adorsys · maximilian-krauss · Oct 18, 2024 · Oct 22, 2024
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -68,6 +68,11 @@ jobs:
         run: |
           echo "COMPATIBILITY_PROFILE=-Ppre-keycloak26" >> $GITHUB_ENV
 
+      - name: Adapt sources for Keycloak versions < 24.0.0
+        if: ${{ matrix.env.KEYCLOAK_VERSION < '24.0.0' }}
+        run: |
+          echo "COMPATIBILITY_PROFILE=-Ppre-keycloak24" >> $GITHUB_ENV
+
       - name: Adapt sources for Keycloak versions < 23.0.0
         if: ${{ matrix.env.KEYCLOAK_VERSION < '23.0.0' }}
         run: |
@@ -85,7 +90,9 @@ jobs:
           echo "COMPATIBILITY_PROFILE=-Ppre-keycloak19" >> $GITHUB_ENV
 
       - name: Build & Test
-        run: ./mvnw ${MAVEN_CLI_OPTS} -Dkeycloak.version=${{ matrix.env.KEYCLOAK_VERSION }} -Dkeycloak.client.version=${{ matrix.env.KEYCLOAK_CLIENT_VERSION }} ${ADJUSTED_RESTEASY_VERSION} clean verify -Pcoverage ${COMPATIBILITY_PROFILE}
+        run: |
+          echo "using COMPATIBILITY_PROFILE: ${COMPATIBILITY_PROFILE}"
+          ./mvnw ${MAVEN_CLI_OPTS} -Dkeycloak.version=${{ matrix.env.KEYCLOAK_VERSION }} -Dkeycloak.client.version=${{ matrix.env.KEYCLOAK_CLIENT_VERSION }} ${ADJUSTED_RESTEASY_VERSION} clean verify -Pcoverage ${COMPATIBILITY_PROFILE}
 
       - name: Upload coverage to Codecov
         uses: codecov/[email protected]
@@ -199,6 +206,11 @@ jobs:
           key: ${{ runner.os }}-${{ matrix.java }}-maven-build-pom-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-${{ matrix.java }}-maven-build-pom
 
+      - name: Adapt sources for Keycloak versions < 24.0.0
+        if: ${{ matrix.env.KEYCLOAK_VERSION < '24.0.0' }}
+        run: |
+          echo "COMPATIBILITY_PROFILE=-Ppre-keycloak24" >> $GITHUB_ENV
+
       - name: Adapt sources for Keycloak versions < 23.0.0
         if: ${{ matrix.env.KEYCLOAK_VERSION < '23.0.0' }}
         run: |
@@ -237,6 +249,10 @@ jobs:
           key: ${{ runner.os }}-maven-keycloak-legacy-${{ hashFiles('**/pom.xml') }}
           restore-keys: |
             ${{ runner.os }}-maven-keycloak-legacy
+      - name: Adapt sources for Keycloak versions < 24.0.0
+        if: ${{ matrix.env.KEYCLOAK_VERSION < '24.0.0' }}
+        run: |
+          echo "COMPATIBILITY_PROFILE=-Ppre-keycloak24" >> $GITHUB_ENV
       - name: Adapt sources for Keycloak versions < 23.0.0
         if: ${{ matrix.env.KEYCLOAK_VERSION < '23.0.0' }}
         run: |

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -24,6 +24,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 - Updated CI to use Keycloak 26.0.5
 
+### Added
+
+- Support for first broker login flows defined on realm level
+
 ### Fixed
 
 - Allow executions of same provider with different configurations in Sub-Auth-Flows

