public AuthOutcome authenticate() { if (log.isTraceEnabled()) { log.trace("--> authenticate()"); } BearerTokenRequestAuthenticator bearer = createBearerTokenAuthenticator(); if (log.isTraceEnabled()) { log.trace("try bearer"); } AuthOutcome outcome = bearer.authenticate(facade); if (outcome == AuthOutcome.FAILED) { challenge = bearer.getChallenge(); log.debug("Bearer FAILED"); return AuthOutcome.FAILED; } else if (outcome == AuthOutcome.AUTHENTICATED) { if (verifySSL()) return AuthOutcome.FAILED; completeAuthentication(bearer); log.debug("Bearer AUTHENTICATED"); return AuthOutcome.AUTHENTICATED; } else if (deployment.isBearerOnly()) { challenge = bearer.getChallenge(); log.debug("NOT_ATTEMPTED: bearer only"); return AuthOutcome.NOT_ATTEMPTED; } if (log.isTraceEnabled()) { log.trace("try oauth"); } if (isCached()) { if (verifySSL()) return AuthOutcome.FAILED; log.debug("AUTHENTICATED: was cached"); return AuthOutcome.AUTHENTICATED; } OAuthRequestAuthenticator oauth = createOAuthAuthenticator(); outcome = oauth.authenticate(); if (outcome == AuthOutcome.FAILED) { challenge = oauth.getChallenge(); return AuthOutcome.FAILED; } else if (outcome == AuthOutcome.NOT_ATTEMPTED) { challenge = oauth.getChallenge(); return AuthOutcome.NOT_ATTEMPTED; } if (verifySSL()) return AuthOutcome.FAILED; completeAuthentication(oauth); // redirect to strip out access code and state query parameters facade.getResponse().setHeader("Location", oauth.getStrippedOauthParametersRequestUri()); facade.getResponse().setStatus(302); facade.getResponse().end(); log.debug("AUTHENTICATED"); return AuthOutcome.AUTHENTICATED; }
protected KeycloakDeployment internalBuild(AdapterConfig adapterConfig) { if (adapterConfig.getRealm() == null) throw new RuntimeException("Must set 'realm' in config"); deployment.setRealm(adapterConfig.getRealm()); String resource = adapterConfig.getResource(); if (resource == null) throw new RuntimeException("Must set 'resource' in config"); deployment.setResourceName(resource); String realmKeyPem = adapterConfig.getRealmKey(); if (realmKeyPem != null) { PublicKey realmKey; try { realmKey = PemUtils.decodePublicKey(realmKeyPem); } catch (Exception e) { throw new RuntimeException(e); } deployment.setRealmKey(realmKey); } if (adapterConfig.getSslRequired() != null) { deployment.setSslRequired(SslRequired.valueOf(adapterConfig.getSslRequired().toUpperCase())); } else { deployment.setSslRequired(SslRequired.EXTERNAL); } if (adapterConfig.getTokenStore() != null) { deployment.setTokenStore(TokenStore.valueOf(adapterConfig.getTokenStore().toUpperCase())); } else { deployment.setTokenStore(TokenStore.SESSION); } if (adapterConfig.getPrincipalAttribute() != null) deployment.setPrincipalAttribute(adapterConfig.getPrincipalAttribute()); deployment.setResourceCredentials(adapterConfig.getCredentials()); deployment.setPublicClient(adapterConfig.isPublicClient()); deployment.setUseResourceRoleMappings(adapterConfig.isUseResourceRoleMappings()); deployment.setExposeToken(adapterConfig.isExposeToken()); if (adapterConfig.isCors()) { deployment.setCors(true); deployment.setCorsMaxAge(adapterConfig.getCorsMaxAge()); deployment.setCorsAllowedHeaders(adapterConfig.getCorsAllowedHeaders()); deployment.setCorsAllowedMethods(adapterConfig.getCorsAllowedMethods()); } deployment.setBearerOnly(adapterConfig.isBearerOnly()); deployment.setEnableBasicAuth(adapterConfig.isEnableBasicAuth()); deployment.setAlwaysRefreshToken(adapterConfig.isAlwaysRefreshToken()); deployment.setRegisterNodeAtStartup(adapterConfig.isRegisterNodeAtStartup()); deployment.setRegisterNodePeriod(adapterConfig.getRegisterNodePeriod()); if (realmKeyPem == null && adapterConfig.isBearerOnly() && adapterConfig.getAuthServerUrl() == null) { throw new IllegalArgumentException( "For bearer auth, you must set the realm-public-key or auth-server-url"); } if (realmKeyPem == null || !deployment.isBearerOnly() || deployment.isRegisterNodeAtStartup() || deployment.getRegisterNodePeriod() != -1) { deployment.setClient(new HttpClientBuilder().build(adapterConfig)); } if (adapterConfig.getAuthServerUrl() == null && (!deployment.isBearerOnly() || realmKeyPem == null)) { throw new RuntimeException("You must specify auth-url"); } deployment.setAuthServerBaseUrl(adapterConfig); log.debug( "Use authServerUrl: " + deployment.getAuthServerBaseUrl() + ", tokenUrl: " + deployment.getTokenUrl() + ", relativeUrls: " + deployment.getRelativeUrls()); return deployment; }