Skip to content

Commit

Permalink
Add cookie for chosen login IdPs and Make IdPs selection more efficient
Browse files Browse the repository at this point in the history
  • Loading branch information
cgeorgilakis-grnet committed Oct 25, 2024
1 parent 2d3e8d4 commit 517343e
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 9 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ Our Keycloak version is working well with PostgreSQL database. For using other S

### Added
- Logo uri for IdPs
- Add cookie for chosen login IdPs

### Fixed
- Make IdPs selection more efficient

## [22.0.11-1.10] - 2024-10-21

Expand Down
11 changes: 4 additions & 7 deletions services/src/main/java/org/keycloak/forms/login/freemarker/model/IdentityProviderBean.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ public IdentityProviderBean(RealmModel realm, KeycloakSession session, List<Iden
if (!identityProviders.isEmpty()) {
List<IdentityProvider> orderedList = new ArrayList<>();
for (IdentityProviderModel identityProvider : identityProviders) {
if (identityProvider.isEnabled() && !identityProvider.isLinkOnly()) {
if (identityProvider.isEnabled() && !identityProvider.isLinkOnly() && !(identityProvider.getConfig() != null && Boolean.parseBoolean(identityProvider.getConfig().get("hideOnLoginPage")))) {
addIdentityProvider(orderedList, realm, baseURI, identityProvider);
}
}
Expand All @@ -69,12 +69,9 @@ private void addIdentityProvider(List<IdentityProvider> orderedSet, RealmModel r
String loginUrl = Urls.identityProviderAuthnRequest(baseURI, identityProvider.getAlias(), realm.getName()).toString();
String displayName = KeycloakModelUtils.getIdentityProviderDisplayName(session, identityProvider);
Map<String, String> config = identityProvider.getConfig();
boolean hideOnLoginPage = config != null && Boolean.parseBoolean(config.get("hideOnLoginPage"));
if (!hideOnLoginPage) {
orderedSet.add(new IdentityProvider(identityProvider.getAlias(),
displayName, identityProvider.getProviderId(), loginUrl,
config != null ? config.get("guiOrder") : null, getLoginIconClasses(identityProvider), config.get(IdentityProviderModel.LOGO_URI)));
}
orderedSet.add(new IdentityProvider(identityProvider.getAlias(),
displayName, identityProvider.getProviderId(), loginUrl,
config != null ? config.get("guiOrder") : null, getLoginIconClasses(identityProvider), config.get(IdentityProviderModel.LOGO_URI)));
}

// Get icon classes defined in properties of current theme with key 'kcLogoIdP-{alias}'
Expand Down
17 changes: 15 additions & 2 deletions services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,12 @@
package org.keycloak.services.resources;

import jakarta.ws.rs.*;
import jakarta.ws.rs.core.Cookie;
import jakarta.ws.rs.core.MediaType;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.common.util.ServerCookie;
import org.keycloak.http.HttpRequest;
import org.keycloak.OAuthErrorException;
import org.keycloak.authentication.AuthenticationFlow;
Expand Down Expand Up @@ -102,6 +104,7 @@
import org.keycloak.services.util.AuthenticationFlowURLHelper;
import org.keycloak.services.util.BrowserHistoryHelper;
import org.keycloak.services.util.CacheControlUtil;
import org.keycloak.services.util.CookieHelper;
import org.keycloak.services.util.DefaultClientSessionContext;
import org.keycloak.services.util.UserSessionUtil;
import org.keycloak.services.validation.Validation;
Expand All @@ -127,7 +130,10 @@
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
Expand All @@ -146,6 +152,7 @@ public class IdentityBrokerService implements IdentityProvider.AuthenticationCal

// Authentication session note, which references identity provider that is currently linked
private static final String LINKING_IDENTITY_PROVIDER = "LINKING_IDENTITY_PROVIDER";
private static final String KEYCLOAK_REMEMBER_IDPS = "KEYCLOAK_REMEMBER_IDPS";

private static final Logger logger = Logger.getLogger(IdentityBrokerService.class);

Expand Down Expand Up @@ -634,7 +641,7 @@ public Response authenticated(BrokeredIdentityContext context) {
}
context.setToken(null);
}

StatusResponseType loginResponse = (StatusResponseType) context.getContextData().get(SAMLEndpoint.SAML_LOGIN_RESPONSE);
if (loginResponse != null) {
for(Iterator<SamlAuthenticationPreprocessor> it = SamlSessionUtils.getSamlAuthenticationPreprocessorIterator(session); it.hasNext();) {
Expand All @@ -643,7 +650,13 @@ public Response authenticated(BrokeredIdentityContext context) {
}

session.getContext().setClient(authenticationSession.getClient());

//set last login IdP to cookie (alias comma separated)
Cookie idpsCookie = session.getContext().getHttpRequest().getHttpHeaders().getCookies().get(KEYCLOAK_REMEMBER_IDPS);
List<String> idpsAlias = idpsCookie == null ? new ArrayList<>() : Arrays.asList(idpsCookie.getValue().split(","));
if (! idpsAlias.contains(providerId)) {
idpsAlias.add(providerId);
CookieHelper.addCookie(KEYCLOAK_REMEMBER_IDPS, idpsAlias.stream().collect(Collectors.joining(",")), AuthenticationManager.getRealmCookiePath(realmModel, session.getContext().getUri()), null, null, 31536000, realmModel.getSslRequired().isRequired(session.getContext().getConnection()), true, ServerCookie.SameSiteAttributeValue.NONE, session);
}
context.getIdp().preprocessFederatedIdentity(session, realmModel, context);
KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
realmModel.getIdentityProviderMappersByAliasStream(context.getIdpConfig().getAlias()).forEach(mapper -> {
Expand Down

0 comments on commit 517343e

Please sign in to comment.