Interface UserCredentialManager

    • Method Detail

      • isValid

        boolean isValid​(RealmModel realm,
                        UserModel user,
                        List<CredentialInput> inputs)
        Deprecated.
        Validates list of credentials. Will call UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.
        Parameters:
        realm -
        user -
        inputs -
        Returns:
      • isValid

        boolean isValid​(RealmModel realm,
                        UserModel user,
                        CredentialInput... inputs)
        Deprecated.
        Validates list of credentials. Will call UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.
        Parameters:
        realm -
        user -
        inputs -
        Returns:
      • updateCredential

        boolean updateCredential​(RealmModel realm,
                                 UserModel user,
                                 CredentialInput input)
        Deprecated.
        Updates a credential. Will call UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider. Update is finished whenever any one provider returns true.
        Parameters:
        realm -
        user -
        Returns:
        true if credential was successfully updated by UserStorage or any CredentialInputUpdater
      • createCredentialThroughProvider

        CredentialModel createCredentialThroughProvider​(RealmModel realm,
                                                        UserModel user,
                                                        CredentialModel model)
        Deprecated.
        Creates a credential from the credentialModel, by looping through the providers to find a match for the type
        Parameters:
        realm -
        user -
        model -
        Returns:
      • updateCredentialLabel

        void updateCredentialLabel​(RealmModel realm,
                                   UserModel user,
                                   String credentialId,
                                   String userLabel)
        Deprecated.
        Updates the credential label and invalidates the cache for the user.
        Parameters:
        realm -
        user -
        credentialId -
        userLabel -
      • disableCredentialType

        void disableCredentialType​(RealmModel realm,
                                   UserModel user,
                                   String credentialType)
        Deprecated.
        Calls disableCredential on UserStorageProvider and UserFederationProviders first, then loop through each CredentialProvider.
        Parameters:
        realm -
        user -
        credentialType -
      • isConfiguredFor

        boolean isConfiguredFor​(RealmModel realm,
                                UserModel user,
                                String type)
        Deprecated.
        Checks to see if user has credential type configured. Looks in UserStorageProvider or UserFederationProvider first, then loops through each CredentialProvider.
        Parameters:
        realm -
        user -
        type -
        Returns:
      • isConfiguredLocally

        boolean isConfiguredLocally​(RealmModel realm,
                                    UserModel user,
                                    String type)
        Deprecated.
        Only loops through each CredentialProvider to see if credential type is configured for the user. This allows UserStorageProvider and UserFederationProvider isValid() implementations to punt to local storage when validating a credential that has been overriden in Keycloak storage.
        Parameters:
        realm -
        user -
        type -
        Returns:
      • authenticate

        CredentialValidationOutput authenticate​(KeycloakSession session,
                                                RealmModel realm,
                                                CredentialInput input)
        Deprecated.
        Given a CredentialInput, authenticate the user. This is used in the case where the credential must be processed to determine and find the user. An example is Kerberos where the kerberos token might be validated and processed by a variety of different storage providers.
        Parameters:
        session -
        realm -
        input -
        Returns: