Open bombleadam opened 6 years ago
Wow, thanks for submitting this! Unfortunately, we never actually ended up implementing Keycloak so this plugin has been unmaintained for a while. Can it be replaced by delivered functionality at this point? I can't imagine the fix would be too difficult but we don't really have time to investigate at the moment. A PR would be greatly appreciated though!
Ha. No problems. It actually worked quite well for us. Anyway, I think I can probably replicate the functionality using the script based authenticator. If not I'll do a PR.
we never actually ended up implementing Keycloak so this plugin has been unmaintained for a while
@ikogan, out of curiosity, what did you implement instead?
That's still an ongoing discussion actually. Most likely we'll be using a cloud provider.
For those who are still looking to do this, I replicated @ikogan's code as a Keycloak Script and it works a treat.
/*
* Template for JavaScript based authenticator's.
* See org.keycloak.authentication.authenticators.browser.ScriptBasedAuthenticatorFactory
*/
// import enum for error lookup
AuthenticationFlowError = Java.type("org.keycloak.authentication.AuthenticationFlowError");
AbstractIdpAuthenticator = Java.type("org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator")
/**
* An example authenticate function.
*
* The following variables are available for convenience:
* user - current user {@see org.keycloak.models.UserModel}
* realm - current realm {@see org.keycloak.models.RealmModel}
* session - current KeycloakSession {@see org.keycloak.models.KeycloakSession}
* httpRequest - current HttpRequest {@see org.jboss.resteasy.spi.HttpRequest}
* script - current script {@see org.keycloak.models.ScriptModel}
* authenticationSession - current authentication session {@see org.keycloak.sessions.AuthenticationSessionModel}
* LOG - current logger {@see org.jboss.logging.Logger}
*
* You one can extract current http request headers via:
* httpRequest.getHttpHeaders().getHeaderString("Forwarded")
*
* @param context {@see org.keycloak.authentication.AuthenticationFlowContext}
*/
function authenticate(context) {
existingUser = AbstractIdpAuthenticator.getExistingUser(session, realm, authenticationSession);
if(existingUser !== null) {
context.setUser(existingUser);
context.success();
} else {
context.failure(AuthenticationFlowError.UNKNOWN_USER);
}
}
Thanks @CCob for fixing this for folks. According to https://github.com/ohioit/keycloak-link-idp-with-user/issues/2, and the Jira issue linked from there, it looks like this functionality will be included in Keycloak 4.5.0 by default!
Hey, thanks for this software. It's been working great. Since upgrading to 7.2.2.GA I'm getting an error when trying to login.
ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-18) Uncaught server error: java.lang.NoSuchMethodError: org.keycloak.authentication.AuthenticationFlowContext.getClientSession()Lorg/keycloak/models/ClientSessionModel; at edu.ohio.ais.keycloak.authentication.LinkIdpLoginAuthenticator.authenticate(LinkIdpLoginAuthenticator.java:43) at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:200) at org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:853) at org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:722) at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:286) at org.keycloak.services.resources.LoginActionsService.brokerLoginFlow(LoginActionsService.java:753) at org.keycloak.services.resources.LoginActionsService.firstBrokerLoginGet(LoginActionsService.java:669)