Package org.keycloak.federation.kerberos
Class KerberosFederationProvider
- java.lang.Object
-
- org.keycloak.federation.kerberos.KerberosFederationProvider
-
- All Implemented Interfaces:
CredentialAuthentication
,CredentialInputUpdater
,CredentialInputValidator
,Provider
,ImportedUserValidation
,UserLookupProvider
,UserStorageProvider
public class KerberosFederationProvider extends Object implements UserStorageProvider, UserLookupProvider, CredentialInputValidator, CredentialInputUpdater, CredentialAuthentication, ImportedUserValidation
- Author:
- Marek Posolda
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.keycloak.credential.CredentialInputUpdater
CredentialInputUpdater.Streams
-
Nested classes/interfaces inherited from interface org.keycloak.storage.user.UserLookupProvider
UserLookupProvider.Streams
-
Nested classes/interfaces inherited from interface org.keycloak.storage.UserStorageProvider
UserStorageProvider.EditMode
-
-
Field Summary
Fields Modifier and Type Field Description protected KerberosFederationProviderFactory
factory
static String
KERBEROS_PRINCIPAL
protected KerberosConfig
kerberosConfig
protected UserStorageProviderModel
model
protected KeycloakSession
session
-
Constructor Summary
Constructors Constructor Description KerberosFederationProvider(KeycloakSession session, UserStorageProviderModel model, KerberosFederationProviderFactory factory)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description CredentialValidationOutput
authenticate(RealmModel realm, CredentialInput input)
void
close()
void
disableCredentialType(RealmModel realm, UserModel user, String credentialType)
protected UserModel
findOrCreateAuthenticatedUser(RealmModel realm, String username)
Called after successful authenticationStream<String>
getDisableableCredentialTypesStream(RealmModel realm, UserModel user)
Obtains the set of credential types that can be disabled viadisableCredentialType
.UserModel
getUserByEmail(RealmModel realm, String email)
Returns a user with the given email belonging to the realmUserModel
getUserById(RealmModel realm, String id)
Returns a user with the given id belonging to the realmUserModel
getUserByUsername(RealmModel realm, String username)
Exact search for a user by its username.protected UserModel
importUserToKeycloak(RealmModel realm, String username)
boolean
isConfiguredFor(RealmModel realm, UserModel user, String credentialType)
boolean
isValid(RealmModel realm, UserModel local)
boolean
isValid(RealmModel realm, UserModel user, CredentialInput input)
Tests whether a credential is validvoid
preRemove(RealmModel realm)
Callback when a realm is removed.void
preRemove(RealmModel realm, GroupModel group)
Callback when a group is removed.void
preRemove(RealmModel realm, RoleModel role)
Callback when a role is removed.boolean
supportsCredentialAuthenticationFor(String type)
boolean
supportsCredentialType(String credentialType)
boolean
updateCredential(RealmModel realm, UserModel user, CredentialInput input)
UserModel
validate(RealmModel realm, UserModel user)
If this method returns null, then the user in local storage will be removedprotected boolean
validPassword(String username, String password)
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.keycloak.storage.user.UserLookupProvider
getUserByCredential
-
-
-
-
Field Detail
-
KERBEROS_PRINCIPAL
public static final String KERBEROS_PRINCIPAL
- See Also:
- Constant Field Values
-
session
protected KeycloakSession session
-
model
protected UserStorageProviderModel model
-
kerberosConfig
protected KerberosConfig kerberosConfig
-
factory
protected KerberosFederationProviderFactory factory
-
-
Constructor Detail
-
KerberosFederationProvider
public KerberosFederationProvider(KeycloakSession session, UserStorageProviderModel model, KerberosFederationProviderFactory factory)
-
-
Method Detail
-
validate
public UserModel validate(RealmModel realm, UserModel user)
Description copied from interface:ImportedUserValidation
If this method returns null, then the user in local storage will be removed- Specified by:
validate
in interfaceImportedUserValidation
- Returns:
- null if user no longer valid
-
getUserByUsername
public UserModel getUserByUsername(RealmModel realm, String username)
Description copied from interface:UserLookupProvider
Exact search for a user by its username. Returns a user with the given username belonging to the realm- Specified by:
getUserByUsername
in interfaceUserLookupProvider
- Parameters:
realm
- the realm modelusername
- (case-sensitivity is controlled by storage)- Returns:
- found user model, or
null
if no such user exists
-
getUserByEmail
public UserModel getUserByEmail(RealmModel realm, String email)
Description copied from interface:UserLookupProvider
Returns a user with the given email belonging to the realm- Specified by:
getUserByEmail
in interfaceUserLookupProvider
- Parameters:
realm
- the realm modelemail
- email address- Returns:
- found user model, or
null
if no such user exists
-
getUserById
public UserModel getUserById(RealmModel realm, String id)
Description copied from interface:UserLookupProvider
Returns a user with the given id belonging to the realm- Specified by:
getUserById
in interfaceUserLookupProvider
- Parameters:
realm
- the realm modelid
- id of the user- Returns:
- found user model, or
null
if no such user exists
-
preRemove
public void preRemove(RealmModel realm)
Description copied from interface:UserStorageProvider
Callback when a realm is removed. Implement this if, for example, you want to do some cleanup in your user storage when a realm is removed- Specified by:
preRemove
in interfaceUserStorageProvider
-
preRemove
public void preRemove(RealmModel realm, RoleModel role)
Description copied from interface:UserStorageProvider
Callback when a role is removed. Allows you to do things like remove a user role mapping in your external store if appropriate- Specified by:
preRemove
in interfaceUserStorageProvider
-
preRemove
public void preRemove(RealmModel realm, GroupModel group)
Description copied from interface:UserStorageProvider
Callback when a group is removed. Allows you to do things like remove a user group mapping in your external store if appropriate- Specified by:
preRemove
in interfaceUserStorageProvider
-
isValid
public boolean isValid(RealmModel realm, UserModel local)
-
updateCredential
public boolean updateCredential(RealmModel realm, UserModel user, CredentialInput input)
- Specified by:
updateCredential
in interfaceCredentialInputUpdater
-
disableCredentialType
public void disableCredentialType(RealmModel realm, UserModel user, String credentialType)
- Specified by:
disableCredentialType
in interfaceCredentialInputUpdater
-
getDisableableCredentialTypesStream
public Stream<String> getDisableableCredentialTypesStream(RealmModel realm, UserModel user)
Description copied from interface:CredentialInputUpdater
Obtains the set of credential types that can be disabled viadisableCredentialType
.- Specified by:
getDisableableCredentialTypesStream
in interfaceCredentialInputUpdater
- Parameters:
realm
- a reference to the realm.user
- the user whose credentials are being searched.- Returns:
- a non-null
Stream
of credential types.
-
supportsCredentialType
public boolean supportsCredentialType(String credentialType)
- Specified by:
supportsCredentialType
in interfaceCredentialInputUpdater
- Specified by:
supportsCredentialType
in interfaceCredentialInputValidator
-
supportsCredentialAuthenticationFor
public boolean supportsCredentialAuthenticationFor(String type)
- Specified by:
supportsCredentialAuthenticationFor
in interfaceCredentialAuthentication
-
isConfiguredFor
public boolean isConfiguredFor(RealmModel realm, UserModel user, String credentialType)
- Specified by:
isConfiguredFor
in interfaceCredentialInputValidator
-
isValid
public boolean isValid(RealmModel realm, UserModel user, CredentialInput input)
Description copied from interface:CredentialInputValidator
Tests whether a credential is valid- Specified by:
isValid
in interfaceCredentialInputValidator
- Parameters:
realm
- The realm in which to which the credential belongs touser
- The user for which to test the credentialinput
- the credential details to verify- Returns:
- true if the passed secret is correct
-
authenticate
public CredentialValidationOutput authenticate(RealmModel realm, CredentialInput input)
- Specified by:
authenticate
in interfaceCredentialAuthentication
-
findOrCreateAuthenticatedUser
protected UserModel findOrCreateAuthenticatedUser(RealmModel realm, String username)
Called after successful authentication- Parameters:
realm
- realmusername
- username without realm prefix- Returns:
- user if found or successfully created. Null if user with same username already exists, but is not linked to this provider
-
importUserToKeycloak
protected UserModel importUserToKeycloak(RealmModel realm, String username)
-
-