Class MSADUserAccountControlStorageMapper
- java.lang.Object
-
- org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
-
- org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper
-
- All Implemented Interfaces:
Provider
,LDAPStorageMapper
,PasswordUpdateCallback
public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapper implements PasswordUpdateCallback
Mapper specific to MSAD. It's able to read the userAccountControl and pwdLastSet attributes and set actions in Keycloak based on that. It's also able to handle exception code from LDAP user authentication (See http://www-01.ibm.com/support/docview.wss?uid=swg21290631 )- Author:
- Marek Posolda
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description class
MSADUserAccountControlStorageMapper.MSADUserModelDelegate
-
Field Summary
Fields Modifier and Type Field Description static String
LDAP_PASSWORD_POLICY_HINTS_ENABLED
-
Fields inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
ldapProvider, mapperModel, session
-
-
Constructor Summary
Constructors Constructor Description MSADUserAccountControlStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
beforeLDAPQuery(LDAPQuery query)
Called before LDAP Identity query for retrieve LDAP users was executed.LDAPOperationDecorator
beforePasswordUpdate(UserModel user, LDAPObject ldapUser, UserCredentialModel password)
protected UserAccountControl
getUserAccountControl(LDAPObject ldapUser)
boolean
onAuthenticationFailure(LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm)
Called when LDAP authentication of specified user fails.void
onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate)
Called when importing user from LDAP to local keycloak DB.void
onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm)
Called when register new user to LDAP - just after user was created in Keycloak DBvoid
passwordUpdated(UserModel user, LDAPObject ldapUser, UserCredentialModel password)
void
passwordUpdateFailed(UserModel user, LDAPObject ldapUser, UserCredentialModel password, ModelException exception)
protected boolean
processAuthErrorCode(String errorCode, UserModel user)
protected ModelException
processFailedPasswordUpdateException(ModelException e)
UserModel
proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm)
Called when invoke proxy on LDAP federation providerprotected void
updateUserAccountControl(boolean updateInLDAP, LDAPObject ldapUser, UserAccountControl accountControl)
-
Methods inherited from class org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper
close, getGroupMembers, getLdapProvider, getRoleMembers, mandatoryAttributeNames, parseBooleanParameter, syncDataFromFederationProviderToKeycloak, syncDataFromKeycloakToFederationProvider
-
-
-
-
Field Detail
-
LDAP_PASSWORD_POLICY_HINTS_ENABLED
public static final String LDAP_PASSWORD_POLICY_HINTS_ENABLED
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
MSADUserAccountControlStorageMapper
public MSADUserAccountControlStorageMapper(ComponentModel mapperModel, LDAPStorageProvider ldapProvider)
-
-
Method Detail
-
beforeLDAPQuery
public void beforeLDAPQuery(LDAPQuery query)
Description copied from interface:LDAPStorageMapper
Called before LDAP Identity query for retrieve LDAP users was executed. It allows to change query somehow (add returning attributes from LDAP, change conditions etc)- Specified by:
beforeLDAPQuery
in interfaceLDAPStorageMapper
-
beforePasswordUpdate
public LDAPOperationDecorator beforePasswordUpdate(UserModel user, LDAPObject ldapUser, UserCredentialModel password)
- Specified by:
beforePasswordUpdate
in interfacePasswordUpdateCallback
-
passwordUpdated
public void passwordUpdated(UserModel user, LDAPObject ldapUser, UserCredentialModel password)
- Specified by:
passwordUpdated
in interfacePasswordUpdateCallback
-
passwordUpdateFailed
public void passwordUpdateFailed(UserModel user, LDAPObject ldapUser, UserCredentialModel password, ModelException exception)
- Specified by:
passwordUpdateFailed
in interfacePasswordUpdateCallback
-
proxy
public UserModel proxy(LDAPObject ldapUser, UserModel delegate, RealmModel realm)
Description copied from interface:LDAPStorageMapper
Called when invoke proxy on LDAP federation provider- Specified by:
proxy
in interfaceLDAPStorageMapper
- Returns:
-
onRegisterUserToLDAP
public void onRegisterUserToLDAP(LDAPObject ldapUser, UserModel localUser, RealmModel realm)
Description copied from interface:LDAPStorageMapper
Called when register new user to LDAP - just after user was created in Keycloak DB- Specified by:
onRegisterUserToLDAP
in interfaceLDAPStorageMapper
-
onImportUserFromLDAP
public void onImportUserFromLDAP(LDAPObject ldapUser, UserModel user, RealmModel realm, boolean isCreate)
Description copied from interface:LDAPStorageMapper
Called when importing user from LDAP to local keycloak DB.- Specified by:
onImportUserFromLDAP
in interfaceLDAPStorageMapper
isCreate
- true if we importing new user from LDAP. False if user already exists in Keycloak, but we are upgrading (syncing) it from LDAP
-
onAuthenticationFailure
public boolean onAuthenticationFailure(LDAPObject ldapUser, UserModel user, AuthenticationException ldapException, RealmModel realm)
Description copied from interface:LDAPStorageMapper
Called when LDAP authentication of specified user fails. If any mapper returns true from this method, AuthenticationException won't be rethrown!- Specified by:
onAuthenticationFailure
in interfaceLDAPStorageMapper
- Overrides:
onAuthenticationFailure
in classAbstractLDAPStorageMapper
- Returns:
- true if mapper processed the AuthenticationException and did some actions based on that. In that case, AuthenticationException won't be rethrown!
-
processFailedPasswordUpdateException
protected ModelException processFailedPasswordUpdateException(ModelException e)
-
getUserAccountControl
protected UserAccountControl getUserAccountControl(LDAPObject ldapUser)
-
updateUserAccountControl
protected void updateUserAccountControl(boolean updateInLDAP, LDAPObject ldapUser, UserAccountControl accountControl)
-
-