public static void migrateFlows(RealmModel realm) { if (realm.getFlowByAlias(BROWSER_FLOW) == null) browserFlow(realm, true); if (realm.getFlowByAlias(DIRECT_GRANT_FLOW) == null) directGrantFlow(realm, true); if (realm.getFlowByAlias(REGISTRATION_FLOW) == null) registrationFlow(realm); if (realm.getFlowByAlias(RESET_CREDENTIALS_FLOW) == null) resetCredentialsFlow(realm); if (realm.getFlowByAlias(CLIENT_AUTHENTICATION_FLOW) == null) clientAuthFlow(realm); if (realm.getFlowByAlias(FIRST_BROKER_LOGIN_FLOW) == null) firstBrokerLoginFlow(realm, true); if (realm.getFlowByAlias(SAML_ECP_FLOW) == null) samlEcpProfile(realm); }
public static void importAuthenticationFlows(RealmModel newRealm, RealmRepresentation rep) { if (rep.getAuthenticationFlows() == null) { DefaultAuthenticationFlows.migrateFlows(newRealm); } else { for (AuthenticatorConfigRepresentation configRep : rep.getAuthenticatorConfig()) { AuthenticationFlowModel resetFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW); if (resetFlow == null) { DefaultAuthenticationFlows.resetCredentialsFlow(newRealm); } else { newRealm.setResetCredentialsFlow(resetFlow); AuthenticationFlowModel clientFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW); if (clientFlow == null) { DefaultAuthenticationFlows.clientAuthFlow(newRealm); } else { newRealm.setClientAuthenticationFlow(clientFlow); DefaultAuthenticationFlows.firstBrokerLoginFlow(newRealm, true);
public void migrate(KeycloakSession session) { List<RealmModel> realms = session.realms().getRealms(); for (RealmModel realm : realms) { DefaultAuthenticationFlows.migrateFlows(realm); // add reset credentials flo realm.setOTPPolicy(OTPPolicy.DEFAULT_POLICY); realm.setBrowserFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW)); realm.setRegistrationFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.REGISTRATION_FLOW)); realm.setDirectGrantFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.DIRECT_GRANT_FLOW)); AuthenticationFlowModel resetFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW); if (resetFlow == null) { DefaultAuthenticationFlows.resetCredentialsFlow(realm); } else { realm.setResetCredentialsFlow(resetFlow); } AuthenticationFlowModel clientAuthFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW); if (clientAuthFlow == null) { DefaultAuthenticationFlows.clientAuthFlow(realm); } else { realm.setClientAuthenticationFlow(clientAuthFlow); } for (ClientModel client : realm.getClients()) { client.setClientAuthenticatorType(KeycloakModelUtils.getDefaultClientAuthenticatorType()); } } } }
public void migrate(KeycloakSession session) { List<RealmModel> realms = session.realms().getRealms(); for (RealmModel realm : realms) { if (realm.getAuthenticationFlows().size() == 0) { DefaultAuthenticationFlows.migrateFlows(realm); DefaultRequiredActions.addActions(realm); } ImpersonationConstants.setupImpersonationService(session, realm); migrateLDAPMappers(session, realm); migrateUsers(session, realm); } }
execution.setParentFlow(grant.getId()); execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED); if (migrate && !hasCredentialType(realm, RequiredCredentialModel.PASSWORD.getType())) { execution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED); execution.setParentFlow(grant.getId()); execution.setRequirement(AuthenticationExecutionModel.Requirement.OPTIONAL); if (migrate && hasCredentialType(realm, RequiredCredentialModel.TOTP.getType())) { execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
public static void browserFlow(RealmModel realm) { browserFlow(realm, false); }
public void migrate(KeycloakSession session) { List<RealmModel> realms = session.realms().getRealms(); for (RealmModel realm : realms) { // Set default accessToken timeout for implicit flow realm.setAccessTokenLifespanForImplicitFlow(Constants.DEFAULT_ACCESS_TOKEN_LIFESPAN_FOR_IMPLICIT_FLOW_TIMEOUT); // Add 'admin-cli' builtin client MigrationProvider migrationProvider = session.getProvider(MigrationProvider.class); migrationProvider.setupAdminCli(realm); // add firstBrokerLogin flow and set it to all identityProviders DefaultAuthenticationFlows.migrateFlows(realm); AuthenticationFlowModel firstBrokerLoginFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.FIRST_BROKER_LOGIN_FLOW); List<IdentityProviderModel> identityProviders = realm.getIdentityProviders(); for (IdentityProviderModel identityProvider : identityProviders) { if (identityProvider.getFirstBrokerLoginFlowId() == null) { identityProvider.setFirstBrokerLoginFlowId(firstBrokerLoginFlow.getId()); realm.updateIdentityProvider(identityProvider); } } } } }
execution.setParentFlow(browser.getId()); execution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED); if (migrate && hasCredentialType(realm, RequiredCredentialModel.KERBEROS.getType())) { execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE); execution.setParentFlow(forms.getId()); execution.setRequirement(AuthenticationExecutionModel.Requirement.OPTIONAL); if (migrate && hasCredentialType(realm, RequiredCredentialModel.TOTP.getType())) { execution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
public static void addFlows(RealmModel realm) { if (realm.getFlowByAlias(BROWSER_FLOW) == null) browserFlow(realm); if (realm.getFlowByAlias(DIRECT_GRANT_FLOW) == null) directGrantFlow(realm, false); if (realm.getFlowByAlias(REGISTRATION_FLOW) == null) registrationFlow(realm); if (realm.getFlowByAlias(RESET_CREDENTIALS_FLOW) == null) resetCredentialsFlow(realm); if (realm.getFlowByAlias(CLIENT_AUTHENTICATION_FLOW) == null) clientAuthFlow(realm); if (realm.getFlowByAlias(FIRST_BROKER_LOGIN_FLOW) == null) firstBrokerLoginFlow(realm, false); if (realm.getFlowByAlias(SAML_ECP_FLOW) == null) samlEcpProfile(realm); } public static void migrateFlows(RealmModel realm) {