Merge branch 'main' into java_21

sventorben · Dec 4, 2024 · d3f5578 · d3f5578
2 parents bb89b63 + a440ee8
commit d3f5578
Show file tree

Hide file tree

Showing 33 changed files with 476 additions and 71 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug.yml b/.github/ISSUE_TEMPLATE/bug.yml
@@ -38,8 +38,8 @@ body:
     label: Version
     description: |
       examples:
-        - **Keycloak**: 25.0.0
-        - **This extension**: 25.0.0
+        - **Keycloak**: 26.0.7
+        - **This extension**: 26.0.0
     value: |
         - Keycloak:
         - This extension:

diff --git a/.github/workflows/buildAndTest.yml b/.github/workflows/buildAndTest.yml
@@ -29,7 +29,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        keycloak_version: [ 25.0.0, latest ]
+        keycloak_version: [ 26.0.0, 26.0.1, 26.0.2, 26.0.4, 26.0.5, 26.0.6, 26.0.7, latest ]
         experimental: [false]
         include:
             - keycloak_version: nightly

diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml
@@ -9,8 +9,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        keycloak_version: [ 21.0.2, 21.1.2, 22.0.5, 23.0.7, 24.0.5, 25.0.0, latest, nightly ]
-        extension_version: [ 21.3.0, 22.0.0, 22.1.0, 23.0.0, 24.0.0, 24.1.0, 25.0.0 ]
+        keycloak_version: [ 21.0.2, 21.1.2, 22.0.5, 23.0.7, 24.0.5, 25.0.6, 26.0.0, 26.0.1, 26.0.2, 26.0.4, 26.0.5, 26.0.6, 26.0.7, latest, nightly ]
+        extension_version: [ 21.3.0, 22.0.0, 22.1.0, 23.0.0, 24.0.0, 24.1.0, 25.0.1, 26.0.0 ]
     name: KC ${{ matrix.keycloak_version }}, Extension ${{ matrix.extension_version }}
     steps:
       - uses: actions/checkout@v4

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -48,7 +48,7 @@ jobs:
         GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
     - name: Create Pull Request
       id: create-pr
-      uses: peter-evans/create-pull-request@v6
+      uses: peter-evans/create-pull-request@v7
       with:
         commit-message: "chore(release): Prepare next version"
         delete-branch: "true"

diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
 This is a simple Keycloak authenticator to redirect users to their home identity provider during login.
 
 ![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/sventorben/keycloak-home-idp-discovery?sort=semver)
-![Keycloak Dependency Version](https://img.shields.io/badge/Keycloak-25.0.0-blue)
+![Keycloak Dependency Version](https://img.shields.io/badge/Keycloak-26.0.7-blue)
 ![GitHub Release Date](https://img.shields.io/github/release-date-pre/sventorben/keycloak-home-idp-discovery)
 ![Github Last Commit](https://img.shields.io/github/last-commit/sventorben/keycloak-home-idp-discovery)
 

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -3,14 +3,14 @@ services:
   keycloak:
     container_name: keycloak
     hostname: keycloak
-    image: quay.io/keycloak/keycloak:25.0.0
+    image: quay.io/keycloak/keycloak:26.0.7
 
     environment:
-      KEYCLOAK_ADMIN: admin
-      KEYCLOAK_ADMIN_PASSWORD: admin
+      KC_BOOTSTRAP_ADMIN_USERNAME: admin
+      KC_BOOTSTRAP_ADMIN_PASSWORD: admin
       DEBUG_PORT: '*:8787'
       DEBUG: 'true'
-    command: ['start-dev', '--debug', '--import-realm']
+    command: ['start-dev', '--debug', '--import-realm', '--features=organization']
     ports:
       - 8080:8080
       - 8443:8443

diff --git a/docs/index.md b/docs/index.md
@@ -9,7 +9,7 @@ nav_order: 1
 This is a simple Keycloak authenticator to redirect users to their home identity provider during login.
 
