Package org.keycloak.authentication
Interface Authenticator
- All Superinterfaces:
Provider
- All Known Subinterfaces:
AuthenticationFlowCallback
,ConditionalAuthenticator
- All Known Implementing Classes:
AbstractDirectGrantAuthenticator
,AbstractFormAuthenticator
,AbstractIdpAuthenticator
,AbstractSetRequiredActionAuthenticator
,AbstractUsernameFormAuthenticator
,AbstractX509ClientCertificateAuthenticator
,AbstractX509ClientCertificateDirectGrantAuthenticator
,AllowAccessAuthenticator
,AttemptedAuthenticator
,ConditionalLoaAuthenticator
,ConditionalOtpFormAuthenticator
,ConditionalRoleAuthenticator
,ConditionalUserAttributeValue
,ConditionalUserConfiguredAuthenticator
,CookieAuthenticator
,DenyAccessAuthenticator
,DockerAuthenticator
,HttpBasicAuthenticator
,IdentityProviderAuthenticator
,IdpAutoLinkAuthenticator
,IdpConfirmLinkAuthenticator
,IdpCreateUserIfUniqueAuthenticator
,IdpDetectExistingBrokerUserAuthenticator
,IdpEmailVerificationAuthenticator
,IdpReviewProfileAuthenticator
,IdpUsernamePasswordForm
,OTPFormAuthenticator
,PasswordForm
,RecoveryAuthnCodesFormAuthenticator
,ResetCredentialChooseUser
,ResetCredentialEmail
,ResetOTP
,ResetPassword
,ScriptBasedAuthenticator
,SpnegoAuthenticator
,UsernameForm
,UsernamePasswordForm
,UserSessionLimitsAuthenticator
,ValidateOTP
,ValidatePassword
,ValidateUsername
,ValidateX509CertificateUsername
,WebAuthnAuthenticator
,WebAuthnPasswordlessAuthenticator
,X509ClientCertificateAuthenticator
This interface is for users that want to add custom authenticators to an authentication flow.
You must implement this interface as well as an AuthenticatorFactory.
- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
Method Summary
Modifier and TypeMethodDescriptionvoid
action
(AuthenticationFlowContext context) Called from a form action invocation.default boolean
areRequiredActionsEnabled
(KeycloakSession session, RealmModel realm) Checks if all required actions are configured in the realm and are enabledvoid
authenticate
(AuthenticationFlowContext context) Initial call for the authenticator.boolean
configuredFor
(KeycloakSession session, RealmModel realm, UserModel user) Is this authenticator configured for this user.default List<RequiredActionFactory>
getRequiredActions
(KeycloakSession session) Overwrite this if the authenticator is associated withboolean
Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?void
setRequiredActions
(KeycloakSession session, RealmModel realm, UserModel user) Set actions to configure authenticator
-
Method Details
-
authenticate
Initial call for the authenticator. This method should check the current HTTP request to determine if the request satifies the Authenticator's requirements. If it doesn't, it should send back a challenge response by calling the AuthenticationFlowContext.challenge(Response). If this challenge is a authentication, the action URL of the form must point to /realms/{realm}/login-actions/authenticate?code={session-code}&execution={executionId} or /realms/{realm}/login-actions/registration?code={session-code}&execution={executionId} {session-code} pertains to the code generated from AuthenticationFlowContext.generateAccessCode(). The {executionId} pertains to the AuthenticationExecutionModel.getId() value obtained from AuthenticationFlowContext.getExecution(). The action URL will invoke the action() method described below.- Parameters:
context
-
-
action
Called from a form action invocation.- Parameters:
context
-
-
requiresUser
boolean requiresUser()Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?- Returns:
-
configuredFor
Is this authenticator configured for this user.- Parameters:
session
-realm
-user
-- Returns:
-
setRequiredActions
Set actions to configure authenticator -
getRequiredActions
Overwrite this if the authenticator is associated with- Returns:
-
areRequiredActionsEnabled
Checks if all required actions are configured in the realm and are enabled- Returns:
-