diff --git a/pom.xml b/pom.xml
@@ -677,6 +677,39 @@
                                     <destinationFile>${project.basedir}/src/test/java/de/adorsys/keycloak/config/service/ImportManagedNoDeleteIT.java</destinationFile>
                                 </configuration>
                             </execution>
+                            <execution>
+                                <id>replace-used-authentication-flow-workaround-with-legacy</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>copy</goal>
+                                </goals>
+                                <configuration>
+                                    <sourceFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/factory/UsedAuthenticationFlowWorkaroundFactory.java.legacy</sourceFile>
+                                    <destinationFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/factory/UsedAuthenticationFlowWorkaroundFactory.java</destinationFile>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>replace-authentication-flow-import-service-with-legacy</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>copy</goal>
+                                </goals>
+                                <configuration>
+                                    <sourceFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/service/AuthenticationFlowsImportService.java.legacy</sourceFile>
+                                    <destinationFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/service/AuthenticationFlowsImportService.java</destinationFile>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>replace-authentication-flow-import-service-test-with-legacy</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>copy</goal>
+                                </goals>
+                                <configuration>
+                                    <sourceFile>${project.basedir}/src/test/java/de/adorsys/keycloak/config/service/ImportAuthenticationFlowsIT.java.legacy</sourceFile>
+                                    <destinationFile>${project.basedir}/src/test/java/de/adorsys/keycloak/config/service/ImportAuthenticationFlowsIT.java</destinationFile>
+                                </configuration>
+                            </execution>
                         </executions>
                     </plugin>
                     <plugin>
@@ -770,6 +803,39 @@ import org.keycloak.representations.userprofile.config.UPConfig;</token>
                                     <destinationFile>${project.basedir}/src/test/java/de/adorsys/keycloak/config/test/util/SubGroupUtil.java</destinationFile>
                                 </configuration>
                             </execution>
+                            <execution>
+                                <id>replace-used-authentication-flow-workaround-with-legacy</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>copy</goal>
+                                </goals>
+                                <configuration>
+                                    <sourceFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/factory/UsedAuthenticationFlowWorkaroundFactory.java.legacy</sourceFile>
+                                    <destinationFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/factory/UsedAuthenticationFlowWorkaroundFactory.java</destinationFile>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>replace-authentication-flow-import-service-with-legacy</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>copy</goal>
+                                </goals>
+                                <configuration>
+                                    <sourceFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/service/AuthenticationFlowsImportService.java.legacy</sourceFile>
+                                    <destinationFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/service/AuthenticationFlowsImportService.java</destinationFile>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>replace-authentication-flow-import-service-test-with-legacy</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>copy</goal>
+                                </goals>
+                                <configuration>
+                                    <sourceFile>${project.basedir}/src/test/java/de/adorsys/keycloak/config/service/ImportAuthenticationFlowsIT.java.legacy</sourceFile>
+                                    <destinationFile>${project.basedir}/src/test/java/de/adorsys/keycloak/config/service/ImportAuthenticationFlowsIT.java</destinationFile>
+                                </configuration>
+                            </execution>
                             <execution>
                                 <id>replace-keycloakmock-with-legacy</id>
                                 <phase>generate-sources</phase>
@@ -910,6 +976,39 @@ import org.keycloak.representations.userprofile.config.UPConfig;</token>
                                     <destinationFile>${project.basedir}/src/test/java/de/adorsys/keycloak/config/test/util/SubGroupUtil.java</destinationFile>
                                 </configuration>
                             </execution>
+                            <execution>
+                                <id>replace-used-authentication-flow-workaround-with-legacy</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>copy</goal>
+                                </goals>
+                                <configuration>
+                                    <sourceFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/factory/UsedAuthenticationFlowWorkaroundFactory.java.legacy</sourceFile>
+                                    <destinationFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/factory/UsedAuthenticationFlowWorkaroundFactory.java</destinationFile>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>replace-authentication-flow-import-service-with-legacy</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>copy</goal>
+                                </goals>
+                                <configuration>
+                                    <sourceFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/service/AuthenticationFlowsImportService.java.legacy</sourceFile>
+                                    <destinationFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/service/AuthenticationFlowsImportService.java</destinationFile>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>replace-authentication-flow-import-service-test-with-legacy</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>copy</goal>
+                                </goals>
+                                <configuration>
+                                    <sourceFile>${project.basedir}/src/test/java/de/adorsys/keycloak/config/service/ImportAuthenticationFlowsIT.java.legacy</sourceFile>
+                                    <destinationFile>${project.basedir}/src/test/java/de/adorsys/keycloak/config/service/ImportAuthenticationFlowsIT.java</destinationFile>
+                                </configuration>
+                            </execution>
                             <execution>
                                 <id>replace-keycloakmock-with-legacy</id>
                                 <phase>generate-sources</phase>
@@ -990,6 +1089,64 @@ import org.keycloak.representations.userprofile.config.UPConfig;</token>
                 </plugins>
             </build>
         </profile>
+        <profile>
+            <id>pre-keycloak24</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>com.coderplus.maven.plugins</groupId>
+                        <artifactId>copy-rename-maven-plugin</artifactId>
+                        <version>1.0.1</version>
+                        <executions>
+                            <execution>
+                                <id>replace-used-authentication-flow-workaround-with-legacy</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>copy</goal>
+                                </goals>
+                                <configuration>
+                                    <sourceFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/factory/UsedAuthenticationFlowWorkaroundFactory.java.legacy</sourceFile>
+                                    <destinationFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/factory/UsedAuthenticationFlowWorkaroundFactory.java</destinationFile>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>replace-authentication-flow-import-service-with-legacy</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>copy</goal>
+                                </goals>
+                                <configuration>
+                                    <sourceFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/service/AuthenticationFlowsImportService.java.legacy</sourceFile>
+                                    <destinationFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/service/AuthenticationFlowsImportService.java</destinationFile>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>replace-authentication-flow-import-service-test-with-legacy</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>copy</goal>
+                                </goals>
+                                <configuration>
+                                    <sourceFile>${project.basedir}/src/test/java/de/adorsys/keycloak/config/service/ImportAuthenticationFlowsIT.java.legacy</sourceFile>
+                                    <destinationFile>${project.basedir}/src/test/java/de/adorsys/keycloak/config/service/ImportAuthenticationFlowsIT.java</destinationFile>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>replace-keycloakmock-with-legacy</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>copy</goal>
+                                </goals>
+                                <configuration>
+                                    <sourceFile>${project.basedir}/src/test/java/de/adorsys/keycloak/config/test/util/KeycloakMock.java.legacy</sourceFile>
+                                    <destinationFile>${project.basedir}/src/test/java/de/adorsys/keycloak/config/test/util/KeycloakMock.java</destinationFile>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
         <profile>
             <id>coverage</id>
             <build>