 ![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/sventorben/keycloak-home-idp-discovery?sort=semver)
-![Keycloak Dependency Version](https://img.shields.io/badge/Keycloak-25.0.0-blue)
+![Keycloak Dependency Version](https://img.shields.io/badge/Keycloak-26.0.2-blue)
 ![GitHub Release Date](https://img.shields.io/github/release-date-pre/sventorben/keycloak-home-idp-discovery)
 ![Github Last Commit](https://img.shields.io/github/last-commit/sventorben/keycloak-home-idp-discovery)
 

diff --git a/pom.xml b/pom.xml
@@ -4,7 +4,7 @@
 
     <groupId>de.sventorben.keycloak</groupId>
     <artifactId>keycloak-home-idp-discovery</artifactId>
-    <version>25.0.0-SNAPSHOT</version>
+    <version>26.0.1-SNAPSHOT</version>
 
     <name>Keycloak: Home IdP Discovery</name>
     <description>A Keycloak authenticator to redirect users to their home IdP</description>
@@ -51,14 +51,14 @@
         <maven.compiler.release>21</maven.compiler.release>
 
         <!-- For compilation -->
-        <version.keycloak>25.0.0</version.keycloak>
+        <version.keycloak>26.0.7</version.keycloak>
 
         <!-- For compatibility tests -->
         <keycloak.version>${version.keycloak}</keycloak.version>
 
-        <version.mockito>5.12.0</version.mockito>
-        <version.testcontainers>1.19.8</version.testcontainers>
-        <version.selenium>4.21.0</version.selenium>
+        <version.mockito>5.14.2</version.mockito>
+        <version.testcontainers>1.20.4</version.testcontainers>
+        <version.selenium>4.27.0</version.selenium>
     </properties>
 
     <build>
@@ -79,7 +79,7 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-surefire-plugin</artifactId>
-                    <version>3.2.5</version>
+                    <version>3.5.2</version>
                     <configuration>
                         <systemPropertyVariables>
                             <org.jboss.logging.provider>log4j2</org.jboss.logging.provider>
@@ -92,18 +92,19 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-failsafe-plugin</artifactId>
-                    <version>3.2.5</version>
+                    <version>3.5.2</version>
                     <configuration>
                         <systemPropertyVariables>
                             <org.jboss.logging.provider>log4j2</org.jboss.logging.provider>
+                            <webdriver.remote.enableTracing>false</webdriver.remote.enableTracing>
                             <keycloak.version>${keycloak.version}</keycloak.version>
                         </systemPropertyVariables>
                     </configuration>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-release-plugin</artifactId>
-                    <version>3.0.1</version>
+                    <version>3.1.1</version>
                     <configuration>
                         <scmCommentPrefix>chore(release):</scmCommentPrefix>
                         <tagNameFormat>v@{project.version}</tagNameFormat>
@@ -121,7 +122,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
-                <version>3.4.1</version>
+                <version>3.4.2</version>
                 <configuration>
                     <archive>
                         <manifestFile>src${file.separator}main${file.separator}resources${file.separator}META-INF${file.separator}MANIFEST.MF</manifestFile>
@@ -148,7 +149,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-deploy-plugin</artifactId>
-                <version>3.1.2</version>
+                <version>3.1.3</version>
             </plugin>
         </plugins>
     </build>
@@ -160,7 +161,15 @@
             <dependency>
                 <groupId>org.junit</groupId>
                 <artifactId>junit-bom</artifactId>
-                <version>5.10.2</version>
+                <version>5.11.3</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+
+            <dependency>
+                <groupId>io.opentelemetry</groupId>
+                <artifactId>opentelemetry-bom</artifactId>
+                <version>1.44.1</version><!-- needs to be aligne with the quarkus version used by KC -->
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -221,7 +230,7 @@
         <dependency>
             <groupId>org.assertj</groupId>
             <artifactId>assertj-core</artifactId>
-            <version>3.26.0</version>
+            <version>3.26.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -252,27 +261,27 @@
         <dependency>
             <groupId>com.github.dasniko</groupId>
             <artifactId>testcontainers-keycloak</artifactId>
-            <version>3.3.1</version>
+            <version>3.5.1</version>
             <scope>test</scope>
         </dependency>
 
         <dependency>
             <groupId>org.keycloak</groupId>
             <artifactId>keycloak-admin-client</artifactId>
-            <version>${version.keycloak}</version>
+            <version>26.0.3</version>
             <scope>test</scope>
         </dependency>
         <!-- Logging -->
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-core</artifactId>
-            <version>2.23.1</version>
+            <version>2.24.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
             <artifactId>log4j-slf4j2-impl</artifactId>
-            <version>2.23.1</version>
+            <version>2.24.2</version>
             <scope>test</scope>
         </dependency>
     </dependencies>

diff --git a/...ventorben/keycloak/authentication/hidpd/AbstractHomeIdpDiscoveryAuthenticatorFactory.java b/...ventorben/keycloak/authentication/hidpd/AbstractHomeIdpDiscoveryAuthenticatorFactory.java
@@ -90,11 +90,7 @@ public final void close() {
 
