form auth

connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.4.0.xml

@@ -12,6 +12,16 @@
                 <constraints nullable="true"/>
             </column>
         </addColumn>
+        <addColumn tableName="AUTHENTICATION_FLOW">
+            <column name="PROVIDER_ID" type="VARCHAR(36)" defaultValue="basic-flow">
+                <constraints nullable="false"/>
+            </column>
+        </addColumn>
+        <addColumn tableName="AUTHENTICATION_EXECUTION">
+            <column name="AUTH_FLOW_ID" type="VARCHAR(36)">
+                <constraints nullable="true"/>
+            </column>
+        </addColumn>
         <dropColumn tableName="AUTHENTICATOR"  columnName="PROVIDER_ID"/>
         <renameTable oldTableName="AUTHENTICATOR_CONFIG" newTableName="AUTHENTICATOR_CONFIG_ENTRY"/>
         <renameTable oldTableName="AUTHENTICATOR" newTableName="AUTHENTICATOR_CONFIG"/>

model/api/src/main/java/org/keycloak/models/AuthenticationExecutionModel.java

@@ -22,6 +22,7 @@ public int compare(AuthenticationExecutionModel o1, AuthenticationExecutionModel
     private String id;
     private String authenticatorConfig;
     private String authenticator;
+    private String flowId;
     private boolean autheticatorFlow;
     private Requirement requirement;
     private boolean userSetupAllowed;
@@ -84,6 +85,19 @@ public void setParentFlow(String parentFlow) {
         this.parentFlow = parentFlow;
     }
 
+    /**
+     * If this execution is a flow, this is the flowId pointing to an AuthenticationFlowModel
+     *
+     * @return
+     */
+    public String getFlowId() {
+        return flowId;
+    }
+
+    public void setFlowId(String flowId) {
+        this.flowId = flowId;
+    }
+
     /**
      * Is the referenced authenticator a flow?
      *

model/api/src/main/java/org/keycloak/models/AuthenticationFlowModel.java

@@ -12,6 +12,7 @@ public class AuthenticationFlowModel implements Serializable {
     private String id;
     private String alias;
     private String description;
+    private String providerId;
 
     public String getId() {
         return id;
@@ -36,4 +37,12 @@ public String getDescription() {
     public void setDescription(String description) {
         this.description = description;
     }
+
+    public String getProviderId() {
+        return providerId;
+    }
+
+    public void setProviderId(String providerId) {
+        this.providerId = providerId;
+    }
 }

model/api/src/main/java/org/keycloak/models/entities/AuthenticationExecutionEntity.java

@@ -10,6 +10,7 @@
 public class AuthenticationExecutionEntity {
     protected String id;
     protected String authenticator;
+    protected String flowId;
     protected AuthenticationExecutionModel.Requirement requirement;
     protected int priority;
     private boolean userSetupAllowed;
@@ -71,4 +72,12 @@ public String getParentFlow() {
     public void setParentFlow(String parentFlow) {
         this.parentFlow = parentFlow;
     }
+
+    public String getFlowId() {
+        return flowId;
+    }
+
+    public void setFlowId(String flowId) {
+        this.flowId = flowId;
+    }
 }

model/api/src/main/java/org/keycloak/models/entities/AuthenticationFlowEntity.java

@@ -12,6 +12,8 @@ public class AuthenticationFlowEntity {
     protected String id;
     protected String alias;
     protected String description;
+    protected String providerId;
+
     List<AuthenticationExecutionEntity> executions = new ArrayList<AuthenticationExecutionEntity>();
     public String getId() {
         return id;
@@ -44,4 +46,12 @@ public List<AuthenticationExecutionEntity> getExecutions() {
     public void setExecutions(List<AuthenticationExecutionEntity> executions) {
         this.executions = executions;
     }
+
+    public String getProviderId() {
+        return providerId;
+    }
+
+    public void setProviderId(String providerId) {
+        this.providerId = providerId;
+    }
 }

model/api/src/main/java/org/keycloak/models/utils/DefaultAuthenticationFlows.java

