Package org.keycloak.authentication.authenticators.broker

Class AbstractIdpAuthenticator

java.lang.Object

org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator

All Implemented Interfaces:

Authenticator, Provider

Direct Known Subclasses:

IdpAddOrganizationMemberAuthenticator, IdpAutoLinkAuthenticator, IdpConfirmLinkAuthenticator, IdpConfirmOverrideLinkAuthenticator, IdpCreateUserIfUniqueAuthenticator, IdpEmailVerificationAuthenticator, IdpReviewProfileAuthenticator

public abstract class AbstractIdpAuthenticator
extends Object
implements Authenticator

Author:

Marek Posolda

Field Summary

Fields

Modifier and Type	Field	Description
static final String	BROKER_REGISTERED_NEW_USER
static final String	BROKERED_CONTEXT_NOTE
static final String	ENFORCE_UPDATE_PROFILE
static final String	EXISTING_USER_INFO
static final String	FIRST_BROKER_LOGIN_SUCCESS
static final String	NESTED_FIRST_BROKER_CONTEXT
static final String	UPDATE_PROFILE_EMAIL_CHANGED

Constructor Summary

Constructors

Constructor	Description
AbstractIdpAuthenticator()

Method Summary

Modifier and Type	Method	Description
void	action(AuthenticationFlowContext context)	Called from a form action invocation.
protected abstract void	actionImpl(AuthenticationFlowContext context, SerializedBrokeredIdentityContext serializedCtx, BrokeredIdentityContext brokerContext)
void	authenticate(AuthenticationFlowContext context)	Initial call for the authenticator.
protected abstract void	authenticateImpl(AuthenticationFlowContext context, SerializedBrokeredIdentityContext serializedCtx, BrokeredIdentityContext brokerContext)
void	close()
static UserModel	getExistingUser(KeycloakSession session, RealmModel realm, AuthenticationSessionModel authSession)
protected void	sendFailureChallenge(AuthenticationFlowContext context, jakarta.ws.rs.core.Response.Status status, String eventError, String errorMessage, AuthenticationFlowError flowError)
void	setRequiredActions(KeycloakSession session, RealmModel realm, UserModel user)	Set actions to configure authenticator

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.authentication.Authenticator

areRequiredActionsEnabled, configuredFor, getRequiredActions, requiresUser

Field Details

BROKERED_CONTEXT_NOTE

public static final String BROKERED_CONTEXT_NOTE

See Also:

• Constant Field Values

EXISTING_USER_INFO

public static final String EXISTING_USER_INFO

See Also:

• Constant Field Values

UPDATE_PROFILE_EMAIL_CHANGED

public static final String UPDATE_PROFILE_EMAIL_CHANGED

See Also:

• Constant Field Values

ENFORCE_UPDATE_PROFILE

public static final String ENFORCE_UPDATE_PROFILE

See Also:

• Constant Field Values

BROKER_REGISTERED_NEW_USER

public static final String BROKER_REGISTERED_NEW_USER

See Also:

• Constant Field Values

FIRST_BROKER_LOGIN_SUCCESS

public static final String FIRST_BROKER_LOGIN_SUCCESS

See Also:

• Constant Field Values

NESTED_FIRST_BROKER_CONTEXT

public static final String NESTED_FIRST_BROKER_CONTEXT

See Also:

• Constant Field Values

Constructor Details

AbstractIdpAuthenticator

public AbstractIdpAuthenticator()

Method Details

authenticate

public void authenticate(AuthenticationFlowContext context)

Description copied from interface: Authenticator

Initial call for the authenticator. This method should check the current HTTP request to determine if the request satisfies the Authenticator's requirements. If it doesn't, it should send back a challenge response by calling the AuthenticationFlowContext.challenge(Response). If this challenge is a authentication, the action URL of the form must point to /realms/{realm}/login-actions/authenticate?code={session-code}&execution={executionId} or /realms/{realm}/login-actions/registration?code={session-code}&execution={executionId} {session-code} pertains to the code generated from AuthenticationFlowContext.generateAccessCode(). The {executionId} pertains to the AuthenticationExecutionModel.getId() value obtained from AuthenticationFlowContext.getExecution(). The action URL will invoke the action() method described below.

Specified by:

authenticate in interface Authenticator

action

public void action(AuthenticationFlowContext context)

Description copied from interface: Authenticator

Called from a form action invocation.

Specified by:

action in interface Authenticator

authenticateImpl

protected abstract void authenticateImpl(AuthenticationFlowContext context,
 SerializedBrokeredIdentityContext serializedCtx,
 BrokeredIdentityContext brokerContext)

actionImpl

protected abstract void actionImpl(AuthenticationFlowContext context,
 SerializedBrokeredIdentityContext serializedCtx,
 BrokeredIdentityContext brokerContext)

sendFailureChallenge

protected void sendFailureChallenge(AuthenticationFlowContext context,
 jakarta.ws.rs.core.Response.Status status,
 String eventError,
 String errorMessage,
 AuthenticationFlowError flowError)

setRequiredActions

public void setRequiredActions(KeycloakSession session,
 RealmModel realm,
 UserModel user)

Description copied from interface: Authenticator

Set actions to configure authenticator

Specified by:

setRequiredActions in interface Authenticator

close

public void close()

Specified by:

close in interface Provider

getExistingUser

public static UserModel getExistingUser(KeycloakSession session,
 RealmModel realm,
 AuthenticationSessionModel authSession)