAlias()); } else if (variable.equals("UUID")) { m.appendReplacement(sb, KeycloakModelUtils.generateId()); } else if (variable.startsWith("CLAIM.")) { String name = variable.substring("CLAIM.".length()); Object value = AbstractClaimMapper.getClaimValue(context, name); if (value == null) value = ""; m.appendReplacement(sb, value.toString()); } else { m.appendReplacement(sb, m.group(1)); } } m.appendTail(sb); String username = sb.toString(); context.setModelUsername(username); }
@Override public void updateIdentityProvider(IdentityProviderModel identityProvider) { for (IdentityProviderEntity entity : this.realm.getIdentityProviders()) { if (entity.getInternalId().equals(identityProvider.getInternalId())) { entity.setAlias(identityProvider.getAlias()); entity.setDisplayName(identityProvider.getDisplayName()); entity.setEnabled(identityProvider.isEnabled()); entity.setTrustEmail(identityProvider.isTrustEmail()); entity.setAuthenticateByDefault(identityProvider.isAuthenticateByDefault()); entity.setFirstBrokerLoginFlowId(identityProvider.getFirstBrokerLoginFlowId()); entity.setPostBrokerLoginFlowId(identityProvider.getPostBrokerLoginFlowId()); entity.setAddReadTokenRoleOnCreate(identityProvider.isAddReadTokenRoleOnCreate()); entity.setStoreToken(identityProvider.isStoreToken()); entity.setConfig(identityProvider.getConfig()); entity.setLinkOnly(identityProvider.isLinkOnly());
@Override public IdentityProviderModel getIdentityProviderByAlias(String alias) { if (isUpdated()) return updated.getIdentityProviderByAlias(alias); for (IdentityProviderModel identityProviderModel : getIdentityProviders()) { if (identityProviderModel.getAlias().equals(alias)) { return identityProviderModel; } } return null; }