Interface IdentityProvider<C extends IdentityProviderModel>

All Superinterfaces:
Provider
All Known Subinterfaces:
SocialIdentityProvider<C>
All Known Implementing Classes:
AbstractIdentityProvider, AbstractOAuth2IdentityProvider, BitbucketIdentityProvider, FacebookIdentityProvider, GitHubIdentityProvider, GitLabIdentityProvider, GoogleIdentityProvider, InstagramIdentityProvider, KeycloakOIDCIdentityProvider, LinkedInOIDCIdentityProvider, MicrosoftIdentityProvider, OIDCIdentityProvider, OpenshiftV3IdentityProvider, OpenshiftV4IdentityProvider, PayPalIdentityProvider, SAMLIdentityProvider, StackoverflowIdentityProvider, TwitterIdentityProvider

public interface IdentityProvider<C extends IdentityProviderModel> extends Provider
Author:
Pedro Igor
  • Field Details

  • Method Details

    • getConfig

      C getConfig()
    • preprocessFederatedIdentity

      void preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, BrokeredIdentityContext context)
    • authenticationFinished

      void authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context)
    • importNewUser

      void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context)
    • updateBrokeredUser

      void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context)
    • callback

      JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.
      Returns:
    • performLogin

      jakarta.ws.rs.core.Response performLogin(AuthenticationRequest request)

      Initiates the authentication process by sending an authentication request to an identity provider. This method is called only once during the authentication.

      Parameters:
      request - The initial authentication request. Contains all the contextual information in order to build an authentication request to the identity provider.
      Returns:
    • retrieveToken

      jakarta.ws.rs.core.Response retrieveToken(KeycloakSession session, FederatedIdentityModel identity)

      Returns a Response containing the token previously stored during the authentication process for a specific user.

      Parameters:
      identity -
      Returns:
    • backchannelLogout

      void backchannelLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm)
    • keycloakInitiatedBrowserLogout

      jakarta.ws.rs.core.Response keycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm)
      Called when a Keycloak application initiates a logout through the browser. This is expected to do a logout with the IDP
      Parameters:
      userSession -
      uriInfo -
      realm -
      Returns:
      null if this is not supported by this provider
    • export

      jakarta.ws.rs.core.Response export(jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm, String format)
      Export a representation of the IdentityProvider in a specific format. For example, a SAML EntityDescriptor
      Returns:
    • getMarshaller

      Implementation of marshaller to serialize/deserialize attached data to Strings, which can be saved in clientSession
      Returns:
    • isMapperSupported

      default boolean isMapperSupported(IdentityProviderMapper mapper)
      Checks whether a mapper is supported for this Identity Provider.
    • reloadKeys

      default boolean reloadKeys()
      Reload keys for the identity provider if permitted in it.For example OIDC or SAML providers will reload the keys from the jwks or metadata endpoint.
      Returns:
      true if reloaded, false if not
    • supportsLongStateParameter

      default boolean supportsLongStateParameter()
      Returns:
      true if identity provider supports long value of "state" parameter (or "RelayState" parameter), which can hold relatively big amount of context data