All Superinterfaces:
Provider
All Known Subinterfaces:
CommonLDAPGroupMapper
All Known Implementing Classes:
AbstractLDAPStorageMapper
, CertificateLDAPStorageMapper
, FullNameLDAPStorageMapper
, GroupLDAPStorageMapper
, HardcodedAttributeMapper
, HardcodedLDAPAttributeMapper
, HardcodedLDAPGroupStorageMapper
, HardcodedLDAPRoleStorageMapper
, MSADLDSUserAccountControlStorageMapper
, MSADUserAccountControlStorageMapper
, RoleLDAPStorageMapper
, UserAttributeLDAPStorageMapper
public interface LDAPStorageMapper
extends Provider
Author:
Marek Posolda
Method Summary
All Methods Instance Methods Abstract Methods
void
Called before LDAP Identity query for retrieve LDAP users was executed.
Return empty list if doesn't support storing of groups
Gets the ldap provider associated to the mapper.
Return empty list if doesn't support storing of roles
Method that returns the mandatory attributes that this mapper imposes
on the entry.
boolean
Called when LDAP authentication of specified user fails.
void
Called when importing user from LDAP to local keycloak DB.
void
Called when register new user to LDAP - just after user was created in Keycloak DB
Called when invoke proxy on LDAP federation provider
Sync data from federated storage to Keycloak.
Sync data from Keycloak back to federated storage
Methods inherited from interface org.keycloak.provider.Provider
close
Method Details
syncDataFromFederationProviderToKeycloak
Sync data from federated storage to Keycloak. It's useful just if mapper needs some data preloaded from federated storage (For example
load roles from federated provider and sync them to Keycloak database)
Applicable just if sync is supported
syncDataFromKeycloakToFederationProvider
Sync data from Keycloak back to federated storage
getGroupMembers
Return empty list if doesn't support storing of groups
getRoleMembers
Return empty list if doesn't support storing of roles
Parameters:
realm
-
role
-
firstResult
-
maxResults
-
Returns:
onImportUserFromLDAP
Called when importing user from LDAP to local keycloak DB.
Parameters:
ldapUser
-
user
-
realm
-
isCreate
- true if we importing new user from LDAP. False if user already exists in Keycloak, but we are upgrading (syncing) it from LDAP
onRegisterUserToLDAP
Called when register new user to LDAP - just after user was created in Keycloak DB
Parameters:
ldapUser
-
localUser
-
realm
-
mandatoryAttributeNames
Method that returns the mandatory attributes that this mapper imposes
on the entry.
Returns:
The list of mandatory attributes or null
proxy
Called when invoke proxy on LDAP federation provider
Parameters:
ldapUser
-
delegate
-
realm
-
Returns:
beforeLDAPQuery
Called before LDAP Identity query for retrieve LDAP users was executed. It allows to change query somehow (add returning attributes from LDAP, change conditions etc)
Parameters:
query
-
onAuthenticationFailure
Called when LDAP authentication of specified user fails. If any mapper returns true from this method, AuthenticationException won't be rethrown!
Parameters:
user
-
ldapUser
-
ldapException
-
Returns:
true if mapper processed the AuthenticationException and did some actions based on that. In that case, AuthenticationException won't be rethrown!
getLdapProvider
Gets the ldap provider associated to the mapper.
Returns: