public class LDAPFederationProvider extends Object implements UserFederationProvider
UserFederationProvider.EditMode
Modifier and Type | Field and Description |
---|---|
protected UserFederationProvider.EditMode |
editMode |
protected LDAPFederationProviderFactory |
factory |
protected LDAPProviderKerberosConfig |
kerberosConfig |
protected LDAPIdentityStore |
ldapIdentityStore |
protected UserFederationProviderModel |
model |
protected KeycloakSession |
session |
protected Set<String> |
supportedCredentialTypes |
EMAIL, FIRST_NAME, LAST_NAME, USERNAME
Constructor and Description |
---|
LDAPFederationProvider(LDAPFederationProviderFactory factory,
KeycloakSession session,
UserFederationProviderModel model,
LDAPIdentityStore ldapIdentityStore) |
Modifier and Type | Method and Description |
---|---|
void |
close()
This method is called at the end of requests.
|
protected UserModel |
findOrCreateAuthenticatedUser(RealmModel realm,
String username)
Called after successful kerberos authentication
|
UserFederationProvider.EditMode |
getEditMode() |
List<UserModel> |
getGroupMembers(RealmModel realm,
GroupModel group,
int firstResult,
int maxResults)
Return group members from federation storage.
|
LDAPIdentityStore |
getLdapIdentityStore() |
LDAPFederationMapper |
getMapper(UserFederationMapperModel mapperModel) |
UserFederationProviderModel |
getModel() |
KeycloakSession |
getSession() |
Set<String> |
getSupportedCredentialTypes()
What UserCredentialModel types should be handled by this provider? This is called in scenarios when we don't know user,
who is going to authenticate (For example Kerberos authentication).
|
Set<String> |
getSupportedCredentialTypes(UserModel local)
What UserCredentialModel types should be handled by this provider for this user? Keycloak will only call
validCredentials() with the credential types specified in this method.
|
UserModel |
getUserByEmail(RealmModel realm,
String email)
Keycloak will search for user in local storage first.
|
UserModel |
getUserByUsername(RealmModel realm,
String username)
Keycloak will search for user in local storage first.
|
protected UserModel |
importUserFromLDAP(KeycloakSession session,
RealmModel realm,
LDAPObject ldapUser) |
boolean |
isValid(RealmModel realm,
UserModel local)
Is the Keycloak UserModel still valid and/or existing in federated storage? Keycloak may call this method
in various user operations.
|
protected LDAPObject |
loadAndValidateUser(RealmModel realm,
UserModel local) |
LDAPObject |
loadLDAPUserByUsername(RealmModel realm,
String username) |
List<UserModel> |
loadUsersByUsernames(List<String> usernames,
RealmModel realm) |
void |
preRemove(RealmModel realm)
called whenever a Realm is removed
|
void |
preRemove(RealmModel realm,
GroupModel group)
called before a role is removed.
|
void |
preRemove(RealmModel realm,
RoleModel role)
called before a role is removed.
|
protected UserModel |
proxy(RealmModel realm,
UserModel local,
LDAPObject ldapObject) |
protected LDAPObject |
queryByEmail(RealmModel realm,
String email) |
UserModel |
register(RealmModel realm,
UserModel user)
Called if this federation provider has priority and supports synchronized registrations.
|
boolean |
removeUser(RealmModel realm,
UserModel user) |
List<UserModel> |
searchByAttributes(Map<String,String> attributes,
RealmModel realm,
int maxResults)
Keycloak does not search in local storage first before calling this method.
|
protected List<LDAPObject> |
searchLDAP(RealmModel realm,
Map<String,String> attributes,
int maxResults) |
List<UserFederationMapperModel> |
sortMappersAsc(Collection<UserFederationMapperModel> mappers) |
protected List<UserFederationMapperModel> |
sortMappersDesc(Collection<UserFederationMapperModel> mappers) |
boolean |
synchronizeRegistrations()
Should user registrations be synchronized with this provider?
