Package org.keycloak.protocol

Interface LoginProtocol

All Superinterfaces:

Provider

All Known Implementing Classes:

DockerAuthV2Protocol, OIDCLoginProtocol, SamlProtocol, TokenEndpoint.TokenExchangeSamlProtocol

public interface LoginProtocol
extends Provider

Version:

$Revision: 1 $

Author:

Bill Burke

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static enum	LoginProtocol.Error

Method Summary

Modifier and Type	Method	Description
jakarta.ws.rs.core.Response	authenticated(AuthenticationSessionModel authSession, UserSessionModel userSession, ClientSessionContext clientSessionCtx)
jakarta.ws.rs.core.Response	backchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)
jakarta.ws.rs.core.Response	finishBrowserLogout(UserSessionModel userSession, AuthenticationSessionModel logoutSession)	This method is called when browser logout is going to be finished.
jakarta.ws.rs.core.Response	frontchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession)
boolean	requireReauthentication(UserSessionModel userSession, AuthenticationSessionModel authSession)
jakarta.ws.rs.core.Response	sendError(AuthenticationSessionModel authSession, LoginProtocol.Error error)
default boolean	sendPushRevocationPolicyRequest(RealmModel realm, ClientModel resource, int notBefore, String managementUrl)	Send not-before revocation policy to the given client.
LoginProtocol	setEventBuilder(EventBuilder event)
LoginProtocol	setHttpHeaders(jakarta.ws.rs.core.HttpHeaders headers)
LoginProtocol	setRealm(RealmModel realm)
LoginProtocol	setSession(KeycloakSession session)
LoginProtocol	setUriInfo(jakarta.ws.rs.core.UriInfo uriInfo)

Methods inherited from interface org.keycloak.provider.Provider

close

Method Details

setSession

LoginProtocol setSession(KeycloakSession session)

setRealm

LoginProtocol setRealm(RealmModel realm)

setUriInfo

LoginProtocol setUriInfo(jakarta.ws.rs.core.UriInfo uriInfo)

setHttpHeaders

LoginProtocol setHttpHeaders(jakarta.ws.rs.core.HttpHeaders headers)

setEventBuilder

LoginProtocol setEventBuilder(EventBuilder event)

authenticated

jakarta.ws.rs.core.Response authenticated(AuthenticationSessionModel authSession,
 UserSessionModel userSession,
 ClientSessionContext clientSessionCtx)

sendError

jakarta.ws.rs.core.Response sendError(AuthenticationSessionModel authSession,
 LoginProtocol.Error error)

backchannelLogout

jakarta.ws.rs.core.Response backchannelLogout(UserSessionModel userSession,
 AuthenticatedClientSessionModel clientSession)

frontchannelLogout

jakarta.ws.rs.core.Response frontchannelLogout(UserSessionModel userSession,
 AuthenticatedClientSessionModel clientSession)

finishBrowserLogout

jakarta.ws.rs.core.Response finishBrowserLogout(UserSessionModel userSession,
 AuthenticationSessionModel logoutSession)

This method is called when browser logout is going to be finished. It is not triggered during backchannel logout

Parameters:

userSession - user session, which was logged out

logoutSession - authentication session, which was used during logout to track the logout state

Returns:

response to be sent to the client

requireReauthentication

boolean requireReauthentication(UserSessionModel userSession,
 AuthenticationSessionModel authSession)

Parameters:

userSession -

authSession -

Returns:

true if SSO cookie authentication can't be used. User will need to "actively" reauthenticate

sendPushRevocationPolicyRequest

default boolean sendPushRevocationPolicyRequest(RealmModel realm,
 ClientModel resource,
 int notBefore,
 String managementUrl)

Send not-before revocation policy to the given client.

Parameters:

realm -

resource -

notBefore -

managementUrl -

Returns:

true if revocation policy was successfully updated at the client, false otherwise.