Package org.keycloak.authentication
Interface Authenticator
-
- All Superinterfaces:
Provider
- All Known Subinterfaces:
AuthenticationFlowCallback
,ConditionalAuthenticator
- All Known Implementing Classes:
AbstractDirectGrantAuthenticator
,AbstractFormAuthenticator
,AbstractIdpAuthenticator
,AbstractSetRequiredActionAuthenticator
,AbstractUsernameFormAuthenticator
,AbstractX509ClientCertificateAuthenticator
,AbstractX509ClientCertificateDirectGrantAuthenticator
,AllowAccessAuthenticator
,AttemptedAuthenticator
,BasicAuthAuthenticator
,BasicAuthOTPAuthenticator
,ConditionalLoaAuthenticator
,ConditionalOtpFormAuthenticator
,ConditionalRoleAuthenticator
,ConditionalUserAttributeValue
,ConditionalUserConfiguredAuthenticator
,CookieAuthenticator
,DenyAccessAuthenticator
,DockerAuthenticator
,HttpBasicAuthenticator
,IdentityProviderAuthenticator
,IdpAutoLinkAuthenticator
,IdpConfirmLinkAuthenticator
,IdpCreateUserIfUniqueAuthenticator
,IdpDetectExistingBrokerUserAuthenticator
,IdpEmailVerificationAuthenticator
,IdpReviewProfileAuthenticator
,IdpUsernamePasswordForm
,NoCookieFlowRedirectAuthenticator
,OTPFormAuthenticator
,PasswordForm
,RecoveryAuthnCodesFormAuthenticator
,ResetCredentialChooseUser
,ResetCredentialEmail
,ResetOTP
,ResetPassword
,ScriptBasedAuthenticator
,SpnegoAuthenticator
,UsernameForm
,UsernamePasswordForm
,UserSessionLimitsAuthenticator
,ValidateOTP
,ValidatePassword
,ValidateUsername
,ValidateX509CertificateUsername
,WebAuthnAuthenticator
,WebAuthnPasswordlessAuthenticator
,X509ClientCertificateAuthenticator
public interface Authenticator extends Provider
This interface is for users that want to add custom authenticators to an authentication flow. You must implement this interface as well as an AuthenticatorFactory.- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description void
action(AuthenticationFlowContext context)
Called from a form action invocation.default boolean
areRequiredActionsEnabled(KeycloakSession session, RealmModel realm)
Checks if all required actions are configured in the realm and are enabledvoid
authenticate(AuthenticationFlowContext context)
Initial call for the authenticator.boolean
configuredFor(KeycloakSession session, RealmModel realm, UserModel user)
Is this authenticator configured for this user.default List<RequiredActionFactory>
getRequiredActions(KeycloakSession session)
Overwrite this if the authenticator is associated withboolean
requiresUser()
Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?void
setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user)
Set actions to configure authenticator
-
-
-
Method Detail
-
authenticate
void authenticate(AuthenticationFlowContext context)
Initial call for the authenticator. This method should check the current HTTP request to determine if the request satifies the Authenticator's requirements. If it doesn't, it should send back a challenge response by calling the AuthenticationFlowContext.challenge(Response). If this challenge is a authentication, the action URL of the form must point to /realms/{realm}/login-actions/authenticate?code={session-code}&execution={executionId} or /realms/{realm}/login-actions/registration?code={session-code}&execution={executionId} {session-code} pertains to the code generated from AuthenticationFlowContext.generateAccessCode(). The {executionId} pertains to the AuthenticationExecutionModel.getId() value obtained from AuthenticationFlowContext.getExecution(). The action URL will invoke the action() method described below.- Parameters:
context
-
-
action
void action(AuthenticationFlowContext context)
Called from a form action invocation.- Parameters:
context
-
-
requiresUser
boolean requiresUser()
Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?- Returns:
-
configuredFor
boolean configuredFor(KeycloakSession session, RealmModel realm, UserModel user)
Is this authenticator configured for this user.- Parameters:
session
-realm
-user
-- Returns:
-
setRequiredActions
void setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user)
Set actions to configure authenticator
-
getRequiredActions
default List<RequiredActionFactory> getRequiredActions(KeycloakSession session)
Overwrite this if the authenticator is associated with- Returns:
-
areRequiredActionsEnabled
default boolean areRequiredActionsEnabled(KeycloakSession session, RealmModel realm)
Checks if all required actions are configured in the realm and are enabled- Returns:
-
-