Java Code Examples for org.keycloak.models.RealmModel#getIdentityProviders()
The following examples show how to use
org.keycloak.models.RealmModel#getIdentityProviders() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: MigrateTo1_7_0.java From keycloak with Apache License 2.0 | 6 votes |
|
protected void migrateRealm(KeycloakSession session, RealmModel realm) {
// Set default accessToken timeout for implicit flow
realm.setAccessTokenLifespanForImplicitFlow(Constants.DEFAULT_ACCESS_TOKEN_LIFESPAN_FOR_IMPLICIT_FLOW_TIMEOUT);
// Add 'admin-cli' builtin client
MigrationProvider migrationProvider = session.getProvider(MigrationProvider.class);
migrationProvider.setupAdminCli(realm);
// add firstBrokerLogin flow and set it to all identityProviders
DefaultAuthenticationFlows.migrateFlows(realm);
AuthenticationFlowModel firstBrokerLoginFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.FIRST_BROKER_LOGIN_FLOW);
List<IdentityProviderModel> identityProviders = realm.getIdentityProviders();
for (IdentityProviderModel identityProvider : identityProviders) {
if (identityProvider.getFirstBrokerLoginFlowId() == null) {
identityProvider.setFirstBrokerLoginFlowId(firstBrokerLoginFlow.getId());
realm.updateIdentityProvider(identityProvider);
}
}
}
Example 2
| Source File: KeycloakModelUtils.java From keycloak with Apache License 2.0 | 6 votes |
|
/**
* Check to see if a flow is currently in use
*
* @param realm
* @param model
* @return
*/
public static boolean isFlowUsed(RealmModel realm, AuthenticationFlowModel model) {
AuthenticationFlowModel realmFlow = null;
if ((realmFlow = realm.getBrowserFlow()) != null && realmFlow.getId().equals(model.getId())) return true;
if ((realmFlow = realm.getRegistrationFlow()) != null && realmFlow.getId().equals(model.getId())) return true;
if ((realmFlow = realm.getClientAuthenticationFlow()) != null && realmFlow.getId().equals(model.getId())) return true;
if ((realmFlow = realm.getDirectGrantFlow()) != null && realmFlow.getId().equals(model.getId())) return true;
if ((realmFlow = realm.getResetCredentialsFlow()) != null && realmFlow.getId().equals(model.getId())) return true;
if ((realmFlow = realm.getDockerAuthenticationFlow()) != null && realmFlow.getId().equals(model.getId())) return true;
for (IdentityProviderModel idp : realm.getIdentityProviders()) {
if (model.getId().equals(idp.getFirstBrokerLoginFlowId())) return true;
if (model.getId().equals(idp.getPostBrokerLoginFlowId())) return true;
}
return false;
}
Example 3
| Source File: OriginalSubClaimMapper.java From keycloak-extension-playground with Apache License 2.0 | 5 votes |
|
@Override
protected void setClaim(IDToken token, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession session, ClientSessionContext clientSessionCtx) {
RealmModel realm = userSession.getRealm();
UserModel user = userSession.getUser();
List<IdentityProviderModel> identityProviders = realm.getIdentityProviders();
Set<FederatedIdentityModel> identities = session.users().getFederatedIdentities(user, realm);
if (identityProviders == null || identityProviders.isEmpty()) {
return;
}
for (IdentityProviderModel provider : identityProviders) {
if (!provider.isEnabled()) {
continue;
}
String providerId = provider.getAlias();
FederatedIdentityModel identity = getIdentity(identities, providerId);
if (identity != null) {
String userId = identity.getUserId();
OIDCAttributeMapperHelper.mapClaim(token, mappingModel, userId);
}
}
}
Example 4
| Source File: MigrateTo2_2_0.java From keycloak with Apache License 2.0 | 5 votes |
|
private void addIdentityProviderAuthenticator(RealmModel realm) {
String defaultProvider = null;
for (IdentityProviderModel provider : realm.getIdentityProviders()) {
if (provider.isEnabled() && provider.isAuthenticateByDefault()) {
defaultProvider = provider.getAlias();
break;
}
}
DefaultAuthenticationFlows.addIdentityProviderAuthenticator(realm, defaultProvider);
}
Example 5
| Source File: SocialLoginTest.java From keycloak with Apache License 2.0 | 5 votes |
|
public static void setupClientExchangePermissions(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName(REALM);
ClientModel client = session.realms().getClientByClientId(EXCHANGE_CLIENT, realm);
// lazy init
if (client != null) return;
client = realm.addClient(EXCHANGE_CLIENT);
client.setSecret("secret");
client.setPublicClient(false);
client.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
client.setEnabled(true);
client.setDirectAccessGrantsEnabled(true);
ClientPolicyRepresentation clientPolicyRep = new ClientPolicyRepresentation();
