Class OTPFormAuthenticator
java.lang.Object
org.keycloak.authentication.AbstractFormAuthenticator
org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator
org.keycloak.authentication.authenticators.browser.OTPFormAuthenticator
- All Implemented Interfaces:
Authenticator
,CredentialValidator<OTPCredentialProvider>
,Provider
- Direct Known Subclasses:
ConditionalOtpFormAuthenticator
public class OTPFormAuthenticator
extends AbstractUsernameFormAuthenticator
implements Authenticator, CredentialValidator<OTPCredentialProvider>
- Version:
- $Revision: 1 $
- Author:
- Bill Burke
-
Field Summary
Fields inherited from class org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator
ATTEMPTED_USERNAME, REGISTRATION_FORM_ACTION, SESSION_INVALID, USER_SET_BEFORE_USERNAME_PASSWORD_AUTH
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
action
(AuthenticationFlowContext context) Called from a form action invocation.void
authenticate
(AuthenticationFlowContext context) Initial call for the authenticator.void
close()
boolean
configuredFor
(KeycloakSession session, RealmModel realm, UserModel user) Is this authenticator configured for this user.protected jakarta.ws.rs.core.Response
protected String
protected String
getCredentialProvider
(KeycloakSession session) getRequiredActions
(KeycloakSession session) Overwrite this if the authenticator is associated withboolean
Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?void
setRequiredActions
(KeycloakSession session, RealmModel realm, UserModel user) Set actions to configure authenticatorvoid
validateOTP
(AuthenticationFlowContext context) Methods inherited from class org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator
challenge, challenge, dummyHash, enabledUser, getDefaultChallengeMessage, isDisabledByBruteForce, isUserAlreadySetBeforeUsernamePasswordAuth, runDefaultDummyHash, setDuplicateUserChallenge, testInvalidUser, validatePassword, validateUser, validateUserAndPassword
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.keycloak.authentication.Authenticator
areRequiredActionsEnabled
Methods inherited from interface org.keycloak.authentication.CredentialValidator
getCredentials, getType
-
Field Details
-
SELECTED_OTP_CREDENTIAL_ID
- See Also:
-
UNNAMED
- See Also:
-
-
Constructor Details
-
OTPFormAuthenticator
public OTPFormAuthenticator()
-
-
Method Details
-
action
Description copied from interface:Authenticator
Called from a form action invocation.- Specified by:
action
in interfaceAuthenticator
- Overrides:
action
in classAbstractUsernameFormAuthenticator
-
authenticate
Description copied from interface:Authenticator
Initial call for the authenticator. This method should check the current HTTP request to determine if the request satifies the Authenticator's requirements. If it doesn't, it should send back a challenge response by calling the AuthenticationFlowContext.challenge(Response). If this challenge is a authentication, the action URL of the form must point to /realms/{realm}/login-actions/authenticate?code={session-code}&execution={executionId} or /realms/{realm}/login-actions/registration?code={session-code}&execution={executionId} {session-code} pertains to the code generated from AuthenticationFlowContext.generateAccessCode(). The {executionId} pertains to the AuthenticationExecutionModel.getId() value obtained from AuthenticationFlowContext.getExecution(). The action URL will invoke the action() method described below.- Specified by:
authenticate
in interfaceAuthenticator
-
validateOTP
-
requiresUser
public boolean requiresUser()Description copied from interface:Authenticator
Does this authenticator require that the user has already been identified? That AuthenticatorContext.getUser() is not null?- Specified by:
requiresUser
in interfaceAuthenticator
- Returns:
-
disabledByBruteForceError
- Overrides:
disabledByBruteForceError
in classAbstractUsernameFormAuthenticator
-
disabledByBruteForceFieldError
- Overrides:
disabledByBruteForceFieldError
in classAbstractUsernameFormAuthenticator
-
createLoginForm
- Overrides:
createLoginForm
in classAbstractUsernameFormAuthenticator
-
configuredFor
Description copied from interface:Authenticator
Is this authenticator configured for this user.- Specified by:
configuredFor
in interfaceAuthenticator
- Returns:
-
setRequiredActions
Description copied from interface:Authenticator
Set actions to configure authenticator- Specified by:
setRequiredActions
in interfaceAuthenticator
-
getRequiredActions
Description copied from interface:Authenticator
Overwrite this if the authenticator is associated with- Specified by:
getRequiredActions
in interfaceAuthenticator
- Returns:
-
close
public void close()- Specified by:
close
in interfaceProvider
- Overrides:
close
in classAbstractFormAuthenticator
-
getCredentialProvider
- Specified by:
getCredentialProvider
in interfaceCredentialValidator<OTPCredentialProvider>
-