Java Code Examples for org.keycloak.services.managers.AuthenticationManager#redirectToRequiredActions()
The following examples show how to use
org.keycloak.services.managers.AuthenticationManager#redirectToRequiredActions() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ExecuteActionsActionTokenHandler.java From keycloak with Apache License 2.0 | 5 votes |
@Override public Response handleToken(ExecuteActionsActionToken token, ActionTokenContext<ExecuteActionsActionToken> tokenContext) { AuthenticationSessionModel authSession = tokenContext.getAuthenticationSession(); final UriInfo uriInfo = tokenContext.getUriInfo(); final RealmModel realm = tokenContext.getRealm(); final KeycloakSession session = tokenContext.getSession(); if (tokenContext.isAuthenticationSessionFresh()) { // Update the authentication session in the token String authSessionEncodedId = AuthenticationSessionCompoundId.fromAuthSession(authSession).getEncodedId(); token.setCompoundAuthenticationSessionId(authSessionEncodedId); UriBuilder builder = Urls.actionTokenBuilder(uriInfo.getBaseUri(), token.serialize(session, realm, uriInfo), authSession.getClient().getClientId(), authSession.getTabId()); String confirmUri = builder.build(realm.getName()).toString(); return session.getProvider(LoginFormsProvider.class) .setAuthenticationSession(authSession) .setSuccess(Messages.CONFIRM_EXECUTION_OF_ACTIONS) .setAttribute(Constants.TEMPLATE_ATTR_ACTION_URI, confirmUri) .setAttribute(Constants.TEMPLATE_ATTR_REQUIRED_ACTIONS, token.getRequiredActions()) .createInfoPage(); } String redirectUri = RedirectUtils.verifyRedirectUri(tokenContext.getSession(), token.getRedirectUri(), authSession.getClient()); if (redirectUri != null) { authSession.setAuthNote(AuthenticationManager.SET_REDIRECT_URI_AFTER_REQUIRED_ACTIONS, "true"); authSession.setRedirectUri(redirectUri); authSession.setClientNote(OIDCLoginProtocol.REDIRECT_URI_PARAM, redirectUri); } token.getRequiredActions().stream().forEach(authSession::addRequiredAction); UserModel user = tokenContext.getAuthenticationSession().getAuthenticatedUser(); // verify user email as we know it is valid as this entry point would never have gotten here. user.setEmailVerified(true); String nextAction = AuthenticationManager.nextRequiredAction(tokenContext.getSession(), authSession, tokenContext.getClientConnection(), tokenContext.getRequest(), tokenContext.getUriInfo(), tokenContext.getEvent()); return AuthenticationManager.redirectToRequiredActions(tokenContext.getSession(), tokenContext.getRealm(), authSession, tokenContext.getUriInfo(), nextAction); }
Example 2
Source File: AuthenticationProcessor.java From keycloak with Apache License 2.0 | 5 votes |
protected Response authenticationComplete() { // attachSession(); // Session will be attached after requiredActions + consents are finished. AuthenticationManager.setClientScopesInSession(authenticationSession); String nextRequiredAction = nextRequiredAction(); if (nextRequiredAction != null) { return AuthenticationManager.redirectToRequiredActions(session, realm, authenticationSession, uriInfo, nextRequiredAction); } else { event.detail(Details.CODE_ID, authenticationSession.getParentSession().getId()); // todo This should be set elsewhere. find out why tests fail. Don't know where this is supposed to be set return AuthenticationManager.finishedRequiredActions(session, authenticationSession, userSession, connection, request, uriInfo, event); } }
Example 3
Source File: IdentityBrokerService.java From keycloak with Apache License 2.0 | 5 votes |
