Adds support for default first broker login flow on realm level

.github/workflows/ci.yaml

@@ -55,6 +55,11 @@ jobs:
           key: ${{ runner.os }}-maven-${{ matrix.env.KEYCLOAK_VERSION }}-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-maven-${{ matrix.env.KEYCLOAK_VERSION }}
 
+      - name: Adapt sources for Keycloak versions < 24.0.0
+        if: ${{ matrix.env.KEYCLOAK_VERSION < '24.0.0' }}
+        run: |
+          echo "COMPATIBILITY_PROFILE=-Ppre-keycloak24" >> $GITHUB_ENV
+
       - name: Adapt sources for Keycloak versions < 23.0.0
         if: ${{ matrix.env.KEYCLOAK_VERSION < '23.0.0' }}
         run: |
@@ -185,6 +190,11 @@ jobs:
           key: ${{ runner.os }}-${{ matrix.java }}-maven-build-pom-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-${{ matrix.java }}-maven-build-pom
 
+      - name: Adapt sources for Keycloak versions < 24.0.0
+        if: ${{ matrix.env.KEYCLOAK_VERSION < '24.0.0' }}
+        run: |
+          echo "COMPATIBILITY_PROFILE=-Ppre-keycloak24" >> $GITHUB_ENV
+
       - name: Adapt sources for Keycloak versions < 23.0.0
         if: ${{ matrix.env.KEYCLOAK_VERSION < '23.0.0' }}
         run: |
@@ -222,6 +232,10 @@ jobs:
           key: ${{ runner.os }}-maven-keycloak-legacy-${{ hashFiles('**/pom.xml') }}
           restore-keys: |
             ${{ runner.os }}-maven-keycloak-legacy
+      - name: Adapt sources for Keycloak versions < 24.0.0
+        if: ${{ matrix.env.KEYCLOAK_VERSION < '24.0.0' }}
+        run: |
+          echo "COMPATIBILITY_PROFILE=-Ppre-keycloak24" >> $GITHUB_ENV
       - name: Adapt sources for Keycloak versions < 23.0.0
         if: ${{ matrix.env.KEYCLOAK_VERSION < '23.0.0' }}
         run: |

CHANGELOG.md

@@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ## [Unreleased]
 
+### Added
+
+- Support for first broker login flows defined on realm level
+
 ### Fixed
 
 - Allow executions of same provider with different configurations in Sub-Auth-Flows

pom.xml

@@ -883,6 +883,42 @@ import org.keycloak.representations.userprofile.config.UPConfig;</token>
                 </plugins>
             </build>
         </profile>
+        <profile>
+            <id>pre-keycloak24</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>com.coderplus.maven.plugins</groupId>
+                        <artifactId>copy-rename-maven-plugin</artifactId>
+                        <version>1.0.1</version>
+                        <executions>
+                            <execution>
+                                <id>replace-used-authentication-flow-workaround-with-legacy</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>copy</goal>
+                                </goals>
+                                <configuration>
+                                    <sourceFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/factory/UsedAuthenticationFlowWorkaroundFactory.java.legacy</sourceFile>
+                                    <destinationFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/factory/UsedAuthenticationFlowWorkaroundFactory.java</destinationFile>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>replace-authentication-flow-import-service-with-legacy</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>copy</goal>
+                                </goals>
+                                <configuration>
+                                    <sourceFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/service/AuthenticationFlowsImportService.java.legacy</sourceFile>
+                                    <destinationFile>${project.basedir}/src/main/java/de/adorsys/keycloak/config/service/AuthenticationFlowsImportService.java</destinationFile>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
         <profile>
             <id>coverage</id>
             <build>

src/main/java/de/adorsys/keycloak/config/factory/UsedAuthenticationFlowWorkaroundFactory.java

@@ -75,6 +75,7 @@ public class UsedAuthenticationFlowWorkaround {
         private String dockerAuthenticationFlow;
         private String registrationFlow;
         private String resetCredentialsFlow;
+        private String firstBrokerLoginFlow;
 
         private UsedAuthenticationFlowWorkaround(RealmImport realmImport) {
             this.realmImport = realmImport;
@@ -168,6 +169,13 @@ private void disableFirstBrokerLoginFlowsIfNeeded(String topLevelFlowAlias, Real
                     }
                 }
             }
+            if (Objects.equals(existingRealm.getFirstBrokerLoginFlow(), topLevelFlowAlias)) {
+                logger.debug(
+                        "Temporary disable first-broker-login-flow for in realm '{}' which is '{}'",
+                        realmImport.getRealm(), topLevelFlowAlias
+                );
+                disableFirstBrokerLoginFlow(existingRealm);
+            }
         }
 
         private void disablePostBrokerLoginFlowsIfNeeded(String topLevelFlowAlias, RealmRepresentation existingRealm) {
@@ -241,6 +249,15 @@ private void disableResetCredentialsFlow(RealmRepresentation existingRealm) {
             realmRepository.update(existingRealm);
         }
 
+        private void disableFirstBrokerLoginFlow(RealmRepresentation existingRealm) {
+            String otherFlowAlias = searchTemporaryCreatedTopLevelFlowForReplacement();
+
+            firstBrokerLoginFlow = existingRealm.getFirstBrokerLoginFlow();
+
+            existingRealm.setFirstBrokerLoginFlow(otherFlowAlias);
+            realmRepository.update(existingRealm);
+        }
+
         private void disableFirstBrokerLoginFlow(String realmName, IdentityProviderRepresentation identityProvider) {
             String otherFlowAlias = searchTemporaryCreatedTopLevelFlowForReplacement();
 
@@ -323,7 +340,8 @@ private boolean hasToResetFlows() {
                     || Strings.isNotBlank(registrationFlow)
                     || Strings.isNotBlank(resetCredentialsFlow)
                     || !resetFirstBrokerLoginFlow.isEmpty()
-                    || !resetPostBrokerLoginFlow.isEmpty();
+                    || !resetPostBrokerLoginFlow.isEmpty()
+                    || Strings.isNotBlank(firstBrokerLoginFlow);
         }
 
         private void resetFlows(RealmRepresentation existingRealm) {
@@ -416,6 +434,14 @@ private void resetFirstBrokerLoginFlowsIfNeeded(RealmRepresentation existingReal
                 identityProviderRepresentation.setFirstBrokerLoginFlowAlias(entry.getValue());
                 identityProviderRepository.update(existingRealm.getRealm(), identityProviderRepresentation);
             }
+            if (Strings.isNotBlank(firstBrokerLoginFlow)) {
+                logger.debug(
+                        "Reset first-broker-login-flow in realm '{}' to '{}'",
+                        realmImport.getRealm(), firstBrokerLoginFlow
+                );
+
+                existingRealm.setFirstBrokerLoginFlow(firstBrokerLoginFlow);
+            }
         }
 
         private void resetPostBrokerLoginFlowsIfNeeded(RealmRepresentation existingRealm) {