FYI, only one provider will be chosen (by priority) to have this synchronization
|
UserModel |
validateAndProxy(RealmModel realm,
UserModel local)
Gives the provider an option to validate if user still exists in federation backend and then proxy UserModel loaded from local storage.
|
CredentialValidationOutput |
validCredentials(RealmModel realm,
UserCredentialModel credential)
Validate credentials of unknown user.
|
boolean |
validCredentials(RealmModel realm,
UserModel user,
List<UserCredentialModel> input)
Validate credentials for this user.
|
boolean |
validCredentials(RealmModel realm,
UserModel user,
UserCredentialModel... input) |
boolean |
validPassword(RealmModel realm,
UserModel user,
String password) |
protected LDAPFederationProviderFactory factory
protected KeycloakSession session
protected UserFederationProviderModel model
protected LDAPIdentityStore ldapIdentityStore
protected UserFederationProvider.EditMode editMode
protected LDAPProviderKerberosConfig kerberosConfig
public LDAPFederationProvider(LDAPFederationProviderFactory factory, KeycloakSession session, UserFederationProviderModel model, LDAPIdentityStore ldapIdentityStore)
public KeycloakSession getSession()
public UserFederationProviderModel getModel()
public LDAPIdentityStore getLdapIdentityStore()
public UserFederationProvider.EditMode getEditMode()
public UserModel validateAndProxy(RealmModel realm, UserModel local)
UserFederationProvider
validateAndProxy
in interface UserFederationProvider
protected UserModel proxy(RealmModel realm, UserModel local, LDAPObject ldapObject)
public Set<String> getSupportedCredentialTypes(UserModel local)
UserFederationProvider
getSupportedCredentialTypes
in interface UserFederationProvider
public Set<String> getSupportedCredentialTypes()
UserFederationProvider
getSupportedCredentialTypes
in interface UserFederationProvider
public boolean synchronizeRegistrations()
UserFederationProvider
synchronizeRegistrations
in interface UserFederationProvider
public UserModel register(RealmModel realm, UserModel user)
UserFederationProvider
register
in interface UserFederationProvider
public boolean removeUser(RealmModel realm, UserModel user)
removeUser
in interface UserFederationProvider
public List<UserModel> searchByAttributes(Map<String,String> attributes, RealmModel realm, int maxResults)
UserFederationProvider
searchByAttributes
in interface UserFederationProvider
public List<UserModel> getGroupMembers(RealmModel realm, GroupModel group, int firstResult, int maxResults)
UserFederationProvider
getGroupMembers
in interface UserFederationProvider
public List<UserModel> loadUsersByUsernames(List<String> usernames, RealmModel realm)
protected List<LDAPObject> searchLDAP(RealmModel realm, Map<String,String> attributes, int maxResults)
protected LDAPObject loadAndValidateUser(RealmModel realm, UserModel local)
local
- public boolean isValid(RealmModel realm, UserModel local)
UserFederationProvider
isValid
in interface UserFederationProvider
public UserModel getUserByUsername(RealmModel realm, String username)
UserFederationProvider
getUserByUsername
in interface UserFederationProvider
protected UserModel importUserFromLDAP(KeycloakSession session, RealmModel realm, LDAPObject ldapUser)
protected LDAPObject queryByEmail(RealmModel realm, String email)
public UserModel getUserByEmail(RealmModel realm, String email)
UserFederationProvider
getUserByEmail
in interface UserFederationProvider
public void preRemove(RealmModel realm)
UserFederationProvider
preRemove
in interface UserFederationProvider
public void preRemove(RealmModel realm, RoleModel role)
UserFederationProvider
preRemove
in interface UserFederationProvider
public void preRemove(RealmModel realm, GroupModel group)
UserFederationProvider
preRemove
in interface UserFederationProvider
public boolean validPassword(RealmModel realm, UserModel user, String password)
public boolean validCredentials(RealmModel realm, UserModel user, List<UserCredentialModel> input)
UserFederationProvider
validCredentials
in interface UserFederationProvider
public boolean validCredentials(RealmModel realm, UserModel user, UserCredentialModel... input)
validCredentials
in interface UserFederationProvider
public CredentialValidationOutput validCredentials(RealmModel realm, UserCredentialModel credential)
UserFederationProvider
validCredentials
in interface UserFederationProvider
public void close()
UserFederationProvider
close
in interface UserFederationProvider
close
in interface Provider
protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username)
realm
- realmusername
- username without realm prefixpublic LDAPObject loadLDAPUserByUsername(RealmModel realm, String username)
public LDAPFederationMapper getMapper(UserFederationMapperModel mapperModel)
public List<UserFederationMapperModel> sortMappersAsc(Collection<UserFederationMapperModel> mappers)
protected List<UserFederationMapperModel> sortMappersDesc(Collection<UserFederationMapperModel> mappers)
Copyright © 2016 JBoss by Red Hat. All rights reserved.