     @Override
     public final Map<String, String> getOperationalInfo() {
-        String version = getClass().getPackage().getImplementationVersion();
-        if (version == null) {
-            version = "dev-snapshot";
-        }
-        return Map.of("Version", version);
+        return OperationalInfo.get();
     }
 
     /**

diff --git a/src/main/java/de/sventorben/keycloak/authentication/hidpd/HomeIdpDiscoveryAuthenticator.java b/src/main/java/de/sventorben/keycloak/authentication/hidpd/HomeIdpDiscoveryAuthenticator.java
@@ -93,6 +93,7 @@ public void action(AuthenticationFlowContext authenticationFlowContext) {
         final List<IdentityProviderModel> homeIdps = context.discoverer(discovererConfig).discoverForUser(authenticationFlowContext, username);
         if (homeIdps.isEmpty()) {
             authenticationFlowContext.attempted();
+            context.loginHint().setInAuthSession(username);
         } else {
             RememberMe rememberMe = context.rememberMe();
             rememberMe.handleAction(formData);

diff --git a/src/main/java/de/sventorben/keycloak/authentication/hidpd/LoginForm.java b/src/main/java/de/sventorben/keycloak/authentication/hidpd/LoginForm.java
@@ -9,6 +9,7 @@
 
 import java.net.URI;
 import java.util.List;
+import java.util.Set;
 import java.util.stream.Collectors;
 
 final class LoginForm {
@@ -44,10 +45,21 @@ private LoginFormsProvider createForm(MultivaluedMap<String, String> formData) {
     Response create(List<IdentityProviderModel> idps) {
         URI baseUriWithCodeAndClientId = loginFormsProvider.getBaseUriWithCodeAndClientId();
         LoginFormsProvider forms = context.form();
-        forms.setAttribute("hidpd", new IdentityProviderBean(context.getRealm(),
+        forms.setAttribute("hidpd", new IdentityProviderBean(
             context.getSession(),
-            idps.stream().map(AlwaysSelectableIdentityProviderModel::new).collect(Collectors.toList()),
-            baseUriWithCodeAndClientId));
+            context.getRealm(),
+            baseUriWithCodeAndClientId,
+            context
+            ) {
+                @Override
+                public List<IdentityProvider> getProviders() {
+                    return idps.stream()
+                        .map(AlwaysSelectableIdentityProviderModel::new)
+                        .map(idp -> createIdentityProvider(this.realm, this.baseURI, idp))
+                        .toList();
+                }
+            }
+        );
         return forms.createForm("hidpd-select-idp.ftl");
     }
 }
diff --git a/src/main/java/de/sventorben/keycloak/authentication/hidpd/LoginHint.java b/src/main/java/de/sventorben/keycloak/authentication/hidpd/LoginHint.java
@@ -26,9 +26,6 @@ final class LoginHint {
     }
 
     void setInAuthSession(IdentityProviderModel homeIdp, String username) {
-        if (homeIdp == null) {
-            return;
-        }
         String loginHint = username;
         UserModel user = users.lookupBy(username);
         if (user != null) {
@@ -37,7 +34,8 @@ void setInAuthSession(IdentityProviderModel homeIdp, String username) {
                 .collect(
                     Collectors.toMap(FederatedIdentityModel::getIdentityProvider,
                         FederatedIdentityModel::getUserName));
-            loginHint = idpToUsername.getOrDefault(homeIdp.getAlias(), username);
+            String alias = homeIdp == null ? "" : homeIdp.getAlias();
+            loginHint = idpToUsername.getOrDefault(alias, username);
         }
         setInAuthSession(loginHint);
     }

diff --git a/src/main/java/de/sventorben/keycloak/authentication/hidpd/OperationalInfo.java b/src/main/java/de/sventorben/keycloak/authentication/hidpd/OperationalInfo.java
@@ -0,0 +1,15 @@
+package de.sventorben.keycloak.authentication.hidpd;
+
+import java.util.Map;
+
+public final class OperationalInfo {
+
+    public static Map<String, String> get() {
+        String version = OperationalInfo.class.getPackage().getImplementationVersion();
+        if (version == null) {
+            version = "dev-snapshot";
+        }
+        return Map.of("Version", version);
+    }
+
+}
diff --git a/...ain/java/de/sventorben/keycloak/authentication/hidpd/discovery/email/DomainExtractor.java b/...ain/java/de/sventorben/keycloak/authentication/hidpd/discovery/email/DomainExtractor.java
@@ -8,7 +8,6 @@
 final class DomainExtractor {
 
     private static final Logger LOG = Logger.getLogger(DomainExtractor.class);
-    private static final String EMAIL_ATTRIBUTE = "email";
 
     private final EmailHomeIdpDiscovererConfig config;
 
