public class KerberosFederationProvider extends Object implements UserFederationProvider
UserFederationProvider.EditMode
Modifier and Type | Field and Description |
---|---|
protected KerberosFederationProviderFactory |
factory |
static String |
KERBEROS_PRINCIPAL |
protected KerberosConfig |
kerberosConfig |
protected UserFederationProviderModel |
model |
protected KeycloakSession |
session |
EMAIL, FIRST_NAME, LAST_NAME, USERNAME
Constructor and Description |
---|
KerberosFederationProvider(KeycloakSession session,
UserFederationProviderModel model,
KerberosFederationProviderFactory factory) |
Modifier and Type | Method and Description |
---|---|
void |
close()
This method is called at the end of requests.
|
protected UserModel |
findOrCreateAuthenticatedUser(RealmModel realm,
String username)
Called after successful authentication
|
List<UserModel> |
getGroupMembers(RealmModel realm,
GroupModel group,
int firstResult,
int maxResults)
Return group members from federation storage.
|
Set<String> |
getSupportedCredentialTypes()
What UserCredentialModel types should be handled by this provider? This is called in scenarios when we don't know user,
who is going to authenticate (For example Kerberos authentication).
|
Set<String> |
getSupportedCredentialTypes(UserModel local)
What UserCredentialModel types should be handled by this provider for this user? Keycloak will only call
validCredentials() with the credential types specified in this method.
|
UserModel |
getUserByEmail(RealmModel realm,
String email)
Keycloak will search for user in local storage first.
|
UserModel |
getUserByUsername(RealmModel realm,
String username)
Keycloak will search for user in local storage first.
|
protected UserModel |
importUserToKeycloak(RealmModel realm,
String username) |
boolean |
isValid(RealmModel realm,
UserModel local)
Is the Keycloak UserModel still valid and/or existing in federated storage? Keycloak may call this method
in various user operations.
|
void |
preRemove(RealmModel realm)
called whenever a Realm is removed
|
void |
preRemove(RealmModel realm,
GroupModel group)
called before a role is removed.
|
void |
preRemove(RealmModel realm,
RoleModel role)
called before a role is removed.
|
UserModel |
register(RealmModel realm,
UserModel user)
Called if this federation provider has priority and supports synchronized registrations.
|
boolean |
removeUser(RealmModel realm,
UserModel user) |
List<UserModel> |
searchByAttributes(Map<String,String> attributes,
RealmModel realm,
int maxResults)
Keycloak does not search in local storage first before calling this method.
|
boolean |
synchronizeRegistrations()
Should user registrations be synchronized with this provider?
FYI, only one provider will be chosen (by priority) to have this synchronization
|
UserModel |
validateAndProxy(RealmModel realm,
UserModel local)
Gives the provider an option to validate if user still exists in federation backend and then proxy UserModel loaded from local storage.
|
CredentialValidationOutput |
validCredentials(RealmModel realm,
UserCredentialModel credential)
Validate credentials of unknown user.
|
boolean |
validCredentials(RealmModel realm,
UserModel user,
List<UserCredentialModel> input)
Validate credentials for this user.
|
boolean |
validCredentials(RealmModel realm,
UserModel user,
UserCredentialModel... input) |
protected boolean |
validPassword(String username,
String password) |
public static final String KERBEROS_PRINCIPAL
protected KeycloakSession session
protected UserFederationProviderModel model
protected KerberosConfig kerberosConfig
protected KerberosFederationProviderFactory factory
public KerberosFederationProvider(KeycloakSession session, UserFederationProviderModel model, KerberosFederationProviderFactory factory)
public UserModel validateAndProxy(RealmModel realm, UserModel local)
UserFederationProvider
validateAndProxy
in interface UserFederationProvider
public boolean synchronizeRegistrations()
UserFederationProvider
synchronizeRegistrations
in interface UserFederationProvider
public UserModel register(RealmModel realm, UserModel user)
UserFederationProvider
register
in interface UserFederationProvider
public boolean removeUser(RealmModel realm, UserModel user)
removeUser
in interface UserFederationProvider
public UserModel getUserByUsername(RealmModel realm, String username)
UserFederationProvider
getUserByUsername
in interface UserFederationProvider
public UserModel getUserByEmail(RealmModel realm, String email)
UserFederationProvider
getUserByEmail
in interface UserFederationProvider
public List<UserModel> searchByAttributes(Map<String,String> attributes, RealmModel realm, int maxResults)
UserFederationProvider
searchByAttributes
in interface UserFederationProvider
public List<UserModel> getGroupMembers(RealmModel realm, GroupModel group, int firstResult, int maxResults)
UserFederationProvider
getGroupMembers
in interface UserFederationProvider
public void preRemove(RealmModel realm)
UserFederationProvider
preRemove
in interface UserFederationProvider
public void preRemove(RealmModel realm, RoleModel role)
UserFederationProvider
preRemove
in interface UserFederationProvider
public void preRemove(RealmModel realm, GroupModel group)
UserFederationProvider
preRemove
in interface UserFederationProvider
public boolean isValid(RealmModel realm, UserModel local)
UserFederationProvider
isValid
in interface UserFederationProvider
public Set<String> getSupportedCredentialTypes(UserModel local)
UserFederationProvider
getSupportedCredentialTypes
in interface UserFederationProvider
public Set<String> getSupportedCredentialTypes()
UserFederationProvider
getSupportedCredentialTypes
in interface UserFederationProvider
public boolean validCredentials(RealmModel realm, UserModel user, List<UserCredentialModel> input)
UserFederationProvider
validCredentials
in interface UserFederationProvider
public boolean validCredentials(RealmModel realm, UserModel user, UserCredentialModel... input)
validCredentials
in interface UserFederationProvider
public CredentialValidationOutput validCredentials(RealmModel realm, UserCredentialModel credential)
UserFederationProvider
validCredentials
in interface UserFederationProvider
public void close()
UserFederationProvider
close
in interface UserFederationProvider
close
in interface Provider
protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username)
realm
- realmusername
- username without realm prefixprotected UserModel importUserToKeycloak(RealmModel realm, String username)
Copyright © 2016 JBoss by Red Hat. All rights reserved.