/** * Base path for the admin REST API for one particular realm. * * @param headers * @param name realm name (not id!) * @return */ @Path("{realm}") public RealmAdminResource getRealmAdmin( @Context final HttpHeaders headers, @PathParam("realm") final String name) { RealmManager realmManager = new RealmManager(session); RealmModel realm = realmManager.getRealmByName(name); if (realm == null) throw new NotFoundException("Realm not found."); if (!auth.getRealm().equals(realmManager.getKeycloakAdminstrationRealm()) && !auth.getRealm().equals(realm)) { throw new ForbiddenException(); } RealmAuth realmAuth; if (auth.getRealm().equals(realmManager.getKeycloakAdminstrationRealm())) { realmAuth = new RealmAuth(auth, realm.getMasterAdminClient()); } else { realmAuth = new RealmAuth( auth, realm.getClientByClientId(realmManager.getRealmAdminClientId(auth.getRealm()))); } AdminEventBuilder adminEvent = new AdminEventBuilder(realm, auth, session, clientConnection); session.getContext().setRealm(realm); RealmAdminResource adminResource = new RealmAdminResource(realmAuth, realm, tokenManager, adminEvent); ResteasyProviderFactory.getInstance().injectProperties(adminResource); // resourceContext.initResource(adminResource); return adminResource; }
@Override public Response sendError(ClientSessionModel clientSession, Error error) { setupResponseTypeAndMode(clientSession); String redirect = clientSession.getRedirectUri(); String state = clientSession.getNote(OIDCLoginProtocol.STATE_PARAM); OIDCRedirectUriBuilder redirectUri = OIDCRedirectUriBuilder.fromUri(redirect, responseMode) .addParam(OAuth2Constants.ERROR, translateError(error)); if (state != null) redirectUri.addParam(OAuth2Constants.STATE, state); session.sessions().removeClientSession(realm, clientSession); RestartLoginCookie.expireRestartCookie(realm, session.getContext().getConnection(), uriInfo); return redirectUri.build(); }
@Override public Response sendError(ClientSessionModel clientSession, Error error) { try { if ("true".equals(clientSession.getClient().getAttribute(SAML_IDP_INITIATED_LOGIN))) { if (error == Error.CANCELLED_BY_USER) { UriBuilder builder = RealmsResource.protocolUrl(uriInfo).path(SamlService.class, "idpInitiatedSSO"); Map<String, String> params = new HashMap<>(); params.put("realm", realm.getName()); params.put("protocol", LOGIN_PROTOCOL); params.put( "client", clientSession.getClient().getAttribute(SAML_IDP_INITIATED_SSO_URL_NAME)); URI redirect = builder.buildFromMap(params); return Response.status(302).location(redirect).build(); } else { return ErrorPage.error(session, translateErrorToIdpInitiatedErrorMessage(error)); } } else { SAML2ErrorResponseBuilder builder = new SAML2ErrorResponseBuilder() .destination(clientSession.getRedirectUri()) .issuer(getResponseIssuer(realm)) .status(translateErrorToSAMLStatus(error).get()); try { JaxrsSAML2BindingBuilder binding = new JaxrsSAML2BindingBuilder() .relayState(clientSession.getNote(GeneralConstants.RELAY_STATE)); Document document = builder.buildDocument(); return buildErrorResponse(clientSession, binding, document); } catch (Exception e) { return ErrorPage.error(session, Messages.FAILED_TO_PROCESS_RESPONSE); } } } finally { RestartLoginCookie.expireRestartCookie(realm, session.getContext().getConnection(), uriInfo); session.sessions().removeClientSession(realm, clientSession); } }
@Override public PasswordPolicyProvider create(KeycloakSession session) { return new LengthPasswordPolicyProvider(session.getContext()); }