Package org.keycloak.authentication.authenticators.util

Class AcrStore

java.lang.Object

org.keycloak.authentication.authenticators.util.AcrStore

public class AcrStore
extends Object

CRUD data in the authentication session, which are related to step-up authentication

Author:

Marek Posolda

Constructor Summary

Constructors

Constructor	Description
AcrStore(KeycloakSession session, AuthenticationSessionModel authSession)

Method Summary

Modifier and Type	Method	Description
static int	getCurrentLevelOfAuthentication(AuthenticatedClientSessionModel clientSession)
int	getHighestAuthenticatedLevelFromPreviousAuthentication()
int	getLevelOfAuthenticationFromCurrentAuthentication()	return level, which was either: - directly authenticated in current authentication - or was already verified that can be re-used from previous authentication
int	getRequestedLevelOfAuthentication(AuthenticationFlowModel executionModel)
boolean	isLevelAuthenticatedInPreviousAuth(int level, int maxAge)
boolean	isLevelOfAuthenticationForced()
boolean	isLevelOfAuthenticationSatisfiedFromCurrentAuthentication(AuthenticationFlowModel topFlow)
void	setLevelAuthenticated(int level)	Save authenticated level to authenticationSession (for current authentication) and loa map (for future authentications)
void	setLevelAuthenticatedToCurrentRequest(int level)	Set level to the current authentication session

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AcrStore

public AcrStore(KeycloakSession session,
 AuthenticationSessionModel authSession)

Method Details

isLevelOfAuthenticationForced

public boolean isLevelOfAuthenticationForced()

getRequestedLevelOfAuthentication

public int getRequestedLevelOfAuthentication(AuthenticationFlowModel executionModel)

isLevelOfAuthenticationSatisfiedFromCurrentAuthentication

public boolean isLevelOfAuthenticationSatisfiedFromCurrentAuthentication(AuthenticationFlowModel topFlow)

getCurrentLevelOfAuthentication

public static int getCurrentLevelOfAuthentication(AuthenticatedClientSessionModel clientSession)

isLevelAuthenticatedInPreviousAuth

public boolean isLevelAuthenticatedInPreviousAuth(int level,
 int maxAge)

Parameters:

level - level of authentication

maxAge - maxAge for which this level is considered valid

Returns:

True if the particular level was already authenticated before in this userSession and is still valid

getLevelOfAuthenticationFromCurrentAuthentication

public int getLevelOfAuthenticationFromCurrentAuthentication()

return level, which was either: - directly authenticated in current authentication - or was already verified that can be re-used from previous authentication

Returns:

see above

setLevelAuthenticated

public void setLevelAuthenticated(int level)

Save authenticated level to authenticationSession (for current authentication) and loa map (for future authentications)

Parameters:

level - level to save

setLevelAuthenticatedToCurrentRequest

public void setLevelAuthenticatedToCurrentRequest(int level)

Set level to the current authentication session

Parameters:

level - , which was authenticated by user

getHighestAuthenticatedLevelFromPreviousAuthentication

public int getHighestAuthenticatedLevelFromPreviousAuthentication()

Returns:

highest authenticated level from previous authentication, which is still valid (not yet expired)