diff --git a/...main/java/de/adorsys/keycloak/config/factory/UsedAuthenticationFlowWorkaroundFactory.java b/...main/java/de/adorsys/keycloak/config/factory/UsedAuthenticationFlowWorkaroundFactory.java
@@ -82,6 +82,7 @@ public class UsedAuthenticationFlowWorkaround {
         private String dockerAuthenticationFlow;
         private String registrationFlow;
         private String resetCredentialsFlow;
+        private String firstBrokerLoginFlow;
 
         private UsedAuthenticationFlowWorkaround(RealmImport realmImport) {
             this.realmImport = realmImport;
@@ -239,6 +240,13 @@ private void disableFirstBrokerLoginFlowsIfNeeded(String topLevelFlowAlias, Real
                     }
                 }
             }
+            if (Objects.equals(existingRealm.getFirstBrokerLoginFlow(), topLevelFlowAlias)) {
+                logger.debug(
+                        "Temporary disable first-broker-login-flow for in realm '{}' which is '{}'",
+                        realmImport.getRealm(), topLevelFlowAlias
+                );
+                disableFirstBrokerLoginFlow(existingRealm);
+            }
         }
 
         private void disablePostBrokerLoginFlowsIfNeeded(String topLevelFlowAlias, RealmRepresentation existingRealm) {
@@ -312,6 +320,15 @@ private void disableResetCredentialsFlow(RealmRepresentation existingRealm) {
             realmRepository.update(existingRealm);
         }
 
+        private void disableFirstBrokerLoginFlow(RealmRepresentation existingRealm) {
+            String otherFlowAlias = searchTemporaryCreatedTopLevelFlowForReplacement();
+
+            firstBrokerLoginFlow = existingRealm.getFirstBrokerLoginFlow();
+
+            existingRealm.setFirstBrokerLoginFlow(otherFlowAlias);
+            realmRepository.update(existingRealm);
+        }
+
         private void disableFirstBrokerLoginFlow(String realmName, IdentityProviderRepresentation identityProvider) {
             String otherFlowAlias = searchTemporaryCreatedTopLevelFlowForReplacement();
 
@@ -403,7 +420,8 @@ private boolean hasToResetFlows() {
                     || Strings.isNotBlank(registrationFlow)
                     || Strings.isNotBlank(resetCredentialsFlow)
                     || !resetFirstBrokerLoginFlow.isEmpty()
-                    || !resetPostBrokerLoginFlow.isEmpty();
+                    || !resetPostBrokerLoginFlow.isEmpty()
+                    || Strings.isNotBlank(firstBrokerLoginFlow);
         }
 
         private void resetFlows(RealmRepresentation existingRealm) {
@@ -496,6 +514,14 @@ private void resetFirstBrokerLoginFlowsIfNeeded(RealmRepresentation existingReal
                 identityProviderRepresentation.setFirstBrokerLoginFlowAlias(entry.getValue());
                 identityProviderRepository.update(existingRealm.getRealm(), identityProviderRepresentation);
             }
+            if (Strings.isNotBlank(firstBrokerLoginFlow)) {
+                logger.debug(
+                        "Reset first-broker-login-flow in realm '{}' to '{}'",
+                        realmImport.getRealm(), firstBrokerLoginFlow
+                );
+
+                existingRealm.setFirstBrokerLoginFlow(firstBrokerLoginFlow);
+            }
         }
 
         private void resetPostBrokerLoginFlowsIfNeeded(RealmRepresentation existingRealm) {