@@ -18,6 +18,7 @@ public static void addFlows(RealmModel realm) {
         AuthenticationFlowModel browser = new AuthenticationFlowModel();
         browser.setAlias(BROWSER_FLOW);
         browser.setDescription("browser based authentication");
+        browser.setProviderId("basic-flow");
         browser = realm.addAuthenticationFlow(browser);
         AuthenticationExecutionModel execution = new AuthenticationExecutionModel();
         execution.setParentFlow(browser.getId());
@@ -40,11 +41,12 @@ public static void addFlows(RealmModel realm) {
         AuthenticationFlowModel forms = new AuthenticationFlowModel();
         forms.setAlias(FORMS_FLOW);
         forms.setDescription("Username, password, otp and other auth forms.");
+        forms.setProviderId("basic-flow");
         forms = realm.addAuthenticationFlow(forms);
         execution = new AuthenticationExecutionModel();
         execution.setParentFlow(browser.getId());
         execution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
-        execution.setAuthenticator(forms.getId());
+        execution.setFlowId(forms.getId());
         execution.setPriority(30);
         execution.setUserSetupAllowed(false);
         execution.setAutheticatorFlow(true);

model/file/src/main/java/org/keycloak/models/file/adapter/RealmAdapter.java

@@ -1233,6 +1233,7 @@ protected AuthenticationFlowModel entityToModel(AuthenticationFlowEntity entity)
         model.setId(entity.getId());
         model.setAlias(entity.getAlias());
         model.setDescription(entity.getDescription());
+        model.setProviderId(entity.getProviderId());
         return model;
     }
 
@@ -1266,6 +1267,7 @@ public void updateAuthenticationFlow(AuthenticationFlowModel model) {
         if (toUpdate == null) return;
         toUpdate.setAlias(model.getAlias());
         toUpdate.setDescription(model.getDescription());
+        toUpdate.setProviderId(model.getProviderId());
 
     }
 
@@ -1275,6 +1277,7 @@ public AuthenticationFlowModel addAuthenticationFlow(AuthenticationFlowModel mod
         entity.setId(KeycloakModelUtils.generateId());
         entity.setAlias(model.getAlias());
         entity.setDescription(model.getDescription());
+        entity.setProviderId(model.getProviderId());
         realm.getAuthenticationFlows().add(entity);
         model.setId(entity.getId());
         return model;
@@ -1303,6 +1306,7 @@ public AuthenticationExecutionModel entityToModel(AuthenticationExecutionEntity
         model.setPriority(entity.getPriority());
         model.setAuthenticator(entity.getAuthenticator());
         model.setParentFlow(entity.getParentFlow());
+        model.setFlowId(entity.getFlowId());
         model.setAutheticatorFlow(entity.isAuthenticatorFlow());
         return model;
     }
@@ -1334,6 +1338,7 @@ public AuthenticationExecutionModel addAuthenticatorExecution(AuthenticationExec
         entity.setRequirement(model.getRequirement());
         entity.setUserSetupAllowed(model.isUserSetupAllowed());
         entity.setAuthenticatorFlow(model.isAutheticatorFlow());
+        entity.setFlowId(model.getFlowId());
         AuthenticationFlowEntity flow = getFlowEntity(model.getId());
         flow.getExecutions().add(entity);
         model.setId(entity.getId());
@@ -1355,6 +1360,7 @@ public void updateAuthenticatorExecution(AuthenticationExecutionModel model) {
         entity.setAuthenticator(model.getAuthenticator());
         entity.setPriority(model.getPriority());
         entity.setRequirement(model.getRequirement());
+        entity.setFlowId(model.getFlowId());
         entity.setUserSetupAllowed(model.isUserSetupAllowed());
     }
 

model/jpa/src/main/java/org/keycloak/models/jpa/RealmAdapter.java

@@ -1542,6 +1542,7 @@ protected AuthenticationFlowModel entityToModel(AuthenticationFlowEntity entity)
         AuthenticationFlowModel model = new AuthenticationFlowModel();
         model.setId(entity.getId());
         model.setAlias(entity.getAlias());
+        model.setProviderId(entity.getProviderId());
         model.setDescription(entity.getDescription());
         return model;
     }
@@ -1567,6 +1568,7 @@ public void updateAuthenticationFlow(AuthenticationFlowModel model) {
         if (entity == null) return;
         entity.setAlias(model.getAlias());
         entity.setDescription(model.getDescription());
+        entity.setProviderId(model.getProviderId());
 
