java.lang.Object
org.keycloak.authentication.authenticators.util.AcrStore

public class AcrStore extends Object
CRUD data in the authentication session, which are related to step-up authentication
Author:
Marek Posolda
  • Constructor Details

  • Method Details

    • isLevelOfAuthenticationForced

      public boolean isLevelOfAuthenticationForced()
    • getRequestedLevelOfAuthentication

      public int getRequestedLevelOfAuthentication()
    • isLevelOfAuthenticationSatisfiedFromCurrentAuthentication

      public boolean isLevelOfAuthenticationSatisfiedFromCurrentAuthentication()
    • getCurrentLevelOfAuthentication

      public static int getCurrentLevelOfAuthentication(AuthenticatedClientSessionModel clientSession)
    • isLevelAuthenticatedInPreviousAuth

      public boolean isLevelAuthenticatedInPreviousAuth(int level, int maxAge)
      Parameters:
      level - level of authentication
      maxAge - maxAge for which this level is considered valid
      Returns:
      True if the particular level was already authenticated before in this userSession and is still valid
    • getLevelOfAuthenticationFromCurrentAuthentication

      public int getLevelOfAuthenticationFromCurrentAuthentication()
      return level, which was either: - directly authenticated in current authentication - or was already verified that can be re-used from previous authentication
      Returns:
      see above
    • setLevelAuthenticated

      public void setLevelAuthenticated(int level)
      Save authenticated level to authenticationSession (for current authentication) and loa map (for future authentications)
      Parameters:
      level - level to save
    • setLevelAuthenticatedToCurrentRequest

      public void setLevelAuthenticatedToCurrentRequest(int level)
      Set level to the current authentication session
      Parameters:
      level - , which was authenticated by user
    • getHighestAuthenticatedLevelFromPreviousAuthentication

      public int getHighestAuthenticatedLevelFromPreviousAuthentication()
      Returns:
      highest authenticated level from previous authentication, which is still valid (not yet expired)