@@ -26,11 +25,6 @@ Optional<Domain> extractFrom(UserModel user) {
             LOG.warnf("Could not find user attribute '%s' for user '%s'", config.userAttribute(), user.getId());
             return Optional.empty();
         }
-        if (EMAIL_ATTRIBUTE.equalsIgnoreCase(config.userAttribute()) && !user.isEmailVerified()
-            && !config.forwardUserWithUnverifiedEmail()) {
-            LOG.warnf("Email address of user '%s' is not verified and forwarding not enabled", user.getId());
-            return Optional.empty();
-        }
         return extractFrom(userAttribute);
     }
 

diff --git a/...a/de/sventorben/keycloak/authentication/hidpd/discovery/email/EmailHomeIdpDiscoverer.java b/...a/de/sventorben/keycloak/authentication/hidpd/discovery/email/EmailHomeIdpDiscoverer.java
@@ -18,6 +18,7 @@
 public final class EmailHomeIdpDiscoverer implements HomeIdpDiscoverer {
 
     private static final Logger LOG = Logger.getLogger(EmailHomeIdpDiscoverer.class);
+    private static final String EMAIL_ATTRIBUTE = "email";
     private final Users users;
     private final IdentityProviders identityProviders;
 
@@ -29,7 +30,6 @@ public EmailHomeIdpDiscoverer(Users users, IdentityProviders identityProviders)
 
     @Override
     public List<IdentityProviderModel> discoverForUser(AuthenticationFlowContext context, String username) {
-
         EmailHomeIdpDiscovererConfig config = new EmailHomeIdpDiscovererConfig(context.getAuthenticatorConfig());
         DomainExtractor domainExtractor = new DomainExtractor(config);
 
@@ -48,7 +48,13 @@ public List<IdentityProviderModel> discoverForUser(AuthenticationFlowContext con
         } else {
             LOG.tracef("User found in AuthenticationFlowContext. Extracting domain from stored user '%s'.",
                 user.getId());
-            emailDomain = domainExtractor.extractFrom(user);
+            if (EMAIL_ATTRIBUTE.equalsIgnoreCase(config.userAttribute()) && !user.isEmailVerified()
+                && !config.forwardUserWithUnverifiedEmail()) {
+                LOG.warnf("Email address of user '%s' is not verified and forwarding not enabled", user.getId());
+                emailDomain = Optional.empty();
+            } else {
+                emailDomain = domainExtractor.extractFrom(user);
+            }
         }
 
         if (emailDomain.isPresent()) {
@@ -84,7 +90,7 @@ private List<IdentityProviderModel> discoverHomeIdps(AuthenticationFlowContext c
                     Collectors.toMap(FederatedIdentityModel::getIdentityProvider, FederatedIdentityModel::getUserName));
         }
 
-        List<IdentityProviderModel> candidateIdps = identityProviders.candidatesForHomeIdp(context);
+        List<IdentityProviderModel> candidateIdps = identityProviders.candidatesForHomeIdp(context, user);
         if (candidateIdps == null) {
             candidateIdps = emptyList();
         }

diff --git a/...entorben/keycloak/authentication/hidpd/discovery/email/EmailHomeIdpDiscovererFactory.java b/...entorben/keycloak/authentication/hidpd/discovery/email/EmailHomeIdpDiscovererFactory.java
@@ -1,13 +1,17 @@
 package de.sventorben.keycloak.authentication.hidpd.discovery.email;
 
+import de.sventorben.keycloak.authentication.hidpd.OperationalInfo;
 import de.sventorben.keycloak.authentication.hidpd.Users;
 import de.sventorben.keycloak.authentication.hidpd.discovery.spi.HomeIdpDiscoverer;
 import de.sventorben.keycloak.authentication.hidpd.discovery.spi.HomeIdpDiscovererFactory;
 import org.keycloak.Config;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.provider.ServerInfoAwareProviderFactory;
 
-public final class EmailHomeIdpDiscovererFactory implements HomeIdpDiscovererFactory {
+import java.util.Map;
+
+public final class EmailHomeIdpDiscovererFactory implements HomeIdpDiscovererFactory, ServerInfoAwareProviderFactory {
 
     static final String PROVIDER_ID = "email";
 
@@ -35,4 +39,9 @@ public void close() {
     public String getId() {
         return PROVIDER_ID;
     }
+
+    @Override
+    public Map<String, String> getOperationalInfo() {
+        return OperationalInfo.get();
+    }
 }