Package org.keycloak.broker.provider
Interface IdentityProvider<C extends IdentityProviderModel>
- All Superinterfaces:
Provider
- All Known Subinterfaces:
SocialIdentityProvider<C>
- All Known Implementing Classes:
AbstractIdentityProvider,AbstractOAuth2IdentityProvider,BitbucketIdentityProvider,FacebookIdentityProvider,GitHubIdentityProvider,GitLabIdentityProvider,GoogleIdentityProvider,InstagramIdentityProvider,KeycloakOIDCIdentityProvider,LinkedInOIDCIdentityProvider,MicrosoftIdentityProvider,OIDCIdentityProvider,OpenshiftV3IdentityProvider,OpenshiftV4IdentityProvider,PayPalIdentityProvider,SAMLIdentityProvider,StackoverflowIdentityProvider,TwitterIdentityProvider
- Author:
- Pedro Igor
-
Nested Class Summary
Nested Classes -
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionvoidauthenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context) voidbackchannelLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm) callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event) JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.jakarta.ws.rs.core.Responseexport(jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm, String format) Export a representation of the IdentityProvider in a specific format.Implementation of marshaller to serialize/deserialize attached data to Strings, which can be saved in clientSessionvoidimportNewUser(KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context) default booleanChecks whether a mapper is supported for this Identity Provider.jakarta.ws.rs.core.ResponsekeycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm) Called when a Keycloak application initiates a logout through the browser.jakarta.ws.rs.core.ResponseperformLogin(AuthenticationRequest request) Initiates the authentication process by sending an authentication request to an identity provider.voidpreprocessFederatedIdentity(KeycloakSession session, RealmModel realm, BrokeredIdentityContext context) default booleanReload keys for the identity provider if permitted in it.For example OIDC or SAML providers will reload the keys from the jwks or metadata endpoint.jakarta.ws.rs.core.ResponseretrieveToken(KeycloakSession session, FederatedIdentityModel identity) Returns aResponsecontaining the token previously stored during the authentication process for a specific user.default booleanvoidupdateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context)
-
Field Details
-
EXTERNAL_IDENTITY_PROVIDER
- See Also:
-
FEDERATED_ACCESS_TOKEN
- See Also:
-
-
Method Details
-
getConfig
C getConfig() -
preprocessFederatedIdentity
void preprocessFederatedIdentity(KeycloakSession session, RealmModel realm, BrokeredIdentityContext context) -
authenticationFinished
void authenticationFinished(AuthenticationSessionModel authSession, BrokeredIdentityContext context) -
importNewUser
void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context) -
updateBrokeredUser
void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, BrokeredIdentityContext context) -
callback
Object callback(RealmModel realm, IdentityProvider.AuthenticationCallback callback, EventBuilder event) JAXRS callback endpoint for when the remote IDP wants to callback to keycloak.- Returns:
-
performLogin
Initiates the authentication process by sending an authentication request to an identity provider. This method is called only once during the authentication.
- Parameters:
request- The initial authentication request. Contains all the contextual information in order to build an authentication request to the identity provider.- Returns:
-
retrieveToken
Returns a
Responsecontaining the token previously stored during the authentication process for a specific user.- Parameters:
identity-- Returns:
-
backchannelLogout
void backchannelLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm) -
keycloakInitiatedBrowserLogout
jakarta.ws.rs.core.Response keycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm) Called when a Keycloak application initiates a logout through the browser. This is expected to do a logout with the IDP- Parameters:
userSession-uriInfo-realm-- Returns:
- null if this is not supported by this provider
-
export
jakarta.ws.rs.core.Response export(jakarta.ws.rs.core.UriInfo uriInfo, RealmModel realm, String format) Export a representation of the IdentityProvider in a specific format. For example, a SAML EntityDescriptor- Returns:
-
getMarshaller
IdentityProviderDataMarshaller getMarshaller()Implementation of marshaller to serialize/deserialize attached data to Strings, which can be saved in clientSession- Returns:
-
isMapperSupported
Checks whether a mapper is supported for this Identity Provider. -
reloadKeys
default boolean reloadKeys()Reload keys for the identity provider if permitted in it.For example OIDC or SAML providers will reload the keys from the jwks or metadata endpoint.- Returns:
- true if reloaded, false if not
-
supportsLongStateParameter
default boolean supportsLongStateParameter()- Returns:
- true if identity provider supports long value of "state" parameter (or "RelayState" parameter), which can hold relatively big amount of context data
-