public class ScriptBasedAuthenticator extends Object implements Authenticator
Authenticator that can execute a configured script during authentication flow.
Scripts must at least provide one of the following functions:
authenticate(..) which is called from Authenticator.authenticate(AuthenticationFlowContext)action(..) which is called from Authenticator.action(AuthenticationFlowContext)
Custom Authenticator's should at least provide the authenticate(..) function.
The following script Bindings are available for convenient use within script code.
script the ScriptModel to access script metadatarealm the RealmModeluser the current UserModelsession the active KeycloakSessionauthenticationSession the current AuthenticationSessionModelhttpRequest the current HttpRequestLOG a Logger scoped to ScriptBasedAuthenticator/li>
Note that the user variable is only defined when the user was identified by a preceeding
authentication step, e.g. by the UsernamePasswordForm authenticator.
Additional context information can be extracted from the context argument passed to the authenticate(context)
or action(context) function.
An example ScriptBasedAuthenticator definition could look as follows:
AuthenticationFlowError = Java.type("org.keycloak.authentication.AuthenticationFlowError");
function authenticate(context) {
var username = user ? user.username : "anonymous";
LOG.info(script.name + " --> trace auth for: " + username);
if ( username === "tester"
&& user.getAttribute("someAttribute")
&& user.getAttribute("someAttribute").contains("someValue")) {
context.failure(AuthenticationFlowError.INVALID_USER);
return;
}
context.success();
}
| Constructor and Description |
|---|
ScriptBasedAuthenticator() |
| Modifier and Type | Method and Description |
|---|---|
void |
action(AuthenticationFlowContext context)
Called from a form action invocation.
|
void |
authenticate(AuthenticationFlowContext context)
Initial call for the authenticator.
|
void |
close() |
boolean |
configuredFor(KeycloakSession session,
RealmModel realm,
UserModel user)
Is this authenticator configured for this user.
|
protected AuthenticatorConfigModel |
getAuthenticatorConfig(AuthenticationFlowContext context) |
boolean |
requiresUser()
Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?
|
void |
setRequiredActions(KeycloakSession session,
RealmModel realm,
UserModel user)
Set actions to configure authenticator
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitareRequiredActionsEnabled, getRequiredActionspublic void authenticate(AuthenticationFlowContext context)
Authenticatorauthenticate in interface Authenticatorpublic void action(AuthenticationFlowContext context)
Authenticatoraction in interface Authenticatorprotected AuthenticatorConfigModel getAuthenticatorConfig(AuthenticationFlowContext context)
public boolean requiresUser()
AuthenticatorrequiresUser in interface Authenticatorpublic boolean configuredFor(KeycloakSession session, RealmModel realm, UserModel user)
AuthenticatorconfiguredFor in interface Authenticatorpublic void setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user)
AuthenticatorsetRequiredActions in interface AuthenticatorCopyright © 2021 JBoss by Red Hat. All rights reserved.