add conditional attribute

Author: instipod

src/main/java/com/instipod/keycloakauthenticators/ConditionalAttributeAuthenticator.java

@@ -0,0 +1,68 @@
+package com.instipod.keycloakauthenticators;
+
+import com.instipod.keycloakauthenticators.utils.AuthenticatorUtils;
+import org.jboss.logging.Logger;
+import org.keycloak.authentication.AuthenticationFlowContext;
+import org.keycloak.models.AuthenticatorConfigModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
+
+import java.util.List;
+
+public class ConditionalAttributeAuthenticator implements org.keycloak.authentication.authenticators.conditional.ConditionalAuthenticator {
+    public static final ConditionalAttributeAuthenticator SINGLETON = new ConditionalAttributeAuthenticator();
+    private static Logger logger = Logger.getLogger(ConditionalAttributeAuthenticator.class);
+
+    @Override
+    public boolean matchCondition(AuthenticationFlowContext context) {
+        AuthenticatorConfigModel authConfig = context.getAuthenticatorConfig();
+
+        if (authConfig!=null && authConfig.getConfig()!=null) {
+            //evaluate
+            boolean not = AuthenticatorUtils.getConfigBoolean(context, ConditionalAttributeAuthenticatorFactory.CONDITIONAL_NOT);
+            String attributeName = authConfig.getConfig().get(ConditionalAttributeAuthenticatorFactory.CONDITIONAL_ATTRIBUTE_NAME);
+            String attributeValue = authConfig.getConfig().get(ConditionalAttributeAuthenticatorFactory.CONDITIONAL_ATTRIBUTE_VALUE);
+            attributeName = AuthenticatorUtils.variableReplace(context, attributeName);
+            attributeValue = AuthenticatorUtils.variableReplace(context, attributeValue);
+
+            List<String> values = context.getUser().getAttribute(attributeName);
+            boolean hasAttribute = values.contains(attributeValue);
+
+            boolean check;
+            if (not) {
+                //does not have attribute
+                check = !(hasAttribute);
+            } else {
+                //has attribute
+                check = hasAttribute;
+            }
+
+            return check;
+        } else {
+            logger.error("No config data found for this authenticator!");
+        }
+
+        return false;
+    }
+
+    @Override
+    public void action(AuthenticationFlowContext context) {
+        // Not used
+    }
+
+    @Override
+    public boolean requiresUser() {
+        return true;
+    }
+
+    @Override
+    public void setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user) {
+        // Not used
+    }
+
+    @Override
+    public void close() {
+        // Does nothing
+    }
+}

src/main/java/com/instipod/keycloakauthenticators/ConditionalAttributeAuthenticatorFactory.java

@@ -0,0 +1,93 @@
+package com.instipod.keycloakauthenticators;
+
+import org.keycloak.Config.Scope;
+import org.keycloak.authentication.authenticators.conditional.ConditionalAuthenticator;
+import org.keycloak.models.AuthenticationExecutionModel.Requirement;
+import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.provider.ProviderConfigProperty;
+import org.keycloak.provider.ProviderConfigurationBuilder;
+
+import java.util.Collections;
+import java.util.List;
+
+public class ConditionalAttributeAuthenticatorFactory implements org.keycloak.authentication.authenticators.conditional.ConditionalAuthenticatorFactory {
+    public static final String PROVIDER_ID = "conditional-attribute";
+    protected static final String CONDITIONAL_ATTRIBUTE_NAME = "condAttributeName";
+    protected static final String CONDITIONAL_ATTRIBUTE_VALUE = "condAttributeValue";
+    protected static final String CONDITIONAL_NOT = "condNot";
+
+    private static List<ProviderConfigProperty> commonConfig;
+
+    static {
+        commonConfig = Collections.unmodifiableList(ProviderConfigurationBuilder.create()
+                .property().name(CONDITIONAL_ATTRIBUTE_NAME).label("User Attribute Name").helpText("Attribute name to check (supports variables)").type(ProviderConfigProperty.STRING_TYPE).add()
+                .property().name(CONDITIONAL_ATTRIBUTE_VALUE).label("User Attribute Value").helpText("Attribute value (supports variables)").type(ProviderConfigProperty.STRING_TYPE).add()
+                .property().name(CONDITIONAL_NOT).label("Not").helpText("If we should match on NOT having this attribute").type(ProviderConfigProperty.BOOLEAN_TYPE).add()
+                .build()
+        );
+    }
+
+    @Override
+    public void init(Scope config) {
+        // no-op
+    }
+
+    @Override
+    public void postInit(KeycloakSessionFactory factory) {
+        // no-op
+    }
+
+    @Override
+    public void close() {
+        // no-op
+    }
+
+    @Override
+    public String getId() {
+        return PROVIDER_ID;
+    }
+
+    @Override
+    public String getDisplayType() {
+        return "Condition - Attribute";
+    }
+
+    @Override
+    public String getReferenceCategory() {
+        return "condition";
+    }
+
+    @Override
+    public boolean isConfigurable() {
+        return true;
+    }
+
+    private static final Requirement[] REQUIREMENT_CHOICES = {
+            Requirement.REQUIRED, Requirement.DISABLED
+    };
+
+    @Override
+    public Requirement[] getRequirementChoices() {
+        return REQUIREMENT_CHOICES;
+    }
+
+    @Override
+    public boolean isUserSetupAllowed() {
+        return false;
+    }
+
+    @Override
+    public String getHelpText() {
+        return "Flow is executed only if user has specified attribute.";
+    }
+
+    @Override
+    public List<ProviderConfigProperty> getConfigProperties() {
+        return commonConfig;
+    }
+
+    @Override
+    public ConditionalAuthenticator getSingleton() {
+        return ConditionalAttributeAuthenticator.SINGLETON;
+    }
+}

src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory

@@ -10,4 +10,5 @@ com.instipod.keycloakauthenticators.ConditionalRoleEnhancedAuthenticatorFactory
 com.instipod.keycloakauthenticators.ConditionalClientRoleAuthenticatorFactory
 com.instipod.keycloakauthenticators.SuccessAuthenticatorFactory
 com.instipod.keycloakauthenticators.SplashMessageAuthenticatorFactory
-com.instipod.keycloakauthenticators.MagicLinkFormAuthenticatorFactory
+com.instipod.keycloakauthenticators.MagicLinkFormAuthenticatorFactory
+com.instipod.keycloakauthenticators.ConditionalAttributeAuthenticatorFactory