public class LDAPFederationProvider extends Object implements UserFederationProvider
UserFederationProvider.EditMode| Modifier and Type | Field and Description |
|---|---|
protected UserFederationProvider.EditMode |
editMode |
protected LDAPFederationProviderFactory |
factory |
protected LDAPProviderKerberosConfig |
kerberosConfig |
protected LDAPIdentityStore |
ldapIdentityStore |
protected UserFederationProviderModel |
model |
protected KeycloakSession |
session |
protected Set<String> |
supportedCredentialTypes |
EMAIL, FIRST_NAME, LAST_NAME, USERNAME| Constructor and Description |
|---|
LDAPFederationProvider(LDAPFederationProviderFactory factory,
KeycloakSession session,
UserFederationProviderModel model,
LDAPIdentityStore ldapIdentityStore) |
| Modifier and Type | Method and Description |
|---|---|
void |
close()
This method is called at the end of requests.
|
protected UserModel |
findOrCreateAuthenticatedUser(RealmModel realm,
String username)
Called after successful kerberos authentication
|
UserFederationProvider.EditMode |
getEditMode() |
List<UserModel> |
getGroupMembers(RealmModel realm,
GroupModel group,
int firstResult,
int maxResults)
Return group members from federation storage.
|
LDAPIdentityStore |
getLdapIdentityStore() |
LDAPFederationMapper |
getMapper(UserFederationMapperModel mapperModel) |
UserFederationProviderModel |
getModel() |
KeycloakSession |
getSession() |
Set<String> |
getSupportedCredentialTypes()
What UserCredentialModel types should be handled by this provider? This is called in scenarios when we don't know user,
who is going to authenticate (For example Kerberos authentication).
|
Set<String> |
getSupportedCredentialTypes(UserModel local)
What UserCredentialModel types should be handled by this provider for this user? Keycloak will only call
validCredentials() with the credential types specified in this method.
|
UserModel |
getUserByEmail(RealmModel realm,
String email)
Keycloak will search for user in local storage first.
|
UserModel |
getUserByUsername(RealmModel realm,
String username)
Keycloak will search for user in local storage first.
|
protected UserModel |
importUserFromLDAP(KeycloakSession session,
RealmModel realm,
LDAPObject ldapUser) |
boolean |
isValid(RealmModel realm,
UserModel local)
Is the Keycloak UserModel still valid and/or existing in federated storage? Keycloak may call this method
in various user operations.
|
protected LDAPObject |
loadAndValidateUser(RealmModel realm,
UserModel local) |
LDAPObject |
loadLDAPUserByUsername(RealmModel realm,
String username) |
List<UserModel> |
loadUsersByUsernames(List<String> usernames,
RealmModel realm) |
void |
preRemove(RealmModel realm)
called whenever a Realm is removed
|
void |
preRemove(RealmModel realm,
GroupModel group)
called before a role is removed.
|
void |
preRemove(RealmModel realm,
RoleModel role)
called before a role is removed.
|
protected UserModel |
proxy(RealmModel realm,
UserModel local,
LDAPObject ldapObject) |
protected LDAPObject |
queryByEmail(RealmModel realm,
String email) |
UserModel |
register(RealmModel realm,
UserModel user)
Called if this federation provider has priority and supports synchronized registrations.
|
boolean |
removeUser(RealmModel realm,
UserModel user) |
List<UserModel> |
searchByAttributes(Map<String,String> attributes,
RealmModel realm,
int maxResults)
Keycloak does not search in local storage first before calling this method.
|
protected List<LDAPObject> |
searchLDAP(RealmModel realm,
Map<String,String> attributes,
int maxResults) |
List<UserFederationMapperModel> |
sortMappersAsc(Collection<UserFederationMapperModel> mappers) |
protected List<UserFederationMapperModel> |
sortMappersDesc(Collection<UserFederationMapperModel> mappers) |
boolean |
synchronizeRegistrations()
Should user registrations be synchronized with this provider?
