public class KerberosFederationProvider extends Object implements UserFederationProvider
UserFederationProvider.EditMode
Modifier and Type | Field and Description |
---|---|
protected KerberosFederationProviderFactory |
factory |
static String |
KERBEROS_PRINCIPAL |
protected KerberosConfig |
kerberosConfig |
protected UserFederationProviderModel |
model |
protected KeycloakSession |
session |
EMAIL, FIRST_NAME, LAST_NAME, USERNAME
Constructor and Description |
---|
KerberosFederationProvider(KeycloakSession session,
UserFederationProviderModel model,
KerberosFederationProviderFactory factory) |
Modifier and Type | Method and Description |
---|---|
void |
close() |
protected UserModel |
findOrCreateAuthenticatedUser(RealmModel realm,
String username)
Called after successful authentication
|
Set<String> |
getSupportedCredentialTypes()
What UserCredentialModel types should be handled by this provider? This is called in scenarios when we don't know user,
who is going to authenticate (For example Kerberos authentication).
|
Set<String> |
getSupportedCredentialTypes(UserModel local)
What UserCredentialModel types should be handled by this provider for this user? Keycloak will only call
validCredentials() with the credential types specified in this method.
|
UserModel |
getUserByEmail(RealmModel realm,
String email)
Required to import into local storage any user found.
|
UserModel |
getUserByUsername(RealmModel realm,
String username)
Required to import into local storage any user found.
|
protected UserModel |
importUserToKeycloak(RealmModel realm,
String username) |
boolean |
isValid(UserModel local)
Is the Keycloak UserModel still valid and/or existing in federated storage?
|
void |
preRemove(RealmModel realm)
called whenever a Realm is removed
|
void |
preRemove(RealmModel realm,
RoleModel role)
called before a role is removed.
|
UserModel |
proxy(UserModel local)
Gives the provider an option to proxy UserModels loaded from local storage.
|
UserModel |
register(RealmModel realm,
UserModel user)
Called if this federation provider has priority and supports synchronized registrations.
|
boolean |
removeUser(RealmModel realm,
UserModel user) |
List<UserModel> |
searchByAttributes(Map<String,String> attributes,
RealmModel realm,
int maxResults)
Required to import into local storage any user found.
|
boolean |
synchronizeRegistrations()
Should user registrations be synchronized with this provider?
FYI, only one provider will be chosen (by priority) to have this synchronization
|
CredentialValidationOutput |
validCredentials(RealmModel realm,
UserCredentialModel credential)
Validate credentials of unknown user.
|
boolean |
validCredentials(RealmModel realm,
UserModel user,
List<UserCredentialModel> input)
Validate credentials for this user.
|
boolean |
validCredentials(RealmModel realm,
UserModel user,
UserCredentialModel... input) |
protected boolean |
validPassword(String username,
String password) |
public static final String KERBEROS_PRINCIPAL
protected KeycloakSession session
protected UserFederationProviderModel model
protected KerberosConfig kerberosConfig
protected KerberosFederationProviderFactory factory
public KerberosFederationProvider(KeycloakSession session, UserFederationProviderModel model, KerberosFederationProviderFactory factory)
public UserModel proxy(UserModel local)
UserFederationProvider
proxy
in interface UserFederationProvider
public boolean synchronizeRegistrations()
UserFederationProvider
synchronizeRegistrations
in interface UserFederationProvider
public UserModel register(RealmModel realm, UserModel user)
UserFederationProvider
register
in interface UserFederationProvider
public boolean removeUser(RealmModel realm, UserModel user)
removeUser
in interface UserFederationProvider
public UserModel getUserByUsername(RealmModel realm, String username)
UserFederationProvider
getUserByUsername
in interface UserFederationProvider
public UserModel getUserByEmail(RealmModel realm, String email)
UserFederationProvider
getUserByEmail
in interface UserFederationProvider
public List<UserModel> searchByAttributes(Map<String,String> attributes, RealmModel realm, int maxResults)
UserFederationProvider
searchByAttributes
in interface UserFederationProvider
public void preRemove(RealmModel realm)
UserFederationProvider
preRemove
in interface UserFederationProvider
public void preRemove(RealmModel realm, RoleModel role)
UserFederationProvider
preRemove
in interface UserFederationProvider
public boolean isValid(UserModel local)
UserFederationProvider
isValid
in interface UserFederationProvider
public Set<String> getSupportedCredentialTypes(UserModel local)
UserFederationProvider
getSupportedCredentialTypes
in interface UserFederationProvider
public Set<String> getSupportedCredentialTypes()
UserFederationProvider
getSupportedCredentialTypes
in interface UserFederationProvider
public boolean validCredentials(RealmModel realm, UserModel user, List<UserCredentialModel> input)
UserFederationProvider
validCredentials
in interface UserFederationProvider
public boolean validCredentials(RealmModel realm, UserModel user, UserCredentialModel... input)
validCredentials
in interface UserFederationProvider
public CredentialValidationOutput validCredentials(RealmModel realm, UserCredentialModel credential)
UserFederationProvider
validCredentials
in interface UserFederationProvider
public void close()
close
in interface UserFederationProvider
close
in interface Provider
protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username)
realm
- realmusername
- username without realm prefixprotected UserModel importUserToKeycloak(RealmModel realm, String username)
Copyright © 2015. All rights reserved.