private Response finishBrokerAuthentication(BrokeredIdentityContext context, UserModel federatedUser, AuthenticationSessionModel authSession, String providerId) { authSession.setAuthNote(AuthenticationProcessor.BROKER_SESSION_ID, context.getBrokerSessionId()); authSession.setAuthNote(AuthenticationProcessor.BROKER_USER_ID, context.getBrokerUserId()); this.event.user(federatedUser); context.getIdp().authenticationFinished(authSession, context); authSession.setUserSessionNote(Details.IDENTITY_PROVIDER, providerId); authSession.setUserSessionNote(Details.IDENTITY_PROVIDER_USERNAME, context.getUsername()); event.detail(Details.IDENTITY_PROVIDER, providerId) .detail(Details.IDENTITY_PROVIDER_USERNAME, context.getUsername()); if (isDebugEnabled()) { logger.debugf("Performing local authentication for user [%s].", federatedUser); } AuthenticationManager.setClientScopesInSession(authSession); String nextRequiredAction = AuthenticationManager.nextRequiredAction(session, authSession, clientConnection, request, session.getContext().getUri(), event); if (nextRequiredAction != null) { if ("true".equals(authSession.getAuthNote(AuthenticationProcessor.FORWARDED_PASSIVE_LOGIN))) { logger.errorf("Required action %s found. Auth requests using prompt=none are incompatible with required actions", nextRequiredAction); return checkPassiveLoginError(authSession, OAuthErrorException.INTERACTION_REQUIRED); } return AuthenticationManager.redirectToRequiredActions(session, realmModel, authSession, session.getContext().getUri(), nextRequiredAction); } else { event.detail(Details.CODE_ID, authSession.getParentSession().getId()); // todo This should be set elsewhere. find out why tests fail. Don't know where this is supposed to be set return AuthenticationManager.finishedRequiredActions(session, authSession, null, clientConnection, request, session.getContext().getUri(), event); } }
Example 4
Source File: VerifyEmailActionTokenHandler.java From keycloak with Apache License 2.0 | 4 votes |
@Override public Response handleToken(VerifyEmailActionToken token, ActionTokenContext<VerifyEmailActionToken> tokenContext) { UserModel user = tokenContext.getAuthenticationSession().getAuthenticatedUser(); EventBuilder event = tokenContext.getEvent(); event.event(EventType.VERIFY_EMAIL).detail(Details.EMAIL, user.getEmail()); AuthenticationSessionModel authSession = tokenContext.getAuthenticationSession(); final UriInfo uriInfo = tokenContext.getUriInfo(); final RealmModel realm = tokenContext.getRealm(); final KeycloakSession session = tokenContext.getSession(); if (tokenContext.isAuthenticationSessionFresh()) { // Update the authentication session in the token token.setCompoundOriginalAuthenticationSessionId(token.getCompoundAuthenticationSessionId()); String authSessionEncodedId = AuthenticationSessionCompoundId.fromAuthSession(authSession).getEncodedId(); token.setCompoundAuthenticationSessionId(authSessionEncodedId); UriBuilder builder = Urls.actionTokenBuilder(uriInfo.getBaseUri(), token.serialize(session, realm, uriInfo), authSession.getClient().getClientId(), authSession.getTabId()); String confirmUri = builder.build(realm.getName()).toString(); return session.getProvider(LoginFormsProvider.class) .setAuthenticationSession(authSession) .setSuccess(Messages.CONFIRM_EMAIL_ADDRESS_VERIFICATION, user.getEmail()) .setAttribute(Constants.TEMPLATE_ATTR_ACTION_URI, confirmUri) .createInfoPage(); } // verify user email as we know it is valid as this entry point would never have gotten here. user.setEmailVerified(true); user.removeRequiredAction(RequiredAction.VERIFY_EMAIL); authSession.removeRequiredAction(RequiredAction.VERIFY_EMAIL); event.success(); if (token.getCompoundOriginalAuthenticationSessionId() != null) { AuthenticationSessionManager asm = new AuthenticationSessionManager(tokenContext.getSession()); asm.removeAuthenticationSession(tokenContext.getRealm(), authSession, true); return tokenContext.getSession().getProvider(LoginFormsProvider.class) .setAuthenticationSession(authSession) .setSuccess(Messages.EMAIL_VERIFIED) .createInfoPage(); } tokenContext.setEvent(event.clone().removeDetail(Details.EMAIL).event(EventType.LOGIN)); String nextAction = AuthenticationManager.nextRequiredAction(session, authSession, tokenContext.getClientConnection(), tokenContext.getRequest(), uriInfo, event); return AuthenticationManager.redirectToRequiredActions(session, realm, authSession, uriInfo, nextAction); }