FYI, only one provider will be chosen (by priority) to have this synchronization
|
UserModel |
validateAndProxy(RealmModel realm,
UserModel local)
Gives the provider an option to validate if user still exists in federation backend and then proxy UserModel loaded from local storage.
|
CredentialValidationOutput |
validCredentials(RealmModel realm,
UserCredentialModel credential)
Validate credentials of unknown user.
|
boolean |
validCredentials(RealmModel realm,
UserModel user,
List<UserCredentialModel> input)
Validate credentials for this user.
|
boolean |
validCredentials(RealmModel realm,
UserModel user,
UserCredentialModel... input) |
boolean |
validPassword(RealmModel realm,
UserModel user,
String password) |
protected LDAPFederationProviderFactory factory
protected KeycloakSession session
protected UserFederationProviderModel model
protected LDAPIdentityStore ldapIdentityStore
protected UserFederationProvider.EditMode editMode
protected LDAPProviderKerberosConfig kerberosConfig
public LDAPFederationProvider(LDAPFederationProviderFactory factory, KeycloakSession session, UserFederationProviderModel model, LDAPIdentityStore ldapIdentityStore)
public KeycloakSession getSession()
public UserFederationProviderModel getModel()
public LDAPIdentityStore getLdapIdentityStore()
public UserFederationProvider.EditMode getEditMode()
public UserModel validateAndProxy(RealmModel realm, UserModel local)
UserFederationProvidervalidateAndProxy in interface UserFederationProviderprotected UserModel proxy(RealmModel realm, UserModel local, LDAPObject ldapObject)
public Set<String> getSupportedCredentialTypes(UserModel local)
UserFederationProvidergetSupportedCredentialTypes in interface UserFederationProviderpublic Set<String> getSupportedCredentialTypes()
UserFederationProvidergetSupportedCredentialTypes in interface UserFederationProviderpublic boolean synchronizeRegistrations()
UserFederationProvidersynchronizeRegistrations in interface UserFederationProviderpublic UserModel register(RealmModel realm, UserModel user)
UserFederationProviderregister in interface UserFederationProviderpublic boolean removeUser(RealmModel realm, UserModel user)
removeUser in interface UserFederationProviderpublic List<UserModel> searchByAttributes(Map<String,String> attributes, RealmModel realm, int maxResults)
UserFederationProvidersearchByAttributes in interface UserFederationProviderpublic List<UserModel> getGroupMembers(RealmModel realm, GroupModel group, int firstResult, int maxResults)
UserFederationProvidergetGroupMembers in interface UserFederationProviderpublic List<UserModel> loadUsersByUsernames(List<String> usernames, RealmModel realm)
protected List<LDAPObject> searchLDAP(RealmModel realm, Map<String,String> attributes, int maxResults)
protected LDAPObject loadAndValidateUser(RealmModel realm, UserModel local)
local - public boolean isValid(RealmModel realm, UserModel local)
UserFederationProviderisValid in interface UserFederationProviderpublic UserModel getUserByUsername(RealmModel realm, String username)
UserFederationProvidergetUserByUsername in interface UserFederationProviderprotected UserModel importUserFromLDAP(KeycloakSession session, RealmModel realm, LDAPObject ldapUser)
protected LDAPObject queryByEmail(RealmModel realm, String email)
public UserModel getUserByEmail(RealmModel realm, String email)
UserFederationProvidergetUserByEmail in interface UserFederationProviderpublic void preRemove(RealmModel realm)
UserFederationProviderpreRemove in interface UserFederationProviderpublic void preRemove(RealmModel realm, RoleModel role)
UserFederationProviderpreRemove in interface UserFederationProviderpublic void preRemove(RealmModel realm, GroupModel group)
UserFederationProviderpreRemove in interface UserFederationProviderpublic boolean validPassword(RealmModel realm, UserModel user, String password)
public boolean validCredentials(RealmModel realm, UserModel user, List<UserCredentialModel> input)
UserFederationProvidervalidCredentials in interface UserFederationProviderpublic boolean validCredentials(RealmModel realm, UserModel user, UserCredentialModel... input)
validCredentials in interface UserFederationProviderpublic CredentialValidationOutput validCredentials(RealmModel realm, UserCredentialModel credential)
UserFederationProvidervalidCredentials in interface UserFederationProviderpublic void close()
UserFederationProviderclose in interface UserFederationProviderclose in interface Providerprotected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username)
realm - realmusername - username without realm prefixpublic LDAPObject loadLDAPUserByUsername(RealmModel realm, String username)
public LDAPFederationMapper getMapper(UserFederationMapperModel mapperModel)
public List<UserFederationMapperModel> sortMappersAsc(Collection<UserFederationMapperModel> mappers)
protected List<UserFederationMapperModel> sortMappersDesc(Collection<UserFederationMapperModel> mappers)
Copyright © 2016 JBoss by Red Hat. All rights reserved.