clientPolicyRep.setName("client-policy");
clientPolicyRep.addClient(client.getId());
AdminPermissionManagement management = AdminPermissions.management(session, realm);
management.users().setPermissionsEnabled(true);
ResourceServer server = management.realmResourceServer();
Policy clientPolicy = management.authz().getStoreFactory().getPolicyStore().create(clientPolicyRep, server);
management.users().adminImpersonatingPermission().addAssociatedPolicy(clientPolicy);
management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
for (IdentityProviderModel idp : realm.getIdentityProviders()) {
management.idps().setPermissionsEnabled(idp, true);
management.idps().exchangeToPermission(idp).addAssociatedPolicy(clientPolicy);
}
}
Example 6
| Source File: AccountFederatedIdentityBean.java From keycloak with Apache License 2.0 | 5 votes |
|
public AccountFederatedIdentityBean(KeycloakSession session, RealmModel realm, UserModel user, URI baseUri, String stateChecker) {
this.session = session;
List<IdentityProviderModel> identityProviders = realm.getIdentityProviders();
Set<FederatedIdentityModel> identities = session.users().getFederatedIdentities(user, realm);
int availableIdentities = 0;
if (identityProviders != null && !identityProviders.isEmpty()) {
for (IdentityProviderModel provider : identityProviders) {
if (!provider.isEnabled()) {
continue;
}
String providerId = provider.getAlias();
FederatedIdentityModel identity = getIdentity(identities, providerId);
if (identity != null) {
availableIdentities++;
}
String displayName = KeycloakModelUtils.getIdentityProviderDisplayName(session, provider);
FederatedIdentityEntry entry = new FederatedIdentityEntry(identity, displayName, provider.getAlias(), provider.getAlias(),
provider.getConfig() != null ? provider.getConfig().get("guiOrder") : null);
this.identities.add(entry);
}
}
this.identities.sort(IDP_COMPARATOR_INSTANCE);
// Removing last social provider is not possible if you don't have other possibility to authenticate
this.removeLinkPossible = availableIdentities > 1 || user.getFederationLink() != null || AccountFormService.isPasswordSet(session, realm, user);
}
Example 7
| Source File: IdentityProviderResource.java From keycloak with Apache License 2.0 | 5 votes |
|
private static String getProviderIdByInternalId(RealmModel realm, String providerInternalId) {
List<IdentityProviderModel> providerModels = realm.getIdentityProviders();
for (IdentityProviderModel providerModel : providerModels) {
if (providerModel.getInternalId().equals(providerInternalId)) {
return providerModel.getAlias();
}
}
return null;
}
Example 8
| Source File: IdentityProviderResource.java From keycloak with Apache License 2.0 | 5 votes |
|
private static void lookUpProviderIdByAlias(RealmModel realm, IdentityProviderRepresentation providerRep) {
List<IdentityProviderModel> providerModels = realm.getIdentityProviders();
for (IdentityProviderModel providerModel : providerModels) {
if (providerModel.getAlias().equals(providerRep.getAlias())) {
providerRep.setInternalId(providerModel.getInternalId());
return;
}
}
throw new javax.ws.rs.NotFoundException();
}
Example 9
| Source File: LinkedAccountsResource.java From keycloak with Apache License 2.0 | 5 votes |
|
public SortedSet<LinkedAccountRepresentation> getLinkedAccounts(KeycloakSession session, RealmModel realm, UserModel user) {
List<IdentityProviderModel> identityProviders = realm.getIdentityProviders();
SortedSet<LinkedAccountRepresentation> linkedAccounts = new TreeSet<>();
if (identityProviders == null || identityProviders.isEmpty()) return linkedAccounts;
Set<String> socialIds = findSocialIds();
Set<FederatedIdentityModel> identities = session.users().getFederatedIdentities(user, realm);
for (IdentityProviderModel provider : identityProviders) {
if (!provider.isEnabled()) {
continue;
}
String providerId = provider.getAlias();
FederatedIdentityModel identity = getIdentity(identities, providerId);
String displayName = KeycloakModelUtils.getIdentityProviderDisplayName(session, provider);
String guiOrder = provider.getConfig() != null ? provider.getConfig().get("guiOrder") : null;
LinkedAccountRepresentation rep = new LinkedAccountRepresentation();
rep.setConnected(identity != null);
rep.setSocial(socialIds.contains(provider.getProviderId()));
rep.setProviderAlias(providerId);
rep.setDisplayName(displayName);
rep.setGuiOrder(guiOrder);
rep.setProviderName(provider.getAlias());
if (identity != null) {
rep.setLinkedUsername(identity.getUserName());
}
linkedAccounts.add(rep);
}
return linkedAccounts;
}
