Package org.keycloak.authentication.authenticators.directgrant

Class ValidateOTP

java.lang.Object

org.keycloak.authentication.authenticators.directgrant.AbstractDirectGrantAuthenticator

org.keycloak.authentication.authenticators.directgrant.ValidateOTP

All Implemented Interfaces:

Authenticator, AuthenticatorFactory, ConfigurableAuthenticatorFactory, CredentialValidator<OTPCredentialProvider>, ConfiguredProvider, Provider, ProviderFactory<Authenticator>

public class ValidateOTP
extends AbstractDirectGrantAuthenticator
implements CredentialValidator<OTPCredentialProvider>

Version:

$Revision: 1 $

Author:

Bill Burke

Field Summary

Fields

Modifier and Type	Field	Description
static String	PROVIDER_ID

Fields inherited from interface org.keycloak.authentication.ConfigurableAuthenticatorFactory

REQUIREMENT_CHOICES

Constructor Summary

Constructors

Constructor	Description
ValidateOTP()

Method Summary

Modifier and Type	Method	Description
void	authenticate(AuthenticationFlowContext context)	Initial call for the authenticator.
boolean	configuredFor(KeycloakSession session, RealmModel realm, UserModel user)	Is this authenticator configured for this user.
List<ProviderConfigProperty>	getConfigProperties()
OTPCredentialProvider	getCredentialProvider(KeycloakSession session)
String	getDisplayType()	Friendly name for the authenticator
String	getHelpText()
String	getId()
String	getReferenceCategory()	General authenticator type, i.e.
AuthenticationExecutionModel.Requirement[]	getRequirementChoices()	What requirement settings are allowed.
boolean	isConfigurable()	Is this authenticator configurable?
boolean	isUserSetupAllowed()	Does this authenticator have required actions that can set if the user does not have this authenticator set up?
boolean	requiresUser()	Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?
void	setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user)	Set actions to configure authenticator

Methods inherited from class org.keycloak.authentication.authenticators.directgrant.AbstractDirectGrantAuthenticator

action, close, create, errorResponse, init, postInit

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.authentication.Authenticator

areRequiredActionsEnabled, getRequiredActions

Methods inherited from interface org.keycloak.provider.ConfiguredProvider

getConfig

Methods inherited from interface org.keycloak.authentication.CredentialValidator

getCredentials, getType

Methods inherited from interface org.keycloak.provider.ProviderFactory

getConfigMetadata, order

Field Detail

PROVIDER_ID

public static final String PROVIDER_ID

See Also:

Constant Field Values

Constructor Detail

ValidateOTP

public ValidateOTP()

Method Detail

authenticate

public void authenticate(AuthenticationFlowContext context)

Description copied from interface: Authenticator

Initial call for the authenticator. This method should check the current HTTP request to determine if the request satifies the Authenticator's requirements. If it doesn't, it should send back a challenge response by calling the AuthenticationFlowContext.challenge(Response). If this challenge is a authentication, the action URL of the form must point to /realms/{realm}/login-actions/authenticate?code={session-code}&execution={executionId} or /realms/{realm}/login-actions/registration?code={session-code}&execution={executionId} {session-code} pertains to the code generated from AuthenticationFlowContext.generateAccessCode(). The {executionId} pertains to the AuthenticationExecutionModel.getId() value obtained from AuthenticationFlowContext.getExecution(). The action URL will invoke the action() method described below.

Specified by:

authenticate in interface Authenticator

requiresUser

public boolean requiresUser()

Description copied from interface: Authenticator

Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?

Specified by:

requiresUser in interface Authenticator

Returns:

configuredFor

public boolean configuredFor(KeycloakSession session,
                             RealmModel realm,
                             UserModel user)

Description copied from interface: Authenticator

Is this authenticator configured for this user.

Specified by:

configuredFor in interface Authenticator

Returns:

setRequiredActions

public void setRequiredActions(KeycloakSession session,
                               RealmModel realm,
                               UserModel user)

Description copied from interface: Authenticator

Set actions to configure authenticator

Specified by:

setRequiredActions in interface Authenticator

isUserSetupAllowed

public boolean isUserSetupAllowed()

Description copied from interface: ConfigurableAuthenticatorFactory

Does this authenticator have required actions that can set if the user does not have this authenticator set up?

Specified by:

isUserSetupAllowed in interface ConfigurableAuthenticatorFactory

Returns:

getDisplayType

public String getDisplayType()

Description copied from interface: ConfigurableAuthenticatorFactory

Friendly name for the authenticator

Specified by:

getDisplayType in interface ConfigurableAuthenticatorFactory

Returns:

getReferenceCategory

public String getReferenceCategory()

Description copied from interface: ConfigurableAuthenticatorFactory

General authenticator type, i.e. totp, password, cert.

Specified by:

getReferenceCategory in interface ConfigurableAuthenticatorFactory

Returns:

null if not a referencable category

isConfigurable

public boolean isConfigurable()

Description copied from interface: ConfigurableAuthenticatorFactory

Is this authenticator configurable?

Specified by:

isConfigurable in interface ConfigurableAuthenticatorFactory

Returns:

getRequirementChoices

public AuthenticationExecutionModel.Requirement[] getRequirementChoices()

Description copied from interface: ConfigurableAuthenticatorFactory

What requirement settings are allowed.

Specified by:

getRequirementChoices in interface ConfigurableAuthenticatorFactory

Returns:

getHelpText

public String getHelpText()

Specified by:

getHelpText in interface ConfiguredProvider

getConfigProperties

public List<ProviderConfigProperty> getConfigProperties()

Specified by:

getConfigProperties in interface ConfiguredProvider

getId

public String getId()

Specified by:

getId in interface ProviderFactory<Authenticator>

getCredentialProvider

public OTPCredentialProvider getCredentialProvider(KeycloakSession session)

Specified by:

getCredentialProvider in interface CredentialValidator<OTPCredentialProvider>