     }
 
@@ -1576,6 +1578,7 @@ public AuthenticationFlowModel addAuthenticationFlow(AuthenticationFlowModel mod
         entity.setId(KeycloakModelUtils.generateId());
         entity.setAlias(model.getAlias());
         entity.setDescription(model.getDescription());
+        entity.setProviderId(model.getProviderId());
         entity.setRealm(realm);
         realm.getAuthenticationFlows().add(entity);
         em.persist(entity);
@@ -1589,7 +1592,7 @@ public List<AuthenticationExecutionModel> getAuthenticationExecutions(String flo
         TypedQuery<AuthenticationExecutionEntity> query = em.createNamedQuery("getAuthenticationExecutionsByFlow", AuthenticationExecutionEntity.class);
         AuthenticationFlowEntity flow = em.getReference(AuthenticationFlowEntity.class, flowId);
         query.setParameter("realm", realm);
-        query.setParameter("flow", flow);
+        query.setParameter("parentFlow", flow);
         List<AuthenticationExecutionEntity> queryResult = query.getResultList();
         List<AuthenticationExecutionModel> executions = new LinkedList<>();
         for (AuthenticationExecutionEntity entity : queryResult) {
@@ -1607,7 +1610,8 @@ public AuthenticationExecutionModel entityToModel(AuthenticationExecutionEntity
         model.setRequirement(entity.getRequirement());
         model.setPriority(entity.getPriority());
         model.setAuthenticator(entity.getAuthenticator());
-        model.setParentFlow(entity.getFlow().getId());
+        model.setFlowId(entity.getFlowId());
+        model.setParentFlow(entity.getParentFlow().getId());
         model.setAutheticatorFlow(entity.isAutheticatorFlow());
         return model;
     }
@@ -1625,9 +1629,10 @@ public AuthenticationExecutionModel addAuthenticatorExecution(AuthenticationExec
         entity.setId(KeycloakModelUtils.generateId());
         entity.setAuthenticator(model.getAuthenticator());
         entity.setPriority(model.getPriority());
+        entity.setFlowId(model.getFlowId());
         entity.setRequirement(model.getRequirement());
         AuthenticationFlowEntity flow = em.find(AuthenticationFlowEntity.class, model.getParentFlow());
-        entity.setFlow(flow);
+        entity.setParentFlow(flow);
         flow.getExecutions().add(entity);
         entity.setRealm(realm);
         entity.setUserSetupAllowed(model.isUserSetupAllowed());
@@ -1648,6 +1653,7 @@ public void updateAuthenticatorExecution(AuthenticationExecutionModel model) {
         entity.setPriority(model.getPriority());
         entity.setRequirement(model.getRequirement());
         entity.setUserSetupAllowed(model.isUserSetupAllowed());
+        entity.setFlowId(model.getFlowId());
         em.flush();
     }
 

model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticationExecutionEntity.java

@@ -19,9 +19,9 @@
 @Table(name="AUTHENTICATION_EXECUTION")
 @Entity
 @NamedQueries({
-        @NamedQuery(name="getAuthenticationExecutionsByFlow", query="select authenticator from AuthenticationExecutionEntity authenticator where authenticator.realm = :realm and authenticator.flow = :flow"),
+        @NamedQuery(name="getAuthenticationExecutionsByFlow", query="select authenticator from AuthenticationExecutionEntity authenticator where authenticator.realm = :realm and authenticator.parentFlow = :parentFlow"),
         @NamedQuery(name="deleteAuthenticationExecutionsByRealm", query="delete from AuthenticationExecutionEntity authenticator where authenticator.realm = :realm"),
-        @NamedQuery(name="deleteAuthenticationExecutionsByRealmAndFlow", query="delete from AuthenticationExecutionEntity authenticator where authenticator.realm = :realm and authenticator.flow = :flow"),
+        @NamedQuery(name="deleteAuthenticationExecutionsByRealmAndFlow", query="delete from AuthenticationExecutionEntity authenticator where authenticator.realm = :realm and authenticator.parentFlow = :parentFlow"),
 })
 public class AuthenticationExecutionEntity {
     @Id
@@ -34,11 +34,14 @@ public class AuthenticationExecutionEntity {
 
     @ManyToOne(fetch = FetchType.LAZY)
     @JoinColumn(name = "FLOW_ID")
-    protected AuthenticationFlowEntity flow;
+    protected AuthenticationFlowEntity parentFlow;
 
     @Column(name="AUTHENTICATOR")
     protected String authenticator;
 
+    @Column(name="AUTH_FLOW_ID")
+    protected String flowId;
+
     @Column(name="REQUIREMENT")
     protected AuthenticationExecutionModel.Requirement requirement;
 
