/**
* Base path for the admin REST API for one particular realm.
*
* @param headers
* @param name realm name (not id!)
* @return
*/
@Path("{realm}")
public RealmAdminResource getRealmAdmin(
@Context final HttpHeaders headers, @PathParam("realm") final String name) {
RealmManager realmManager = new RealmManager(session);
RealmModel realm = realmManager.getRealmByName(name);
if (realm == null) throw new NotFoundException("Realm not found.");
if (!auth.getRealm().equals(realmManager.getKeycloakAdminstrationRealm())
&& !auth.getRealm().equals(realm)) {
throw new ForbiddenException();
}
RealmAuth realmAuth;
if (auth.getRealm().equals(realmManager.getKeycloakAdminstrationRealm())) {
realmAuth = new RealmAuth(auth, realm.getMasterAdminClient());
} else {
realmAuth =
new RealmAuth(
auth, realm.getClientByClientId(realmManager.getRealmAdminClientId(auth.getRealm())));
}
AdminEventBuilder adminEvent = new AdminEventBuilder(realm, auth, session, clientConnection);
session.getContext().setRealm(realm);
RealmAdminResource adminResource =
new RealmAdminResource(realmAuth, realm, tokenManager, adminEvent);
ResteasyProviderFactory.getInstance().injectProperties(adminResource);
// resourceContext.initResource(adminResource);
return adminResource;
}
@Override
public Response sendError(ClientSessionModel clientSession, Error error) {
setupResponseTypeAndMode(clientSession);
String redirect = clientSession.getRedirectUri();
String state = clientSession.getNote(OIDCLoginProtocol.STATE_PARAM);
OIDCRedirectUriBuilder redirectUri =
OIDCRedirectUriBuilder.fromUri(redirect, responseMode)
.addParam(OAuth2Constants.ERROR, translateError(error));
if (state != null) redirectUri.addParam(OAuth2Constants.STATE, state);
session.sessions().removeClientSession(realm, clientSession);
RestartLoginCookie.expireRestartCookie(realm, session.getContext().getConnection(), uriInfo);
return redirectUri.build();
}
@Override
public Response sendError(ClientSessionModel clientSession, Error error) {
try {
if ("true".equals(clientSession.getClient().getAttribute(SAML_IDP_INITIATED_LOGIN))) {
if (error == Error.CANCELLED_BY_USER) {
UriBuilder builder =
RealmsResource.protocolUrl(uriInfo).path(SamlService.class, "idpInitiatedSSO");
Map<String, String> params = new HashMap<>();
params.put("realm", realm.getName());
params.put("protocol", LOGIN_PROTOCOL);
params.put(
"client", clientSession.getClient().getAttribute(SAML_IDP_INITIATED_SSO_URL_NAME));
URI redirect = builder.buildFromMap(params);
return Response.status(302).location(redirect).build();
} else {
return ErrorPage.error(session, translateErrorToIdpInitiatedErrorMessage(error));
}
} else {
SAML2ErrorResponseBuilder builder =
new SAML2ErrorResponseBuilder()
.destination(clientSession.getRedirectUri())
.issuer(getResponseIssuer(realm))
.status(translateErrorToSAMLStatus(error).get());
try {
JaxrsSAML2BindingBuilder binding =
new JaxrsSAML2BindingBuilder()
.relayState(clientSession.getNote(GeneralConstants.RELAY_STATE));
Document document = builder.buildDocument();
return buildErrorResponse(clientSession, binding, document);
} catch (Exception e) {
return ErrorPage.error(session, Messages.FAILED_TO_PROCESS_RESPONSE);
}
}
} finally {
RestartLoginCookie.expireRestartCookie(realm, session.getContext().getConnection(), uriInfo);
session.sessions().removeClientSession(realm, clientSession);
}
}
@Override
public PasswordPolicyProvider create(KeycloakSession session) {
return new LengthPasswordPolicyProvider(session.getContext());
}
