public static void addFlows(RealmModel realm) { if (realm.getFlowByAlias(BROWSER_FLOW) == null) browserFlow(realm); if (realm.getFlowByAlias(DIRECT_GRANT_FLOW) == null) directGrantFlow(realm, false); if (realm.getFlowByAlias(REGISTRATION_FLOW) == null) registrationFlow(realm); if (realm.getFlowByAlias(RESET_CREDENTIALS_FLOW) == null) resetCredentialsFlow(realm); if (realm.getFlowByAlias(CLIENT_AUTHENTICATION_FLOW) == null) clientAuthFlow(realm); if (realm.getFlowByAlias(FIRST_BROKER_LOGIN_FLOW) == null) firstBrokerLoginFlow(realm, false); if (realm.getFlowByAlias(SAML_ECP_FLOW) == null) samlEcpProfile(realm); } public static void migrateFlows(RealmModel realm) {
public static void migrateFlows(RealmModel realm) { if (realm.getFlowByAlias(BROWSER_FLOW) == null) browserFlow(realm, true); if (realm.getFlowByAlias(DIRECT_GRANT_FLOW) == null) directGrantFlow(realm, true); if (realm.getFlowByAlias(REGISTRATION_FLOW) == null) registrationFlow(realm); if (realm.getFlowByAlias(RESET_CREDENTIALS_FLOW) == null) resetCredentialsFlow(realm); if (realm.getFlowByAlias(CLIENT_AUTHENTICATION_FLOW) == null) clientAuthFlow(realm); if (realm.getFlowByAlias(FIRST_BROKER_LOGIN_FLOW) == null) firstBrokerLoginFlow(realm, true); if (realm.getFlowByAlias(SAML_ECP_FLOW) == null) samlEcpProfile(realm); }
public void migrate(KeycloakSession session) { List<RealmModel> realms = session.realms().getRealms(); for (RealmModel realm : realms) { DefaultAuthenticationFlows.migrateFlows(realm); // add reset credentials flo realm.setOTPPolicy(OTPPolicy.DEFAULT_POLICY); realm.setBrowserFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW)); realm.setRegistrationFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.REGISTRATION_FLOW)); realm.setDirectGrantFlow(realm.getFlowByAlias(DefaultAuthenticationFlows.DIRECT_GRANT_FLOW)); AuthenticationFlowModel resetFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW); if (resetFlow == null) { DefaultAuthenticationFlows.resetCredentialsFlow(realm); } else { realm.setResetCredentialsFlow(resetFlow); } AuthenticationFlowModel clientAuthFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW); if (clientAuthFlow == null) { DefaultAuthenticationFlows.clientAuthFlow(realm); } else { realm.setClientAuthenticationFlow(clientAuthFlow); } for (ClientModel client : realm.getClients()) { client.setClientAuthenticatorType(KeycloakModelUtils.getDefaultClientAuthenticatorType()); } } } }
AuthenticationFlowModel model = newRealm.getFlowByAlias(flowRep.getAlias()); for (AuthenticationExecutionRepresentation exeRep : flowRep.getAuthenticationExecutions()) { AuthenticationExecutionModel execution = toModel(newRealm, exeRep); newRealm.setBrowserFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW)); } else { newRealm.setBrowserFlow(newRealm.getFlowByAlias(rep.getBrowserFlow())); newRealm.setRegistrationFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.REGISTRATION_FLOW)); } else { newRealm.setRegistrationFlow(newRealm.getFlowByAlias(rep.getRegistrationFlow())); newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(DefaultAuthenticationFlows.DIRECT_GRANT_FLOW)); } else { newRealm.setDirectGrantFlow(newRealm.getFlowByAlias(rep.getDirectGrantFlow())); AuthenticationFlowModel resetFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.RESET_CREDENTIALS_FLOW); if (resetFlow == null) { DefaultAuthenticationFlows.resetCredentialsFlow(newRealm); newRealm.setResetCredentialsFlow(newRealm.getFlowByAlias(rep.getResetCredentialsFlow())); AuthenticationFlowModel clientFlow = newRealm.getFlowByAlias(DefaultAuthenticationFlows.CLIENT_AUTHENTICATION_FLOW); if (clientFlow == null) { DefaultAuthenticationFlows.clientAuthFlow(newRealm); newRealm.setClientAuthenticationFlow(newRealm.getFlowByAlias(rep.getClientAuthenticationFlow())); if (newRealm.getFlowByAlias(DefaultAuthenticationFlows.FIRST_BROKER_LOGIN_FLOW) == null) {
public void migrate(KeycloakSession session) { List<RealmModel> realms = session.realms().getRealms(); for (RealmModel realm : realms) { // Set default accessToken timeout for implicit flow realm.setAccessTokenLifespanForImplicitFlow(Constants.DEFAULT_ACCESS_TOKEN_LIFESPAN_FOR_IMPLICIT_FLOW_TIMEOUT); // Add 'admin-cli' builtin client MigrationProvider migrationProvider = session.getProvider(MigrationProvider.class); migrationProvider.setupAdminCli(realm); // add firstBrokerLogin flow and set it to all identityProviders DefaultAuthenticationFlows.migrateFlows(realm); AuthenticationFlowModel firstBrokerLoginFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.FIRST_BROKER_LOGIN_FLOW); List<IdentityProviderModel> identityProviders = realm.getIdentityProviders(); for (IdentityProviderModel identityProvider : identityProviders) { if (identityProvider.getFirstBrokerLoginFlowId() == null) { identityProvider.setFirstBrokerLoginFlowId(firstBrokerLoginFlow.getId()); realm.updateIdentityProvider(identityProvider); } } } } }
AuthenticationFlowModel flowModel = realm.getFlowByAlias(flowAlias); if (flowModel == null) { throw new ModelException("No available authentication flow with alias: " + flowAlias); identityProviderModel.setPostBrokerLoginFlowId(null); } else { flowModel = realm.getFlowByAlias(flowAlias); if (flowModel == null) { throw new ModelException("No available authentication flow with alias: " + flowAlias);
public static AuthenticationExecutionModel toModel(RealmModel realm, AuthenticationExecutionRepresentation rep) { AuthenticationExecutionModel model = new AuthenticationExecutionModel(); if (rep.getAuthenticatorConfig() != null) { AuthenticatorConfigModel config = realm.getAuthenticatorConfigByAlias(rep.getAuthenticatorConfig()); model.setAuthenticatorConfig(config.getId()); } model.setAuthenticator(rep.getAuthenticator()); model.setAuthenticatorFlow(rep.isAutheticatorFlow()); if (rep.getFlowAlias() != null) { AuthenticationFlowModel flow = realm.getFlowByAlias(rep.getFlowAlias()); model.setFlowId(flow.getId()); } model.setPriority(rep.getPriority()); model.setRequirement(AuthenticationExecutionModel.Requirement.valueOf(rep.getRequirement())); return model; }
realm.setBrowserFlow(realm.getFlowByAlias(rep.getBrowserFlow())); realm.setRegistrationFlow(realm.getFlowByAlias(rep.getRegistrationFlow())); realm.setDirectGrantFlow(realm.getFlowByAlias(rep.getDirectGrantFlow())); realm.setResetCredentialsFlow(realm.getFlowByAlias(rep.getResetCredentialsFlow())); realm.setClientAuthenticationFlow(realm.getFlowByAlias(rep.getClientAuthenticationFlow()));
browserFlow = realm.getFlowByAlias(DefaultAuthenticationFlows.BROWSER_FLOW);