@@ -107,11 +110,19 @@ public void setAutheticatorFlow(boolean autheticatorFlow) {
         this.autheticatorFlow = autheticatorFlow;
     }
 
-    public AuthenticationFlowEntity getFlow() {
-        return flow;
+    public AuthenticationFlowEntity getParentFlow() {
+        return parentFlow;
+    }
+
+    public void setParentFlow(AuthenticationFlowEntity flow) {
+        this.parentFlow = flow;
+    }
+
+    public String getFlowId() {
+        return flowId;
     }
 
-    public void setFlow(AuthenticationFlowEntity flow) {
-        this.flow = flow;
+    public void setFlowId(String flowId) {
+        this.flowId = flowId;
     }
 }

model/jpa/src/main/java/org/keycloak/models/jpa/entities/AuthenticationFlowEntity.java

@@ -36,10 +36,13 @@ public class AuthenticationFlowEntity {
     @Column(name="ALIAS")
     protected String alias;
 
+    @Column(name="PROVIDER_ID")
+    protected String providerId;
+
     @Column(name="DESCRIPTION")
     protected String description;
 
-    @OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "flow")
+    @OneToMany(fetch = FetchType.LAZY, cascade ={CascadeType.REMOVE}, orphanRemoval = true, mappedBy = "parentFlow")
     Collection<AuthenticationExecutionEntity> executions = new ArrayList<AuthenticationExecutionEntity>();
     public String getId() {
         return id;
@@ -80,4 +83,12 @@ public Collection<AuthenticationExecutionEntity> getExecutions() {
     public void setExecutions(Collection<AuthenticationExecutionEntity> executions) {
         this.executions = executions;
     }
+
+    public String getProviderId() {
+        return providerId;
+    }
+
+    public void setProviderId(String providerId) {
+        this.providerId = providerId;
+    }
 }

model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/RealmAdapter.java

@@ -1341,6 +1341,7 @@ public void updateAuthenticationFlow(AuthenticationFlowModel model) {
         if (toUpdate == null) return;
         toUpdate.setAlias(model.getAlias());
         toUpdate.setDescription(model.getDescription());
+        toUpdate.setProviderId(model.getProviderId());
         updateMongoEntity();
     }
 
@@ -1350,6 +1351,7 @@ public AuthenticationFlowModel addAuthenticationFlow(AuthenticationFlowModel mod
         entity.setId(KeycloakModelUtils.generateId());
         entity.setAlias(model.getAlias());
         entity.setDescription(model.getDescription());
+        entity.setProviderId(model.getProviderId());
         getMongoEntity().getAuthenticationFlows().add(entity);
         model.setId(entity.getId());
         updateMongoEntity();
@@ -1378,6 +1380,7 @@ public AuthenticationExecutionModel entityToModel(AuthenticationExecutionEntity
         model.setRequirement(entity.getRequirement());
         model.setPriority(entity.getPriority());
         model.setAuthenticator(entity.getAuthenticator());
+        model.setFlowId(entity.getFlowId());
         model.setParentFlow(entity.getParentFlow());
         model.setAutheticatorFlow(entity.isAuthenticatorFlow());
         return model;
@@ -1410,6 +1413,7 @@ public AuthenticationExecutionModel addAuthenticatorExecution(AuthenticationExec
         entity.setRequirement(model.getRequirement());
         entity.setUserSetupAllowed(model.isUserSetupAllowed());
         entity.setAuthenticatorFlow(model.isAutheticatorFlow());
+        entity.setFlowId(model.getFlowId());
         entity.setParentFlow(model.getParentFlow());
         AuthenticationFlowEntity flow = getFlowEntity(model.getParentFlow());
         flow.getExecutions().add(entity);
@@ -1433,6 +1437,7 @@ public void updateAuthenticatorExecution(AuthenticationExecutionModel model) {
         entity.setAuthenticator(model.getAuthenticator());
         entity.setPriority(model.getPriority());
         entity.setRequirement(model.getRequirement());
+        entity.setFlowId(model.getFlowId());
         entity.setUserSetupAllowed(model.isUserSetupAllowed());
         updateMongoEntity();
     }

services/src/main/java/org/keycloak/authentication/AuthenticationFlow.java

@@ -0,0 +1,12 @@
+package org.keycloak.authentication;
+
+import javax.ws.rs.core.Response;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public interface AuthenticationFlow {
+    Response processAction(String actionExecution);
+    Response processFlow();
+}